* [PATCH 4.19 000/425] 4.19.191-rc1 review
@ 2021-05-20 9:16 Greg Kroah-Hartman
2021-05-20 9:16 ` [PATCH 4.19 001/425] s390/disassembler: increase ebpf disasm buffer size Greg Kroah-Hartman
` (431 more replies)
0 siblings, 432 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:16 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, torvalds, akpm, linux, shuah, patches,
lkft-triage, pavel, jonathanh, f.fainelli, stable
This is the start of the stable review cycle for the 4.19.191 release.
There are 425 patches in this series, all will be posted as a response
to this one. If anyone has any issues with these being applied, please
let me know.
Responses should be made by Sat, 22 May 2021 09:20:38 +0000.
Anything received after that time might be too late.
The whole patch series can be found in one patch at:
https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.19.191-rc1.gz
or in the git tree and branch at:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.19.y
and the diffstat can be found below.
thanks,
greg k-h
-------------
Pseudo-Shortlog of commits:
Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Linux 4.19.191-rc1
Andy Shevchenko <andriy.shevchenko@linux.intel.com>
scripts: switch explicitly to Python 3
Finn Behrens <me@kloenk.de>
tweewide: Fix most Shebang lines
Alexandru Elisei <alexandru.elisei@arm.com>
KVM: arm64: Initialize VCPU mdcr_el2 before loading it
Christoph Hellwig <hch@lst.de>
iomap: fix sub-page uptodate handling
Eric Dumazet <edumazet@google.com>
ipv6: remove extra dev_hold() for fallback tunnels
Eric Dumazet <edumazet@google.com>
ip6_tunnel: sit: proper dev_{hold|put} in ndo_[un]init methods
Eric Dumazet <edumazet@google.com>
sit: proper dev_{hold|put} in ndo_[un]init methods
Eric Dumazet <edumazet@google.com>
ip6_gre: proper dev_{hold|put} in ndo_[un]init methods
Yannick Vignon <yannick.vignon@nxp.com>
net: stmmac: Do not enable RX FIFO overflow interrupts
Zqiang <qiang.zhang@windriver.com>
lib: stackdepot: turn depot_lock spinlock to raw_spinlock
yangerkun <yangerkun@huawei.com>
block: reexpand iov_iter after read/write
Hui Wang <hui.wang@canonical.com>
ALSA: hda: generic: change the DAC ctl name for LO+SPK or LO+HP
Hans de Goede <hdegoede@redhat.com>
gpiolib: acpi: Add quirk to ignore EC wakeups on Dell Venue 10 Pro 5055
Bodo Stroesser <bostroesser@gmail.com>
scsi: target: tcmu: Return from tcmu_handle_completions() if cmd_id not found
Jeff Layton <jlayton@kernel.org>
ceph: fix fscache invalidation
Nathan Chancellor <nathan@kernel.org>
riscv: Workaround mcount name prior to clang-13
Nathan Chancellor <nathan@kernel.org>
scripts/recordmcount.pl: Fix RISC-V regex for clang
Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
ARM: 9075/1: kernel: Fix interrupted SMC calls
Johannes Berg <johannes.berg@intel.com>
um: Mark all kernel symbols as local
Hans de Goede <hdegoede@redhat.com>
Input: silead - add workaround for x86 BIOS-es which bring the chip up in a stuck state
Hans de Goede <hdegoede@redhat.com>
Input: elants_i2c - do not bind to i2c-hid compatible ACPI instantiated devices
Feilong Lin <linfeilong@huawei.com>
ACPI / hotplug / PCI: Fix reference count leak in enable_slot()
louis.wang <liang26812@gmail.com>
ARM: 9066/1: ftrace: pause/unpause function graph tracer in cpu_suspend()
Arnd Bergmann <arnd@arndb.de>
PCI: thunder: Fix compile testing
Ard Biesheuvel <ardb@kernel.org>
ARM: 9058/1: cache-v7: refactor v7_invalidate_l1 to avoid clobbering r5/r6
Magnus Karlsson <magnus.karlsson@intel.com>
xsk: Simplify detection of empty and full rings
Josh Poimboeuf <jpoimboe@redhat.com>
pinctrl: ingenic: Improve unreachable code generation
Arnd Bergmann <arnd@arndb.de>
isdn: capi: fix mismatched prototypes
Kaixu Xia <kaixuxia@tencent.com>
cxgb4: Fix the -Wmisleading-indentation warning
Arnd Bergmann <arnd@arndb.de>
usb: sl811-hcd: improve misleading indentation
Arnd Bergmann <arnd@arndb.de>
kgdb: fix gcc-11 warning on indentation
Arnd Bergmann <arnd@arndb.de>
x86/msr: Fix wr/rdmsr_safe_regs_on_cpu() prototypes
Christoph Hellwig <hch@lst.de>
nvme: do not try to reconfigure APST when the controller is not live
Paweł Chmiel <pawel.mikolaj.chmiel@gmail.com>
clk: exynos7: Mark aclk_fsys1_200 as critical
Jonathon Reinhart <jonathon.reinhart@gmail.com>
netfilter: conntrack: Make global sysctls readonly in non-init netns
Greg Kroah-Hartman <gregkh@linuxfoundation.org>
kobject_uevent: remove warning in init_uevent_argv()
Lukasz Luba <lukasz.luba@arm.com>
thermal/core/fair share: Lock the thermal zone while looping over instances
Maciej W. Rozycki <macro@orcam.me.uk>
MIPS: Avoid handcoded DIVU in `__div64_32' altogether
Maciej W. Rozycki <macro@orcam.me.uk>
MIPS: Avoid DIVU in `__div64_32' is result would be zero
Maciej W. Rozycki <macro@orcam.me.uk>
MIPS: Reinstate platform `__div64_32' handler
Maciej W. Rozycki <macro@orcam.me.uk>
FDDI: defxx: Make MMIO the configuration default except for EISA
Thomas Gleixner <tglx@linutronix.de>
KVM: x86: Cancel pvclock_gtod_work on module removal
Oliver Neukum <oneukum@suse.com>
cdc-wdm: untangle a circular dependency between callback and softint
Colin Ian King <colin.king@canonical.com>
iio: tsl2583: Fix division by a zero lux_val
Dmitry Osipenko <digetx@gmail.com>
iio: gyro: mpu3050: Fix reported temperature value
Sandeep Singh <sandeep.singh@amd.com>
xhci: Add reset resume quirk for AMD xhci controller.
Christophe JAILLET <christophe.jaillet@wanadoo.fr>
xhci: Do not use GFP_KERNEL in (potentially) atomic context
Wesley Cheng <wcheng@codeaurora.org>
usb: dwc3: gadget: Return success always for kick transfer in ep queue
Chunfeng Yun <chunfeng.yun@mediatek.com>
usb: core: hub: fix race condition about TRSMRCY of resume
Phil Elwell <phil@raspberrypi.com>
usb: dwc2: Fix gadget DMA unmap direction
Maximilian Luz <luzmaximilian@gmail.com>
usb: xhci: Increase timeout for HC halt
Ferry Toth <ftoth@exalondelft.nl>
usb: dwc3: pci: Enable usb2-gadget-lpm-disable for Intel Merrifield
Marcel Hamer <marcel@solidxs.se>
usb: dwc3: omap: improve extcon initialization
Bart Van Assche <bvanassche@acm.org>
blk-mq: Swap two calls in blk_mq_exit_queue()
Christophe JAILLET <christophe.jaillet@wanadoo.fr>
ACPI: scan: Fix a memory leak in an error handling path
Christophe JAILLET <christophe.jaillet@wanadoo.fr>
usb: fotg210-hcd: Fix an error message
Dinghao Liu <dinghao.liu@zju.edu.cn>
iio: proximity: pulsedlight: Fix rumtime PM imbalance on error
Kai-Heng Feng <kai.heng.feng@canonical.com>
drm/radeon/dpm: Disable sclk switching on Oland when two 4K 60Hz monitors are connected
Axel Rasmussen <axelrasmussen@google.com>
userfaultfd: release page in error path to avoid BUG_ON
Phillip Lougher <phillip@squashfs.org.uk>
squashfs: fix divide error in calculate_skip()
Jouni Roivas <jouni.roivas@tuxera.com>
hfsplus: prevent corruption in shrinking truncate
Michael Ellerman <mpe@ellerman.id.au>
powerpc/64s: Fix crashes when toggling entry flush barrier
Michael Ellerman <mpe@ellerman.id.au>
powerpc/64s: Fix crashes when toggling stf barrier
Vineet Gupta <vgupta@synopsys.com>
ARC: entry: fix off-by-one error in syscall number validation
Yunjian Wang <wangyunjian@huawei.com>
i40e: Fix use-after-free in i40e_client_subtask()
Eric Dumazet <edumazet@google.com>
netfilter: nftables: avoid overflows in nft_hash_buckets()
Jia-Ju Bai <baijiaju1990@gmail.com>
kernel: kexec_file: fix error return code of kexec_calculate_store_digests()
Odin Ugedal <odin@uged.al>
sched/fair: Fix unfairness caused by missing load decay
Pablo Neira Ayuso <pablo@netfilter.org>
netfilter: nfnetlink_osf: Fix a missing skb_header_pointer() NULL check
Cong Wang <cong.wang@bytedance.com>
smc: disallow TCP_ULP in smc_setsockopt()
Maciej Żenczykowski <maze@google.com>
net: fix nla_strcmp to handle more then one trailing null character
Miaohe Lin <linmiaohe@huawei.com>
ksm: fix potential missing rmap_item for stable_node
Miaohe Lin <linmiaohe@huawei.com>
mm/hugeltb: handle the error case in hugetlb_fix_reserve_counts()
Miaohe Lin <linmiaohe@huawei.com>
khugepaged: fix wrong result value for trace_mm_collapse_huge_page_isolate()
Kees Cook <keescook@chromium.org>
drm/radeon: Avoid power table parsing memory leaks
Kees Cook <keescook@chromium.org>
drm/radeon: Fix off-by-one power_state index heap overwrite
Pablo Neira Ayuso <pablo@netfilter.org>
netfilter: xt_SECMARK: add new revision to fix structure layout
Xin Long <lucien.xin@gmail.com>
sctp: fix a SCTP_MIB_CURRESTAB leak in sctp_sf_do_dupcook_b
Lv Yunlong <lyl2019@mail.ustc.edu.cn>
ethernet:enic: Fix a use after free bug in enic_hard_start_xmit
Xin Long <lucien.xin@gmail.com>
sctp: do asoc update earlier in sctp_sf_do_dupcook_a
Yufeng Mo <moyufeng@huawei.com>
net: hns3: disable phy loopback setting in hclge_mac_start_phy
Nobuhiro Iwamatsu <nobuhiro1.iwamatsu@toshiba.co.jp>
rtc: ds1307: Fix wday settings for rx8130
Olga Kornievskaia <kolga@netapp.com>
NFSv4.2 fix handling of sr_eof in SEEK's reply
Nikola Livic <nlivic@gmail.com>
pNFS/flexfiles: fix incorrect size check in decode_nfs_fh()
Yang Yingliang <yangyingliang@huawei.com>
PCI: endpoint: Fix missing destroy_workqueue()
Trond Myklebust <trond.myklebust@hammerspace.com>
NFS: Deal correctly with attribute generation counter overflow
Trond Myklebust <trond.myklebust@hammerspace.com>
NFSv4.2: Always flush out writes in nfs42_proc_fallocate()
Jia-Ju Bai <baijiaju1990@gmail.com>
rpmsg: qcom_glink_native: fix error return code of qcom_glink_rx_data()
Zhen Lei <thunder.leizhen@huawei.com>
ARM: 9064/1: hw_breakpoint: Do not directly check the event's overflow_handler hook
Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
PCI: Release OF node in pci_scan_device()'s error path
Pali Rohár <pali@kernel.org>
PCI: iproc: Fix return value of iproc_msi_irq_domain_alloc()
Colin Ian King <colin.king@canonical.com>
f2fs: fix a redundant call to f2fs_balance_fs if an error occurs
David Ward <david.ward@gatech.edu>
ASoC: rt286: Make RT286_SET_GPIO_* readable and writable
Sergei Trofimovich <slyfox@gentoo.org>
ia64: module: fix symbolizer crash on fdescr
Felix Fietkau <nbd@nbd.name>
net: ethernet: mtk_eth_soc: fix RX VLAN offload
Alexey Kardashevskiy <aik@ozlabs.ru>
powerpc/iommu: Annotate nested lock for lockdep
Gustavo A. R. Silva <gustavoars@kernel.org>
wl3501_cs: Fix out-of-bounds warnings in wl3501_mgmt_join
Gustavo A. R. Silva <gustavoars@kernel.org>
wl3501_cs: Fix out-of-bounds warnings in wl3501_send_pkt
Michael Ellerman <mpe@ellerman.id.au>
powerpc/pseries: Stop calling printk in rtas_stop_self()
Yaqi Chen <chendotjs@gmail.com>
samples/bpf: Fix broken tracex1 due to kprobe argument change
Gustavo A. R. Silva <gustavoars@kernel.org>
ethtool: ioctl: Fix out-of-bounds warning in store_link_ksettings_for_user()
David Ward <david.ward@gatech.edu>
ASoC: rt286: Generalize support for ALC3263 codec
Srikar Dronamraju <srikar@linux.vnet.ibm.com>
powerpc/smp: Set numa node before updating mask
Gustavo A. R. Silva <gustavoars@kernel.org>
sctp: Fix out-of-bounds warning in sctp_process_asconf_param()
Mihai Moldovan <ionic@ionic.de>
kconfig: nconf: stop endless search loops
Yonghong Song <yhs@fb.com>
selftests: Set CC to clang in lib.mk if LLVM is set
Miklos Szeredi <mszeredi@redhat.com>
cuse: prevent clone
Krzysztof Kozlowski <krzysztof.kozlowski@canonical.com>
pinctrl: samsung: use 'int' for register masks in Exynos
Emmanuel Grumbach <emmanuel.grumbach@intel.com>
mac80211: clear the beacon's CRC after channel switch
Bence Csókás <bence98@sch.bme.hu>
i2c: Add I2C_AQ_NO_REP_START adapter quirk
Hans de Goede <hdegoede@redhat.com>
ASoC: Intel: bytcr_rt5640: Add quirk for the Chuwi Hi8 tablet
Eric Dumazet <edumazet@google.com>
ip6_vti: proper dev_{hold|put} in ndo_[un]init methods
Archie Pusaka <apusaka@chromium.org>
Bluetooth: check for zapped sk before connecting
Nikolay Aleksandrov <nikolay@nvidia.com>
net: bridge: when suppression is enabled exclude RARP packets
Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Bluetooth: initialize skb_queue_head at l2cap_chan_create()
Archie Pusaka <apusaka@chromium.org>
Bluetooth: Set CONF_NOT_COMPLETE as l2cap_chan default
Tong Zhang <ztong0001@gmail.com>
ALSA: rme9652: don't disable if not enabled
Tong Zhang <ztong0001@gmail.com>
ALSA: hdspm: don't disable if not enabled
Tong Zhang <ztong0001@gmail.com>
ALSA: hdsp: don't disable if not enabled
Wolfram Sang <wsa+renesas@sang-engineering.com>
i2c: bail out early when RDWR parameters are wrong
Jonathan McDowell <noodles@earth.li>
net: stmmac: Set FIFO sizes for ipq806x
Hans de Goede <hdegoede@redhat.com>
ASoC: Intel: bytcr_rt5640: Enable jack-detect support on Asus T100TAF
Hoang Le <hoang.h.le@dektech.com.au>
tipc: convert dest node's address to network order
Alexander Aring <aahringo@redhat.com>
fs: dlm: fix debugfs dump
Zhen Lei <thunder.leizhen@huawei.com>
tpm: fix error return code in tpm2_get_cc_attrs_tbl()
Quentin Perret <qperret@google.com>
Revert "fdt: Properly handle "no-map" field in the memory region"
Quentin Perret <qperret@google.com>
Revert "of/fdt: Make sure no-map does not remove already reserved regions"
Xin Long <lucien.xin@gmail.com>
sctp: delay auto_asconf init until binding the first addr
Xin Long <lucien.xin@gmail.com>
Revert "net/sctp: fix race condition in sctp_destroy_sock"
Arnd Bergmann <arnd@arndb.de>
smp: Fix smp_call_function_single_async prototype
Jonathon Reinhart <jonathon.reinhart@gmail.com>
net: Only allow init netns to set default tcp cong to a restricted algo
Jane Chu <jane.chu@oracle.com>
mm/memory-failure: unnecessary amount of unmapping
Wang Wensheng <wangwensheng4@huawei.com>
mm/sparse: add the missing sparse_buffer_fini() in error branch
Dan Carpenter <dan.carpenter@oracle.com>
kfifo: fix ternary sign extension bugs
Lv Yunlong <lyl2019@mail.ustc.edu.cn>
net:nfc:digital: Fix a double free in digital_tg_recv_dep_req
Lv Yunlong <lyl2019@mail.ustc.edu.cn>
RDMA/bnxt_re: Fix a double free in bnxt_qplib_alloc_res
Lv Yunlong <lyl2019@mail.ustc.edu.cn>
net:emac/emac-mac: Fix a use after free in emac_mac_tx_buf_send
Phillip Potter <phil@philpotter.co.uk>
net: geneve: modify IP header check in geneve6_xmit_skb and geneve_xmit_skb
Kunihiko Hayashi <hayashi.kunihiko@socionext.com>
arm64: dts: uniphier: Change phy-mode to RGMII-ID to enable delay pins for RTL8211E
Kunihiko Hayashi <hayashi.kunihiko@socionext.com>
ARM: dts: uniphier: Change phy-mode to RGMII-ID to enable delay pins for RTL8211E
Dan Carpenter <dan.carpenter@oracle.com>
bnxt_en: fix ternary sign extension bug in bnxt_show_temp()
Christophe Leroy <christophe.leroy@csgroup.eu>
powerpc/52xx: Fix an invalid ASM expression ('addi' used instead of 'add')
Shuah Khan <skhan@linuxfoundation.org>
ath10k: Fix ath10k_wmi_tlv_op_pull_peer_stats_info() unlock without lock
Toke Høiland-Jørgensen <toke@redhat.com>
ath9k: Fix error check in ath9k_hw_read_revisions() for PCI devices
Colin Ian King <colin.king@canonical.com>
net: davinci_emac: Fix incorrect masking of tx and rx error channel
Colin Ian King <colin.king@canonical.com>
ALSA: usb: midi: don't return -ENOMEM when usb_urb_ep_type_check fails
Sindhu Devale <sindhu.devale@intel.com>
RDMA/i40iw: Fix error unwinding when i40iw_hmc_sd_one fails
Stefano Garzarella <sgarzare@redhat.com>
vsock/vmci: log once the failed queue pair allocation
Lv Yunlong <lyl2019@mail.ustc.edu.cn>
mwl8k: Fix a double Free in mwl8k_probe_hw
Sergey Shtylyov <s.shtylyov@omprussia.ru>
i2c: sh7760: fix IRQ error path
Ping-Ke Shih <pkshih@realtek.com>
rtlwifi: 8821ae: upgrade PHY and RF parameters
Tyrel Datwyler <tyreld@linux.ibm.com>
powerpc/pseries: extract host bridge from pci_bus prior to bus removal
Ilya Lipnitskiy <ilya.lipnitskiy@gmail.com>
MIPS: pci-legacy: stop using of_pci_range_to_resource
Dan Carpenter <dan.carpenter@oracle.com>
drm/i915/gvt: Fix error code in intel_gvt_init_device()
Shengjiu Wang <shengjiu.wang@nxp.com>
ASoC: ak5558: correct reset polarity
Sergey Shtylyov <s.shtylyov@omprussia.ru>
i2c: sh7760: add IRQ check
Sergey Shtylyov <s.shtylyov@omprussia.ru>
i2c: jz4780: add IRQ check
Sergey Shtylyov <s.shtylyov@omprussia.ru>
i2c: emev2: add IRQ check
Sergey Shtylyov <s.shtylyov@omprussia.ru>
i2c: cadence: add IRQ check
Wang Wensheng <wangwensheng4@huawei.com>
RDMA/srpt: Fix error return code in srpt_cm_req_recv()
Colin Ian King <colin.king@canonical.com>
net: thunderx: Fix unintentional sign extension issue
Wang Wensheng <wangwensheng4@huawei.com>
IB/hfi1: Fix error return code in parse_platform_config()
Colin Ian King <colin.king@canonical.com>
mt7601u: fix always true expression
Johannes Berg <johannes.berg@intel.com>
mac80211: bail out if cipher schemes are invalid
Randy Dunlap <rdunlap@infradead.org>
powerpc: iommu: fix build when neither PCI or IBMVIO is set
Athira Rajeev <atrajeev@linux.vnet.ibm.com>
powerpc/perf: Fix PMU constraint check for EBB events
Jordan Niethe <jniethe5@gmail.com>
powerpc/64s: Fix pte update for kernel memory on radix
Colin Ian King <colin.king@canonical.com>
liquidio: Fix unintented sign extension of a left shift of a u16
Takashi Iwai <tiwai@suse.de>
ALSA: usb-audio: Add error checks for usb_driver_claim_interface() calls
Salil Mehta <salil.mehta@huawei.com>
net: hns3: Limiting the scope of vector_ring_chain variable
Dan Carpenter <dan.carpenter@oracle.com>
nfc: pn533: prevent potential memory corruption
Andrew Scull <ascull@google.com>
bug: Remove redundant condition check in report_bug
Jia Zhou <zhou.jia2@zte.com.cn>
ALSA: core: remove redundant spin_lock pair in snd_card_disconnect
Chen Huang <chenhuang5@huawei.com>
powerpc: Fix HAVE_HARDLOCKUP_DETECTOR_ARCH build configuration
Nathan Chancellor <nathan@kernel.org>
powerpc/prom: Mark identical_pvr_fixup as __init
Xie He <xie.he.0141@gmail.com>
net: lapbether: Prevent racing when checking whether the netif is running
Arnaldo Carvalho de Melo <acme@redhat.com>
perf symbols: Fix dso__fprintf_symbols_by_name() to return the number of printed chars
Maxim Mikityanskiy <maxtram95@gmail.com>
HID: plantronics: Workaround for double volume key presses
Lv Yunlong <lyl2019@mail.ustc.edu.cn>
drivers/block/null_blk/main: Fix a double free in null_init.
Waiman Long <longman@redhat.com>
sched/debug: Fix cgroup_path[] serialization
Nathan Chancellor <nathan@kernel.org>
x86/events/amd/iommu: Fix sysfs type mismatch
Dan Carpenter <dan.carpenter@oracle.com>
HSI: core: fix resource leaks in hsi_add_client_from_dt()
Fabrice Gasnier <fabrice.gasnier@foss.st.com>
mfd: stm32-timers: Avoid clearing auto reload register
Brian King <brking@linux.vnet.ibm.com>
scsi: ibmvfc: Fix invalid state machine BUG_ON()
Sergey Shtylyov <s.shtylyov@omprussia.ru>
scsi: sni_53c710: Add IRQ check
Sergey Shtylyov <s.shtylyov@omprussia.ru>
scsi: sun3x_esp: Add IRQ check
Sergey Shtylyov <s.shtylyov@omprussia.ru>
scsi: jazz_esp: Add IRQ check
Colin Ian King <colin.king@canonical.com>
clk: uniphier: Fix potential infinite loop
Chen Hui <clare.chenhui@huawei.com>
clk: qcom: a53-pll: Add missing MODULE_DEVICE_TABLE
Jason Gunthorpe <jgg@nvidia.com>
vfio/mdev: Do not allow a mdev_type to have a NULL parent pointer
Hannes Reinecke <hare@suse.de>
nvme: retrigger ANA log update if group descriptor isn't found
Sergey Shtylyov <s.shtylyov@omprussia.ru>
ata: libahci_platform: fix IRQ check
Sergey Shtylyov <s.shtylyov@omprussia.ru>
sata_mv: add IRQ checks
Sergey Shtylyov <s.shtylyov@omprussia.ru>
pata_ipx4xx_cf: fix IRQ check
Sergey Shtylyov <s.shtylyov@omprussia.ru>
pata_arasan_cf: fix IRQ check
Masami Hiramatsu <mhiramat@kernel.org>
x86/kprobes: Fix to check non boostable prefixes correctly
Felix Kuehling <Felix.Kuehling@amd.com>
drm/amdkfd: fix build error with AMD_IOMMU_V2=m
Colin Ian King <colin.king@canonical.com>
media: m88rs6000t: avoid potential out-of-bounds reads on arrays
Yang Yingliang <yangyingliang@huawei.com>
media: omap4iss: return error code when omap4iss_get() failed
Colin Ian King <colin.king@canonical.com>
media: vivid: fix assignment of dev->fbuf_out_flags
Dan Carpenter <dan.carpenter@oracle.com>
soc: aspeed: fix a ternary sign expansion bug
Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp>
ttyprintk: Add TTY hangup callback.
Artur Petrosyan <Arthur.Petrosyan@synopsys.com>
usb: dwc2: Fix hibernation between host and device modes.
Artur Petrosyan <Arthur.Petrosyan@synopsys.com>
usb: dwc2: Fix host mode hibernation exit with remote wakeup flow.
Michael Kelley <mikelley@microsoft.com>
Drivers: hv: vmbus: Increase wait time for VMbus unload
Ingo Molnar <mingo@kernel.org>
x86/platform/uv: Fix !KEXEC build failure
Steffen Dirkwinkel <s.dirkwinkel@beckhoff.com>
platform/x86: pmc_atom: Match all Beckhoff Automation baytrail boards with critclk_systems DMI table
Ye Bin <yebin10@huawei.com>
usbip: vudc: fix missing unlock on error in usbip_sockfd_store()
He Ying <heying24@huawei.com>
firmware: qcom-scm: Fix QCOM_SCM configuration
Johan Hovold <johan@kernel.org>
tty: fix return value for unsupported ioctls
Johan Hovold <johan@kernel.org>
tty: actually undefine superseded ASYNC flags
Johan Hovold <johan@kernel.org>
USB: cdc-acm: fix unprivileged TIOCCSERIAL
Colin Ian King <colin.king@canonical.com>
usb: gadget: r8a66597: Add missing null check on return from platform_get_resource
Pali Rohár <pali@kernel.org>
cpufreq: armada-37xx: Fix determining base CPU frequency
Pali Rohár <pali@kernel.org>
cpufreq: armada-37xx: Fix driver cleanup when registration failed
Pali Rohár <pali@kernel.org>
clk: mvebu: armada-37xx-periph: Fix workaround for switching from L1 to L0
Pali Rohár <pali@kernel.org>
clk: mvebu: armada-37xx-periph: Fix switching CPU freq from 250 Mhz to 1 GHz
Pali Rohár <pali@kernel.org>
cpufreq: armada-37xx: Fix the AVS value for load L1
Marek Behún <kabel@kernel.org>
clk: mvebu: armada-37xx-periph: remove .set_parent method for CPU PM clock
Marek Behún <kabel@kernel.org>
cpufreq: armada-37xx: Fix setting TBG parent for load levels
Lv Yunlong <lyl2019@mail.ustc.edu.cn>
crypto: qat - Fix a double free in adf_create_ring
Nathan Chancellor <nathan@kernel.org>
ACPI: CPPC: Replace cppc_attr with kobj_attribute
Bjorn Andersson <bjorn.andersson@linaro.org>
soc: qcom: mdt_loader: Detect truncated read of segments
Bjorn Andersson <bjorn.andersson@linaro.org>
soc: qcom: mdt_loader: Validate that p_filesz < p_memsz
William A. Kennington III <wak@google.com>
spi: Fix use-after-free with devm_spi_alloc_*
Johan Hovold <johan@kernel.org>
staging: greybus: uart: fix unprivileged TIOCCSERIAL
Colin Ian King <colin.king@canonical.com>
staging: rtl8192u: Fix potential infinite loop
Arnd Bergmann <arnd@arndb.de>
irqchip/gic-v3: Fix OF_BAD_ADDR error handling
Lv Yunlong <lyl2019@mail.ustc.edu.cn>
mtd: rawnand: gpmi: Fix a double free in gpmi_nand_init
Rander Wang <rander.wang@intel.com>
soundwire: stream: fix memory leak in stream config error path
Yang Yingliang <yangyingliang@huawei.com>
USB: gadget: udc: fix wrong pointer passed to IS_ERR() and PTR_ERR()
Tao Ren <rentao.bupt@gmail.com>
usb: gadget: aspeed: fix dma map failure
Giovanni Cabiddu <giovanni.cabiddu@intel.com>
crypto: qat - fix error path in adf_isr_resource_alloc()
Geert Uytterhoeven <geert+renesas@glider.be>
phy: marvell: ARMADA375_USBCLUSTER_PHY should not default to y, unconditionally
Srinivas Kandagatla <srinivas.kandagatla@linaro.org>
soundwire: bus: Fix device found flag correctly
Pan Bian <bianpan2016@163.com>
bus: qcom: Put child node before return
Michael Walle <michael@walle.cc>
mtd: require write permissions for locking and badblock ioctls
Fabian Vogt <fabian@ritter-vogt.de>
fotg210-udc: Complete OUT requests on short packets
Fabian Vogt <fabian@ritter-vogt.de>
fotg210-udc: Don't DMA more than the buffer can take
Fabian Vogt <fabian@ritter-vogt.de>
fotg210-udc: Mask GRP2 interrupts we don't handle
Fabian Vogt <fabian@ritter-vogt.de>
fotg210-udc: Remove a dubious condition leading to fotg210_done
Fabian Vogt <fabian@ritter-vogt.de>
fotg210-udc: Fix EP0 IN requests bigger than two packets
Fabian Vogt <fabian@ritter-vogt.de>
fotg210-udc: Fix DMA on EP0 for length > max packet size
Tong Zhang <ztong0001@gmail.com>
crypto: qat - ADF_STATUS_PF_RUNNING should be set after adf_dev_init
Tong Zhang <ztong0001@gmail.com>
crypto: qat - don't release uninitialized resources
Andy Shevchenko <andriy.shevchenko@linux.intel.com>
usb: gadget: pch_udc: Check for DMA mapping error
Andy Shevchenko <andriy.shevchenko@linux.intel.com>
usb: gadget: pch_udc: Check if driver is present before calling ->setup()
Andy Shevchenko <andriy.shevchenko@linux.intel.com>
usb: gadget: pch_udc: Replace cpu_to_le32() by lower_32_bits()
Otavio Pontes <otavio.pontes@intel.com>
x86/microcode: Check for offline CPUs before requesting new microcode
Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
mtd: rawnand: qcom: Return actual error code instead of -ENODEV
Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
mtd: Handle possible -EPROBE_DEFER from parse_mtd_partitions()
Álvaro Fernández Rojas <noltari@gmail.com>
mtd: rawnand: brcmnand: fix OOB R/W with Hamming ECC
Dan Carpenter <dan.carpenter@oracle.com>
mtd: rawnand: fsmc: Fix error code in fsmc_nand_probe()
Meng Li <Meng.Li@windriver.com>
regmap: set debugfs_name to NULL after it is freed
Badhri Jagan Sridharan <badhri@google.com>
usb: typec: tcpci: Check ROLE_CONTROL while interpreting CC_STATUS
Erwan Le Ray <erwan.leray@foss.st.com>
serial: stm32: fix tx_empty condition
Erwan Le Ray <erwan.leray@foss.st.com>
serial: stm32: fix incorrect characters on console
Krzysztof Kozlowski <krzk@kernel.org>
ARM: dts: exynos: correct PMIC interrupt trigger level on Snow
Krzysztof Kozlowski <krzk@kernel.org>
ARM: dts: exynos: correct PMIC interrupt trigger level on SMDK5250
Krzysztof Kozlowski <krzk@kernel.org>
ARM: dts: exynos: correct PMIC interrupt trigger level on Odroid X/U3 family
Krzysztof Kozlowski <krzk@kernel.org>
ARM: dts: exynos: correct PMIC interrupt trigger level on Midas family
Krzysztof Kozlowski <krzk@kernel.org>
ARM: dts: exynos: correct MUIC interrupt trigger level on Midas family
Krzysztof Kozlowski <krzk@kernel.org>
ARM: dts: exynos: correct fuel gauge interrupt trigger level on Midas family
Colin Ian King <colin.king@canonical.com>
memory: gpmc: fix out of bounds read and dereference on gpmc_cs[]
Andy Shevchenko <andriy.shevchenko@linux.intel.com>
usb: gadget: pch_udc: Revert d3cb25a12138 completely
Dan Carpenter <dan.carpenter@oracle.com>
ovl: fix missing revert_creds() on error path
Claudio Imbrenda <imbrenda@linux.ibm.com>
KVM: s390: split kvm_s390_real_to_abs
Heiko Carstens <hca@linux.ibm.com>
KVM: s390: fix guarded storage control register handling
Claudio Imbrenda <imbrenda@linux.ibm.com>
KVM: s390: split kvm_s390_logical_to_effective
Sean Christopherson <seanjc@google.com>
x86/cpu: Initialize MSR_TSC_AUX if RDTSCP *or* RDPID is supported
Takashi Iwai <tiwai@suse.de>
ALSA: hda/realtek: Remove redundant entry for ALC861 Haier/Uniwill devices
Takashi Iwai <tiwai@suse.de>
ALSA: hda/realtek: Re-order ALC269 Lenovo quirk table entries
Takashi Iwai <tiwai@suse.de>
ALSA: hda/realtek: Re-order ALC269 Sony quirk table entries
Takashi Iwai <tiwai@suse.de>
ALSA: hda/realtek: Re-order ALC269 Dell quirk table entries
Takashi Iwai <tiwai@suse.de>
ALSA: hda/realtek: Re-order ALC269 HP quirk table entries
Takashi Iwai <tiwai@suse.de>
ALSA: hda/realtek: Re-order ALC882 Clevo quirk table entries
Takashi Iwai <tiwai@suse.de>
ALSA: hda/realtek: Re-order ALC882 Sony quirk table entries
Takashi Iwai <tiwai@suse.de>
ALSA: hda/realtek: Re-order ALC882 Acer quirk table entries
Colin Ian King <colin.king@canonical.com>
drm/radeon: fix copy of uninitialized variable back to userspace
Johannes Berg <johannes.berg@intel.com>
cfg80211: scan: drop entry from hidden_list on overflow
Dan Carpenter <dan.carpenter@oracle.com>
ipw2x00: potential buffer overflow in libipw_wx_set_encodeext()
Jan Glauber <jglauber@digitalocean.com>
md: Fix missing unused status line of /proc/mdstat
Zhao Heming <heming.zhao@suse.com>
md: md_open returns -EBUSY when entering racing area
Christoph Hellwig <hch@lst.de>
md: factor out a mddev_find_locked helper from mddev_find
Christoph Hellwig <hch@lst.de>
md: split mddev_find
Heming Zhao <heming.zhao@suse.com>
md-cluster: fix use-after-free issue when removing rdev
Sudhakar Panneerselvam <sudhakar.panneerselvam@oracle.com>
md/bitmap: wait for external bitmap writes to complete during tear down
Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
misc: vmw_vmci: explicitly initialize vmci_datagram payload
Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
misc: vmw_vmci: explicitly initialize vmci_notify_bm_set_msg struct
Hans de Goede <hdegoede@redhat.com>
misc: lis3lv02d: Fix false-positive WARN on various HP models
Jonathan Cameron <Jonathan.Cameron@huawei.com>
iio:accel:adis16201: Fix wrong axis assignment that prevents loading
Maciej W. Rozycki <macro@orcam.me.uk>
FDDI: defxx: Bail out gracefully with unassigned PCI resource for CSR
Ilya Lipnitskiy <ilya.lipnitskiy@gmail.com>
MIPS: pci-rt2880: fix slot 0 configuration
Ilya Lipnitskiy <ilya.lipnitskiy@gmail.com>
MIPS: pci-mt7620: fix PLL lock check
Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
ASoC: samsung: tm2_wm5110: check of of_parse return value
Or Cohen <orcohen@paloaltonetworks.com>
net/nfc: fix use-after-free llcp_sock_bind/connect
Lin Ma <linma@zju.edu.cn>
bluetooth: eliminate the potential race condition when removing the HCI controller
Taehee Yoo <ap420073@gmail.com>
hsr: use netdev_err() instead of WARN_ONCE()
Archie Pusaka <apusaka@chromium.org>
Bluetooth: verify AMP hci_chan before amp_destroy
Christoph Hellwig <hch@lst.de>
modules: inherit TAINT_PROPRIETARY_MODULE
Christoph Hellwig <hch@lst.de>
modules: return licensing information from find_symbol
Christoph Hellwig <hch@lst.de>
modules: rename the licence field in struct symsearch to license
Christoph Hellwig <hch@lst.de>
modules: unexport __module_address
Christoph Hellwig <hch@lst.de>
modules: unexport __module_text_address
Christoph Hellwig <hch@lst.de>
modules: mark each_symbol_section static
Christoph Hellwig <hch@lst.de>
modules: mark find_symbol static
Christoph Hellwig <hch@lst.de>
modules: mark ref_module static
Benjamin Block <bblock@linux.ibm.com>
dm rq: fix double free of blk_mq_tag_set in dev remove after table load fails
Joe Thornber <ejt@redhat.com>
dm space map common: fix division bug in sm_ll_find_free_block()
Joe Thornber <ejt@redhat.com>
dm persistent data: packed struct should have an aligned() attribute too
Steven Rostedt (VMware) <rostedt@goodmis.org>
tracing: Restructure trace_clock_global() to never block
Steven Rostedt (VMware) <rostedt@goodmis.org>
tracing: Map all PIDs to command lines
Marek Vasut <marex@denx.de>
rsi: Use resume_noirq for SDIO
Pavel Skripkin <paskripkin@gmail.com>
tty: fix memory leak in vc_deallocate
Artur Petrosyan <Arthur.Petrosyan@synopsys.com>
usb: dwc2: Fix session request interrupt handler
Thinh Nguyen <Thinh.Nguyen@synopsys.com>
usb: dwc3: gadget: Fix START_TRANSFER link state check
Dean Anderson <dean@sensoray.com>
usb: gadget/function/f_fs string table fix for multiple languages
Hemant Kumar <hemantk@codeaurora.org>
usb: gadget: Fix double free of device descriptor pointers
Anirudh Rayabharam <mail@anirudhrb.com>
usb: gadget: dummy_hcd: fix gpf in gadget_setup
Peilin Ye <yepeilin.cs@gmail.com>
media: dvbdev: Fix memory leak in dvb_media_device_free()
Fengnan Chang <changfengnan@vivo.com>
ext4: fix error code in ext4_commit_super
Zhang Yi <yi.zhang@huawei.com>
ext4: do not set SB_ACTIVE in ext4_orphan_cleanup()
Zhang Yi <yi.zhang@huawei.com>
ext4: fix check to prevent false positive report of incorrect used inodes
Jian Cai <jiancai@google.com>
arm64: vdso: remove commas between macro name and arguments
Chen Jun <chenjun102@huawei.com>
posix-timers: Preserve return value in clock_adjtime32()
Thomas Gleixner <tglx@linutronix.de>
Revert 337f13046ff0 ("futex: Allow FUTEX_CLOCK_REALTIME with FUTEX_WAIT op")
Yang Yang <yang.yang29@zte.com.cn>
jffs2: check the validity of dstlen in jffs2_zlib_compress()
Linus Torvalds <torvalds@linux-foundation.org>
Fix misc new gcc warnings
Arnd Bergmann <arnd@arndb.de>
security: commoncap: fix -Wstringop-overread warning
Heinz Mauelshagen <heinzm@redhat.com>
dm raid: fix inconclusive reshape layout on fast raid4/5/6 table reload sequences
Paul Clements <paul.clements@us.sios.com>
md/raid1: properly indicate failure when ending a failed write request
Stefan Berger <stefanb@linux.ibm.com>
tpm: vtpm_proxy: Avoid reading host log when using a virtual device
Alexander Shishkin <alexander.shishkin@linux.intel.com>
intel_th: pci: Add Alder Lake-M support
Tony Ambardar <tony.ambardar@gmail.com>
powerpc: fix EDEADLOCK redefinition error in uapi/asm/errno.h
Mahesh Salgaonkar <mahesh@linux.ibm.com>
powerpc/eeh: Fix EEH handling for hugepages in ioremap space.
lizhe <lizhe67@huawei.com>
jffs2: Fix kasan slab-out-of-bounds problem
Trond Myklebust <trond.myklebust@hammerspace.com>
NFSv4: Don't discard segments marked for return in _pnfs_return_layout()
Trond Myklebust <trond.myklebust@hammerspace.com>
NFS: Don't discard pNFS layout segments that are marked for return
Marc Zyngier <maz@kernel.org>
ACPI: GTDT: Don't corrupt interrupt mappings on watchdow probe failure
Davide Caratti <dcaratti@redhat.com>
openvswitch: fix stack OOB read while fragmenting IPv4 packets
Ido Schimmel <idosch@nvidia.com>
mlxsw: spectrum_mr: Update egress RIF list before route's action
Chao Yu <yuchao0@huawei.com>
f2fs: fix to avoid out-of-bounds memory access
Guochun Mao <guochun.mao@mediatek.com>
ubifs: Only check replay with inode type to judge if inode linked
Bill Wendling <morbo@google.com>
arm64/vdso: Discard .note.gnu.property sections in vDSO
Filipe Manana <fdmanana@suse.com>
btrfs: fix race when picking most recent mod log operation for an old root
Eckhart Mohr <e.mohr@tuxedocomputers.com>
ALSA: hda/realtek: Add quirk for Intel Clevo PCx0Dx
Timo Gurr <timo.gurr@gmail.com>
ALSA: usb-audio: Add dB range mapping for Sennheiser Communications Headset PC 8
Takashi Iwai <tiwai@suse.de>
ALSA: usb-audio: More constifications
Takashi Iwai <tiwai@suse.de>
ALSA: usb-audio: Explicitly set up the clock selector
Lv Yunlong <lyl2019@mail.ustc.edu.cn>
ALSA: sb: Fix two use after free in snd_sb_qsound_build
Takashi Iwai <tiwai@suse.de>
ALSA: hda/conexant: Re-order CX5066 quirk table entries
Lv Yunlong <lyl2019@mail.ustc.edu.cn>
ALSA: emu8000: Fix a use after free in snd_emu8000_create_mixer
Harald Freudenberger <freude@linux.ibm.com>
s390/archrandom: add parameter check for s390_arch_random_generate
Bart Van Assche <bvanassche@acm.org>
scsi: libfc: Fix a format specifier
James Smart <jsmart2021@gmail.com>
scsi: lpfc: Remove unsupported mbox PORT_CAPABILITIES logic
James Smart <jsmart2021@gmail.com>
scsi: lpfc: Fix crash when a REG_RPI mailbox fails triggering a LOGO response
Guchun Chen <guchun.chen@amd.com>
drm/amdgpu: fix NULL pointer dereference
Arnd Bergmann <arnd@arndb.de>
amdgpu: avoid incorrect %hu format string
Marijn Suijten <marijn.suijten@somainline.org>
drm/msm/mdp5: Configure PP_SYNC_HEIGHT to double the vtotal
Hans Verkuil <hverkuil-cisco@xs4all.nl>
media: gscpa/stv06xx: fix memory leak
Pavel Skripkin <paskripkin@gmail.com>
media: dvb-usb: fix memory leak in dvb_usb_adapter_init
Yang Yingliang <yangyingliang@huawei.com>
media: i2c: adv7842: fix possible use-after-free in adv7842_remove()
Yang Yingliang <yangyingliang@huawei.com>
media: i2c: adv7511-v4l2: fix possible use-after-free in adv7511_remove()
Yang Yingliang <yangyingliang@huawei.com>
media: adv7604: fix possible use-after-free in adv76xx_remove()
Yang Yingliang <yangyingliang@huawei.com>
media: tc358743: fix possible use-after-free in tc358743_remove()
Yang Yingliang <yangyingliang@huawei.com>
power: supply: s3c_adc_battery: fix possible use-after-free in s3c_adc_bat_remove()
Yang Yingliang <yangyingliang@huawei.com>
power: supply: generic-adc-battery: fix possible use-after-free in gab_remove()
Colin Ian King <colin.king@canonical.com>
clk: socfpga: arria10: Fix memory leak of socfpga_clk on error return
Hans Verkuil <hverkuil-cisco@xs4all.nl>
media: vivid: update EDID
Muhammad Usama Anjum <musamaanjum@gmail.com>
media: em28xx: fix memory leak
Ewan D. Milne <emilne@redhat.com>
scsi: scsi_dh_alua: Remove check for ASC 24h in alua_rtpg()
Quinn Tran <qutran@marvell.com>
scsi: qla2xxx: Fix use after free in bsg
Bart Van Assche <bvanassche@acm.org>
scsi: qla2xxx: Always check the return value of qla24xx_get_isp_stats()
shaoyunl <shaoyun.liu@amd.com>
drm/amdgpu : Fix asic reset regression issue introduce by 8f211fe8ac7c4f
dongjian <dongjian@yulong.com>
power: supply: Use IRQF_ONESHOT
Hans Verkuil <hverkuil-cisco@xs4all.nl>
media: gspca/sq905.c: fix uninitialized variable
Daniel Niv <danielniv3@gmail.com>
media: media/saa7164: fix saa7164_encoder_register() memory leak bugs
Hans de Goede <hdegoede@redhat.com>
extcon: arizona: Fix some issues when HPDET IRQ fires after the jack has been unplugged
Matthias Schiffer <matthias.schiffer@ew.tq-group.com>
power: supply: bq27xxx: fix power_avg for newer ICs
Julian Braha <julianbraha@gmail.com>
media: drivers: media: pci: sta2x11: fix Kconfig dependency on GPIOLIB
Sean Young <sean@mess.org>
media: ite-cir: check for receive overflow
Chaitanya Kulkarni <chaitanya.kulkarni@wdc.com>
scsi: target: pscsi: Fix warning in pscsi_complete_cmd()
James Smart <jsmart2021@gmail.com>
scsi: lpfc: Fix pt2pt connection does not recover after LOGO
James Smart <jsmart2021@gmail.com>
scsi: lpfc: Fix incorrect dbde assignment when building target abts wqe
Josef Bacik <josef@toxicpanda.com>
btrfs: convert logic BUG_ON()'s in replace_path to ASSERT()'s
Yang Yingliang <yangyingliang@huawei.com>
phy: phy-twl4030-usb: Fix possible use-after-free in twl4030_usb_remove()
Pavel Machek <pavel@ucw.cz>
intel_th: Consistency and off-by-one fix
Wei Yongjun <weiyongjun1@huawei.com>
spi: omap-100k: Fix reference leak to master
Wei Yongjun <weiyongjun1@huawei.com>
spi: dln2: Fix reference leak to master
Mathias Nyman <mathias.nyman@linux.intel.com>
xhci: fix potential array out of bounds with several interrupters
Mathias Nyman <mathias.nyman@linux.intel.com>
xhci: check control context is valid before dereferencing it.
Chunfeng Yun <chunfeng.yun@mediatek.com>
usb: xhci-mtk: support quirk to disable usb2 lpm
Robin Murphy <robin.murphy@arm.com>
perf/arm_pmu_platform: Fix error handling
Jerome Forissier <jerome@forissier.org>
tee: optee: do not check memref size on return from Secure World
John Millikin <john@john-millikin.com>
x86/build: Propagate $(CLANG_FLAGS) to $(REALMODE_FLAGS)
Rafael J. Wysocki <rafael.j.wysocki@intel.com>
PCI: PM: Do not read power state in pci_enable_device_flags()
Thinh Nguyen <Thinh.Nguyen@synopsys.com>
usb: xhci: Fix port minor revision
Wesley Cheng <wcheng@codeaurora.org>
usb: dwc3: gadget: Ignore EP queue requests during bus reset
Ruslan Bilovol <ruslan.bilovol@gmail.com>
usb: gadget: f_uac1: validate input parameters
Vitaly Kuznetsov <vkuznets@redhat.com>
genirq/matrix: Prevent allocation counter corruption
Pawel Laszczak <pawell@cadence.com>
usb: gadget: uvc: add bInterval checking for HS mode
Ard Biesheuvel <ardb@kernel.org>
crypto: api - check for ERR pointers in crypto_destroy_tfm()
karthik alapati <mail@karthek.com>
staging: wimax/i2400m: fix byte-order issue
Phillip Potter <phil@philpotter.co.uk>
fbdev: zero-fill colormap in fbcmap.c
Alexander Shishkin <alexander.shishkin@linux.intel.com>
intel_th: pci: Add Rocket Lake CPU support
Filipe Manana <fdmanana@suse.com>
btrfs: fix metadata extent leak after failure to create subvolume
Paul Aurich <paul@darkrain42.org>
cifs: Return correct error code from smb2_get_enc_key
Gao Xiang <hsiangkao@redhat.com>
erofs: add unsupported inode i_format check
Seunghui Lee <sh043.lee@samsung.com>
mmc: core: Set read only for SD cards with permanent write protect bit
DooHyun Hwang <dh0421.hwang@samsung.com>
mmc: core: Do a power cycle when the CMD11 fails
Avri Altman <avri.altman@wdc.com>
mmc: block: Issue a cache flush only when it's enabled
Avri Altman <avri.altman@wdc.com>
mmc: block: Update ext_csd.cache_ctrl if it was written
Adrian Hunter <adrian.hunter@intel.com>
mmc: sdhci-pci: Fix initialization of some SD cards for Intel BYT-based controllers
Arun Easi <aeasi@marvell.com>
scsi: qla2xxx: Fix crash in qla2xxx_mqueuecommand()
Tudor Ambarus <tudor.ambarus@microchip.com>
spi: spi-ti-qspi: Free DMA resources
Kai Stuhlemmer (ebee Engineering) <kai.stuhlemmer@ebee.de>
mtd: rawnand: atmel: Update ecc_stats.corrected counter
Alexander Lobakin <alobakin@pm.me>
mtd: spinand: core: add missing MODULE_DEVICE_TABLE()
Jeffrey Mitchell <jeffrey.mitchell@starlab.io>
ecryptfs: fix kernel panic with null dev_name
Chunfeng Yun <chunfeng.yun@mediatek.com>
arm64: dts: mt8173: fix property typo of 'phys' in dsi node
Marek Behún <kabel@kernel.org>
arm64: dts: marvell: armada-37xx: add syscon compatible to NB clk node
Ard Biesheuvel <ardb@kernel.org>
ARM: 9056/1: decompressor: fix BSS size calculation for LLVM ld.lld
Steven Rostedt (VMware) <rostedt@goodmis.org>
ftrace: Handle commands when closing set_ftrace_filter file
Mark Langsdorf <mlangsdo@redhat.com>
ACPI: custom_method: fix a possible memory leak
Mark Langsdorf <mlangsdo@redhat.com>
ACPI: custom_method: fix potential use-after-free issue
Vasily Gorbik <gor@linux.ibm.com>
s390/disassembler: increase ebpf disasm buffer size
-------------
Diffstat:
Documentation/sphinx/parse-headers.pl | 2 +-
Documentation/target/tcm_mod_builder.py | 2 +-
Documentation/trace/postprocess/decode_msr.py | 2 +-
.../postprocess/trace-pagealloc-postprocess.pl | 2 +-
.../trace/postprocess/trace-vmscan-postprocess.pl | 2 +-
Makefile | 4 +-
arch/arc/kernel/entry.S | 4 +-
arch/arm/boot/compressed/Makefile | 4 +-
arch/arm/boot/dts/exynos4412-midas.dtsi | 6 +-
arch/arm/boot/dts/exynos4412-odroid-common.dtsi | 2 +-
arch/arm/boot/dts/exynos5250-smdk5250.dts | 2 +-
arch/arm/boot/dts/exynos5250-snow-common.dtsi | 2 +-
arch/arm/boot/dts/uniphier-pxs2.dtsi | 2 +-
arch/arm/include/asm/kvm_host.h | 1 +
arch/arm/kernel/asm-offsets.c | 3 +
arch/arm/kernel/hw_breakpoint.c | 2 +-
arch/arm/kernel/smccc-call.S | 11 +-
arch/arm/kernel/suspend.c | 19 +-
arch/arm/mm/cache-v7.S | 51 ++-
arch/arm64/boot/dts/marvell/armada-37xx.dtsi | 3 +-
arch/arm64/boot/dts/mediatek/mt8173.dtsi | 2 +-
arch/arm64/boot/dts/socionext/uniphier-ld20.dtsi | 2 +-
arch/arm64/boot/dts/socionext/uniphier-pxs3.dtsi | 4 +-
arch/arm64/include/asm/kvm_host.h | 1 +
arch/arm64/kernel/vdso/gettimeofday.S | 6 +-
arch/arm64/kernel/vdso/vdso.lds.S | 8 +-
arch/arm64/kvm/debug.c | 88 ++--
arch/ia64/include/asm/module.h | 6 +-
arch/ia64/kernel/module.c | 29 +-
arch/ia64/scripts/unwcheck.py | 2 +-
arch/mips/include/asm/div64.h | 55 ++-
arch/mips/pci/pci-legacy.c | 9 +-
arch/mips/pci/pci-mt7620.c | 5 +-
arch/mips/pci/pci-rt2880.c | 37 +-
arch/powerpc/Kconfig | 2 +-
arch/powerpc/Kconfig.debug | 1 +
arch/powerpc/include/asm/book3s/64/radix.h | 6 +-
arch/powerpc/include/uapi/asm/errno.h | 1 +
arch/powerpc/kernel/eeh.c | 11 +-
arch/powerpc/kernel/iommu.c | 4 +-
arch/powerpc/kernel/prom.c | 2 +-
arch/powerpc/kernel/smp.c | 6 +-
arch/powerpc/lib/feature-fixups.c | 35 +-
arch/powerpc/mm/pgtable-radix.c | 4 +-
arch/powerpc/perf/isa207-common.c | 4 +-
arch/powerpc/platforms/52xx/lite5200_sleep.S | 2 +-
arch/powerpc/platforms/pseries/hotplug-cpu.c | 3 -
arch/powerpc/platforms/pseries/pci_dlpar.c | 4 +-
arch/riscv/include/asm/ftrace.h | 14 +-
arch/riscv/kernel/mcount.S | 10 +-
arch/s390/crypto/arch_random.c | 4 +
arch/s390/kernel/dis.c | 2 +-
arch/s390/kvm/gaccess.h | 54 ++-
arch/s390/kvm/kvm-s390.c | 4 +-
arch/um/kernel/dyn.lds.S | 6 +
arch/um/kernel/uml.lds.S | 6 +
arch/x86/Kconfig | 1 +
arch/x86/Makefile | 1 +
arch/x86/entry/vdso/vma.c | 2 +-
arch/x86/events/amd/iommu.c | 6 +-
arch/x86/kernel/cpu/microcode/core.c | 8 +-
arch/x86/kernel/kprobes/core.c | 17 +-
arch/x86/kvm/x86.c | 1 +
arch/x86/lib/msr-smp.c | 4 +-
block/blk-mq.c | 6 +-
crypto/api.c | 2 +-
drivers/acpi/arm64/gtdt.c | 10 +-
drivers/acpi/cppc_acpi.c | 14 +-
drivers/acpi/custom_method.c | 4 +-
drivers/acpi/scan.c | 1 +
drivers/ata/libahci_platform.c | 4 +-
drivers/ata/pata_arasan_cf.c | 15 +-
drivers/ata/pata_ixp4xx_cf.c | 6 +-
drivers/ata/sata_mv.c | 4 +
drivers/base/regmap/regmap-debugfs.c | 1 +
drivers/block/null_blk_zoned.c | 1 +
drivers/bus/qcom-ebi2.c | 4 +-
drivers/char/tpm/eventlog/common.c | 3 +
drivers/char/tpm/tpm2-cmd.c | 1 +
drivers/char/ttyprintk.c | 11 +
drivers/clk/mvebu/armada-37xx-periph.c | 83 ++--
drivers/clk/qcom/a53-pll.c | 1 +
drivers/clk/samsung/clk-exynos7.c | 7 +-
drivers/clk/socfpga/clk-gate-a10.c | 1 +
drivers/clk/uniphier/clk-uniphier-mux.c | 4 +-
drivers/cpufreq/armada-37xx-cpufreq.c | 76 +++-
drivers/crypto/qat/qat_c3xxxvf/adf_drv.c | 4 +-
drivers/crypto/qat/qat_c62xvf/adf_drv.c | 4 +-
drivers/crypto/qat/qat_common/adf_isr.c | 29 +-
drivers/crypto/qat/qat_common/adf_transport.c | 1 +
drivers/crypto/qat/qat_common/adf_vf_isr.c | 17 +-
drivers/crypto/qat/qat_dh895xccvf/adf_drv.c | 4 +-
drivers/extcon/extcon-arizona.c | 17 +-
drivers/firmware/Kconfig | 1 +
drivers/gpio/gpiolib-acpi.c | 14 +
drivers/gpu/drm/amd/amdgpu/amdgpu_irq.c | 2 +-
drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c | 2 +-
drivers/gpu/drm/amd/amdgpu/amdgpu_uvd.c | 2 +-
drivers/gpu/drm/amd/amdkfd/kfd_iommu.c | 6 +
drivers/gpu/drm/amd/amdkfd/kfd_iommu.h | 9 +-
drivers/gpu/drm/i915/gvt/gvt.c | 8 +-
drivers/gpu/drm/i915/intel_pm.c | 2 +-
drivers/gpu/drm/msm/disp/mdp5/mdp5_cmd_encoder.c | 10 +-
drivers/gpu/drm/radeon/radeon.h | 1 +
drivers/gpu/drm/radeon/radeon_atombios.c | 26 +-
drivers/gpu/drm/radeon/radeon_kms.c | 1 +
drivers/gpu/drm/radeon/radeon_pm.c | 8 +
drivers/gpu/drm/radeon/si_dpm.c | 3 +
drivers/hid/hid-ids.h | 1 +
drivers/hid/hid-plantronics.c | 60 ++-
drivers/hsi/hsi_core.c | 3 +-
drivers/hv/channel_mgmt.c | 30 +-
drivers/hwtracing/intel_th/gth.c | 4 +-
drivers/hwtracing/intel_th/pci.c | 10 +
drivers/i2c/busses/i2c-cadence.c | 5 +-
drivers/i2c/busses/i2c-emev2.c | 5 +-
drivers/i2c/busses/i2c-jz4780.c | 5 +-
drivers/i2c/busses/i2c-sh7760.c | 5 +-
drivers/i2c/i2c-dev.c | 9 +-
drivers/iio/accel/adis16201.c | 2 +-
drivers/iio/gyro/mpu3050-core.c | 13 +-
drivers/iio/light/tsl2583.c | 8 +
drivers/iio/proximity/pulsedlight-lidar-lite-v2.c | 1 +
drivers/infiniband/hw/bnxt_re/qplib_res.c | 1 +
drivers/infiniband/hw/hfi1/firmware.c | 1 +
drivers/infiniband/hw/i40iw/i40iw_pble.c | 6 +-
drivers/infiniband/ulp/srpt/ib_srpt.c | 1 +
drivers/input/touchscreen/elants_i2c.c | 44 +-
drivers/input/touchscreen/silead.c | 44 +-
drivers/irqchip/irq-gic-v3-mbi.c | 2 +-
drivers/isdn/capi/kcapi.c | 4 +-
drivers/md/dm-raid.c | 34 +-
drivers/md/dm-rq.c | 2 +
drivers/md/md-bitmap.c | 2 +
drivers/md/md.c | 73 +--
drivers/md/persistent-data/dm-btree-internal.h | 4 +-
drivers/md/persistent-data/dm-space-map-common.c | 2 +
drivers/md/persistent-data/dm-space-map-common.h | 8 +-
drivers/md/raid1.c | 2 +
drivers/media/dvb-core/dvbdev.c | 1 +
drivers/media/i2c/adv7511-v4l2.c | 2 +-
drivers/media/i2c/adv7604.c | 2 +-
drivers/media/i2c/adv7842.c | 2 +-
drivers/media/i2c/tc358743.c | 2 +-
drivers/media/pci/saa7164/saa7164-encoder.c | 20 +-
drivers/media/pci/sta2x11/Kconfig | 1 +
drivers/media/platform/vivid/vivid-core.c | 6 +-
drivers/media/platform/vivid/vivid-vid-out.c | 2 +-
drivers/media/rc/ite-cir.c | 8 +-
drivers/media/tuners/m88rs6000t.c | 6 +-
drivers/media/usb/dvb-usb/dvb-usb-init.c | 20 +-
drivers/media/usb/dvb-usb/dvb-usb.h | 2 +-
drivers/media/usb/em28xx/em28xx-dvb.c | 1 +
drivers/media/usb/gspca/gspca.c | 2 +
drivers/media/usb/gspca/gspca.h | 1 +
drivers/media/usb/gspca/sq905.c | 2 +-
drivers/media/usb/gspca/stv06xx/stv06xx.c | 9 +
drivers/memory/omap-gpmc.c | 7 +-
drivers/mfd/stm32-timers.c | 7 +-
drivers/misc/aspeed-lpc-snoop.c | 4 +-
drivers/misc/kgdbts.c | 26 +-
drivers/misc/lis3lv02d/lis3lv02d.c | 21 +-
drivers/misc/vmw_vmci/vmci_doorbell.c | 2 +-
drivers/misc/vmw_vmci/vmci_guest.c | 2 +-
drivers/mmc/core/block.c | 16 +
drivers/mmc/core/core.c | 2 +-
drivers/mmc/core/core.h | 9 +
drivers/mmc/core/mmc.c | 7 +
drivers/mmc/core/mmc_ops.c | 4 +-
drivers/mmc/core/sd.c | 6 +
drivers/mmc/host/sdhci-pci-core.c | 27 ++
drivers/mtd/mtdchar.c | 8 +-
drivers/mtd/mtdcore.c | 3 +
drivers/mtd/nand/raw/atmel/nand-controller.c | 6 +-
drivers/mtd/nand/raw/brcmnand/brcmnand.c | 6 +
drivers/mtd/nand/raw/fsmc_nand.c | 2 +
drivers/mtd/nand/raw/gpmi-nand/gpmi-nand.c | 2 +-
drivers/mtd/nand/raw/qcom_nandc.c | 7 +-
drivers/mtd/nand/spi/core.c | 2 +
drivers/net/ethernet/broadcom/bnxt/bnxt.c | 4 +-
.../net/ethernet/cavium/liquidio/cn23xx_pf_regs.h | 2 +-
drivers/net/ethernet/cavium/thunder/nicvf_queues.c | 2 +-
drivers/net/ethernet/chelsio/cxgb4/cxgb4_debugfs.c | 2 +-
drivers/net/ethernet/cisco/enic/enic_main.c | 7 +-
drivers/net/ethernet/hisilicon/hns3/hns3_enet.c | 3 +-
.../ethernet/hisilicon/hns3/hns3pf/hclge_mdio.c | 2 +
drivers/net/ethernet/intel/i40e/i40e_client.c | 1 +
drivers/net/ethernet/mediatek/mtk_eth_soc.c | 2 +-
drivers/net/ethernet/mediatek/mtk_eth_soc.h | 1 +
drivers/net/ethernet/mellanox/mlxsw/spectrum_mr.c | 30 +-
drivers/net/ethernet/qualcomm/emac/emac-mac.c | 4 +-
.../net/ethernet/stmicro/stmmac/dwmac-ipq806x.c | 2 +
drivers/net/ethernet/stmicro/stmmac/dwmac4_dma.c | 7 +-
drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 14 +-
drivers/net/ethernet/ti/davinci_emac.c | 4 +-
drivers/net/fddi/Kconfig | 15 +-
drivers/net/fddi/defxx.c | 47 +-
drivers/net/geneve.c | 4 +-
drivers/net/wan/lapbether.c | 32 +-
drivers/net/wimax/i2400m/op-rfkill.c | 2 +-
drivers/net/wireless/ath/ath10k/wmi-tlv.c | 3 +
drivers/net/wireless/ath/ath9k/htc_drv_init.c | 2 +-
drivers/net/wireless/ath/ath9k/hw.c | 2 +-
drivers/net/wireless/intel/ipw2x00/libipw_wx.c | 6 +-
drivers/net/wireless/marvell/mwl8k.c | 1 +
drivers/net/wireless/mediatek/mt7601u/eeprom.c | 2 +-
.../net/wireless/realtek/rtlwifi/rtl8821ae/table.c | 500 +++++++++++++++------
drivers/net/wireless/rsi/rsi_91x_sdio.c | 2 +-
drivers/net/wireless/wl3501.h | 47 +-
drivers/net/wireless/wl3501_cs.c | 54 +--
drivers/nfc/pn533/pn533.c | 3 +
drivers/nvme/host/core.c | 3 +-
drivers/nvme/host/multipath.c | 4 +
drivers/of/fdt.c | 12 +-
drivers/pci/controller/pci-thunder-ecam.c | 2 +-
drivers/pci/controller/pci-thunder-pem.c | 13 +-
drivers/pci/controller/pcie-iproc-msi.c | 2 +-
drivers/pci/endpoint/functions/pci-epf-test.c | 3 +
drivers/pci/hotplug/acpiphp_glue.c | 1 +
drivers/pci/pci.c | 16 +-
drivers/pci/pci.h | 6 +
drivers/pci/probe.c | 1 +
drivers/perf/arm_pmu_platform.c | 2 +-
drivers/phy/marvell/Kconfig | 4 +-
drivers/phy/ti/phy-twl4030-usb.c | 2 +-
drivers/pinctrl/pinctrl-ingenic.c | 3 +-
drivers/pinctrl/samsung/pinctrl-exynos.c | 10 +-
drivers/platform/x86/pmc_atom.c | 28 +-
drivers/power/supply/bq27xxx_battery.c | 51 ++-
drivers/power/supply/generic-adc-battery.c | 2 +-
drivers/power/supply/lp8788-charger.c | 2 +-
drivers/power/supply/pm2301_charger.c | 2 +-
drivers/power/supply/s3c_adc_battery.c | 2 +-
drivers/power/supply/tps65090-charger.c | 2 +-
drivers/power/supply/tps65217_charger.c | 2 +-
drivers/rpmsg/qcom_glink_native.c | 1 +
drivers/rtc/rtc-ds1307.c | 12 +-
drivers/scsi/device_handler/scsi_dh_alua.c | 5 +-
drivers/scsi/ibmvscsi/ibmvfc.c | 57 ++-
drivers/scsi/jazz_esp.c | 4 +-
drivers/scsi/libfc/fc_lport.c | 2 +-
drivers/scsi/lpfc/lpfc_crtn.h | 3 -
drivers/scsi/lpfc/lpfc_hw4.h | 174 +------
drivers/scsi/lpfc/lpfc_init.c | 103 +----
drivers/scsi/lpfc/lpfc_mbox.c | 36 --
drivers/scsi/lpfc/lpfc_nportdisc.c | 11 +-
drivers/scsi/lpfc/lpfc_nvmet.c | 1 -
drivers/scsi/lpfc/lpfc_sli.c | 1 -
drivers/scsi/qla2xxx/qla_attr.c | 8 +-
drivers/scsi/qla2xxx/qla_bsg.c | 3 +-
drivers/scsi/qla2xxx/qla_os.c | 7 -
drivers/scsi/sni_53c710.c | 5 +-
drivers/scsi/sun3x_esp.c | 4 +-
drivers/soc/qcom/mdt_loader.c | 17 +
drivers/soundwire/bus.c | 3 +-
drivers/soundwire/stream.c | 10 +-
drivers/spi/spi-dln2.c | 2 +-
drivers/spi/spi-omap-100k.c | 6 +-
drivers/spi/spi-ti-qspi.c | 20 +-
drivers/spi/spi.c | 9 +-
drivers/staging/erofs/erofs_fs.h | 3 +
drivers/staging/erofs/inode.c | 6 +
drivers/staging/greybus/uart.c | 2 -
drivers/staging/media/omap4iss/iss.c | 4 +-
drivers/staging/rtl8192u/r8192U_core.c | 2 +-
drivers/target/target_core_pscsi.c | 3 +-
drivers/target/target_core_user.c | 4 +-
drivers/tee/optee/core.c | 10 -
drivers/thermal/fair_share.c | 4 +
drivers/tty/serial/stm32-usart.c | 17 +-
drivers/tty/serial/stm32-usart.h | 3 -
drivers/tty/tty_io.c | 8 +-
drivers/tty/vt/vt.c | 1 +
drivers/usb/class/cdc-acm.c | 2 -
drivers/usb/class/cdc-wdm.c | 30 +-
drivers/usb/core/hub.c | 6 +-
drivers/usb/dwc2/core.h | 2 +
drivers/usb/dwc2/core_intr.c | 162 ++++---
drivers/usb/dwc2/gadget.c | 3 +-
drivers/usb/dwc2/hcd.c | 10 +-
drivers/usb/dwc3/dwc3-omap.c | 5 +
drivers/usb/dwc3/dwc3-pci.c | 1 +
drivers/usb/dwc3/gadget.c | 26 +-
drivers/usb/gadget/config.c | 4 +
drivers/usb/gadget/function/f_fs.c | 3 +-
drivers/usb/gadget/function/f_uac1.c | 43 ++
drivers/usb/gadget/function/f_uvc.c | 7 +-
drivers/usb/gadget/udc/aspeed-vhub/core.c | 3 +-
drivers/usb/gadget/udc/aspeed-vhub/epn.c | 2 +-
drivers/usb/gadget/udc/dummy_hcd.c | 23 +-
drivers/usb/gadget/udc/fotg210-udc.c | 26 +-
drivers/usb/gadget/udc/pch_udc.c | 49 +-
drivers/usb/gadget/udc/r8a66597-udc.c | 2 +
drivers/usb/gadget/udc/snps_udc_plat.c | 4 +-
drivers/usb/host/fotg210-hcd.c | 4 +-
drivers/usb/host/sl811-hcd.c | 9 +-
drivers/usb/host/xhci-ext-caps.h | 5 +-
drivers/usb/host/xhci-mem.c | 9 +
drivers/usb/host/xhci-mtk.c | 3 +
drivers/usb/host/xhci-mtk.h | 1 +
drivers/usb/host/xhci-pci.c | 4 +-
drivers/usb/host/xhci.c | 20 +-
drivers/usb/typec/tcpci.c | 21 +-
drivers/usb/usbip/vudc_sysfs.c | 2 +
drivers/vfio/mdev/mdev_sysfs.c | 2 +-
drivers/video/fbdev/core/fbcmap.c | 8 +-
fs/block_dev.c | 20 +-
fs/btrfs/ctree.c | 20 +
fs/btrfs/ioctl.c | 18 +-
fs/btrfs/relocation.c | 6 +-
fs/ceph/caps.c | 1 +
fs/ceph/inode.c | 1 +
fs/cifs/smb2ops.c | 2 +-
fs/dlm/debug_fs.c | 1 +
fs/ecryptfs/main.c | 6 +
fs/ext4/ialloc.c | 48 +-
fs/ext4/super.c | 9 +-
fs/f2fs/inline.c | 3 +-
fs/f2fs/node.c | 3 +
fs/fuse/cuse.c | 2 +
fs/hfsplus/extents.c | 7 +-
fs/iomap.c | 34 +-
fs/jffs2/compr_rtime.c | 3 +
fs/jffs2/scan.c | 2 +-
fs/nfs/flexfilelayout/flexfilelayout.c | 2 +-
fs/nfs/inode.c | 8 +-
fs/nfs/nfs42proc.c | 21 +-
fs/nfs/pnfs.c | 7 +-
fs/overlayfs/copy_up.c | 3 +-
fs/squashfs/file.c | 6 +-
fs/ubifs/replay.c | 3 +-
include/crypto/acompress.h | 2 +
include/crypto/aead.h | 2 +
include/crypto/akcipher.h | 2 +
include/crypto/hash.h | 4 +
include/crypto/kpp.h | 2 +
include/crypto/rng.h | 2 +
include/crypto/skcipher.h | 2 +
include/linux/hid.h | 2 +
include/linux/i2c.h | 2 +
include/linux/iomap.h | 1 +
include/linux/module.h | 26 +-
include/linux/power/bq27xxx_battery.h | 1 -
include/linux/smp.h | 2 +-
include/linux/spi/spi.h | 3 +
include/linux/tty_driver.h | 2 +-
include/net/bluetooth/hci_core.h | 1 +
include/scsi/libfcoe.h | 2 +-
include/uapi/linux/netfilter/xt_SECMARK.h | 6 +
include/uapi/linux/tty_flags.h | 4 +-
kernel/futex.c | 3 +-
kernel/irq/matrix.c | 4 +-
kernel/kexec_file.c | 4 +-
kernel/module.c | 61 ++-
kernel/sched/debug.c | 42 +-
kernel/sched/fair.c | 12 +-
kernel/smp.c | 10 +-
kernel/time/posix-timers.c | 4 +-
kernel/trace/ftrace.c | 5 +-
kernel/trace/trace.c | 41 +-
kernel/trace/trace_clock.c | 44 +-
kernel/up.c | 2 +-
lib/bug.c | 33 +-
lib/kobject_uevent.c | 9 +-
lib/nlattr.c | 2 +-
lib/stackdepot.c | 6 +-
mm/hugetlb.c | 11 +-
mm/khugepaged.c | 18 +-
mm/ksm.c | 1 +
mm/memory-failure.c | 2 +-
mm/shmem.c | 12 +-
mm/sparse.c | 1 +
net/bluetooth/ecdh_helper.h | 2 +-
net/bluetooth/hci_event.c | 3 +-
net/bluetooth/hci_request.c | 12 +-
net/bluetooth/l2cap_core.c | 4 +
net/bluetooth/l2cap_sock.c | 8 +
net/bridge/br_arp_nd_proxy.c | 4 +-
net/core/ethtool.c | 2 +-
net/hsr/hsr_framereg.c | 3 +-
net/ipv4/tcp_cong.c | 4 +
net/ipv6/ip6_gre.c | 7 +-
net/ipv6/ip6_tunnel.c | 3 +-
net/ipv6/ip6_vti.c | 3 +-
net/ipv6/sit.c | 5 +-
net/mac80211/main.c | 7 +-
net/mac80211/mlme.c | 5 +
net/netfilter/nf_conntrack_standalone.c | 5 +-
net/netfilter/nfnetlink_osf.c | 2 +
net/netfilter/nft_set_hash.c | 10 +-
net/netfilter/xt_SECMARK.c | 88 +++-
net/nfc/digital_dep.c | 2 +
net/nfc/llcp_sock.c | 4 +
net/openvswitch/actions.c | 8 +-
net/sctp/sm_make_chunk.c | 2 +-
net/sctp/sm_statefuns.c | 28 +-
net/sctp/socket.c | 38 +-
net/smc/af_smc.c | 4 +-
net/tipc/netlink_compat.c | 2 +-
net/vmw_vsock/vmci_transport.c | 3 +-
net/wireless/scan.c | 2 +
net/xdp/xsk_queue.h | 7 +-
samples/bpf/tracex1_kern.c | 4 +-
samples/kfifo/bytestream-example.c | 8 +-
samples/kfifo/inttype-example.c | 8 +-
samples/kfifo/record-example.c | 8 +-
scripts/bloat-o-meter | 2 +-
scripts/config | 2 +-
scripts/diffconfig | 2 +-
scripts/kconfig/nconf.c | 2 +-
scripts/recordmcount.pl | 2 +-
scripts/split-man.pl | 2 +-
security/commoncap.c | 2 +-
sound/core/init.c | 2 -
sound/isa/sb/emu8000.c | 4 +-
sound/isa/sb/sb16_csp.c | 8 +-
sound/pci/hda/hda_generic.c | 16 +-
sound/pci/hda/patch_conexant.c | 14 +-
sound/pci/hda/patch_realtek.c | 89 ++--
sound/pci/rme9652/hdsp.c | 3 +-
sound/pci/rme9652/hdspm.c | 3 +-
sound/pci/rme9652/rme9652.c | 3 +-
sound/soc/codecs/ak5558.c | 4 +-
sound/soc/codecs/rt286.c | 23 +-
sound/soc/intel/boards/bytcr_rt5640.c | 20 +
sound/soc/samsung/tm2_wm5110.c | 2 +-
sound/usb/card.c | 14 +-
sound/usb/clock.c | 18 +-
sound/usb/midi.c | 2 +-
sound/usb/mixer.c | 60 +--
sound/usb/mixer_maps.c | 68 +--
sound/usb/mixer_quirks.c | 6 +-
sound/usb/mixer_scarlett.c | 14 +-
sound/usb/proc.c | 2 +-
sound/usb/quirks.c | 16 +-
sound/usb/stream.c | 4 +-
sound/usb/usbaudio.h | 2 +
sound/usb/validate.c | 4 +-
tools/perf/python/tracepoint.py | 2 +-
tools/perf/util/symbol_fprintf.c | 2 +-
tools/testing/ktest/compare-ktest-sample.pl | 2 +-
tools/testing/selftests/bpf/test_offload.py | 2 +-
tools/testing/selftests/lib.mk | 4 +
tools/testing/selftests/tc-testing/tdc_batch.py | 2 +-
virt/kvm/arm/arm.c | 2 +
445 files changed, 3265 insertions(+), 1849 deletions(-)
^ permalink raw reply [flat|nested] 440+ messages in thread
* [PATCH 4.19 001/425] s390/disassembler: increase ebpf disasm buffer size
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
@ 2021-05-20 9:16 ` Greg Kroah-Hartman
2021-05-20 9:16 ` [PATCH 4.19 002/425] ACPI: custom_method: fix potential use-after-free issue Greg Kroah-Hartman
` (430 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:16 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Heiko Carstens, Vasily Gorbik
From: Vasily Gorbik <gor@linux.ibm.com>
commit 6f3353c2d2b3eb4de52e9704cb962712033db181 upstream.
Current ebpf disassembly buffer size of 64 is too small. E.g. this line
takes 65 bytes:
01fffff8005822e: ec8100ed8065\tclgrj\t%r8,%r1,8,001fffff80058408\n\0
Double the buffer size like it is done for the kernel disassembly buffer.
Fixes the following KASAN finding:
UG: KASAN: stack-out-of-bounds in print_fn_code+0x34c/0x380
Write of size 1 at addr 001fff800ad5f970 by task test_progs/853
CPU: 53 PID: 853 Comm: test_progs Not tainted
5.12.0-rc7-23786-g23457d86b1f0-dirty #19
Hardware name: IBM 3906 M04 704 (LPAR)
Call Trace:
[<0000000cd8e0538a>] show_stack+0x17a/0x1668
[<0000000cd8e2a5d8>] dump_stack+0x140/0x1b8
[<0000000cd8e16e74>] print_address_description.constprop.0+0x54/0x260
[<0000000cd75a8698>] kasan_report+0xc8/0x130
[<0000000cd6e26da4>] print_fn_code+0x34c/0x380
[<0000000cd6ea0f4e>] bpf_int_jit_compile+0xe3e/0xe58
[<0000000cd72c4c88>] bpf_prog_select_runtime+0x5b8/0x9c0
[<0000000cd72d1bf8>] bpf_prog_load+0xa78/0x19c0
[<0000000cd72d7ad6>] __do_sys_bpf.part.0+0x18e/0x768
[<0000000cd6e0f392>] do_syscall+0x12a/0x220
[<0000000cd8e333f8>] __do_syscall+0x98/0xc8
[<0000000cd8e54834>] system_call+0x6c/0x94
1 lock held by test_progs/853:
#0: 0000000cd9bf7460 (report_lock){....}-{2:2}, at:
kasan_report+0x96/0x130
addr 001fff800ad5f970 is located in stack of task test_progs/853 at
offset 96 in frame:
print_fn_code+0x0/0x380
this frame has 1 object:
[32, 96) 'buffer'
Memory state around the buggy address:
001fff800ad5f800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
001fff800ad5f880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>001fff800ad5f900: 00 00 f1 f1 f1 f1 00 00 00 00 00 00 00 00 f3 f3
^
001fff800ad5f980: f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 00 00
001fff800ad5fa00: 00 00 00 00 00 00 00 f1 f1 f1 f1 00 00 00 00 00
Cc: <stable@vger.kernel.org>
Reviewed-by: Heiko Carstens <hca@linux.ibm.com>
Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
Signed-off-by: Heiko Carstens <hca@linux.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/s390/kernel/dis.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/arch/s390/kernel/dis.c
+++ b/arch/s390/kernel/dis.c
@@ -558,7 +558,7 @@ void show_code(struct pt_regs *regs)
void print_fn_code(unsigned char *code, unsigned long len)
{
- char buffer[64], *ptr;
+ char buffer[128], *ptr;
int opsize, i;
while (len) {
^ permalink raw reply [flat|nested] 440+ messages in thread
* [PATCH 4.19 002/425] ACPI: custom_method: fix potential use-after-free issue
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
2021-05-20 9:16 ` [PATCH 4.19 001/425] s390/disassembler: increase ebpf disasm buffer size Greg Kroah-Hartman
@ 2021-05-20 9:16 ` Greg Kroah-Hartman
2021-05-20 9:16 ` [PATCH 4.19 003/425] ACPI: custom_method: fix a possible memory leak Greg Kroah-Hartman
` (429 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:16 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Mark Langsdorf, Rafael J. Wysocki
From: Mark Langsdorf <mlangsdo@redhat.com>
commit e483bb9a991bdae29a0caa4b3a6d002c968f94aa upstream.
In cm_write(), buf is always freed when reaching the end of the
function. If the requested count is less than table.length, the
allocated buffer will be freed but subsequent calls to cm_write() will
still try to access it.
Remove the unconditional kfree(buf) at the end of the function and
set the buf to NULL in the -EINVAL error path to match the rest of
function.
Fixes: 03d1571d9513 ("ACPI: custom_method: fix memory leaks")
Signed-off-by: Mark Langsdorf <mlangsdo@redhat.com>
Cc: 5.4+ <stable@vger.kernel.org> # 5.4+
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/acpi/custom_method.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/acpi/custom_method.c
+++ b/drivers/acpi/custom_method.c
@@ -50,6 +50,7 @@ static ssize_t cm_write(struct file *fil
(*ppos + count < count) ||
(count > uncopied_bytes)) {
kfree(buf);
+ buf = NULL;
return -EINVAL;
}
@@ -71,7 +72,6 @@ static ssize_t cm_write(struct file *fil
add_taint(TAINT_OVERRIDDEN_ACPI_TABLE, LOCKDEP_NOW_UNRELIABLE);
}
- kfree(buf);
return count;
}
^ permalink raw reply [flat|nested] 440+ messages in thread
* [PATCH 4.19 003/425] ACPI: custom_method: fix a possible memory leak
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
2021-05-20 9:16 ` [PATCH 4.19 001/425] s390/disassembler: increase ebpf disasm buffer size Greg Kroah-Hartman
2021-05-20 9:16 ` [PATCH 4.19 002/425] ACPI: custom_method: fix potential use-after-free issue Greg Kroah-Hartman
@ 2021-05-20 9:16 ` Greg Kroah-Hartman
2021-05-20 9:16 ` [PATCH 4.19 004/425] ftrace: Handle commands when closing set_ftrace_filter file Greg Kroah-Hartman
` (428 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:16 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Mark Langsdorf, Rafael J. Wysocki
From: Mark Langsdorf <mlangsdo@redhat.com>
commit 1cfd8956437f842836e8a066b40d1ec2fc01f13e upstream.
In cm_write(), if the 'buf' is allocated memory but not fully consumed,
it is possible to reallocate the buffer without freeing it by passing
'*ppos' as 0 on a subsequent call.
Add an explicit kfree() before kzalloc() to prevent the possible memory
leak.
Fixes: 526b4af47f44 ("ACPI: Split out custom_method functionality into an own driver")
Signed-off-by: Mark Langsdorf <mlangsdo@redhat.com>
Cc: 5.4+ <stable@vger.kernel.org> # 5.4+
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/acpi/custom_method.c | 2 ++
1 file changed, 2 insertions(+)
--- a/drivers/acpi/custom_method.c
+++ b/drivers/acpi/custom_method.c
@@ -37,6 +37,8 @@ static ssize_t cm_write(struct file *fil
sizeof(struct acpi_table_header)))
return -EFAULT;
uncopied_bytes = max_size = table.length;
+ /* make sure the buf is not allocated */
+ kfree(buf);
buf = kzalloc(max_size, GFP_KERNEL);
if (!buf)
return -ENOMEM;
^ permalink raw reply [flat|nested] 440+ messages in thread
* [PATCH 4.19 004/425] ftrace: Handle commands when closing set_ftrace_filter file
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (2 preceding siblings ...)
2021-05-20 9:16 ` [PATCH 4.19 003/425] ACPI: custom_method: fix a possible memory leak Greg Kroah-Hartman
@ 2021-05-20 9:16 ` Greg Kroah-Hartman
2021-05-20 9:16 ` [PATCH 4.19 005/425] ARM: 9056/1: decompressor: fix BSS size calculation for LLVM ld.lld Greg Kroah-Hartman
` (427 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:16 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Steven Rostedt (VMware)
From: Steven Rostedt (VMware) <rostedt@goodmis.org>
commit 8c9af478c06bb1ab1422f90d8ecbc53defd44bc3 upstream.
# echo switch_mm:traceoff > /sys/kernel/tracing/set_ftrace_filter
will cause switch_mm to stop tracing by the traceoff command.
# echo -n switch_mm:traceoff > /sys/kernel/tracing/set_ftrace_filter
does nothing.
The reason is that the parsing in the write function only processes
commands if it finished parsing (there is white space written after the
command). That's to handle:
write(fd, "switch_mm:", 10);
write(fd, "traceoff", 8);
cases, where the command is broken over multiple writes.
The problem is if the file descriptor is closed, then the write call is
not processed, and the command needs to be processed in the release code.
The release code can handle matching of functions, but does not handle
commands.
Cc: stable@vger.kernel.org
Fixes: eda1e32855656 ("tracing: handle broken names in ftrace filter")
Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
kernel/trace/ftrace.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
--- a/kernel/trace/ftrace.c
+++ b/kernel/trace/ftrace.c
@@ -5023,7 +5023,10 @@ int ftrace_regex_release(struct inode *i
parser = &iter->parser;
if (trace_parser_loaded(parser)) {
- ftrace_match_records(iter->hash, parser->buffer, parser->idx);
+ int enable = !(iter->flags & FTRACE_ITER_NOTRACE);
+
+ ftrace_process_regex(iter, parser->buffer,
+ parser->idx, enable);
}
trace_parser_put(parser);
^ permalink raw reply [flat|nested] 440+ messages in thread
* [PATCH 4.19 005/425] ARM: 9056/1: decompressor: fix BSS size calculation for LLVM ld.lld
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (3 preceding siblings ...)
2021-05-20 9:16 ` [PATCH 4.19 004/425] ftrace: Handle commands when closing set_ftrace_filter file Greg Kroah-Hartman
@ 2021-05-20 9:16 ` Greg Kroah-Hartman
2021-05-20 9:16 ` [PATCH 4.19 006/425] arm64: dts: marvell: armada-37xx: add syscon compatible to NB clk node Greg Kroah-Hartman
` (426 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:16 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Nick Desaulniers, Guillaume Tucker,
kernelci.org bot, Ard Biesheuvel, Russell King
From: Ard Biesheuvel <ardb@kernel.org>
commit c4e792d1acce31c2eb7b9193ab06ab94de05bf42 upstream.
The LLVM ld.lld linker uses a different symbol type for __bss_start,
resulting in the calculation of KBSS_SZ to be thrown off. Up until now,
this has gone unnoticed as it only affects the appended DTB case, but
pending changes for ARM in the way the decompressed kernel is cleaned
from the caches has uncovered this problem.
On a ld.lld build:
$ nm vmlinux |grep bss_
c1c22034 D __bss_start
c1c86e98 B __bss_stop
resulting in
$ readelf -s arch/arm/boot/compressed/vmlinux | grep bss_size
433: c1c86e98 0 NOTYPE GLOBAL DEFAULT ABS _kernel_bss_size
which is obviously incorrect, and may cause the cache clean to access
unmapped memory, or cause the size calculation to wrap, resulting in no
cache clean to be performed at all.
Fix this by updating the sed regex to take D type symbols into account.
Link: https://lore.kernel.org/linux-arm-kernel/6c65bcef-d4e7-25fa-43cf-2c435bb61bb9@collabora.com/
Link: https://lore.kernel.org/linux-arm-kernel/20210205085220.31232-1-ardb@kernel.org/
Cc: <stable@vger.kernel.org> # v4.19+
Reviewed-by: Nick Desaulniers <ndesaulniers@google.com>
Tested-by: Nick Desaulniers <ndesaulniers@google.com>
Reported-by: Guillaume Tucker <guillaume.tucker@collabora.com>
Reported-by: "kernelci.org bot" <bot@kernelci.org>
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Russell King <rmk+kernel@armlinux.org.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arm/boot/compressed/Makefile | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/arch/arm/boot/compressed/Makefile
+++ b/arch/arm/boot/compressed/Makefile
@@ -121,8 +121,8 @@ asflags-y := -DZIMAGE
# Supply kernel BSS size to the decompressor via a linker symbol.
KBSS_SZ = $(shell echo $$(($$($(NM) $(obj)/../../../../vmlinux | \
- sed -n -e 's/^\([^ ]*\) [AB] __bss_start$$/-0x\1/p' \
- -e 's/^\([^ ]*\) [AB] __bss_stop$$/+0x\1/p') )) )
+ sed -n -e 's/^\([^ ]*\) [ABD] __bss_start$$/-0x\1/p' \
+ -e 's/^\([^ ]*\) [ABD] __bss_stop$$/+0x\1/p') )) )
LDFLAGS_vmlinux = --defsym _kernel_bss_size=$(KBSS_SZ)
# Supply ZRELADDR to the decompressor via a linker symbol.
ifneq ($(CONFIG_AUTO_ZRELADDR),y)
^ permalink raw reply [flat|nested] 440+ messages in thread
* [PATCH 4.19 006/425] arm64: dts: marvell: armada-37xx: add syscon compatible to NB clk node
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (4 preceding siblings ...)
2021-05-20 9:16 ` [PATCH 4.19 005/425] ARM: 9056/1: decompressor: fix BSS size calculation for LLVM ld.lld Greg Kroah-Hartman
@ 2021-05-20 9:16 ` Greg Kroah-Hartman
2021-05-20 9:16 ` [PATCH 4.19 007/425] arm64: dts: mt8173: fix property typo of phys in dsi node Greg Kroah-Hartman
` (425 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:16 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Marek Behún, Gregory CLEMENT,
Miquel Raynal, Gregory CLEMENT
From: Marek Behún <kabel@kernel.org>
commit 1d88358a89dbac9c7d4559548b9a44840456e6fb upstream.
Add "syscon" compatible to the North Bridge clocks node to allow the
cpufreq driver to access these registers via syscon API.
This is needed for a fix of cpufreq driver.
Signed-off-by: Marek Behún <kabel@kernel.org>
Fixes: e8d66e7927b2 ("arm64: dts: marvell: armada-37xx: add nodes...")
Cc: stable@vger.kernel.org
Cc: Gregory CLEMENT <gregory.clement@free-electrons.com>
Cc: Miquel Raynal <miquel.raynal@bootlin.com>
Signed-off-by: Gregory CLEMENT <gregory.clement@bootlin.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arm64/boot/dts/marvell/armada-37xx.dtsi | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/arch/arm64/boot/dts/marvell/armada-37xx.dtsi
+++ b/arch/arm64/boot/dts/marvell/armada-37xx.dtsi
@@ -143,7 +143,8 @@
};
nb_periph_clk: nb-periph-clk@13000 {
- compatible = "marvell,armada-3700-periph-clock-nb";
+ compatible = "marvell,armada-3700-periph-clock-nb",
+ "syscon";
reg = <0x13000 0x100>;
clocks = <&tbg 0>, <&tbg 1>, <&tbg 2>,
<&tbg 3>, <&xtalclk>;
^ permalink raw reply [flat|nested] 440+ messages in thread
* [PATCH 4.19 007/425] arm64: dts: mt8173: fix property typo of phys in dsi node
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (5 preceding siblings ...)
2021-05-20 9:16 ` [PATCH 4.19 006/425] arm64: dts: marvell: armada-37xx: add syscon compatible to NB clk node Greg Kroah-Hartman
@ 2021-05-20 9:16 ` Greg Kroah-Hartman
2021-05-20 9:16 ` [PATCH 4.19 008/425] ecryptfs: fix kernel panic with null dev_name Greg Kroah-Hartman
` (424 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:16 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Chunfeng Yun, Chun-Kuang Hu,
Matthias Brugger
From: Chunfeng Yun <chunfeng.yun@mediatek.com>
commit e4e5d030bd779fb8321d3b8bd65406fbe0827037 upstream.
Use 'phys' instead of 'phy'.
Fixes: 81ad4dbaf7af ("arm64: dts: mt8173: Add display subsystem related nodes")
Signed-off-by: Chunfeng Yun <chunfeng.yun@mediatek.com>
Reviewed-by: Chun-Kuang Hu <chunkuang.hu@kernel.org>
Cc: stable <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20210316092232.9806-5-chunfeng.yun@mediatek.com
Signed-off-by: Matthias Brugger <matthias.bgg@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arm64/boot/dts/mediatek/mt8173.dtsi | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/arch/arm64/boot/dts/mediatek/mt8173.dtsi
+++ b/arch/arm64/boot/dts/mediatek/mt8173.dtsi
@@ -1111,7 +1111,7 @@
<&mmsys CLK_MM_DSI1_DIGITAL>,
<&mipi_tx1>;
clock-names = "engine", "digital", "hs";
- phy = <&mipi_tx1>;
+ phys = <&mipi_tx1>;
phy-names = "dphy";
status = "disabled";
};
^ permalink raw reply [flat|nested] 440+ messages in thread
* [PATCH 4.19 008/425] ecryptfs: fix kernel panic with null dev_name
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (6 preceding siblings ...)
2021-05-20 9:16 ` [PATCH 4.19 007/425] arm64: dts: mt8173: fix property typo of phys in dsi node Greg Kroah-Hartman
@ 2021-05-20 9:16 ` Greg Kroah-Hartman
2021-05-20 9:16 ` [PATCH 4.19 009/425] mtd: spinand: core: add missing MODULE_DEVICE_TABLE() Greg Kroah-Hartman
` (423 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:16 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Jeffrey Mitchell, Tyler Hicks
From: Jeffrey Mitchell <jeffrey.mitchell@starlab.io>
commit 9046625511ad8dfbc8c6c2de16b3532c43d68d48 upstream.
When mounting eCryptfs, a null "dev_name" argument to ecryptfs_mount()
causes a kernel panic if the parsed options are valid. The easiest way to
reproduce this is to call mount() from userspace with an existing
eCryptfs mount's options and a "source" argument of 0.
Error out if "dev_name" is null in ecryptfs_mount()
Fixes: 237fead61998 ("[PATCH] ecryptfs: fs/Makefile and fs/Kconfig")
Cc: stable@vger.kernel.org
Signed-off-by: Jeffrey Mitchell <jeffrey.mitchell@starlab.io>
Signed-off-by: Tyler Hicks <code@tyhicks.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/ecryptfs/main.c | 6 ++++++
1 file changed, 6 insertions(+)
--- a/fs/ecryptfs/main.c
+++ b/fs/ecryptfs/main.c
@@ -506,6 +506,12 @@ static struct dentry *ecryptfs_mount(str
goto out;
}
+ if (!dev_name) {
+ rc = -EINVAL;
+ err = "Device name cannot be null";
+ goto out;
+ }
+
rc = ecryptfs_parse_options(sbi, raw_data, &check_ruid);
if (rc) {
err = "Error parsing options";
^ permalink raw reply [flat|nested] 440+ messages in thread
* [PATCH 4.19 009/425] mtd: spinand: core: add missing MODULE_DEVICE_TABLE()
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (7 preceding siblings ...)
2021-05-20 9:16 ` [PATCH 4.19 008/425] ecryptfs: fix kernel panic with null dev_name Greg Kroah-Hartman
@ 2021-05-20 9:16 ` Greg Kroah-Hartman
2021-05-20 9:16 ` [PATCH 4.19 010/425] mtd: rawnand: atmel: Update ecc_stats.corrected counter Greg Kroah-Hartman
` (422 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:16 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Alexander Lobakin, Miquel Raynal
From: Alexander Lobakin <alobakin@pm.me>
commit 25fefc88c71f47db0466570335e3f75f10952e7a upstream.
The module misses MODULE_DEVICE_TABLE() for both SPI and OF ID tables
and thus never autoloads on ID matches.
Add the missing declarations.
Present since day-0 of spinand framework introduction.
Fixes: 7529df465248 ("mtd: nand: Add core infrastructure to support SPI NANDs")
Cc: stable@vger.kernel.org # 4.19+
Signed-off-by: Alexander Lobakin <alobakin@pm.me>
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
Link: https://lore.kernel.org/linux-mtd/20210323173714.317884-1-alobakin@pm.me
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/mtd/nand/spi/core.c | 2 ++
1 file changed, 2 insertions(+)
--- a/drivers/mtd/nand/spi/core.c
+++ b/drivers/mtd/nand/spi/core.c
@@ -1129,12 +1129,14 @@ static const struct spi_device_id spinan
{ .name = "spi-nand" },
{ /* sentinel */ },
};
+MODULE_DEVICE_TABLE(spi, spinand_ids);
#ifdef CONFIG_OF
static const struct of_device_id spinand_of_ids[] = {
{ .compatible = "spi-nand" },
{ /* sentinel */ },
};
+MODULE_DEVICE_TABLE(of, spinand_of_ids);
#endif
static struct spi_mem_driver spinand_drv = {
^ permalink raw reply [flat|nested] 440+ messages in thread
* [PATCH 4.19 010/425] mtd: rawnand: atmel: Update ecc_stats.corrected counter
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (8 preceding siblings ...)
2021-05-20 9:16 ` [PATCH 4.19 009/425] mtd: spinand: core: add missing MODULE_DEVICE_TABLE() Greg Kroah-Hartman
@ 2021-05-20 9:16 ` Greg Kroah-Hartman
2021-05-20 9:16 ` [PATCH 4.19 011/425] spi: spi-ti-qspi: Free DMA resources Greg Kroah-Hartman
` (421 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:16 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Kai Stuhlemmer (ebee Engineering),
Tudor Ambarus, Miquel Raynal
From: Kai Stuhlemmer (ebee Engineering) <kai.stuhlemmer@ebee.de>
commit 33cebf701e98dd12b01d39d1c644387b27c1a627 upstream.
Update MTD ECC statistics with the number of corrected bits.
Fixes: f88fc122cc34 ("mtd: nand: Cleanup/rework the atmel_nand driver")
Cc: stable@vger.kernel.org
Signed-off-by: Kai Stuhlemmer (ebee Engineering) <kai.stuhlemmer@ebee.de>
Signed-off-by: Tudor Ambarus <tudor.ambarus@microchip.com>
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
Link: https://lore.kernel.org/linux-mtd/20210322150714.101585-1-tudor.ambarus@microchip.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/mtd/nand/raw/atmel/nand-controller.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
--- a/drivers/mtd/nand/raw/atmel/nand-controller.c
+++ b/drivers/mtd/nand/raw/atmel/nand-controller.c
@@ -826,10 +826,12 @@ static int atmel_nand_pmecc_correct_data
NULL, 0,
chip->ecc.strength);
- if (ret >= 0)
+ if (ret >= 0) {
+ mtd->ecc_stats.corrected += ret;
max_bitflips = max(ret, max_bitflips);
- else
+ } else {
mtd->ecc_stats.failed++;
+ }
databuf += chip->ecc.size;
eccbuf += chip->ecc.bytes;
^ permalink raw reply [flat|nested] 440+ messages in thread
* [PATCH 4.19 011/425] spi: spi-ti-qspi: Free DMA resources
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (9 preceding siblings ...)
2021-05-20 9:16 ` [PATCH 4.19 010/425] mtd: rawnand: atmel: Update ecc_stats.corrected counter Greg Kroah-Hartman
@ 2021-05-20 9:16 ` Greg Kroah-Hartman
2021-05-20 9:16 ` [PATCH 4.19 012/425] scsi: qla2xxx: Fix crash in qla2xxx_mqueuecommand() Greg Kroah-Hartman
` (420 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:16 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Tudor Ambarus, Mark Brown
From: Tudor Ambarus <tudor.ambarus@microchip.com>
commit 1d309cd688a76fb733f0089d36dc630327b32d59 upstream.
Release the RX channel and free the dma coherent memory when
devm_spi_register_master() fails.
Fixes: 5720ec0a6d26 ("spi: spi-ti-qspi: Add DMA support for QSPI mmap read")
Cc: stable@vger.kernel.org
Signed-off-by: Tudor Ambarus <tudor.ambarus@microchip.com>
Link: https://lore.kernel.org/r/20210218130950.90155-1-tudor.ambarus@microchip.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/spi/spi-ti-qspi.c | 20 ++++++++++++++------
1 file changed, 14 insertions(+), 6 deletions(-)
--- a/drivers/spi/spi-ti-qspi.c
+++ b/drivers/spi/spi-ti-qspi.c
@@ -663,6 +663,17 @@ static int ti_qspi_runtime_resume(struct
return 0;
}
+static void ti_qspi_dma_cleanup(struct ti_qspi *qspi)
+{
+ if (qspi->rx_bb_addr)
+ dma_free_coherent(qspi->dev, QSPI_DMA_BUFFER_SIZE,
+ qspi->rx_bb_addr,
+ qspi->rx_bb_dma_addr);
+
+ if (qspi->rx_chan)
+ dma_release_channel(qspi->rx_chan);
+}
+
static const struct of_device_id ti_qspi_match[] = {
{.compatible = "ti,dra7xxx-qspi" },
{.compatible = "ti,am4372-qspi" },
@@ -817,6 +828,8 @@ no_dma:
if (!ret)
return 0;
+ ti_qspi_dma_cleanup(qspi);
+
pm_runtime_disable(&pdev->dev);
free_master:
spi_master_put(master);
@@ -835,12 +848,7 @@ static int ti_qspi_remove(struct platfor
pm_runtime_put_sync(&pdev->dev);
pm_runtime_disable(&pdev->dev);
- if (qspi->rx_bb_addr)
- dma_free_coherent(qspi->dev, QSPI_DMA_BUFFER_SIZE,
- qspi->rx_bb_addr,
- qspi->rx_bb_dma_addr);
- if (qspi->rx_chan)
- dma_release_channel(qspi->rx_chan);
+ ti_qspi_dma_cleanup(qspi);
return 0;
}
^ permalink raw reply [flat|nested] 440+ messages in thread
* [PATCH 4.19 012/425] scsi: qla2xxx: Fix crash in qla2xxx_mqueuecommand()
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (10 preceding siblings ...)
2021-05-20 9:16 ` [PATCH 4.19 011/425] spi: spi-ti-qspi: Free DMA resources Greg Kroah-Hartman
@ 2021-05-20 9:16 ` Greg Kroah-Hartman
2021-05-20 9:16 ` [PATCH 4.19 013/425] mmc: sdhci-pci: Fix initialization of some SD cards for Intel BYT-based controllers Greg Kroah-Hartman
` (419 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:16 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Laurence Oberman, Dan Carpenter,
Himanshu Madhani, Arun Easi, Nilesh Javali, Martin K. Petersen
From: Arun Easi <aeasi@marvell.com>
commit 6641df81ab799f28a5d564f860233dd26cca0d93 upstream.
RIP: 0010:kmem_cache_free+0xfa/0x1b0
Call Trace:
qla2xxx_mqueuecommand+0x2b5/0x2c0 [qla2xxx]
scsi_queue_rq+0x5e2/0xa40
__blk_mq_try_issue_directly+0x128/0x1d0
blk_mq_request_issue_directly+0x4e/0xb0
Fix incorrect call to free srb in qla2xxx_mqueuecommand(), as srb is now
allocated by upper layers. This fixes smatch warning of srb unintended
free.
Link: https://lore.kernel.org/r/20210329085229.4367-7-njavali@marvell.com
Fixes: af2a0c51b120 ("scsi: qla2xxx: Fix SRB leak on switch command timeout")
Cc: stable@vger.kernel.org # 5.5
Reported-by: Laurence Oberman <loberman@redhat.com>
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Reviewed-by: Himanshu Madhani <himanshu.madhani@oracle.com>
Signed-off-by: Arun Easi <aeasi@marvell.com>
Signed-off-by: Nilesh Javali <njavali@marvell.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/scsi/qla2xxx/qla_os.c | 7 -------
1 file changed, 7 deletions(-)
--- a/drivers/scsi/qla2xxx/qla_os.c
+++ b/drivers/scsi/qla2xxx/qla_os.c
@@ -1028,8 +1028,6 @@ qla2xxx_mqueuecommand(struct Scsi_Host *
if (rval != QLA_SUCCESS) {
ql_dbg(ql_dbg_io + ql_dbg_verbose, vha, 0x3078,
"Start scsi failed rval=%d for cmd=%p.\n", rval, cmd);
- if (rval == QLA_INTERFACE_ERROR)
- goto qc24_free_sp_fail_command;
goto qc24_host_busy_free_sp;
}
@@ -1044,11 +1042,6 @@ qc24_host_busy:
qc24_target_busy:
return SCSI_MLQUEUE_TARGET_BUSY;
-qc24_free_sp_fail_command:
- sp->free(sp);
- CMD_SP(cmd) = NULL;
- qla2xxx_rel_qpair_sp(sp->qpair, sp);
-
qc24_fail_command:
cmd->scsi_done(cmd);
^ permalink raw reply [flat|nested] 440+ messages in thread
* [PATCH 4.19 013/425] mmc: sdhci-pci: Fix initialization of some SD cards for Intel BYT-based controllers
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (11 preceding siblings ...)
2021-05-20 9:16 ` [PATCH 4.19 012/425] scsi: qla2xxx: Fix crash in qla2xxx_mqueuecommand() Greg Kroah-Hartman
@ 2021-05-20 9:16 ` Greg Kroah-Hartman
2021-05-20 9:16 ` [PATCH 4.19 014/425] mmc: block: Update ext_csd.cache_ctrl if it was written Greg Kroah-Hartman
` (418 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:16 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Adrian Hunter, Ulf Hansson
From: Adrian Hunter <adrian.hunter@intel.com>
commit 2970134b927834e9249659a70aac48e62dff804a upstream.
Bus power may control card power, but the full reset done by SDHCI at
initialization still may not reset the power, whereas a direct write to
SDHCI_POWER_CONTROL can. That might be needed to initialize correctly, if
the card was left powered on previously.
Signed-off-by: Adrian Hunter <adrian.hunter@intel.com>
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/20210331081752.23621-1-adrian.hunter@intel.com
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/mmc/host/sdhci-pci-core.c | 27 +++++++++++++++++++++++++++
1 file changed, 27 insertions(+)
--- a/drivers/mmc/host/sdhci-pci-core.c
+++ b/drivers/mmc/host/sdhci-pci-core.c
@@ -465,6 +465,7 @@ struct intel_host {
int drv_strength;
bool d3_retune;
bool rpm_retune_ok;
+ bool needs_pwr_off;
u32 glk_rx_ctrl1;
u32 glk_tun_val;
};
@@ -590,9 +591,25 @@ out:
static void sdhci_intel_set_power(struct sdhci_host *host, unsigned char mode,
unsigned short vdd)
{
+ struct sdhci_pci_slot *slot = sdhci_priv(host);
+ struct intel_host *intel_host = sdhci_pci_priv(slot);
int cntr;
u8 reg;
+ /*
+ * Bus power may control card power, but a full reset still may not
+ * reset the power, whereas a direct write to SDHCI_POWER_CONTROL can.
+ * That might be needed to initialize correctly, if the card was left
+ * powered on previously.
+ */
+ if (intel_host->needs_pwr_off) {
+ intel_host->needs_pwr_off = false;
+ if (mode != MMC_POWER_OFF) {
+ sdhci_writeb(host, 0, SDHCI_POWER_CONTROL);
+ usleep_range(10000, 12500);
+ }
+ }
+
sdhci_set_power(host, mode, vdd);
if (mode == MMC_POWER_OFF)
@@ -926,6 +943,14 @@ static int byt_sdio_probe_slot(struct sd
return 0;
}
+static void byt_needs_pwr_off(struct sdhci_pci_slot *slot)
+{
+ struct intel_host *intel_host = sdhci_pci_priv(slot);
+ u8 reg = sdhci_readb(slot->host, SDHCI_POWER_CONTROL);
+
+ intel_host->needs_pwr_off = reg & SDHCI_POWER_ON;
+}
+
static int byt_sd_probe_slot(struct sdhci_pci_slot *slot)
{
byt_probe_slot(slot);
@@ -943,6 +968,8 @@ static int byt_sd_probe_slot(struct sdhc
slot->chip->pdev->subsystem_device == PCI_SUBDEVICE_ID_NI_78E3)
slot->host->mmc->caps2 |= MMC_CAP2_AVOID_3_3V;
+ byt_needs_pwr_off(slot);
+
return 0;
}
^ permalink raw reply [flat|nested] 440+ messages in thread
* [PATCH 4.19 014/425] mmc: block: Update ext_csd.cache_ctrl if it was written
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (12 preceding siblings ...)
2021-05-20 9:16 ` [PATCH 4.19 013/425] mmc: sdhci-pci: Fix initialization of some SD cards for Intel BYT-based controllers Greg Kroah-Hartman
@ 2021-05-20 9:16 ` Greg Kroah-Hartman
2021-05-20 9:16 ` [PATCH 4.19 015/425] mmc: block: Issue a cache flush only when its enabled Greg Kroah-Hartman
` (417 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:16 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Avri Altman, Adrian Hunter, Ulf Hansson
From: Avri Altman <avri.altman@wdc.com>
commit aea0440ad023ab0662299326f941214b0d7480bd upstream.
The cache function can be turned ON and OFF by writing to the CACHE_CTRL
byte (EXT_CSD byte [33]). However, card->ext_csd.cache_ctrl is only
set on init if cache size > 0.
Fix that by explicitly setting ext_csd.cache_ctrl on ext-csd write.
Signed-off-by: Avri Altman <avri.altman@wdc.com>
Acked-by: Adrian Hunter <adrian.hunter@intel.com>
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/20210420134641.57343-3-avri.altman@wdc.com
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/mmc/core/block.c | 12 ++++++++++++
1 file changed, 12 insertions(+)
--- a/drivers/mmc/core/block.c
+++ b/drivers/mmc/core/block.c
@@ -623,6 +623,18 @@ static int __mmc_blk_ioctl_cmd(struct mm
}
/*
+ * Make sure to update CACHE_CTRL in case it was changed. The cache
+ * will get turned back on if the card is re-initialized, e.g.
+ * suspend/resume or hw reset in recovery.
+ */
+ if ((MMC_EXTRACT_INDEX_FROM_ARG(cmd.arg) == EXT_CSD_CACHE_CTRL) &&
+ (cmd.opcode == MMC_SWITCH)) {
+ u8 value = MMC_EXTRACT_VALUE_FROM_ARG(cmd.arg) & 1;
+
+ card->ext_csd.cache_ctrl = value;
+ }
+
+ /*
* According to the SD specs, some commands require a delay after
* issuing the command.
*/
^ permalink raw reply [flat|nested] 440+ messages in thread
* [PATCH 4.19 015/425] mmc: block: Issue a cache flush only when its enabled
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (13 preceding siblings ...)
2021-05-20 9:16 ` [PATCH 4.19 014/425] mmc: block: Update ext_csd.cache_ctrl if it was written Greg Kroah-Hartman
@ 2021-05-20 9:16 ` Greg Kroah-Hartman
2021-05-20 9:16 ` [PATCH 4.19 016/425] mmc: core: Do a power cycle when the CMD11 fails Greg Kroah-Hartman
` (416 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:16 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Brendan Peter, Avri Altman,
Adrian Hunter, Ulf Hansson
From: Avri Altman <avri.altman@wdc.com>
commit 97fce126e279690105ee15be652b465fd96f9997 upstream.
In command queueing mode, the cache isn't flushed via the mmc_flush_cache()
function, but instead by issuing a CMDQ_TASK_MGMT (CMD48) with a
FLUSH_CACHE opcode. In this path, we need to check if cache has been
enabled, before deciding to flush the cache, along the lines of what's
being done in mmc_flush_cache().
To fix this problem, let's add a new bus ops callback ->cache_enabled() and
implement it for the mmc bus type. In this way, the mmc block device driver
can call it to know whether cache flushing should be done.
Fixes: 1e8e55b67030 (mmc: block: Add CQE support)
Cc: stable@vger.kernel.org
Reported-by: Brendan Peter <bpeter@lytx.com>
Signed-off-by: Avri Altman <avri.altman@wdc.com>
Tested-by: Brendan Peter <bpeter@lytx.com>
Acked-by: Adrian Hunter <adrian.hunter@intel.com>
Link: https://lore.kernel.org/r/20210425060207.2591-2-avri.altman@wdc.com
Link: https://lore.kernel.org/r/20210425060207.2591-3-avri.altman@wdc.com
[Ulf: Squashed the two patches and made some minor updates]
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/mmc/core/block.c | 4 ++++
drivers/mmc/core/core.h | 9 +++++++++
drivers/mmc/core/mmc.c | 7 +++++++
drivers/mmc/core/mmc_ops.c | 4 +---
4 files changed, 21 insertions(+), 3 deletions(-)
--- a/drivers/mmc/core/block.c
+++ b/drivers/mmc/core/block.c
@@ -2236,6 +2236,10 @@ enum mmc_issued mmc_blk_mq_issue_rq(stru
case MMC_ISSUE_ASYNC:
switch (req_op(req)) {
case REQ_OP_FLUSH:
+ if (!mmc_cache_enabled(host)) {
+ blk_mq_end_request(req, BLK_STS_OK);
+ return MMC_REQ_FINISHED;
+ }
ret = mmc_blk_cqe_issue_flush(mq, req);
break;
case REQ_OP_READ:
--- a/drivers/mmc/core/core.h
+++ b/drivers/mmc/core/core.h
@@ -32,6 +32,7 @@ struct mmc_bus_ops {
int (*shutdown)(struct mmc_host *);
int (*hw_reset)(struct mmc_host *);
int (*sw_reset)(struct mmc_host *);
+ bool (*cache_enabled)(struct mmc_host *);
};
void mmc_attach_bus(struct mmc_host *host, const struct mmc_bus_ops *ops);
@@ -173,4 +174,12 @@ static inline void mmc_post_req(struct m
host->ops->post_req(host, mrq, err);
}
+static inline bool mmc_cache_enabled(struct mmc_host *host)
+{
+ if (host->bus_ops->cache_enabled)
+ return host->bus_ops->cache_enabled(host);
+
+ return false;
+}
+
#endif
--- a/drivers/mmc/core/mmc.c
+++ b/drivers/mmc/core/mmc.c
@@ -2009,6 +2009,12 @@ static void mmc_detect(struct mmc_host *
}
}
+static bool _mmc_cache_enabled(struct mmc_host *host)
+{
+ return host->card->ext_csd.cache_size > 0 &&
+ host->card->ext_csd.cache_ctrl & 1;
+}
+
static int _mmc_suspend(struct mmc_host *host, bool is_suspend)
{
int err = 0;
@@ -2193,6 +2199,7 @@ static const struct mmc_bus_ops mmc_ops
.alive = mmc_alive,
.shutdown = mmc_shutdown,
.hw_reset = _mmc_hw_reset,
+ .cache_enabled = _mmc_cache_enabled,
};
/*
--- a/drivers/mmc/core/mmc_ops.c
+++ b/drivers/mmc/core/mmc_ops.c
@@ -1014,9 +1014,7 @@ int mmc_flush_cache(struct mmc_card *car
{
int err = 0;
- if (mmc_card_mmc(card) &&
- (card->ext_csd.cache_size > 0) &&
- (card->ext_csd.cache_ctrl & 1)) {
+ if (mmc_cache_enabled(card->host)) {
err = mmc_switch(card, EXT_CSD_CMD_SET_NORMAL,
EXT_CSD_FLUSH_CACHE, 1, 0);
if (err)
^ permalink raw reply [flat|nested] 440+ messages in thread
* [PATCH 4.19 016/425] mmc: core: Do a power cycle when the CMD11 fails
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (14 preceding siblings ...)
2021-05-20 9:16 ` [PATCH 4.19 015/425] mmc: block: Issue a cache flush only when its enabled Greg Kroah-Hartman
@ 2021-05-20 9:16 ` Greg Kroah-Hartman
2021-05-20 9:16 ` [PATCH 4.19 017/425] mmc: core: Set read only for SD cards with permanent write protect bit Greg Kroah-Hartman
` (415 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:16 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, DooHyun Hwang, Ulf Hansson
From: DooHyun Hwang <dh0421.hwang@samsung.com>
commit 147186f531ae49c18b7a9091a2c40e83b3d95649 upstream.
A CMD11 is sent to the SD/SDIO card to start the voltage switch procedure
into 1.8V I/O. According to the SD spec a power cycle is needed of the
card, if it turns out that the CMD11 fails. Let's fix this, to allow a
retry of the initialization without the voltage switch, to succeed.
Note that, whether it makes sense to also retry with the voltage switch
after the power cycle is a bit more difficult to know. At this point, we
treat it like the CMD11 isn't supported and therefore we skip it when
retrying.
Signed-off-by: DooHyun Hwang <dh0421.hwang@samsung.com>
Link: https://lore.kernel.org/r/20210210045936.7809-1-dh0421.hwang@samsung.com
Cc: stable@vger.kernel.org
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/mmc/core/core.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/mmc/core/core.c
+++ b/drivers/mmc/core/core.c
@@ -1537,7 +1537,7 @@ int mmc_set_uhs_voltage(struct mmc_host
err = mmc_wait_for_cmd(host, &cmd, 0);
if (err)
- return err;
+ goto power_cycle;
if (!mmc_host_is_spi(host) && (cmd.resp[0] & R1_ERROR))
return -EIO;
^ permalink raw reply [flat|nested] 440+ messages in thread
* [PATCH 4.19 017/425] mmc: core: Set read only for SD cards with permanent write protect bit
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (15 preceding siblings ...)
2021-05-20 9:16 ` [PATCH 4.19 016/425] mmc: core: Do a power cycle when the CMD11 fails Greg Kroah-Hartman
@ 2021-05-20 9:16 ` Greg Kroah-Hartman
2021-05-20 9:16 ` [PATCH 4.19 018/425] erofs: add unsupported inode i_format check Greg Kroah-Hartman
` (414 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:16 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Seunghui Lee, Ulf Hansson
From: Seunghui Lee <sh043.lee@samsung.com>
commit 917a5336f2c27928be270226ab374ed0cbf3805d upstream.
Some of SD cards sets permanent write protection bit in their CSD register,
due to lifespan or internal problem. To avoid unnecessary I/O write
operations, let's parse the bits in the CSD during initialization and mark
the card as read only for this case.
Signed-off-by: Seunghui Lee <sh043.lee@samsung.com>
Link: https://lore.kernel.org/r/20210222083156.19158-1-sh043.lee@samsung.com
Cc: stable@vger.kernel.org
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/mmc/core/sd.c | 6 ++++++
1 file changed, 6 insertions(+)
--- a/drivers/mmc/core/sd.c
+++ b/drivers/mmc/core/sd.c
@@ -138,6 +138,9 @@ static int mmc_decode_csd(struct mmc_car
csd->erase_size = UNSTUFF_BITS(resp, 39, 7) + 1;
csd->erase_size <<= csd->write_blkbits - 9;
}
+
+ if (UNSTUFF_BITS(resp, 13, 1))
+ mmc_card_set_readonly(card);
break;
case 1:
/*
@@ -172,6 +175,9 @@ static int mmc_decode_csd(struct mmc_car
csd->write_blkbits = 9;
csd->write_partial = 0;
csd->erase_size = 1;
+
+ if (UNSTUFF_BITS(resp, 13, 1))
+ mmc_card_set_readonly(card);
break;
default:
pr_err("%s: unrecognised CSD structure version %d\n",
^ permalink raw reply [flat|nested] 440+ messages in thread
* [PATCH 4.19 018/425] erofs: add unsupported inode i_format check
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (16 preceding siblings ...)
2021-05-20 9:16 ` [PATCH 4.19 017/425] mmc: core: Set read only for SD cards with permanent write protect bit Greg Kroah-Hartman
@ 2021-05-20 9:16 ` Greg Kroah-Hartman
2021-05-20 9:16 ` [PATCH 4.19 019/425] cifs: Return correct error code from smb2_get_enc_key Greg Kroah-Hartman
` (413 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:16 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Gao Xiang
From: Gao Xiang <hsiangkao@redhat.com>
commit 24a806d849c0b0c1d0cd6a6b93ba4ae4c0ec9f08 upstream.
If any unknown i_format fields are set (may be of some new incompat
inode features), mark such inode as unsupported.
Just in case of any new incompat i_format fields added in the future.
Link: https://lore.kernel.org/r/20210329003614.6583-1-hsiangkao@aol.com
Fixes: 431339ba9042 ("staging: erofs: add inode operations")
Cc: <stable@vger.kernel.org> # 4.19+
Signed-off-by: Gao Xiang <hsiangkao@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/staging/erofs/erofs_fs.h | 3 +++
drivers/staging/erofs/inode.c | 6 ++++++
2 files changed, 9 insertions(+)
--- a/drivers/staging/erofs/erofs_fs.h
+++ b/drivers/staging/erofs/erofs_fs.h
@@ -71,6 +71,9 @@ enum {
#define EROFS_I_VERSION_BIT 0
__EROFS_BIT(EROFS_I_, DATA_MAPPING, VERSION);
+#define EROFS_I_ALL \
+ ((1 << (EROFS_I_DATA_MAPPING_BIT + EROFS_I_DATA_MAPPING_BITS)) - 1)
+
struct erofs_inode_v1 {
/* 0 */__le16 i_advise;
--- a/drivers/staging/erofs/inode.c
+++ b/drivers/staging/erofs/inode.c
@@ -48,6 +48,12 @@ static struct page *read_inode(struct in
v1 = page_address(page) + *ofs;
ifmt = le16_to_cpu(v1->i_advise);
+ if (ifmt & ~EROFS_I_ALL) {
+ errln("unsupported i_format %u of nid %llu", ifmt, vi->nid);
+ err = -EOPNOTSUPP;
+ goto err_out;
+ }
+
vi->data_mapping_mode = __inode_data_mapping(ifmt);
if (unlikely(vi->data_mapping_mode >= EROFS_INODE_LAYOUT_MAX)) {
errln("unknown data mapping mode %u of nid %llu",
^ permalink raw reply [flat|nested] 440+ messages in thread
* [PATCH 4.19 019/425] cifs: Return correct error code from smb2_get_enc_key
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (17 preceding siblings ...)
2021-05-20 9:16 ` [PATCH 4.19 018/425] erofs: add unsupported inode i_format check Greg Kroah-Hartman
@ 2021-05-20 9:16 ` Greg Kroah-Hartman
2021-05-20 9:16 ` [PATCH 4.19 020/425] btrfs: fix metadata extent leak after failure to create subvolume Greg Kroah-Hartman
` (412 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:16 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Paul Aurich, Steve French
From: Paul Aurich <paul@darkrain42.org>
commit 83728cbf366e334301091d5b808add468ab46b27 upstream.
Avoid a warning if the error percolates back up:
[440700.376476] CIFS VFS: \\otters.example.com crypt_message: Could not get encryption key
[440700.386947] ------------[ cut here ]------------
[440700.386948] err = 1
[440700.386977] WARNING: CPU: 11 PID: 2733 at /build/linux-hwe-5.4-p6lk6L/linux-hwe-5.4-5.4.0/lib/errseq.c:74 errseq_set+0x5c/0x70
...
[440700.397304] CPU: 11 PID: 2733 Comm: tar Tainted: G OE 5.4.0-70-generic #78~18.04.1-Ubuntu
...
[440700.397334] Call Trace:
[440700.397346] __filemap_set_wb_err+0x1a/0x70
[440700.397419] cifs_writepages+0x9c7/0xb30 [cifs]
[440700.397426] do_writepages+0x4b/0xe0
[440700.397444] __filemap_fdatawrite_range+0xcb/0x100
[440700.397455] filemap_write_and_wait+0x42/0xa0
[440700.397486] cifs_setattr+0x68b/0xf30 [cifs]
[440700.397493] notify_change+0x358/0x4a0
[440700.397500] utimes_common+0xe9/0x1c0
[440700.397510] do_utimes+0xc5/0x150
[440700.397520] __x64_sys_utimensat+0x88/0xd0
Fixes: 61cfac6f267d ("CIFS: Fix possible use after free in demultiplex thread")
Signed-off-by: Paul Aurich <paul@darkrain42.org>
CC: stable@vger.kernel.org
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/cifs/smb2ops.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/fs/cifs/smb2ops.c
+++ b/fs/cifs/smb2ops.c
@@ -2700,7 +2700,7 @@ smb2_get_enc_key(struct TCP_Server_Info
}
spin_unlock(&cifs_tcp_ses_lock);
- return 1;
+ return -EAGAIN;
}
/*
* Encrypt or decrypt @rqst message. @rqst[0] has the following format:
^ permalink raw reply [flat|nested] 440+ messages in thread
* [PATCH 4.19 020/425] btrfs: fix metadata extent leak after failure to create subvolume
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (18 preceding siblings ...)
2021-05-20 9:16 ` [PATCH 4.19 019/425] cifs: Return correct error code from smb2_get_enc_key Greg Kroah-Hartman
@ 2021-05-20 9:16 ` Greg Kroah-Hartman
2021-05-20 9:16 ` [PATCH 4.19 021/425] intel_th: pci: Add Rocket Lake CPU support Greg Kroah-Hartman
` (411 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:16 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Filipe Manana, David Sterba
From: Filipe Manana <fdmanana@suse.com>
commit 67addf29004c5be9fa0383c82a364bb59afc7f84 upstream.
When creating a subvolume we allocate an extent buffer for its root node
after starting a transaction. We setup a root item for the subvolume that
points to that extent buffer and then attempt to insert the root item into
the root tree - however if that fails, due to ENOMEM for example, we do
not free the extent buffer previously allocated and we do not abort the
transaction (as at that point we did nothing that can not be undone).
This means that we effectively do not return the metadata extent back to
the free space cache/tree and we leave a delayed reference for it which
causes a metadata extent item to be added to the extent tree, in the next
transaction commit, without having backreferences. When this happens
'btrfs check' reports the following:
$ btrfs check /dev/sdi
Opening filesystem to check...
Checking filesystem on /dev/sdi
UUID: dce2cb9d-025f-4b05-a4bf-cee0ad3785eb
[1/7] checking root items
[2/7] checking extents
ref mismatch on [30425088 16384] extent item 1, found 0
backref 30425088 root 256 not referenced back 0x564a91c23d70
incorrect global backref count on 30425088 found 1 wanted 0
backpointer mismatch on [30425088 16384]
owner ref check failed [30425088 16384]
ERROR: errors found in extent allocation tree or chunk allocation
[3/7] checking free space cache
[4/7] checking fs roots
[5/7] checking only csums items (without verifying data)
[6/7] checking root refs
[7/7] checking quota groups skipped (not enabled on this FS)
found 212992 bytes used, error(s) found
total csum bytes: 0
total tree bytes: 131072
total fs tree bytes: 32768
total extent tree bytes: 16384
btree space waste bytes: 124669
file data blocks allocated: 65536
referenced 65536
So fix this by freeing the metadata extent if btrfs_insert_root() returns
an error.
CC: stable@vger.kernel.org # 4.4+
Signed-off-by: Filipe Manana <fdmanana@suse.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/btrfs/ioctl.c | 18 +++++++++++++++---
1 file changed, 15 insertions(+), 3 deletions(-)
--- a/fs/btrfs/ioctl.c
+++ b/fs/btrfs/ioctl.c
@@ -656,8 +656,6 @@ static noinline int create_subvol(struct
btrfs_set_root_otransid(root_item, trans->transid);
btrfs_tree_unlock(leaf);
- free_extent_buffer(leaf);
- leaf = NULL;
btrfs_set_root_dirid(root_item, new_dirid);
@@ -666,8 +664,22 @@ static noinline int create_subvol(struct
key.type = BTRFS_ROOT_ITEM_KEY;
ret = btrfs_insert_root(trans, fs_info->tree_root, &key,
root_item);
- if (ret)
+ if (ret) {
+ /*
+ * Since we don't abort the transaction in this case, free the
+ * tree block so that we don't leak space and leave the
+ * filesystem in an inconsistent state (an extent item in the
+ * extent tree without backreferences). Also no need to have
+ * the tree block locked since it is not in any tree at this
+ * point, so no other task can find it and use it.
+ */
+ btrfs_free_tree_block(trans, root, leaf, 0, 1);
+ free_extent_buffer(leaf);
goto fail;
+ }
+
+ free_extent_buffer(leaf);
+ leaf = NULL;
key.offset = (u64)-1;
new_root = btrfs_read_fs_root_no_name(fs_info, &key);
^ permalink raw reply [flat|nested] 440+ messages in thread
* [PATCH 4.19 021/425] intel_th: pci: Add Rocket Lake CPU support
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (19 preceding siblings ...)
2021-05-20 9:16 ` [PATCH 4.19 020/425] btrfs: fix metadata extent leak after failure to create subvolume Greg Kroah-Hartman
@ 2021-05-20 9:16 ` Greg Kroah-Hartman
2021-05-20 9:16 ` [PATCH 4.19 022/425] fbdev: zero-fill colormap in fbcmap.c Greg Kroah-Hartman
` (410 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:16 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Alexander Shishkin, Andy Shevchenko
From: Alexander Shishkin <alexander.shishkin@linux.intel.com>
commit 9f7f2a5e01ab4ee56b6d9c0572536fe5fd56e376 upstream.
This adds support for the Trace Hub in Rocket Lake CPUs.
Signed-off-by: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Reviewed-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Cc: stable <stable@vger.kernel.org> # v4.14+
Link: https://lore.kernel.org/r/20210414171251.14672-7-alexander.shishkin@linux.intel.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/hwtracing/intel_th/pci.c | 5 +++++
1 file changed, 5 insertions(+)
--- a/drivers/hwtracing/intel_th/pci.c
+++ b/drivers/hwtracing/intel_th/pci.c
@@ -240,6 +240,11 @@ static const struct pci_device_id intel_
PCI_DEVICE(PCI_VENDOR_ID_INTEL, 0x1bcc),
.driver_data = (kernel_ulong_t)&intel_th_2x,
},
+ {
+ /* Rocket Lake CPU */
+ PCI_DEVICE(PCI_VENDOR_ID_INTEL, 0x4c19),
+ .driver_data = (kernel_ulong_t)&intel_th_2x,
+ },
{ 0 },
};
^ permalink raw reply [flat|nested] 440+ messages in thread
* [PATCH 4.19 022/425] fbdev: zero-fill colormap in fbcmap.c
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (20 preceding siblings ...)
2021-05-20 9:16 ` [PATCH 4.19 021/425] intel_th: pci: Add Rocket Lake CPU support Greg Kroah-Hartman
@ 2021-05-20 9:16 ` Greg Kroah-Hartman
2021-05-20 9:16 ` [PATCH 4.19 023/425] staging: wimax/i2400m: fix byte-order issue Greg Kroah-Hartman
` (409 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:16 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, syzbot+47fa9c9c648b765305b9,
Geert Uytterhoeven, Phillip Potter
From: Phillip Potter <phil@philpotter.co.uk>
commit 19ab233989d0f7ab1de19a036e247afa4a0a1e9c upstream.
Use kzalloc() rather than kmalloc() for the dynamically allocated parts
of the colormap in fb_alloc_cmap_gfp, to prevent a leak of random kernel
data to userspace under certain circumstances.
Fixes a KMSAN-found infoleak bug reported by syzbot at:
https://syzkaller.appspot.com/bug?id=741578659feabd108ad9e06696f0c1f2e69c4b6e
Reported-by: syzbot+47fa9c9c648b765305b9@syzkaller.appspotmail.com
Cc: stable <stable@vger.kernel.org>
Reviewed-by: Geert Uytterhoeven <geert+renesas@glider.be>
Signed-off-by: Phillip Potter <phil@philpotter.co.uk>
Link: https://lore.kernel.org/r/20210331220719.1499743-1-phil@philpotter.co.uk
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/video/fbdev/core/fbcmap.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
--- a/drivers/video/fbdev/core/fbcmap.c
+++ b/drivers/video/fbdev/core/fbcmap.c
@@ -101,17 +101,17 @@ int fb_alloc_cmap_gfp(struct fb_cmap *cm
if (!len)
return 0;
- cmap->red = kmalloc(size, flags);
+ cmap->red = kzalloc(size, flags);
if (!cmap->red)
goto fail;
- cmap->green = kmalloc(size, flags);
+ cmap->green = kzalloc(size, flags);
if (!cmap->green)
goto fail;
- cmap->blue = kmalloc(size, flags);
+ cmap->blue = kzalloc(size, flags);
if (!cmap->blue)
goto fail;
if (transp) {
- cmap->transp = kmalloc(size, flags);
+ cmap->transp = kzalloc(size, flags);
if (!cmap->transp)
goto fail;
} else {
^ permalink raw reply [flat|nested] 440+ messages in thread
* [PATCH 4.19 023/425] staging: wimax/i2400m: fix byte-order issue
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (21 preceding siblings ...)
2021-05-20 9:16 ` [PATCH 4.19 022/425] fbdev: zero-fill colormap in fbcmap.c Greg Kroah-Hartman
@ 2021-05-20 9:16 ` Greg Kroah-Hartman
2021-05-20 9:16 ` [PATCH 4.19 024/425] crypto: api - check for ERR pointers in crypto_destroy_tfm() Greg Kroah-Hartman
` (408 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:16 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, karthik alapati, Sasha Levin
From: karthik alapati <mail@karthek.com>
[ Upstream commit 0c37baae130df39b19979bba88bde2ee70a33355 ]
fix sparse byte-order warnings by converting host byte-order
type to __le16 byte-order types before assigning to hdr.length
Signed-off-by: karthik alapati <mail@karthek.com>
Link: https://lore.kernel.org/r/0ae5c5c4c646506d8be871e7be5705542671a1d5.1613921277.git.mail@karthek.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wimax/i2400m/op-rfkill.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/wimax/i2400m/op-rfkill.c b/drivers/net/wimax/i2400m/op-rfkill.c
index dc6fe93ce71f..e8473047b2d1 100644
--- a/drivers/net/wimax/i2400m/op-rfkill.c
+++ b/drivers/net/wimax/i2400m/op-rfkill.c
@@ -101,7 +101,7 @@ int i2400m_op_rfkill_sw_toggle(struct wimax_dev *wimax_dev,
if (cmd == NULL)
goto error_alloc;
cmd->hdr.type = cpu_to_le16(I2400M_MT_CMD_RF_CONTROL);
- cmd->hdr.length = sizeof(cmd->sw_rf);
+ cmd->hdr.length = cpu_to_le16(sizeof(cmd->sw_rf));
cmd->hdr.version = cpu_to_le16(I2400M_L3L4_VERSION);
cmd->sw_rf.hdr.type = cpu_to_le16(I2400M_TLV_RF_OPERATION);
cmd->sw_rf.hdr.length = cpu_to_le16(sizeof(cmd->sw_rf.status));
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 024/425] crypto: api - check for ERR pointers in crypto_destroy_tfm()
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (22 preceding siblings ...)
2021-05-20 9:16 ` [PATCH 4.19 023/425] staging: wimax/i2400m: fix byte-order issue Greg Kroah-Hartman
@ 2021-05-20 9:16 ` Greg Kroah-Hartman
2021-05-20 9:16 ` [PATCH 4.19 025/425] usb: gadget: uvc: add bInterval checking for HS mode Greg Kroah-Hartman
` (407 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:16 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, syzbot+12cf5fbfdeba210a89dd,
Eric Biggers, Ard Biesheuvel, Herbert Xu, Sasha Levin
From: Ard Biesheuvel <ardb@kernel.org>
[ Upstream commit 83681f2bebb34dbb3f03fecd8f570308ab8b7c2c ]
Given that crypto_alloc_tfm() may return ERR pointers, and to avoid
crashes on obscure error paths where such pointers are presented to
crypto_destroy_tfm() (such as [0]), add an ERR_PTR check there
before dereferencing the second argument as a struct crypto_tfm
pointer.
[0] https://lore.kernel.org/linux-crypto/000000000000de949705bc59e0f6@google.com/
Reported-by: syzbot+12cf5fbfdeba210a89dd@syzkaller.appspotmail.com
Reviewed-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
crypto/api.c | 2 +-
include/crypto/acompress.h | 2 ++
include/crypto/aead.h | 2 ++
include/crypto/akcipher.h | 2 ++
include/crypto/hash.h | 4 ++++
include/crypto/kpp.h | 2 ++
include/crypto/rng.h | 2 ++
include/crypto/skcipher.h | 2 ++
8 files changed, 17 insertions(+), 1 deletion(-)
diff --git a/crypto/api.c b/crypto/api.c
index 1909195b2c70..5efd4d6e6312 100644
--- a/crypto/api.c
+++ b/crypto/api.c
@@ -571,7 +571,7 @@ void crypto_destroy_tfm(void *mem, struct crypto_tfm *tfm)
{
struct crypto_alg *alg;
- if (unlikely(!mem))
+ if (IS_ERR_OR_NULL(mem))
return;
alg = tfm->__crt_alg;
diff --git a/include/crypto/acompress.h b/include/crypto/acompress.h
index e328b52425a8..1ff78365607c 100644
--- a/include/crypto/acompress.h
+++ b/include/crypto/acompress.h
@@ -152,6 +152,8 @@ static inline struct crypto_acomp *crypto_acomp_reqtfm(struct acomp_req *req)
* crypto_free_acomp() -- free ACOMPRESS tfm handle
*
* @tfm: ACOMPRESS tfm handle allocated with crypto_alloc_acomp()
+ *
+ * If @tfm is a NULL or error pointer, this function does nothing.
*/
static inline void crypto_free_acomp(struct crypto_acomp *tfm)
{
diff --git a/include/crypto/aead.h b/include/crypto/aead.h
index 1e26f790b03f..c69c545ba39a 100644
--- a/include/crypto/aead.h
+++ b/include/crypto/aead.h
@@ -187,6 +187,8 @@ static inline struct crypto_tfm *crypto_aead_tfm(struct crypto_aead *tfm)
/**
* crypto_free_aead() - zeroize and free aead handle
* @tfm: cipher handle to be freed
+ *
+ * If @tfm is a NULL or error pointer, this function does nothing.
*/
static inline void crypto_free_aead(struct crypto_aead *tfm)
{
diff --git a/include/crypto/akcipher.h b/include/crypto/akcipher.h
index b5e11de4d497..9817f2e5bff8 100644
--- a/include/crypto/akcipher.h
+++ b/include/crypto/akcipher.h
@@ -174,6 +174,8 @@ static inline struct crypto_akcipher *crypto_akcipher_reqtfm(
* crypto_free_akcipher() - free AKCIPHER tfm handle
*
* @tfm: AKCIPHER tfm handle allocated with crypto_alloc_akcipher()
+ *
+ * If @tfm is a NULL or error pointer, this function does nothing.
*/
static inline void crypto_free_akcipher(struct crypto_akcipher *tfm)
{
diff --git a/include/crypto/hash.h b/include/crypto/hash.h
index 76e432cab75d..552517dcf9e4 100644
--- a/include/crypto/hash.h
+++ b/include/crypto/hash.h
@@ -257,6 +257,8 @@ static inline struct crypto_tfm *crypto_ahash_tfm(struct crypto_ahash *tfm)
/**
* crypto_free_ahash() - zeroize and free the ahash handle
* @tfm: cipher handle to be freed
+ *
+ * If @tfm is a NULL or error pointer, this function does nothing.
*/
static inline void crypto_free_ahash(struct crypto_ahash *tfm)
{
@@ -692,6 +694,8 @@ static inline struct crypto_tfm *crypto_shash_tfm(struct crypto_shash *tfm)
/**
* crypto_free_shash() - zeroize and free the message digest handle
* @tfm: cipher handle to be freed
+ *
+ * If @tfm is a NULL or error pointer, this function does nothing.
*/
static inline void crypto_free_shash(struct crypto_shash *tfm)
{
diff --git a/include/crypto/kpp.h b/include/crypto/kpp.h
index 1bde0a6514fa..1a34630fc371 100644
--- a/include/crypto/kpp.h
+++ b/include/crypto/kpp.h
@@ -159,6 +159,8 @@ static inline void crypto_kpp_set_flags(struct crypto_kpp *tfm, u32 flags)
* crypto_free_kpp() - free KPP tfm handle
*
* @tfm: KPP tfm handle allocated with crypto_alloc_kpp()
+ *
+ * If @tfm is a NULL or error pointer, this function does nothing.
*/
static inline void crypto_free_kpp(struct crypto_kpp *tfm)
{
diff --git a/include/crypto/rng.h b/include/crypto/rng.h
index b95ede354a66..a788c1e5a121 100644
--- a/include/crypto/rng.h
+++ b/include/crypto/rng.h
@@ -116,6 +116,8 @@ static inline struct rng_alg *crypto_rng_alg(struct crypto_rng *tfm)
/**
* crypto_free_rng() - zeroize and free RNG handle
* @tfm: cipher handle to be freed
+ *
+ * If @tfm is a NULL or error pointer, this function does nothing.
*/
static inline void crypto_free_rng(struct crypto_rng *tfm)
{
diff --git a/include/crypto/skcipher.h b/include/crypto/skcipher.h
index 2f327f090c3e..c7553f8b1bb6 100644
--- a/include/crypto/skcipher.h
+++ b/include/crypto/skcipher.h
@@ -206,6 +206,8 @@ static inline struct crypto_tfm *crypto_skcipher_tfm(
/**
* crypto_free_skcipher() - zeroize and free cipher handle
* @tfm: cipher handle to be freed
+ *
+ * If @tfm is a NULL or error pointer, this function does nothing.
*/
static inline void crypto_free_skcipher(struct crypto_skcipher *tfm)
{
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 025/425] usb: gadget: uvc: add bInterval checking for HS mode
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (23 preceding siblings ...)
2021-05-20 9:16 ` [PATCH 4.19 024/425] crypto: api - check for ERR pointers in crypto_destroy_tfm() Greg Kroah-Hartman
@ 2021-05-20 9:16 ` Greg Kroah-Hartman
2021-05-20 9:16 ` [PATCH 4.19 026/425] genirq/matrix: Prevent allocation counter corruption Greg Kroah-Hartman
` (406 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:16 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Peter Chen, Laurent Pinchart,
Pawel Laszczak, Sasha Levin
From: Pawel Laszczak <pawell@cadence.com>
[ Upstream commit 26adde04acdff14a1f28d4a5dce46a8513a3038b ]
Patch adds extra checking for bInterval passed by configfs.
The 5.6.4 chapter of USB Specification (rev. 2.0) say:
"A high-bandwidth endpoint must specify a period of 1x125 µs
(i.e., a bInterval value of 1)."
The issue was observed during testing UVC class on CV.
I treat this change as improvement because we can control
bInterval by configfs.
Reviewed-by: Peter Chen <peter.chen@kernel.org>
Reviewed-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Signed-off-by: Pawel Laszczak <pawell@cadence.com>
Link: https://lore.kernel.org/r/20210308125338.4824-1-pawell@gli-login.cadence.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/usb/gadget/function/f_uvc.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/drivers/usb/gadget/function/f_uvc.c b/drivers/usb/gadget/function/f_uvc.c
index d8ce7868fe22..169e73ed128c 100644
--- a/drivers/usb/gadget/function/f_uvc.c
+++ b/drivers/usb/gadget/function/f_uvc.c
@@ -645,7 +645,12 @@ uvc_function_bind(struct usb_configuration *c, struct usb_function *f)
uvc_hs_streaming_ep.wMaxPacketSize =
cpu_to_le16(max_packet_size | ((max_packet_mult - 1) << 11));
- uvc_hs_streaming_ep.bInterval = opts->streaming_interval;
+
+ /* A high-bandwidth endpoint must specify a bInterval value of 1 */
+ if (max_packet_mult > 1)
+ uvc_hs_streaming_ep.bInterval = 1;
+ else
+ uvc_hs_streaming_ep.bInterval = opts->streaming_interval;
uvc_ss_streaming_ep.wMaxPacketSize = cpu_to_le16(max_packet_size);
uvc_ss_streaming_ep.bInterval = opts->streaming_interval;
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 026/425] genirq/matrix: Prevent allocation counter corruption
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (24 preceding siblings ...)
2021-05-20 9:16 ` [PATCH 4.19 025/425] usb: gadget: uvc: add bInterval checking for HS mode Greg Kroah-Hartman
@ 2021-05-20 9:16 ` Greg Kroah-Hartman
2021-05-20 9:16 ` [PATCH 4.19 027/425] usb: gadget: f_uac1: validate input parameters Greg Kroah-Hartman
` (405 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:16 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Thomas Gleixner, Vitaly Kuznetsov,
Sasha Levin
From: Vitaly Kuznetsov <vkuznets@redhat.com>
[ Upstream commit c93a5e20c3c2dabef8ea360a3d3f18c6f68233ab ]
When irq_matrix_free() is called for an unallocated vector the
managed_allocated and total_allocated counters get out of sync with the
real state of the matrix. Later, when the last interrupt is freed, these
counters will underflow resulting in UINTMAX because the counters are
unsigned.
While this is certainly a problem of the calling code, this can be catched
in the allocator by checking the allocation bit for the to be freed vector
which simplifies debugging.
An example of the problem described above:
https://lore.kernel.org/lkml/20210318192819.636943062@linutronix.de/
Add the missing sanity check and emit a warning when it triggers.
Suggested-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Vitaly Kuznetsov <vkuznets@redhat.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Link: https://lore.kernel.org/r/20210319111823.1105248-1-vkuznets@redhat.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/irq/matrix.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/kernel/irq/matrix.c b/kernel/irq/matrix.c
index 651a4ad6d711..8e586858bcf4 100644
--- a/kernel/irq/matrix.c
+++ b/kernel/irq/matrix.c
@@ -423,7 +423,9 @@ void irq_matrix_free(struct irq_matrix *m, unsigned int cpu,
if (WARN_ON_ONCE(bit < m->alloc_start || bit >= m->alloc_end))
return;
- clear_bit(bit, cm->alloc_map);
+ if (WARN_ON_ONCE(!test_and_clear_bit(bit, cm->alloc_map)))
+ return;
+
cm->allocated--;
if(managed)
cm->managed_allocated--;
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 027/425] usb: gadget: f_uac1: validate input parameters
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (25 preceding siblings ...)
2021-05-20 9:16 ` [PATCH 4.19 026/425] genirq/matrix: Prevent allocation counter corruption Greg Kroah-Hartman
@ 2021-05-20 9:16 ` Greg Kroah-Hartman
2021-05-20 9:16 ` [PATCH 4.19 028/425] usb: dwc3: gadget: Ignore EP queue requests during bus reset Greg Kroah-Hartman
` (404 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:16 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Ruslan Bilovol, Sasha Levin
From: Ruslan Bilovol <ruslan.bilovol@gmail.com>
[ Upstream commit a59c68a6a3d1b18e2494f526eb19893a34fa6ec6 ]
Currently user can configure UAC1 function with
parameters that violate UAC1 spec or are not supported
by UAC1 gadget implementation.
This can lead to incorrect behavior if such gadget
is connected to the host - like enumeration failure
or other issues depending on host's UAC1 driver
implementation, bringing user to a long hours
of debugging the issue.
Instead of silently accept these parameters, throw
an error if they are not valid.
Signed-off-by: Ruslan Bilovol <ruslan.bilovol@gmail.com>
Link: https://lore.kernel.org/r/1614599375-8803-5-git-send-email-ruslan.bilovol@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/usb/gadget/function/f_uac1.c | 43 ++++++++++++++++++++++++++++
1 file changed, 43 insertions(+)
diff --git a/drivers/usb/gadget/function/f_uac1.c b/drivers/usb/gadget/function/f_uac1.c
index a215c836eba4..41e7b29f58df 100644
--- a/drivers/usb/gadget/function/f_uac1.c
+++ b/drivers/usb/gadget/function/f_uac1.c
@@ -19,6 +19,9 @@
#include "u_audio.h"
#include "u_uac1.h"
+/* UAC1 spec: 3.7.2.3 Audio Channel Cluster Format */
+#define UAC1_CHANNEL_MASK 0x0FFF
+
struct f_uac1 {
struct g_audio g_audio;
u8 ac_intf, as_in_intf, as_out_intf;
@@ -30,6 +33,11 @@ static inline struct f_uac1 *func_to_uac1(struct usb_function *f)
return container_of(f, struct f_uac1, g_audio.func);
}
+static inline struct f_uac1_opts *g_audio_to_uac1_opts(struct g_audio *audio)
+{
+ return container_of(audio->func.fi, struct f_uac1_opts, func_inst);
+}
+
/*
* DESCRIPTORS ... most are static, but strings and full
* configuration descriptors are built on demand.
@@ -505,11 +513,42 @@ static void f_audio_disable(struct usb_function *f)
/*-------------------------------------------------------------------------*/
+static int f_audio_validate_opts(struct g_audio *audio, struct device *dev)
+{
+ struct f_uac1_opts *opts = g_audio_to_uac1_opts(audio);
+
+ if (!opts->p_chmask && !opts->c_chmask) {
+ dev_err(dev, "Error: no playback and capture channels\n");
+ return -EINVAL;
+ } else if (opts->p_chmask & ~UAC1_CHANNEL_MASK) {
+ dev_err(dev, "Error: unsupported playback channels mask\n");
+ return -EINVAL;
+ } else if (opts->c_chmask & ~UAC1_CHANNEL_MASK) {
+ dev_err(dev, "Error: unsupported capture channels mask\n");
+ return -EINVAL;
+ } else if ((opts->p_ssize < 1) || (opts->p_ssize > 4)) {
+ dev_err(dev, "Error: incorrect playback sample size\n");
+ return -EINVAL;
+ } else if ((opts->c_ssize < 1) || (opts->c_ssize > 4)) {
+ dev_err(dev, "Error: incorrect capture sample size\n");
+ return -EINVAL;
+ } else if (!opts->p_srate) {
+ dev_err(dev, "Error: incorrect playback sampling rate\n");
+ return -EINVAL;
+ } else if (!opts->c_srate) {
+ dev_err(dev, "Error: incorrect capture sampling rate\n");
+ return -EINVAL;
+ }
+
+ return 0;
+}
+
/* audio function driver setup/binding */
static int f_audio_bind(struct usb_configuration *c, struct usb_function *f)
{
struct usb_composite_dev *cdev = c->cdev;
struct usb_gadget *gadget = cdev->gadget;
+ struct device *dev = &gadget->dev;
struct f_uac1 *uac1 = func_to_uac1(f);
struct g_audio *audio = func_to_g_audio(f);
struct f_uac1_opts *audio_opts;
@@ -519,6 +558,10 @@ static int f_audio_bind(struct usb_configuration *c, struct usb_function *f)
int rate;
int status;
+ status = f_audio_validate_opts(audio, dev);
+ if (status)
+ return status;
+
audio_opts = container_of(f->fi, struct f_uac1_opts, func_inst);
us = usb_gstrings_attach(cdev, uac1_strings, ARRAY_SIZE(strings_uac1));
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 028/425] usb: dwc3: gadget: Ignore EP queue requests during bus reset
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (26 preceding siblings ...)
2021-05-20 9:16 ` [PATCH 4.19 027/425] usb: gadget: f_uac1: validate input parameters Greg Kroah-Hartman
@ 2021-05-20 9:16 ` Greg Kroah-Hartman
2021-05-20 9:16 ` [PATCH 4.19 029/425] usb: xhci: Fix port minor revision Greg Kroah-Hartman
` (403 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:16 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Wesley Cheng, Sasha Levin
From: Wesley Cheng <wcheng@codeaurora.org>
[ Upstream commit 71ca43f30df9c642970f9dc9b2d6f463f4967e7b ]
The current dwc3_gadget_reset_interrupt() will stop any active
transfers, but only addresses blocking of EP queuing for while we are
coming from a disconnected scenario, i.e. after receiving the disconnect
event. If the host decides to issue a bus reset on the device, the
connected parameter will still be set to true, allowing for EP queuing
to continue while we are disabling the functions. To avoid this, set the
connected flag to false until the stop active transfers is complete.
Signed-off-by: Wesley Cheng <wcheng@codeaurora.org>
Link: https://lore.kernel.org/r/1616146285-19149-3-git-send-email-wcheng@codeaurora.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/usb/dwc3/gadget.c | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/drivers/usb/dwc3/gadget.c b/drivers/usb/dwc3/gadget.c
index a0806dca3de9..f28eb541fad3 100644
--- a/drivers/usb/dwc3/gadget.c
+++ b/drivers/usb/dwc3/gadget.c
@@ -2717,6 +2717,15 @@ static void dwc3_gadget_reset_interrupt(struct dwc3 *dwc)
dwc->connected = true;
+ /*
+ * Ideally, dwc3_reset_gadget() would trigger the function
+ * drivers to stop any active transfers through ep disable.
+ * However, for functions which defer ep disable, such as mass
+ * storage, we will need to rely on the call to stop active
+ * transfers here, and avoid allowing of request queuing.
+ */
+ dwc->connected = false;
+
/*
* WORKAROUND: DWC3 revisions <1.88a have an issue which
* would cause a missing Disconnect Event if there's a
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 029/425] usb: xhci: Fix port minor revision
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (27 preceding siblings ...)
2021-05-20 9:16 ` [PATCH 4.19 028/425] usb: dwc3: gadget: Ignore EP queue requests during bus reset Greg Kroah-Hartman
@ 2021-05-20 9:16 ` Greg Kroah-Hartman
2021-05-20 9:16 ` [PATCH 4.19 030/425] PCI: PM: Do not read power state in pci_enable_device_flags() Greg Kroah-Hartman
` (402 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:16 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Mathias Nyman, Thinh Nguyen, Sasha Levin
From: Thinh Nguyen <Thinh.Nguyen@synopsys.com>
[ Upstream commit 64364bc912c01b33bba6c22e3ccb849bfca96398 ]
Some hosts incorrectly use sub-minor version for minor version (i.e.
0x02 instead of 0x20 for bcdUSB 0x320 and 0x01 for bcdUSB 0x310).
Currently the xHCI driver works around this by just checking for minor
revision > 0x01 for USB 3.1 everywhere. With the addition of USB 3.2,
checking this gets a bit cumbersome. Since there is no USB release with
bcdUSB 0x301 to 0x309, we can assume that sub-minor version 01 to 09 is
incorrect. Let's try to fix this and use the minor revision that matches
with the USB/xHCI spec to help with the version checking within the
driver.
Acked-by: Mathias Nyman <mathias.nyman@linux.intel.com>
Signed-off-by: Thinh Nguyen <Thinh.Nguyen@synopsys.com>
Link: https://lore.kernel.org/r/ed330e95a19dc367819c5b4d78bf7a541c35aa0a.1615432770.git.Thinh.Nguyen@synopsys.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/usb/host/xhci-mem.c | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/drivers/usb/host/xhci-mem.c b/drivers/usb/host/xhci-mem.c
index 9e87c282a743..2461be2a8748 100644
--- a/drivers/usb/host/xhci-mem.c
+++ b/drivers/usb/host/xhci-mem.c
@@ -2134,6 +2134,15 @@ static void xhci_add_in_port(struct xhci_hcd *xhci, unsigned int num_ports,
if (major_revision == 0x03) {
rhub = &xhci->usb3_rhub;
+ /*
+ * Some hosts incorrectly use sub-minor version for minor
+ * version (i.e. 0x02 instead of 0x20 for bcdUSB 0x320 and 0x01
+ * for bcdUSB 0x310). Since there is no USB release with sub
+ * minor version 0x301 to 0x309, we can assume that they are
+ * incorrect and fix it here.
+ */
+ if (minor_revision > 0x00 && minor_revision < 0x10)
+ minor_revision <<= 4;
} else if (major_revision <= 0x02) {
rhub = &xhci->usb2_rhub;
} else {
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 030/425] PCI: PM: Do not read power state in pci_enable_device_flags()
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (28 preceding siblings ...)
2021-05-20 9:16 ` [PATCH 4.19 029/425] usb: xhci: Fix port minor revision Greg Kroah-Hartman
@ 2021-05-20 9:16 ` Greg Kroah-Hartman
2021-05-20 9:16 ` [PATCH 4.19 031/425] x86/build: Propagate $(CLANG_FLAGS) to $(REALMODE_FLAGS) Greg Kroah-Hartman
` (401 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:16 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Maximilian Luz, Rafael J. Wysocki,
Mika Westerberg, Sasha Levin
From: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
[ Upstream commit 4514d991d99211f225d83b7e640285f29f0755d0 ]
It should not be necessary to update the current_state field of
struct pci_dev in pci_enable_device_flags() before calling
do_pci_enable_device() for the device, because none of the
code between that point and the pci_set_power_state() call in
do_pci_enable_device() invoked later depends on it.
Moreover, doing that is actively harmful in some cases. For example,
if the given PCI device depends on an ACPI power resource whose _STA
method initially returns 0 ("off"), but the config space of the PCI
device is accessible and the power state retrieved from the
PCI_PM_CTRL register is D0, the current_state field in the struct
pci_dev representing that device will get out of sync with the
power.state of its ACPI companion object and that will lead to
power management issues going forward.
To avoid such issues it is better to leave the current_state value
as is until it is changed to PCI_D0 by do_pci_enable_device() as
appropriate. However, the power state of the device is not changed
to PCI_D0 if it is already enabled when pci_enable_device_flags()
gets called for it, so update its current_state in that case, but
use pci_update_current_state() covering platform PM too for that.
Link: https://lore.kernel.org/lkml/20210314000439.3138941-1-luzmaximilian@gmail.com/
Reported-by: Maximilian Luz <luzmaximilian@gmail.com>
Tested-by: Maximilian Luz <luzmaximilian@gmail.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Reviewed-by: Mika Westerberg <mika.westerberg@linux.intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/pci/pci.c | 16 +++-------------
1 file changed, 3 insertions(+), 13 deletions(-)
diff --git a/drivers/pci/pci.c b/drivers/pci/pci.c
index 9ebf32de8575..3d59bbe4a5d5 100644
--- a/drivers/pci/pci.c
+++ b/drivers/pci/pci.c
@@ -1585,20 +1585,10 @@ static int pci_enable_device_flags(struct pci_dev *dev, unsigned long flags)
int err;
int i, bars = 0;
- /*
- * Power state could be unknown at this point, either due to a fresh
- * boot or a device removal call. So get the current power state
- * so that things like MSI message writing will behave as expected
- * (e.g. if the device really is in D0 at enable time).
- */
- if (dev->pm_cap) {
- u16 pmcsr;
- pci_read_config_word(dev, dev->pm_cap + PCI_PM_CTRL, &pmcsr);
- dev->current_state = (pmcsr & PCI_PM_CTRL_STATE_MASK);
- }
-
- if (atomic_inc_return(&dev->enable_cnt) > 1)
+ if (atomic_inc_return(&dev->enable_cnt) > 1) {
+ pci_update_current_state(dev, dev->current_state);
return 0; /* already enabled */
+ }
bridge = pci_upstream_bridge(dev);
if (bridge)
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 031/425] x86/build: Propagate $(CLANG_FLAGS) to $(REALMODE_FLAGS)
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (29 preceding siblings ...)
2021-05-20 9:16 ` [PATCH 4.19 030/425] PCI: PM: Do not read power state in pci_enable_device_flags() Greg Kroah-Hartman
@ 2021-05-20 9:16 ` Greg Kroah-Hartman
2021-05-20 9:16 ` [PATCH 4.19 032/425] tee: optee: do not check memref size on return from Secure World Greg Kroah-Hartman
` (400 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:16 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, John Millikin, Nathan Chancellor,
Borislav Petkov, Ard Biesheuvel, Sedat Dilek, Sasha Levin
From: John Millikin <john@john-millikin.com>
[ Upstream commit 8abe7fc26ad8f28bfdf78adbed56acd1fa93f82d ]
When cross-compiling with Clang, the `$(CLANG_FLAGS)' variable
contains additional flags needed to build C and assembly sources
for the target platform. Normally this variable is automatically
included in `$(KBUILD_CFLAGS)' via the top-level Makefile.
The x86 real-mode makefile builds `$(REALMODE_CFLAGS)' from a
plain assignment and therefore drops the Clang flags. This causes
Clang to not recognize x86-specific assembler directives:
arch/x86/realmode/rm/header.S:36:1: error: unknown directive
.type real_mode_header STT_OBJECT ; .size real_mode_header, .-real_mode_header
^
Explicit propagation of `$(CLANG_FLAGS)' to `$(REALMODE_CFLAGS)',
which is inherited by real-mode make rules, fixes cross-compilation
with Clang for x86 targets.
Relevant flags:
* `--target' sets the target architecture when cross-compiling. This
flag must be set for both compilation and assembly (`KBUILD_AFLAGS')
to support architecture-specific assembler directives.
* `-no-integrated-as' tells clang to assemble with GNU Assembler
instead of its built-in LLVM assembler. This flag is set by default
unless `LLVM_IAS=1' is set, because the LLVM assembler can't yet
parse certain GNU extensions.
Signed-off-by: John Millikin <john@john-millikin.com>
Signed-off-by: Nathan Chancellor <nathan@kernel.org>
Signed-off-by: Borislav Petkov <bp@suse.de>
Acked-by: Ard Biesheuvel <ardb@kernel.org>
Tested-by: Sedat Dilek <sedat.dilek@gmail.com>
Link: https://lkml.kernel.org/r/20210326000435.4785-2-nathan@kernel.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/x86/Makefile | 1 +
1 file changed, 1 insertion(+)
diff --git a/arch/x86/Makefile b/arch/x86/Makefile
index 6ebdbad21fb2..65a8722e784c 100644
--- a/arch/x86/Makefile
+++ b/arch/x86/Makefile
@@ -40,6 +40,7 @@ REALMODE_CFLAGS += $(call __cc-option, $(CC), $(REALMODE_CFLAGS), -ffreestanding
REALMODE_CFLAGS += $(call __cc-option, $(CC), $(REALMODE_CFLAGS), -fno-stack-protector)
REALMODE_CFLAGS += $(call __cc-option, $(CC), $(REALMODE_CFLAGS), -Wno-address-of-packed-member)
REALMODE_CFLAGS += $(call __cc-option, $(CC), $(REALMODE_CFLAGS), $(cc_stack_align4))
+REALMODE_CFLAGS += $(CLANG_FLAGS)
export REALMODE_CFLAGS
# BITS is used as extension for files which are available in a 32 bit
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 032/425] tee: optee: do not check memref size on return from Secure World
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (30 preceding siblings ...)
2021-05-20 9:16 ` [PATCH 4.19 031/425] x86/build: Propagate $(CLANG_FLAGS) to $(REALMODE_FLAGS) Greg Kroah-Hartman
@ 2021-05-20 9:16 ` Greg Kroah-Hartman
2021-05-20 9:16 ` [PATCH 4.19 033/425] perf/arm_pmu_platform: Fix error handling Greg Kroah-Hartman
` (399 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:16 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Sumit Garg, Jens Wiklander,
Jerome Forissier, Sasha Levin
From: Jerome Forissier <jerome@forissier.org>
[ Upstream commit c650b8dc7a7910eb25af0aac1720f778b29e679d ]
When Secure World returns, it may have changed the size attribute of the
memory references passed as [in/out] parameters. The GlobalPlatform TEE
Internal Core API specification does not restrict the values that this
size can take. In particular, Secure World may increase the value to be
larger than the size of the input buffer to indicate that it needs more.
Therefore, the size check in optee_from_msg_param() is incorrect and
needs to be removed. This fixes a number of failed test cases in the
GlobalPlatform TEE Initial Configuratiom Test Suite v2_0_0_0-2017_06_09
when OP-TEE is compiled without dynamic shared memory support
(CFG_CORE_DYN_SHM=n).
Reviewed-by: Sumit Garg <sumit.garg@linaro.org>
Suggested-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/tee/optee/core.c | 10 ----------
1 file changed, 10 deletions(-)
diff --git a/drivers/tee/optee/core.c b/drivers/tee/optee/core.c
index 2f254f957b0a..1d71fcb13dba 100644
--- a/drivers/tee/optee/core.c
+++ b/drivers/tee/optee/core.c
@@ -87,16 +87,6 @@ int optee_from_msg_param(struct tee_param *params, size_t num_params,
return rc;
p->u.memref.shm_offs = mp->u.tmem.buf_ptr - pa;
p->u.memref.shm = shm;
-
- /* Check that the memref is covered by the shm object */
- if (p->u.memref.size) {
- size_t o = p->u.memref.shm_offs +
- p->u.memref.size - 1;
-
- rc = tee_shm_get_pa(shm, o, NULL);
- if (rc)
- return rc;
- }
break;
case OPTEE_MSG_ATTR_TYPE_RMEM_INPUT:
case OPTEE_MSG_ATTR_TYPE_RMEM_OUTPUT:
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 033/425] perf/arm_pmu_platform: Fix error handling
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (31 preceding siblings ...)
2021-05-20 9:16 ` [PATCH 4.19 032/425] tee: optee: do not check memref size on return from Secure World Greg Kroah-Hartman
@ 2021-05-20 9:16 ` Greg Kroah-Hartman
2021-05-20 9:16 ` [PATCH 4.19 034/425] usb: xhci-mtk: support quirk to disable usb2 lpm Greg Kroah-Hartman
` (398 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:16 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Robin Murphy, Will Deacon, Sasha Levin
From: Robin Murphy <robin.murphy@arm.com>
[ Upstream commit e338cb6bef254821a8c095018fd27254d74bfd6a ]
If we're aborting after failing to register the PMU device,
we probably don't want to leak the IRQs that we've claimed.
Signed-off-by: Robin Murphy <robin.murphy@arm.com>
Link: https://lore.kernel.org/r/53031a607fc8412a60024bfb3bb8cd7141f998f5.1616774562.git.robin.murphy@arm.com
Signed-off-by: Will Deacon <will@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/perf/arm_pmu_platform.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/perf/arm_pmu_platform.c b/drivers/perf/arm_pmu_platform.c
index 96075cecb0ae..199293450acf 100644
--- a/drivers/perf/arm_pmu_platform.c
+++ b/drivers/perf/arm_pmu_platform.c
@@ -236,7 +236,7 @@ int arm_pmu_device_probe(struct platform_device *pdev,
ret = armpmu_register(pmu);
if (ret)
- goto out_free;
+ goto out_free_irqs;
return 0;
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 034/425] usb: xhci-mtk: support quirk to disable usb2 lpm
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (32 preceding siblings ...)
2021-05-20 9:16 ` [PATCH 4.19 033/425] perf/arm_pmu_platform: Fix error handling Greg Kroah-Hartman
@ 2021-05-20 9:16 ` Greg Kroah-Hartman
2021-05-20 9:16 ` [PATCH 4.19 035/425] xhci: check control context is valid before dereferencing it Greg Kroah-Hartman
` (397 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:16 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Chunfeng Yun, Sasha Levin
From: Chunfeng Yun <chunfeng.yun@mediatek.com>
[ Upstream commit bee1f89aad2a51cd3339571bc8eadbb0dc88a683 ]
The xHCI driver support usb2 HW LPM by default, here add support
XHCI_HW_LPM_DISABLE quirk, then we can disable usb2 lpm when
need it.
Signed-off-by: Chunfeng Yun <chunfeng.yun@mediatek.com>
Link: https://lore.kernel.org/r/1617181553-3503-4-git-send-email-chunfeng.yun@mediatek.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/usb/host/xhci-mtk.c | 3 +++
drivers/usb/host/xhci-mtk.h | 1 +
2 files changed, 4 insertions(+)
diff --git a/drivers/usb/host/xhci-mtk.c b/drivers/usb/host/xhci-mtk.c
index 09d5a789fcd5..f4b2e766f195 100644
--- a/drivers/usb/host/xhci-mtk.c
+++ b/drivers/usb/host/xhci-mtk.c
@@ -395,6 +395,8 @@ static void xhci_mtk_quirks(struct device *dev, struct xhci_hcd *xhci)
xhci->quirks |= XHCI_SPURIOUS_SUCCESS;
if (mtk->lpm_support)
xhci->quirks |= XHCI_LPM_SUPPORT;
+ if (mtk->u2_lpm_disable)
+ xhci->quirks |= XHCI_HW_LPM_DISABLE;
/*
* MTK xHCI 0.96: PSA is 1 by default even if doesn't support stream,
@@ -467,6 +469,7 @@ static int xhci_mtk_probe(struct platform_device *pdev)
return ret;
mtk->lpm_support = of_property_read_bool(node, "usb3-lpm-capable");
+ mtk->u2_lpm_disable = of_property_read_bool(node, "usb2-lpm-disable");
/* optional property, ignore the error if it does not exist */
of_property_read_u32(node, "mediatek,u3p-dis-msk",
&mtk->u3p_dis_msk);
diff --git a/drivers/usb/host/xhci-mtk.h b/drivers/usb/host/xhci-mtk.h
index cc59d80b663b..1601ca9a388e 100644
--- a/drivers/usb/host/xhci-mtk.h
+++ b/drivers/usb/host/xhci-mtk.h
@@ -123,6 +123,7 @@ struct xhci_hcd_mtk {
struct phy **phys;
int num_phys;
bool lpm_support;
+ bool u2_lpm_disable;
/* usb remote wakeup */
bool uwk_en;
struct regmap *uwk;
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 035/425] xhci: check control context is valid before dereferencing it.
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (33 preceding siblings ...)
2021-05-20 9:16 ` [PATCH 4.19 034/425] usb: xhci-mtk: support quirk to disable usb2 lpm Greg Kroah-Hartman
@ 2021-05-20 9:16 ` Greg Kroah-Hartman
2021-05-20 9:16 ` [PATCH 4.19 036/425] xhci: fix potential array out of bounds with several interrupters Greg Kroah-Hartman
` (396 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:16 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Mathias Nyman, Sasha Levin
From: Mathias Nyman <mathias.nyman@linux.intel.com>
[ Upstream commit 597899d2f7c5619c87185ee7953d004bd37fd0eb ]
Don't dereference ctrl_ctx before checking it's valid.
Issue reported by Klockwork
Signed-off-by: Mathias Nyman <mathias.nyman@linux.intel.com>
Link: https://lore.kernel.org/r/20210406070208.3406266-3-mathias.nyman@linux.intel.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/usb/host/xhci.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/drivers/usb/host/xhci.c b/drivers/usb/host/xhci.c
index 6c508d0313f7..fc07d68fdd15 100644
--- a/drivers/usb/host/xhci.c
+++ b/drivers/usb/host/xhci.c
@@ -3148,6 +3148,14 @@ static void xhci_endpoint_reset(struct usb_hcd *hcd,
/* config ep command clears toggle if add and drop ep flags are set */
ctrl_ctx = xhci_get_input_control_ctx(cfg_cmd->in_ctx);
+ if (!ctrl_ctx) {
+ spin_unlock_irqrestore(&xhci->lock, flags);
+ xhci_free_command(xhci, cfg_cmd);
+ xhci_warn(xhci, "%s: Could not get input context, bad type.\n",
+ __func__);
+ goto cleanup;
+ }
+
xhci_setup_input_ctx_for_config_ep(xhci, cfg_cmd->in_ctx, vdev->out_ctx,
ctrl_ctx, ep_flag, ep_flag);
xhci_endpoint_copy(xhci, cfg_cmd->in_ctx, vdev->out_ctx, ep_index);
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 036/425] xhci: fix potential array out of bounds with several interrupters
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (34 preceding siblings ...)
2021-05-20 9:16 ` [PATCH 4.19 035/425] xhci: check control context is valid before dereferencing it Greg Kroah-Hartman
@ 2021-05-20 9:16 ` Greg Kroah-Hartman
2021-05-20 9:16 ` [PATCH 4.19 037/425] spi: dln2: Fix reference leak to master Greg Kroah-Hartman
` (395 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:16 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Mathias Nyman, Sasha Levin
From: Mathias Nyman <mathias.nyman@linux.intel.com>
[ Upstream commit 286fd02fd54b6acab65809549cf5fb3f2a886696 ]
The Max Interrupters supported by the controller is given in a 10bit
wide bitfield, but the driver uses a fixed 128 size array to index these
interrupters.
Klockwork reports a possible array out of bounds case which in theory
is possible. In practice this hasn't been hit as a common number of Max
Interrupters for new controllers is 8, not even close to 128.
This needs to be fixed anyway
Signed-off-by: Mathias Nyman <mathias.nyman@linux.intel.com>
Link: https://lore.kernel.org/r/20210406070208.3406266-4-mathias.nyman@linux.intel.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/usb/host/xhci.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/drivers/usb/host/xhci.c b/drivers/usb/host/xhci.c
index fc07d68fdd15..9ca59f3fffde 100644
--- a/drivers/usb/host/xhci.c
+++ b/drivers/usb/host/xhci.c
@@ -227,6 +227,7 @@ static void xhci_zero_64b_regs(struct xhci_hcd *xhci)
struct device *dev = xhci_to_hcd(xhci)->self.sysdev;
int err, i;
u64 val;
+ u32 intrs;
/*
* Some Renesas controllers get into a weird state if they are
@@ -265,7 +266,10 @@ static void xhci_zero_64b_regs(struct xhci_hcd *xhci)
if (upper_32_bits(val))
xhci_write_64(xhci, 0, &xhci->op_regs->cmd_ring);
- for (i = 0; i < HCS_MAX_INTRS(xhci->hcs_params1); i++) {
+ intrs = min_t(u32, HCS_MAX_INTRS(xhci->hcs_params1),
+ ARRAY_SIZE(xhci->run_regs->ir_set));
+
+ for (i = 0; i < intrs; i++) {
struct xhci_intr_reg __iomem *ir;
ir = &xhci->run_regs->ir_set[i];
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 037/425] spi: dln2: Fix reference leak to master
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (35 preceding siblings ...)
2021-05-20 9:16 ` [PATCH 4.19 036/425] xhci: fix potential array out of bounds with several interrupters Greg Kroah-Hartman
@ 2021-05-20 9:16 ` Greg Kroah-Hartman
2021-05-20 9:16 ` [PATCH 4.19 038/425] spi: omap-100k: " Greg Kroah-Hartman
` (394 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:16 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hulk Robot, Wei Yongjun, Mark Brown,
Sasha Levin
From: Wei Yongjun <weiyongjun1@huawei.com>
[ Upstream commit 9b844b087124c1538d05f40fda8a4fec75af55be ]
Call spi_master_get() holds the reference count to master device, thus
we need an additional spi_master_put() call to reduce the reference
count, otherwise we will leak a reference to master.
This commit fix it by removing the unnecessary spi_master_get().
Reported-by: Hulk Robot <hulkci@huawei.com>
Signed-off-by: Wei Yongjun <weiyongjun1@huawei.com>
Link: https://lore.kernel.org/r/20210409082955.2907950-1-weiyongjun1@huawei.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/spi/spi-dln2.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/spi/spi-dln2.c b/drivers/spi/spi-dln2.c
index b62a99caacc0..a41adea48618 100644
--- a/drivers/spi/spi-dln2.c
+++ b/drivers/spi/spi-dln2.c
@@ -783,7 +783,7 @@ exit_free_master:
static int dln2_spi_remove(struct platform_device *pdev)
{
- struct spi_master *master = spi_master_get(platform_get_drvdata(pdev));
+ struct spi_master *master = platform_get_drvdata(pdev);
struct dln2_spi *dln2 = spi_master_get_devdata(master);
pm_runtime_disable(&pdev->dev);
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 038/425] spi: omap-100k: Fix reference leak to master
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (36 preceding siblings ...)
2021-05-20 9:16 ` [PATCH 4.19 037/425] spi: dln2: Fix reference leak to master Greg Kroah-Hartman
@ 2021-05-20 9:16 ` Greg Kroah-Hartman
2021-05-20 9:16 ` [PATCH 4.19 039/425] intel_th: Consistency and off-by-one fix Greg Kroah-Hartman
` (393 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:16 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hulk Robot, Wei Yongjun, Mark Brown,
Sasha Levin
From: Wei Yongjun <weiyongjun1@huawei.com>
[ Upstream commit a23faea76d4cf5f75decb574491e66f9ecd707e7 ]
Call spi_master_get() holds the reference count to master device, thus
we need an additional spi_master_put() call to reduce the reference
count, otherwise we will leak a reference to master.
This commit fix it by removing the unnecessary spi_master_get().
Reported-by: Hulk Robot <hulkci@huawei.com>
Signed-off-by: Wei Yongjun <weiyongjun1@huawei.com>
Link: https://lore.kernel.org/r/20210409082954.2906933-1-weiyongjun1@huawei.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/spi/spi-omap-100k.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/drivers/spi/spi-omap-100k.c b/drivers/spi/spi-omap-100k.c
index 76a8425be227..1eccdc4a4581 100644
--- a/drivers/spi/spi-omap-100k.c
+++ b/drivers/spi/spi-omap-100k.c
@@ -435,7 +435,7 @@ err:
static int omap1_spi100k_remove(struct platform_device *pdev)
{
- struct spi_master *master = spi_master_get(platform_get_drvdata(pdev));
+ struct spi_master *master = platform_get_drvdata(pdev);
struct omap1_spi100k *spi100k = spi_master_get_devdata(master);
pm_runtime_disable(&pdev->dev);
@@ -449,7 +449,7 @@ static int omap1_spi100k_remove(struct platform_device *pdev)
#ifdef CONFIG_PM
static int omap1_spi100k_runtime_suspend(struct device *dev)
{
- struct spi_master *master = spi_master_get(dev_get_drvdata(dev));
+ struct spi_master *master = dev_get_drvdata(dev);
struct omap1_spi100k *spi100k = spi_master_get_devdata(master);
clk_disable_unprepare(spi100k->ick);
@@ -460,7 +460,7 @@ static int omap1_spi100k_runtime_suspend(struct device *dev)
static int omap1_spi100k_runtime_resume(struct device *dev)
{
- struct spi_master *master = spi_master_get(dev_get_drvdata(dev));
+ struct spi_master *master = dev_get_drvdata(dev);
struct omap1_spi100k *spi100k = spi_master_get_devdata(master);
int ret;
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 039/425] intel_th: Consistency and off-by-one fix
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (37 preceding siblings ...)
2021-05-20 9:16 ` [PATCH 4.19 038/425] spi: omap-100k: " Greg Kroah-Hartman
@ 2021-05-20 9:16 ` Greg Kroah-Hartman
2021-05-20 9:16 ` [PATCH 4.19 040/425] phy: phy-twl4030-usb: Fix possible use-after-free in twl4030_usb_remove() Greg Kroah-Hartman
` (392 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:16 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Pavel Machek, Alexander Shishkin,
Andy Shevchenko, Sasha Levin
From: Pavel Machek <pavel@ucw.cz>
[ Upstream commit 18ffbc47d45a1489b664dd68fb3a7610a6e1dea3 ]
Consistently use "< ... +1" in for loops.
Fix of-by-one in for_each_set_bit().
Signed-off-by: Pavel Machek <pavel@denx.de>
Signed-off-by: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Link: https://lore.kernel.org/lkml/20190724095841.GA6952@amd/
Reviewed-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Link: https://lore.kernel.org/r/20210414171251.14672-6-alexander.shishkin@linux.intel.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/hwtracing/intel_th/gth.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/hwtracing/intel_th/gth.c b/drivers/hwtracing/intel_th/gth.c
index edc52d75e6bd..5041fe7fee9e 100644
--- a/drivers/hwtracing/intel_th/gth.c
+++ b/drivers/hwtracing/intel_th/gth.c
@@ -477,7 +477,7 @@ static void intel_th_gth_disable(struct intel_th_device *thdev,
output->active = false;
for_each_set_bit(master, gth->output[output->port].master,
- TH_CONFIGURABLE_MASTERS) {
+ TH_CONFIGURABLE_MASTERS + 1) {
gth_master_set(gth, master, -1);
}
spin_unlock(>h->gth_lock);
@@ -616,7 +616,7 @@ static void intel_th_gth_unassign(struct intel_th_device *thdev,
othdev->output.port = -1;
othdev->output.active = false;
gth->output[port].output = NULL;
- for (master = 0; master <= TH_CONFIGURABLE_MASTERS; master++)
+ for (master = 0; master < TH_CONFIGURABLE_MASTERS + 1; master++)
if (gth->master[master] == port)
gth->master[master] = -1;
spin_unlock(>h->gth_lock);
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 040/425] phy: phy-twl4030-usb: Fix possible use-after-free in twl4030_usb_remove()
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (38 preceding siblings ...)
2021-05-20 9:16 ` [PATCH 4.19 039/425] intel_th: Consistency and off-by-one fix Greg Kroah-Hartman
@ 2021-05-20 9:16 ` Greg Kroah-Hartman
2021-05-20 9:16 ` [PATCH 4.19 041/425] btrfs: convert logic BUG_ON()s in replace_path to ASSERT()s Greg Kroah-Hartman
` (391 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:16 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hulk Robot, Yang Yingliang,
Vinod Koul, Sasha Levin
From: Yang Yingliang <yangyingliang@huawei.com>
[ Upstream commit e1723d8b87b73ab363256e7ca3af3ddb75855680 ]
This driver's remove path calls cancel_delayed_work(). However, that
function does not wait until the work function finishes. This means
that the callback function may still be running after the driver's
remove function has finished, which would result in a use-after-free.
Fix by calling cancel_delayed_work_sync(), which ensures that
the work is properly cancelled, no longer running, and unable
to re-schedule itself.
Reported-by: Hulk Robot <hulkci@huawei.com>
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
Link: https://lore.kernel.org/r/20210407092716.3270248-1-yangyingliang@huawei.com
Signed-off-by: Vinod Koul <vkoul@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/phy/ti/phy-twl4030-usb.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/phy/ti/phy-twl4030-usb.c b/drivers/phy/ti/phy-twl4030-usb.c
index c267afb68f07..ea7564392108 100644
--- a/drivers/phy/ti/phy-twl4030-usb.c
+++ b/drivers/phy/ti/phy-twl4030-usb.c
@@ -801,7 +801,7 @@ static int twl4030_usb_remove(struct platform_device *pdev)
usb_remove_phy(&twl->phy);
pm_runtime_get_sync(twl->dev);
- cancel_delayed_work(&twl->id_workaround_work);
+ cancel_delayed_work_sync(&twl->id_workaround_work);
device_remove_file(twl->dev, &dev_attr_vbus);
/* set transceiver mode to power on defaults */
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 041/425] btrfs: convert logic BUG_ON()s in replace_path to ASSERT()s
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (39 preceding siblings ...)
2021-05-20 9:16 ` [PATCH 4.19 040/425] phy: phy-twl4030-usb: Fix possible use-after-free in twl4030_usb_remove() Greg Kroah-Hartman
@ 2021-05-20 9:16 ` Greg Kroah-Hartman
2021-05-20 9:16 ` [PATCH 4.19 042/425] scsi: lpfc: Fix incorrect dbde assignment when building target abts wqe Greg Kroah-Hartman
` (390 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:16 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Qu Wenruo, Josef Bacik, David Sterba,
Sasha Levin
From: Josef Bacik <josef@toxicpanda.com>
[ Upstream commit 7a9213a93546e7eaef90e6e153af6b8fc7553f10 ]
A few BUG_ON()'s in replace_path are purely to keep us from making
logical mistakes, so replace them with ASSERT()'s.
Reviewed-by: Qu Wenruo <wqu@suse.com>
Signed-off-by: Josef Bacik <josef@toxicpanda.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/btrfs/relocation.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/fs/btrfs/relocation.c b/fs/btrfs/relocation.c
index e6e4e6fb2add..06c6a66a991f 100644
--- a/fs/btrfs/relocation.c
+++ b/fs/btrfs/relocation.c
@@ -1755,8 +1755,8 @@ int replace_path(struct btrfs_trans_handle *trans,
int ret;
int slot;
- BUG_ON(src->root_key.objectid != BTRFS_TREE_RELOC_OBJECTID);
- BUG_ON(dest->root_key.objectid == BTRFS_TREE_RELOC_OBJECTID);
+ ASSERT(src->root_key.objectid == BTRFS_TREE_RELOC_OBJECTID);
+ ASSERT(dest->root_key.objectid != BTRFS_TREE_RELOC_OBJECTID);
last_snapshot = btrfs_root_last_snapshot(&src->root_item);
again:
@@ -1790,7 +1790,7 @@ again:
struct btrfs_key first_key;
level = btrfs_header_level(parent);
- BUG_ON(level < lowest_level);
+ ASSERT(level >= lowest_level);
ret = btrfs_bin_search(parent, &key, level, &slot);
if (ret && slot > 0)
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 042/425] scsi: lpfc: Fix incorrect dbde assignment when building target abts wqe
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (40 preceding siblings ...)
2021-05-20 9:16 ` [PATCH 4.19 041/425] btrfs: convert logic BUG_ON()s in replace_path to ASSERT()s Greg Kroah-Hartman
@ 2021-05-20 9:16 ` Greg Kroah-Hartman
2021-05-20 9:16 ` [PATCH 4.19 043/425] scsi: lpfc: Fix pt2pt connection does not recover after LOGO Greg Kroah-Hartman
` (389 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:16 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dick Kennedy, James Smart,
Martin K. Petersen, Sasha Levin
From: James Smart <jsmart2021@gmail.com>
[ Upstream commit 9302154c07bff4e7f7f43c506a1ac84540303d06 ]
The wqe_dbde field indicates whether a Data BDE is present in Words 0:2 and
should therefore should be clear in the abts request wqe. By setting the
bit we can be misleading fw into error cases.
Clear the wqe_dbde field.
Link: https://lore.kernel.org/r/20210301171821.3427-2-jsmart2021@gmail.com
Co-developed-by: Dick Kennedy <dick.kennedy@broadcom.com>
Signed-off-by: Dick Kennedy <dick.kennedy@broadcom.com>
Signed-off-by: James Smart <jsmart2021@gmail.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/scsi/lpfc/lpfc_nvmet.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/drivers/scsi/lpfc/lpfc_nvmet.c b/drivers/scsi/lpfc/lpfc_nvmet.c
index 5bc33817568e..23ead17e60fe 100644
--- a/drivers/scsi/lpfc/lpfc_nvmet.c
+++ b/drivers/scsi/lpfc/lpfc_nvmet.c
@@ -2912,7 +2912,6 @@ lpfc_nvmet_unsol_issue_abort(struct lpfc_hba *phba,
bf_set(wqe_rcvoxid, &wqe_abts->xmit_sequence.wqe_com, xri);
/* Word 10 */
- bf_set(wqe_dbde, &wqe_abts->xmit_sequence.wqe_com, 1);
bf_set(wqe_iod, &wqe_abts->xmit_sequence.wqe_com, LPFC_WQE_IOD_WRITE);
bf_set(wqe_lenloc, &wqe_abts->xmit_sequence.wqe_com,
LPFC_WQE_LENLOC_WORD12);
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 043/425] scsi: lpfc: Fix pt2pt connection does not recover after LOGO
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (41 preceding siblings ...)
2021-05-20 9:16 ` [PATCH 4.19 042/425] scsi: lpfc: Fix incorrect dbde assignment when building target abts wqe Greg Kroah-Hartman
@ 2021-05-20 9:16 ` Greg Kroah-Hartman
2021-05-20 9:16 ` [PATCH 4.19 044/425] scsi: target: pscsi: Fix warning in pscsi_complete_cmd() Greg Kroah-Hartman
` (388 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:16 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dick Kennedy, James Smart,
Martin K. Petersen, Sasha Levin
From: James Smart <jsmart2021@gmail.com>
[ Upstream commit bd4f5100424d17d4e560d6653902ef8e49b2fc1f ]
On a pt2pt setup, between 2 initiators, if one side issues a a LOGO, there
is no relogin attempt. The FC specs are grey in this area on which port
(higher wwn or not) is to re-login.
As there is no spec guidance, unconditionally re-PLOGI after the logout to
ensure a login is re-established.
Link: https://lore.kernel.org/r/20210301171821.3427-8-jsmart2021@gmail.com
Co-developed-by: Dick Kennedy <dick.kennedy@broadcom.com>
Signed-off-by: Dick Kennedy <dick.kennedy@broadcom.com>
Signed-off-by: James Smart <jsmart2021@gmail.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/scsi/lpfc/lpfc_nportdisc.c | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/drivers/scsi/lpfc/lpfc_nportdisc.c b/drivers/scsi/lpfc/lpfc_nportdisc.c
index 3dfed191252c..518bdae24543 100644
--- a/drivers/scsi/lpfc/lpfc_nportdisc.c
+++ b/drivers/scsi/lpfc/lpfc_nportdisc.c
@@ -708,9 +708,14 @@ lpfc_rcv_logo(struct lpfc_vport *vport, struct lpfc_nodelist *ndlp,
}
} else if ((!(ndlp->nlp_type & NLP_FABRIC) &&
((ndlp->nlp_type & NLP_FCP_TARGET) ||
- !(ndlp->nlp_type & NLP_FCP_INITIATOR))) ||
+ (ndlp->nlp_type & NLP_NVME_TARGET) ||
+ (vport->fc_flag & FC_PT2PT))) ||
(ndlp->nlp_state == NLP_STE_ADISC_ISSUE)) {
- /* Only try to re-login if this is NOT a Fabric Node */
+ /* Only try to re-login if this is NOT a Fabric Node
+ * AND the remote NPORT is a FCP/NVME Target or we
+ * are in pt2pt mode. NLP_STE_ADISC_ISSUE is a special
+ * case for LOGO as a response to ADISC behavior.
+ */
mod_timer(&ndlp->nlp_delayfunc,
jiffies + msecs_to_jiffies(1000 * 1));
spin_lock_irq(shost->host_lock);
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 044/425] scsi: target: pscsi: Fix warning in pscsi_complete_cmd()
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (42 preceding siblings ...)
2021-05-20 9:16 ` [PATCH 4.19 043/425] scsi: lpfc: Fix pt2pt connection does not recover after LOGO Greg Kroah-Hartman
@ 2021-05-20 9:16 ` Greg Kroah-Hartman
2021-05-20 9:16 ` [PATCH 4.19 045/425] media: ite-cir: check for receive overflow Greg Kroah-Hartman
` (387 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:16 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Mike Christie, Johannes Thumshirn,
Chaitanya Kulkarni, Martin K. Petersen, Sasha Levin
From: Chaitanya Kulkarni <chaitanya.kulkarni@wdc.com>
[ Upstream commit fd48c056a32ed6e7754c7c475490f3bed54ed378 ]
This fixes a compilation warning in pscsi_complete_cmd():
drivers/target/target_core_pscsi.c: In function ‘pscsi_complete_cmd’:
drivers/target/target_core_pscsi.c:624:5: warning: suggest braces around empty body in an ‘if’ statement [-Wempty-body]
; /* XXX: TCM_LOGICAL_UNIT_COMMUNICATION_FAILURE */
Link: https://lore.kernel.org/r/20210228055645.22253-5-chaitanya.kulkarni@wdc.com
Reviewed-by: Mike Christie <michael.christie@oracle.com>
Reviewed-by: Johannes Thumshirn <johannes.thumshirn@wdc.com>
Signed-off-by: Chaitanya Kulkarni <chaitanya.kulkarni@wdc.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/target/target_core_pscsi.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/target/target_core_pscsi.c b/drivers/target/target_core_pscsi.c
index 02c4e3beb264..1b52cd4d793f 100644
--- a/drivers/target/target_core_pscsi.c
+++ b/drivers/target/target_core_pscsi.c
@@ -633,8 +633,9 @@ static void pscsi_complete_cmd(struct se_cmd *cmd, u8 scsi_status,
unsigned char *buf;
buf = transport_kmap_data_sg(cmd);
- if (!buf)
+ if (!buf) {
; /* XXX: TCM_LOGICAL_UNIT_COMMUNICATION_FAILURE */
+ }
if (cdb[0] == MODE_SENSE_10) {
if (!(buf[3] & 0x80))
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 045/425] media: ite-cir: check for receive overflow
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (43 preceding siblings ...)
2021-05-20 9:16 ` [PATCH 4.19 044/425] scsi: target: pscsi: Fix warning in pscsi_complete_cmd() Greg Kroah-Hartman
@ 2021-05-20 9:16 ` Greg Kroah-Hartman
2021-05-20 9:16 ` [PATCH 4.19 046/425] media: drivers: media: pci: sta2x11: fix Kconfig dependency on GPIOLIB Greg Kroah-Hartman
` (386 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:16 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Sean Young, Mauro Carvalho Chehab,
Sasha Levin
From: Sean Young <sean@mess.org>
[ Upstream commit 28c7afb07ccfc0a939bb06ac1e7afe669901c65a ]
It's best if this condition is reported.
Signed-off-by: Sean Young <sean@mess.org>
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/rc/ite-cir.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/drivers/media/rc/ite-cir.c b/drivers/media/rc/ite-cir.c
index de77d22c30a7..18f3718315a8 100644
--- a/drivers/media/rc/ite-cir.c
+++ b/drivers/media/rc/ite-cir.c
@@ -285,8 +285,14 @@ static irqreturn_t ite_cir_isr(int irq, void *data)
/* read the interrupt flags */
iflags = dev->params.get_irq_causes(dev);
+ /* Check for RX overflow */
+ if (iflags & ITE_IRQ_RX_FIFO_OVERRUN) {
+ dev_warn(&dev->rdev->dev, "receive overflow\n");
+ ir_raw_event_reset(dev->rdev);
+ }
+
/* check for the receive interrupt */
- if (iflags & (ITE_IRQ_RX_FIFO | ITE_IRQ_RX_FIFO_OVERRUN)) {
+ if (iflags & ITE_IRQ_RX_FIFO) {
/* read the FIFO bytes */
rx_bytes =
dev->params.get_rx_bytes(dev, rx_buf,
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 046/425] media: drivers: media: pci: sta2x11: fix Kconfig dependency on GPIOLIB
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (44 preceding siblings ...)
2021-05-20 9:16 ` [PATCH 4.19 045/425] media: ite-cir: check for receive overflow Greg Kroah-Hartman
@ 2021-05-20 9:16 ` Greg Kroah-Hartman
2021-05-20 9:16 ` [PATCH 4.19 047/425] power: supply: bq27xxx: fix power_avg for newer ICs Greg Kroah-Hartman
` (385 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:16 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Julian Braha, Hans Verkuil,
Mauro Carvalho Chehab, Sasha Levin
From: Julian Braha <julianbraha@gmail.com>
[ Upstream commit 24df8b74c8b2fb42c49ffe8585562da0c96446ff ]
When STA2X11_VIP is enabled, and GPIOLIB is disabled,
Kbuild gives the following warning:
WARNING: unmet direct dependencies detected for VIDEO_ADV7180
Depends on [n]: MEDIA_SUPPORT [=y] && GPIOLIB [=n] && VIDEO_V4L2 [=y] && I2C [=y]
Selected by [y]:
- STA2X11_VIP [=y] && MEDIA_SUPPORT [=y] && MEDIA_PCI_SUPPORT [=y] && MEDIA_CAMERA_SUPPORT [=y] && PCI [=y] && VIDEO_V4L2 [=y] && VIRT_TO_BUS [=y] && I2C [=y] && (STA2X11 [=n] || COMPILE_TEST [=y]) && MEDIA_SUBDRV_AUTOSELECT [=y]
This is because STA2X11_VIP selects VIDEO_ADV7180
without selecting or depending on GPIOLIB,
despite VIDEO_ADV7180 depending on GPIOLIB.
Signed-off-by: Julian Braha <julianbraha@gmail.com>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/pci/sta2x11/Kconfig | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/media/pci/sta2x11/Kconfig b/drivers/media/pci/sta2x11/Kconfig
index 4407b9f881e4..bd690613fe68 100644
--- a/drivers/media/pci/sta2x11/Kconfig
+++ b/drivers/media/pci/sta2x11/Kconfig
@@ -1,6 +1,7 @@
config STA2X11_VIP
tristate "STA2X11 VIP Video For Linux"
depends on STA2X11 || COMPILE_TEST
+ select GPIOLIB if MEDIA_SUBDRV_AUTOSELECT
select VIDEO_ADV7180 if MEDIA_SUBDRV_AUTOSELECT
select VIDEOBUF2_DMA_CONTIG
depends on PCI && VIDEO_V4L2 && VIRT_TO_BUS
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 047/425] power: supply: bq27xxx: fix power_avg for newer ICs
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (45 preceding siblings ...)
2021-05-20 9:16 ` [PATCH 4.19 046/425] media: drivers: media: pci: sta2x11: fix Kconfig dependency on GPIOLIB Greg Kroah-Hartman
@ 2021-05-20 9:16 ` Greg Kroah-Hartman
2021-05-20 9:16 ` [PATCH 4.19 048/425] extcon: arizona: Fix some issues when HPDET IRQ fires after the jack has been unplugged Greg Kroah-Hartman
` (384 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:16 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Matthias Schiffer, Sebastian Reichel,
Sasha Levin
From: Matthias Schiffer <matthias.schiffer@ew.tq-group.com>
[ Upstream commit c4d57c22ac65bd503716062a06fad55a01569cac ]
On all newer bq27xxx ICs, the AveragePower register contains a signed
value; in addition to handling the raw value as unsigned, the driver
code also didn't convert it to µW as expected.
At least for the BQ28Z610, the reference manual incorrectly states that
the value is in units of 1mW and not 10mW. I have no way of knowing
whether the manuals of other supported ICs contain the same error, or if
there are models that actually use 1mW. At least, the new code shouldn't
be *less* correct than the old version for any device.
power_avg is removed from the cache structure, se we don't have to
extend it to store both a signed value and an error code. Always getting
an up-to-date value may be desirable anyways, as it avoids inconsistent
current and power readings when switching between charging and
discharging.
Signed-off-by: Matthias Schiffer <matthias.schiffer@ew.tq-group.com>
Signed-off-by: Sebastian Reichel <sebastian.reichel@collabora.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/power/supply/bq27xxx_battery.c | 51 ++++++++++++++------------
include/linux/power/bq27xxx_battery.h | 1 -
2 files changed, 27 insertions(+), 25 deletions(-)
diff --git a/drivers/power/supply/bq27xxx_battery.c b/drivers/power/supply/bq27xxx_battery.c
index 93e3d9c747aa..b7dc88126866 100644
--- a/drivers/power/supply/bq27xxx_battery.c
+++ b/drivers/power/supply/bq27xxx_battery.c
@@ -1490,27 +1490,6 @@ static int bq27xxx_battery_read_time(struct bq27xxx_device_info *di, u8 reg)
return tval * 60;
}
-/*
- * Read an average power register.
- * Return < 0 if something fails.
- */
-static int bq27xxx_battery_read_pwr_avg(struct bq27xxx_device_info *di)
-{
- int tval;
-
- tval = bq27xxx_read(di, BQ27XXX_REG_AP, false);
- if (tval < 0) {
- dev_err(di->dev, "error reading average power register %02x: %d\n",
- BQ27XXX_REG_AP, tval);
- return tval;
- }
-
- if (di->opts & BQ27XXX_O_ZERO)
- return (tval * BQ27XXX_POWER_CONSTANT) / BQ27XXX_RS;
- else
- return tval;
-}
-
/*
* Returns true if a battery over temperature condition is detected
*/
@@ -1607,8 +1586,6 @@ void bq27xxx_battery_update(struct bq27xxx_device_info *di)
}
if (di->regs[BQ27XXX_REG_CYCT] != INVALID_REG_ADDR)
cache.cycle_count = bq27xxx_battery_read_cyct(di);
- if (di->regs[BQ27XXX_REG_AP] != INVALID_REG_ADDR)
- cache.power_avg = bq27xxx_battery_read_pwr_avg(di);
/* We only have to read charge design full once */
if (di->charge_design_full <= 0)
@@ -1670,6 +1647,32 @@ static int bq27xxx_battery_current(struct bq27xxx_device_info *di,
return 0;
}
+/*
+ * Get the average power in µW
+ * Return < 0 if something fails.
+ */
+static int bq27xxx_battery_pwr_avg(struct bq27xxx_device_info *di,
+ union power_supply_propval *val)
+{
+ int power;
+
+ power = bq27xxx_read(di, BQ27XXX_REG_AP, false);
+ if (power < 0) {
+ dev_err(di->dev,
+ "error reading average power register %02x: %d\n",
+ BQ27XXX_REG_AP, power);
+ return power;
+ }
+
+ if (di->opts & BQ27XXX_O_ZERO)
+ val->intval = (power * BQ27XXX_POWER_CONSTANT) / BQ27XXX_RS;
+ else
+ /* Other gauges return a signed value in units of 10mW */
+ val->intval = (int)((s16)power) * 10000;
+
+ return 0;
+}
+
static int bq27xxx_battery_status(struct bq27xxx_device_info *di,
union power_supply_propval *val)
{
@@ -1837,7 +1840,7 @@ static int bq27xxx_battery_get_property(struct power_supply *psy,
ret = bq27xxx_simple_value(di->cache.energy, val);
break;
case POWER_SUPPLY_PROP_POWER_AVG:
- ret = bq27xxx_simple_value(di->cache.power_avg, val);
+ ret = bq27xxx_battery_pwr_avg(di, val);
break;
case POWER_SUPPLY_PROP_HEALTH:
ret = bq27xxx_simple_value(di->cache.health, val);
diff --git a/include/linux/power/bq27xxx_battery.h b/include/linux/power/bq27xxx_battery.h
index d6355f49fbae..13d5dd4eb40b 100644
--- a/include/linux/power/bq27xxx_battery.h
+++ b/include/linux/power/bq27xxx_battery.h
@@ -49,7 +49,6 @@ struct bq27xxx_reg_cache {
int capacity;
int energy;
int flags;
- int power_avg;
int health;
};
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 048/425] extcon: arizona: Fix some issues when HPDET IRQ fires after the jack has been unplugged
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (46 preceding siblings ...)
2021-05-20 9:16 ` [PATCH 4.19 047/425] power: supply: bq27xxx: fix power_avg for newer ICs Greg Kroah-Hartman
@ 2021-05-20 9:16 ` Greg Kroah-Hartman
2021-05-20 9:16 ` [PATCH 4.19 049/425] media: media/saa7164: fix saa7164_encoder_register() memory leak bugs Greg Kroah-Hartman
` (383 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:16 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hans de Goede, Andy Shevchenko,
Charles Keepax, Chanwoo Choi, Lee Jones, Sasha Levin
From: Hans de Goede <hdegoede@redhat.com>
[ Upstream commit c309a3e8793f7e01c4a4ec7960658380572cb576 ]
When the jack is partially inserted and then removed again it may be
removed while the hpdet code is running. In this case the following
may happen:
1. The "JACKDET rise" or ""JACKDET fall" IRQ triggers
2. arizona_jackdet runs and takes info->lock
3. The "HPDET" IRQ triggers
4. arizona_hpdet_irq runs, blocks on info->lock
5. arizona_jackdet calls arizona_stop_mic() and clears info->hpdet_done
6. arizona_jackdet releases info->lock
7. arizona_hpdet_irq now can continue running and:
7.1 Calls arizona_start_mic() (if a mic was detected)
7.2 sets info->hpdet_done
Step 7 is undesirable / a bug:
7.1 causes the device to stay in a high power-state (with MICVDD enabled)
7.2 causes hpdet to not run on the next jack insertion, which in turn
causes the EXTCON_JACK_HEADPHONE state to never get set
This fixes both issues by skipping these 2 steps when arizona_hpdet_irq
runs after the jack has been unplugged.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Reviewed-by: Andy Shevchenko <andy.shevchenko@gmail.com>
Acked-by: Charles Keepax <ckeepax@opensource.cirrus.com>
Tested-by: Charles Keepax <ckeepax@opensource.cirrus.com>
Acked-by: Chanwoo Choi <cw00.choi@samsung.com>
Signed-off-by: Lee Jones <lee.jones@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/extcon/extcon-arizona.c | 17 +++++++++--------
1 file changed, 9 insertions(+), 8 deletions(-)
diff --git a/drivers/extcon/extcon-arizona.c b/drivers/extcon/extcon-arizona.c
index 9327479c719c..c857120c00d9 100644
--- a/drivers/extcon/extcon-arizona.c
+++ b/drivers/extcon/extcon-arizona.c
@@ -602,7 +602,7 @@ static irqreturn_t arizona_hpdet_irq(int irq, void *data)
struct arizona *arizona = info->arizona;
int id_gpio = arizona->pdata.hpdet_id_gpio;
unsigned int report = EXTCON_JACK_HEADPHONE;
- int ret, reading;
+ int ret, reading, state;
bool mic = false;
mutex_lock(&info->lock);
@@ -615,12 +615,11 @@ static irqreturn_t arizona_hpdet_irq(int irq, void *data)
}
/* If the cable was removed while measuring ignore the result */
- ret = extcon_get_state(info->edev, EXTCON_MECHANICAL);
- if (ret < 0) {
- dev_err(arizona->dev, "Failed to check cable state: %d\n",
- ret);
+ state = extcon_get_state(info->edev, EXTCON_MECHANICAL);
+ if (state < 0) {
+ dev_err(arizona->dev, "Failed to check cable state: %d\n", state);
goto out;
- } else if (!ret) {
+ } else if (!state) {
dev_dbg(arizona->dev, "Ignoring HPDET for removed cable\n");
goto done;
}
@@ -673,7 +672,7 @@ done:
ARIZONA_ACCDET_MODE_MASK, ARIZONA_ACCDET_MODE_MIC);
/* If we have a mic then reenable MICDET */
- if (mic || info->mic)
+ if (state && (mic || info->mic))
arizona_start_mic(info);
if (info->hpdet_active) {
@@ -681,7 +680,9 @@ done:
info->hpdet_active = false;
}
- info->hpdet_done = true;
+ /* Do not set hp_det done when the cable has been unplugged */
+ if (state)
+ info->hpdet_done = true;
out:
mutex_unlock(&info->lock);
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 049/425] media: media/saa7164: fix saa7164_encoder_register() memory leak bugs
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (47 preceding siblings ...)
2021-05-20 9:16 ` [PATCH 4.19 048/425] extcon: arizona: Fix some issues when HPDET IRQ fires after the jack has been unplugged Greg Kroah-Hartman
@ 2021-05-20 9:16 ` Greg Kroah-Hartman
2021-05-20 9:16 ` [PATCH 4.19 050/425] media: gspca/sq905.c: fix uninitialized variable Greg Kroah-Hartman
` (382 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:16 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Daniel Niv, Hans Verkuil,
Mauro Carvalho Chehab, Sasha Levin
From: Daniel Niv <danielniv3@gmail.com>
[ Upstream commit c759b2970c561e3b56aa030deb13db104262adfe ]
Add a fix for the memory leak bugs that can occur when the
saa7164_encoder_register() function fails.
The function allocates memory without explicitly freeing
it when errors occur.
Add a better error handling that deallocate the unused buffers before the
function exits during a fail.
Signed-off-by: Daniel Niv <danielniv3@gmail.com>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/pci/saa7164/saa7164-encoder.c | 20 +++++++++++---------
1 file changed, 11 insertions(+), 9 deletions(-)
diff --git a/drivers/media/pci/saa7164/saa7164-encoder.c b/drivers/media/pci/saa7164/saa7164-encoder.c
index 32136ebe4f61..962f8eb73b05 100644
--- a/drivers/media/pci/saa7164/saa7164-encoder.c
+++ b/drivers/media/pci/saa7164/saa7164-encoder.c
@@ -1024,7 +1024,7 @@ int saa7164_encoder_register(struct saa7164_port *port)
printk(KERN_ERR "%s() failed (errno = %d), NO PCI configuration\n",
__func__, result);
result = -ENOMEM;
- goto failed;
+ goto fail_pci;
}
/* Establish encoder defaults here */
@@ -1078,7 +1078,7 @@ int saa7164_encoder_register(struct saa7164_port *port)
100000, ENCODER_DEF_BITRATE);
if (hdl->error) {
result = hdl->error;
- goto failed;
+ goto fail_hdl;
}
port->std = V4L2_STD_NTSC_M;
@@ -1096,7 +1096,7 @@ int saa7164_encoder_register(struct saa7164_port *port)
printk(KERN_INFO "%s: can't allocate mpeg device\n",
dev->name);
result = -ENOMEM;
- goto failed;
+ goto fail_hdl;
}
port->v4l_device->ctrl_handler = hdl;
@@ -1107,10 +1107,7 @@ int saa7164_encoder_register(struct saa7164_port *port)
if (result < 0) {
printk(KERN_INFO "%s: can't register mpeg device\n",
dev->name);
- /* TODO: We're going to leak here if we don't dealloc
- The buffers above. The unreg function can't deal wit it.
- */
- goto failed;
+ goto fail_reg;
}
printk(KERN_INFO "%s: registered device video%d [mpeg]\n",
@@ -1132,9 +1129,14 @@ int saa7164_encoder_register(struct saa7164_port *port)
saa7164_api_set_encoder(port);
saa7164_api_get_encoder(port);
+ return 0;
- result = 0;
-failed:
+fail_reg:
+ video_device_release(port->v4l_device);
+ port->v4l_device = NULL;
+fail_hdl:
+ v4l2_ctrl_handler_free(hdl);
+fail_pci:
return result;
}
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 050/425] media: gspca/sq905.c: fix uninitialized variable
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (48 preceding siblings ...)
2021-05-20 9:16 ` [PATCH 4.19 049/425] media: media/saa7164: fix saa7164_encoder_register() memory leak bugs Greg Kroah-Hartman
@ 2021-05-20 9:16 ` Greg Kroah-Hartman
2021-05-20 9:17 ` [PATCH 4.19 051/425] power: supply: Use IRQF_ONESHOT Greg Kroah-Hartman
` (381 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:16 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hans Verkuil,
syzbot+a4e309017a5f3a24c7b3, Mauro Carvalho Chehab, Sasha Levin
From: Hans Verkuil <hverkuil-cisco@xs4all.nl>
[ Upstream commit eaaea4681984c79d2b2b160387b297477f0c1aab ]
act_len can be uninitialized if usb_bulk_msg() returns an error.
Set it to 0 to avoid a KMSAN error.
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Reported-by: syzbot+a4e309017a5f3a24c7b3@syzkaller.appspotmail.com
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/usb/gspca/sq905.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/media/usb/gspca/sq905.c b/drivers/media/usb/gspca/sq905.c
index ffea9c35b0a0..13676af42cfc 100644
--- a/drivers/media/usb/gspca/sq905.c
+++ b/drivers/media/usb/gspca/sq905.c
@@ -167,7 +167,7 @@ static int
sq905_read_data(struct gspca_dev *gspca_dev, u8 *data, int size, int need_lock)
{
int ret;
- int act_len;
+ int act_len = 0;
gspca_dev->usb_buf[0] = '\0';
if (need_lock)
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 051/425] power: supply: Use IRQF_ONESHOT
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (49 preceding siblings ...)
2021-05-20 9:16 ` [PATCH 4.19 050/425] media: gspca/sq905.c: fix uninitialized variable Greg Kroah-Hartman
@ 2021-05-20 9:17 ` Greg Kroah-Hartman
2021-05-20 9:17 ` [PATCH 4.19 052/425] drm/amdgpu : Fix asic reset regression issue introduce by 8f211fe8ac7c4f Greg Kroah-Hartman
` (380 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:17 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, dongjian, Sebastian Reichel, Sasha Levin
From: dongjian <dongjian@yulong.com>
[ Upstream commit 2469b836fa835c67648acad17d62bc805236a6ea ]
Fixes coccicheck error:
drivers/power/supply/pm2301_charger.c:1089:7-27: ERROR:
drivers/power/supply/lp8788-charger.c:502:8-28: ERROR:
drivers/power/supply/tps65217_charger.c:239:8-33: ERROR:
drivers/power/supply/tps65090-charger.c:303:8-33: ERROR:
Threaded IRQ with no primary handler requested without IRQF_ONESHOT
Signed-off-by: dongjian <dongjian@yulong.com>
Signed-off-by: Sebastian Reichel <sebastian.reichel@collabora.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/power/supply/lp8788-charger.c | 2 +-
drivers/power/supply/pm2301_charger.c | 2 +-
drivers/power/supply/tps65090-charger.c | 2 +-
drivers/power/supply/tps65217_charger.c | 2 +-
4 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/drivers/power/supply/lp8788-charger.c b/drivers/power/supply/lp8788-charger.c
index b8f7dac7ac3f..6dcabbeccde1 100644
--- a/drivers/power/supply/lp8788-charger.c
+++ b/drivers/power/supply/lp8788-charger.c
@@ -529,7 +529,7 @@ static int lp8788_set_irqs(struct platform_device *pdev,
ret = request_threaded_irq(virq, NULL,
lp8788_charger_irq_thread,
- 0, name, pchg);
+ IRQF_ONESHOT, name, pchg);
if (ret)
break;
}
diff --git a/drivers/power/supply/pm2301_charger.c b/drivers/power/supply/pm2301_charger.c
index 78561b6884fc..9ef218d76aa9 100644
--- a/drivers/power/supply/pm2301_charger.c
+++ b/drivers/power/supply/pm2301_charger.c
@@ -1098,7 +1098,7 @@ static int pm2xxx_wall_charger_probe(struct i2c_client *i2c_client,
ret = request_threaded_irq(gpio_to_irq(pm2->pdata->gpio_irq_number),
NULL,
pm2xxx_charger_irq[0].isr,
- pm2->pdata->irq_type,
+ pm2->pdata->irq_type | IRQF_ONESHOT,
pm2xxx_charger_irq[0].name, pm2);
if (ret != 0) {
diff --git a/drivers/power/supply/tps65090-charger.c b/drivers/power/supply/tps65090-charger.c
index 1b4b5e09538e..297bf58f0d4f 100644
--- a/drivers/power/supply/tps65090-charger.c
+++ b/drivers/power/supply/tps65090-charger.c
@@ -311,7 +311,7 @@ static int tps65090_charger_probe(struct platform_device *pdev)
if (irq != -ENXIO) {
ret = devm_request_threaded_irq(&pdev->dev, irq, NULL,
- tps65090_charger_isr, 0, "tps65090-charger", cdata);
+ tps65090_charger_isr, IRQF_ONESHOT, "tps65090-charger", cdata);
if (ret) {
dev_err(cdata->dev,
"Unable to register irq %d err %d\n", irq,
diff --git a/drivers/power/supply/tps65217_charger.c b/drivers/power/supply/tps65217_charger.c
index 814c2b81fdfe..ba33d1617e0b 100644
--- a/drivers/power/supply/tps65217_charger.c
+++ b/drivers/power/supply/tps65217_charger.c
@@ -238,7 +238,7 @@ static int tps65217_charger_probe(struct platform_device *pdev)
for (i = 0; i < NUM_CHARGER_IRQS; i++) {
ret = devm_request_threaded_irq(&pdev->dev, irq[i], NULL,
tps65217_charger_irq,
- 0, "tps65217-charger",
+ IRQF_ONESHOT, "tps65217-charger",
charger);
if (ret) {
dev_err(charger->dev,
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 052/425] drm/amdgpu : Fix asic reset regression issue introduce by 8f211fe8ac7c4f
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (50 preceding siblings ...)
2021-05-20 9:17 ` [PATCH 4.19 051/425] power: supply: Use IRQF_ONESHOT Greg Kroah-Hartman
@ 2021-05-20 9:17 ` Greg Kroah-Hartman
2021-05-20 9:17 ` [PATCH 4.19 053/425] scsi: qla2xxx: Always check the return value of qla24xx_get_isp_stats() Greg Kroah-Hartman
` (379 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:17 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, shaoyunl, Hawking Zhang,
Alex Deucher, Sasha Levin
From: shaoyunl <shaoyun.liu@amd.com>
[ Upstream commit c8941550aa66b2a90f4b32c45d59e8571e33336e ]
This recent change introduce SDMA interrupt info printing with irq->process function.
These functions do not require a set function to enable/disable the irq
Signed-off-by: shaoyunl <shaoyun.liu@amd.com>
Reviewed-by: Hawking Zhang <Hawking.Zhang@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/amd/amdgpu/amdgpu_irq.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_irq.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_irq.c
index 1abf5b5bac9e..18402a6ba8fe 100644
--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_irq.c
+++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_irq.c
@@ -447,7 +447,7 @@ void amdgpu_irq_gpu_reset_resume_helper(struct amdgpu_device *adev)
for (j = 0; j < AMDGPU_MAX_IRQ_SRC_ID; ++j) {
struct amdgpu_irq_src *src = adev->irq.client[i].sources[j];
- if (!src)
+ if (!src || !src->funcs || !src->funcs->set)
continue;
for (k = 0; k < src->num_types; k++)
amdgpu_irq_update(adev, src, k);
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 053/425] scsi: qla2xxx: Always check the return value of qla24xx_get_isp_stats()
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (51 preceding siblings ...)
2021-05-20 9:17 ` [PATCH 4.19 052/425] drm/amdgpu : Fix asic reset regression issue introduce by 8f211fe8ac7c4f Greg Kroah-Hartman
@ 2021-05-20 9:17 ` Greg Kroah-Hartman
2021-05-20 9:17 ` [PATCH 4.19 054/425] scsi: qla2xxx: Fix use after free in bsg Greg Kroah-Hartman
` (378 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:17 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Quinn Tran, Mike Christie,
Himanshu Madhani, Daniel Wagner, Lee Duncan, Bart Van Assche,
Martin K. Petersen, Sasha Levin
From: Bart Van Assche <bvanassche@acm.org>
[ Upstream commit a2b2cc660822cae08c351c7f6b452bfd1330a4f7 ]
This patch fixes the following Coverity warning:
CID 361199 (#1 of 1): Unchecked return value (CHECKED_RETURN)
3. check_return: Calling qla24xx_get_isp_stats without checking return
value (as is done elsewhere 4 out of 5 times).
Link: https://lore.kernel.org/r/20210320232359.941-7-bvanassche@acm.org
Cc: Quinn Tran <qutran@marvell.com>
Cc: Mike Christie <michael.christie@oracle.com>
Cc: Himanshu Madhani <himanshu.madhani@oracle.com>
Cc: Daniel Wagner <dwagner@suse.de>
Cc: Lee Duncan <lduncan@suse.com>
Reviewed-by: Daniel Wagner <dwagner@suse.de>
Reviewed-by: Himanshu Madhani <himanshu.madhani@oracle.com>
Signed-off-by: Bart Van Assche <bvanassche@acm.org>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/scsi/qla2xxx/qla_attr.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/drivers/scsi/qla2xxx/qla_attr.c b/drivers/scsi/qla2xxx/qla_attr.c
index 0ab9d2fd4a14..d46a10d24ed4 100644
--- a/drivers/scsi/qla2xxx/qla_attr.c
+++ b/drivers/scsi/qla2xxx/qla_attr.c
@@ -1934,6 +1934,8 @@ qla2x00_reset_host_stats(struct Scsi_Host *shost)
vha->qla_stats.jiffies_at_last_reset = get_jiffies_64();
if (IS_FWI2_CAPABLE(ha)) {
+ int rval;
+
stats = dma_alloc_coherent(&ha->pdev->dev,
sizeof(*stats), &stats_dma, GFP_KERNEL);
if (!stats) {
@@ -1943,7 +1945,11 @@ qla2x00_reset_host_stats(struct Scsi_Host *shost)
}
/* reset firmware statistics */
- qla24xx_get_isp_stats(base_vha, stats, stats_dma, BIT_0);
+ rval = qla24xx_get_isp_stats(base_vha, stats, stats_dma, BIT_0);
+ if (rval != QLA_SUCCESS)
+ ql_log(ql_log_warn, vha, 0x70de,
+ "Resetting ISP statistics failed: rval = %d\n",
+ rval);
dma_free_coherent(&ha->pdev->dev, sizeof(*stats),
stats, stats_dma);
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 054/425] scsi: qla2xxx: Fix use after free in bsg
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (52 preceding siblings ...)
2021-05-20 9:17 ` [PATCH 4.19 053/425] scsi: qla2xxx: Always check the return value of qla24xx_get_isp_stats() Greg Kroah-Hartman
@ 2021-05-20 9:17 ` Greg Kroah-Hartman
2021-05-20 9:17 ` [PATCH 4.19 055/425] scsi: scsi_dh_alua: Remove check for ASC 24h in alua_rtpg() Greg Kroah-Hartman
` (377 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:17 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Himanshu Madhani, Quinn Tran,
Saurav Kashyap, Nilesh Javali, Martin K. Petersen, Sasha Levin
From: Quinn Tran <qutran@marvell.com>
[ Upstream commit 2ce35c0821afc2acd5ee1c3f60d149f8b2520ce8 ]
On bsg command completion, bsg_job_done() was called while qla driver
continued to access the bsg_job buffer. bsg_job_done() would free up
resources that ended up being reused by other task while the driver
continued to access the buffers. As a result, driver was reading garbage
data.
localhost kernel: BUG: KASAN: use-after-free in sg_next+0x64/0x80
localhost kernel: Read of size 8 at addr ffff8883228a3330 by task swapper/26/0
localhost kernel:
localhost kernel: CPU: 26 PID: 0 Comm: swapper/26 Kdump:
loaded Tainted: G OE --------- - - 4.18.0-193.el8.x86_64+debug #1
localhost kernel: Hardware name: HP ProLiant DL360
Gen9/ProLiant DL360 Gen9, BIOS P89 08/12/2016
localhost kernel: Call Trace:
localhost kernel: <IRQ>
localhost kernel: dump_stack+0x9a/0xf0
localhost kernel: print_address_description.cold.3+0x9/0x23b
localhost kernel: kasan_report.cold.4+0x65/0x95
localhost kernel: debug_dma_unmap_sg.part.12+0x10d/0x2d0
localhost kernel: qla2x00_bsg_sp_free+0xaf6/0x1010 [qla2xxx]
Link: https://lore.kernel.org/r/20210329085229.4367-6-njavali@marvell.com
Reviewed-by: Himanshu Madhani <himanshu.madhani@oracle.com>
Signed-off-by: Quinn Tran <qutran@marvell.com>
Signed-off-by: Saurav Kashyap <skashyap@marvell.com>
Signed-off-by: Nilesh Javali <njavali@marvell.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/scsi/qla2xxx/qla_bsg.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/scsi/qla2xxx/qla_bsg.c b/drivers/scsi/qla2xxx/qla_bsg.c
index 47f062e96e62..eae166572964 100644
--- a/drivers/scsi/qla2xxx/qla_bsg.c
+++ b/drivers/scsi/qla2xxx/qla_bsg.c
@@ -19,10 +19,11 @@ qla2x00_bsg_job_done(void *ptr, int res)
struct bsg_job *bsg_job = sp->u.bsg_job;
struct fc_bsg_reply *bsg_reply = bsg_job->reply;
+ sp->free(sp);
+
bsg_reply->result = res;
bsg_job_done(bsg_job, bsg_reply->result,
bsg_reply->reply_payload_rcv_len);
- sp->free(sp);
}
void
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 055/425] scsi: scsi_dh_alua: Remove check for ASC 24h in alua_rtpg()
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (53 preceding siblings ...)
2021-05-20 9:17 ` [PATCH 4.19 054/425] scsi: qla2xxx: Fix use after free in bsg Greg Kroah-Hartman
@ 2021-05-20 9:17 ` Greg Kroah-Hartman
2021-05-20 9:17 ` [PATCH 4.19 056/425] media: em28xx: fix memory leak Greg Kroah-Hartman
` (376 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:17 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hannes Reinecke, Ewan D. Milne,
Martin K. Petersen, Sasha Levin
From: Ewan D. Milne <emilne@redhat.com>
[ Upstream commit bc3f2b42b70eb1b8576e753e7d0e117bbb674496 ]
Some arrays return ILLEGAL_REQUEST with ASC 00h if they don't support the
RTPG extended header so remove the check for INVALID FIELD IN CDB.
Link: https://lore.kernel.org/r/20210331201154.20348-1-emilne@redhat.com
Reviewed-by: Hannes Reinecke <hare@suse.de>
Signed-off-by: Ewan D. Milne <emilne@redhat.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/scsi/device_handler/scsi_dh_alua.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/drivers/scsi/device_handler/scsi_dh_alua.c b/drivers/scsi/device_handler/scsi_dh_alua.c
index 60c48dc5d945..efd2b4312528 100644
--- a/drivers/scsi/device_handler/scsi_dh_alua.c
+++ b/drivers/scsi/device_handler/scsi_dh_alua.c
@@ -579,10 +579,11 @@ static int alua_rtpg(struct scsi_device *sdev, struct alua_port_group *pg)
* even though it shouldn't according to T10.
* The retry without rtpg_ext_hdr_req set
* handles this.
+ * Note: some arrays return a sense key of ILLEGAL_REQUEST
+ * with ASC 00h if they don't support the extended header.
*/
if (!(pg->flags & ALUA_RTPG_EXT_HDR_UNSUPP) &&
- sense_hdr.sense_key == ILLEGAL_REQUEST &&
- sense_hdr.asc == 0x24 && sense_hdr.ascq == 0) {
+ sense_hdr.sense_key == ILLEGAL_REQUEST) {
pg->flags |= ALUA_RTPG_EXT_HDR_UNSUPP;
goto retry;
}
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 056/425] media: em28xx: fix memory leak
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (54 preceding siblings ...)
2021-05-20 9:17 ` [PATCH 4.19 055/425] scsi: scsi_dh_alua: Remove check for ASC 24h in alua_rtpg() Greg Kroah-Hartman
@ 2021-05-20 9:17 ` Greg Kroah-Hartman
2021-05-20 9:17 ` [PATCH 4.19 057/425] media: vivid: update EDID Greg Kroah-Hartman
` (375 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:17 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, syzbot+889397c820fa56adf25d,
Muhammad Usama Anjum, Hans Verkuil, Mauro Carvalho Chehab,
Sasha Levin
From: Muhammad Usama Anjum <musamaanjum@gmail.com>
[ Upstream commit 0ae10a7dc8992ee682ff0b1752ff7c83d472eef1 ]
If some error occurs, URB buffers should also be freed. If they aren't
freed with the dvb here, the em28xx_dvb_fini call doesn't frees the URB
buffers as dvb is set to NULL. The function in which error occurs should
do all the cleanup for the allocations it had done.
Tested the patch with the reproducer provided by syzbot. This patch
fixes the memleak.
Reported-by: syzbot+889397c820fa56adf25d@syzkaller.appspotmail.com
Signed-off-by: Muhammad Usama Anjum <musamaanjum@gmail.com>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/usb/em28xx/em28xx-dvb.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/media/usb/em28xx/em28xx-dvb.c b/drivers/media/usb/em28xx/em28xx-dvb.c
index a73faf12f7e4..e1946237ac8c 100644
--- a/drivers/media/usb/em28xx/em28xx-dvb.c
+++ b/drivers/media/usb/em28xx/em28xx-dvb.c
@@ -1924,6 +1924,7 @@ ret:
return result;
out_free:
+ em28xx_uninit_usb_xfer(dev, EM28XX_DIGITAL_MODE);
kfree(dvb);
dev->dvb = NULL;
goto ret;
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 057/425] media: vivid: update EDID
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (55 preceding siblings ...)
2021-05-20 9:17 ` [PATCH 4.19 056/425] media: em28xx: fix memory leak Greg Kroah-Hartman
@ 2021-05-20 9:17 ` Greg Kroah-Hartman
2021-05-20 9:17 ` [PATCH 4.19 058/425] clk: socfpga: arria10: Fix memory leak of socfpga_clk on error return Greg Kroah-Hartman
` (374 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:17 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hans Verkuil, Mauro Carvalho Chehab,
Sasha Levin
From: Hans Verkuil <hverkuil-cisco@xs4all.nl>
[ Upstream commit 443ec4bbc6116f6f492a7a1282bfd8422c862158 ]
The EDID had a few mistakes as reported by edid-decode:
Block 1, CTA-861 Extension Block:
Video Data Block: For improved preferred timing interoperability, set 'Native detailed modes' to 1.
Video Capability Data Block: S_PT is equal to S_IT and S_CE, so should be set to 0 instead.
Fixed those.
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/platform/vivid/vivid-core.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/drivers/media/platform/vivid/vivid-core.c b/drivers/media/platform/vivid/vivid-core.c
index 31db363602e5..b603ca412387 100644
--- a/drivers/media/platform/vivid/vivid-core.c
+++ b/drivers/media/platform/vivid/vivid-core.c
@@ -174,13 +174,13 @@ static const u8 vivid_hdmi_edid[256] = {
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x7b,
- 0x02, 0x03, 0x3f, 0xf0, 0x51, 0x61, 0x60, 0x5f,
+ 0x02, 0x03, 0x3f, 0xf1, 0x51, 0x61, 0x60, 0x5f,
0x5e, 0x5d, 0x10, 0x1f, 0x04, 0x13, 0x22, 0x21,
0x20, 0x05, 0x14, 0x02, 0x11, 0x01, 0x23, 0x09,
0x07, 0x07, 0x83, 0x01, 0x00, 0x00, 0x6d, 0x03,
0x0c, 0x00, 0x10, 0x00, 0x00, 0x3c, 0x21, 0x00,
0x60, 0x01, 0x02, 0x03, 0x67, 0xd8, 0x5d, 0xc4,
- 0x01, 0x78, 0x00, 0x00, 0xe2, 0x00, 0xea, 0xe3,
+ 0x01, 0x78, 0x00, 0x00, 0xe2, 0x00, 0xca, 0xe3,
0x05, 0x00, 0x00, 0xe3, 0x06, 0x01, 0x00, 0x4d,
0xd0, 0x00, 0xa0, 0xf0, 0x70, 0x3e, 0x80, 0x30,
0x20, 0x35, 0x00, 0xc0, 0x1c, 0x32, 0x00, 0x00,
@@ -189,7 +189,7 @@ static const u8 vivid_hdmi_edid[256] = {
0x00, 0x00, 0x1a, 0x1a, 0x1d, 0x00, 0x80, 0x51,
0xd0, 0x1c, 0x20, 0x40, 0x80, 0x35, 0x00, 0xc0,
0x1c, 0x32, 0x00, 0x00, 0x1c, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x63,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x82,
};
static int vidioc_querycap(struct file *file, void *priv,
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 058/425] clk: socfpga: arria10: Fix memory leak of socfpga_clk on error return
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (56 preceding siblings ...)
2021-05-20 9:17 ` [PATCH 4.19 057/425] media: vivid: update EDID Greg Kroah-Hartman
@ 2021-05-20 9:17 ` Greg Kroah-Hartman
2021-05-20 9:17 ` [PATCH 4.19 059/425] power: supply: generic-adc-battery: fix possible use-after-free in gab_remove() Greg Kroah-Hartman
` (373 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:17 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Colin Ian King, Dinh Nguyen,
Krzysztof Kozlowski, Stephen Boyd, Sasha Levin
From: Colin Ian King <colin.king@canonical.com>
[ Upstream commit 657d4d1934f75a2d978c3cf2086495eaa542e7a9 ]
There is an error return path that is not kfree'ing socfpga_clk leading
to a memory leak. Fix this by adding in the missing kfree call.
Addresses-Coverity: ("Resource leak")
Signed-off-by: Colin Ian King <colin.king@canonical.com>
Link: https://lore.kernel.org/r/20210406170115.430990-1-colin.king@canonical.com
Acked-by: Dinh Nguyen <dinguyen@kernel.org>
Reviewed-by: Krzysztof Kozlowski <krzysztof.kozlowski@canonical.com>
Signed-off-by: Stephen Boyd <sboyd@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/clk/socfpga/clk-gate-a10.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/clk/socfpga/clk-gate-a10.c b/drivers/clk/socfpga/clk-gate-a10.c
index 36376c542055..637e26babf89 100644
--- a/drivers/clk/socfpga/clk-gate-a10.c
+++ b/drivers/clk/socfpga/clk-gate-a10.c
@@ -157,6 +157,7 @@ static void __init __socfpga_gate_init(struct device_node *node,
if (IS_ERR(socfpga_clk->sys_mgr_base_addr)) {
pr_err("%s: failed to find altr,sys-mgr regmap!\n",
__func__);
+ kfree(socfpga_clk);
return;
}
}
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 059/425] power: supply: generic-adc-battery: fix possible use-after-free in gab_remove()
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (57 preceding siblings ...)
2021-05-20 9:17 ` [PATCH 4.19 058/425] clk: socfpga: arria10: Fix memory leak of socfpga_clk on error return Greg Kroah-Hartman
@ 2021-05-20 9:17 ` Greg Kroah-Hartman
2021-05-20 9:17 ` [PATCH 4.19 060/425] power: supply: s3c_adc_battery: fix possible use-after-free in s3c_adc_bat_remove() Greg Kroah-Hartman
` (372 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:17 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hulk Robot, Yang Yingliang,
Sebastian Reichel, Sasha Levin
From: Yang Yingliang <yangyingliang@huawei.com>
[ Upstream commit b6cfa007b3b229771d9588970adb4ab3e0487f49 ]
This driver's remove path calls cancel_delayed_work(). However, that
function does not wait until the work function finishes. This means
that the callback function may still be running after the driver's
remove function has finished, which would result in a use-after-free.
Fix by calling cancel_delayed_work_sync(), which ensures that
the work is properly cancelled, no longer running, and unable
to re-schedule itself.
Reported-by: Hulk Robot <hulkci@huawei.com>
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
Signed-off-by: Sebastian Reichel <sebastian.reichel@collabora.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/power/supply/generic-adc-battery.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/power/supply/generic-adc-battery.c b/drivers/power/supply/generic-adc-battery.c
index bc462d1ec963..97b0e873e87d 100644
--- a/drivers/power/supply/generic-adc-battery.c
+++ b/drivers/power/supply/generic-adc-battery.c
@@ -382,7 +382,7 @@ static int gab_remove(struct platform_device *pdev)
}
kfree(adc_bat->psy_desc.properties);
- cancel_delayed_work(&adc_bat->bat_work);
+ cancel_delayed_work_sync(&adc_bat->bat_work);
return 0;
}
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 060/425] power: supply: s3c_adc_battery: fix possible use-after-free in s3c_adc_bat_remove()
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (58 preceding siblings ...)
2021-05-20 9:17 ` [PATCH 4.19 059/425] power: supply: generic-adc-battery: fix possible use-after-free in gab_remove() Greg Kroah-Hartman
@ 2021-05-20 9:17 ` Greg Kroah-Hartman
2021-05-20 9:17 ` [PATCH 4.19 061/425] media: tc358743: fix possible use-after-free in tc358743_remove() Greg Kroah-Hartman
` (371 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:17 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hulk Robot, Yang Yingliang,
Krzysztof Kozlowski, Sebastian Reichel, Sasha Levin
From: Yang Yingliang <yangyingliang@huawei.com>
[ Upstream commit 68ae256945d2abe9036a7b68af4cc65aff79d5b7 ]
This driver's remove path calls cancel_delayed_work(). However, that
function does not wait until the work function finishes. This means
that the callback function may still be running after the driver's
remove function has finished, which would result in a use-after-free.
Fix by calling cancel_delayed_work_sync(), which ensures that
the work is properly cancelled, no longer running, and unable
to re-schedule itself.
Reported-by: Hulk Robot <hulkci@huawei.com>
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
Reviewed-by: Krzysztof Kozlowski <krzysztof.kozlowski@canonical.com>
Signed-off-by: Sebastian Reichel <sebastian.reichel@collabora.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/power/supply/s3c_adc_battery.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/power/supply/s3c_adc_battery.c b/drivers/power/supply/s3c_adc_battery.c
index 3d00b35cafc9..8be31f80035c 100644
--- a/drivers/power/supply/s3c_adc_battery.c
+++ b/drivers/power/supply/s3c_adc_battery.c
@@ -394,7 +394,7 @@ static int s3c_adc_bat_remove(struct platform_device *pdev)
gpio_free(pdata->gpio_charge_finished);
}
- cancel_delayed_work(&bat_work);
+ cancel_delayed_work_sync(&bat_work);
if (pdata->exit)
pdata->exit();
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 061/425] media: tc358743: fix possible use-after-free in tc358743_remove()
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (59 preceding siblings ...)
2021-05-20 9:17 ` [PATCH 4.19 060/425] power: supply: s3c_adc_battery: fix possible use-after-free in s3c_adc_bat_remove() Greg Kroah-Hartman
@ 2021-05-20 9:17 ` Greg Kroah-Hartman
2021-05-20 9:17 ` [PATCH 4.19 062/425] media: adv7604: fix possible use-after-free in adv76xx_remove() Greg Kroah-Hartman
` (370 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:17 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hulk Robot, Yang Yingliang,
Hans Verkuil, Mauro Carvalho Chehab, Sasha Levin
From: Yang Yingliang <yangyingliang@huawei.com>
[ Upstream commit 6107a4fdf8554a7aa9488bdc835bb010062fa8a9 ]
This driver's remove path calls cancel_delayed_work(). However, that
function does not wait until the work function finishes. This means
that the callback function may still be running after the driver's
remove function has finished, which would result in a use-after-free.
Fix by calling cancel_delayed_work_sync(), which ensures that
the work is properly cancelled, no longer running, and unable
to re-schedule itself.
Reported-by: Hulk Robot <hulkci@huawei.com>
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/i2c/tc358743.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/media/i2c/tc358743.c b/drivers/media/i2c/tc358743.c
index d9bc3851bf63..041b16965b96 100644
--- a/drivers/media/i2c/tc358743.c
+++ b/drivers/media/i2c/tc358743.c
@@ -2192,7 +2192,7 @@ static int tc358743_remove(struct i2c_client *client)
del_timer_sync(&state->timer);
flush_work(&state->work_i2c_poll);
}
- cancel_delayed_work(&state->delayed_work_enable_hotplug);
+ cancel_delayed_work_sync(&state->delayed_work_enable_hotplug);
cec_unregister_adapter(state->cec_adap);
v4l2_async_unregister_subdev(sd);
v4l2_device_unregister_subdev(sd);
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 062/425] media: adv7604: fix possible use-after-free in adv76xx_remove()
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (60 preceding siblings ...)
2021-05-20 9:17 ` [PATCH 4.19 061/425] media: tc358743: fix possible use-after-free in tc358743_remove() Greg Kroah-Hartman
@ 2021-05-20 9:17 ` Greg Kroah-Hartman
2021-05-20 9:17 ` [PATCH 4.19 063/425] media: i2c: adv7511-v4l2: fix possible use-after-free in adv7511_remove() Greg Kroah-Hartman
` (369 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:17 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hulk Robot, Yang Yingliang,
Hans Verkuil, Mauro Carvalho Chehab, Sasha Levin
From: Yang Yingliang <yangyingliang@huawei.com>
[ Upstream commit fa56f5f1fe31c2050675fa63b84963ebd504a5b3 ]
This driver's remove path calls cancel_delayed_work(). However, that
function does not wait until the work function finishes. This means
that the callback function may still be running after the driver's
remove function has finished, which would result in a use-after-free.
Fix by calling cancel_delayed_work_sync(), which ensures that
the work is properly cancelled, no longer running, and unable
to re-schedule itself.
Reported-by: Hulk Robot <hulkci@huawei.com>
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/i2c/adv7604.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/media/i2c/adv7604.c b/drivers/media/i2c/adv7604.c
index a4b0a89c7e7e..04577d409e63 100644
--- a/drivers/media/i2c/adv7604.c
+++ b/drivers/media/i2c/adv7604.c
@@ -3560,7 +3560,7 @@ static int adv76xx_remove(struct i2c_client *client)
io_write(sd, 0x6e, 0);
io_write(sd, 0x73, 0);
- cancel_delayed_work(&state->delayed_work_enable_hotplug);
+ cancel_delayed_work_sync(&state->delayed_work_enable_hotplug);
v4l2_async_unregister_subdev(sd);
media_entity_cleanup(&sd->entity);
adv76xx_unregister_clients(to_state(sd));
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 063/425] media: i2c: adv7511-v4l2: fix possible use-after-free in adv7511_remove()
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (61 preceding siblings ...)
2021-05-20 9:17 ` [PATCH 4.19 062/425] media: adv7604: fix possible use-after-free in adv76xx_remove() Greg Kroah-Hartman
@ 2021-05-20 9:17 ` Greg Kroah-Hartman
2021-05-20 9:17 ` [PATCH 4.19 064/425] media: i2c: adv7842: fix possible use-after-free in adv7842_remove() Greg Kroah-Hartman
` (368 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:17 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hulk Robot, Yang Yingliang,
Hans Verkuil, Mauro Carvalho Chehab, Sasha Levin
From: Yang Yingliang <yangyingliang@huawei.com>
[ Upstream commit 2c9541720c66899adf6f3600984cf3ef151295ad ]
This driver's remove path calls cancel_delayed_work(). However, that
function does not wait until the work function finishes. This means
that the callback function may still be running after the driver's
remove function has finished, which would result in a use-after-free.
Fix by calling cancel_delayed_work_sync(), which ensures that
the work is properly cancelled, no longer running, and unable
to re-schedule itself.
Reported-by: Hulk Robot <hulkci@huawei.com>
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/i2c/adv7511-v4l2.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/media/i2c/adv7511-v4l2.c b/drivers/media/i2c/adv7511-v4l2.c
index 6869bb593a68..4052abeead50 100644
--- a/drivers/media/i2c/adv7511-v4l2.c
+++ b/drivers/media/i2c/adv7511-v4l2.c
@@ -1965,7 +1965,7 @@ static int adv7511_remove(struct i2c_client *client)
adv7511_set_isr(sd, false);
adv7511_init_setup(sd);
- cancel_delayed_work(&state->edid_handler);
+ cancel_delayed_work_sync(&state->edid_handler);
i2c_unregister_device(state->i2c_edid);
if (state->i2c_cec)
i2c_unregister_device(state->i2c_cec);
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 064/425] media: i2c: adv7842: fix possible use-after-free in adv7842_remove()
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (62 preceding siblings ...)
2021-05-20 9:17 ` [PATCH 4.19 063/425] media: i2c: adv7511-v4l2: fix possible use-after-free in adv7511_remove() Greg Kroah-Hartman
@ 2021-05-20 9:17 ` Greg Kroah-Hartman
2021-05-20 9:17 ` [PATCH 4.19 065/425] media: dvb-usb: fix memory leak in dvb_usb_adapter_init Greg Kroah-Hartman
` (367 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:17 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hulk Robot, Yang Yingliang,
Hans Verkuil, Mauro Carvalho Chehab, Sasha Levin
From: Yang Yingliang <yangyingliang@huawei.com>
[ Upstream commit 4a15275b6a18597079f18241c87511406575179a ]
This driver's remove path calls cancel_delayed_work(). However, that
function does not wait until the work function finishes. This means
that the callback function may still be running after the driver's
remove function has finished, which would result in a use-after-free.
Fix by calling cancel_delayed_work_sync(), which ensures that
the work is properly cancelled, no longer running, and unable
to re-schedule itself.
Reported-by: Hulk Robot <hulkci@huawei.com>
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/i2c/adv7842.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/media/i2c/adv7842.c b/drivers/media/i2c/adv7842.c
index 58662ba92d4f..d0ed20652ddb 100644
--- a/drivers/media/i2c/adv7842.c
+++ b/drivers/media/i2c/adv7842.c
@@ -3585,7 +3585,7 @@ static int adv7842_remove(struct i2c_client *client)
struct adv7842_state *state = to_state(sd);
adv7842_irq_enable(sd, false);
- cancel_delayed_work(&state->delayed_work_enable_hotplug);
+ cancel_delayed_work_sync(&state->delayed_work_enable_hotplug);
v4l2_device_unregister_subdev(sd);
media_entity_cleanup(&sd->entity);
adv7842_unregister_clients(sd);
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 065/425] media: dvb-usb: fix memory leak in dvb_usb_adapter_init
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (63 preceding siblings ...)
2021-05-20 9:17 ` [PATCH 4.19 064/425] media: i2c: adv7842: fix possible use-after-free in adv7842_remove() Greg Kroah-Hartman
@ 2021-05-20 9:17 ` Greg Kroah-Hartman
2021-05-20 9:17 ` [PATCH 4.19 066/425] media: gscpa/stv06xx: fix memory leak Greg Kroah-Hartman
` (366 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:17 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Pavel Skripkin,
syzbot+3c2be7424cea3b932b0e, Sean Young, Mauro Carvalho Chehab,
Sasha Levin
From: Pavel Skripkin <paskripkin@gmail.com>
[ Upstream commit b7cd0da982e3043f2eec7235ac5530cb18d6af1d ]
syzbot reported memory leak in dvb-usb. The problem was
in invalid error handling in dvb_usb_adapter_init().
for (n = 0; n < d->props.num_adapters; n++) {
....
if ((ret = dvb_usb_adapter_stream_init(adap)) ||
(ret = dvb_usb_adapter_dvb_init(adap, adapter_nrs)) ||
(ret = dvb_usb_adapter_frontend_init(adap))) {
return ret;
}
...
d->num_adapters_initialized++;
...
}
In case of error in dvb_usb_adapter_dvb_init() or
dvb_usb_adapter_dvb_init() d->num_adapters_initialized won't be
incremented, but dvb_usb_adapter_exit() relies on it:
for (n = 0; n < d->num_adapters_initialized; n++)
So, allocated objects won't be freed.
Signed-off-by: Pavel Skripkin <paskripkin@gmail.com>
Reported-by: syzbot+3c2be7424cea3b932b0e@syzkaller.appspotmail.com
Signed-off-by: Sean Young <sean@mess.org>
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/usb/dvb-usb/dvb-usb-init.c | 20 ++++++++++++++++----
1 file changed, 16 insertions(+), 4 deletions(-)
diff --git a/drivers/media/usb/dvb-usb/dvb-usb-init.c b/drivers/media/usb/dvb-usb/dvb-usb-init.c
index 39ac22486bcd..4b1445d806e5 100644
--- a/drivers/media/usb/dvb-usb/dvb-usb-init.c
+++ b/drivers/media/usb/dvb-usb/dvb-usb-init.c
@@ -82,11 +82,17 @@ static int dvb_usb_adapter_init(struct dvb_usb_device *d, short *adapter_nrs)
}
}
- if ((ret = dvb_usb_adapter_stream_init(adap)) ||
- (ret = dvb_usb_adapter_dvb_init(adap, adapter_nrs)) ||
- (ret = dvb_usb_adapter_frontend_init(adap))) {
+ ret = dvb_usb_adapter_stream_init(adap);
+ if (ret)
return ret;
- }
+
+ ret = dvb_usb_adapter_dvb_init(adap, adapter_nrs);
+ if (ret)
+ goto dvb_init_err;
+
+ ret = dvb_usb_adapter_frontend_init(adap);
+ if (ret)
+ goto frontend_init_err;
/* use exclusive FE lock if there is multiple shared FEs */
if (adap->fe_adap[1].fe)
@@ -106,6 +112,12 @@ static int dvb_usb_adapter_init(struct dvb_usb_device *d, short *adapter_nrs)
}
return 0;
+
+frontend_init_err:
+ dvb_usb_adapter_dvb_exit(adap);
+dvb_init_err:
+ dvb_usb_adapter_stream_exit(adap);
+ return ret;
}
static int dvb_usb_adapter_exit(struct dvb_usb_device *d)
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 066/425] media: gscpa/stv06xx: fix memory leak
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (64 preceding siblings ...)
2021-05-20 9:17 ` [PATCH 4.19 065/425] media: dvb-usb: fix memory leak in dvb_usb_adapter_init Greg Kroah-Hartman
@ 2021-05-20 9:17 ` Greg Kroah-Hartman
2021-05-20 9:17 ` [PATCH 4.19 067/425] drm/msm/mdp5: Configure PP_SYNC_HEIGHT to double the vtotal Greg Kroah-Hartman
` (365 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:17 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hans Verkuil, Mauro Carvalho Chehab,
Sasha Levin, syzbot+e7f4c64a4248a0340c37
From: Hans Verkuil <hverkuil-cisco@xs4all.nl>
[ Upstream commit 4f4e6644cd876c844cdb3bea2dd7051787d5ae25 ]
For two of the supported sensors the stv06xx driver allocates memory which
is stored in sd->sensor_priv. This memory is freed on a disconnect, but if
the probe() fails, then it isn't freed and so this leaks memory.
Add a new probe_error() op that drivers can use to free any allocated
memory in case there was a probe failure.
Thanks to Pavel Skripkin <paskripkin@gmail.com> for discovering the cause
of the memory leak.
Reported-and-tested-by: syzbot+e7f4c64a4248a0340c37@syzkaller.appspotmail.com
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/usb/gspca/gspca.c | 2 ++
drivers/media/usb/gspca/gspca.h | 1 +
drivers/media/usb/gspca/stv06xx/stv06xx.c | 9 +++++++++
3 files changed, 12 insertions(+)
diff --git a/drivers/media/usb/gspca/gspca.c b/drivers/media/usb/gspca/gspca.c
index 93212ed80bf8..f0562b8eef56 100644
--- a/drivers/media/usb/gspca/gspca.c
+++ b/drivers/media/usb/gspca/gspca.c
@@ -1586,6 +1586,8 @@ out:
#endif
v4l2_ctrl_handler_free(gspca_dev->vdev.ctrl_handler);
v4l2_device_unregister(&gspca_dev->v4l2_dev);
+ if (sd_desc->probe_error)
+ sd_desc->probe_error(gspca_dev);
kfree(gspca_dev->usb_buf);
kfree(gspca_dev);
return ret;
diff --git a/drivers/media/usb/gspca/gspca.h b/drivers/media/usb/gspca/gspca.h
index b0ced2e14006..a6554d5e9e1a 100644
--- a/drivers/media/usb/gspca/gspca.h
+++ b/drivers/media/usb/gspca/gspca.h
@@ -105,6 +105,7 @@ struct sd_desc {
cam_cf_op config; /* called on probe */
cam_op init; /* called on probe and resume */
cam_op init_controls; /* called on probe */
+ cam_v_op probe_error; /* called if probe failed, do cleanup here */
cam_op start; /* called on stream on after URBs creation */
cam_pkt_op pkt_scan;
/* optional operations */
diff --git a/drivers/media/usb/gspca/stv06xx/stv06xx.c b/drivers/media/usb/gspca/stv06xx/stv06xx.c
index b7ea4f982964..ccec6138f678 100644
--- a/drivers/media/usb/gspca/stv06xx/stv06xx.c
+++ b/drivers/media/usb/gspca/stv06xx/stv06xx.c
@@ -538,12 +538,21 @@ static int sd_int_pkt_scan(struct gspca_dev *gspca_dev,
static int stv06xx_config(struct gspca_dev *gspca_dev,
const struct usb_device_id *id);
+static void stv06xx_probe_error(struct gspca_dev *gspca_dev)
+{
+ struct sd *sd = (struct sd *)gspca_dev;
+
+ kfree(sd->sensor_priv);
+ sd->sensor_priv = NULL;
+}
+
/* sub-driver description */
static const struct sd_desc sd_desc = {
.name = MODULE_NAME,
.config = stv06xx_config,
.init = stv06xx_init,
.init_controls = stv06xx_init_controls,
+ .probe_error = stv06xx_probe_error,
.start = stv06xx_start,
.stopN = stv06xx_stopN,
.pkt_scan = stv06xx_pkt_scan,
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 067/425] drm/msm/mdp5: Configure PP_SYNC_HEIGHT to double the vtotal
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (65 preceding siblings ...)
2021-05-20 9:17 ` [PATCH 4.19 066/425] media: gscpa/stv06xx: fix memory leak Greg Kroah-Hartman
@ 2021-05-20 9:17 ` Greg Kroah-Hartman
2021-05-20 9:17 ` [PATCH 4.19 068/425] amdgpu: avoid incorrect %hu format string Greg Kroah-Hartman
` (364 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:17 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, AngeloGioacchino Del Regno,
Marijn Suijten, Rob Clark, Sasha Levin
From: Marijn Suijten <marijn.suijten@somainline.org>
[ Upstream commit 2ad52bdb220de5ab348098e3482b01235d15a842 ]
Leaving this at a close-to-maximum register value 0xFFF0 means it takes
very long for the MDSS to generate a software vsync interrupt when the
hardware TE interrupt doesn't arrive. Configuring this to double the
vtotal (like some downstream kernels) leads to a frame to take at most
twice before the vsync signal, until hardware TE comes up.
In this case the hardware interrupt responsible for providing this
signal - "disp-te" gpio - is not hooked up to the mdp5 vsync/pp logic at
all. This solves severe panel update issues observed on at least the
Xperia Loire and Tone series, until said gpio is properly hooked up to
an irq.
Suggested-by: AngeloGioacchino Del Regno <angelogioacchino.delregno@somainline.org>
Signed-off-by: Marijn Suijten <marijn.suijten@somainline.org>
Reviewed-by: AngeloGioacchino Del Regno <angelogioacchino.delregno@somainline.org>
Link: https://lore.kernel.org/r/20210406214726.131534-2-marijn.suijten@somainline.org
Signed-off-by: Rob Clark <robdclark@chromium.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/msm/disp/mdp5/mdp5_cmd_encoder.c | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/msm/disp/mdp5/mdp5_cmd_encoder.c b/drivers/gpu/drm/msm/disp/mdp5/mdp5_cmd_encoder.c
index d6f79dc755b4..14e2ce87bab1 100644
--- a/drivers/gpu/drm/msm/disp/mdp5/mdp5_cmd_encoder.c
+++ b/drivers/gpu/drm/msm/disp/mdp5/mdp5_cmd_encoder.c
@@ -78,9 +78,17 @@ static int pingpong_tearcheck_setup(struct drm_encoder *encoder,
| MDP5_PP_SYNC_CONFIG_VSYNC_IN_EN;
cfg |= MDP5_PP_SYNC_CONFIG_VSYNC_COUNT(vclks_line);
+ /*
+ * Tearcheck emits a blanking signal every vclks_line * vtotal * 2 ticks on
+ * the vsync_clk equating to roughly half the desired panel refresh rate.
+ * This is only necessary as stability fallback if interrupts from the
+ * panel arrive too late or not at all, but is currently used by default
+ * because these panel interrupts are not wired up yet.
+ */
mdp5_write(mdp5_kms, REG_MDP5_PP_SYNC_CONFIG_VSYNC(pp_id), cfg);
mdp5_write(mdp5_kms,
- REG_MDP5_PP_SYNC_CONFIG_HEIGHT(pp_id), 0xfff0);
+ REG_MDP5_PP_SYNC_CONFIG_HEIGHT(pp_id), (2 * mode->vtotal));
+
mdp5_write(mdp5_kms,
REG_MDP5_PP_VSYNC_INIT_VAL(pp_id), mode->vdisplay);
mdp5_write(mdp5_kms, REG_MDP5_PP_RD_PTR_IRQ(pp_id), mode->vdisplay + 1);
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 068/425] amdgpu: avoid incorrect %hu format string
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (66 preceding siblings ...)
2021-05-20 9:17 ` [PATCH 4.19 067/425] drm/msm/mdp5: Configure PP_SYNC_HEIGHT to double the vtotal Greg Kroah-Hartman
@ 2021-05-20 9:17 ` Greg Kroah-Hartman
2021-05-20 9:17 ` [PATCH 4.19 069/425] drm/amdgpu: fix NULL pointer dereference Greg Kroah-Hartman
` (363 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:17 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Christian König, Tom Rix,
Arnd Bergmann, Alex Deucher, Sasha Levin
From: Arnd Bergmann <arnd@arndb.de>
[ Upstream commit 7d98d416c2cc1c1f7d9508e887de4630e521d797 ]
clang points out that the %hu format string does not match the type
of the variables here:
drivers/gpu/drm/amd/amdgpu/amdgpu_uvd.c:263:7: warning: format specifies type 'unsigned short' but the argument has type 'unsigned int' [-Wformat]
version_major, version_minor);
^~~~~~~~~~~~~
include/drm/drm_print.h:498:19: note: expanded from macro 'DRM_ERROR'
__drm_err(fmt, ##__VA_ARGS__)
~~~ ^~~~~~~~~~~
Change it to a regular %u, the same way a previous patch did for
another instance of the same warning.
Reviewed-by: Christian König <christian.koenig@amd.com>
Reviewed-by: Tom Rix <trix@redhat.com>
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/amd/amdgpu/amdgpu_uvd.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_uvd.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_uvd.c
index e5a6db6beab7..8c5f39beee7c 100644
--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_uvd.c
+++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_uvd.c
@@ -231,7 +231,7 @@ int amdgpu_uvd_sw_init(struct amdgpu_device *adev)
if ((adev->asic_type == CHIP_POLARIS10 ||
adev->asic_type == CHIP_POLARIS11) &&
(adev->uvd.fw_version < FW_1_66_16))
- DRM_ERROR("POLARIS10/11 UVD firmware version %hu.%hu is too old.\n",
+ DRM_ERROR("POLARIS10/11 UVD firmware version %u.%u is too old.\n",
version_major, version_minor);
} else {
unsigned int enc_major, enc_minor, dec_minor;
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 069/425] drm/amdgpu: fix NULL pointer dereference
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (67 preceding siblings ...)
2021-05-20 9:17 ` [PATCH 4.19 068/425] amdgpu: avoid incorrect %hu format string Greg Kroah-Hartman
@ 2021-05-20 9:17 ` Greg Kroah-Hartman
2021-05-20 9:17 ` [PATCH 4.19 070/425] scsi: lpfc: Fix crash when a REG_RPI mailbox fails triggering a LOGO response Greg Kroah-Hartman
` (362 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:17 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Guchun Chen, Christian König,
Alex Deucher, Sasha Levin
From: Guchun Chen <guchun.chen@amd.com>
[ Upstream commit 3c3dc654333f6389803cdcaf03912e94173ae510 ]
ttm->sg needs to be checked before accessing its child member.
Call Trace:
amdgpu_ttm_backend_destroy+0x12/0x70 [amdgpu]
ttm_bo_cleanup_memtype_use+0x3a/0x60 [ttm]
ttm_bo_release+0x17d/0x300 [ttm]
amdgpu_bo_unref+0x1a/0x30 [amdgpu]
amdgpu_amdkfd_gpuvm_alloc_memory_of_gpu+0x78b/0x8b0 [amdgpu]
kfd_ioctl_alloc_memory_of_gpu+0x118/0x220 [amdgpu]
kfd_ioctl+0x222/0x400 [amdgpu]
? kfd_dev_is_large_bar+0x90/0x90 [amdgpu]
__x64_sys_ioctl+0x8e/0xd0
? __context_tracking_exit+0x52/0x90
do_syscall_64+0x33/0x80
entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x7f97f264d317
Code: b3 66 90 48 8b 05 71 4b 2d 00 64 c7 00 26 00 00 00 48 c7 c0 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 41 4b 2d 00 f7 d8 64 89 01 48
RSP: 002b:00007ffdb402c338 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007f97f3cc63a0 RCX: 00007f97f264d317
RDX: 00007ffdb402c380 RSI: 00000000c0284b16 RDI: 0000000000000003
RBP: 00007ffdb402c380 R08: 00007ffdb402c428 R09: 00000000c4000004
R10: 00000000c4000004 R11: 0000000000000246 R12: 00000000c0284b16
R13: 0000000000000003 R14: 00007f97f3cc63a0 R15: 00007f8836200000
Signed-off-by: Guchun Chen <guchun.chen@amd.com>
Acked-by: Christian König <christian.koenig@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c
index abad7460084f..757fa486aac4 100644
--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c
+++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c
@@ -971,7 +971,7 @@ static void amdgpu_ttm_tt_unpin_userptr(struct ttm_tt *ttm)
DMA_BIDIRECTIONAL : DMA_TO_DEVICE;
/* double check that we don't free the table twice */
- if (!ttm->sg->sgl)
+ if (!ttm->sg || !ttm->sg->sgl)
return;
/* unmap the pages mapped to the device */
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 070/425] scsi: lpfc: Fix crash when a REG_RPI mailbox fails triggering a LOGO response
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (68 preceding siblings ...)
2021-05-20 9:17 ` [PATCH 4.19 069/425] drm/amdgpu: fix NULL pointer dereference Greg Kroah-Hartman
@ 2021-05-20 9:17 ` Greg Kroah-Hartman
2021-05-20 9:17 ` [PATCH 4.19 071/425] scsi: lpfc: Remove unsupported mbox PORT_CAPABILITIES logic Greg Kroah-Hartman
` (361 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:17 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Justin Tee, James Smart,
Martin K. Petersen, Sasha Levin
From: James Smart <jsmart2021@gmail.com>
[ Upstream commit fffd18ec6579c2d9c72b212169259062fe747888 ]
Fix a crash caused by a double put on the node when the driver completed an
ACC for an unsolicted abort on the same node. The second put was executed
by lpfc_nlp_not_used() and is wrong because the completion routine executes
the nlp_put when the iocbq was released. Additionally, the driver is
issuing a LOGO then immediately calls lpfc_nlp_set_state to put the node
into NPR. This call does nothing.
Remove the lpfc_nlp_not_used call and additional set_state in the
completion routine. Remove the lpfc_nlp_set_state post issue_logo. Isn't
necessary.
Link: https://lore.kernel.org/r/20210412013127.2387-3-jsmart2021@gmail.com
Co-developed-by: Justin Tee <justin.tee@broadcom.com>
Signed-off-by: Justin Tee <justin.tee@broadcom.com>
Signed-off-by: James Smart <jsmart2021@gmail.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/scsi/lpfc/lpfc_nportdisc.c | 2 --
drivers/scsi/lpfc/lpfc_sli.c | 1 -
2 files changed, 3 deletions(-)
diff --git a/drivers/scsi/lpfc/lpfc_nportdisc.c b/drivers/scsi/lpfc/lpfc_nportdisc.c
index 518bdae24543..9442fb30e7cd 100644
--- a/drivers/scsi/lpfc/lpfc_nportdisc.c
+++ b/drivers/scsi/lpfc/lpfc_nportdisc.c
@@ -1743,8 +1743,6 @@ lpfc_cmpl_reglogin_reglogin_issue(struct lpfc_vport *vport,
ndlp->nlp_last_elscmd = ELS_CMD_PLOGI;
lpfc_issue_els_logo(vport, ndlp, 0);
- ndlp->nlp_prev_state = NLP_STE_REG_LOGIN_ISSUE;
- lpfc_nlp_set_state(vport, ndlp, NLP_STE_NPR_NODE);
return ndlp->nlp_state;
}
diff --git a/drivers/scsi/lpfc/lpfc_sli.c b/drivers/scsi/lpfc/lpfc_sli.c
index a7b14875af5f..f4633c9f8183 100644
--- a/drivers/scsi/lpfc/lpfc_sli.c
+++ b/drivers/scsi/lpfc/lpfc_sli.c
@@ -17018,7 +17018,6 @@ lpfc_sli4_seq_abort_rsp_cmpl(struct lpfc_hba *phba,
if (cmd_iocbq) {
ndlp = (struct lpfc_nodelist *)cmd_iocbq->context1;
lpfc_nlp_put(ndlp);
- lpfc_nlp_not_used(ndlp);
lpfc_sli_release_iocbq(phba, cmd_iocbq);
}
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 071/425] scsi: lpfc: Remove unsupported mbox PORT_CAPABILITIES logic
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (69 preceding siblings ...)
2021-05-20 9:17 ` [PATCH 4.19 070/425] scsi: lpfc: Fix crash when a REG_RPI mailbox fails triggering a LOGO response Greg Kroah-Hartman
@ 2021-05-20 9:17 ` Greg Kroah-Hartman
2021-05-20 9:17 ` [PATCH 4.19 072/425] scsi: libfc: Fix a format specifier Greg Kroah-Hartman
` (360 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:17 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Justin Tee, James Smart,
Martin K. Petersen, Sasha Levin
From: James Smart <jsmart2021@gmail.com>
[ Upstream commit b62232ba8caccaf1954e197058104a6478fac1af ]
SLI-4 does not contain a PORT_CAPABILITIES mailbox command (only SLI-3
does, and SLI-3 doesn't use it), yet there are SLI-4 code paths that have
code to issue the command. The command will always fail.
Remove the code for the mailbox command and leave only the resulting
"failure path" logic.
Link: https://lore.kernel.org/r/20210412013127.2387-12-jsmart2021@gmail.com
Co-developed-by: Justin Tee <justin.tee@broadcom.com>
Signed-off-by: Justin Tee <justin.tee@broadcom.com>
Signed-off-by: James Smart <jsmart2021@gmail.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/scsi/lpfc/lpfc_crtn.h | 3 -
drivers/scsi/lpfc/lpfc_hw4.h | 174 +---------------------------------
drivers/scsi/lpfc/lpfc_init.c | 103 +-------------------
drivers/scsi/lpfc/lpfc_mbox.c | 36 -------
4 files changed, 3 insertions(+), 313 deletions(-)
diff --git a/drivers/scsi/lpfc/lpfc_crtn.h b/drivers/scsi/lpfc/lpfc_crtn.h
index bea24bc4410a..1a0b1cb9de78 100644
--- a/drivers/scsi/lpfc/lpfc_crtn.h
+++ b/drivers/scsi/lpfc/lpfc_crtn.h
@@ -56,9 +56,6 @@ void lpfc_register_new_vport(struct lpfc_hba *, struct lpfc_vport *,
void lpfc_unreg_vpi(struct lpfc_hba *, uint16_t, LPFC_MBOXQ_t *);
void lpfc_init_link(struct lpfc_hba *, LPFC_MBOXQ_t *, uint32_t, uint32_t);
void lpfc_request_features(struct lpfc_hba *, struct lpfcMboxq *);
-void lpfc_supported_pages(struct lpfcMboxq *);
-void lpfc_pc_sli4_params(struct lpfcMboxq *);
-int lpfc_pc_sli4_params_get(struct lpfc_hba *, LPFC_MBOXQ_t *);
int lpfc_sli4_mbox_rsrc_extent(struct lpfc_hba *, struct lpfcMboxq *,
uint16_t, uint16_t, bool);
int lpfc_get_sli4_parameters(struct lpfc_hba *, LPFC_MBOXQ_t *);
diff --git a/drivers/scsi/lpfc/lpfc_hw4.h b/drivers/scsi/lpfc/lpfc_hw4.h
index 083f8c8706e5..a9bd12bfc15e 100644
--- a/drivers/scsi/lpfc/lpfc_hw4.h
+++ b/drivers/scsi/lpfc/lpfc_hw4.h
@@ -122,6 +122,7 @@ struct lpfc_sli_intf {
/* Define SLI4 Alignment requirements. */
#define LPFC_ALIGN_16_BYTE 16
#define LPFC_ALIGN_64_BYTE 64
+#define SLI4_PAGE_SIZE 4096
/* Define SLI4 specific definitions. */
#define LPFC_MQ_CQE_BYTE_OFFSET 256
@@ -2886,62 +2887,6 @@ struct lpfc_mbx_request_features {
#define lpfc_mbx_rq_ftr_rsp_mrqp_WORD word3
};
-struct lpfc_mbx_supp_pages {
- uint32_t word1;
-#define qs_SHIFT 0
-#define qs_MASK 0x00000001
-#define qs_WORD word1
-#define wr_SHIFT 1
-#define wr_MASK 0x00000001
-#define wr_WORD word1
-#define pf_SHIFT 8
-#define pf_MASK 0x000000ff
-#define pf_WORD word1
-#define cpn_SHIFT 16
-#define cpn_MASK 0x000000ff
-#define cpn_WORD word1
- uint32_t word2;
-#define list_offset_SHIFT 0
-#define list_offset_MASK 0x000000ff
-#define list_offset_WORD word2
-#define next_offset_SHIFT 8
-#define next_offset_MASK 0x000000ff
-#define next_offset_WORD word2
-#define elem_cnt_SHIFT 16
-#define elem_cnt_MASK 0x000000ff
-#define elem_cnt_WORD word2
- uint32_t word3;
-#define pn_0_SHIFT 24
-#define pn_0_MASK 0x000000ff
-#define pn_0_WORD word3
-#define pn_1_SHIFT 16
-#define pn_1_MASK 0x000000ff
-#define pn_1_WORD word3
-#define pn_2_SHIFT 8
-#define pn_2_MASK 0x000000ff
-#define pn_2_WORD word3
-#define pn_3_SHIFT 0
-#define pn_3_MASK 0x000000ff
-#define pn_3_WORD word3
- uint32_t word4;
-#define pn_4_SHIFT 24
-#define pn_4_MASK 0x000000ff
-#define pn_4_WORD word4
-#define pn_5_SHIFT 16
-#define pn_5_MASK 0x000000ff
-#define pn_5_WORD word4
-#define pn_6_SHIFT 8
-#define pn_6_MASK 0x000000ff
-#define pn_6_WORD word4
-#define pn_7_SHIFT 0
-#define pn_7_MASK 0x000000ff
-#define pn_7_WORD word4
- uint32_t rsvd[27];
-#define LPFC_SUPP_PAGES 0
-#define LPFC_BLOCK_GUARD_PROFILES 1
-#define LPFC_SLI4_PARAMETERS 2
-};
-
struct lpfc_mbx_memory_dump_type3 {
uint32_t word1;
#define lpfc_mbx_memory_dump_type3_type_SHIFT 0
@@ -3158,121 +3103,6 @@ struct user_eeprom {
uint8_t reserved191[57];
};
-struct lpfc_mbx_pc_sli4_params {
- uint32_t word1;
-#define qs_SHIFT 0
-#define qs_MASK 0x00000001
-#define qs_WORD word1
-#define wr_SHIFT 1
-#define wr_MASK 0x00000001
-#define wr_WORD word1
-#define pf_SHIFT 8
-#define pf_MASK 0x000000ff
-#define pf_WORD word1
-#define cpn_SHIFT 16
-#define cpn_MASK 0x000000ff
-#define cpn_WORD word1
- uint32_t word2;
-#define if_type_SHIFT 0
-#define if_type_MASK 0x00000007
-#define if_type_WORD word2
-#define sli_rev_SHIFT 4
-#define sli_rev_MASK 0x0000000f
-#define sli_rev_WORD word2
-#define sli_family_SHIFT 8
-#define sli_family_MASK 0x000000ff
-#define sli_family_WORD word2
-#define featurelevel_1_SHIFT 16
-#define featurelevel_1_MASK 0x000000ff
-#define featurelevel_1_WORD word2
-#define featurelevel_2_SHIFT 24
-#define featurelevel_2_MASK 0x0000001f
-#define featurelevel_2_WORD word2
- uint32_t word3;
-#define fcoe_SHIFT 0
-#define fcoe_MASK 0x00000001
-#define fcoe_WORD word3
-#define fc_SHIFT 1
-#define fc_MASK 0x00000001
-#define fc_WORD word3
-#define nic_SHIFT 2
-#define nic_MASK 0x00000001
-#define nic_WORD word3
-#define iscsi_SHIFT 3
-#define iscsi_MASK 0x00000001
-#define iscsi_WORD word3
-#define rdma_SHIFT 4
-#define rdma_MASK 0x00000001
-#define rdma_WORD word3
- uint32_t sge_supp_len;
-#define SLI4_PAGE_SIZE 4096
- uint32_t word5;
-#define if_page_sz_SHIFT 0
-#define if_page_sz_MASK 0x0000ffff
-#define if_page_sz_WORD word5
-#define loopbk_scope_SHIFT 24
-#define loopbk_scope_MASK 0x0000000f
-#define loopbk_scope_WORD word5
-#define rq_db_window_SHIFT 28
-#define rq_db_window_MASK 0x0000000f
-#define rq_db_window_WORD word5
- uint32_t word6;
-#define eq_pages_SHIFT 0
-#define eq_pages_MASK 0x0000000f
-#define eq_pages_WORD word6
-#define eqe_size_SHIFT 8
-#define eqe_size_MASK 0x000000ff
-#define eqe_size_WORD word6
- uint32_t word7;
-#define cq_pages_SHIFT 0
-#define cq_pages_MASK 0x0000000f
-#define cq_pages_WORD word7
-#define cqe_size_SHIFT 8
-#define cqe_size_MASK 0x000000ff
-#define cqe_size_WORD word7
- uint32_t word8;
-#define mq_pages_SHIFT 0
-#define mq_pages_MASK 0x0000000f
-#define mq_pages_WORD word8
-#define mqe_size_SHIFT 8
-#define mqe_size_MASK 0x000000ff
-#define mqe_size_WORD word8
-#define mq_elem_cnt_SHIFT 16
-#define mq_elem_cnt_MASK 0x000000ff
-#define mq_elem_cnt_WORD word8
- uint32_t word9;
-#define wq_pages_SHIFT 0
-#define wq_pages_MASK 0x0000ffff
-#define wq_pages_WORD word9
-#define wqe_size_SHIFT 8
-#define wqe_size_MASK 0x000000ff
-#define wqe_size_WORD word9
- uint32_t word10;
-#define rq_pages_SHIFT 0
-#define rq_pages_MASK 0x0000ffff
-#define rq_pages_WORD word10
-#define rqe_size_SHIFT 8
-#define rqe_size_MASK 0x000000ff
-#define rqe_size_WORD word10
- uint32_t word11;
-#define hdr_pages_SHIFT 0
-#define hdr_pages_MASK 0x0000000f
-#define hdr_pages_WORD word11
-#define hdr_size_SHIFT 8
-#define hdr_size_MASK 0x0000000f
-#define hdr_size_WORD word11
-#define hdr_pp_align_SHIFT 16
-#define hdr_pp_align_MASK 0x0000ffff
-#define hdr_pp_align_WORD word11
- uint32_t word12;
-#define sgl_pages_SHIFT 0
-#define sgl_pages_MASK 0x0000000f
-#define sgl_pages_WORD word12
-#define sgl_pp_align_SHIFT 16
-#define sgl_pp_align_MASK 0x0000ffff
-#define sgl_pp_align_WORD word12
- uint32_t rsvd_13_63[51];
-};
#define SLI4_PAGE_ALIGN(addr) (((addr)+((SLI4_PAGE_SIZE)-1)) \
&(~((SLI4_PAGE_SIZE)-1)))
@@ -3854,8 +3684,6 @@ struct lpfc_mqe {
struct lpfc_mbx_post_hdr_tmpl hdr_tmpl;
struct lpfc_mbx_query_fw_config query_fw_cfg;
struct lpfc_mbx_set_beacon_config beacon_config;
- struct lpfc_mbx_supp_pages supp_pages;
- struct lpfc_mbx_pc_sli4_params sli4_params;
struct lpfc_mbx_get_sli4_parameters get_sli4_parameters;
struct lpfc_mbx_set_link_diag_state link_diag_state;
struct lpfc_mbx_set_link_diag_loopback link_diag_loopback;
diff --git a/drivers/scsi/lpfc/lpfc_init.c b/drivers/scsi/lpfc/lpfc_init.c
index 57510a831735..c6caacaa3e7a 100644
--- a/drivers/scsi/lpfc/lpfc_init.c
+++ b/drivers/scsi/lpfc/lpfc_init.c
@@ -5854,8 +5854,6 @@ lpfc_sli4_driver_resource_setup(struct lpfc_hba *phba)
LPFC_MBOXQ_t *mboxq;
MAILBOX_t *mb;
int rc, i, max_buf_size;
- uint8_t pn_page[LPFC_MAX_SUPPORTED_PAGES] = {0};
- struct lpfc_mqe *mqe;
int longs;
int fof_vectors = 0;
int extra;
@@ -6150,32 +6148,6 @@ lpfc_sli4_driver_resource_setup(struct lpfc_hba *phba)
lpfc_nvme_mod_param_dep(phba);
- /* Get the Supported Pages if PORT_CAPABILITIES is supported by port. */
- lpfc_supported_pages(mboxq);
- rc = lpfc_sli_issue_mbox(phba, mboxq, MBX_POLL);
- if (!rc) {
- mqe = &mboxq->u.mqe;
- memcpy(&pn_page[0], ((uint8_t *)&mqe->un.supp_pages.word3),
- LPFC_MAX_SUPPORTED_PAGES);
- for (i = 0; i < LPFC_MAX_SUPPORTED_PAGES; i++) {
- switch (pn_page[i]) {
- case LPFC_SLI4_PARAMETERS:
- phba->sli4_hba.pc_sli4_params.supported = 1;
- break;
- default:
- break;
- }
- }
- /* Read the port's SLI4 Parameters capabilities if supported. */
- if (phba->sli4_hba.pc_sli4_params.supported)
- rc = lpfc_pc_sli4_params_get(phba, mboxq);
- if (rc) {
- mempool_free(mboxq, phba->mbox_mem_pool);
- rc = -EIO;
- goto out_free_bsmbx;
- }
- }
-
/*
* Get sli4 parameters that override parameters from Port capabilities.
* If this call fails, it isn't critical unless the SLI4 parameters come
@@ -10517,78 +10489,6 @@ lpfc_sli4_hba_unset(struct lpfc_hba *phba)
phba->pport->work_port_events = 0;
}
- /**
- * lpfc_pc_sli4_params_get - Get the SLI4_PARAMS port capabilities.
- * @phba: Pointer to HBA context object.
- * @mboxq: Pointer to the mailboxq memory for the mailbox command response.
- *
- * This function is called in the SLI4 code path to read the port's
- * sli4 capabilities.
- *
- * This function may be be called from any context that can block-wait
- * for the completion. The expectation is that this routine is called
- * typically from probe_one or from the online routine.
- **/
-int
-lpfc_pc_sli4_params_get(struct lpfc_hba *phba, LPFC_MBOXQ_t *mboxq)
-{
- int rc;
- struct lpfc_mqe *mqe;
- struct lpfc_pc_sli4_params *sli4_params;
- uint32_t mbox_tmo;
-
- rc = 0;
- mqe = &mboxq->u.mqe;
-
- /* Read the port's SLI4 Parameters port capabilities */
- lpfc_pc_sli4_params(mboxq);
- if (!phba->sli4_hba.intr_enable)
- rc = lpfc_sli_issue_mbox(phba, mboxq, MBX_POLL);
- else {
- mbox_tmo = lpfc_mbox_tmo_val(phba, mboxq);
- rc = lpfc_sli_issue_mbox_wait(phba, mboxq, mbox_tmo);
- }
-
- if (unlikely(rc))
- return 1;
-
- sli4_params = &phba->sli4_hba.pc_sli4_params;
- sli4_params->if_type = bf_get(if_type, &mqe->un.sli4_params);
- sli4_params->sli_rev = bf_get(sli_rev, &mqe->un.sli4_params);
- sli4_params->sli_family = bf_get(sli_family, &mqe->un.sli4_params);
- sli4_params->featurelevel_1 = bf_get(featurelevel_1,
- &mqe->un.sli4_params);
- sli4_params->featurelevel_2 = bf_get(featurelevel_2,
- &mqe->un.sli4_params);
- sli4_params->proto_types = mqe->un.sli4_params.word3;
- sli4_params->sge_supp_len = mqe->un.sli4_params.sge_supp_len;
- sli4_params->if_page_sz = bf_get(if_page_sz, &mqe->un.sli4_params);
- sli4_params->rq_db_window = bf_get(rq_db_window, &mqe->un.sli4_params);
- sli4_params->loopbk_scope = bf_get(loopbk_scope, &mqe->un.sli4_params);
- sli4_params->eq_pages_max = bf_get(eq_pages, &mqe->un.sli4_params);
- sli4_params->eqe_size = bf_get(eqe_size, &mqe->un.sli4_params);
- sli4_params->cq_pages_max = bf_get(cq_pages, &mqe->un.sli4_params);
- sli4_params->cqe_size = bf_get(cqe_size, &mqe->un.sli4_params);
- sli4_params->mq_pages_max = bf_get(mq_pages, &mqe->un.sli4_params);
- sli4_params->mqe_size = bf_get(mqe_size, &mqe->un.sli4_params);
- sli4_params->mq_elem_cnt = bf_get(mq_elem_cnt, &mqe->un.sli4_params);
- sli4_params->wq_pages_max = bf_get(wq_pages, &mqe->un.sli4_params);
- sli4_params->wqe_size = bf_get(wqe_size, &mqe->un.sli4_params);
- sli4_params->rq_pages_max = bf_get(rq_pages, &mqe->un.sli4_params);
- sli4_params->rqe_size = bf_get(rqe_size, &mqe->un.sli4_params);
- sli4_params->hdr_pages_max = bf_get(hdr_pages, &mqe->un.sli4_params);
- sli4_params->hdr_size = bf_get(hdr_size, &mqe->un.sli4_params);
- sli4_params->hdr_pp_align = bf_get(hdr_pp_align, &mqe->un.sli4_params);
- sli4_params->sgl_pages_max = bf_get(sgl_pages, &mqe->un.sli4_params);
- sli4_params->sgl_pp_align = bf_get(sgl_pp_align, &mqe->un.sli4_params);
-
- /* Make sure that sge_supp_len can be handled by the driver */
- if (sli4_params->sge_supp_len > LPFC_MAX_SGE_SIZE)
- sli4_params->sge_supp_len = LPFC_MAX_SGE_SIZE;
-
- return rc;
-}
-
/**
* lpfc_get_sli4_parameters - Get the SLI4 Config PARAMETERS.
* @phba: Pointer to HBA context object.
@@ -10647,7 +10547,8 @@ lpfc_get_sli4_parameters(struct lpfc_hba *phba, LPFC_MBOXQ_t *mboxq)
else
phba->sli3_options &= ~LPFC_SLI4_PHWQ_ENABLED;
sli4_params->sge_supp_len = mbx_sli4_parameters->sge_supp_len;
- sli4_params->loopbk_scope = bf_get(loopbk_scope, mbx_sli4_parameters);
+ sli4_params->loopbk_scope = bf_get(cfg_loopbk_scope,
+ mbx_sli4_parameters);
sli4_params->oas_supported = bf_get(cfg_oas, mbx_sli4_parameters);
sli4_params->cqv = bf_get(cfg_cqv, mbx_sli4_parameters);
sli4_params->mqv = bf_get(cfg_mqv, mbx_sli4_parameters);
diff --git a/drivers/scsi/lpfc/lpfc_mbox.c b/drivers/scsi/lpfc/lpfc_mbox.c
index e6bf5e8bc767..a4c382d2ce79 100644
--- a/drivers/scsi/lpfc/lpfc_mbox.c
+++ b/drivers/scsi/lpfc/lpfc_mbox.c
@@ -2622,39 +2622,3 @@ lpfc_resume_rpi(struct lpfcMboxq *mbox, struct lpfc_nodelist *ndlp)
resume_rpi->event_tag = ndlp->phba->fc_eventTag;
}
-/**
- * lpfc_supported_pages - Initialize the PORT_CAPABILITIES supported pages
- * mailbox command.
- * @mbox: pointer to lpfc mbox command to initialize.
- *
- * The PORT_CAPABILITIES supported pages mailbox command is issued to
- * retrieve the particular feature pages supported by the port.
- **/
-void
-lpfc_supported_pages(struct lpfcMboxq *mbox)
-{
- struct lpfc_mbx_supp_pages *supp_pages;
-
- memset(mbox, 0, sizeof(*mbox));
- supp_pages = &mbox->u.mqe.un.supp_pages;
- bf_set(lpfc_mqe_command, &mbox->u.mqe, MBX_PORT_CAPABILITIES);
- bf_set(cpn, supp_pages, LPFC_SUPP_PAGES);
-}
-
-/**
- * lpfc_pc_sli4_params - Initialize the PORT_CAPABILITIES SLI4 Params mbox cmd.
- * @mbox: pointer to lpfc mbox command to initialize.
- *
- * The PORT_CAPABILITIES SLI4 parameters mailbox command is issued to
- * retrieve the particular SLI4 features supported by the port.
- **/
-void
-lpfc_pc_sli4_params(struct lpfcMboxq *mbox)
-{
- struct lpfc_mbx_pc_sli4_params *sli4_params;
-
- memset(mbox, 0, sizeof(*mbox));
- sli4_params = &mbox->u.mqe.un.sli4_params;
- bf_set(lpfc_mqe_command, &mbox->u.mqe, MBX_PORT_CAPABILITIES);
- bf_set(cpn, sli4_params, LPFC_SLI4_PARAMETERS);
-}
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 072/425] scsi: libfc: Fix a format specifier
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (70 preceding siblings ...)
2021-05-20 9:17 ` [PATCH 4.19 071/425] scsi: lpfc: Remove unsupported mbox PORT_CAPABILITIES logic Greg Kroah-Hartman
@ 2021-05-20 9:17 ` Greg Kroah-Hartman
2021-05-20 9:17 ` [PATCH 4.19 073/425] s390/archrandom: add parameter check for s390_arch_random_generate Greg Kroah-Hartman
` (359 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:17 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hannes Reinecke, Bart Van Assche,
Martin K. Petersen, Sasha Levin
From: Bart Van Assche <bvanassche@acm.org>
[ Upstream commit 90d6697810f06aceea9de71ad836a8c7669789cd ]
Since the 'mfs' member has been declared as 'u32' in include/scsi/libfc.h,
use the %u format specifier instead of %hu. This patch fixes the following
clang compiler warning:
warning: format specifies type
'unsigned short' but the argument has type 'u32' (aka 'unsigned int')
[-Wformat]
"lport->mfs:%hu\n", mfs, lport->mfs);
~~~ ^~~~~~~~~~
%u
Link: https://lore.kernel.org/r/20210415220826.29438-8-bvanassche@acm.org
Cc: Hannes Reinecke <hare@suse.de>
Signed-off-by: Bart Van Assche <bvanassche@acm.org>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/scsi/libfc/fc_lport.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/scsi/libfc/fc_lport.c b/drivers/scsi/libfc/fc_lport.c
index ff943f477d6f..f653109d56af 100644
--- a/drivers/scsi/libfc/fc_lport.c
+++ b/drivers/scsi/libfc/fc_lport.c
@@ -1741,7 +1741,7 @@ void fc_lport_flogi_resp(struct fc_seq *sp, struct fc_frame *fp,
if (mfs < FC_SP_MIN_MAX_PAYLOAD || mfs > FC_SP_MAX_MAX_PAYLOAD) {
FC_LPORT_DBG(lport, "FLOGI bad mfs:%hu response, "
- "lport->mfs:%hu\n", mfs, lport->mfs);
+ "lport->mfs:%u\n", mfs, lport->mfs);
fc_lport_error(lport, fp);
goto out;
}
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 073/425] s390/archrandom: add parameter check for s390_arch_random_generate
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (71 preceding siblings ...)
2021-05-20 9:17 ` [PATCH 4.19 072/425] scsi: libfc: Fix a format specifier Greg Kroah-Hartman
@ 2021-05-20 9:17 ` Greg Kroah-Hartman
2021-05-20 9:17 ` [PATCH 4.19 074/425] ALSA: emu8000: Fix a use after free in snd_emu8000_create_mixer Greg Kroah-Hartman
` (358 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:17 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Sven Schnelle, Harald Freudenberger,
Heiko Carstens, Sasha Levin
From: Harald Freudenberger <freude@linux.ibm.com>
[ Upstream commit 28096067686c5a5cbd4c35b079749bd805df5010 ]
A review of the code showed, that this function which is exposed
within the whole kernel should do a parameter check for the
amount of bytes requested. If this requested bytes is too high
an unsigned int overflow could happen causing this function to
try to memcpy a really big memory chunk.
This is not a security issue as there are only two invocations
of this function from arch/s390/include/asm/archrandom.h and both
are not exposed to userland.
Reported-by: Sven Schnelle <svens@linux.ibm.com>
Signed-off-by: Harald Freudenberger <freude@linux.ibm.com>
Signed-off-by: Heiko Carstens <hca@linux.ibm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/s390/crypto/arch_random.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/arch/s390/crypto/arch_random.c b/arch/s390/crypto/arch_random.c
index dd95cdbd22ce..4cbb4b6d85a8 100644
--- a/arch/s390/crypto/arch_random.c
+++ b/arch/s390/crypto/arch_random.c
@@ -53,6 +53,10 @@ static DECLARE_DELAYED_WORK(arch_rng_work, arch_rng_refill_buffer);
bool s390_arch_random_generate(u8 *buf, unsigned int nbytes)
{
+ /* max hunk is ARCH_RNG_BUF_SIZE */
+ if (nbytes > ARCH_RNG_BUF_SIZE)
+ return false;
+
/* lock rng buffer */
if (!spin_trylock(&arch_rng_lock))
return false;
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 074/425] ALSA: emu8000: Fix a use after free in snd_emu8000_create_mixer
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (72 preceding siblings ...)
2021-05-20 9:17 ` [PATCH 4.19 073/425] s390/archrandom: add parameter check for s390_arch_random_generate Greg Kroah-Hartman
@ 2021-05-20 9:17 ` Greg Kroah-Hartman
2021-05-20 9:17 ` [PATCH 4.19 075/425] ALSA: hda/conexant: Re-order CX5066 quirk table entries Greg Kroah-Hartman
` (357 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:17 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Lv Yunlong, Takashi Iwai
From: Lv Yunlong <lyl2019@mail.ustc.edu.cn>
commit 1c98f574403dbcf2eb832d5535a10d967333ef2d upstream.
Our code analyzer reported a uaf.
In snd_emu8000_create_mixer, the callee snd_ctl_add(..,emu->controls[i])
calls snd_ctl_add_replace(.., kcontrol,..). Inside snd_ctl_add_replace(),
if error happens, kcontrol will be freed by snd_ctl_free_one(kcontrol).
Then emu->controls[i] points to a freed memory, and the execution comes
to __error branch of snd_emu8000_create_mixer. The freed emu->controls[i]
is used in snd_ctl_remove(card, emu->controls[i]).
My patch set emu->controls[i] to NULL if snd_ctl_add() failed to avoid
the uaf.
Signed-off-by: Lv Yunlong <lyl2019@mail.ustc.edu.cn>
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20210426131129.4796-1-lyl2019@mail.ustc.edu.cn
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
sound/isa/sb/emu8000.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
--- a/sound/isa/sb/emu8000.c
+++ b/sound/isa/sb/emu8000.c
@@ -1042,8 +1042,10 @@ snd_emu8000_create_mixer(struct snd_card
memset(emu->controls, 0, sizeof(emu->controls));
for (i = 0; i < EMU8000_NUM_CONTROLS; i++) {
- if ((err = snd_ctl_add(card, emu->controls[i] = snd_ctl_new1(mixer_defs[i], emu))) < 0)
+ if ((err = snd_ctl_add(card, emu->controls[i] = snd_ctl_new1(mixer_defs[i], emu))) < 0) {
+ emu->controls[i] = NULL;
goto __error;
+ }
}
return 0;
^ permalink raw reply [flat|nested] 440+ messages in thread
* [PATCH 4.19 075/425] ALSA: hda/conexant: Re-order CX5066 quirk table entries
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (73 preceding siblings ...)
2021-05-20 9:17 ` [PATCH 4.19 074/425] ALSA: emu8000: Fix a use after free in snd_emu8000_create_mixer Greg Kroah-Hartman
@ 2021-05-20 9:17 ` Greg Kroah-Hartman
2021-05-20 9:17 ` [PATCH 4.19 076/425] ALSA: sb: Fix two use after free in snd_sb_qsound_build Greg Kroah-Hartman
` (356 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:17 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Takashi Iwai
From: Takashi Iwai <tiwai@suse.de>
commit 2e6a731296be9d356fdccee9fb6ae345dad96438 upstream.
Just re-order the cx5066_fixups[] entries for HP devices for avoiding
the oversight of the duplicated or unapplied item in future.
No functional changes.
Also Cc-to-stable for the further patch applications.
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20210428112704.23967-14-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
sound/pci/hda/patch_conexant.c | 14 +++++++-------
1 file changed, 7 insertions(+), 7 deletions(-)
--- a/sound/pci/hda/patch_conexant.c
+++ b/sound/pci/hda/patch_conexant.c
@@ -911,18 +911,18 @@ static const struct snd_pci_quirk cxt506
SND_PCI_QUIRK(0x103c, 0x8079, "HP EliteBook 840 G3", CXT_FIXUP_HP_DOCK),
SND_PCI_QUIRK(0x103c, 0x807C, "HP EliteBook 820 G3", CXT_FIXUP_HP_DOCK),
SND_PCI_QUIRK(0x103c, 0x80FD, "HP ProBook 640 G2", CXT_FIXUP_HP_DOCK),
- SND_PCI_QUIRK(0x103c, 0x828c, "HP EliteBook 840 G4", CXT_FIXUP_HP_DOCK),
- SND_PCI_QUIRK(0x103c, 0x83b2, "HP EliteBook 840 G5", CXT_FIXUP_HP_DOCK),
- SND_PCI_QUIRK(0x103c, 0x83b3, "HP EliteBook 830 G5", CXT_FIXUP_HP_DOCK),
- SND_PCI_QUIRK(0x103c, 0x83d3, "HP ProBook 640 G4", CXT_FIXUP_HP_DOCK),
- SND_PCI_QUIRK(0x103c, 0x8174, "HP Spectre x360", CXT_FIXUP_HP_SPECTRE),
SND_PCI_QUIRK(0x103c, 0x8115, "HP Z1 Gen3", CXT_FIXUP_HP_GATE_MIC),
SND_PCI_QUIRK(0x103c, 0x814f, "HP ZBook 15u G3", CXT_FIXUP_MUTE_LED_GPIO),
+ SND_PCI_QUIRK(0x103c, 0x8174, "HP Spectre x360", CXT_FIXUP_HP_SPECTRE),
SND_PCI_QUIRK(0x103c, 0x822e, "HP ProBook 440 G4", CXT_FIXUP_MUTE_LED_GPIO),
- SND_PCI_QUIRK(0x103c, 0x836e, "HP ProBook 455 G5", CXT_FIXUP_MUTE_LED_GPIO),
- SND_PCI_QUIRK(0x103c, 0x837f, "HP ProBook 470 G5", CXT_FIXUP_MUTE_LED_GPIO),
+ SND_PCI_QUIRK(0x103c, 0x828c, "HP EliteBook 840 G4", CXT_FIXUP_HP_DOCK),
SND_PCI_QUIRK(0x103c, 0x8299, "HP 800 G3 SFF", CXT_FIXUP_HP_MIC_NO_PRESENCE),
SND_PCI_QUIRK(0x103c, 0x829a, "HP 800 G3 DM", CXT_FIXUP_HP_MIC_NO_PRESENCE),
+ SND_PCI_QUIRK(0x103c, 0x836e, "HP ProBook 455 G5", CXT_FIXUP_MUTE_LED_GPIO),
+ SND_PCI_QUIRK(0x103c, 0x837f, "HP ProBook 470 G5", CXT_FIXUP_MUTE_LED_GPIO),
+ SND_PCI_QUIRK(0x103c, 0x83b2, "HP EliteBook 840 G5", CXT_FIXUP_HP_DOCK),
+ SND_PCI_QUIRK(0x103c, 0x83b3, "HP EliteBook 830 G5", CXT_FIXUP_HP_DOCK),
+ SND_PCI_QUIRK(0x103c, 0x83d3, "HP ProBook 640 G4", CXT_FIXUP_HP_DOCK),
SND_PCI_QUIRK(0x103c, 0x8402, "HP ProBook 645 G4", CXT_FIXUP_MUTE_LED_GPIO),
SND_PCI_QUIRK(0x103c, 0x8455, "HP Z2 G4", CXT_FIXUP_HP_MIC_NO_PRESENCE),
SND_PCI_QUIRK(0x103c, 0x8456, "HP Z2 G4 SFF", CXT_FIXUP_HP_MIC_NO_PRESENCE),
^ permalink raw reply [flat|nested] 440+ messages in thread
* [PATCH 4.19 076/425] ALSA: sb: Fix two use after free in snd_sb_qsound_build
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (74 preceding siblings ...)
2021-05-20 9:17 ` [PATCH 4.19 075/425] ALSA: hda/conexant: Re-order CX5066 quirk table entries Greg Kroah-Hartman
@ 2021-05-20 9:17 ` Greg Kroah-Hartman
2021-05-20 9:17 ` [PATCH 4.19 077/425] ALSA: usb-audio: Explicitly set up the clock selector Greg Kroah-Hartman
` (355 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:17 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Lv Yunlong, Takashi Iwai
From: Lv Yunlong <lyl2019@mail.ustc.edu.cn>
commit 4fb44dd2c1dda18606348acdfdb97e8759dde9df upstream.
In snd_sb_qsound_build, snd_ctl_add(..,p->qsound_switch...) and
snd_ctl_add(..,p->qsound_space..) are called. But the second
arguments of snd_ctl_add() could be freed via snd_ctl_add_replace()
->snd_ctl_free_one(). After the error code is returned,
snd_sb_qsound_destroy(p) is called in __error branch.
But in snd_sb_qsound_destroy(), the freed p->qsound_switch and
p->qsound_space are still used by snd_ctl_remove().
My patch set p->qsound_switch and p->qsound_space to NULL if
snd_ctl_add() failed to avoid the uaf bugs. But these codes need
to further be improved with the code style.
Signed-off-by: Lv Yunlong <lyl2019@mail.ustc.edu.cn>
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20210426145541.8070-1-lyl2019@mail.ustc.edu.cn
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
sound/isa/sb/sb16_csp.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
--- a/sound/isa/sb/sb16_csp.c
+++ b/sound/isa/sb/sb16_csp.c
@@ -1059,10 +1059,14 @@ static int snd_sb_qsound_build(struct sn
spin_lock_init(&p->q_lock);
- if ((err = snd_ctl_add(card, p->qsound_switch = snd_ctl_new1(&snd_sb_qsound_switch, p))) < 0)
+ if ((err = snd_ctl_add(card, p->qsound_switch = snd_ctl_new1(&snd_sb_qsound_switch, p))) < 0) {
+ p->qsound_switch = NULL;
goto __error;
- if ((err = snd_ctl_add(card, p->qsound_space = snd_ctl_new1(&snd_sb_qsound_space, p))) < 0)
+ }
+ if ((err = snd_ctl_add(card, p->qsound_space = snd_ctl_new1(&snd_sb_qsound_space, p))) < 0) {
+ p->qsound_space = NULL;
goto __error;
+ }
return 0;
^ permalink raw reply [flat|nested] 440+ messages in thread
* [PATCH 4.19 077/425] ALSA: usb-audio: Explicitly set up the clock selector
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (75 preceding siblings ...)
2021-05-20 9:17 ` [PATCH 4.19 076/425] ALSA: sb: Fix two use after free in snd_sb_qsound_build Greg Kroah-Hartman
@ 2021-05-20 9:17 ` Greg Kroah-Hartman
2021-05-20 9:17 ` [PATCH 4.19 078/425] ALSA: usb-audio: More constifications Greg Kroah-Hartman
` (354 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:17 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Geraldo Nascimento, Takashi Iwai
From: Takashi Iwai <tiwai@suse.de>
commit d2e8f641257d0d3af6e45d6ac2d6f9d56b8ea964 upstream.
In the current code, we have some assumption that the audio clock
selector has been set up implicitly and don't want to touch it unless
it's really needed for the fallback autoclock setup. This works for
most devices but some seem having a problem. Partially this was
covered for the devices with a single connector at the initialization
phase (commit 086b957cc17f "ALSA: usb-audio: Skip the clock selector
inquiry for single connections"), but also there are cases where the
wrong clock set up is kept silently. The latter seems to be the cause
of the noises on Behringer devices.
In this patch, we explicitly set up the audio clock selector whenever
the appropriate node is found.
Reported-by: Geraldo Nascimento <geraldogabriel@gmail.com>
BugLink: https://bugzilla.kernel.org/show_bug.cgi?id=199327
Link: https://lore.kernel.org/r/CAEsQvcvF7LnO8PxyyCxuRCx=7jNeSCvFAd-+dE0g_rd1rOxxdw@mail.gmail.com
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20210413084152.32325-1-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
sound/usb/clock.c | 18 ++++++++++++++----
1 file changed, 14 insertions(+), 4 deletions(-)
--- a/sound/usb/clock.c
+++ b/sound/usb/clock.c
@@ -273,7 +273,7 @@ static int __uac_clock_find_source(struc
selector = snd_usb_find_clock_selector(chip->ctrl_intf, entity_id);
if (selector) {
- int ret, i, cur;
+ int ret, i, cur, err;
/* the entity ID we are looking for is a selector.
* find out what it currently selects */
@@ -295,13 +295,17 @@ static int __uac_clock_find_source(struc
ret = __uac_clock_find_source(chip, fmt,
selector->baCSourceID[ret - 1],
visited, validate);
+ if (ret > 0) {
+ err = uac_clock_selector_set_val(chip, entity_id, cur);
+ if (err < 0)
+ return err;
+ }
+
if (!validate || ret > 0 || !chip->autoclock)
return ret;
/* The current clock source is invalid, try others. */
for (i = 1; i <= selector->bNrInPins; i++) {
- int err;
-
if (i == cur)
continue;
@@ -367,7 +371,7 @@ static int __uac3_clock_find_source(stru
selector = snd_usb_find_clock_selector_v3(chip->ctrl_intf, entity_id);
if (selector) {
- int ret, i, cur;
+ int ret, i, cur, err;
/* the entity ID we are looking for is a selector.
* find out what it currently selects */
@@ -389,6 +393,12 @@ static int __uac3_clock_find_source(stru
ret = __uac3_clock_find_source(chip, fmt,
selector->baCSourceID[ret - 1],
visited, validate);
+ if (ret > 0) {
+ err = uac_clock_selector_set_val(chip, entity_id, cur);
+ if (err < 0)
+ return err;
+ }
+
if (!validate || ret > 0 || !chip->autoclock)
return ret;
^ permalink raw reply [flat|nested] 440+ messages in thread
* [PATCH 4.19 078/425] ALSA: usb-audio: More constifications
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (76 preceding siblings ...)
2021-05-20 9:17 ` [PATCH 4.19 077/425] ALSA: usb-audio: Explicitly set up the clock selector Greg Kroah-Hartman
@ 2021-05-20 9:17 ` Greg Kroah-Hartman
2021-05-20 9:17 ` [PATCH 4.19 079/425] ALSA: usb-audio: Add dB range mapping for Sennheiser Communications Headset PC 8 Greg Kroah-Hartman
` (353 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:17 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Takashi Iwai
From: Takashi Iwai <tiwai@suse.de>
commit a01df925d1bbc97d6f7fe07b157aadb565315337 upstream.
Apply const prefix to the remaining places: the static table for the
unit information, the mixer maps, the validator tables, etc.
Just for minor optimization and no functional changes.
Link: https://lore.kernel.org/r/20200105144823.29547-12-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
sound/usb/mixer.c | 60 ++++++++++++++++++++++-----------------------
sound/usb/mixer_maps.c | 56 +++++++++++++++++++++---------------------
sound/usb/mixer_quirks.c | 6 ++--
sound/usb/mixer_scarlett.c | 14 +++++-----
sound/usb/proc.c | 2 -
sound/usb/stream.c | 4 +--
sound/usb/validate.c | 4 +--
7 files changed, 73 insertions(+), 73 deletions(-)
--- a/sound/usb/mixer.c
+++ b/sound/usb/mixer.c
@@ -1045,7 +1045,7 @@ struct usb_feature_control_info {
int type_uac2; /* data type for uac2 if different from uac1, else -1 */
};
-static struct usb_feature_control_info audio_feature_info[] = {
+static const struct usb_feature_control_info audio_feature_info[] = {
{ UAC_FU_MUTE, "Mute", USB_MIXER_INV_BOOLEAN, -1 },
{ UAC_FU_VOLUME, "Volume", USB_MIXER_S16, -1 },
{ UAC_FU_BASS, "Tone Control - Bass", USB_MIXER_S8, -1 },
@@ -1559,7 +1559,7 @@ static void check_no_speaker_on_headset(
strlcpy(kctl->id.name, "Headphone", sizeof(kctl->id.name));
}
-static struct usb_feature_control_info *get_feature_control_info(int control)
+static const struct usb_feature_control_info *get_feature_control_info(int control)
{
int i;
@@ -1577,7 +1577,7 @@ static void __build_feature_ctl(struct u
struct usb_audio_term *oterm,
int unitid, int nameid, int readonly_mask)
{
- struct usb_feature_control_info *ctl_info;
+ const struct usb_feature_control_info *ctl_info;
unsigned int len = 0;
int mapped_name = 0;
struct snd_kcontrol *kctl;
@@ -2256,7 +2256,7 @@ static const struct snd_kcontrol_new mix
*/
struct procunit_value_info {
int control;
- char *suffix;
+ const char *suffix;
int val_type;
int min_value;
};
@@ -2264,44 +2264,44 @@ struct procunit_value_info {
struct procunit_info {
int type;
char *name;
- struct procunit_value_info *values;
+ const struct procunit_value_info *values;
};
-static struct procunit_value_info undefined_proc_info[] = {
+static const struct procunit_value_info undefined_proc_info[] = {
{ 0x00, "Control Undefined", 0 },
{ 0 }
};
-static struct procunit_value_info updown_proc_info[] = {
+static const struct procunit_value_info updown_proc_info[] = {
{ UAC_UD_ENABLE, "Switch", USB_MIXER_BOOLEAN },
{ UAC_UD_MODE_SELECT, "Mode Select", USB_MIXER_U8, 1 },
{ 0 }
};
-static struct procunit_value_info prologic_proc_info[] = {
+static const struct procunit_value_info prologic_proc_info[] = {
{ UAC_DP_ENABLE, "Switch", USB_MIXER_BOOLEAN },
{ UAC_DP_MODE_SELECT, "Mode Select", USB_MIXER_U8, 1 },
{ 0 }
};
-static struct procunit_value_info threed_enh_proc_info[] = {
+static const struct procunit_value_info threed_enh_proc_info[] = {
{ UAC_3D_ENABLE, "Switch", USB_MIXER_BOOLEAN },
{ UAC_3D_SPACE, "Spaciousness", USB_MIXER_U8 },
{ 0 }
};
-static struct procunit_value_info reverb_proc_info[] = {
+static const struct procunit_value_info reverb_proc_info[] = {
{ UAC_REVERB_ENABLE, "Switch", USB_MIXER_BOOLEAN },
{ UAC_REVERB_LEVEL, "Level", USB_MIXER_U8 },
{ UAC_REVERB_TIME, "Time", USB_MIXER_U16 },
{ UAC_REVERB_FEEDBACK, "Feedback", USB_MIXER_U8 },
{ 0 }
};
-static struct procunit_value_info chorus_proc_info[] = {
+static const struct procunit_value_info chorus_proc_info[] = {
{ UAC_CHORUS_ENABLE, "Switch", USB_MIXER_BOOLEAN },
{ UAC_CHORUS_LEVEL, "Level", USB_MIXER_U8 },
{ UAC_CHORUS_RATE, "Rate", USB_MIXER_U16 },
{ UAC_CHORUS_DEPTH, "Depth", USB_MIXER_U16 },
{ 0 }
};
-static struct procunit_value_info dcr_proc_info[] = {
+static const struct procunit_value_info dcr_proc_info[] = {
{ UAC_DCR_ENABLE, "Switch", USB_MIXER_BOOLEAN },
{ UAC_DCR_RATE, "Ratio", USB_MIXER_U16 },
{ UAC_DCR_MAXAMPL, "Max Amp", USB_MIXER_S16 },
@@ -2311,7 +2311,7 @@ static struct procunit_value_info dcr_pr
{ 0 }
};
-static struct procunit_info procunits[] = {
+static const struct procunit_info procunits[] = {
{ UAC_PROCESS_UP_DOWNMIX, "Up Down", updown_proc_info },
{ UAC_PROCESS_DOLBY_PROLOGIC, "Dolby Prologic", prologic_proc_info },
{ UAC_PROCESS_STEREO_EXTENDER, "3D Stereo Extender", threed_enh_proc_info },
@@ -2321,16 +2321,16 @@ static struct procunit_info procunits[]
{ 0 },
};
-static struct procunit_value_info uac3_updown_proc_info[] = {
+static const struct procunit_value_info uac3_updown_proc_info[] = {
{ UAC3_UD_MODE_SELECT, "Mode Select", USB_MIXER_U8, 1 },
{ 0 }
};
-static struct procunit_value_info uac3_stereo_ext_proc_info[] = {
+static const struct procunit_value_info uac3_stereo_ext_proc_info[] = {
{ UAC3_EXT_WIDTH_CONTROL, "Width Control", USB_MIXER_U8 },
{ 0 }
};
-static struct procunit_info uac3_procunits[] = {
+static const struct procunit_info uac3_procunits[] = {
{ UAC3_PROCESS_UP_DOWNMIX, "Up Down", uac3_updown_proc_info },
{ UAC3_PROCESS_STEREO_EXTENDER, "3D Stereo Extender", uac3_stereo_ext_proc_info },
{ UAC3_PROCESS_MULTI_FUNCTION, "Multi-Function", undefined_proc_info },
@@ -2340,23 +2340,23 @@ static struct procunit_info uac3_procuni
/*
* predefined data for extension units
*/
-static struct procunit_value_info clock_rate_xu_info[] = {
+static const struct procunit_value_info clock_rate_xu_info[] = {
{ USB_XU_CLOCK_RATE_SELECTOR, "Selector", USB_MIXER_U8, 0 },
{ 0 }
};
-static struct procunit_value_info clock_source_xu_info[] = {
+static const struct procunit_value_info clock_source_xu_info[] = {
{ USB_XU_CLOCK_SOURCE_SELECTOR, "External", USB_MIXER_BOOLEAN },
{ 0 }
};
-static struct procunit_value_info spdif_format_xu_info[] = {
+static const struct procunit_value_info spdif_format_xu_info[] = {
{ USB_XU_DIGITAL_FORMAT_SELECTOR, "SPDIF/AC3", USB_MIXER_BOOLEAN },
{ 0 }
};
-static struct procunit_value_info soft_limit_xu_info[] = {
+static const struct procunit_value_info soft_limit_xu_info[] = {
{ USB_XU_SOFT_LIMIT_SELECTOR, " ", USB_MIXER_BOOLEAN },
{ 0 }
};
-static struct procunit_info extunits[] = {
+static const struct procunit_info extunits[] = {
{ USB_XU_CLOCK_RATE, "Clock rate", clock_rate_xu_info },
{ USB_XU_CLOCK_SOURCE, "DigitalIn CLK source", clock_source_xu_info },
{ USB_XU_DIGITAL_IO_STATUS, "DigitalOut format:", spdif_format_xu_info },
@@ -2368,7 +2368,7 @@ static struct procunit_info extunits[] =
* build a processing/extension unit
*/
static int build_audio_procunit(struct mixer_build *state, int unitid,
- void *raw_desc, struct procunit_info *list,
+ void *raw_desc, const struct procunit_info *list,
bool extension_unit)
{
struct uac_processing_unit_descriptor *desc = raw_desc;
@@ -2376,14 +2376,14 @@ static int build_audio_procunit(struct m
struct usb_mixer_elem_info *cval;
struct snd_kcontrol *kctl;
int i, err, nameid, type, len;
- struct procunit_info *info;
- struct procunit_value_info *valinfo;
+ const struct procunit_info *info;
+ const struct procunit_value_info *valinfo;
const struct usbmix_name_map *map;
- static struct procunit_value_info default_value_info[] = {
+ static const struct procunit_value_info default_value_info[] = {
{ 0x01, "Switch", USB_MIXER_BOOLEAN },
{ 0 }
};
- static struct procunit_info default_info = {
+ static const struct procunit_info default_info = {
0, NULL, default_value_info
};
const char *name = extension_unit ?
@@ -2861,7 +2861,7 @@ struct uac3_badd_profile {
int st_chmask; /* side tone mixing channel mask */
};
-static struct uac3_badd_profile uac3_badd_profiles[] = {
+static const struct uac3_badd_profile uac3_badd_profiles[] = {
{
/*
* BAIF, BAOF or combination of both
@@ -2922,7 +2922,7 @@ static struct uac3_badd_profile uac3_bad
};
static bool uac3_badd_func_has_valid_channels(struct usb_mixer_interface *mixer,
- struct uac3_badd_profile *f,
+ const struct uac3_badd_profile *f,
int c_chmask, int p_chmask)
{
/*
@@ -2966,7 +2966,7 @@ static int snd_usb_mixer_controls_badd(s
struct usb_device *dev = mixer->chip->dev;
struct usb_interface_assoc_descriptor *assoc;
int badd_profile = mixer->chip->badd_profile;
- struct uac3_badd_profile *f;
+ const struct uac3_badd_profile *f;
const struct usbmix_ctl_map *map;
int p_chmask = 0, c_chmask = 0, st_chmask = 0;
int i;
@@ -3260,7 +3260,7 @@ static void snd_usb_mixer_dump_cval(stru
struct usb_mixer_elem_list *list)
{
struct usb_mixer_elem_info *cval = mixer_elem_list_to_info(list);
- static char *val_types[] = {"BOOLEAN", "INV_BOOLEAN",
+ static const char * const val_types[] = {"BOOLEAN", "INV_BOOLEAN",
"S8", "U8", "S16", "U16"};
snd_iprintf(buffer, " Info: id=%i, control=%i, cmask=0x%x, "
"channels=%i, type=\"%s\"\n", cval->head.id,
--- a/sound/usb/mixer_maps.c
+++ b/sound/usb/mixer_maps.c
@@ -28,7 +28,7 @@ struct usbmix_name_map {
int id;
const char *name;
int control;
- struct usbmix_dB_map *dB;
+ const struct usbmix_dB_map *dB;
};
struct usbmix_selector_map {
@@ -67,7 +67,7 @@ Mic-IN[9] --+->FU[10]-------------------
++--+->SU[11]-->FU[12] --------------------------------------------------------------------------------------> USB_OUT[13]
*/
-static struct usbmix_name_map extigy_map[] = {
+static const struct usbmix_name_map extigy_map[] = {
/* 1: IT pcm */
{ 2, "PCM Playback" }, /* FU */
/* 3: IT pcm */
@@ -108,12 +108,12 @@ static struct usbmix_name_map extigy_map
* e.g. no Master and fake PCM volume
* Pavel Mihaylov <bin@bash.info>
*/
-static struct usbmix_dB_map mp3plus_dB_1 = {.min = -4781, .max = 0};
+static const struct usbmix_dB_map mp3plus_dB_1 = {.min = -4781, .max = 0};
/* just guess */
-static struct usbmix_dB_map mp3plus_dB_2 = {.min = -1781, .max = 618};
+static const struct usbmix_dB_map mp3plus_dB_2 = {.min = -1781, .max = 618};
/* just guess */
-static struct usbmix_name_map mp3plus_map[] = {
+static const struct usbmix_name_map mp3plus_map[] = {
/* 1: IT pcm */
/* 2: IT mic */
/* 3: IT line */
@@ -154,7 +154,7 @@ Lin_IN[7]-+--->FU[8]---+ +-
| ^
+->FU[13]--------------------------------------+
*/
-static struct usbmix_name_map audigy2nx_map[] = {
+static const struct usbmix_name_map audigy2nx_map[] = {
/* 1: IT pcm playback */
/* 4: IT digital in */
{ 6, "Digital In Playback" }, /* FU */
@@ -182,12 +182,12 @@ static struct usbmix_name_map audigy2nx_
{ 0 } /* terminator */
};
-static struct usbmix_name_map mbox1_map[] = {
+static const struct usbmix_name_map mbox1_map[] = {
{ 1, "Clock" },
{ 0 } /* terminator */
};
-static struct usbmix_selector_map c400_selectors[] = {
+static const struct usbmix_selector_map c400_selectors[] = {
{
.id = 0x80,
.count = 2,
@@ -196,7 +196,7 @@ static struct usbmix_selector_map c400_s
{ 0 } /* terminator */
};
-static struct usbmix_selector_map audigy2nx_selectors[] = {
+static const struct usbmix_selector_map audigy2nx_selectors[] = {
{
.id = 14, /* Capture Source */
.count = 3,
@@ -216,21 +216,21 @@ static struct usbmix_selector_map audigy
};
/* Creative SoundBlaster Live! 24-bit External */
-static struct usbmix_name_map live24ext_map[] = {
+static const struct usbmix_name_map live24ext_map[] = {
/* 2: PCM Playback Volume */
{ 5, "Mic Capture" }, /* FU, default PCM Capture Volume */
{ 0 } /* terminator */
};
/* LineX FM Transmitter entry - needed to bypass controls bug */
-static struct usbmix_name_map linex_map[] = {
+static const struct usbmix_name_map linex_map[] = {
/* 1: IT pcm */
/* 2: OT Speaker */
{ 3, "Master" }, /* FU: master volume - left / right / mute */
{ 0 } /* terminator */
};
-static struct usbmix_name_map maya44_map[] = {
+static const struct usbmix_name_map maya44_map[] = {
/* 1: IT line */
{ 2, "Line Playback" }, /* FU */
/* 3: IT line */
@@ -253,7 +253,7 @@ static struct usbmix_name_map maya44_map
* so this map removes all unwanted sliders from alsamixer
*/
-static struct usbmix_name_map justlink_map[] = {
+static const struct usbmix_name_map justlink_map[] = {
/* 1: IT pcm playback */
/* 2: Not present */
{ 3, NULL}, /* IT mic (No mic input on device) */
@@ -270,7 +270,7 @@ static struct usbmix_name_map justlink_m
};
/* TerraTec Aureon 5.1 MkII USB */
-static struct usbmix_name_map aureon_51_2_map[] = {
+static const struct usbmix_name_map aureon_51_2_map[] = {
/* 1: IT USB */
/* 2: IT Mic */
/* 3: IT Line */
@@ -289,7 +289,7 @@ static struct usbmix_name_map aureon_51_
{} /* terminator */
};
-static struct usbmix_name_map scratch_live_map[] = {
+static const struct usbmix_name_map scratch_live_map[] = {
/* 1: IT Line 1 (USB streaming) */
/* 2: OT Line 1 (Speaker) */
/* 3: IT Line 1 (Line connector) */
@@ -305,7 +305,7 @@ static struct usbmix_name_map scratch_li
{ 0 } /* terminator */
};
-static struct usbmix_name_map ebox44_map[] = {
+static const struct usbmix_name_map ebox44_map[] = {
{ 4, NULL }, /* FU */
{ 6, NULL }, /* MU */
{ 7, NULL }, /* FU */
@@ -320,7 +320,7 @@ static struct usbmix_name_map ebox44_map
* FIXME: or mp3plus_map should use "Capture Source" too,
* so this maps can be merget
*/
-static struct usbmix_name_map hercules_usb51_map[] = {
+static const struct usbmix_name_map hercules_usb51_map[] = {
{ 8, "Capture Source" }, /* SU, default "PCM Capture Source" */
{ 9, "Master Playback" }, /* FU, default "Speaker Playback" */
{ 10, "Mic Boost", 7 }, /* FU, default "Auto Gain Input" */
@@ -331,7 +331,7 @@ static struct usbmix_name_map hercules_u
};
/* Plantronics Gamecom 780 has a broken volume control, better to disable it */
-static struct usbmix_name_map gamecom780_map[] = {
+static const struct usbmix_name_map gamecom780_map[] = {
{ 9, NULL }, /* FU, speaker out */
{}
};
@@ -345,8 +345,8 @@ static const struct usbmix_name_map scms
};
/* Bose companion 5, the dB conversion factor is 16 instead of 256 */
-static struct usbmix_dB_map bose_companion5_dB = {-5006, -6};
-static struct usbmix_name_map bose_companion5_map[] = {
+static const struct usbmix_dB_map bose_companion5_dB = {-5006, -6};
+static const struct usbmix_name_map bose_companion5_map[] = {
{ 3, NULL, .dB = &bose_companion5_dB },
{ 0 } /* terminator */
};
@@ -420,7 +420,7 @@ static const struct usbmix_name_map aoru
* Control map entries
*/
-static struct usbmix_ctl_map usbmix_ctl_maps[] = {
+static const struct usbmix_ctl_map usbmix_ctl_maps[] = {
{
.id = USB_ID(0x041e, 0x3000),
.map = extigy_map,
@@ -574,37 +574,37 @@ static struct usbmix_ctl_map usbmix_ctl_
* Control map entries for UAC3 BADD profiles
*/
-static struct usbmix_name_map uac3_badd_generic_io_map[] = {
+static const struct usbmix_name_map uac3_badd_generic_io_map[] = {
{ UAC3_BADD_FU_ID2, "Generic Out Playback" },
{ UAC3_BADD_FU_ID5, "Generic In Capture" },
{ 0 } /* terminator */
};
-static struct usbmix_name_map uac3_badd_headphone_map[] = {
+static const struct usbmix_name_map uac3_badd_headphone_map[] = {
{ UAC3_BADD_FU_ID2, "Headphone Playback" },
{ 0 } /* terminator */
};
-static struct usbmix_name_map uac3_badd_speaker_map[] = {
+static const struct usbmix_name_map uac3_badd_speaker_map[] = {
{ UAC3_BADD_FU_ID2, "Speaker Playback" },
{ 0 } /* terminator */
};
-static struct usbmix_name_map uac3_badd_microphone_map[] = {
+static const struct usbmix_name_map uac3_badd_microphone_map[] = {
{ UAC3_BADD_FU_ID5, "Mic Capture" },
{ 0 } /* terminator */
};
/* Covers also 'headset adapter' profile */
-static struct usbmix_name_map uac3_badd_headset_map[] = {
+static const struct usbmix_name_map uac3_badd_headset_map[] = {
{ UAC3_BADD_FU_ID2, "Headset Playback" },
{ UAC3_BADD_FU_ID5, "Headset Capture" },
{ UAC3_BADD_FU_ID7, "Sidetone Mixing" },
{ 0 } /* terminator */
};
-static struct usbmix_name_map uac3_badd_speakerphone_map[] = {
+static const struct usbmix_name_map uac3_badd_speakerphone_map[] = {
{ UAC3_BADD_FU_ID2, "Speaker Playback" },
{ UAC3_BADD_FU_ID5, "Mic Capture" },
{ 0 } /* terminator */
};
-static struct usbmix_ctl_map uac3_badd_usbmix_ctl_maps[] = {
+static const struct usbmix_ctl_map uac3_badd_usbmix_ctl_maps[] = {
{
.id = UAC3_FUNCTION_SUBCLASS_GENERIC_IO,
.map = uac3_badd_generic_io_map,
--- a/sound/usb/mixer_quirks.c
+++ b/sound/usb/mixer_quirks.c
@@ -130,7 +130,7 @@ static int snd_create_std_mono_ctl(struc
* Create a set of standard UAC controls from a table
*/
static int snd_create_std_mono_table(struct usb_mixer_interface *mixer,
- struct std_mono_table *t)
+ const struct std_mono_table *t)
{
int err;
@@ -1399,7 +1399,7 @@ static int snd_c400_create_mixer(struct
* are valid they presents mono controls as L and R channels of
* stereo. So we provide a good mixer here.
*/
-static struct std_mono_table ebox44_table[] = {
+static const struct std_mono_table ebox44_table[] = {
{
.unitid = 4,
.control = 1,
@@ -1708,7 +1708,7 @@ static struct snd_kcontrol_new snd_micro
static int snd_microii_controls_create(struct usb_mixer_interface *mixer)
{
int err, i;
- static usb_mixer_elem_resume_func_t resume_funcs[] = {
+ const static usb_mixer_elem_resume_func_t resume_funcs[] = {
snd_microii_spdif_default_update,
NULL,
snd_microii_spdif_switch_update
--- a/sound/usb/mixer_scarlett.c
+++ b/sound/usb/mixer_scarlett.c
@@ -633,7 +633,7 @@ static int add_output_ctls(struct usb_mi
/********************** device-specific config *************************/
/* untested... */
-static struct scarlett_device_info s6i6_info = {
+static const struct scarlett_device_info s6i6_info = {
.matrix_in = 18,
.matrix_out = 8,
.input_len = 6,
@@ -675,7 +675,7 @@ static struct scarlett_device_info s6i6_
};
/* untested... */
-static struct scarlett_device_info s8i6_info = {
+static const struct scarlett_device_info s8i6_info = {
.matrix_in = 18,
.matrix_out = 6,
.input_len = 8,
@@ -714,7 +714,7 @@ static struct scarlett_device_info s8i6_
}
};
-static struct scarlett_device_info s18i6_info = {
+static const struct scarlett_device_info s18i6_info = {
.matrix_in = 18,
.matrix_out = 6,
.input_len = 18,
@@ -751,7 +751,7 @@ static struct scarlett_device_info s18i6
}
};
-static struct scarlett_device_info s18i8_info = {
+static const struct scarlett_device_info s18i8_info = {
.matrix_in = 18,
.matrix_out = 8,
.input_len = 18,
@@ -793,7 +793,7 @@ static struct scarlett_device_info s18i8
}
};
-static struct scarlett_device_info s18i20_info = {
+static const struct scarlett_device_info s18i20_info = {
.matrix_in = 18,
.matrix_out = 8,
.input_len = 18,
@@ -843,7 +843,7 @@ static struct scarlett_device_info s18i2
static int scarlett_controls_create_generic(struct usb_mixer_interface *mixer,
- struct scarlett_device_info *info)
+ const struct scarlett_device_info *info)
{
int i, err;
char mx[SNDRV_CTL_ELEM_ID_NAME_MAXLEN];
@@ -906,7 +906,7 @@ int snd_scarlett_controls_create(struct
{
int err, i, o;
char mx[SNDRV_CTL_ELEM_ID_NAME_MAXLEN];
- struct scarlett_device_info *info;
+ const struct scarlett_device_info *info;
struct usb_mixer_elem_info *elem;
static char sample_rate_buffer[4] = { '\x80', '\xbb', '\x00', '\x00' };
--- a/sound/usb/proc.c
+++ b/sound/usb/proc.c
@@ -74,7 +74,7 @@ void snd_usb_audio_create_proc(struct sn
static void proc_dump_substream_formats(struct snd_usb_substream *subs, struct snd_info_buffer *buffer)
{
struct audioformat *fp;
- static char *sync_types[4] = {
+ static const char * const sync_types[4] = {
"NONE", "ASYNC", "ADAPTIVE", "SYNC"
};
--- a/sound/usb/stream.c
+++ b/sound/usb/stream.c
@@ -245,7 +245,7 @@ static int add_chmap(struct snd_pcm *pcm
static struct snd_pcm_chmap_elem *convert_chmap(int channels, unsigned int bits,
int protocol)
{
- static unsigned int uac1_maps[] = {
+ static const unsigned int uac1_maps[] = {
SNDRV_CHMAP_FL, /* left front */
SNDRV_CHMAP_FR, /* right front */
SNDRV_CHMAP_FC, /* center front */
@@ -260,7 +260,7 @@ static struct snd_pcm_chmap_elem *conver
SNDRV_CHMAP_TC, /* top */
0 /* terminator */
};
- static unsigned int uac2_maps[] = {
+ static const unsigned int uac2_maps[] = {
SNDRV_CHMAP_FL, /* front left */
SNDRV_CHMAP_FR, /* front right */
SNDRV_CHMAP_FC, /* front center */
--- a/sound/usb/validate.c
+++ b/sound/usb/validate.c
@@ -233,7 +233,7 @@ static bool validate_midi_out_jack(const
#define FIXED(p, t, s) { .protocol = (p), .type = (t), .size = sizeof(s) }
#define FUNC(p, t, f) { .protocol = (p), .type = (t), .func = (f) }
-static struct usb_desc_validator audio_validators[] = {
+static const struct usb_desc_validator audio_validators[] = {
/* UAC1 */
FUNC(UAC_VERSION_1, UAC_HEADER, validate_uac1_header),
FIXED(UAC_VERSION_1, UAC_INPUT_TERMINAL,
@@ -288,7 +288,7 @@ static struct usb_desc_validator audio_v
{ } /* terminator */
};
-static struct usb_desc_validator midi_validators[] = {
+static const struct usb_desc_validator midi_validators[] = {
FIXED(UAC_VERSION_ALL, USB_MS_HEADER,
struct usb_ms_header_descriptor),
FIXED(UAC_VERSION_ALL, USB_MS_MIDI_IN_JACK,
^ permalink raw reply [flat|nested] 440+ messages in thread
* [PATCH 4.19 079/425] ALSA: usb-audio: Add dB range mapping for Sennheiser Communications Headset PC 8
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (77 preceding siblings ...)
2021-05-20 9:17 ` [PATCH 4.19 078/425] ALSA: usb-audio: More constifications Greg Kroah-Hartman
@ 2021-05-20 9:17 ` Greg Kroah-Hartman
2021-05-20 9:17 ` [PATCH 4.19 080/425] ALSA: hda/realtek: Add quirk for Intel Clevo PCx0Dx Greg Kroah-Hartman
` (352 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:17 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Timo Gurr, Takashi Iwai
From: Timo Gurr <timo.gurr@gmail.com>
commit ab2165e2e6ed17345ffa8ee88ca764e8788ebcd7 upstream.
The decibel volume range contains a negative maximum value resulting in
pipewire complaining about the device and effectivly having no sound
output. The wrong values also resulted in the headset sounding muted
already at a mixer level of about ~25%.
PipeWire BugLink: https://gitlab.freedesktop.org/pipewire/pipewire/-/issues/1049
BugLink: https://bugzilla.kernel.org/show_bug.cgi?id=212897
Signed-off-by: Timo Gurr <timo.gurr@gmail.com>
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20210503110822.10222-1-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
sound/usb/mixer_maps.c | 12 ++++++++++++
1 file changed, 12 insertions(+)
--- a/sound/usb/mixer_maps.c
+++ b/sound/usb/mixer_maps.c
@@ -351,6 +351,13 @@ static struct usbmix_name_map bose_compa
{ 0 } /* terminator */
};
+/* Sennheiser Communications Headset [PC 8], the dB value is reported as -6 negative maximum */
+static const struct usbmix_dB_map sennheiser_pc8_dB = {-9500, 0};
+static const struct usbmix_name_map sennheiser_pc8_map[] = {
+ { 9, NULL, .dB = &sennheiser_pc8_dB },
+ { 0 } /* terminator */
+};
+
/*
* Dell usb dock with ALC4020 codec had a firmware problem where it got
* screwed up when zero volume is passed; just skip it as a workaround
@@ -633,5 +640,10 @@ static struct usbmix_ctl_map uac3_badd_u
.id = UAC3_FUNCTION_SUBCLASS_SPEAKERPHONE,
.map = uac3_badd_speakerphone_map,
},
+ {
+ /* Sennheiser Communications Headset [PC 8] */
+ .id = USB_ID(0x1395, 0x0025),
+ .map = sennheiser_pc8_map,
+ },
{ 0 } /* terminator */
};
^ permalink raw reply [flat|nested] 440+ messages in thread
* [PATCH 4.19 080/425] ALSA: hda/realtek: Add quirk for Intel Clevo PCx0Dx
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (78 preceding siblings ...)
2021-05-20 9:17 ` [PATCH 4.19 079/425] ALSA: usb-audio: Add dB range mapping for Sennheiser Communications Headset PC 8 Greg Kroah-Hartman
@ 2021-05-20 9:17 ` Greg Kroah-Hartman
2021-05-20 9:17 ` [PATCH 4.19 081/425] btrfs: fix race when picking most recent mod log operation for an old root Greg Kroah-Hartman
` (351 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:17 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Eckhart Mohr, Werner Sembach, Takashi Iwai
From: Eckhart Mohr <e.mohr@tuxedocomputers.com>
commit 970e3012c04c96351c413f193a9c909e6d871ce2 upstream.
This applies a SND_PCI_QUIRK(...) to the Clevo PCx0Dx barebones. This
fix enables audio output over the headset jack and ensures that a
microphone connected via the headset combo jack is correctly recognized
when pluged in.
[ Rearranged the list entries in a sorted order -- tiwai ]
Signed-off-by: Eckhart Mohr <e.mohr@tuxedocomputers.com>
Co-developed-by: Werner Sembach <wse@tuxedocomputers.com>
Signed-off-by: Werner Sembach <wse@tuxedocomputers.com>
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20210427153025.451118-1-wse@tuxedocomputers.com
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
sound/pci/hda/patch_realtek.c | 2 ++
1 file changed, 2 insertions(+)
--- a/sound/pci/hda/patch_realtek.c
+++ b/sound/pci/hda/patch_realtek.c
@@ -2527,8 +2527,10 @@ static const struct snd_pci_quirk alc882
SND_PCI_QUIRK(0x1558, 0x65d1, "Clevo PB51[ER][CDF]", ALC1220_FIXUP_CLEVO_PB51ED_PINS),
SND_PCI_QUIRK(0x1558, 0x65d2, "Clevo PB51R[CDF]", ALC1220_FIXUP_CLEVO_PB51ED_PINS),
SND_PCI_QUIRK(0x1558, 0x65e1, "Clevo PB51[ED][DF]", ALC1220_FIXUP_CLEVO_PB51ED_PINS),
+ SND_PCI_QUIRK(0x1558, 0x65e5, "Clevo PC50D[PRS](?:-D|-G)?", ALC1220_FIXUP_CLEVO_PB51ED_PINS),
SND_PCI_QUIRK(0x1558, 0x67d1, "Clevo PB71[ER][CDF]", ALC1220_FIXUP_CLEVO_PB51ED_PINS),
SND_PCI_QUIRK(0x1558, 0x67e1, "Clevo PB71[DE][CDF]", ALC1220_FIXUP_CLEVO_PB51ED_PINS),
+ SND_PCI_QUIRK(0x1558, 0x67e5, "Clevo PC70D[PRS](?:-D|-G)?", ALC1220_FIXUP_CLEVO_PB51ED_PINS),
SND_PCI_QUIRK(0x1558, 0x70d1, "Clevo PC70[ER][CDF]", ALC1220_FIXUP_CLEVO_PB51ED_PINS),
SND_PCI_QUIRK(0x1558, 0x7714, "Clevo X170", ALC1220_FIXUP_CLEVO_PB51ED_PINS),
SND_PCI_QUIRK_VENDOR(0x1558, "Clevo laptop", ALC882_FIXUP_EAPD),
^ permalink raw reply [flat|nested] 440+ messages in thread
* [PATCH 4.19 081/425] btrfs: fix race when picking most recent mod log operation for an old root
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (79 preceding siblings ...)
2021-05-20 9:17 ` [PATCH 4.19 080/425] ALSA: hda/realtek: Add quirk for Intel Clevo PCx0Dx Greg Kroah-Hartman
@ 2021-05-20 9:17 ` Greg Kroah-Hartman
2021-05-20 9:17 ` [PATCH 4.19 082/425] arm64/vdso: Discard .note.gnu.property sections in vDSO Greg Kroah-Hartman
` (350 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:17 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Zygo Blaxell, Filipe Manana,
David Sterba, Sasha Levin
From: Filipe Manana <fdmanana@suse.com>
[ Upstream commit f9690f426b2134cc3e74bfc5d9dfd6a4b2ca5281 ]
Commit dbcc7d57bffc0c ("btrfs: fix race when cloning extent buffer during
rewind of an old root"), fixed a race when we need to rewind the extent
buffer of an old root. It was caused by picking a new mod log operation
for the extent buffer while getting a cloned extent buffer with an outdated
number of items (off by -1), because we cloned the extent buffer without
locking it first.
However there is still another similar race, but in the opposite direction.
The cloned extent buffer has a number of items that does not match the
number of tree mod log operations that are going to be replayed. This is
because right after we got the last (most recent) tree mod log operation to
replay and before locking and cloning the extent buffer, another task adds
a new pointer to the extent buffer, which results in adding a new tree mod
log operation and incrementing the number of items in the extent buffer.
So after cloning we have mismatch between the number of items in the extent
buffer and the number of mod log operations we are going to apply to it.
This results in hitting a BUG_ON() that produces the following stack trace:
------------[ cut here ]------------
kernel BUG at fs/btrfs/tree-mod-log.c:675!
invalid opcode: 0000 [#1] SMP KASAN PTI
CPU: 3 PID: 4811 Comm: crawl_1215 Tainted: G W 5.12.0-7d1efdf501f8-misc-next+ #99
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
RIP: 0010:tree_mod_log_rewind+0x3b1/0x3c0
Code: 05 48 8d 74 10 (...)
RSP: 0018:ffffc90001027090 EFLAGS: 00010293
RAX: 0000000000000000 RBX: ffff8880a8514600 RCX: ffffffffaa9e59b6
RDX: 0000000000000007 RSI: dffffc0000000000 RDI: ffff8880a851462c
RBP: ffffc900010270e0 R08: 00000000000000c0 R09: ffffed1004333417
R10: ffff88802199a0b7 R11: ffffed1004333416 R12: 000000000000000e
R13: ffff888135af8748 R14: ffff88818766ff00 R15: ffff8880a851462c
FS: 00007f29acf62700(0000) GS:ffff8881f2200000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f0e6013f718 CR3: 000000010d42e003 CR4: 0000000000170ee0
Call Trace:
btrfs_get_old_root+0x16a/0x5c0
? lock_downgrade+0x400/0x400
btrfs_search_old_slot+0x192/0x520
? btrfs_search_slot+0x1090/0x1090
? free_extent_buffer.part.61+0xd7/0x140
? free_extent_buffer+0x13/0x20
resolve_indirect_refs+0x3e9/0xfc0
? lock_downgrade+0x400/0x400
? __kasan_check_read+0x11/0x20
? add_prelim_ref.part.11+0x150/0x150
? lock_downgrade+0x400/0x400
? __kasan_check_read+0x11/0x20
? lock_acquired+0xbb/0x620
? __kasan_check_write+0x14/0x20
? do_raw_spin_unlock+0xa8/0x140
? rb_insert_color+0x340/0x360
? prelim_ref_insert+0x12d/0x430
find_parent_nodes+0x5c3/0x1830
? stack_trace_save+0x87/0xb0
? resolve_indirect_refs+0xfc0/0xfc0
? fs_reclaim_acquire+0x67/0xf0
? __kasan_check_read+0x11/0x20
? lockdep_hardirqs_on_prepare+0x210/0x210
? fs_reclaim_acquire+0x67/0xf0
? __kasan_check_read+0x11/0x20
? ___might_sleep+0x10f/0x1e0
? __kasan_kmalloc+0x9d/0xd0
? trace_hardirqs_on+0x55/0x120
btrfs_find_all_roots_safe+0x142/0x1e0
? find_parent_nodes+0x1830/0x1830
? trace_hardirqs_on+0x55/0x120
? ulist_free+0x1f/0x30
? btrfs_inode_flags_to_xflags+0x50/0x50
iterate_extent_inodes+0x20e/0x580
? tree_backref_for_extent+0x230/0x230
? release_extent_buffer+0x225/0x280
? read_extent_buffer+0xdd/0x110
? lock_downgrade+0x400/0x400
? __kasan_check_read+0x11/0x20
? lock_acquired+0xbb/0x620
? __kasan_check_write+0x14/0x20
? do_raw_spin_unlock+0xa8/0x140
? _raw_spin_unlock+0x22/0x30
? release_extent_buffer+0x225/0x280
iterate_inodes_from_logical+0x129/0x170
? iterate_inodes_from_logical+0x129/0x170
? btrfs_inode_flags_to_xflags+0x50/0x50
? iterate_extent_inodes+0x580/0x580
? __vmalloc_node+0x92/0xb0
? init_data_container+0x34/0xb0
? init_data_container+0x34/0xb0
? kvmalloc_node+0x60/0x80
btrfs_ioctl_logical_to_ino+0x158/0x230
btrfs_ioctl+0x2038/0x4360
? __kasan_check_write+0x14/0x20
? mmput+0x3b/0x220
? btrfs_ioctl_get_supported_features+0x30/0x30
? __kasan_check_read+0x11/0x20
? __kasan_check_read+0x11/0x20
? lock_release+0xc8/0x650
? __might_fault+0x64/0xd0
? __kasan_check_read+0x11/0x20
? lock_downgrade+0x400/0x400
? lockdep_hardirqs_on_prepare+0x210/0x210
? lockdep_hardirqs_on_prepare+0x13/0x210
? _raw_spin_unlock_irqrestore+0x51/0x63
? __kasan_check_read+0x11/0x20
? do_vfs_ioctl+0xfc/0x9d0
? ioctl_file_clone+0xe0/0xe0
? lock_downgrade+0x400/0x400
? lockdep_hardirqs_on_prepare+0x210/0x210
? __kasan_check_read+0x11/0x20
? lock_release+0xc8/0x650
? __task_pid_nr_ns+0xd3/0x250
? __kasan_check_read+0x11/0x20
? __fget_files+0x160/0x230
? __fget_light+0xf2/0x110
__x64_sys_ioctl+0xc3/0x100
do_syscall_64+0x37/0x80
entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x7f29ae85b427
Code: 00 00 90 48 8b (...)
RSP: 002b:00007f29acf5fcf8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007f29acf5ff40 RCX: 00007f29ae85b427
RDX: 00007f29acf5ff48 RSI: 00000000c038943b RDI: 0000000000000003
RBP: 0000000001000000 R08: 0000000000000000 R09: 00007f29acf60120
R10: 00005640d5fc7b00 R11: 0000000000000246 R12: 0000000000000003
R13: 00007f29acf5ff48 R14: 00007f29acf5ff40 R15: 00007f29acf5fef8
Modules linked in:
---[ end trace 85e5fce078dfbe04 ]---
(gdb) l *(tree_mod_log_rewind+0x3b1)
0xffffffff819e5b21 is in tree_mod_log_rewind (fs/btrfs/tree-mod-log.c:675).
670 * the modification. As we're going backwards, we do the
671 * opposite of each operation here.
672 */
673 switch (tm->op) {
674 case BTRFS_MOD_LOG_KEY_REMOVE_WHILE_FREEING:
675 BUG_ON(tm->slot < n);
676 fallthrough;
677 case BTRFS_MOD_LOG_KEY_REMOVE_WHILE_MOVING:
678 case BTRFS_MOD_LOG_KEY_REMOVE:
679 btrfs_set_node_key(eb, &tm->key, tm->slot);
(gdb) quit
The following steps explain in more detail how it happens:
1) We have one tree mod log user (through fiemap or the logical ino ioctl),
with a sequence number of 1, so we have fs_info->tree_mod_seq == 1.
This is task A;
2) Another task is at ctree.c:balance_level() and we have eb X currently as
the root of the tree, and we promote its single child, eb Y, as the new
root.
Then, at ctree.c:balance_level(), we call:
ret = btrfs_tree_mod_log_insert_root(root->node, child, true);
3) At btrfs_tree_mod_log_insert_root() we create a tree mod log operation
of type BTRFS_MOD_LOG_KEY_REMOVE_WHILE_FREEING, with a ->logical field
pointing to ebX->start. We only have one item in eb X, so we create
only one tree mod log operation, and store in the "tm_list" array;
4) Then, still at btrfs_tree_mod_log_insert_root(), we create a tree mod
log element of operation type BTRFS_MOD_LOG_ROOT_REPLACE, ->logical set
to ebY->start, ->old_root.logical set to ebX->start, ->old_root.level
set to the level of eb X and ->generation set to the generation of eb X;
5) Then btrfs_tree_mod_log_insert_root() calls tree_mod_log_free_eb() with
"tm_list" as argument. After that, tree_mod_log_free_eb() calls
tree_mod_log_insert(). This inserts the mod log operation of type
BTRFS_MOD_LOG_KEY_REMOVE_WHILE_FREEING from step 3 into the rbtree
with a sequence number of 2 (and fs_info->tree_mod_seq set to 2);
6) Then, after inserting the "tm_list" single element into the tree mod
log rbtree, the BTRFS_MOD_LOG_ROOT_REPLACE element is inserted, which
gets the sequence number 3 (and fs_info->tree_mod_seq set to 3);
7) Back to ctree.c:balance_level(), we free eb X by calling
btrfs_free_tree_block() on it. Because eb X was created in the current
transaction, has no other references and writeback did not happen for
it, we add it back to the free space cache/tree;
8) Later some other task B allocates the metadata extent from eb X, since
it is marked as free space in the space cache/tree, and uses it as a
node for some other btree;
9) The tree mod log user task calls btrfs_search_old_slot(), which calls
btrfs_get_old_root(), and finally that calls tree_mod_log_oldest_root()
with time_seq == 1 and eb_root == eb Y;
10) The first iteration of the while loop finds the tree mod log element
with sequence number 3, for the logical address of eb Y and of type
BTRFS_MOD_LOG_ROOT_REPLACE;
11) Because the operation type is BTRFS_MOD_LOG_ROOT_REPLACE, we don't
break out of the loop, and set root_logical to point to
tm->old_root.logical, which corresponds to the logical address of
eb X;
12) On the next iteration of the while loop, the call to
tree_mod_log_search_oldest() returns the smallest tree mod log element
for the logical address of eb X, which has a sequence number of 2, an
operation type of BTRFS_MOD_LOG_KEY_REMOVE_WHILE_FREEING and
corresponds to the old slot 0 of eb X (eb X had only 1 item in it
before being freed at step 7);
13) We then break out of the while loop and return the tree mod log
operation of type BTRFS_MOD_LOG_ROOT_REPLACE (eb Y), and not the one
for slot 0 of eb X, to btrfs_get_old_root();
14) At btrfs_get_old_root(), we process the BTRFS_MOD_LOG_ROOT_REPLACE
operation and set "logical" to the logical address of eb X, which was
the old root. We then call tree_mod_log_search() passing it the logical
address of eb X and time_seq == 1;
15) But before calling tree_mod_log_search(), task B locks eb X, adds a
key to eb X, which results in adding a tree mod log operation of type
BTRFS_MOD_LOG_KEY_ADD, with a sequence number of 4, to the tree mod
log, and increments the number of items in eb X from 0 to 1.
Now fs_info->tree_mod_seq has a value of 4;
16) Task A then calls tree_mod_log_search(), which returns the most recent
tree mod log operation for eb X, which is the one just added by task B
at the previous step, with a sequence number of 4, a type of
BTRFS_MOD_LOG_KEY_ADD and for slot 0;
17) Before task A locks and clones eb X, task A adds another key to eb X,
which results in adding a new BTRFS_MOD_LOG_KEY_ADD mod log operation,
with a sequence number of 5, for slot 1 of eb X, increments the
number of items in eb X from 1 to 2, and unlocks eb X.
Now fs_info->tree_mod_seq has a value of 5;
18) Task A then locks eb X and clones it. The clone has a value of 2 for
the number of items and the pointer "tm" points to the tree mod log
operation with sequence number 4, not the most recent one with a
sequence number of 5, so there is mismatch between the number of
mod log operations that are going to be applied to the cloned version
of eb X and the number of items in the clone;
19) Task A then calls tree_mod_log_rewind() with the clone of eb X, the
tree mod log operation with sequence number 4 and a type of
BTRFS_MOD_LOG_KEY_ADD, and time_seq == 1;
20) At tree_mod_log_rewind(), we set the local variable "n" with a value
of 2, which is the number of items in the clone of eb X.
Then in the first iteration of the while loop, we process the mod log
operation with sequence number 4, which is targeted at slot 0 and has
a type of BTRFS_MOD_LOG_KEY_ADD. This results in decrementing "n" from
2 to 1.
Then we pick the next tree mod log operation for eb X, which is the
tree mod log operation with a sequence number of 2, a type of
BTRFS_MOD_LOG_KEY_REMOVE_WHILE_FREEING and for slot 0, it is the one
added in step 5 to the tree mod log tree.
We go back to the top of the loop to process this mod log operation,
and because its slot is 0 and "n" has a value of 1, we hit the BUG_ON:
(...)
switch (tm->op) {
case BTRFS_MOD_LOG_KEY_REMOVE_WHILE_FREEING:
BUG_ON(tm->slot < n);
fallthrough;
(...)
Fix this by checking for a more recent tree mod log operation after locking
and cloning the extent buffer of the old root node, and use it as the first
operation to apply to the cloned extent buffer when rewinding it.
Stable backport notes: due to moved code and renames, in =< 5.11 the
change should be applied to ctree.c:get_old_root.
Reported-by: Zygo Blaxell <ce3g8jdj@umail.furryterror.org>
Link: https://lore.kernel.org/linux-btrfs/20210404040732.GZ32440@hungrycats.org/
Fixes: 834328a8493079 ("Btrfs: tree mod log's old roots could still be part of the tree")
CC: stable@vger.kernel.org # 4.4+
Signed-off-by: Filipe Manana <fdmanana@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/btrfs/ctree.c | 20 ++++++++++++++++++++
1 file changed, 20 insertions(+)
diff --git a/fs/btrfs/ctree.c b/fs/btrfs/ctree.c
index 2bdd24425a68..00dc1b5c8737 100644
--- a/fs/btrfs/ctree.c
+++ b/fs/btrfs/ctree.c
@@ -1414,10 +1414,30 @@ get_old_root(struct btrfs_root *root, u64 time_seq)
"failed to read tree block %llu from get_old_root",
logical);
} else {
+ struct tree_mod_elem *tm2;
+
btrfs_tree_read_lock(old);
eb = btrfs_clone_extent_buffer(old);
+ /*
+ * After the lookup for the most recent tree mod operation
+ * above and before we locked and cloned the extent buffer
+ * 'old', a new tree mod log operation may have been added.
+ * So lookup for a more recent one to make sure the number
+ * of mod log operations we replay is consistent with the
+ * number of items we have in the cloned extent buffer,
+ * otherwise we can hit a BUG_ON when rewinding the extent
+ * buffer.
+ */
+ tm2 = tree_mod_log_search(fs_info, logical, time_seq);
btrfs_tree_read_unlock(old);
free_extent_buffer(old);
+ ASSERT(tm2);
+ ASSERT(tm2 == tm || tm2->seq > tm->seq);
+ if (!tm2 || tm2->seq < tm->seq) {
+ free_extent_buffer(eb);
+ return NULL;
+ }
+ tm = tm2;
}
} else if (old_root) {
eb_root_owner = btrfs_header_owner(eb_root);
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 082/425] arm64/vdso: Discard .note.gnu.property sections in vDSO
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (80 preceding siblings ...)
2021-05-20 9:17 ` [PATCH 4.19 081/425] btrfs: fix race when picking most recent mod log operation for an old root Greg Kroah-Hartman
@ 2021-05-20 9:17 ` Greg Kroah-Hartman
2021-05-20 9:17 ` [PATCH 4.19 083/425] ubifs: Only check replay with inode type to judge if inode linked Greg Kroah-Hartman
` (349 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:17 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Bill Wendling, Kees Cook,
Ard Biesheuvel, Catalin Marinas, Sasha Levin
From: Bill Wendling <morbo@google.com>
[ Upstream commit 388708028e6937f3fc5fc19aeeb847f8970f489c ]
The arm64 assembler in binutils 2.32 and above generates a program
property note in a note section, .note.gnu.property, to encode used x86
ISAs and features. But the kernel linker script only contains a single
NOTE segment:
PHDRS
{
text PT_LOAD FLAGS(5) FILEHDR PHDRS; /* PF_R|PF_X */
dynamic PT_DYNAMIC FLAGS(4); /* PF_R */
note PT_NOTE FLAGS(4); /* PF_R */
}
The NOTE segment generated by the vDSO linker script is aligned to 4 bytes.
But the .note.gnu.property section must be aligned to 8 bytes on arm64.
$ readelf -n vdso64.so
Displaying notes found in: .note
Owner Data size Description
Linux 0x00000004 Unknown note type: (0x00000000)
description data: 06 00 00 00
readelf: Warning: note with invalid namesz and/or descsz found at offset 0x20
readelf: Warning: type: 0x78, namesize: 0x00000100, descsize: 0x756e694c, alignment: 8
Since the note.gnu.property section in the vDSO is not checked by the
dynamic linker, discard the .note.gnu.property sections in the vDSO.
Similar to commit 4caffe6a28d31 ("x86/vdso: Discard .note.gnu.property
sections in vDSO"), but for arm64.
Signed-off-by: Bill Wendling <morbo@google.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
Acked-by: Ard Biesheuvel <ardb@kernel.org>
Link: https://lore.kernel.org/r/20210423205159.830854-1-morbo@google.com
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/kernel/vdso/vdso.lds.S | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/arch/arm64/kernel/vdso/vdso.lds.S b/arch/arm64/kernel/vdso/vdso.lds.S
index beca249bc2f3..b3e6c4d5b75c 100644
--- a/arch/arm64/kernel/vdso/vdso.lds.S
+++ b/arch/arm64/kernel/vdso/vdso.lds.S
@@ -39,6 +39,13 @@ SECTIONS
.gnu.version_d : { *(.gnu.version_d) }
.gnu.version_r : { *(.gnu.version_r) }
+ /*
+ * Discard .note.gnu.property sections which are unused and have
+ * different alignment requirement from vDSO note sections.
+ */
+ /DISCARD/ : {
+ *(.note.GNU-stack .note.gnu.property)
+ }
.note : { *(.note.*) } :text :note
. = ALIGN(16);
@@ -59,7 +66,6 @@ SECTIONS
PROVIDE(end = .);
/DISCARD/ : {
- *(.note.GNU-stack)
*(.data .data.* .gnu.linkonce.d.* .sdata*)
*(.bss .sbss .dynbss .dynsbss)
}
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 083/425] ubifs: Only check replay with inode type to judge if inode linked
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (81 preceding siblings ...)
2021-05-20 9:17 ` [PATCH 4.19 082/425] arm64/vdso: Discard .note.gnu.property sections in vDSO Greg Kroah-Hartman
@ 2021-05-20 9:17 ` Greg Kroah-Hartman
2021-05-20 9:17 ` [PATCH 4.19 084/425] f2fs: fix to avoid out-of-bounds memory access Greg Kroah-Hartman
` (348 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:17 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Guochun Mao, Richard Weinberger
From: Guochun Mao <guochun.mao@mediatek.com>
commit 3e903315790baf4a966436e7f32e9c97864570ac upstream.
Conside the following case, it just write a big file into flash,
when complete writing, delete the file, and then power off promptly.
Next time power on, we'll get a replay list like:
...
LEB 1105:211344 len 4144 deletion 0 sqnum 428783 key type 1 inode 80
LEB 15:233544 len 160 deletion 1 sqnum 428785 key type 0 inode 80
LEB 1105:215488 len 4144 deletion 0 sqnum 428787 key type 1 inode 80
...
In the replay list, data nodes' deletion are 0, and the inode node's
deletion is 1. In current logic, the file's dentry will be removed,
but inode and the flash space it occupied will be reserved.
User will see that much free space been disappeared.
We only need to check the deletion value of the following inode type
node of the replay entry.
Fixes: e58725d51fa8 ("ubifs: Handle re-linking of inodes correctly while recovery")
Cc: stable@vger.kernel.org
Signed-off-by: Guochun Mao <guochun.mao@mediatek.com>
Signed-off-by: Richard Weinberger <richard@nod.at>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/ubifs/replay.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/fs/ubifs/replay.c
+++ b/fs/ubifs/replay.c
@@ -232,7 +232,8 @@ static bool inode_still_linked(struct ub
*/
list_for_each_entry_reverse(r, &c->replay_list, list) {
ubifs_assert(c, r->sqnum >= rino->sqnum);
- if (key_inum(c, &r->key) == key_inum(c, &rino->key))
+ if (key_inum(c, &r->key) == key_inum(c, &rino->key) &&
+ key_type(c, &r->key) == UBIFS_INO_KEY)
return r->deletion == 0;
}
^ permalink raw reply [flat|nested] 440+ messages in thread
* [PATCH 4.19 084/425] f2fs: fix to avoid out-of-bounds memory access
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (82 preceding siblings ...)
2021-05-20 9:17 ` [PATCH 4.19 083/425] ubifs: Only check replay with inode type to judge if inode linked Greg Kroah-Hartman
@ 2021-05-20 9:17 ` Greg Kroah-Hartman
2021-05-20 9:17 ` [PATCH 4.19 085/425] mlxsw: spectrum_mr: Update egress RIF list before routes action Greg Kroah-Hartman
` (347 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:17 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Chao Yu, Jaegeuk Kim, butt3rflyh4ck
From: Chao Yu <yuchao0@huawei.com>
commit b862676e371715456c9dade7990c8004996d0d9e upstream.
butt3rflyh4ck <butterflyhuangxx@gmail.com> reported a bug found by
syzkaller fuzzer with custom modifications in 5.12.0-rc3+ [1]:
dump_stack+0xfa/0x151 lib/dump_stack.c:120
print_address_description.constprop.0.cold+0x82/0x32c mm/kasan/report.c:232
__kasan_report mm/kasan/report.c:399 [inline]
kasan_report.cold+0x7c/0xd8 mm/kasan/report.c:416
f2fs_test_bit fs/f2fs/f2fs.h:2572 [inline]
current_nat_addr fs/f2fs/node.h:213 [inline]
get_next_nat_page fs/f2fs/node.c:123 [inline]
__flush_nat_entry_set fs/f2fs/node.c:2888 [inline]
f2fs_flush_nat_entries+0x258e/0x2960 fs/f2fs/node.c:2991
f2fs_write_checkpoint+0x1372/0x6a70 fs/f2fs/checkpoint.c:1640
f2fs_issue_checkpoint+0x149/0x410 fs/f2fs/checkpoint.c:1807
f2fs_sync_fs+0x20f/0x420 fs/f2fs/super.c:1454
__sync_filesystem fs/sync.c:39 [inline]
sync_filesystem fs/sync.c:67 [inline]
sync_filesystem+0x1b5/0x260 fs/sync.c:48
generic_shutdown_super+0x70/0x370 fs/super.c:448
kill_block_super+0x97/0xf0 fs/super.c:1394
The root cause is, if nat entry in checkpoint journal area is corrupted,
e.g. nid of journalled nat entry exceeds max nid value, during checkpoint,
once it tries to flush nat journal to NAT area, get_next_nat_page() may
access out-of-bounds memory on nat_bitmap due to it uses wrong nid value
as bitmap offset.
[1] https://lore.kernel.org/lkml/CAFcO6XOMWdr8pObek6eN6-fs58KG9doRFadgJj-FnF-1x43s2g@mail.gmail.com/T/#u
Reported-and-tested-by: butt3rflyh4ck <butterflyhuangxx@gmail.com>
Signed-off-by: Chao Yu <yuchao0@huawei.com>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/f2fs/node.c | 3 +++
1 file changed, 3 insertions(+)
--- a/fs/f2fs/node.c
+++ b/fs/f2fs/node.c
@@ -2654,6 +2654,9 @@ static void remove_nats_in_journal(struc
struct f2fs_nat_entry raw_ne;
nid_t nid = le32_to_cpu(nid_in_journal(journal, i));
+ if (f2fs_check_nid_range(sbi, nid))
+ continue;
+
raw_ne = nat_in_journal(journal, i);
ne = __lookup_nat_cache(nm_i, nid);
^ permalink raw reply [flat|nested] 440+ messages in thread
* [PATCH 4.19 085/425] mlxsw: spectrum_mr: Update egress RIF list before routes action
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (83 preceding siblings ...)
2021-05-20 9:17 ` [PATCH 4.19 084/425] f2fs: fix to avoid out-of-bounds memory access Greg Kroah-Hartman
@ 2021-05-20 9:17 ` Greg Kroah-Hartman
2021-05-20 9:17 ` [PATCH 4.19 086/425] openvswitch: fix stack OOB read while fragmenting IPv4 packets Greg Kroah-Hartman
` (346 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:17 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Ido Schimmel, Petr Machata, Jakub Kicinski
From: Ido Schimmel <idosch@nvidia.com>
commit cbaf3f6af9c268caf558c8e7ec52bcb35c5455dd upstream.
Each multicast route that is forwarding packets (as opposed to trapping
them) points to a list of egress router interfaces (RIFs) through which
packets are replicated.
A route's action can transition from trap to forward when a RIF is
created for one of the route's egress virtual interfaces (eVIF). When
this happens, the route's action is first updated and only later the
list of egress RIFs is committed to the device.
This results in the route pointing to an invalid list. In case the list
pointer is out of range (due to uninitialized memory), the device will
complain:
mlxsw_spectrum2 0000:06:00.0: EMAD reg access failed (tid=5733bf490000905c,reg_id=300f(pefa),type=write,status=7(bad parameter))
Fix this by first committing the list of egress RIFs to the device and
only later update the route's action.
Note that a fix is not needed in the reverse function (i.e.,
mlxsw_sp_mr_route_evif_unresolve()), as there the route's action is
first updated and only later the RIF is removed from the list.
Cc: stable@vger.kernel.org
Fixes: c011ec1bbfd6 ("mlxsw: spectrum: Add the multicast routing offloading logic")
Signed-off-by: Ido Schimmel <idosch@nvidia.com>
Reviewed-by: Petr Machata <petrm@nvidia.com>
Link: https://lore.kernel.org/r/20210506072308.3834303-1-idosch@idosch.org
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/ethernet/mellanox/mlxsw/spectrum_mr.c | 30 +++++++++++-----------
1 file changed, 15 insertions(+), 15 deletions(-)
--- a/drivers/net/ethernet/mellanox/mlxsw/spectrum_mr.c
+++ b/drivers/net/ethernet/mellanox/mlxsw/spectrum_mr.c
@@ -524,6 +524,16 @@ mlxsw_sp_mr_route_evif_resolve(struct ml
u16 erif_index = 0;
int err;
+ /* Add the eRIF */
+ if (mlxsw_sp_mr_vif_valid(rve->mr_vif)) {
+ erif_index = mlxsw_sp_rif_index(rve->mr_vif->rif);
+ err = mr->mr_ops->route_erif_add(mlxsw_sp,
+ rve->mr_route->route_priv,
+ erif_index);
+ if (err)
+ return err;
+ }
+
/* Update the route action, as the new eVIF can be a tunnel or a pimreg
* device which will require updating the action.
*/
@@ -533,17 +543,7 @@ mlxsw_sp_mr_route_evif_resolve(struct ml
rve->mr_route->route_priv,
route_action);
if (err)
- return err;
- }
-
- /* Add the eRIF */
- if (mlxsw_sp_mr_vif_valid(rve->mr_vif)) {
- erif_index = mlxsw_sp_rif_index(rve->mr_vif->rif);
- err = mr->mr_ops->route_erif_add(mlxsw_sp,
- rve->mr_route->route_priv,
- erif_index);
- if (err)
- goto err_route_erif_add;
+ goto err_route_action_update;
}
/* Update the minimum MTU */
@@ -561,14 +561,14 @@ mlxsw_sp_mr_route_evif_resolve(struct ml
return 0;
err_route_min_mtu_update:
- if (mlxsw_sp_mr_vif_valid(rve->mr_vif))
- mr->mr_ops->route_erif_del(mlxsw_sp, rve->mr_route->route_priv,
- erif_index);
-err_route_erif_add:
if (route_action != rve->mr_route->route_action)
mr->mr_ops->route_action_update(mlxsw_sp,
rve->mr_route->route_priv,
rve->mr_route->route_action);
+err_route_action_update:
+ if (mlxsw_sp_mr_vif_valid(rve->mr_vif))
+ mr->mr_ops->route_erif_del(mlxsw_sp, rve->mr_route->route_priv,
+ erif_index);
return err;
}
^ permalink raw reply [flat|nested] 440+ messages in thread
* [PATCH 4.19 086/425] openvswitch: fix stack OOB read while fragmenting IPv4 packets
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (84 preceding siblings ...)
2021-05-20 9:17 ` [PATCH 4.19 085/425] mlxsw: spectrum_mr: Update egress RIF list before routes action Greg Kroah-Hartman
@ 2021-05-20 9:17 ` Greg Kroah-Hartman
2021-05-20 9:17 ` [PATCH 4.19 087/425] ACPI: GTDT: Dont corrupt interrupt mappings on watchdow probe failure Greg Kroah-Hartman
` (345 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:17 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Eelco Chaudron, Davide Caratti,
David S. Miller
From: Davide Caratti <dcaratti@redhat.com>
commit 7c0ea5930c1c211931819d83cfb157bff1539a4c upstream.
running openvswitch on kernels built with KASAN, it's possible to see the
following splat while testing fragmentation of IPv4 packets:
BUG: KASAN: stack-out-of-bounds in ip_do_fragment+0x1b03/0x1f60
Read of size 1 at addr ffff888112fc713c by task handler2/1367
CPU: 0 PID: 1367 Comm: handler2 Not tainted 5.12.0-rc6+ #418
Hardware name: Red Hat KVM, BIOS 1.11.1-4.module+el8.1.0+4066+0f1aadab 04/01/2014
Call Trace:
dump_stack+0x92/0xc1
print_address_description.constprop.7+0x1a/0x150
kasan_report.cold.13+0x7f/0x111
ip_do_fragment+0x1b03/0x1f60
ovs_fragment+0x5bf/0x840 [openvswitch]
do_execute_actions+0x1bd5/0x2400 [openvswitch]
ovs_execute_actions+0xc8/0x3d0 [openvswitch]
ovs_packet_cmd_execute+0xa39/0x1150 [openvswitch]
genl_family_rcv_msg_doit.isra.15+0x227/0x2d0
genl_rcv_msg+0x287/0x490
netlink_rcv_skb+0x120/0x380
genl_rcv+0x24/0x40
netlink_unicast+0x439/0x630
netlink_sendmsg+0x719/0xbf0
sock_sendmsg+0xe2/0x110
____sys_sendmsg+0x5ba/0x890
___sys_sendmsg+0xe9/0x160
__sys_sendmsg+0xd3/0x170
do_syscall_64+0x33/0x40
entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x7f957079db07
Code: c3 66 90 41 54 41 89 d4 55 48 89 f5 53 89 fb 48 83 ec 10 e8 eb ec ff ff 44 89 e2 48 89 ee 89 df 41 89 c0 b8 2e 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 35 44 89 c7 48 89 44 24 08 e8 24 ed ff ff 48
RSP: 002b:00007f956ce35a50 EFLAGS: 00000293 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 0000000000000019 RCX: 00007f957079db07
RDX: 0000000000000000 RSI: 00007f956ce35ae0 RDI: 0000000000000019
RBP: 00007f956ce35ae0 R08: 0000000000000000 R09: 00007f9558006730
R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
R13: 00007f956ce37308 R14: 00007f956ce35f80 R15: 00007f956ce35ae0
The buggy address belongs to the page:
page:00000000af2a1d93 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x112fc7
flags: 0x17ffffc0000000()
raw: 0017ffffc0000000 0000000000000000 dead000000000122 0000000000000000
raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
page dumped because: kasan: bad access detected
addr ffff888112fc713c is located in stack of task handler2/1367 at offset 180 in frame:
ovs_fragment+0x0/0x840 [openvswitch]
this frame has 2 objects:
[32, 144) 'ovs_dst'
[192, 424) 'ovs_rt'
Memory state around the buggy address:
ffff888112fc7000: f3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
ffff888112fc7080: 00 f1 f1 f1 f1 00 00 00 00 00 00 00 00 00 00 00
>ffff888112fc7100: 00 00 00 f2 f2 f2 f2 f2 f2 00 00 00 00 00 00 00
^
ffff888112fc7180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
ffff888112fc7200: 00 00 00 00 00 00 f2 f2 f2 00 00 00 00 00 00 00
for IPv4 packets, ovs_fragment() uses a temporary struct dst_entry. Then,
in the following call graph:
ip_do_fragment()
ip_skb_dst_mtu()
ip_dst_mtu_maybe_forward()
ip_mtu_locked()
the pointer to struct dst_entry is used as pointer to struct rtable: this
turns the access to struct members like rt_mtu_locked into an OOB read in
the stack. Fix this changing the temporary variable used for IPv4 packets
in ovs_fragment(), similarly to what is done for IPv6 few lines below.
Fixes: d52e5a7e7ca4 ("ipv4: lock mtu in fnhe when received PMTU < net.ipv4.route.min_pmt")
Cc: <stable@vger.kernel.org>
Acked-by: Eelco Chaudron <echaudro@redhat.com>
Signed-off-by: Davide Caratti <dcaratti@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/openvswitch/actions.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
--- a/net/openvswitch/actions.c
+++ b/net/openvswitch/actions.c
@@ -892,17 +892,17 @@ static void ovs_fragment(struct net *net
}
if (key->eth.type == htons(ETH_P_IP)) {
- struct dst_entry ovs_dst;
+ struct rtable ovs_rt = { 0 };
unsigned long orig_dst;
prepare_frag(vport, skb, orig_network_offset,
ovs_key_mac_proto(key));
- dst_init(&ovs_dst, &ovs_dst_ops, NULL, 1,
+ dst_init(&ovs_rt.dst, &ovs_dst_ops, NULL, 1,
DST_OBSOLETE_NONE, DST_NOCOUNT);
- ovs_dst.dev = vport->dev;
+ ovs_rt.dst.dev = vport->dev;
orig_dst = skb->_skb_refdst;
- skb_dst_set_noref(skb, &ovs_dst);
+ skb_dst_set_noref(skb, &ovs_rt.dst);
IPCB(skb)->frag_max_size = mru;
ip_do_fragment(net, skb->sk, skb, ovs_vport_output);
^ permalink raw reply [flat|nested] 440+ messages in thread
* [PATCH 4.19 087/425] ACPI: GTDT: Dont corrupt interrupt mappings on watchdow probe failure
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (85 preceding siblings ...)
2021-05-20 9:17 ` [PATCH 4.19 086/425] openvswitch: fix stack OOB read while fragmenting IPv4 packets Greg Kroah-Hartman
@ 2021-05-20 9:17 ` Greg Kroah-Hartman
2021-05-20 9:17 ` [PATCH 4.19 088/425] NFS: Dont discard pNFS layout segments that are marked for return Greg Kroah-Hartman
` (344 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:17 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, dann frazier, Marc Zyngier, Fu Wei,
Sudeep Holla, Hanjun Guo, Lorenzo Pieralisi, Catalin Marinas
From: Marc Zyngier <maz@kernel.org>
commit 1ecd5b129252249b9bc03d7645a7bda512747277 upstream.
When failing the driver probe because of invalid firmware properties,
the GTDT driver unmaps the interrupt that it mapped earlier.
However, it never checks whether the mapping of the interrupt actially
succeeded. Even more, should the firmware report an illegal interrupt
number that overlaps with the GIC SGI range, this can result in an
IPI being unmapped, and subsequent fireworks (as reported by Dann
Frazier).
Rework the driver to have a slightly saner behaviour and actually
check whether the interrupt has been mapped before unmapping things.
Reported-by: dann frazier <dann.frazier@canonical.com>
Fixes: ca9ae5ec4ef0 ("acpi/arm64: Add SBSA Generic Watchdog support in GTDT driver")
Signed-off-by: Marc Zyngier <maz@kernel.org>
Link: https://lore.kernel.org/r/YH87dtTfwYgavusz@xps13.dannf
Cc: <stable@vger.kernel.org>
Cc: Fu Wei <wefu@redhat.com>
Reviewed-by: Sudeep Holla <sudeep.holla@arm.com>
Tested-by: dann frazier <dann.frazier@canonical.com>
Tested-by: Hanjun Guo <guohanjun@huawei.com>
Reviewed-by: Hanjun Guo <guohanjun@huawei.com>
Reviewed-by: Lorenzo Pieralisi <lorenzo.pieralisi@arm.com>
Link: https://lore.kernel.org/r/20210421164317.1718831-2-maz@kernel.org
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/acpi/arm64/gtdt.c | 10 ++++++----
1 file changed, 6 insertions(+), 4 deletions(-)
--- a/drivers/acpi/arm64/gtdt.c
+++ b/drivers/acpi/arm64/gtdt.c
@@ -332,7 +332,7 @@ static int __init gtdt_import_sbsa_gwdt(
int index)
{
struct platform_device *pdev;
- int irq = map_gt_gsi(wd->timer_interrupt, wd->timer_flags);
+ int irq;
/*
* According to SBSA specification the size of refresh and control
@@ -341,7 +341,7 @@ static int __init gtdt_import_sbsa_gwdt(
struct resource res[] = {
DEFINE_RES_MEM(wd->control_frame_address, SZ_4K),
DEFINE_RES_MEM(wd->refresh_frame_address, SZ_4K),
- DEFINE_RES_IRQ(irq),
+ {},
};
int nr_res = ARRAY_SIZE(res);
@@ -351,10 +351,11 @@ static int __init gtdt_import_sbsa_gwdt(
if (!(wd->refresh_frame_address && wd->control_frame_address)) {
pr_err(FW_BUG "failed to get the Watchdog base address.\n");
- acpi_unregister_gsi(wd->timer_interrupt);
return -EINVAL;
}
+ irq = map_gt_gsi(wd->timer_interrupt, wd->timer_flags);
+ res[2] = (struct resource)DEFINE_RES_IRQ(irq);
if (irq <= 0) {
pr_warn("failed to map the Watchdog interrupt.\n");
nr_res--;
@@ -367,7 +368,8 @@ static int __init gtdt_import_sbsa_gwdt(
*/
pdev = platform_device_register_simple("sbsa-gwdt", index, res, nr_res);
if (IS_ERR(pdev)) {
- acpi_unregister_gsi(wd->timer_interrupt);
+ if (irq > 0)
+ acpi_unregister_gsi(wd->timer_interrupt);
return PTR_ERR(pdev);
}
^ permalink raw reply [flat|nested] 440+ messages in thread
* [PATCH 4.19 088/425] NFS: Dont discard pNFS layout segments that are marked for return
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (86 preceding siblings ...)
2021-05-20 9:17 ` [PATCH 4.19 087/425] ACPI: GTDT: Dont corrupt interrupt mappings on watchdow probe failure Greg Kroah-Hartman
@ 2021-05-20 9:17 ` Greg Kroah-Hartman
2021-05-20 9:17 ` [PATCH 4.19 089/425] NFSv4: Dont discard segments marked for return in _pnfs_return_layout() Greg Kroah-Hartman
` (343 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:17 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Trond Myklebust
From: Trond Myklebust <trond.myklebust@hammerspace.com>
commit 39fd01863616964f009599e50ca5c6ea9ebf88d6 upstream.
If the pNFS layout segment is marked with the NFS_LSEG_LAYOUTRETURN
flag, then the assumption is that it has some reporting requirement
to perform through a layoutreturn (e.g. flexfiles layout stats or error
information).
Fixes: e0b7d420f72a ("pNFS: Don't discard layout segments that are marked for return")
Cc: stable@vger.kernel.org
Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/nfs/pnfs.c | 5 +++++
1 file changed, 5 insertions(+)
--- a/fs/nfs/pnfs.c
+++ b/fs/nfs/pnfs.c
@@ -2359,6 +2359,9 @@ pnfs_mark_matching_lsegs_return(struct p
assert_spin_locked(&lo->plh_inode->i_lock);
+ if (test_bit(NFS_LAYOUT_RETURN_REQUESTED, &lo->plh_flags))
+ tmp_list = &lo->plh_return_segs;
+
list_for_each_entry_safe(lseg, next, &lo->plh_segs, pls_list)
if (pnfs_match_lseg_recall(lseg, return_range, seq)) {
dprintk("%s: marking lseg %p iomode %d "
@@ -2366,6 +2369,8 @@ pnfs_mark_matching_lsegs_return(struct p
lseg, lseg->pls_range.iomode,
lseg->pls_range.offset,
lseg->pls_range.length);
+ if (test_bit(NFS_LSEG_LAYOUTRETURN, &lseg->pls_flags))
+ tmp_list = &lo->plh_return_segs;
if (mark_lseg_invalid(lseg, tmp_list))
continue;
remaining++;
^ permalink raw reply [flat|nested] 440+ messages in thread
* [PATCH 4.19 089/425] NFSv4: Dont discard segments marked for return in _pnfs_return_layout()
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (87 preceding siblings ...)
2021-05-20 9:17 ` [PATCH 4.19 088/425] NFS: Dont discard pNFS layout segments that are marked for return Greg Kroah-Hartman
@ 2021-05-20 9:17 ` Greg Kroah-Hartman
2021-05-20 9:17 ` [PATCH 4.19 090/425] jffs2: Fix kasan slab-out-of-bounds problem Greg Kroah-Hartman
` (342 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:17 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Trond Myklebust
From: Trond Myklebust <trond.myklebust@hammerspace.com>
commit de144ff4234f935bd2150108019b5d87a90a8a96 upstream.
If the pNFS layout segment is marked with the NFS_LSEG_LAYOUTRETURN
flag, then the assumption is that it has some reporting requirement
to perform through a layoutreturn (e.g. flexfiles layout stats or error
information).
Fixes: 6d597e175012 ("pnfs: only tear down lsegs that precede seqid in LAYOUTRETURN args")
Cc: stable@vger.kernel.org
Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/nfs/pnfs.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/fs/nfs/pnfs.c
+++ b/fs/nfs/pnfs.c
@@ -1294,7 +1294,7 @@ _pnfs_return_layout(struct inode *ino)
}
valid_layout = pnfs_layout_is_valid(lo);
pnfs_clear_layoutcommit(ino, &tmp_list);
- pnfs_mark_matching_lsegs_invalid(lo, &tmp_list, NULL, 0);
+ pnfs_mark_matching_lsegs_return(lo, &tmp_list, NULL, 0);
if (NFS_SERVER(ino)->pnfs_curr_ld->return_range) {
struct pnfs_layout_range range = {
^ permalink raw reply [flat|nested] 440+ messages in thread
* [PATCH 4.19 090/425] jffs2: Fix kasan slab-out-of-bounds problem
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (88 preceding siblings ...)
2021-05-20 9:17 ` [PATCH 4.19 089/425] NFSv4: Dont discard segments marked for return in _pnfs_return_layout() Greg Kroah-Hartman
@ 2021-05-20 9:17 ` Greg Kroah-Hartman
2021-05-20 9:17 ` [PATCH 4.19 091/425] powerpc/eeh: Fix EEH handling for hugepages in ioremap space Greg Kroah-Hartman
` (341 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:17 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Kunkun Xu, lizhe, Richard Weinberger
From: lizhe <lizhe67@huawei.com>
commit 960b9a8a7676b9054d8b46a2c7db52a0c8766b56 upstream.
KASAN report a slab-out-of-bounds problem. The logs are listed below.
It is because in function jffs2_scan_dirent_node, we alloc "checkedlen+1"
bytes for fd->name and we check crc with length rd->nsize. If checkedlen
is less than rd->nsize, it will cause the slab-out-of-bounds problem.
jffs2: Dirent at *** has zeroes in name. Truncating to %d char
==================================================================
BUG: KASAN: slab-out-of-bounds in crc32_le+0x1ce/0x260 at addr ffff8800842cf2d1
Read of size 1 by task test_JFFS2/915
=============================================================================
BUG kmalloc-64 (Tainted: G B O ): kasan: bad access detected
-----------------------------------------------------------------------------
INFO: Allocated in jffs2_alloc_full_dirent+0x2a/0x40 age=0 cpu=1 pid=915
___slab_alloc+0x580/0x5f0
__slab_alloc.isra.24+0x4e/0x64
__kmalloc+0x170/0x300
jffs2_alloc_full_dirent+0x2a/0x40
jffs2_scan_eraseblock+0x1ca4/0x3b64
jffs2_scan_medium+0x285/0xfe0
jffs2_do_mount_fs+0x5fb/0x1bbc
jffs2_do_fill_super+0x245/0x6f0
jffs2_fill_super+0x287/0x2e0
mount_mtd_aux.isra.0+0x9a/0x144
mount_mtd+0x222/0x2f0
jffs2_mount+0x41/0x60
mount_fs+0x63/0x230
vfs_kern_mount.part.6+0x6c/0x1f4
do_mount+0xae8/0x1940
SyS_mount+0x105/0x1d0
INFO: Freed in jffs2_free_full_dirent+0x22/0x40 age=27 cpu=1 pid=915
__slab_free+0x372/0x4e4
kfree+0x1d4/0x20c
jffs2_free_full_dirent+0x22/0x40
jffs2_build_remove_unlinked_inode+0x17a/0x1e4
jffs2_do_mount_fs+0x1646/0x1bbc
jffs2_do_fill_super+0x245/0x6f0
jffs2_fill_super+0x287/0x2e0
mount_mtd_aux.isra.0+0x9a/0x144
mount_mtd+0x222/0x2f0
jffs2_mount+0x41/0x60
mount_fs+0x63/0x230
vfs_kern_mount.part.6+0x6c/0x1f4
do_mount+0xae8/0x1940
SyS_mount+0x105/0x1d0
entry_SYSCALL_64_fastpath+0x1e/0x97
Call Trace:
[<ffffffff815befef>] dump_stack+0x59/0x7e
[<ffffffff812d1d65>] print_trailer+0x125/0x1b0
[<ffffffff812d82c8>] object_err+0x34/0x40
[<ffffffff812dadef>] kasan_report.part.1+0x21f/0x534
[<ffffffff81132401>] ? vprintk+0x2d/0x40
[<ffffffff815f1ee2>] ? crc32_le+0x1ce/0x260
[<ffffffff812db41a>] kasan_report+0x26/0x30
[<ffffffff812d9fc1>] __asan_load1+0x3d/0x50
[<ffffffff815f1ee2>] crc32_le+0x1ce/0x260
[<ffffffff814764ae>] ? jffs2_alloc_full_dirent+0x2a/0x40
[<ffffffff81485cec>] jffs2_scan_eraseblock+0x1d0c/0x3b64
[<ffffffff81488813>] ? jffs2_scan_medium+0xccf/0xfe0
[<ffffffff81483fe0>] ? jffs2_scan_make_ino_cache+0x14c/0x14c
[<ffffffff812da3e9>] ? kasan_unpoison_shadow+0x35/0x50
[<ffffffff812da3e9>] ? kasan_unpoison_shadow+0x35/0x50
[<ffffffff812da462>] ? kasan_kmalloc+0x5e/0x70
[<ffffffff812d5d90>] ? kmem_cache_alloc_trace+0x10c/0x2cc
[<ffffffff818169fb>] ? mtd_point+0xf7/0x130
[<ffffffff81487dc9>] jffs2_scan_medium+0x285/0xfe0
[<ffffffff81487b44>] ? jffs2_scan_eraseblock+0x3b64/0x3b64
[<ffffffff812da3e9>] ? kasan_unpoison_shadow+0x35/0x50
[<ffffffff812da3e9>] ? kasan_unpoison_shadow+0x35/0x50
[<ffffffff812da462>] ? kasan_kmalloc+0x5e/0x70
[<ffffffff812d57df>] ? __kmalloc+0x12b/0x300
[<ffffffff812da462>] ? kasan_kmalloc+0x5e/0x70
[<ffffffff814a2753>] ? jffs2_sum_init+0x9f/0x240
[<ffffffff8148b2ff>] jffs2_do_mount_fs+0x5fb/0x1bbc
[<ffffffff8148ad04>] ? jffs2_del_noinode_dirent+0x640/0x640
[<ffffffff812da462>] ? kasan_kmalloc+0x5e/0x70
[<ffffffff81127c5b>] ? __init_rwsem+0x97/0xac
[<ffffffff81492349>] jffs2_do_fill_super+0x245/0x6f0
[<ffffffff81493c5b>] jffs2_fill_super+0x287/0x2e0
[<ffffffff814939d4>] ? jffs2_parse_options+0x594/0x594
[<ffffffff81819bea>] mount_mtd_aux.isra.0+0x9a/0x144
[<ffffffff81819eb6>] mount_mtd+0x222/0x2f0
[<ffffffff814939d4>] ? jffs2_parse_options+0x594/0x594
[<ffffffff81819c94>] ? mount_mtd_aux.isra.0+0x144/0x144
[<ffffffff81258757>] ? free_pages+0x13/0x1c
[<ffffffff814fa0ac>] ? selinux_sb_copy_data+0x278/0x2e0
[<ffffffff81492b35>] jffs2_mount+0x41/0x60
[<ffffffff81302fb7>] mount_fs+0x63/0x230
[<ffffffff8133755f>] ? alloc_vfsmnt+0x32f/0x3b0
[<ffffffff81337f2c>] vfs_kern_mount.part.6+0x6c/0x1f4
[<ffffffff8133ceec>] do_mount+0xae8/0x1940
[<ffffffff811b94e0>] ? audit_filter_rules.constprop.6+0x1d10/0x1d10
[<ffffffff8133c404>] ? copy_mount_string+0x40/0x40
[<ffffffff812cbf78>] ? alloc_pages_current+0xa4/0x1bc
[<ffffffff81253a89>] ? __get_free_pages+0x25/0x50
[<ffffffff81338993>] ? copy_mount_options.part.17+0x183/0x264
[<ffffffff8133e3a9>] SyS_mount+0x105/0x1d0
[<ffffffff8133e2a4>] ? copy_mnt_ns+0x560/0x560
[<ffffffff810e8391>] ? msa_space_switch_handler+0x13d/0x190
[<ffffffff81be184a>] entry_SYSCALL_64_fastpath+0x1e/0x97
[<ffffffff810e9274>] ? msa_space_switch+0xb0/0xe0
Memory state around the buggy address:
ffff8800842cf180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
ffff8800842cf200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
>ffff8800842cf280: fc fc fc fc fc fc 00 00 00 00 01 fc fc fc fc fc
^
ffff8800842cf300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
ffff8800842cf380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
==================================================================
Cc: stable@vger.kernel.org
Reported-by: Kunkun Xu <xukunkun1@huawei.com>
Signed-off-by: lizhe <lizhe67@huawei.com>
Signed-off-by: Richard Weinberger <richard@nod.at>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/jffs2/scan.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/fs/jffs2/scan.c
+++ b/fs/jffs2/scan.c
@@ -1075,7 +1075,7 @@ static int jffs2_scan_dirent_node(struct
memcpy(&fd->name, rd->name, checkedlen);
fd->name[checkedlen] = 0;
- crc = crc32(0, fd->name, rd->nsize);
+ crc = crc32(0, fd->name, checkedlen);
if (crc != je32_to_cpu(rd->name_crc)) {
pr_notice("%s(): Name CRC failed on node at 0x%08x: Read 0x%08x, calculated 0x%08x\n",
__func__, ofs, je32_to_cpu(rd->name_crc), crc);
^ permalink raw reply [flat|nested] 440+ messages in thread
* [PATCH 4.19 091/425] powerpc/eeh: Fix EEH handling for hugepages in ioremap space.
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (89 preceding siblings ...)
2021-05-20 9:17 ` [PATCH 4.19 090/425] jffs2: Fix kasan slab-out-of-bounds problem Greg Kroah-Hartman
@ 2021-05-20 9:17 ` Greg Kroah-Hartman
2021-05-20 9:17 ` [PATCH 4.19 092/425] powerpc: fix EDEADLOCK redefinition error in uapi/asm/errno.h Greg Kroah-Hartman
` (340 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:17 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dominic DeMarco, Mahesh Salgaonkar,
Aneesh Kumar K.V, Michael Ellerman
From: Mahesh Salgaonkar <mahesh@linux.ibm.com>
commit 5ae5bc12d0728db60a0aa9b62160ffc038875f1a upstream.
During the EEH MMIO error checking, the current implementation fails to map
the (virtual) MMIO address back to the pci device on radix with hugepage
mappings for I/O. This results into failure to dispatch EEH event with no
recovery even when EEH capability has been enabled on the device.
eeh_check_failure(token) # token = virtual MMIO address
addr = eeh_token_to_phys(token);
edev = eeh_addr_cache_get_dev(addr);
if (!edev)
return 0;
eeh_dev_check_failure(edev); <= Dispatch the EEH event
In case of hugepage mappings, eeh_token_to_phys() has a bug in virt -> phys
translation that results in wrong physical address, which is then passed to
eeh_addr_cache_get_dev() to match it against cached pci I/O address ranges
to get to a PCI device. Hence, it fails to find a match and the EEH event
never gets dispatched leaving the device in failed state.
The commit 33439620680be ("powerpc/eeh: Handle hugepages in ioremap space")
introduced following logic to translate virt to phys for hugepage mappings:
eeh_token_to_phys():
+ pa = pte_pfn(*ptep);
+
+ /* On radix we can do hugepage mappings for io, so handle that */
+ if (hugepage_shift) {
+ pa <<= hugepage_shift; <= This is wrong
+ pa |= token & ((1ul << hugepage_shift) - 1);
+ }
This patch fixes the virt -> phys translation in eeh_token_to_phys()
function.
$ cat /sys/kernel/debug/powerpc/eeh_address_cache
mem addr range [0x0000040080000000-0x00000400807fffff]: 0030:01:00.1
mem addr range [0x0000040080800000-0x0000040080ffffff]: 0030:01:00.1
mem addr range [0x0000040081000000-0x00000400817fffff]: 0030:01:00.0
mem addr range [0x0000040081800000-0x0000040081ffffff]: 0030:01:00.0
mem addr range [0x0000040082000000-0x000004008207ffff]: 0030:01:00.1
mem addr range [0x0000040082080000-0x00000400820fffff]: 0030:01:00.0
mem addr range [0x0000040082100000-0x000004008210ffff]: 0030:01:00.1
mem addr range [0x0000040082110000-0x000004008211ffff]: 0030:01:00.0
Above is the list of cached io address ranges of pci 0030:01:00.<fn>.
Before this patch:
Tracing 'arg1' of function eeh_addr_cache_get_dev() during error injection
clearly shows that 'addr=' contains wrong physical address:
kworker/u16:0-7 [001] .... 108.883775: eeh_addr_cache_get_dev:
(eeh_addr_cache_get_dev+0xc/0xf0) addr=0x80103000a510
dmesg shows no EEH recovery messages:
[ 108.563768] bnx2x: [bnx2x_timer:5801(eth2)]MFW seems hanged: drv_pulse (0x9ae) != mcp_pulse (0x7fff)
[ 108.563788] bnx2x: [bnx2x_hw_stats_update:870(eth2)]NIG timer max (4294967295)
[ 108.883788] bnx2x: [bnx2x_acquire_hw_lock:2013(eth1)]lock_status 0xffffffff resource_bit 0x1
[ 108.884407] bnx2x 0030:01:00.0 eth1: MDC/MDIO access timeout
[ 108.884976] bnx2x 0030:01:00.0 eth1: MDC/MDIO access timeout
<..>
After this patch:
eeh_addr_cache_get_dev() trace shows correct physical address:
<idle>-0 [001] ..s. 1043.123828: eeh_addr_cache_get_dev:
(eeh_addr_cache_get_dev+0xc/0xf0) addr=0x40080bc7cd8
dmesg logs shows EEH recovery getting triggerred:
[ 964.323980] bnx2x: [bnx2x_timer:5801(eth2)]MFW seems hanged: drv_pulse (0x746f) != mcp_pulse (0x7fff)
[ 964.323991] EEH: Recovering PHB#30-PE#10000
[ 964.324002] EEH: PE location: N/A, PHB location: N/A
[ 964.324006] EEH: Frozen PHB#30-PE#10000 detected
<..>
Fixes: 33439620680b ("powerpc/eeh: Handle hugepages in ioremap space")
Cc: stable@vger.kernel.org # v5.3+
Reported-by: Dominic DeMarco <ddemarc@us.ibm.com>
Signed-off-by: Mahesh Salgaonkar <mahesh@linux.ibm.com>
Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.ibm.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/161821396263.48361.2796709239866588652.stgit@jupiter
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/powerpc/kernel/eeh.c | 11 ++++-------
1 file changed, 4 insertions(+), 7 deletions(-)
--- a/arch/powerpc/kernel/eeh.c
+++ b/arch/powerpc/kernel/eeh.c
@@ -364,14 +364,11 @@ static inline unsigned long eeh_token_to
pa = pte_pfn(*ptep);
/* On radix we can do hugepage mappings for io, so handle that */
- if (hugepage_shift) {
- pa <<= hugepage_shift;
- pa |= token & ((1ul << hugepage_shift) - 1);
- } else {
- pa <<= PAGE_SHIFT;
- pa |= token & (PAGE_SIZE - 1);
- }
+ if (!hugepage_shift)
+ hugepage_shift = PAGE_SHIFT;
+ pa <<= PAGE_SHIFT;
+ pa |= token & ((1ul << hugepage_shift) - 1);
return pa;
}
^ permalink raw reply [flat|nested] 440+ messages in thread
* [PATCH 4.19 092/425] powerpc: fix EDEADLOCK redefinition error in uapi/asm/errno.h
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (90 preceding siblings ...)
2021-05-20 9:17 ` [PATCH 4.19 091/425] powerpc/eeh: Fix EEH handling for hugepages in ioremap space Greg Kroah-Hartman
@ 2021-05-20 9:17 ` Greg Kroah-Hartman
2021-05-20 9:17 ` [PATCH 4.19 093/425] intel_th: pci: Add Alder Lake-M support Greg Kroah-Hartman
` (339 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:17 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Rosen Penev, Tony Ambardar, Michael Ellerman
From: Tony Ambardar <tony.ambardar@gmail.com>
commit 7de21e679e6a789f3729e8402bc440b623a28eae upstream.
A few archs like powerpc have different errno.h values for macros
EDEADLOCK and EDEADLK. In code including both libc and linux versions of
errno.h, this can result in multiple definitions of EDEADLOCK in the
include chain. Definitions to the same value (e.g. seen with mips) do
not raise warnings, but on powerpc there are redefinitions changing the
value, which raise warnings and errors (if using "-Werror").
Guard against these redefinitions to avoid build errors like the following,
first seen cross-compiling libbpf v5.8.9 for powerpc using GCC 8.4.0 with
musl 1.1.24:
In file included from ../../arch/powerpc/include/uapi/asm/errno.h:5,
from ../../include/linux/err.h:8,
from libbpf.c:29:
../../include/uapi/asm-generic/errno.h:40: error: "EDEADLOCK" redefined [-Werror]
#define EDEADLOCK EDEADLK
In file included from toolchain-powerpc_8540_gcc-8.4.0_musl/include/errno.h:10,
from libbpf.c:26:
toolchain-powerpc_8540_gcc-8.4.0_musl/include/bits/errno.h:58: note: this is the location of the previous definition
#define EDEADLOCK 58
cc1: all warnings being treated as errors
Cc: Stable <stable@vger.kernel.org>
Reported-by: Rosen Penev <rosenp@gmail.com>
Signed-off-by: Tony Ambardar <Tony.Ambardar@gmail.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20200917135437.1238787-1-Tony.Ambardar@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/powerpc/include/uapi/asm/errno.h | 1 +
1 file changed, 1 insertion(+)
--- a/arch/powerpc/include/uapi/asm/errno.h
+++ b/arch/powerpc/include/uapi/asm/errno.h
@@ -2,6 +2,7 @@
#ifndef _ASM_POWERPC_ERRNO_H
#define _ASM_POWERPC_ERRNO_H
+#undef EDEADLOCK
#include <asm-generic/errno.h>
#undef EDEADLOCK
^ permalink raw reply [flat|nested] 440+ messages in thread
* [PATCH 4.19 093/425] intel_th: pci: Add Alder Lake-M support
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (91 preceding siblings ...)
2021-05-20 9:17 ` [PATCH 4.19 092/425] powerpc: fix EDEADLOCK redefinition error in uapi/asm/errno.h Greg Kroah-Hartman
@ 2021-05-20 9:17 ` Greg Kroah-Hartman
2021-05-20 9:17 ` [PATCH 4.19 094/425] tpm: vtpm_proxy: Avoid reading host log when using a virtual device Greg Kroah-Hartman
` (338 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:17 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Alexander Shishkin, Andy Shevchenko
From: Alexander Shishkin <alexander.shishkin@linux.intel.com>
commit 48cb17531b15967d9d3f34c770a25cc6c4ca6ad1 upstream.
This adds support for the Trace Hub in Alder Lake-M PCH.
Signed-off-by: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Reviewed-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Cc: stable@vger.kernel.org # v4.14+
Link: https://lore.kernel.org/r/20210414171251.14672-8-alexander.shishkin@linux.intel.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/hwtracing/intel_th/pci.c | 5 +++++
1 file changed, 5 insertions(+)
--- a/drivers/hwtracing/intel_th/pci.c
+++ b/drivers/hwtracing/intel_th/pci.c
@@ -241,6 +241,11 @@ static const struct pci_device_id intel_
.driver_data = (kernel_ulong_t)&intel_th_2x,
},
{
+ /* Alder Lake-M */
+ PCI_DEVICE(PCI_VENDOR_ID_INTEL, 0x54a6),
+ .driver_data = (kernel_ulong_t)&intel_th_2x,
+ },
+ {
/* Rocket Lake CPU */
PCI_DEVICE(PCI_VENDOR_ID_INTEL, 0x4c19),
.driver_data = (kernel_ulong_t)&intel_th_2x,
^ permalink raw reply [flat|nested] 440+ messages in thread
* [PATCH 4.19 094/425] tpm: vtpm_proxy: Avoid reading host log when using a virtual device
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (92 preceding siblings ...)
2021-05-20 9:17 ` [PATCH 4.19 093/425] intel_th: pci: Add Alder Lake-M support Greg Kroah-Hartman
@ 2021-05-20 9:17 ` Greg Kroah-Hartman
2021-05-20 9:17 ` [PATCH 4.19 095/425] md/raid1: properly indicate failure when ending a failed write request Greg Kroah-Hartman
` (337 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:17 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Stefan Berger, Jarkko Sakkinen
From: Stefan Berger <stefanb@linux.ibm.com>
commit 9716ac65efc8f780549b03bddf41e60c445d4709 upstream.
Avoid allocating memory and reading the host log when a virtual device
is used since this log is of no use to that driver. A virtual
device can be identified through the flag TPM_CHIP_FLAG_VIRTUAL, which
is only set for the tpm_vtpm_proxy driver.
Cc: stable@vger.kernel.org
Fixes: 6f99612e2500 ("tpm: Proxy driver for supporting multiple emulated TPMs")
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/char/tpm/eventlog/common.c | 3 +++
1 file changed, 3 insertions(+)
--- a/drivers/char/tpm/eventlog/common.c
+++ b/drivers/char/tpm/eventlog/common.c
@@ -112,6 +112,9 @@ void tpm_bios_log_setup(struct tpm_chip
int log_version;
int rc = 0;
+ if (chip->flags & TPM_CHIP_FLAG_VIRTUAL)
+ return;
+
rc = tpm_read_log(chip);
if (rc < 0)
return;
^ permalink raw reply [flat|nested] 440+ messages in thread
* [PATCH 4.19 095/425] md/raid1: properly indicate failure when ending a failed write request
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (93 preceding siblings ...)
2021-05-20 9:17 ` [PATCH 4.19 094/425] tpm: vtpm_proxy: Avoid reading host log when using a virtual device Greg Kroah-Hartman
@ 2021-05-20 9:17 ` Greg Kroah-Hartman
2021-05-20 9:17 ` [PATCH 4.19 096/425] dm raid: fix inconclusive reshape layout on fast raid4/5/6 table reload sequences Greg Kroah-Hartman
` (336 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:17 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Paul Clements, Song Liu
From: Paul Clements <paul.clements@us.sios.com>
commit 2417b9869b81882ab90fd5ed1081a1cb2d4db1dd upstream.
This patch addresses a data corruption bug in raid1 arrays using bitmaps.
Without this fix, the bitmap bits for the failed I/O end up being cleared.
Since we are in the failure leg of raid1_end_write_request, the request
either needs to be retried (R1BIO_WriteError) or failed (R1BIO_Degraded).
Fixes: eeba6809d8d5 ("md/raid1: end bio when the device faulty")
Cc: stable@vger.kernel.org # v5.2+
Signed-off-by: Paul Clements <paul.clements@us.sios.com>
Signed-off-by: Song Liu <song@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/md/raid1.c | 2 ++
1 file changed, 2 insertions(+)
--- a/drivers/md/raid1.c
+++ b/drivers/md/raid1.c
@@ -445,6 +445,8 @@ static void raid1_end_write_request(stru
if (!test_bit(Faulty, &rdev->flags))
set_bit(R1BIO_WriteError, &r1_bio->state);
else {
+ /* Fail the request */
+ set_bit(R1BIO_Degraded, &r1_bio->state);
/* Finished with this branch */
r1_bio->bios[mirror] = NULL;
to_put = bio;
^ permalink raw reply [flat|nested] 440+ messages in thread
* [PATCH 4.19 096/425] dm raid: fix inconclusive reshape layout on fast raid4/5/6 table reload sequences
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (94 preceding siblings ...)
2021-05-20 9:17 ` [PATCH 4.19 095/425] md/raid1: properly indicate failure when ending a failed write request Greg Kroah-Hartman
@ 2021-05-20 9:17 ` Greg Kroah-Hartman
2021-05-20 9:17 ` [PATCH 4.19 097/425] security: commoncap: fix -Wstringop-overread warning Greg Kroah-Hartman
` (335 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:17 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Heinz Mauelshagen, Mike Snitzer
From: Heinz Mauelshagen <heinzm@redhat.com>
commit f99a8e4373eeacb279bc9696937a55adbff7a28a upstream.
If fast table reloads occur during an ongoing reshape of raid4/5/6
devices the target may race reading a superblock vs the the MD resync
thread; causing an inconclusive reshape state to be read in its
constructor.
lvm2 test lvconvert-raid-reshape-stripes-load-reload.sh can cause
BUG_ON() to trigger in md_run(), e.g.:
"kernel BUG at drivers/md/raid5.c:7567!".
Scenario triggering the bug:
1. the MD sync thread calls end_reshape() from raid5_sync_request()
when done reshaping. However end_reshape() _only_ updates the
reshape position to MaxSector keeping the changed layout
configuration though (i.e. any delta disks, chunk sector or RAID
algorithm changes). That inconclusive configuration is stored in
the superblock.
2. dm-raid constructs a mapping, loading named inconsistent superblock
as of step 1 before step 3 is able to finish resetting the reshape
state completely, and calls md_run() which leads to mentioned bug
in raid5.c.
3. the MD RAID personality's finish_reshape() is called; which resets
the reshape information on chunk sectors, delta disks, etc. This
explains why the bug is rarely seen on multi-core machines, as MD's
finish_reshape() superblock update races with the dm-raid
constructor's superblock load in step 2.
Fix identifies inconclusive superblock content in the dm-raid
constructor and resets it before calling md_run(), factoring out
identifying checks into rs_is_layout_change() to share in existing
rs_reshape_requested() and new rs_reset_inclonclusive_reshape(). Also
enhance a comment and remove an empty line.
Cc: stable@vger.kernel.org
Signed-off-by: Heinz Mauelshagen <heinzm@redhat.com>
Signed-off-by: Mike Snitzer <snitzer@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/md/dm-raid.c | 34 ++++++++++++++++++++++++++++------
1 file changed, 28 insertions(+), 6 deletions(-)
--- a/drivers/md/dm-raid.c
+++ b/drivers/md/dm-raid.c
@@ -1892,6 +1892,14 @@ static bool rs_takeover_requested(struct
return rs->md.new_level != rs->md.level;
}
+/* True if layout is set to reshape. */
+static bool rs_is_layout_change(struct raid_set *rs, bool use_mddev)
+{
+ return (use_mddev ? rs->md.delta_disks : rs->delta_disks) ||
+ rs->md.new_layout != rs->md.layout ||
+ rs->md.new_chunk_sectors != rs->md.chunk_sectors;
+}
+
/* True if @rs is requested to reshape by ctr */
static bool rs_reshape_requested(struct raid_set *rs)
{
@@ -1904,9 +1912,7 @@ static bool rs_reshape_requested(struct
if (rs_is_raid0(rs))
return false;
- change = mddev->new_layout != mddev->layout ||
- mddev->new_chunk_sectors != mddev->chunk_sectors ||
- rs->delta_disks;
+ change = rs_is_layout_change(rs, false);
/* Historical case to support raid1 reshape without delta disks */
if (rs_is_raid1(rs)) {
@@ -2843,7 +2849,7 @@ static sector_t _get_reshape_sectors(str
}
/*
- *
+ * Reshape:
* - change raid layout
* - change chunk size
* - add disks
@@ -2953,6 +2959,20 @@ static int rs_setup_reshape(struct raid_
}
/*
+ * If the md resync thread has updated superblock with max reshape position
+ * at the end of a reshape but not (yet) reset the layout configuration
+ * changes -> reset the latter.
+ */
+static void rs_reset_inconclusive_reshape(struct raid_set *rs)
+{
+ if (!rs_is_reshaping(rs) && rs_is_layout_change(rs, true)) {
+ rs_set_cur(rs);
+ rs->md.delta_disks = 0;
+ rs->md.reshape_backwards = 0;
+ }
+}
+
+/*
* Enable/disable discard support on RAID set depending on
* RAID level and discard properties of underlying RAID members.
*/
@@ -3221,11 +3241,14 @@ static int raid_ctr(struct dm_target *ti
if (r)
goto bad;
+ /* Catch any inconclusive reshape superblock content. */
+ rs_reset_inconclusive_reshape(rs);
+
/* Start raid set read-only and assumed clean to change in raid_resume() */
rs->md.ro = 1;
rs->md.in_sync = 1;
- /* Keep array frozen */
+ /* Keep array frozen until resume. */
set_bit(MD_RECOVERY_FROZEN, &rs->md.recovery);
/* Has to be held on running the array */
@@ -3239,7 +3262,6 @@ static int raid_ctr(struct dm_target *ti
}
r = md_start(&rs->md);
-
if (r) {
ti->error = "Failed to start raid array";
mddev_unlock(&rs->md);
^ permalink raw reply [flat|nested] 440+ messages in thread
* [PATCH 4.19 097/425] security: commoncap: fix -Wstringop-overread warning
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (95 preceding siblings ...)
2021-05-20 9:17 ` [PATCH 4.19 096/425] dm raid: fix inconclusive reshape layout on fast raid4/5/6 table reload sequences Greg Kroah-Hartman
@ 2021-05-20 9:17 ` Greg Kroah-Hartman
2021-05-20 9:17 ` [PATCH 4.19 098/425] Fix misc new gcc warnings Greg Kroah-Hartman
` (334 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:17 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Arnd Bergmann, Christian Brauner,
James Morris, Andrey Zhizhikin
From: Arnd Bergmann <arnd@arndb.de>
commit 82e5d8cc768b0c7b03c551a9ab1f8f3f68d5f83f upstream.
gcc-11 introdces a harmless warning for cap_inode_getsecurity:
security/commoncap.c: In function ‘cap_inode_getsecurity’:
security/commoncap.c:440:33: error: ‘memcpy’ reading 16 bytes from a region of size 0 [-Werror=stringop-overread]
440 | memcpy(&nscap->data, &cap->data, sizeof(__le32) * 2 * VFS_CAP_U32);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The problem here is that tmpbuf is initialized to NULL, so gcc assumes
it is not accessible unless it gets set by vfs_getxattr_alloc(). This is
a legitimate warning as far as I can tell, but the code is correct since
it correctly handles the error when that function fails.
Add a separate NULL check to tell gcc about it as well.
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Acked-by: Christian Brauner <christian.brauner@ubuntu.com>
Signed-off-by: James Morris <jamorris@linux.microsoft.com>
Cc: Andrey Zhizhikin <andrey.z@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
security/commoncap.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/security/commoncap.c
+++ b/security/commoncap.c
@@ -397,7 +397,7 @@ int cap_inode_getsecurity(struct inode *
&tmpbuf, size, GFP_NOFS);
dput(dentry);
- if (ret < 0)
+ if (ret < 0 || !tmpbuf)
return ret;
fs_ns = inode->i_sb->s_user_ns;
^ permalink raw reply [flat|nested] 440+ messages in thread
* [PATCH 4.19 098/425] Fix misc new gcc warnings
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (96 preceding siblings ...)
2021-05-20 9:17 ` [PATCH 4.19 097/425] security: commoncap: fix -Wstringop-overread warning Greg Kroah-Hartman
@ 2021-05-20 9:17 ` Greg Kroah-Hartman
2021-05-20 9:17 ` [PATCH 4.19 099/425] jffs2: check the validity of dstlen in jffs2_zlib_compress() Greg Kroah-Hartman
` (333 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:17 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Linus Torvalds, Andrey Zhizhikin
From: Linus Torvalds <torvalds@linux-foundation.org>
commit e7c6e405e171fb33990a12ecfd14e6500d9e5cf2 upstream.
It seems like Fedora 34 ends up enabling a few new gcc warnings, notably
"-Wstringop-overread" and "-Warray-parameter".
Both of them cause what seem to be valid warnings in the kernel, where
we have array size mismatches in function arguments (that are no longer
just silently converted to a pointer to element, but actually checked).
This fixes most of the trivial ones, by making the function declaration
match the function definition, and in the case of intel_pm.c, removing
the over-specified array size from the argument declaration.
At least one 'stringop-overread' warning remains in the i915 driver, but
that one doesn't have the same obvious trivial fix, and may or may not
actually be indicative of a bug.
[ It was a mistake to upgrade one of my machines to Fedora 34 while
being busy with the merge window, but if this is the extent of the
compiler upgrade problems, things are better than usual - Linus ]
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Andrey Zhizhikin <andrey.z@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/i915/intel_pm.c | 2 +-
drivers/media/usb/dvb-usb/dvb-usb.h | 2 +-
include/scsi/libfcoe.h | 2 +-
net/bluetooth/ecdh_helper.h | 2 +-
4 files changed, 4 insertions(+), 4 deletions(-)
--- a/drivers/gpu/drm/i915/intel_pm.c
+++ b/drivers/gpu/drm/i915/intel_pm.c
@@ -2951,7 +2951,7 @@ int ilk_wm_max_level(const struct drm_i9
static void intel_print_wm_latency(struct drm_i915_private *dev_priv,
const char *name,
- const uint16_t wm[8])
+ const uint16_t wm[])
{
int level, max_level = ilk_wm_max_level(dev_priv);
--- a/drivers/media/usb/dvb-usb/dvb-usb.h
+++ b/drivers/media/usb/dvb-usb/dvb-usb.h
@@ -475,7 +475,7 @@ extern int __must_check
dvb_usb_generic_write(struct dvb_usb_device *, u8 *, u16);
/* commonly used remote control parsing */
-extern int dvb_usb_nec_rc_key_to_event(struct dvb_usb_device *, u8[], u32 *, int *);
+extern int dvb_usb_nec_rc_key_to_event(struct dvb_usb_device *, u8[5], u32 *, int *);
/* commonly used firmware download types and function */
struct hexline {
--- a/include/scsi/libfcoe.h
+++ b/include/scsi/libfcoe.h
@@ -261,7 +261,7 @@ int fcoe_ctlr_recv_flogi(struct fcoe_ctl
struct fc_frame *);
/* libfcoe funcs */
-u64 fcoe_wwn_from_mac(unsigned char mac[], unsigned int, unsigned int);
+u64 fcoe_wwn_from_mac(unsigned char mac[MAX_ADDR_LEN], unsigned int, unsigned int);
int fcoe_libfc_config(struct fc_lport *, struct fcoe_ctlr *,
const struct libfc_function_template *, int init_fcp);
u32 fcoe_fc_crc(struct fc_frame *fp);
--- a/net/bluetooth/ecdh_helper.h
+++ b/net/bluetooth/ecdh_helper.h
@@ -25,6 +25,6 @@
int compute_ecdh_secret(struct crypto_kpp *tfm, const u8 pair_public_key[64],
u8 secret[32]);
-int set_ecdh_privkey(struct crypto_kpp *tfm, const u8 *private_key);
+int set_ecdh_privkey(struct crypto_kpp *tfm, const u8 private_key[32]);
int generate_ecdh_public_key(struct crypto_kpp *tfm, u8 public_key[64]);
int generate_ecdh_keys(struct crypto_kpp *tfm, u8 public_key[64]);
^ permalink raw reply [flat|nested] 440+ messages in thread
* [PATCH 4.19 099/425] jffs2: check the validity of dstlen in jffs2_zlib_compress()
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (97 preceding siblings ...)
2021-05-20 9:17 ` [PATCH 4.19 098/425] Fix misc new gcc warnings Greg Kroah-Hartman
@ 2021-05-20 9:17 ` Greg Kroah-Hartman
2021-05-20 9:17 ` [PATCH 4.19 100/425] Revert 337f13046ff0 ("futex: Allow FUTEX_CLOCK_REALTIME with FUTEX_WAIT op") Greg Kroah-Hartman
` (332 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:17 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Yang Yang, Joel Stanley, Richard Weinberger
From: Yang Yang <yang.yang29@zte.com.cn>
commit 90ada91f4610c5ef11bc52576516d96c496fc3f1 upstream.
KASAN reports a BUG when download file in jffs2 filesystem.It is
because when dstlen == 1, cpage_out will write array out of bounds.
Actually, data will not be compressed in jffs2_zlib_compress() if
data's length less than 4.
[ 393.799778] BUG: KASAN: slab-out-of-bounds in jffs2_rtime_compress+0x214/0x2f0 at addr ffff800062e3b281
[ 393.809166] Write of size 1 by task tftp/2918
[ 393.813526] CPU: 3 PID: 2918 Comm: tftp Tainted: G B 4.9.115-rt93-EMBSYS-CGEL-6.1.R6-dirty #1
[ 393.823173] Hardware name: LS1043A RDB Board (DT)
[ 393.827870] Call trace:
[ 393.830322] [<ffff20000808c700>] dump_backtrace+0x0/0x2f0
[ 393.835721] [<ffff20000808ca04>] show_stack+0x14/0x20
[ 393.840774] [<ffff2000086ef700>] dump_stack+0x90/0xb0
[ 393.845829] [<ffff20000827b19c>] kasan_object_err+0x24/0x80
[ 393.851402] [<ffff20000827b404>] kasan_report_error+0x1b4/0x4d8
[ 393.857323] [<ffff20000827bae8>] kasan_report+0x38/0x40
[ 393.862548] [<ffff200008279d44>] __asan_store1+0x4c/0x58
[ 393.867859] [<ffff2000084ce2ec>] jffs2_rtime_compress+0x214/0x2f0
[ 393.873955] [<ffff2000084bb3b0>] jffs2_selected_compress+0x178/0x2a0
[ 393.880308] [<ffff2000084bb530>] jffs2_compress+0x58/0x478
[ 393.885796] [<ffff2000084c5b34>] jffs2_write_inode_range+0x13c/0x450
[ 393.892150] [<ffff2000084be0b8>] jffs2_write_end+0x2a8/0x4a0
[ 393.897811] [<ffff2000081f3008>] generic_perform_write+0x1c0/0x280
[ 393.903990] [<ffff2000081f5074>] __generic_file_write_iter+0x1c4/0x228
[ 393.910517] [<ffff2000081f5210>] generic_file_write_iter+0x138/0x288
[ 393.916870] [<ffff20000829ec1c>] __vfs_write+0x1b4/0x238
[ 393.922181] [<ffff20000829ff00>] vfs_write+0xd0/0x238
[ 393.927232] [<ffff2000082a1ba8>] SyS_write+0xa0/0x110
[ 393.932283] [<ffff20000808429c>] __sys_trace_return+0x0/0x4
[ 393.937851] Object at ffff800062e3b280, in cache kmalloc-64 size: 64
[ 393.944197] Allocated:
[ 393.946552] PID = 2918
[ 393.948913] save_stack_trace_tsk+0x0/0x220
[ 393.953096] save_stack_trace+0x18/0x20
[ 393.956932] kasan_kmalloc+0xd8/0x188
[ 393.960594] __kmalloc+0x144/0x238
[ 393.963994] jffs2_selected_compress+0x48/0x2a0
[ 393.968524] jffs2_compress+0x58/0x478
[ 393.972273] jffs2_write_inode_range+0x13c/0x450
[ 393.976889] jffs2_write_end+0x2a8/0x4a0
[ 393.980810] generic_perform_write+0x1c0/0x280
[ 393.985251] __generic_file_write_iter+0x1c4/0x228
[ 393.990040] generic_file_write_iter+0x138/0x288
[ 393.994655] __vfs_write+0x1b4/0x238
[ 393.998228] vfs_write+0xd0/0x238
[ 394.001543] SyS_write+0xa0/0x110
[ 394.004856] __sys_trace_return+0x0/0x4
[ 394.008684] Freed:
[ 394.010691] PID = 2918
[ 394.013051] save_stack_trace_tsk+0x0/0x220
[ 394.017233] save_stack_trace+0x18/0x20
[ 394.021069] kasan_slab_free+0x88/0x188
[ 394.024902] kfree+0x6c/0x1d8
[ 394.027868] jffs2_sum_write_sumnode+0x2c4/0x880
[ 394.032486] jffs2_do_reserve_space+0x198/0x598
[ 394.037016] jffs2_reserve_space+0x3f8/0x4d8
[ 394.041286] jffs2_write_inode_range+0xf0/0x450
[ 394.045816] jffs2_write_end+0x2a8/0x4a0
[ 394.049737] generic_perform_write+0x1c0/0x280
[ 394.054179] __generic_file_write_iter+0x1c4/0x228
[ 394.058968] generic_file_write_iter+0x138/0x288
[ 394.063583] __vfs_write+0x1b4/0x238
[ 394.067157] vfs_write+0xd0/0x238
[ 394.070470] SyS_write+0xa0/0x110
[ 394.073783] __sys_trace_return+0x0/0x4
[ 394.077612] Memory state around the buggy address:
[ 394.082404] ffff800062e3b180: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[ 394.089623] ffff800062e3b200: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[ 394.096842] >ffff800062e3b280: 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 394.104056] ^
[ 394.107283] ffff800062e3b300: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[ 394.114502] ffff800062e3b380: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[ 394.121718] ==================================================================
Signed-off-by: Yang Yang <yang.yang29@zte.com.cn>
Cc: Joel Stanley <joel@jms.id.au>
Signed-off-by: Richard Weinberger <richard@nod.at>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/jffs2/compr_rtime.c | 3 +++
1 file changed, 3 insertions(+)
--- a/fs/jffs2/compr_rtime.c
+++ b/fs/jffs2/compr_rtime.c
@@ -37,6 +37,9 @@ static int jffs2_rtime_compress(unsigned
int outpos = 0;
int pos=0;
+ if (*dstlen <= 3)
+ return -1;
+
memset(positions,0,sizeof(positions));
while (pos < (*sourcelen) && outpos <= (*dstlen)-2) {
^ permalink raw reply [flat|nested] 440+ messages in thread
* [PATCH 4.19 100/425] Revert 337f13046ff0 ("futex: Allow FUTEX_CLOCK_REALTIME with FUTEX_WAIT op")
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (98 preceding siblings ...)
2021-05-20 9:17 ` [PATCH 4.19 099/425] jffs2: check the validity of dstlen in jffs2_zlib_compress() Greg Kroah-Hartman
@ 2021-05-20 9:17 ` Greg Kroah-Hartman
2021-05-20 9:17 ` [PATCH 4.19 101/425] posix-timers: Preserve return value in clock_adjtime32() Greg Kroah-Hartman
` (331 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:17 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Thomas Gleixner, Peter Zijlstra (Intel)
From: Thomas Gleixner <tglx@linutronix.de>
commit 4fbf5d6837bf81fd7a27d771358f4ee6c4f243f8 upstream.
The FUTEX_WAIT operand has historically a relative timeout which means that
the clock id is irrelevant as relative timeouts on CLOCK_REALTIME are not
subject to wall clock changes and therefore are mapped by the kernel to
CLOCK_MONOTONIC for simplicity.
If a caller would set FUTEX_CLOCK_REALTIME for FUTEX_WAIT the timeout is
still treated relative vs. CLOCK_MONOTONIC and then the wait arms that
timeout based on CLOCK_REALTIME which is broken and obviously has never
been used or even tested.
Reject any attempt to use FUTEX_CLOCK_REALTIME with FUTEX_WAIT again.
The desired functionality can be achieved with FUTEX_WAIT_BITSET and a
FUTEX_BITSET_MATCH_ANY argument.
Fixes: 337f13046ff0 ("futex: Allow FUTEX_CLOCK_REALTIME with FUTEX_WAIT op")
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Acked-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/20210422194704.834797921@linutronix.de
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
kernel/futex.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
--- a/kernel/futex.c
+++ b/kernel/futex.c
@@ -3867,8 +3867,7 @@ long do_futex(u32 __user *uaddr, int op,
if (op & FUTEX_CLOCK_REALTIME) {
flags |= FLAGS_CLOCKRT;
- if (cmd != FUTEX_WAIT && cmd != FUTEX_WAIT_BITSET && \
- cmd != FUTEX_WAIT_REQUEUE_PI)
+ if (cmd != FUTEX_WAIT_BITSET && cmd != FUTEX_WAIT_REQUEUE_PI)
return -ENOSYS;
}
^ permalink raw reply [flat|nested] 440+ messages in thread
* [PATCH 4.19 101/425] posix-timers: Preserve return value in clock_adjtime32()
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (99 preceding siblings ...)
2021-05-20 9:17 ` [PATCH 4.19 100/425] Revert 337f13046ff0 ("futex: Allow FUTEX_CLOCK_REALTIME with FUTEX_WAIT op") Greg Kroah-Hartman
@ 2021-05-20 9:17 ` Greg Kroah-Hartman
2021-05-20 9:17 ` [PATCH 4.19 102/425] arm64: vdso: remove commas between macro name and arguments Greg Kroah-Hartman
` (330 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:17 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Chen Jun, Thomas Gleixner, Richard Cochran
From: Chen Jun <chenjun102@huawei.com>
commit 2d036dfa5f10df9782f5278fc591d79d283c1fad upstream.
The return value on success (>= 0) is overwritten by the return value of
put_old_timex32(). That works correct in the fault case, but is wrong for
the success case where put_old_timex32() returns 0.
Just check the return value of put_old_timex32() and return -EFAULT in case
it is not zero.
[ tglx: Massage changelog ]
Fixes: 3a4d44b61625 ("ntp: Move adjtimex related compat syscalls to native counterparts")
Signed-off-by: Chen Jun <chenjun102@huawei.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Reviewed-by: Richard Cochran <richardcochran@gmail.com>
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/20210414030449.90692-1-chenjun102@huawei.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
kernel/time/posix-timers.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/kernel/time/posix-timers.c
+++ b/kernel/time/posix-timers.c
@@ -1166,8 +1166,8 @@ COMPAT_SYSCALL_DEFINE2(clock_adjtime, cl
err = kc->clock_adj(which_clock, &ktx);
- if (err >= 0)
- err = compat_put_timex(utp, &ktx);
+ if (err >= 0 && compat_put_timex(utp, &ktx))
+ return -EFAULT;
return err;
}
^ permalink raw reply [flat|nested] 440+ messages in thread
* [PATCH 4.19 102/425] arm64: vdso: remove commas between macro name and arguments
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (100 preceding siblings ...)
2021-05-20 9:17 ` [PATCH 4.19 101/425] posix-timers: Preserve return value in clock_adjtime32() Greg Kroah-Hartman
@ 2021-05-20 9:17 ` Greg Kroah-Hartman
2021-05-20 9:17 ` [PATCH 4.19 103/425] ext4: fix check to prevent false positive report of incorrect used inodes Greg Kroah-Hartman
` (329 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:17 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Nathan Chancellor, Jian Cai
From: Jian Cai <jiancai@google.com>
LLVM's integrated assembler appears to assume an argument with default
value is passed whenever it sees a comma right after the macro name.
It will be fine if the number of following arguments is one less than
the number of parameters specified in the macro definition. Otherwise,
it fails. For example, the following code works:
$ cat foo.s
.macro foo arg1=2, arg2=4
ldr r0, [r1, #\arg1]
ldr r0, [r1, #\arg2]
.endm
foo, arg2=8
$ llvm-mc -triple=armv7a -filetype=obj foo.s -o ias.o
arm-linux-gnueabihf-objdump -dr ias.o
ias.o: file format elf32-littlearm
Disassembly of section .text:
00000000 <.text>:
0: e5910001 ldr r0, [r1, #2]
4: e5910003 ldr r0, [r1, #8]
While the the following code would fail:
$ cat foo.s
.macro foo arg1=2, arg2=4
ldr r0, [r1, #\arg1]
ldr r0, [r1, #\arg2]
.endm
foo, arg1=2, arg2=8
$ llvm-mc -triple=armv7a -filetype=obj foo.s -o ias.o
foo.s:6:14: error: too many positional arguments
foo, arg1=2, arg2=8
This causes build failures as follows:
arch/arm64/kernel/vdso/gettimeofday.S:230:24: error: too many positional
arguments
clock_gettime_return, shift=1
^
arch/arm64/kernel/vdso/gettimeofday.S:253:24: error: too many positional
arguments
clock_gettime_return, shift=1
^
arch/arm64/kernel/vdso/gettimeofday.S:274:24: error: too many positional
arguments
clock_gettime_return, shift=1
This error is not in mainline because commit 28b1a824a4f4 ("arm64: vdso:
Substitute gettimeofday() with C implementation") rewrote this assembler
file in C as part of a 25 patch series that is unsuitable for stable.
Just remove the comma in the clock_gettime_return invocations in 4.19 so
that GNU as and LLVM's integrated assembler work the same.
Link:
https://github.com/ClangBuiltLinux/linux/issues/1349
Suggested-by: Nathan Chancellor <nathan@kernel.org>
Reviewed-by: Nathan Chancellor <nathan@kernel.org>
Signed-off-by: Jian Cai <jiancai@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
Changes v1 -> v2:
Keep the comma in the macro definition to be consistent with other
definitions.
Changes v2 -> v3:
Edit tags.
Changes v3 -> v4:
Update the commit message based on Nathan's comments.
arch/arm64/kernel/vdso/gettimeofday.S | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
--- a/arch/arm64/kernel/vdso/gettimeofday.S
+++ b/arch/arm64/kernel/vdso/gettimeofday.S
@@ -227,7 +227,7 @@ realtime:
seqcnt_check fail=realtime
get_ts_realtime res_sec=x10, res_nsec=x11, \
clock_nsec=x15, xtime_sec=x13, xtime_nsec=x14, nsec_to_sec=x9
- clock_gettime_return, shift=1
+ clock_gettime_return shift=1
ALIGN
monotonic:
@@ -250,7 +250,7 @@ monotonic:
clock_nsec=x15, xtime_sec=x13, xtime_nsec=x14, nsec_to_sec=x9
add_ts sec=x10, nsec=x11, ts_sec=x3, ts_nsec=x4, nsec_to_sec=x9
- clock_gettime_return, shift=1
+ clock_gettime_return shift=1
ALIGN
monotonic_raw:
@@ -271,7 +271,7 @@ monotonic_raw:
clock_nsec=x15, nsec_to_sec=x9
add_ts sec=x10, nsec=x11, ts_sec=x13, ts_nsec=x14, nsec_to_sec=x9
- clock_gettime_return, shift=1
+ clock_gettime_return shift=1
ALIGN
realtime_coarse:
^ permalink raw reply [flat|nested] 440+ messages in thread
* [PATCH 4.19 103/425] ext4: fix check to prevent false positive report of incorrect used inodes
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (101 preceding siblings ...)
2021-05-20 9:17 ` [PATCH 4.19 102/425] arm64: vdso: remove commas between macro name and arguments Greg Kroah-Hartman
@ 2021-05-20 9:17 ` Greg Kroah-Hartman
2021-05-20 9:17 ` [PATCH 4.19 104/425] ext4: do not set SB_ACTIVE in ext4_orphan_cleanup() Greg Kroah-Hartman
` (328 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:17 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, stable, Zhang Yi, Jan Kara, Theodore Tso
From: Zhang Yi <yi.zhang@huawei.com>
commit a149d2a5cabbf6507a7832a1c4fd2593c55fd450 upstream.
Commit <50122847007> ("ext4: fix check to prevent initializing reserved
inodes") check the block group zero and prevent initializing reserved
inodes. But in some special cases, the reserved inode may not all belong
to the group zero, it may exist into the second group if we format
filesystem below.
mkfs.ext4 -b 4096 -g 8192 -N 1024 -I 4096 /dev/sda
So, it will end up triggering a false positive report of a corrupted
file system. This patch fix it by avoid check reserved inodes if no free
inode blocks will be zeroed.
Cc: stable@kernel.org
Fixes: 50122847007 ("ext4: fix check to prevent initializing reserved inodes")
Signed-off-by: Zhang Yi <yi.zhang@huawei.com>
Suggested-by: Jan Kara <jack@suse.cz>
Link: https://lore.kernel.org/r/20210331121516.2243099-1-yi.zhang@huawei.com
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/ext4/ialloc.c | 48 ++++++++++++++++++++++++++++++++----------------
1 file changed, 32 insertions(+), 16 deletions(-)
--- a/fs/ext4/ialloc.c
+++ b/fs/ext4/ialloc.c
@@ -1358,6 +1358,7 @@ int ext4_init_inode_table(struct super_b
handle_t *handle;
ext4_fsblk_t blk;
int num, ret = 0, used_blks = 0;
+ unsigned long used_inos = 0;
/* This should not happen, but just to be sure check this */
if (sb_rdonly(sb)) {
@@ -1388,22 +1389,37 @@ int ext4_init_inode_table(struct super_b
* used inodes so we need to skip blocks with used inodes in
* inode table.
*/
- if (!(gdp->bg_flags & cpu_to_le16(EXT4_BG_INODE_UNINIT)))
- used_blks = DIV_ROUND_UP((EXT4_INODES_PER_GROUP(sb) -
- ext4_itable_unused_count(sb, gdp)),
- sbi->s_inodes_per_block);
-
- if ((used_blks < 0) || (used_blks > sbi->s_itb_per_group) ||
- ((group == 0) && ((EXT4_INODES_PER_GROUP(sb) -
- ext4_itable_unused_count(sb, gdp)) <
- EXT4_FIRST_INO(sb)))) {
- ext4_error(sb, "Something is wrong with group %u: "
- "used itable blocks: %d; "
- "itable unused count: %u",
- group, used_blks,
- ext4_itable_unused_count(sb, gdp));
- ret = 1;
- goto err_out;
+ if (!(gdp->bg_flags & cpu_to_le16(EXT4_BG_INODE_UNINIT))) {
+ used_inos = EXT4_INODES_PER_GROUP(sb) -
+ ext4_itable_unused_count(sb, gdp);
+ used_blks = DIV_ROUND_UP(used_inos, sbi->s_inodes_per_block);
+
+ /* Bogus inode unused count? */
+ if (used_blks < 0 || used_blks > sbi->s_itb_per_group) {
+ ext4_error(sb, "Something is wrong with group %u: "
+ "used itable blocks: %d; "
+ "itable unused count: %u",
+ group, used_blks,
+ ext4_itable_unused_count(sb, gdp));
+ ret = 1;
+ goto err_out;
+ }
+
+ used_inos += group * EXT4_INODES_PER_GROUP(sb);
+ /*
+ * Are there some uninitialized inodes in the inode table
+ * before the first normal inode?
+ */
+ if ((used_blks != sbi->s_itb_per_group) &&
+ (used_inos < EXT4_FIRST_INO(sb))) {
+ ext4_error(sb, "Something is wrong with group %u: "
+ "itable unused count: %u; "
+ "itables initialized count: %ld",
+ group, ext4_itable_unused_count(sb, gdp),
+ used_inos);
+ ret = 1;
+ goto err_out;
+ }
}
blk = ext4_inode_table(sb, gdp) + used_blks;
^ permalink raw reply [flat|nested] 440+ messages in thread
* [PATCH 4.19 104/425] ext4: do not set SB_ACTIVE in ext4_orphan_cleanup()
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (102 preceding siblings ...)
2021-05-20 9:17 ` [PATCH 4.19 103/425] ext4: fix check to prevent false positive report of incorrect used inodes Greg Kroah-Hartman
@ 2021-05-20 9:17 ` Greg Kroah-Hartman
2021-05-20 9:17 ` [PATCH 4.19 105/425] ext4: fix error code in ext4_commit_super Greg Kroah-Hartman
` (327 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:17 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, stable, Zhang Yi, Jan Kara, Theodore Tso
From: Zhang Yi <yi.zhang@huawei.com>
commit 72ffb49a7b623c92a37657eda7cc46a06d3e8398 upstream.
When CONFIG_QUOTA is enabled, if we failed to mount the filesystem due
to some error happens behind ext4_orphan_cleanup(), it will end up
triggering a after free issue of super_block. The problem is that
ext4_orphan_cleanup() will set SB_ACTIVE flag if CONFIG_QUOTA is
enabled, after we cleanup the truncated inodes, the last iput() will put
them into the lru list, and these inodes' pages may probably dirty and
will be write back by the writeback thread, so it could be raced by
freeing super_block in the error path of mount_bdev().
After check the setting of SB_ACTIVE flag in ext4_orphan_cleanup(), it
was used to ensure updating the quota file properly, but evict inode and
trash data immediately in the last iput does not affect the quotafile,
so setting the SB_ACTIVE flag seems not required[1]. Fix this issue by
just remove the SB_ACTIVE setting.
[1] https://lore.kernel.org/linux-ext4/99cce8ca-e4a0-7301-840f-2ace67c551f3@huawei.com/T/#m04990cfbc4f44592421736b504afcc346b2a7c00
Cc: stable@kernel.org
Signed-off-by: Zhang Yi <yi.zhang@huawei.com>
Tested-by: Jan Kara <jack@suse.cz>
Reviewed-by: Jan Kara <jack@suse.cz>
Link: https://lore.kernel.org/r/20210331033138.918975-1-yi.zhang@huawei.com
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/ext4/super.c | 3 ---
1 file changed, 3 deletions(-)
--- a/fs/ext4/super.c
+++ b/fs/ext4/super.c
@@ -2629,9 +2629,6 @@ static void ext4_orphan_cleanup(struct s
sb->s_flags &= ~SB_RDONLY;
}
#ifdef CONFIG_QUOTA
- /* Needed for iput() to work correctly and not trash data */
- sb->s_flags |= SB_ACTIVE;
-
/*
* Turn on quotas which were not enabled for read-only mounts if
* filesystem has quota feature, so that they are updated correctly.
^ permalink raw reply [flat|nested] 440+ messages in thread
* [PATCH 4.19 105/425] ext4: fix error code in ext4_commit_super
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (103 preceding siblings ...)
2021-05-20 9:17 ` [PATCH 4.19 104/425] ext4: do not set SB_ACTIVE in ext4_orphan_cleanup() Greg Kroah-Hartman
@ 2021-05-20 9:17 ` Greg Kroah-Hartman
2021-05-20 9:17 ` [PATCH 4.19 106/425] media: dvbdev: Fix memory leak in dvb_media_device_free() Greg Kroah-Hartman
` (326 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:17 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, stable, Fengnan Chang,
Andreas Dilger, Theodore Tso
From: Fengnan Chang <changfengnan@vivo.com>
commit f88f1466e2a2e5ca17dfada436d3efa1b03a3972 upstream.
We should set the error code when ext4_commit_super check argument failed.
Found in code review.
Fixes: c4be0c1dc4cdc ("filesystem freeze: add error handling of write_super_lockfs/unlockfs").
Cc: stable@kernel.org
Signed-off-by: Fengnan Chang <changfengnan@vivo.com>
Reviewed-by: Andreas Dilger <adilger@dilger.ca>
Link: https://lore.kernel.org/r/20210402101631.561-1-changfengnan@vivo.com
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/ext4/super.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
--- a/fs/ext4/super.c
+++ b/fs/ext4/super.c
@@ -4959,8 +4959,10 @@ static int ext4_commit_super(struct supe
struct buffer_head *sbh = EXT4_SB(sb)->s_sbh;
int error = 0;
- if (!sbh || block_device_ejected(sb))
- return error;
+ if (!sbh)
+ return -EINVAL;
+ if (block_device_ejected(sb))
+ return -ENODEV;
/*
* If the file system is mounted read-only, don't update the
^ permalink raw reply [flat|nested] 440+ messages in thread
* [PATCH 4.19 106/425] media: dvbdev: Fix memory leak in dvb_media_device_free()
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (104 preceding siblings ...)
2021-05-20 9:17 ` [PATCH 4.19 105/425] ext4: fix error code in ext4_commit_super Greg Kroah-Hartman
@ 2021-05-20 9:17 ` Greg Kroah-Hartman
2021-05-20 9:17 ` [PATCH 4.19 107/425] usb: gadget: dummy_hcd: fix gpf in gadget_setup Greg Kroah-Hartman
` (325 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:17 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, syzbot+7f09440acc069a0d38ac,
Peilin Ye, Mauro Carvalho Chehab
From: Peilin Ye <yepeilin.cs@gmail.com>
commit bf9a40ae8d722f281a2721779595d6df1c33a0bf upstream.
dvb_media_device_free() is leaking memory. Free `dvbdev->adapter->conn`
before setting it to NULL, as documented in include/media/media-device.h:
"The media_entity instance itself must be freed explicitly by the driver
if required."
Link: https://syzkaller.appspot.com/bug?id=9bbe4b842c98f0ed05c5eed77a226e9de33bf298
Link: https://lore.kernel.org/linux-media/20201211083039.521617-1-yepeilin.cs@gmail.com
Cc: stable@vger.kernel.org
Fixes: 0230d60e4661 ("[media] dvbdev: Add RF connector if needed")
Reported-by: syzbot+7f09440acc069a0d38ac@syzkaller.appspotmail.com
Signed-off-by: Peilin Ye <yepeilin.cs@gmail.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/media/dvb-core/dvbdev.c | 1 +
1 file changed, 1 insertion(+)
--- a/drivers/media/dvb-core/dvbdev.c
+++ b/drivers/media/dvb-core/dvbdev.c
@@ -241,6 +241,7 @@ static void dvb_media_device_free(struct
if (dvbdev->adapter->conn) {
media_device_unregister_entity(dvbdev->adapter->conn);
+ kfree(dvbdev->adapter->conn);
dvbdev->adapter->conn = NULL;
kfree(dvbdev->adapter->conn_pads);
dvbdev->adapter->conn_pads = NULL;
^ permalink raw reply [flat|nested] 440+ messages in thread
* [PATCH 4.19 107/425] usb: gadget: dummy_hcd: fix gpf in gadget_setup
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (105 preceding siblings ...)
2021-05-20 9:17 ` [PATCH 4.19 106/425] media: dvbdev: Fix memory leak in dvb_media_device_free() Greg Kroah-Hartman
@ 2021-05-20 9:17 ` Greg Kroah-Hartman
2021-05-20 9:17 ` [PATCH 4.19 108/425] usb: gadget: Fix double free of device descriptor pointers Greg Kroah-Hartman
` (324 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:17 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, syzbot+eb4674092e6cc8d9e0bd,
Alan Stern, Anirudh Rayabharam
From: Anirudh Rayabharam <mail@anirudhrb.com>
commit 4a5d797a9f9c4f18585544237216d7812686a71f upstream.
Fix a general protection fault reported by syzbot due to a race between
gadget_setup() and gadget_unbind() in raw_gadget.
The gadget core is supposed to guarantee that there won't be any more
callbacks to the gadget driver once the driver's unbind routine is
called. That guarantee is enforced in usb_gadget_remove_driver as
follows:
usb_gadget_disconnect(udc->gadget);
if (udc->gadget->irq)
synchronize_irq(udc->gadget->irq);
udc->driver->unbind(udc->gadget);
usb_gadget_udc_stop(udc);
usb_gadget_disconnect turns off the pullup resistor, telling the host
that the gadget is no longer connected and preventing the transmission
of any more USB packets. Any packets that have already been received
are sure to processed by the UDC driver's interrupt handler by the time
synchronize_irq returns.
But this doesn't work with dummy_hcd, because dummy_hcd doesn't use
interrupts; it uses a timer instead. It does have code to emulate the
effect of synchronize_irq, but that code doesn't get invoked at the
right time -- it currently runs in usb_gadget_udc_stop, after the unbind
callback instead of before. Indeed, there's no way for
usb_gadget_remove_driver to invoke this code before the unbind callback.
To fix this, move the synchronize_irq() emulation code to dummy_pullup
so that it runs before unbind. Also, add a comment explaining why it is
necessary to have it there.
Reported-by: syzbot+eb4674092e6cc8d9e0bd@syzkaller.appspotmail.com
Suggested-by: Alan Stern <stern@rowland.harvard.edu>
Acked-by: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Anirudh Rayabharam <mail@anirudhrb.com>
Link: https://lore.kernel.org/r/20210419033713.3021-1-mail@anirudhrb.com
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/gadget/udc/dummy_hcd.c | 23 +++++++++++++++--------
1 file changed, 15 insertions(+), 8 deletions(-)
--- a/drivers/usb/gadget/udc/dummy_hcd.c
+++ b/drivers/usb/gadget/udc/dummy_hcd.c
@@ -914,6 +914,21 @@ static int dummy_pullup(struct usb_gadge
spin_lock_irqsave(&dum->lock, flags);
dum->pullup = (value != 0);
set_link_state(dum_hcd);
+ if (value == 0) {
+ /*
+ * Emulate synchronize_irq(): wait for callbacks to finish.
+ * This seems to be the best place to emulate the call to
+ * synchronize_irq() that's in usb_gadget_remove_driver().
+ * Doing it in dummy_udc_stop() would be too late since it
+ * is called after the unbind callback and unbind shouldn't
+ * be invoked until all the other callbacks are finished.
+ */
+ while (dum->callback_usage > 0) {
+ spin_unlock_irqrestore(&dum->lock, flags);
+ usleep_range(1000, 2000);
+ spin_lock_irqsave(&dum->lock, flags);
+ }
+ }
spin_unlock_irqrestore(&dum->lock, flags);
usb_hcd_poll_rh_status(dummy_hcd_to_hcd(dum_hcd));
@@ -1015,14 +1030,6 @@ static int dummy_udc_stop(struct usb_gad
spin_lock_irq(&dum->lock);
dum->ints_enabled = 0;
stop_activity(dum);
-
- /* emulate synchronize_irq(): wait for callbacks to finish */
- while (dum->callback_usage > 0) {
- spin_unlock_irq(&dum->lock);
- usleep_range(1000, 2000);
- spin_lock_irq(&dum->lock);
- }
-
dum->driver = NULL;
spin_unlock_irq(&dum->lock);
^ permalink raw reply [flat|nested] 440+ messages in thread
* [PATCH 4.19 108/425] usb: gadget: Fix double free of device descriptor pointers
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (106 preceding siblings ...)
2021-05-20 9:17 ` [PATCH 4.19 107/425] usb: gadget: dummy_hcd: fix gpf in gadget_setup Greg Kroah-Hartman
@ 2021-05-20 9:17 ` Greg Kroah-Hartman
2021-05-20 9:17 ` [PATCH 4.19 109/425] usb: gadget/function/f_fs string table fix for multiple languages Greg Kroah-Hartman
` (323 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:17 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Peter Chen, Hemant Kumar, Wesley Cheng
From: Hemant Kumar <hemantk@codeaurora.org>
commit 43c4cab006f55b6ca549dd1214e22f5965a8675f upstream.
Upon driver unbind usb_free_all_descriptors() function frees all
speed descriptor pointers without setting them to NULL. In case
gadget speed changes (i.e from super speed plus to super speed)
after driver unbind only upto super speed descriptor pointers get
populated. Super speed plus desc still holds the stale (already
freed) pointer. Fix this issue by setting all descriptor pointers
to NULL after freeing them in usb_free_all_descriptors().
Fixes: f5c61225cf29 ("usb: gadget: Update function for SuperSpeedPlus")
cc: stable@vger.kernel.org
Reviewed-by: Peter Chen <peter.chen@kernel.org>
Signed-off-by: Hemant Kumar <hemantk@codeaurora.org>
Signed-off-by: Wesley Cheng <wcheng@codeaurora.org>
Link: https://lore.kernel.org/r/1619034452-17334-1-git-send-email-wcheng@codeaurora.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/gadget/config.c | 4 ++++
1 file changed, 4 insertions(+)
--- a/drivers/usb/gadget/config.c
+++ b/drivers/usb/gadget/config.c
@@ -194,9 +194,13 @@ EXPORT_SYMBOL_GPL(usb_assign_descriptors
void usb_free_all_descriptors(struct usb_function *f)
{
usb_free_descriptors(f->fs_descriptors);
+ f->fs_descriptors = NULL;
usb_free_descriptors(f->hs_descriptors);
+ f->hs_descriptors = NULL;
usb_free_descriptors(f->ss_descriptors);
+ f->ss_descriptors = NULL;
usb_free_descriptors(f->ssp_descriptors);
+ f->ssp_descriptors = NULL;
}
EXPORT_SYMBOL_GPL(usb_free_all_descriptors);
^ permalink raw reply [flat|nested] 440+ messages in thread
* [PATCH 4.19 109/425] usb: gadget/function/f_fs string table fix for multiple languages
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (107 preceding siblings ...)
2021-05-20 9:17 ` [PATCH 4.19 108/425] usb: gadget: Fix double free of device descriptor pointers Greg Kroah-Hartman
@ 2021-05-20 9:17 ` Greg Kroah-Hartman
2021-05-20 9:17 ` [PATCH 4.19 110/425] usb: dwc3: gadget: Fix START_TRANSFER link state check Greg Kroah-Hartman
` (322 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:17 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Dean Anderson
From: Dean Anderson <dean@sensoray.com>
commit 55b74ce7d2ce0b0058f3e08cab185a0afacfe39e upstream.
Fixes bug with the handling of more than one language in
the string table in f_fs.c.
str_count was not reset for subsequent language codes.
str_count-- "rolls under" and processes u32 max strings on
the processing of the second language entry.
The existing bug can be reproduced by adding a second language table
to the structure "strings" in tools/usb/ffs-test.c.
Signed-off-by: Dean Anderson <dean@sensoray.com>
Link: https://lore.kernel.org/r/20210317224109.21534-1-dean@sensoray.com
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/gadget/function/f_fs.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/drivers/usb/gadget/function/f_fs.c
+++ b/drivers/usb/gadget/function/f_fs.c
@@ -2553,6 +2553,7 @@ static int __ffs_data_got_strings(struct
do { /* lang_count > 0 so we can use do-while */
unsigned needed = needed_count;
+ u32 str_per_lang = str_count;
if (unlikely(len < 3))
goto error_free;
@@ -2588,7 +2589,7 @@ static int __ffs_data_got_strings(struct
data += length + 1;
len -= length + 1;
- } while (--str_count);
+ } while (--str_per_lang);
s->id = 0; /* terminator */
s->s = NULL;
^ permalink raw reply [flat|nested] 440+ messages in thread
* [PATCH 4.19 110/425] usb: dwc3: gadget: Fix START_TRANSFER link state check
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (108 preceding siblings ...)
2021-05-20 9:17 ` [PATCH 4.19 109/425] usb: gadget/function/f_fs string table fix for multiple languages Greg Kroah-Hartman
@ 2021-05-20 9:17 ` Greg Kroah-Hartman
2021-05-20 9:18 ` [PATCH 4.19 111/425] usb: dwc2: Fix session request interrupt handler Greg Kroah-Hartman
` (321 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:17 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Felipe Balbi, Thinh Nguyen
From: Thinh Nguyen <Thinh.Nguyen@synopsys.com>
commit c560e76319a94a3b9285bc426c609903408e4826 upstream.
The START_TRANSFER command needs to be executed while in ON/U0 link
state (with an exception during register initialization). Don't use
dwc->link_state to check this since the driver only tracks the link
state when the link state change interrupt is enabled. Check the link
state from DSTS register instead.
Note that often the host already brings the device out of low power
before it sends/requests the next transfer. So, the user won't see any
issue when the device starts transfer then. This issue is more
noticeable in cases when the device delays starting transfer, which can
happen during delayed control status after the host put the device in
low power.
Fixes: 799e9dc82968 ("usb: dwc3: gadget: conditionally disable Link State change events")
Cc: <stable@vger.kernel.org>
Acked-by: Felipe Balbi <balbi@kernel.org>
Signed-off-by: Thinh Nguyen <Thinh.Nguyen@synopsys.com>
Link: https://lore.kernel.org/r/bcefaa9ecbc3e1936858c0baa14de6612960e909.1618884221.git.Thinh.Nguyen@synopsys.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/dwc3/gadget.c | 13 +++++++------
1 file changed, 7 insertions(+), 6 deletions(-)
--- a/drivers/usb/dwc3/gadget.c
+++ b/drivers/usb/dwc3/gadget.c
@@ -304,13 +304,12 @@ int dwc3_send_gadget_ep_cmd(struct dwc3_
}
if (DWC3_DEPCMD_CMD(cmd) == DWC3_DEPCMD_STARTTRANSFER) {
- int needs_wakeup;
+ int link_state;
- needs_wakeup = (dwc->link_state == DWC3_LINK_STATE_U1 ||
- dwc->link_state == DWC3_LINK_STATE_U2 ||
- dwc->link_state == DWC3_LINK_STATE_U3);
-
- if (unlikely(needs_wakeup)) {
+ link_state = dwc3_gadget_get_link_state(dwc);
+ if (link_state == DWC3_LINK_STATE_U1 ||
+ link_state == DWC3_LINK_STATE_U2 ||
+ link_state == DWC3_LINK_STATE_U3) {
ret = __dwc3_gadget_wakeup(dwc);
dev_WARN_ONCE(dwc->dev, ret, "wakeup failed --> %d\n",
ret);
@@ -1674,6 +1673,8 @@ static int __dwc3_gadget_wakeup(struct d
case DWC3_LINK_STATE_RESET:
case DWC3_LINK_STATE_RX_DET: /* in HS, means Early Suspend */
case DWC3_LINK_STATE_U3: /* in HS, means SUSPEND */
+ case DWC3_LINK_STATE_U2: /* in HS, means Sleep (L1) */
+ case DWC3_LINK_STATE_U1:
case DWC3_LINK_STATE_RESUME:
break;
default:
^ permalink raw reply [flat|nested] 440+ messages in thread
* [PATCH 4.19 111/425] usb: dwc2: Fix session request interrupt handler
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (109 preceding siblings ...)
2021-05-20 9:17 ` [PATCH 4.19 110/425] usb: dwc3: gadget: Fix START_TRANSFER link state check Greg Kroah-Hartman
@ 2021-05-20 9:18 ` Greg Kroah-Hartman
2021-05-20 9:18 ` [PATCH 4.19 112/425] tty: fix memory leak in vc_deallocate Greg Kroah-Hartman
` (320 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:18 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Minas Harutyunyan, Artur Petrosyan
From: Artur Petrosyan <Arthur.Petrosyan@synopsys.com>
commit 42b32b164acecd850edef010915a02418345a033 upstream.
According to programming guide in host mode, port
power must be turned on in session request
interrupt handlers.
Fixes: 21795c826a45 ("usb: dwc2: exit hibernation on session request")
Cc: <stable@vger.kernel.org>
Acked-by: Minas Harutyunyan <Minas.Harutyunyan@synopsys.com>
Signed-off-by: Artur Petrosyan <Arthur.Petrosyan@synopsys.com>
Link: https://lore.kernel.org/r/20210408094550.75484A0094@mailhost.synopsys.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/dwc2/core_intr.c | 8 ++++++++
1 file changed, 8 insertions(+)
--- a/drivers/usb/dwc2/core_intr.c
+++ b/drivers/usb/dwc2/core_intr.c
@@ -312,6 +312,7 @@ static void dwc2_handle_conn_id_status_c
static void dwc2_handle_session_req_intr(struct dwc2_hsotg *hsotg)
{
int ret;
+ u32 hprt0;
/* Clear interrupt */
dwc2_writel(hsotg, GINTSTS_SESSREQINT, GINTSTS);
@@ -332,6 +333,13 @@ static void dwc2_handle_session_req_intr
* established
*/
dwc2_hsotg_disconnect(hsotg);
+ } else {
+ /* Turn on the port power bit. */
+ hprt0 = dwc2_read_hprt0(hsotg);
+ hprt0 |= HPRT0_PWR;
+ dwc2_writel(hsotg, hprt0, HPRT0);
+ /* Connect hcd after port power is set. */
+ dwc2_hcd_connect(hsotg);
}
}
^ permalink raw reply [flat|nested] 440+ messages in thread
* [PATCH 4.19 112/425] tty: fix memory leak in vc_deallocate
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (110 preceding siblings ...)
2021-05-20 9:18 ` [PATCH 4.19 111/425] usb: dwc2: Fix session request interrupt handler Greg Kroah-Hartman
@ 2021-05-20 9:18 ` Greg Kroah-Hartman
2021-05-20 9:18 ` [PATCH 4.19 113/425] rsi: Use resume_noirq for SDIO Greg Kroah-Hartman
` (319 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:18 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, syzbot+bcc922b19ccc64240b42, Pavel Skripkin
From: Pavel Skripkin <paskripkin@gmail.com>
commit 211b4d42b70f1c1660feaa968dac0efc2a96ac4d upstream.
syzbot reported memory leak in tty/vt.
The problem was in VT_DISALLOCATE ioctl cmd.
After allocating unimap with PIO_UNIMAP it wasn't
freed via VT_DISALLOCATE, but vc_cons[currcons].d was
zeroed.
Reported-by: syzbot+bcc922b19ccc64240b42@syzkaller.appspotmail.com
Signed-off-by: Pavel Skripkin <paskripkin@gmail.com>
Cc: stable <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20210327214443.21548-1-paskripkin@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/tty/vt/vt.c | 1 +
1 file changed, 1 insertion(+)
--- a/drivers/tty/vt/vt.c
+++ b/drivers/tty/vt/vt.c
@@ -1380,6 +1380,7 @@ struct vc_data *vc_deallocate(unsigned i
atomic_notifier_call_chain(&vt_notifier_list, VT_DEALLOCATE, ¶m);
vcs_remove_sysfs(currcons);
visual_deinit(vc);
+ con_free_unimap(vc);
put_pid(vc->vt_pid);
vc_uniscr_set(vc, NULL);
kfree(vc->vc_screenbuf);
^ permalink raw reply [flat|nested] 440+ messages in thread
* [PATCH 4.19 113/425] rsi: Use resume_noirq for SDIO
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (111 preceding siblings ...)
2021-05-20 9:18 ` [PATCH 4.19 112/425] tty: fix memory leak in vc_deallocate Greg Kroah-Hartman
@ 2021-05-20 9:18 ` Greg Kroah-Hartman
2021-05-20 9:18 ` [PATCH 4.19 114/425] tracing: Map all PIDs to command lines Greg Kroah-Hartman
` (318 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:18 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Marek Vasut, Amitkumar Karwar,
Angus Ainslie, David S. Miller, Jakub Kicinski, Kalle Valo,
Karun Eagalapati, Martin Kepplinger, Sebastian Krzyszkowiak,
Siva Rebbagondla, netdev
From: Marek Vasut <marex@denx.de>
commit c434e5e48dc4e626364491455f97e2db0aa137b1 upstream.
The rsi_resume() does access the bus to enable interrupts on the RSI
SDIO WiFi card, however when calling sdio_claim_host() in the resume
path, it is possible the bus is already claimed and sdio_claim_host()
spins indefinitelly. Enable the SDIO card interrupts in resume_noirq
instead to prevent anything else from claiming the SDIO bus first.
Fixes: 20db07332736 ("rsi: sdio suspend and resume support")
Signed-off-by: Marek Vasut <marex@denx.de>
Cc: Amitkumar Karwar <amit.karwar@redpinesignals.com>
Cc: Angus Ainslie <angus@akkea.ca>
Cc: David S. Miller <davem@davemloft.net>
Cc: Jakub Kicinski <kuba@kernel.org>
Cc: Kalle Valo <kvalo@codeaurora.org>
Cc: Karun Eagalapati <karun256@gmail.com>
Cc: Martin Kepplinger <martink@posteo.de>
Cc: Sebastian Krzyszkowiak <sebastian.krzyszkowiak@puri.sm>
Cc: Siva Rebbagondla <siva8118@gmail.com>
Cc: netdev@vger.kernel.org
Cc: stable@vger.kernel.org
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/20210327235932.175896-1-marex@denx.de
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/wireless/rsi/rsi_91x_sdio.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/net/wireless/rsi/rsi_91x_sdio.c
+++ b/drivers/net/wireless/rsi/rsi_91x_sdio.c
@@ -1400,7 +1400,7 @@ static int rsi_restore(struct device *de
}
static const struct dev_pm_ops rsi_pm_ops = {
.suspend = rsi_suspend,
- .resume = rsi_resume,
+ .resume_noirq = rsi_resume,
.freeze = rsi_freeze,
.thaw = rsi_thaw,
.restore = rsi_restore,
^ permalink raw reply [flat|nested] 440+ messages in thread
* [PATCH 4.19 114/425] tracing: Map all PIDs to command lines
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (112 preceding siblings ...)
2021-05-20 9:18 ` [PATCH 4.19 113/425] rsi: Use resume_noirq for SDIO Greg Kroah-Hartman
@ 2021-05-20 9:18 ` Greg Kroah-Hartman
2021-05-20 9:18 ` [PATCH 4.19 115/425] tracing: Restructure trace_clock_global() to never block Greg Kroah-Hartman
` (317 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:18 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Steven Rostedt (VMware)
From: Steven Rostedt (VMware) <rostedt@goodmis.org>
commit 785e3c0a3a870e72dc530856136ab4c8dd207128 upstream.
The default max PID is set by PID_MAX_DEFAULT, and the tracing
infrastructure uses this number to map PIDs to the comm names of the
tasks, such output of the trace can show names from the recorded PIDs in
the ring buffer. This mapping is also exported to user space via the
"saved_cmdlines" file in the tracefs directory.
But currently the mapping expects the PIDs to be less than
PID_MAX_DEFAULT, which is the default maximum and not the real maximum.
Recently, systemd will increases the maximum value of a PID on the system,
and when tasks are traced that have a PID higher than PID_MAX_DEFAULT, its
comm is not recorded. This leads to the entire trace to have "<...>" as
the comm name, which is pretty useless.
Instead, keep the array mapping the size of PID_MAX_DEFAULT, but instead
of just mapping the index to the comm, map a mask of the PID
(PID_MAX_DEFAULT - 1) to the comm, and find the full PID from the
map_cmdline_to_pid array (that already exists).
This bug goes back to the beginning of ftrace, but hasn't been an issue
until user space started increasing the maximum value of PIDs.
Link: https://lkml.kernel.org/r/20210427113207.3c601884@gandalf.local.home
Cc: stable@vger.kernel.org
Fixes: bc0c38d139ec7 ("ftrace: latency tracer infrastructure")
Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
kernel/trace/trace.c | 41 +++++++++++++++--------------------------
1 file changed, 15 insertions(+), 26 deletions(-)
--- a/kernel/trace/trace.c
+++ b/kernel/trace/trace.c
@@ -1935,14 +1935,13 @@ static void tracing_stop_tr(struct trace
static int trace_save_cmdline(struct task_struct *tsk)
{
- unsigned pid, idx;
+ unsigned tpid, idx;
/* treat recording of idle task as a success */
if (!tsk->pid)
return 1;
- if (unlikely(tsk->pid > PID_MAX_DEFAULT))
- return 0;
+ tpid = tsk->pid & (PID_MAX_DEFAULT - 1);
/*
* It's not the end of the world if we don't get
@@ -1953,26 +1952,15 @@ static int trace_save_cmdline(struct tas
if (!arch_spin_trylock(&trace_cmdline_lock))
return 0;
- idx = savedcmd->map_pid_to_cmdline[tsk->pid];
+ idx = savedcmd->map_pid_to_cmdline[tpid];
if (idx == NO_CMDLINE_MAP) {
idx = (savedcmd->cmdline_idx + 1) % savedcmd->cmdline_num;
- /*
- * Check whether the cmdline buffer at idx has a pid
- * mapped. We are going to overwrite that entry so we
- * need to clear the map_pid_to_cmdline. Otherwise we
- * would read the new comm for the old pid.
- */
- pid = savedcmd->map_cmdline_to_pid[idx];
- if (pid != NO_CMDLINE_MAP)
- savedcmd->map_pid_to_cmdline[pid] = NO_CMDLINE_MAP;
-
- savedcmd->map_cmdline_to_pid[idx] = tsk->pid;
- savedcmd->map_pid_to_cmdline[tsk->pid] = idx;
-
+ savedcmd->map_pid_to_cmdline[tpid] = idx;
savedcmd->cmdline_idx = idx;
}
+ savedcmd->map_cmdline_to_pid[idx] = tsk->pid;
set_cmdline(idx, tsk->comm);
arch_spin_unlock(&trace_cmdline_lock);
@@ -1983,6 +1971,7 @@ static int trace_save_cmdline(struct tas
static void __trace_find_cmdline(int pid, char comm[])
{
unsigned map;
+ int tpid;
if (!pid) {
strcpy(comm, "<idle>");
@@ -1994,16 +1983,16 @@ static void __trace_find_cmdline(int pid
return;
}
- if (pid > PID_MAX_DEFAULT) {
- strcpy(comm, "<...>");
- return;
+ tpid = pid & (PID_MAX_DEFAULT - 1);
+ map = savedcmd->map_pid_to_cmdline[tpid];
+ if (map != NO_CMDLINE_MAP) {
+ tpid = savedcmd->map_cmdline_to_pid[map];
+ if (tpid == pid) {
+ strlcpy(comm, get_saved_cmdlines(map), TASK_COMM_LEN);
+ return;
+ }
}
-
- map = savedcmd->map_pid_to_cmdline[pid];
- if (map != NO_CMDLINE_MAP)
- strlcpy(comm, get_saved_cmdlines(map), TASK_COMM_LEN);
- else
- strcpy(comm, "<...>");
+ strcpy(comm, "<...>");
}
void trace_find_cmdline(int pid, char comm[])
^ permalink raw reply [flat|nested] 440+ messages in thread
* [PATCH 4.19 115/425] tracing: Restructure trace_clock_global() to never block
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (113 preceding siblings ...)
2021-05-20 9:18 ` [PATCH 4.19 114/425] tracing: Map all PIDs to command lines Greg Kroah-Hartman
@ 2021-05-20 9:18 ` Greg Kroah-Hartman
2021-05-20 9:18 ` [PATCH 4.19 116/425] dm persistent data: packed struct should have an aligned() attribute too Greg Kroah-Hartman
` (316 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:18 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Konstantin Kharlamov, Todd Brandt,
Steven Rostedt (VMware)
From: Steven Rostedt (VMware) <rostedt@goodmis.org>
commit aafe104aa9096827a429bc1358f8260ee565b7cc upstream.
It was reported that a fix to the ring buffer recursion detection would
cause a hung machine when performing suspend / resume testing. The
following backtrace was extracted from debugging that case:
Call Trace:
trace_clock_global+0x91/0xa0
__rb_reserve_next+0x237/0x460
ring_buffer_lock_reserve+0x12a/0x3f0
trace_buffer_lock_reserve+0x10/0x50
__trace_graph_return+0x1f/0x80
trace_graph_return+0xb7/0xf0
? trace_clock_global+0x91/0xa0
ftrace_return_to_handler+0x8b/0xf0
? pv_hash+0xa0/0xa0
return_to_handler+0x15/0x30
? ftrace_graph_caller+0xa0/0xa0
? trace_clock_global+0x91/0xa0
? __rb_reserve_next+0x237/0x460
? ring_buffer_lock_reserve+0x12a/0x3f0
? trace_event_buffer_lock_reserve+0x3c/0x120
? trace_event_buffer_reserve+0x6b/0xc0
? trace_event_raw_event_device_pm_callback_start+0x125/0x2d0
? dpm_run_callback+0x3b/0xc0
? pm_ops_is_empty+0x50/0x50
? platform_get_irq_byname_optional+0x90/0x90
? trace_device_pm_callback_start+0x82/0xd0
? dpm_run_callback+0x49/0xc0
With the following RIP:
RIP: 0010:native_queued_spin_lock_slowpath+0x69/0x200
Since the fix to the recursion detection would allow a single recursion to
happen while tracing, this lead to the trace_clock_global() taking a spin
lock and then trying to take it again:
ring_buffer_lock_reserve() {
trace_clock_global() {
arch_spin_lock() {
queued_spin_lock_slowpath() {
/* lock taken */
(something else gets traced by function graph tracer)
ring_buffer_lock_reserve() {
trace_clock_global() {
arch_spin_lock() {
queued_spin_lock_slowpath() {
/* DEAD LOCK! */
Tracing should *never* block, as it can lead to strange lockups like the
above.
Restructure the trace_clock_global() code to instead of simply taking a
lock to update the recorded "prev_time" simply use it, as two events
happening on two different CPUs that calls this at the same time, really
doesn't matter which one goes first. Use a trylock to grab the lock for
updating the prev_time, and if it fails, simply try again the next time.
If it failed to be taken, that means something else is already updating
it.
Link: https://lkml.kernel.org/r/20210430121758.650b6e8a@gandalf.local.home
Cc: stable@vger.kernel.org
Tested-by: Konstantin Kharlamov <hi-angel@yandex.ru>
Tested-by: Todd Brandt <todd.e.brandt@linux.intel.com>
Fixes: b02414c8f045 ("ring-buffer: Fix recursion protection transitions between interrupt context") # started showing the problem
Fixes: 14131f2f98ac3 ("tracing: implement trace_clock_*() APIs") # where the bug happened
Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=212761
Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
kernel/trace/trace_clock.c | 48 ++++++++++++++++++++++++++++++---------------
1 file changed, 32 insertions(+), 16 deletions(-)
--- a/kernel/trace/trace_clock.c
+++ b/kernel/trace/trace_clock.c
@@ -95,33 +95,49 @@ u64 notrace trace_clock_global(void)
{
unsigned long flags;
int this_cpu;
- u64 now;
+ u64 now, prev_time;
raw_local_irq_save(flags);
this_cpu = raw_smp_processor_id();
- now = sched_clock_cpu(this_cpu);
+
/*
- * If in an NMI context then dont risk lockups and return the
- * cpu_clock() time:
+ * The global clock "guarantees" that the events are ordered
+ * between CPUs. But if two events on two different CPUS call
+ * trace_clock_global at roughly the same time, it really does
+ * not matter which one gets the earlier time. Just make sure
+ * that the same CPU will always show a monotonic clock.
+ *
+ * Use a read memory barrier to get the latest written
+ * time that was recorded.
*/
- if (unlikely(in_nmi()))
- goto out;
+ smp_rmb();
+ prev_time = READ_ONCE(trace_clock_struct.prev_time);
+ now = sched_clock_cpu(this_cpu);
- arch_spin_lock(&trace_clock_struct.lock);
+ /* Make sure that now is always greater than prev_time */
+ if ((s64)(now - prev_time) < 0)
+ now = prev_time + 1;
/*
- * TODO: if this happens often then maybe we should reset
- * my_scd->clock to prev_time+1, to make sure
- * we start ticking with the local clock from now on?
+ * If in an NMI context then dont risk lockups and simply return
+ * the current time.
*/
- if ((s64)(now - trace_clock_struct.prev_time) < 0)
- now = trace_clock_struct.prev_time + 1;
-
- trace_clock_struct.prev_time = now;
-
- arch_spin_unlock(&trace_clock_struct.lock);
+ if (unlikely(in_nmi()))
+ goto out;
+ /* Tracing can cause strange recursion, always use a try lock */
+ if (arch_spin_trylock(&trace_clock_struct.lock)) {
+ /* Reread prev_time in case it was already updated */
+ prev_time = READ_ONCE(trace_clock_struct.prev_time);
+ if ((s64)(now - prev_time) < 0)
+ now = prev_time + 1;
+
+ trace_clock_struct.prev_time = now;
+
+ /* The unlock acts as the wmb for the above rmb */
+ arch_spin_unlock(&trace_clock_struct.lock);
+ }
out:
raw_local_irq_restore(flags);
^ permalink raw reply [flat|nested] 440+ messages in thread
* [PATCH 4.19 116/425] dm persistent data: packed struct should have an aligned() attribute too
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (114 preceding siblings ...)
2021-05-20 9:18 ` [PATCH 4.19 115/425] tracing: Restructure trace_clock_global() to never block Greg Kroah-Hartman
@ 2021-05-20 9:18 ` Greg Kroah-Hartman
2021-05-20 9:18 ` [PATCH 4.19 117/425] dm space map common: fix division bug in sm_ll_find_free_block() Greg Kroah-Hartman
` (315 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:18 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Joe Thornber, Mike Snitzer
From: Joe Thornber <ejt@redhat.com>
commit a88b2358f1da2c9f9fcc432f2e0a79617fea397c upstream.
Otherwise most non-x86 architectures (e.g. riscv, arm) will resort to
byte-by-byte access.
Cc: stable@vger.kernel.org
Signed-off-by: Joe Thornber <ejt@redhat.com>
Signed-off-by: Mike Snitzer <snitzer@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/md/persistent-data/dm-btree-internal.h | 4 ++--
drivers/md/persistent-data/dm-space-map-common.h | 8 ++++----
2 files changed, 6 insertions(+), 6 deletions(-)
--- a/drivers/md/persistent-data/dm-btree-internal.h
+++ b/drivers/md/persistent-data/dm-btree-internal.h
@@ -34,12 +34,12 @@ struct node_header {
__le32 max_entries;
__le32 value_size;
__le32 padding;
-} __packed;
+} __attribute__((packed, aligned(8)));
struct btree_node {
struct node_header header;
__le64 keys[0];
-} __packed;
+} __attribute__((packed, aligned(8)));
/*
--- a/drivers/md/persistent-data/dm-space-map-common.h
+++ b/drivers/md/persistent-data/dm-space-map-common.h
@@ -33,7 +33,7 @@ struct disk_index_entry {
__le64 blocknr;
__le32 nr_free;
__le32 none_free_before;
-} __packed;
+} __attribute__ ((packed, aligned(8)));
#define MAX_METADATA_BITMAPS 255
@@ -43,7 +43,7 @@ struct disk_metadata_index {
__le64 blocknr;
struct disk_index_entry index[MAX_METADATA_BITMAPS];
-} __packed;
+} __attribute__ ((packed, aligned(8)));
struct ll_disk;
@@ -86,7 +86,7 @@ struct disk_sm_root {
__le64 nr_allocated;
__le64 bitmap_root;
__le64 ref_count_root;
-} __packed;
+} __attribute__ ((packed, aligned(8)));
#define ENTRIES_PER_BYTE 4
@@ -94,7 +94,7 @@ struct disk_bitmap_header {
__le32 csum;
__le32 not_used;
__le64 blocknr;
-} __packed;
+} __attribute__ ((packed, aligned(8)));
enum allocation_event {
SM_NONE,
^ permalink raw reply [flat|nested] 440+ messages in thread
* [PATCH 4.19 117/425] dm space map common: fix division bug in sm_ll_find_free_block()
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (115 preceding siblings ...)
2021-05-20 9:18 ` [PATCH 4.19 116/425] dm persistent data: packed struct should have an aligned() attribute too Greg Kroah-Hartman
@ 2021-05-20 9:18 ` Greg Kroah-Hartman
2021-05-20 9:18 ` [PATCH 4.19 118/425] dm rq: fix double free of blk_mq_tag_set in dev remove after table load fails Greg Kroah-Hartman
` (314 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:18 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Joe Thornber, Ming-Hung Tsai, Mike Snitzer
From: Joe Thornber <ejt@redhat.com>
commit 5208692e80a1f3c8ce2063a22b675dd5589d1d80 upstream.
This division bug meant the search for free metadata space could skip
the final allocation bitmap's worth of entries. Fix affects DM thinp,
cache and era targets.
Cc: stable@vger.kernel.org
Signed-off-by: Joe Thornber <ejt@redhat.com>
Tested-by: Ming-Hung Tsai <mtsai@redhat.com>
Signed-off-by: Mike Snitzer <snitzer@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/md/persistent-data/dm-space-map-common.c | 2 ++
1 file changed, 2 insertions(+)
--- a/drivers/md/persistent-data/dm-space-map-common.c
+++ b/drivers/md/persistent-data/dm-space-map-common.c
@@ -337,6 +337,8 @@ int sm_ll_find_free_block(struct ll_disk
*/
begin = do_div(index_begin, ll->entries_per_block);
end = do_div(end, ll->entries_per_block);
+ if (end == 0)
+ end = ll->entries_per_block;
for (i = index_begin; i < index_end; i++, begin = 0) {
struct dm_block *blk;
^ permalink raw reply [flat|nested] 440+ messages in thread
* [PATCH 4.19 118/425] dm rq: fix double free of blk_mq_tag_set in dev remove after table load fails
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (116 preceding siblings ...)
2021-05-20 9:18 ` [PATCH 4.19 117/425] dm space map common: fix division bug in sm_ll_find_free_block() Greg Kroah-Hartman
@ 2021-05-20 9:18 ` Greg Kroah-Hartman
2021-05-20 9:18 ` [PATCH 4.19 119/425] modules: mark ref_module static Greg Kroah-Hartman
` (313 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:18 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Benjamin Block, Mike Snitzer
From: Benjamin Block <bblock@linux.ibm.com>
commit 8e947c8f4a5620df77e43c9c75310dc510250166 upstream.
When loading a device-mapper table for a request-based mapped device,
and the allocation/initialization of the blk_mq_tag_set for the device
fails, a following device remove will cause a double free.
E.g. (dmesg):
device-mapper: core: Cannot initialize queue for request-based dm-mq mapped device
device-mapper: ioctl: unable to set up device queue for new table.
Unable to handle kernel pointer dereference in virtual kernel address space
Failing address: 0305e098835de000 TEID: 0305e098835de803
Fault in home space mode while using kernel ASCE.
AS:000000025efe0007 R3:0000000000000024
Oops: 0038 ilc:3 [#1] SMP
Modules linked in: ... lots of modules ...
Supported: Yes, External
CPU: 0 PID: 7348 Comm: multipathd Kdump: loaded Tainted: G W X 5.3.18-53-default #1 SLE15-SP3
Hardware name: IBM 8561 T01 7I2 (LPAR)
Krnl PSW : 0704e00180000000 000000025e368eca (kfree+0x42/0x330)
R:0 T:1 IO:1 EX:1 Key:0 M:1 W:0 P:0 AS:3 CC:2 PM:0 RI:0 EA:3
Krnl GPRS: 000000000000004a 000000025efe5230 c1773200d779968d 0000000000000000
000000025e520270 000000025e8d1b40 0000000000000003 00000007aae10000
000000025e5202a2 0000000000000001 c1773200d779968d 0305e098835de640
00000007a8170000 000003ff80138650 000000025e5202a2 000003e00396faa8
Krnl Code: 000000025e368eb8: c4180041e100 lgrl %r1,25eba50b8
000000025e368ebe: ecba06b93a55 risbg %r11,%r10,6,185,58
#000000025e368ec4: e3b010000008 ag %r11,0(%r1)
>000000025e368eca: e310b0080004 lg %r1,8(%r11)
000000025e368ed0: a7110001 tmll %r1,1
000000025e368ed4: a7740129 brc 7,25e369126
000000025e368ed8: e320b0080004 lg %r2,8(%r11)
000000025e368ede: b904001b lgr %r1,%r11
Call Trace:
[<000000025e368eca>] kfree+0x42/0x330
[<000000025e5202a2>] blk_mq_free_tag_set+0x72/0xb8
[<000003ff801316a8>] dm_mq_cleanup_mapped_device+0x38/0x50 [dm_mod]
[<000003ff80120082>] free_dev+0x52/0xd0 [dm_mod]
[<000003ff801233f0>] __dm_destroy+0x150/0x1d0 [dm_mod]
[<000003ff8012bb9a>] dev_remove+0x162/0x1c0 [dm_mod]
[<000003ff8012a988>] ctl_ioctl+0x198/0x478 [dm_mod]
[<000003ff8012ac8a>] dm_ctl_ioctl+0x22/0x38 [dm_mod]
[<000000025e3b11ee>] ksys_ioctl+0xbe/0xe0
[<000000025e3b127a>] __s390x_sys_ioctl+0x2a/0x40
[<000000025e8c15ac>] system_call+0xd8/0x2c8
Last Breaking-Event-Address:
[<000000025e52029c>] blk_mq_free_tag_set+0x6c/0xb8
Kernel panic - not syncing: Fatal exception: panic_on_oops
When allocation/initialization of the blk_mq_tag_set fails in
dm_mq_init_request_queue(), it is uninitialized/freed, but the pointer
is not reset to NULL; so when dev_remove() later gets into
dm_mq_cleanup_mapped_device() it sees the pointer and tries to
uninitialize and free it again.
Fix this by setting the pointer to NULL in dm_mq_init_request_queue()
error-handling. Also set it to NULL in dm_mq_cleanup_mapped_device().
Cc: <stable@vger.kernel.org> # 4.6+
Fixes: 1c357a1e86a4 ("dm: allocate blk_mq_tag_set rather than embed in mapped_device")
Signed-off-by: Benjamin Block <bblock@linux.ibm.com>
Signed-off-by: Mike Snitzer <snitzer@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/md/dm-rq.c | 2 ++
1 file changed, 2 insertions(+)
--- a/drivers/md/dm-rq.c
+++ b/drivers/md/dm-rq.c
@@ -831,6 +831,7 @@ out_tag_set:
blk_mq_free_tag_set(md->tag_set);
out_kfree_tag_set:
kfree(md->tag_set);
+ md->tag_set = NULL;
return err;
}
@@ -840,6 +841,7 @@ void dm_mq_cleanup_mapped_device(struct
if (md->tag_set) {
blk_mq_free_tag_set(md->tag_set);
kfree(md->tag_set);
+ md->tag_set = NULL;
}
}
^ permalink raw reply [flat|nested] 440+ messages in thread
* [PATCH 4.19 119/425] modules: mark ref_module static
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (117 preceding siblings ...)
2021-05-20 9:18 ` [PATCH 4.19 118/425] dm rq: fix double free of blk_mq_tag_set in dev remove after table load fails Greg Kroah-Hartman
@ 2021-05-20 9:18 ` Greg Kroah-Hartman
2021-05-20 9:18 ` [PATCH 4.19 120/425] modules: mark find_symbol static Greg Kroah-Hartman
` (312 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:18 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Christoph Hellwig, Jessica Yu
From: Christoph Hellwig <hch@lst.de>
commit 7ef5264de773279b9f23b6cc8afb5addb30e970b upstream.
ref_module isn't used anywhere outside of module.c.
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Jessica Yu <jeyu@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
include/linux/module.h | 1 -
kernel/module.c | 6 ++----
2 files changed, 2 insertions(+), 5 deletions(-)
--- a/include/linux/module.h
+++ b/include/linux/module.h
@@ -604,7 +604,6 @@ static inline void __module_get(struct m
#define symbol_put_addr(p) do { } while (0)
#endif /* CONFIG_MODULE_UNLOAD */
-int ref_module(struct module *a, struct module *b);
/* This is a #define so the string doesn't get put in every .o file */
#define module_name(mod) \
--- a/kernel/module.c
+++ b/kernel/module.c
@@ -851,7 +851,7 @@ static int add_module_usage(struct modul
}
/* Module a uses b: caller needs module_mutex() */
-int ref_module(struct module *a, struct module *b)
+static int ref_module(struct module *a, struct module *b)
{
int err;
@@ -870,7 +870,6 @@ int ref_module(struct module *a, struct
}
return 0;
}
-EXPORT_SYMBOL_GPL(ref_module);
/* Clear the unload stuff of the module. */
static void module_unload_free(struct module *mod)
@@ -1151,11 +1150,10 @@ static inline void module_unload_free(st
{
}
-int ref_module(struct module *a, struct module *b)
+static int ref_module(struct module *a, struct module *b)
{
return strong_try_module_get(b);
}
-EXPORT_SYMBOL_GPL(ref_module);
static inline int module_unload_init(struct module *mod)
{
^ permalink raw reply [flat|nested] 440+ messages in thread
* [PATCH 4.19 120/425] modules: mark find_symbol static
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (118 preceding siblings ...)
2021-05-20 9:18 ` [PATCH 4.19 119/425] modules: mark ref_module static Greg Kroah-Hartman
@ 2021-05-20 9:18 ` Greg Kroah-Hartman
2021-05-20 9:18 ` [PATCH 4.19 121/425] modules: mark each_symbol_section static Greg Kroah-Hartman
` (311 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:18 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Christoph Hellwig, Jessica Yu
From: Christoph Hellwig <hch@lst.de>
commit 773110470e2fa3839523384ae014f8a723c4d178 upstream.
find_symbol is only used in module.c.
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Jessica Yu <jeyu@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
include/linux/module.h | 11 -----------
kernel/module.c | 3 +--
2 files changed, 1 insertion(+), 13 deletions(-)
--- a/include/linux/module.h
+++ b/include/linux/module.h
@@ -538,17 +538,6 @@ struct symsearch {
};
/*
- * Search for an exported symbol by name.
- *
- * Must be called with module_mutex held or preemption disabled.
- */
-const struct kernel_symbol *find_symbol(const char *name,
- struct module **owner,
- const s32 **crc,
- bool gplok,
- bool warn);
-
-/*
* Walk the exported symbol table
*
* Must be called with module_mutex held or preemption disabled.
--- a/kernel/module.c
+++ b/kernel/module.c
@@ -568,7 +568,7 @@ static bool find_symbol_in_section(const
/* Find a symbol and return it, along with, (optional) crc and
* (optional) module which owns it. Needs preempt disabled or module_mutex. */
-const struct kernel_symbol *find_symbol(const char *name,
+static const struct kernel_symbol *find_symbol(const char *name,
struct module **owner,
const s32 **crc,
bool gplok,
@@ -591,7 +591,6 @@ const struct kernel_symbol *find_symbol(
pr_debug("Failed to find symbol %s\n", name);
return NULL;
}
-EXPORT_SYMBOL_GPL(find_symbol);
/*
* Search for module by name: must hold module_mutex (or preempt disabled
^ permalink raw reply [flat|nested] 440+ messages in thread
* [PATCH 4.19 121/425] modules: mark each_symbol_section static
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (119 preceding siblings ...)
2021-05-20 9:18 ` [PATCH 4.19 120/425] modules: mark find_symbol static Greg Kroah-Hartman
@ 2021-05-20 9:18 ` Greg Kroah-Hartman
2021-05-20 9:18 ` [PATCH 4.19 122/425] modules: unexport __module_text_address Greg Kroah-Hartman
` (310 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:18 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Christoph Hellwig, Jessica Yu
From: Christoph Hellwig <hch@lst.de>
commit a54e04914c211b5678602a46b3ede5d82ec1327d upstream.
each_symbol_section is only used inside of module.c.
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Jessica Yu <jeyu@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
include/linux/module.h | 9 ---------
kernel/module.c | 3 +--
2 files changed, 1 insertion(+), 11 deletions(-)
--- a/include/linux/module.h
+++ b/include/linux/module.h
@@ -537,15 +537,6 @@ struct symsearch {
bool unused;
};
-/*
- * Walk the exported symbol table
- *
- * Must be called with module_mutex held or preemption disabled.
- */
-bool each_symbol_section(bool (*fn)(const struct symsearch *arr,
- struct module *owner,
- void *data), void *data);
-
/* Returns 0 and fills in value, defined and namebuf, or -ERANGE if
symnum out of range. */
int module_get_kallsym(unsigned int symnum, unsigned long *value, char *type,
--- a/kernel/module.c
+++ b/kernel/module.c
@@ -415,7 +415,7 @@ static bool each_symbol_in_section(const
}
/* Returns true as soon as fn returns true, otherwise false. */
-bool each_symbol_section(bool (*fn)(const struct symsearch *arr,
+static bool each_symbol_section(bool (*fn)(const struct symsearch *arr,
struct module *owner,
void *data),
void *data)
@@ -476,7 +476,6 @@ bool each_symbol_section(bool (*fn)(cons
}
return false;
}
-EXPORT_SYMBOL_GPL(each_symbol_section);
struct find_symbol_arg {
/* Input */
^ permalink raw reply [flat|nested] 440+ messages in thread
* [PATCH 4.19 122/425] modules: unexport __module_text_address
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (120 preceding siblings ...)
2021-05-20 9:18 ` [PATCH 4.19 121/425] modules: mark each_symbol_section static Greg Kroah-Hartman
@ 2021-05-20 9:18 ` Greg Kroah-Hartman
2021-05-20 9:18 ` [PATCH 4.19 123/425] modules: unexport __module_address Greg Kroah-Hartman
` (309 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:18 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Christoph Hellwig, Jessica Yu
From: Christoph Hellwig <hch@lst.de>
commit 3fe1e56d0e68b623dd62d8d38265d2a052e7e185 upstream.
__module_text_address is only used by built-in code.
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Jessica Yu <jeyu@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
kernel/module.c | 1 -
1 file changed, 1 deletion(-)
--- a/kernel/module.c
+++ b/kernel/module.c
@@ -4420,7 +4420,6 @@ struct module *__module_text_address(uns
}
return mod;
}
-EXPORT_SYMBOL_GPL(__module_text_address);
/* Don't grab lock, we're oopsing. */
void print_modules(void)
^ permalink raw reply [flat|nested] 440+ messages in thread
* [PATCH 4.19 123/425] modules: unexport __module_address
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (121 preceding siblings ...)
2021-05-20 9:18 ` [PATCH 4.19 122/425] modules: unexport __module_text_address Greg Kroah-Hartman
@ 2021-05-20 9:18 ` Greg Kroah-Hartman
2021-05-20 9:18 ` [PATCH 4.19 124/425] modules: rename the licence field in struct symsearch to license Greg Kroah-Hartman
` (308 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:18 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Christoph Hellwig, Jessica Yu
From: Christoph Hellwig <hch@lst.de>
commit 34e64705ad415ed7a816e60ef62b42fe6d1729d9 upstream.
__module_address is only used by built-in code.
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Jessica Yu <jeyu@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
kernel/module.c | 1 -
1 file changed, 1 deletion(-)
--- a/kernel/module.c
+++ b/kernel/module.c
@@ -4381,7 +4381,6 @@ struct module *__module_address(unsigned
}
return mod;
}
-EXPORT_SYMBOL_GPL(__module_address);
/*
* is_module_text_address - is this address inside module code?
^ permalink raw reply [flat|nested] 440+ messages in thread
* [PATCH 4.19 124/425] modules: rename the licence field in struct symsearch to license
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (122 preceding siblings ...)
2021-05-20 9:18 ` [PATCH 4.19 123/425] modules: unexport __module_address Greg Kroah-Hartman
@ 2021-05-20 9:18 ` Greg Kroah-Hartman
2021-05-20 9:18 ` [PATCH 4.19 125/425] modules: return licensing information from find_symbol Greg Kroah-Hartman
` (307 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:18 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Christoph Hellwig, Jessica Yu
From: Christoph Hellwig <hch@lst.de>
commit cd8732cdcc37d7077c4fa2c966b748c0662b607e upstream.
Use the same spelling variant as the rest of the file.
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Jessica Yu <jeyu@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
include/linux/module.h | 2 +-
kernel/module.c | 4 ++--
2 files changed, 3 insertions(+), 3 deletions(-)
--- a/include/linux/module.h
+++ b/include/linux/module.h
@@ -533,7 +533,7 @@ struct symsearch {
NOT_GPL_ONLY,
GPL_ONLY,
WILL_BE_GPL_ONLY,
- } licence;
+ } license;
bool unused;
};
--- a/kernel/module.c
+++ b/kernel/module.c
@@ -496,9 +496,9 @@ static bool check_symbol(const struct sy
struct find_symbol_arg *fsa = data;
if (!fsa->gplok) {
- if (syms->licence == GPL_ONLY)
+ if (syms->license == GPL_ONLY)
return false;
- if (syms->licence == WILL_BE_GPL_ONLY && fsa->warn) {
+ if (syms->license == WILL_BE_GPL_ONLY && fsa->warn) {
pr_warn("Symbol %s is being used by a non-GPL module, "
"which will not be allowed in the future\n",
fsa->name);
^ permalink raw reply [flat|nested] 440+ messages in thread
* [PATCH 4.19 125/425] modules: return licensing information from find_symbol
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (123 preceding siblings ...)
2021-05-20 9:18 ` [PATCH 4.19 124/425] modules: rename the licence field in struct symsearch to license Greg Kroah-Hartman
@ 2021-05-20 9:18 ` Greg Kroah-Hartman
2021-05-20 9:18 ` [PATCH 4.19 126/425] modules: inherit TAINT_PROPRIETARY_MODULE Greg Kroah-Hartman
` (306 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:18 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Christoph Hellwig, Jessica Yu
From: Christoph Hellwig <hch@lst.de>
commit ef1dac6021cc8ec5de02ce31722bf26ac4ed5523 upstream.
Report the GPLONLY status through a new argument.
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Jessica Yu <jeyu@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
include/linux/module.h | 2 +-
kernel/module.c | 16 +++++++++++-----
2 files changed, 12 insertions(+), 6 deletions(-)
--- a/include/linux/module.h
+++ b/include/linux/module.h
@@ -529,7 +529,7 @@ struct module *find_module(const char *n
struct symsearch {
const struct kernel_symbol *start, *stop;
const s32 *crcs;
- enum {
+ enum mod_license {
NOT_GPL_ONLY,
GPL_ONLY,
WILL_BE_GPL_ONLY,
--- a/kernel/module.c
+++ b/kernel/module.c
@@ -487,6 +487,7 @@ struct find_symbol_arg {
struct module *owner;
const s32 *crc;
const struct kernel_symbol *sym;
+ enum mod_license license;
};
static bool check_symbol(const struct symsearch *syms,
@@ -520,6 +521,7 @@ static bool check_symbol(const struct sy
fsa->owner = owner;
fsa->crc = symversion(syms->crcs, symnum);
fsa->sym = &syms->start[symnum];
+ fsa->license = syms->license;
return true;
}
@@ -570,6 +572,7 @@ static bool find_symbol_in_section(const
static const struct kernel_symbol *find_symbol(const char *name,
struct module **owner,
const s32 **crc,
+ enum mod_license *license,
bool gplok,
bool warn)
{
@@ -584,6 +587,8 @@ static const struct kernel_symbol *find_
*owner = fsa.owner;
if (crc)
*crc = fsa.crc;
+ if (license)
+ *license = fsa.license;
return fsa.sym;
}
@@ -1056,7 +1061,7 @@ void __symbol_put(const char *symbol)
struct module *owner;
preempt_disable();
- if (!find_symbol(symbol, &owner, NULL, true, false))
+ if (!find_symbol(symbol, &owner, NULL, NULL, true, false))
BUG();
module_put(owner);
preempt_enable();
@@ -1334,7 +1339,7 @@ static inline int check_modstruct_versio
* locking is necessary -- use preempt_disable() to placate lockdep.
*/
preempt_disable();
- if (!find_symbol("module_layout", NULL, &crc, true, false)) {
+ if (!find_symbol("module_layout", NULL, &crc, NULL, true, false)) {
preempt_enable();
BUG();
}
@@ -1383,6 +1388,7 @@ static const struct kernel_symbol *resol
struct module *owner;
const struct kernel_symbol *sym;
const s32 *crc;
+ enum mod_license license;
int err;
/*
@@ -1392,7 +1398,7 @@ static const struct kernel_symbol *resol
*/
sched_annotate_sleep();
mutex_lock(&module_mutex);
- sym = find_symbol(name, &owner, &crc,
+ sym = find_symbol(name, &owner, &crc, &license,
!(mod->taints & (1 << TAINT_PROPRIETARY_MODULE)), true);
if (!sym)
goto unlock;
@@ -2222,7 +2228,7 @@ void *__symbol_get(const char *symbol)
const struct kernel_symbol *sym;
preempt_disable();
- sym = find_symbol(symbol, &owner, NULL, true, true);
+ sym = find_symbol(symbol, &owner, NULL, NULL, true, true);
if (sym && strong_try_module_get(owner))
sym = NULL;
preempt_enable();
@@ -2258,7 +2264,7 @@ static int verify_export_symbols(struct
for (i = 0; i < ARRAY_SIZE(arr); i++) {
for (s = arr[i].sym; s < arr[i].sym + arr[i].num; s++) {
if (find_symbol(kernel_symbol_name(s), &owner, NULL,
- true, false)) {
+ NULL, true, false)) {
pr_err("%s: exports duplicate symbol %s"
" (owned by %s)\n",
mod->name, kernel_symbol_name(s),
^ permalink raw reply [flat|nested] 440+ messages in thread
* [PATCH 4.19 126/425] modules: inherit TAINT_PROPRIETARY_MODULE
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (124 preceding siblings ...)
2021-05-20 9:18 ` [PATCH 4.19 125/425] modules: return licensing information from find_symbol Greg Kroah-Hartman
@ 2021-05-20 9:18 ` Greg Kroah-Hartman
2021-05-20 9:18 ` [PATCH 4.19 127/425] Bluetooth: verify AMP hci_chan before amp_destroy Greg Kroah-Hartman
` (305 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:18 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Daniel Vetter, Christoph Hellwig, Jessica Yu
From: Christoph Hellwig <hch@lst.de>
commit 262e6ae7081df304fc625cf368d5c2cbba2bb991 upstream.
If a TAINT_PROPRIETARY_MODULE exports symbol, inherit the taint flag
for all modules importing these symbols, and don't allow loading
symbols from TAINT_PROPRIETARY_MODULE modules if the module previously
imported gplonly symbols. Add a anti-circumvention devices so people
don't accidentally get themselves into trouble this way.
Comment from Greg:
"Ah, the proven-to-be-illegal "GPL Condom" defense :)"
[jeyu: pr_info -> pr_err and pr_warn as per discussion]
Link: http://lore.kernel.org/r/20200730162957.GA22469@lst.de
Acked-by: Daniel Vetter <daniel.vetter@ffwll.ch>
Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Jessica Yu <jeyu@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
include/linux/module.h | 1 +
kernel/module.c | 27 +++++++++++++++++++++++++++
2 files changed, 28 insertions(+)
--- a/include/linux/module.h
+++ b/include/linux/module.h
@@ -359,6 +359,7 @@ struct module {
unsigned int num_gpl_syms;
const struct kernel_symbol *gpl_syms;
const s32 *gpl_crcs;
+ bool using_gplonly_symbols;
#ifdef CONFIG_UNUSED_SYMBOLS
/* unused exported symbols. */
--- a/kernel/module.c
+++ b/kernel/module.c
@@ -1379,6 +1379,25 @@ static inline int same_magic(const char
}
#endif /* CONFIG_MODVERSIONS */
+static bool inherit_taint(struct module *mod, struct module *owner)
+{
+ if (!owner || !test_bit(TAINT_PROPRIETARY_MODULE, &owner->taints))
+ return true;
+
+ if (mod->using_gplonly_symbols) {
+ pr_err("%s: module using GPL-only symbols uses symbols from proprietary module %s.\n",
+ mod->name, owner->name);
+ return false;
+ }
+
+ if (!test_bit(TAINT_PROPRIETARY_MODULE, &mod->taints)) {
+ pr_warn("%s: module uses symbols from proprietary module %s, inheriting taint.\n",
+ mod->name, owner->name);
+ set_bit(TAINT_PROPRIETARY_MODULE, &mod->taints);
+ }
+ return true;
+}
+
/* Resolve a symbol for this module. I.e. if we find one, record usage. */
static const struct kernel_symbol *resolve_symbol(struct module *mod,
const struct load_info *info,
@@ -1403,6 +1422,14 @@ static const struct kernel_symbol *resol
if (!sym)
goto unlock;
+ if (license == GPL_ONLY)
+ mod->using_gplonly_symbols = true;
+
+ if (!inherit_taint(mod, owner)) {
+ sym = NULL;
+ goto getname;
+ }
+
if (!check_version(info, name, mod, crc)) {
sym = ERR_PTR(-EINVAL);
goto getname;
^ permalink raw reply [flat|nested] 440+ messages in thread
* [PATCH 4.19 127/425] Bluetooth: verify AMP hci_chan before amp_destroy
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (125 preceding siblings ...)
2021-05-20 9:18 ` [PATCH 4.19 126/425] modules: inherit TAINT_PROPRIETARY_MODULE Greg Kroah-Hartman
@ 2021-05-20 9:18 ` Greg Kroah-Hartman
2021-05-20 9:18 ` [PATCH 4.19 128/425] hsr: use netdev_err() instead of WARN_ONCE() Greg Kroah-Hartman
` (304 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:18 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Archie Pusaka,
syzbot+98228e7407314d2d4ba2, Alain Michaud,
Abhishek Pandit-Subedi, Marcel Holtmann, George Kennedy
From: Archie Pusaka <apusaka@chromium.org>
commit 5c4c8c9544099bb9043a10a5318130a943e32fc3 upstream.
hci_chan can be created in 2 places: hci_loglink_complete_evt() if
it is an AMP hci_chan, or l2cap_conn_add() otherwise. In theory,
Only AMP hci_chan should be removed by a call to
hci_disconn_loglink_complete_evt(). However, the controller might mess
up, call that function, and destroy an hci_chan which is not initiated
by hci_loglink_complete_evt().
This patch adds a verification that the destroyed hci_chan must have
been init'd by hci_loglink_complete_evt().
Example crash call trace:
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0xe3/0x144 lib/dump_stack.c:118
print_address_description+0x67/0x22a mm/kasan/report.c:256
kasan_report_error mm/kasan/report.c:354 [inline]
kasan_report mm/kasan/report.c:412 [inline]
kasan_report+0x251/0x28f mm/kasan/report.c:396
hci_send_acl+0x3b/0x56e net/bluetooth/hci_core.c:4072
l2cap_send_cmd+0x5af/0x5c2 net/bluetooth/l2cap_core.c:877
l2cap_send_move_chan_cfm_icid+0x8e/0xb1 net/bluetooth/l2cap_core.c:4661
l2cap_move_fail net/bluetooth/l2cap_core.c:5146 [inline]
l2cap_move_channel_rsp net/bluetooth/l2cap_core.c:5185 [inline]
l2cap_bredr_sig_cmd net/bluetooth/l2cap_core.c:5464 [inline]
l2cap_sig_channel net/bluetooth/l2cap_core.c:5799 [inline]
l2cap_recv_frame+0x1d12/0x51aa net/bluetooth/l2cap_core.c:7023
l2cap_recv_acldata+0x2ea/0x693 net/bluetooth/l2cap_core.c:7596
hci_acldata_packet net/bluetooth/hci_core.c:4606 [inline]
hci_rx_work+0x2bd/0x45e net/bluetooth/hci_core.c:4796
process_one_work+0x6f8/0xb50 kernel/workqueue.c:2175
worker_thread+0x4fc/0x670 kernel/workqueue.c:2321
kthread+0x2f0/0x304 kernel/kthread.c:253
ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:415
Allocated by task 38:
set_track mm/kasan/kasan.c:460 [inline]
kasan_kmalloc+0x8d/0x9a mm/kasan/kasan.c:553
kmem_cache_alloc_trace+0x102/0x129 mm/slub.c:2787
kmalloc include/linux/slab.h:515 [inline]
kzalloc include/linux/slab.h:709 [inline]
hci_chan_create+0x86/0x26d net/bluetooth/hci_conn.c:1674
l2cap_conn_add.part.0+0x1c/0x814 net/bluetooth/l2cap_core.c:7062
l2cap_conn_add net/bluetooth/l2cap_core.c:7059 [inline]
l2cap_connect_cfm+0x134/0x852 net/bluetooth/l2cap_core.c:7381
hci_connect_cfm+0x9d/0x122 include/net/bluetooth/hci_core.h:1404
hci_remote_ext_features_evt net/bluetooth/hci_event.c:4161 [inline]
hci_event_packet+0x463f/0x72fa net/bluetooth/hci_event.c:5981
hci_rx_work+0x197/0x45e net/bluetooth/hci_core.c:4791
process_one_work+0x6f8/0xb50 kernel/workqueue.c:2175
worker_thread+0x4fc/0x670 kernel/workqueue.c:2321
kthread+0x2f0/0x304 kernel/kthread.c:253
ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:415
Freed by task 1732:
set_track mm/kasan/kasan.c:460 [inline]
__kasan_slab_free mm/kasan/kasan.c:521 [inline]
__kasan_slab_free+0x106/0x128 mm/kasan/kasan.c:493
slab_free_hook mm/slub.c:1409 [inline]
slab_free_freelist_hook+0xaa/0xf6 mm/slub.c:1436
slab_free mm/slub.c:3009 [inline]
kfree+0x182/0x21e mm/slub.c:3972
hci_disconn_loglink_complete_evt net/bluetooth/hci_event.c:4891 [inline]
hci_event_packet+0x6a1c/0x72fa net/bluetooth/hci_event.c:6050
hci_rx_work+0x197/0x45e net/bluetooth/hci_core.c:4791
process_one_work+0x6f8/0xb50 kernel/workqueue.c:2175
worker_thread+0x4fc/0x670 kernel/workqueue.c:2321
kthread+0x2f0/0x304 kernel/kthread.c:253
ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:415
The buggy address belongs to the object at ffff8881d7af9180
which belongs to the cache kmalloc-128 of size 128
The buggy address is located 24 bytes inside of
128-byte region [ffff8881d7af9180, ffff8881d7af9200)
The buggy address belongs to the page:
page:ffffea00075ebe40 count:1 mapcount:0 mapping:ffff8881da403200 index:0x0
flags: 0x8000000000000200(slab)
raw: 8000000000000200 dead000000000100 dead000000000200 ffff8881da403200
raw: 0000000000000000 0000000080150015 00000001ffffffff 0000000000000000
page dumped because: kasan: bad access detected
Memory state around the buggy address:
ffff8881d7af9080: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
ffff8881d7af9100: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
>ffff8881d7af9180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
^
ffff8881d7af9200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
ffff8881d7af9280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
Signed-off-by: Archie Pusaka <apusaka@chromium.org>
Reported-by: syzbot+98228e7407314d2d4ba2@syzkaller.appspotmail.com
Reviewed-by: Alain Michaud <alainm@chromium.org>
Reviewed-by: Abhishek Pandit-Subedi <abhishekpandit@chromium.org>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Cc: George Kennedy <george.kennedy@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
include/net/bluetooth/hci_core.h | 1 +
net/bluetooth/hci_event.c | 3 ++-
2 files changed, 3 insertions(+), 1 deletion(-)
--- a/include/net/bluetooth/hci_core.h
+++ b/include/net/bluetooth/hci_core.h
@@ -526,6 +526,7 @@ struct hci_chan {
struct sk_buff_head data_q;
unsigned int sent;
__u8 state;
+ bool amp;
};
struct hci_conn_params {
--- a/net/bluetooth/hci_event.c
+++ b/net/bluetooth/hci_event.c
@@ -4721,6 +4721,7 @@ static void hci_loglink_complete_evt(str
return;
hchan->handle = le16_to_cpu(ev->handle);
+ hchan->amp = true;
BT_DBG("hcon %p mgr %p hchan %p", hcon, hcon->amp_mgr, hchan);
@@ -4753,7 +4754,7 @@ static void hci_disconn_loglink_complete
hci_dev_lock(hdev);
hchan = hci_chan_lookup_handle(hdev, le16_to_cpu(ev->handle));
- if (!hchan)
+ if (!hchan || !hchan->amp)
goto unlock;
amp_destroy_logical_link(hchan, ev->reason);
^ permalink raw reply [flat|nested] 440+ messages in thread
* [PATCH 4.19 128/425] hsr: use netdev_err() instead of WARN_ONCE()
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (126 preceding siblings ...)
2021-05-20 9:18 ` [PATCH 4.19 127/425] Bluetooth: verify AMP hci_chan before amp_destroy Greg Kroah-Hartman
@ 2021-05-20 9:18 ` Greg Kroah-Hartman
2021-05-20 9:18 ` [PATCH 4.19 129/425] bluetooth: eliminate the potential race condition when removing the HCI controller Greg Kroah-Hartman
` (303 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:18 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Taehee Yoo, David S. Miller, George Kennedy
From: Taehee Yoo <ap420073@gmail.com>
commit 4b793acdca0050739b99ace6a8b9e7f717f57c6b upstream.
When HSR interface is sending a frame, it finds a node with
the destination ethernet address from the list.
If there is no node, it calls WARN_ONCE().
But, using WARN_ONCE() for this situation is a little bit overdoing.
So, in this patch, the netdev_err() is used instead.
Signed-off-by: Taehee Yoo <ap420073@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Cc: George Kennedy <george.kennedy@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/hsr/hsr_framereg.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/net/hsr/hsr_framereg.c
+++ b/net/hsr/hsr_framereg.c
@@ -310,7 +310,8 @@ void hsr_addr_subst_dest(struct hsr_node
node_dst = find_node_by_AddrA(&port->hsr->node_db, eth_hdr(skb)->h_dest);
if (!node_dst) {
- WARN_ONCE(1, "%s: Unknown node\n", __func__);
+ if (net_ratelimit())
+ netdev_err(skb->dev, "%s: Unknown node\n", __func__);
return;
}
if (port->type != node_dst->AddrB_port)
^ permalink raw reply [flat|nested] 440+ messages in thread
* [PATCH 4.19 129/425] bluetooth: eliminate the potential race condition when removing the HCI controller
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (127 preceding siblings ...)
2021-05-20 9:18 ` [PATCH 4.19 128/425] hsr: use netdev_err() instead of WARN_ONCE() Greg Kroah-Hartman
@ 2021-05-20 9:18 ` Greg Kroah-Hartman
2021-05-20 9:18 ` [PATCH 4.19 130/425] net/nfc: fix use-after-free llcp_sock_bind/connect Greg Kroah-Hartman
` (302 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:18 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Lin Ma, Marcel Holtmann
From: Lin Ma <linma@zju.edu.cn>
commit e2cb6b891ad2b8caa9131e3be70f45243df82a80 upstream.
There is a possible race condition vulnerability between issuing a HCI
command and removing the cont. Specifically, functions hci_req_sync()
and hci_dev_do_close() can race each other like below:
thread-A in hci_req_sync() | thread-B in hci_dev_do_close()
| hci_req_sync_lock(hdev);
test_bit(HCI_UP, &hdev->flags); |
... | test_and_clear_bit(HCI_UP, &hdev->flags)
hci_req_sync_lock(hdev); |
|
In this commit we alter the sequence in function hci_req_sync(). Hence,
the thread-A cannot issue th.
Signed-off-by: Lin Ma <linma@zju.edu.cn>
Cc: Marcel Holtmann <marcel@holtmann.org>
Fixes: 7c6a329e4447 ("[Bluetooth] Fix regression from using default link policy")
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/bluetooth/hci_request.c | 12 ++++++++----
1 file changed, 8 insertions(+), 4 deletions(-)
--- a/net/bluetooth/hci_request.c
+++ b/net/bluetooth/hci_request.c
@@ -271,12 +271,16 @@ int hci_req_sync(struct hci_dev *hdev, i
{
int ret;
- if (!test_bit(HCI_UP, &hdev->flags))
- return -ENETDOWN;
-
/* Serialize all requests */
hci_req_sync_lock(hdev);
- ret = __hci_req_sync(hdev, req, opt, timeout, hci_status);
+ /* check the state after obtaing the lock to protect the HCI_UP
+ * against any races from hci_dev_do_close when the controller
+ * gets removed.
+ */
+ if (test_bit(HCI_UP, &hdev->flags))
+ ret = __hci_req_sync(hdev, req, opt, timeout, hci_status);
+ else
+ ret = -ENETDOWN;
hci_req_sync_unlock(hdev);
return ret;
^ permalink raw reply [flat|nested] 440+ messages in thread
* [PATCH 4.19 130/425] net/nfc: fix use-after-free llcp_sock_bind/connect
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (128 preceding siblings ...)
2021-05-20 9:18 ` [PATCH 4.19 129/425] bluetooth: eliminate the potential race condition when removing the HCI controller Greg Kroah-Hartman
@ 2021-05-20 9:18 ` Greg Kroah-Hartman
2021-05-20 9:18 ` [PATCH 4.19 131/425] ASoC: samsung: tm2_wm5110: check of of_parse return value Greg Kroah-Hartman
` (301 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:18 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Or Cohen, Nadav Markus, David S. Miller
From: Or Cohen <orcohen@paloaltonetworks.com>
commit c61760e6940dd4039a7f5e84a6afc9cdbf4d82b6 upstream.
Commits 8a4cd82d ("nfc: fix refcount leak in llcp_sock_connect()")
and c33b1cc62 ("nfc: fix refcount leak in llcp_sock_bind()")
fixed a refcount leak bug in bind/connect but introduced a
use-after-free if the same local is assigned to 2 different sockets.
This can be triggered by the following simple program:
int sock1 = socket( AF_NFC, SOCK_STREAM, NFC_SOCKPROTO_LLCP );
int sock2 = socket( AF_NFC, SOCK_STREAM, NFC_SOCKPROTO_LLCP );
memset( &addr, 0, sizeof(struct sockaddr_nfc_llcp) );
addr.sa_family = AF_NFC;
addr.nfc_protocol = NFC_PROTO_NFC_DEP;
bind( sock1, (struct sockaddr*) &addr, sizeof(struct sockaddr_nfc_llcp) )
bind( sock2, (struct sockaddr*) &addr, sizeof(struct sockaddr_nfc_llcp) )
close(sock1);
close(sock2);
Fix this by assigning NULL to llcp_sock->local after calling
nfc_llcp_local_put.
This addresses CVE-2021-23134.
Reported-by: Or Cohen <orcohen@paloaltonetworks.com>
Reported-by: Nadav Markus <nmarkus@paloaltonetworks.com>
Fixes: c33b1cc62 ("nfc: fix refcount leak in llcp_sock_bind()")
Signed-off-by: Or Cohen <orcohen@paloaltonetworks.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/nfc/llcp_sock.c | 4 ++++
1 file changed, 4 insertions(+)
--- a/net/nfc/llcp_sock.c
+++ b/net/nfc/llcp_sock.c
@@ -121,12 +121,14 @@ static int llcp_sock_bind(struct socket
GFP_KERNEL);
if (!llcp_sock->service_name) {
nfc_llcp_local_put(llcp_sock->local);
+ llcp_sock->local = NULL;
ret = -ENOMEM;
goto put_dev;
}
llcp_sock->ssap = nfc_llcp_get_sdp_ssap(local, llcp_sock);
if (llcp_sock->ssap == LLCP_SAP_MAX) {
nfc_llcp_local_put(llcp_sock->local);
+ llcp_sock->local = NULL;
kfree(llcp_sock->service_name);
llcp_sock->service_name = NULL;
ret = -EADDRINUSE;
@@ -721,6 +723,7 @@ static int llcp_sock_connect(struct sock
llcp_sock->ssap = nfc_llcp_get_local_ssap(local);
if (llcp_sock->ssap == LLCP_SAP_MAX) {
nfc_llcp_local_put(llcp_sock->local);
+ llcp_sock->local = NULL;
ret = -ENOMEM;
goto put_dev;
}
@@ -759,6 +762,7 @@ static int llcp_sock_connect(struct sock
sock_unlink:
nfc_llcp_put_ssap(local, llcp_sock->ssap);
nfc_llcp_local_put(llcp_sock->local);
+ llcp_sock->local = NULL;
nfc_llcp_sock_unlink(&local->connecting_sockets, sk);
kfree(llcp_sock->service_name);
^ permalink raw reply [flat|nested] 440+ messages in thread
* [PATCH 4.19 131/425] ASoC: samsung: tm2_wm5110: check of of_parse return value
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (129 preceding siblings ...)
2021-05-20 9:18 ` [PATCH 4.19 130/425] net/nfc: fix use-after-free llcp_sock_bind/connect Greg Kroah-Hartman
@ 2021-05-20 9:18 ` Greg Kroah-Hartman
2021-05-20 9:18 ` Greg Kroah-Hartman
` (300 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:18 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Krzysztof Kozlowski,
Krzysztof Kozlowski, Sylwester Nawrocki, Pierre-Louis Bossart,
Mark Brown
From: Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
commit d58970da324732686529655c21791cef0ee547c4 upstream.
cppcheck warning:
sound/soc/samsung/tm2_wm5110.c:605:6: style: Variable 'ret' is
reassigned a value before the old one has been
used. [redundantAssignment]
ret = devm_snd_soc_register_component(dev, &tm2_component,
^
sound/soc/samsung/tm2_wm5110.c:554:7: note: ret is assigned
ret = of_parse_phandle_with_args(dev->of_node, "i2s-controller",
^
sound/soc/samsung/tm2_wm5110.c:605:6: note: ret is overwritten
ret = devm_snd_soc_register_component(dev, &tm2_component,
^
The args is a stack variable, so it could have junk (uninitialized)
therefore args.np could have a non-NULL and random value even though
property was missing. Later could trigger invalid pointer dereference.
There's no need to check for args.np because args.np won't be
initialized on errors.
Fixes: 8d1513cef51a ("ASoC: samsung: Add support for HDMI audio on TM2 board")
Cc: <stable@vger.kernel.org>
Suggested-by: Krzysztof Kozlowski <krzk@kernel.org>
Reviewed-by: Krzysztof Kozlowski <krzysztof.kozlowski@canonical.com>
Reviewed-by: Sylwester Nawrocki <s.nawrocki@samsung.com>
Signed-off-by: Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
Link: https://lore.kernel.org/r/20210312180231.2741-2-pierre-louis.bossart@linux.intel.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
sound/soc/samsung/tm2_wm5110.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/sound/soc/samsung/tm2_wm5110.c
+++ b/sound/soc/samsung/tm2_wm5110.c
@@ -541,7 +541,7 @@ static int tm2_probe(struct platform_dev
ret = of_parse_phandle_with_args(dev->of_node, "i2s-controller",
cells_name, i, &args);
- if (!args.np) {
+ if (ret) {
dev_err(dev, "i2s-controller property parse error: %d\n", i);
ret = -EINVAL;
goto dai_node_put;
^ permalink raw reply [flat|nested] 440+ messages in thread
* [PATCH 4.19 132/425] MIPS: pci-mt7620: fix PLL lock check
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
@ 2021-05-20 9:18 ` Greg Kroah-Hartman
2021-05-20 9:16 ` [PATCH 4.19 002/425] ACPI: custom_method: fix potential use-after-free issue Greg Kroah-Hartman
` (430 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:18 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Ilya Lipnitskiy, John Crispin,
linux-mips, linux-mediatek, Thomas Bogendoerfer
From: Ilya Lipnitskiy <ilya.lipnitskiy@gmail.com>
commit c15b99ae2ba9ea30da3c7cd4765b8a4707e530a6 upstream.
Upstream a long-standing OpenWrt patch [0] that fixes MT7620 PCIe PLL
lock check. The existing code checks the wrong register bit: PPLL_SW_SET
is not defined in PPLL_CFG1 and bit 31 of PPLL_CFG1 is marked as reserved
in the MT7620 Programming Guide. The correct bit to check for PLL lock
is PPLL_LD (bit 23).
Also reword the error message for clarity.
Without this change it is unlikely that this driver ever worked with
mainline kernel.
[0]: https://lists.infradead.org/pipermail/lede-commits/2017-July/004441.html
Signed-off-by: Ilya Lipnitskiy <ilya.lipnitskiy@gmail.com>
Cc: John Crispin <john@phrozen.org>
Cc: linux-mips@vger.kernel.org
Cc: linux-mediatek@lists.infradead.org
Cc: linux-kernel@vger.kernel.org
Cc: stable@vger.kernel.org
Signed-off-by: Thomas Bogendoerfer <tsbogend@alpha.franken.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/mips/pci/pci-mt7620.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
--- a/arch/mips/pci/pci-mt7620.c
+++ b/arch/mips/pci/pci-mt7620.c
@@ -33,6 +33,7 @@
#define RALINK_GPIOMODE 0x60
#define PPLL_CFG1 0x9c
+#define PPLL_LD BIT(23)
#define PPLL_DRV 0xa0
#define PDRV_SW_SET BIT(31)
@@ -242,8 +243,8 @@ static int mt7620_pci_hw_init(struct pla
rt_sysc_m32(0, RALINK_PCIE0_CLK_EN, RALINK_CLKCFG1);
mdelay(100);
- if (!(rt_sysc_r32(PPLL_CFG1) & PDRV_SW_SET)) {
- dev_err(&pdev->dev, "MT7620 PPLL unlock\n");
+ if (!(rt_sysc_r32(PPLL_CFG1) & PPLL_LD)) {
+ dev_err(&pdev->dev, "pcie PLL not locked, aborting init\n");
reset_control_assert(rstpcie0);
rt_sysc_m32(RALINK_PCIE0_CLK_EN, 0, RALINK_CLKCFG1);
return -1;
^ permalink raw reply [flat|nested] 440+ messages in thread
* [PATCH 4.19 132/425] MIPS: pci-mt7620: fix PLL lock check
@ 2021-05-20 9:18 ` Greg Kroah-Hartman
0 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:18 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Ilya Lipnitskiy, John Crispin,
linux-mips, linux-mediatek, Thomas Bogendoerfer
From: Ilya Lipnitskiy <ilya.lipnitskiy@gmail.com>
commit c15b99ae2ba9ea30da3c7cd4765b8a4707e530a6 upstream.
Upstream a long-standing OpenWrt patch [0] that fixes MT7620 PCIe PLL
lock check. The existing code checks the wrong register bit: PPLL_SW_SET
is not defined in PPLL_CFG1 and bit 31 of PPLL_CFG1 is marked as reserved
in the MT7620 Programming Guide. The correct bit to check for PLL lock
is PPLL_LD (bit 23).
Also reword the error message for clarity.
Without this change it is unlikely that this driver ever worked with
mainline kernel.
[0]: https://lists.infradead.org/pipermail/lede-commits/2017-July/004441.html
Signed-off-by: Ilya Lipnitskiy <ilya.lipnitskiy@gmail.com>
Cc: John Crispin <john@phrozen.org>
Cc: linux-mips@vger.kernel.org
Cc: linux-mediatek@lists.infradead.org
Cc: linux-kernel@vger.kernel.org
Cc: stable@vger.kernel.org
Signed-off-by: Thomas Bogendoerfer <tsbogend@alpha.franken.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/mips/pci/pci-mt7620.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
--- a/arch/mips/pci/pci-mt7620.c
+++ b/arch/mips/pci/pci-mt7620.c
@@ -33,6 +33,7 @@
#define RALINK_GPIOMODE 0x60
#define PPLL_CFG1 0x9c
+#define PPLL_LD BIT(23)
#define PPLL_DRV 0xa0
#define PDRV_SW_SET BIT(31)
@@ -242,8 +243,8 @@ static int mt7620_pci_hw_init(struct pla
rt_sysc_m32(0, RALINK_PCIE0_CLK_EN, RALINK_CLKCFG1);
mdelay(100);
- if (!(rt_sysc_r32(PPLL_CFG1) & PDRV_SW_SET)) {
- dev_err(&pdev->dev, "MT7620 PPLL unlock\n");
+ if (!(rt_sysc_r32(PPLL_CFG1) & PPLL_LD)) {
+ dev_err(&pdev->dev, "pcie PLL not locked, aborting init\n");
reset_control_assert(rstpcie0);
rt_sysc_m32(RALINK_PCIE0_CLK_EN, 0, RALINK_CLKCFG1);
return -1;
_______________________________________________
Linux-mediatek mailing list
Linux-mediatek@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-mediatek
^ permalink raw reply [flat|nested] 440+ messages in thread
* [PATCH 4.19 133/425] MIPS: pci-rt2880: fix slot 0 configuration
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (131 preceding siblings ...)
2021-05-20 9:18 ` Greg Kroah-Hartman
@ 2021-05-20 9:18 ` Greg Kroah-Hartman
2021-05-20 9:18 ` [PATCH 4.19 134/425] FDDI: defxx: Bail out gracefully with unassigned PCI resource for CSR Greg Kroah-Hartman
` (298 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:18 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Ilya Lipnitskiy, Lorenzo Pieralisi,
Tobias Wolf, Thomas Bogendoerfer
From: Ilya Lipnitskiy <ilya.lipnitskiy@gmail.com>
commit 8e98b697006d749d745d3b174168a877bb96c500 upstream.
pci_fixup_irqs() used to call pcibios_map_irq on every PCI device, which
for RT2880 included bus 0 slot 0. After pci_fixup_irqs() got removed,
only slots/funcs with devices attached would be called. While arguably
the right thing, that left no chance for this driver to ever initialize
slot 0, effectively bricking PCI and USB on RT2880 devices such as the
Belkin F5D8235-4 v1.
Slot 0 configuration needs to happen after PCI bus enumeration, but
before any device at slot 0x11 (func 0 or 1) is talked to. That was
determined empirically by testing on a Belkin F5D8235-4 v1 device. A
minimal BAR 0 config write followed by read, then setting slot 0
PCI_COMMAND to MASTER | IO | MEMORY is all that seems to be required for
proper functionality.
Tested by ensuring that full- and high-speed USB devices get enumerated
on the Belkin F5D8235-4 v1 (with an out of tree DTS file from OpenWrt).
Fixes: 04c81c7293df ("MIPS: PCI: Replace pci_fixup_irqs() call with host bridge IRQ mapping hooks")
Signed-off-by: Ilya Lipnitskiy <ilya.lipnitskiy@gmail.com>
Cc: Lorenzo Pieralisi <lorenzo.pieralisi@arm.com>
Cc: Tobias Wolf <dev-NTEO@vplace.de>
Cc: <stable@vger.kernel.org> # v4.14+
Signed-off-by: Thomas Bogendoerfer <tsbogend@alpha.franken.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/mips/pci/pci-rt2880.c | 37 ++++++++++++++++++++++++-------------
1 file changed, 24 insertions(+), 13 deletions(-)
--- a/arch/mips/pci/pci-rt2880.c
+++ b/arch/mips/pci/pci-rt2880.c
@@ -183,7 +183,6 @@ static inline void rt2880_pci_write_u32(
int pcibios_map_irq(const struct pci_dev *dev, u8 slot, u8 pin)
{
- u16 cmd;
int irq = -1;
if (dev->bus->number != 0)
@@ -191,8 +190,6 @@ int pcibios_map_irq(const struct pci_dev
switch (PCI_SLOT(dev->devfn)) {
case 0x00:
- rt2880_pci_write_u32(PCI_BASE_ADDRESS_0, 0x08000000);
- (void) rt2880_pci_read_u32(PCI_BASE_ADDRESS_0);
break;
case 0x11:
irq = RT288X_CPU_IRQ_PCI;
@@ -204,16 +201,6 @@ int pcibios_map_irq(const struct pci_dev
break;
}
- pci_write_config_byte((struct pci_dev *) dev,
- PCI_CACHE_LINE_SIZE, 0x14);
- pci_write_config_byte((struct pci_dev *) dev, PCI_LATENCY_TIMER, 0xFF);
- pci_read_config_word((struct pci_dev *) dev, PCI_COMMAND, &cmd);
- cmd |= PCI_COMMAND_MASTER | PCI_COMMAND_IO | PCI_COMMAND_MEMORY |
- PCI_COMMAND_INVALIDATE | PCI_COMMAND_FAST_BACK |
- PCI_COMMAND_SERR | PCI_COMMAND_WAIT | PCI_COMMAND_PARITY;
- pci_write_config_word((struct pci_dev *) dev, PCI_COMMAND, cmd);
- pci_write_config_byte((struct pci_dev *) dev, PCI_INTERRUPT_LINE,
- dev->irq);
return irq;
}
@@ -252,6 +239,30 @@ static int rt288x_pci_probe(struct platf
int pcibios_plat_dev_init(struct pci_dev *dev)
{
+ static bool slot0_init;
+
+ /*
+ * Nobody seems to initialize slot 0, but this platform requires it, so
+ * do it once when some other slot is being enabled. The PCI subsystem
+ * should configure other slots properly, so no need to do anything
+ * special for those.
+ */
+ if (!slot0_init && dev->bus->number == 0) {
+ u16 cmd;
+ u32 bar0;
+
+ slot0_init = true;
+
+ pci_bus_write_config_dword(dev->bus, 0, PCI_BASE_ADDRESS_0,
+ 0x08000000);
+ pci_bus_read_config_dword(dev->bus, 0, PCI_BASE_ADDRESS_0,
+ &bar0);
+
+ pci_bus_read_config_word(dev->bus, 0, PCI_COMMAND, &cmd);
+ cmd |= PCI_COMMAND_MASTER | PCI_COMMAND_IO | PCI_COMMAND_MEMORY;
+ pci_bus_write_config_word(dev->bus, 0, PCI_COMMAND, cmd);
+ }
+
return 0;
}
^ permalink raw reply [flat|nested] 440+ messages in thread
* [PATCH 4.19 134/425] FDDI: defxx: Bail out gracefully with unassigned PCI resource for CSR
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (132 preceding siblings ...)
2021-05-20 9:18 ` [PATCH 4.19 133/425] MIPS: pci-rt2880: fix slot 0 configuration Greg Kroah-Hartman
@ 2021-05-20 9:18 ` Greg Kroah-Hartman
2021-05-20 9:18 ` [PATCH 4.19 135/425] iio:accel:adis16201: Fix wrong axis assignment that prevents loading Greg Kroah-Hartman
` (297 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:18 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Maciej W. Rozycki, David S. Miller
From: Maciej W. Rozycki <macro@orcam.me.uk>
commit f626ca682912fab55dff15469ce893ae16b65c7e upstream.
Recent versions of the PCI Express specification have deprecated support
for I/O transactions and actually some PCIe host bridges, such as Power
Systems Host Bridge 4 (PHB4), do not implement them.
For those systems the PCI BARs that request a mapping in the I/O space
have the length recorded in the corresponding PCI resource set to zero,
which makes it unassigned:
# lspci -s 0031:02:04.0 -v
0031:02:04.0 FDDI network controller: Digital Equipment Corporation PCI-to-PDQ Interface Chip [PFI] FDDI (DEFPA) (rev 02)
Subsystem: Digital Equipment Corporation FDDIcontroller/PCI (DEFPA)
Flags: bus master, medium devsel, latency 136, IRQ 57, NUMA node 8
Memory at 620c080020000 (32-bit, non-prefetchable) [size=128]
I/O ports at <unassigned> [disabled]
Memory at 620c080030000 (32-bit, non-prefetchable) [size=64K]
Capabilities: [50] Power Management version 2
Kernel driver in use: defxx
Kernel modules: defxx
#
Regardless the driver goes ahead and requests it (here observed with a
Raptor Talos II POWER9 system), resulting in an odd /proc/ioport entry:
# cat /proc/ioports
00000000-ffffffffffffffff : 0031:02:04.0
#
Furthermore, the system gets confused as the driver actually continues
and pokes at those locations, causing a flood of messages being output
to the system console by the underlying system firmware, like:
defxx: v1.11 2014/07/01 Lawrence V. Stefani and others
defxx 0031:02:04.0: enabling device (0140 -> 0142)
LPC[000]: Got SYNC no-response error. Error address reg: 0xd0010000
IPMI: dropping non severe PEL event
LPC[000]: Got SYNC no-response error. Error address reg: 0xd0010014
IPMI: dropping non severe PEL event
LPC[000]: Got SYNC no-response error. Error address reg: 0xd0010014
IPMI: dropping non severe PEL event
and so on and so on (possibly intermixed actually, as there's no locking
between the kernel and the firmware in console port access with this
particular system, but cleaned up above for clarity), and once some 10k
of such pairs of the latter two messages have been produced an interace
eventually shows up in a useless state:
0031:02:04.0: DEFPA at I/O addr = 0x0, IRQ = 57, Hardware addr = 00-00-00-00-00-00
This was not expected to happen as resource handling was added to the
driver a while ago, because it was not known at that time that a PCI
system would be possible that cannot assign port I/O resources, and
oddly enough `request_region' does not fail, which would have caught it.
Correct the problem then by checking for the length of zero for the CSR
resource and bail out gracefully refusing to register an interface if
that turns out to be the case, producing messages like:
defxx: v1.11 2014/07/01 Lawrence V. Stefani and others
0031:02:04.0: Cannot use I/O, no address set, aborting
0031:02:04.0: Recompile driver with "CONFIG_DEFXX_MMIO=y"
Keep the original check for the EISA MMIO resource as implemented,
because in that case the length is hardwired to 0x400 as a consequence
of how the compare/mask address decoding works in the ESIC chip and it
is only the base address that is set to zero if MMIO has been disabled
for the adapter in EISA configuration, which in turn could be a valid
bus address in a legacy-free system implementing PCI, especially for
port I/O.
Where the EISA MMIO resource has been disabled for the adapter in EISA
configuration this arrangement keeps producing messages like:
eisa 00:05: EISA: slot 5: DEC3002 detected
defxx: v1.11 2014/07/01 Lawrence V. Stefani and others
00:05: Cannot use MMIO, no address set, aborting
00:05: Recompile driver with "CONFIG_DEFXX_MMIO=n"
00:05: Or run ECU and set adapter's MMIO location
with the last two lines now swapped for easier handling in the driver.
There is no need to check for and catch the case of a port I/O resource
not having been assigned for EISA as the adapter uses the slot-specific
I/O space, which gets assigned by how EISA has been specified and maps
directly to the particular slot an option card has been placed in. And
the EISA variant of the adapter has additional registers that are only
accessible via the port I/O space anyway.
While at it factor out the error message calls into helpers and fix an
argument order bug with the `pr_err' call now in `dfx_register_res_err'.
Signed-off-by: Maciej W. Rozycki <macro@orcam.me.uk>
Fixes: 4d0438e56a8f ("defxx: Clean up DEFEA resource management")
Cc: stable@vger.kernel.org # v3.19+
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/fddi/defxx.c | 47 ++++++++++++++++++++++++++++++-----------------
1 file changed, 30 insertions(+), 17 deletions(-)
--- a/drivers/net/fddi/defxx.c
+++ b/drivers/net/fddi/defxx.c
@@ -495,6 +495,25 @@ static const struct net_device_ops dfx_n
.ndo_set_mac_address = dfx_ctl_set_mac_address,
};
+static void dfx_register_res_alloc_err(const char *print_name, bool mmio,
+ bool eisa)
+{
+ pr_err("%s: Cannot use %s, no address set, aborting\n",
+ print_name, mmio ? "MMIO" : "I/O");
+ pr_err("%s: Recompile driver with \"CONFIG_DEFXX_MMIO=%c\"\n",
+ print_name, mmio ? 'n' : 'y');
+ if (eisa && mmio)
+ pr_err("%s: Or run ECU and set adapter's MMIO location\n",
+ print_name);
+}
+
+static void dfx_register_res_err(const char *print_name, bool mmio,
+ unsigned long start, unsigned long len)
+{
+ pr_err("%s: Cannot reserve %s resource 0x%lx @ 0x%lx, aborting\n",
+ print_name, mmio ? "MMIO" : "I/O", len, start);
+}
+
/*
* ================
* = dfx_register =
@@ -568,15 +587,12 @@ static int dfx_register(struct device *b
dev_set_drvdata(bdev, dev);
dfx_get_bars(bdev, bar_start, bar_len);
- if (dfx_bus_eisa && dfx_use_mmio && bar_start[0] == 0) {
- pr_err("%s: Cannot use MMIO, no address set, aborting\n",
- print_name);
- pr_err("%s: Run ECU and set adapter's MMIO location\n",
- print_name);
- pr_err("%s: Or recompile driver with \"CONFIG_DEFXX_MMIO=n\""
- "\n", print_name);
+ if (bar_len[0] == 0 ||
+ (dfx_bus_eisa && dfx_use_mmio && bar_start[0] == 0)) {
+ dfx_register_res_alloc_err(print_name, dfx_use_mmio,
+ dfx_bus_eisa);
err = -ENXIO;
- goto err_out;
+ goto err_out_disable;
}
if (dfx_use_mmio)
@@ -585,18 +601,16 @@ static int dfx_register(struct device *b
else
region = request_region(bar_start[0], bar_len[0], print_name);
if (!region) {
- pr_err("%s: Cannot reserve %s resource 0x%lx @ 0x%lx, "
- "aborting\n", dfx_use_mmio ? "MMIO" : "I/O", print_name,
- (long)bar_len[0], (long)bar_start[0]);
+ dfx_register_res_err(print_name, dfx_use_mmio,
+ bar_start[0], bar_len[0]);
err = -EBUSY;
goto err_out_disable;
}
if (bar_start[1] != 0) {
region = request_region(bar_start[1], bar_len[1], print_name);
if (!region) {
- pr_err("%s: Cannot reserve I/O resource "
- "0x%lx @ 0x%lx, aborting\n", print_name,
- (long)bar_len[1], (long)bar_start[1]);
+ dfx_register_res_err(print_name, 0,
+ bar_start[1], bar_len[1]);
err = -EBUSY;
goto err_out_csr_region;
}
@@ -604,9 +618,8 @@ static int dfx_register(struct device *b
if (bar_start[2] != 0) {
region = request_region(bar_start[2], bar_len[2], print_name);
if (!region) {
- pr_err("%s: Cannot reserve I/O resource "
- "0x%lx @ 0x%lx, aborting\n", print_name,
- (long)bar_len[2], (long)bar_start[2]);
+ dfx_register_res_err(print_name, 0,
+ bar_start[2], bar_len[2]);
err = -EBUSY;
goto err_out_bh_region;
}
^ permalink raw reply [flat|nested] 440+ messages in thread
* [PATCH 4.19 135/425] iio:accel:adis16201: Fix wrong axis assignment that prevents loading
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (133 preceding siblings ...)
2021-05-20 9:18 ` [PATCH 4.19 134/425] FDDI: defxx: Bail out gracefully with unassigned PCI resource for CSR Greg Kroah-Hartman
@ 2021-05-20 9:18 ` Greg Kroah-Hartman
2021-05-20 9:18 ` [PATCH 4.19 136/425] misc: lis3lv02d: Fix false-positive WARN on various HP models Greg Kroah-Hartman
` (296 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:18 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jonathan Cameron, Stable,
Himanshu Jha, Nuno Sá,
Alexandru Ardelean
From: Jonathan Cameron <Jonathan.Cameron@huawei.com>
commit 4e102429f3dc62dce546f6107e34a4284634196d upstream.
Whilst running some basic tests as part of writing up the dt-bindings for
this driver (to follow), it became clear it doesn't actually load
currently.
iio iio:device1: tried to double register : in_incli_x_index
adis16201 spi0.0: Failed to create buffer sysfs interfaces
adis16201: probe of spi0.0 failed with error -16
Looks like a cut and paste / update bug. Fixes tag obviously not accurate
but we don't want to bother carry thing back to before the driver moved
out of staging.
Fixes: 591298e54cea ("Staging: iio: accel: adis16201: Move adis16201 driver out of staging")
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Cc: <Stable@vger.kernel.org>
Cc: Himanshu Jha <himanshujha199640@gmail.com>
Cc: Nuno Sá <nuno.sa@analog.com>
Reviewed-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Link: https://lore.kernel.org/r/20210321182956.844652-1-jic23@kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/iio/accel/adis16201.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/iio/accel/adis16201.c
+++ b/drivers/iio/accel/adis16201.c
@@ -216,7 +216,7 @@ static const struct iio_chan_spec adis16
ADIS_AUX_ADC_CHAN(ADIS16201_AUX_ADC_REG, ADIS16201_SCAN_AUX_ADC, 0, 12),
ADIS_INCLI_CHAN(X, ADIS16201_XINCL_OUT_REG, ADIS16201_SCAN_INCLI_X,
BIT(IIO_CHAN_INFO_CALIBBIAS), 0, 14),
- ADIS_INCLI_CHAN(X, ADIS16201_YINCL_OUT_REG, ADIS16201_SCAN_INCLI_Y,
+ ADIS_INCLI_CHAN(Y, ADIS16201_YINCL_OUT_REG, ADIS16201_SCAN_INCLI_Y,
BIT(IIO_CHAN_INFO_CALIBBIAS), 0, 14),
IIO_CHAN_SOFT_TIMESTAMP(7)
};
^ permalink raw reply [flat|nested] 440+ messages in thread
* [PATCH 4.19 136/425] misc: lis3lv02d: Fix false-positive WARN on various HP models
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (134 preceding siblings ...)
2021-05-20 9:18 ` [PATCH 4.19 135/425] iio:accel:adis16201: Fix wrong axis assignment that prevents loading Greg Kroah-Hartman
@ 2021-05-20 9:18 ` Greg Kroah-Hartman
2021-05-20 9:18 ` [PATCH 4.19 137/425] misc: vmw_vmci: explicitly initialize vmci_notify_bm_set_msg struct Greg Kroah-Hartman
` (295 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:18 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Hans de Goede
From: Hans de Goede <hdegoede@redhat.com>
commit 3641762c1c9c7cfd84a7061a0a73054f09b412e3 upstream.
Before this commit lis3lv02d_get_pwron_wait() had a WARN_ONCE() to catch
a potential divide by 0. WARN macros should only be used to catch internal
kernel bugs and that is not the case here. We have been receiving a lot of
bug reports about kernel backtraces caused by this WARN.
The div value being checked comes from the lis3->odrs[] array. Which
is sized to be a power-of-2 matching the number of bits in lis3->odr_mask.
The only lis3 model where this array is not entirely filled with non zero
values. IOW the only model where we can hit the div == 0 check is the
3dc ("8 bits 3DC sensor") model:
int lis3_3dc_rates[16] = {0, 1, 10, 25, 50, 100, 200, 400, 1600, 5000};
Note the 0 value at index 0, according to the datasheet an odr index of 0
means "Power-down mode". HP typically uses a lis3 accelerometer for HDD
fall protection. What I believe is happening here is that on newer
HP devices, which only contain a SDD, the BIOS is leaving the lis3 device
powered-down since it is not used for HDD fall protection.
Note that the lis3_3dc_rates array initializer only specifies 10 values,
which matches the datasheet. So it also contains 6 zero values at the end.
Replace the WARN with a normal check, which treats an odr index of 0
as power-down and uses a normal dev_err() to report the error in case
odr index point past the initialized part of the array.
Fixes: 1510dd5954be ("lis3lv02d: avoid divide by zero due to unchecked")
Cc: stable@vger.kernel.org
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
BugLink: https://bugzilla.redhat.com/show_bug.cgi?id=785814
BugLink: https://bugzilla.redhat.com/show_bug.cgi?id=1817027
BugLink: https://bugs.centos.org/view.php?id=10720
Link: https://lore.kernel.org/r/20210217102501.31758-1-hdegoede@redhat.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/misc/lis3lv02d/lis3lv02d.c | 21 ++++++++++++++++-----
1 file changed, 16 insertions(+), 5 deletions(-)
--- a/drivers/misc/lis3lv02d/lis3lv02d.c
+++ b/drivers/misc/lis3lv02d/lis3lv02d.c
@@ -221,7 +221,7 @@ static int lis3_3dc_rates[16] = {0, 1, 1
static int lis3_3dlh_rates[4] = {50, 100, 400, 1000};
/* ODR is Output Data Rate */
-static int lis3lv02d_get_odr(struct lis3lv02d *lis3)
+static int lis3lv02d_get_odr_index(struct lis3lv02d *lis3)
{
u8 ctrl;
int shift;
@@ -229,15 +229,23 @@ static int lis3lv02d_get_odr(struct lis3
lis3->read(lis3, CTRL_REG1, &ctrl);
ctrl &= lis3->odr_mask;
shift = ffs(lis3->odr_mask) - 1;
- return lis3->odrs[(ctrl >> shift)];
+ return (ctrl >> shift);
}
static int lis3lv02d_get_pwron_wait(struct lis3lv02d *lis3)
{
- int div = lis3lv02d_get_odr(lis3);
+ int odr_idx = lis3lv02d_get_odr_index(lis3);
+ int div = lis3->odrs[odr_idx];
- if (WARN_ONCE(div == 0, "device returned spurious data"))
+ if (div == 0) {
+ if (odr_idx == 0) {
+ /* Power-down mode, not sampling no need to sleep */
+ return 0;
+ }
+
+ dev_err(&lis3->pdev->dev, "Error unknown odrs-index: %d\n", odr_idx);
return -ENXIO;
+ }
/* LIS3 power on delay is quite long */
msleep(lis3->pwron_delay / div);
@@ -820,9 +828,12 @@ static ssize_t lis3lv02d_rate_show(struc
struct device_attribute *attr, char *buf)
{
struct lis3lv02d *lis3 = dev_get_drvdata(dev);
+ int odr_idx;
lis3lv02d_sysfs_poweron(lis3);
- return sprintf(buf, "%d\n", lis3lv02d_get_odr(lis3));
+
+ odr_idx = lis3lv02d_get_odr_index(lis3);
+ return sprintf(buf, "%d\n", lis3->odrs[odr_idx]);
}
static ssize_t lis3lv02d_rate_set(struct device *dev,
^ permalink raw reply [flat|nested] 440+ messages in thread
* [PATCH 4.19 137/425] misc: vmw_vmci: explicitly initialize vmci_notify_bm_set_msg struct
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (135 preceding siblings ...)
2021-05-20 9:18 ` [PATCH 4.19 136/425] misc: lis3lv02d: Fix false-positive WARN on various HP models Greg Kroah-Hartman
@ 2021-05-20 9:18 ` Greg Kroah-Hartman
2021-05-20 9:18 ` [PATCH 4.19 138/425] misc: vmw_vmci: explicitly initialize vmci_datagram payload Greg Kroah-Hartman
` (294 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:18 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Tetsuo Handa
From: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
commit 376565b9717c30cd58ad33860fa42697615fa2e4 upstream.
KMSAN complains that the vmci_use_ppn64() == false path in
vmci_dbell_register_notification_bitmap() left upper 32bits of
bitmap_set_msg.bitmap_ppn64 member uninitialized.
=====================================================
BUG: KMSAN: uninit-value in kmsan_check_memory+0xd/0x10
CPU: 1 PID: 1 Comm: swapper/0 Not tainted 5.11.0-rc7+ #4
Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 02/27/2020
Call Trace:
dump_stack+0x21c/0x280
kmsan_report+0xfb/0x1e0
kmsan_internal_check_memory+0x484/0x520
kmsan_check_memory+0xd/0x10
iowrite8_rep+0x86/0x380
vmci_send_datagram+0x150/0x280
vmci_dbell_register_notification_bitmap+0x133/0x1e0
vmci_guest_probe_device+0xcab/0x1e70
pci_device_probe+0xab3/0xe70
really_probe+0xd16/0x24d0
driver_probe_device+0x29d/0x3a0
device_driver_attach+0x25a/0x490
__driver_attach+0x78c/0x840
bus_for_each_dev+0x210/0x340
driver_attach+0x89/0xb0
bus_add_driver+0x677/0xc40
driver_register+0x485/0x8e0
__pci_register_driver+0x1ff/0x350
vmci_guest_init+0x3e/0x41
vmci_drv_init+0x1d6/0x43f
do_one_initcall+0x39c/0x9a0
do_initcall_level+0x1d7/0x259
do_initcalls+0x127/0x1cb
do_basic_setup+0x33/0x36
kernel_init_freeable+0x29a/0x3ed
kernel_init+0x1f/0x840
ret_from_fork+0x1f/0x30
Local variable ----bitmap_set_msg@vmci_dbell_register_notification_bitmap created at:
vmci_dbell_register_notification_bitmap+0x50/0x1e0
vmci_dbell_register_notification_bitmap+0x50/0x1e0
Bytes 28-31 of 32 are uninitialized
Memory access of size 32 starts at ffff88810098f570
=====================================================
Fixes: 83e2ec765be03e8a ("VMCI: doorbell implementation.")
Cc: <stable@vger.kernel.org>
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Link: https://lore.kernel.org/r/20210402121742.3917-1-penguin-kernel@I-love.SAKURA.ne.jp
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/misc/vmw_vmci/vmci_doorbell.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/misc/vmw_vmci/vmci_doorbell.c
+++ b/drivers/misc/vmw_vmci/vmci_doorbell.c
@@ -334,7 +334,7 @@ int vmci_dbell_host_context_notify(u32 s
bool vmci_dbell_register_notification_bitmap(u32 bitmap_ppn)
{
int result;
- struct vmci_notify_bm_set_msg bitmap_set_msg;
+ struct vmci_notify_bm_set_msg bitmap_set_msg = { };
bitmap_set_msg.hdr.dst = vmci_make_handle(VMCI_HYPERVISOR_CONTEXT_ID,
VMCI_SET_NOTIFY_BITMAP);
^ permalink raw reply [flat|nested] 440+ messages in thread
* [PATCH 4.19 138/425] misc: vmw_vmci: explicitly initialize vmci_datagram payload
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (136 preceding siblings ...)
2021-05-20 9:18 ` [PATCH 4.19 137/425] misc: vmw_vmci: explicitly initialize vmci_notify_bm_set_msg struct Greg Kroah-Hartman
@ 2021-05-20 9:18 ` Greg Kroah-Hartman
2021-05-20 9:18 ` [PATCH 4.19 139/425] md/bitmap: wait for external bitmap writes to complete during tear down Greg Kroah-Hartman
` (293 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:18 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Tetsuo Handa
From: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
commit b2192cfeba8481224da0a4ec3b4a7ccd80b1623b upstream.
KMSAN complains that vmci_check_host_caps() left the payload part of
check_msg uninitialized.
=====================================================
BUG: KMSAN: uninit-value in kmsan_check_memory+0xd/0x10
CPU: 1 PID: 1 Comm: swapper/0 Tainted: G B 5.11.0-rc7+ #4
Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 02/27/2020
Call Trace:
dump_stack+0x21c/0x280
kmsan_report+0xfb/0x1e0
kmsan_internal_check_memory+0x202/0x520
kmsan_check_memory+0xd/0x10
iowrite8_rep+0x86/0x380
vmci_guest_probe_device+0xf0b/0x1e70
pci_device_probe+0xab3/0xe70
really_probe+0xd16/0x24d0
driver_probe_device+0x29d/0x3a0
device_driver_attach+0x25a/0x490
__driver_attach+0x78c/0x840
bus_for_each_dev+0x210/0x340
driver_attach+0x89/0xb0
bus_add_driver+0x677/0xc40
driver_register+0x485/0x8e0
__pci_register_driver+0x1ff/0x350
vmci_guest_init+0x3e/0x41
vmci_drv_init+0x1d6/0x43f
do_one_initcall+0x39c/0x9a0
do_initcall_level+0x1d7/0x259
do_initcalls+0x127/0x1cb
do_basic_setup+0x33/0x36
kernel_init_freeable+0x29a/0x3ed
kernel_init+0x1f/0x840
ret_from_fork+0x1f/0x30
Uninit was created at:
kmsan_internal_poison_shadow+0x5c/0xf0
kmsan_slab_alloc+0x8d/0xe0
kmem_cache_alloc+0x84f/0xe30
vmci_guest_probe_device+0xd11/0x1e70
pci_device_probe+0xab3/0xe70
really_probe+0xd16/0x24d0
driver_probe_device+0x29d/0x3a0
device_driver_attach+0x25a/0x490
__driver_attach+0x78c/0x840
bus_for_each_dev+0x210/0x340
driver_attach+0x89/0xb0
bus_add_driver+0x677/0xc40
driver_register+0x485/0x8e0
__pci_register_driver+0x1ff/0x350
vmci_guest_init+0x3e/0x41
vmci_drv_init+0x1d6/0x43f
do_one_initcall+0x39c/0x9a0
do_initcall_level+0x1d7/0x259
do_initcalls+0x127/0x1cb
do_basic_setup+0x33/0x36
kernel_init_freeable+0x29a/0x3ed
kernel_init+0x1f/0x840
ret_from_fork+0x1f/0x30
Bytes 28-31 of 36 are uninitialized
Memory access of size 36 starts at ffff8881675e5f00
=====================================================
Fixes: 1f166439917b69d3 ("VMCI: guest side driver implementation.")
Cc: <stable@vger.kernel.org>
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Link: https://lore.kernel.org/r/20210402121742.3917-2-penguin-kernel@I-love.SAKURA.ne.jp
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/misc/vmw_vmci/vmci_guest.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/misc/vmw_vmci/vmci_guest.c
+++ b/drivers/misc/vmw_vmci/vmci_guest.c
@@ -169,7 +169,7 @@ static int vmci_check_host_caps(struct p
VMCI_UTIL_NUM_RESOURCES * sizeof(u32);
struct vmci_datagram *check_msg;
- check_msg = kmalloc(msg_size, GFP_KERNEL);
+ check_msg = kzalloc(msg_size, GFP_KERNEL);
if (!check_msg) {
dev_err(&pdev->dev, "%s: Insufficient memory\n", __func__);
return -ENOMEM;
^ permalink raw reply [flat|nested] 440+ messages in thread
* [PATCH 4.19 139/425] md/bitmap: wait for external bitmap writes to complete during tear down
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (137 preceding siblings ...)
2021-05-20 9:18 ` [PATCH 4.19 138/425] misc: vmw_vmci: explicitly initialize vmci_datagram payload Greg Kroah-Hartman
@ 2021-05-20 9:18 ` Greg Kroah-Hartman
2021-05-20 9:18 ` [PATCH 4.19 140/425] md-cluster: fix use-after-free issue when removing rdev Greg Kroah-Hartman
` (292 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:18 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Sudhakar Panneerselvam, Zhao Heming,
Song Liu
From: Sudhakar Panneerselvam <sudhakar.panneerselvam@oracle.com>
commit 404a8ef512587b2460107d3272c17a89aef75edf upstream.
NULL pointer dereference was observed in super_written() when it tries
to access the mddev structure.
[The below stack trace is from an older kernel, but the problem described
in this patch applies to the mainline kernel.]
[ 1194.474861] task: ffff8fdd20858000 task.stack: ffffb99d40790000
[ 1194.488000] RIP: 0010:super_written+0x29/0xe1
[ 1194.499688] RSP: 0018:ffff8ffb7fcc3c78 EFLAGS: 00010046
[ 1194.512477] RAX: 0000000000000000 RBX: ffff8ffb7bf4a000 RCX: ffff8ffb78991048
[ 1194.527325] RDX: 0000000000000001 RSI: 0000000000000000 RDI: ffff8ffb56b8a200
[ 1194.542576] RBP: ffff8ffb7fcc3c90 R08: 000000000000000b R09: 0000000000000000
[ 1194.558001] R10: ffff8ffb56b8a298 R11: 0000000000000000 R12: ffff8ffb56b8a200
[ 1194.573070] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1194.588117] FS: 0000000000000000(0000) GS:ffff8ffb7fcc0000(0000) knlGS:0000000000000000
[ 1194.604264] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1194.617375] CR2: 00000000000002b8 CR3: 00000021e040a002 CR4: 00000000007606e0
[ 1194.632327] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1194.647865] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 1194.663316] PKRU: 55555554
[ 1194.674090] Call Trace:
[ 1194.683735] <IRQ>
[ 1194.692948] bio_endio+0xae/0x135
[ 1194.703580] blk_update_request+0xad/0x2fa
[ 1194.714990] blk_update_bidi_request+0x20/0x72
[ 1194.726578] __blk_end_bidi_request+0x2c/0x4d
[ 1194.738373] __blk_end_request_all+0x31/0x49
[ 1194.749344] blk_flush_complete_seq+0x377/0x383
[ 1194.761550] flush_end_io+0x1dd/0x2a7
[ 1194.772910] blk_finish_request+0x9f/0x13c
[ 1194.784544] scsi_end_request+0x180/0x25c
[ 1194.796149] scsi_io_completion+0xc8/0x610
[ 1194.807503] scsi_finish_command+0xdc/0x125
[ 1194.818897] scsi_softirq_done+0x81/0xde
[ 1194.830062] blk_done_softirq+0xa4/0xcc
[ 1194.841008] __do_softirq+0xd9/0x29f
[ 1194.851257] irq_exit+0xe6/0xeb
[ 1194.861290] do_IRQ+0x59/0xe3
[ 1194.871060] common_interrupt+0x1c6/0x382
[ 1194.881988] </IRQ>
[ 1194.890646] RIP: 0010:cpuidle_enter_state+0xdd/0x2a5
[ 1194.902532] RSP: 0018:ffffb99d40793e68 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff43
[ 1194.917317] RAX: ffff8ffb7fce27c0 RBX: ffff8ffb7fced800 RCX: 000000000000001f
[ 1194.932056] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000000
[ 1194.946428] RBP: ffffb99d40793ea0 R08: 0000000000000004 R09: 0000000000002ed2
[ 1194.960508] R10: 0000000000002664 R11: 0000000000000018 R12: 0000000000000003
[ 1194.974454] R13: 000000000000000b R14: ffffffff925715a0 R15: 0000011610120d5a
[ 1194.988607] ? cpuidle_enter_state+0xcc/0x2a5
[ 1194.999077] cpuidle_enter+0x17/0x19
[ 1195.008395] call_cpuidle+0x23/0x3a
[ 1195.017718] do_idle+0x172/0x1d5
[ 1195.026358] cpu_startup_entry+0x73/0x75
[ 1195.035769] start_secondary+0x1b9/0x20b
[ 1195.044894] secondary_startup_64+0xa5/0xa5
[ 1195.084921] RIP: super_written+0x29/0xe1 RSP: ffff8ffb7fcc3c78
[ 1195.096354] CR2: 00000000000002b8
bio in the above stack is a bitmap write whose completion is invoked after
the tear down sequence sets the mddev structure to NULL in rdev.
During tear down, there is an attempt to flush the bitmap writes, but for
external bitmaps, there is no explicit wait for all the bitmap writes to
complete. For instance, md_bitmap_flush() is called to flush the bitmap
writes, but the last call to md_bitmap_daemon_work() in md_bitmap_flush()
could generate new bitmap writes for which there is no explicit wait to
complete those writes. The call to md_bitmap_update_sb() will return
simply for external bitmaps and the follow-up call to md_update_sb() is
conditional and may not get called for external bitmaps. This results in a
kernel panic when the completion routine, super_written() is called which
tries to reference mddev in the rdev that has been set to
NULL(in unbind_rdev_from_array() by tear down sequence).
The solution is to call md_super_wait() for external bitmaps after the
last call to md_bitmap_daemon_work() in md_bitmap_flush() to ensure there
are no pending bitmap writes before proceeding with the tear down.
Cc: stable@vger.kernel.org
Signed-off-by: Sudhakar Panneerselvam <sudhakar.panneerselvam@oracle.com>
Reviewed-by: Zhao Heming <heming.zhao@suse.com>
Signed-off-by: Song Liu <song@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/md/md-bitmap.c | 2 ++
1 file changed, 2 insertions(+)
--- a/drivers/md/md-bitmap.c
+++ b/drivers/md/md-bitmap.c
@@ -1725,6 +1725,8 @@ void md_bitmap_flush(struct mddev *mddev
md_bitmap_daemon_work(mddev);
bitmap->daemon_lastrun -= sleep;
md_bitmap_daemon_work(mddev);
+ if (mddev->bitmap_info.external)
+ md_super_wait(mddev);
md_bitmap_update_sb(bitmap);
}
^ permalink raw reply [flat|nested] 440+ messages in thread
* [PATCH 4.19 140/425] md-cluster: fix use-after-free issue when removing rdev
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (138 preceding siblings ...)
2021-05-20 9:18 ` [PATCH 4.19 139/425] md/bitmap: wait for external bitmap writes to complete during tear down Greg Kroah-Hartman
@ 2021-05-20 9:18 ` Greg Kroah-Hartman
2021-05-20 9:18 ` [PATCH 4.19 141/425] md: split mddev_find Greg Kroah-Hartman
` (291 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:18 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Gang He, Heming Zhao, Song Liu
From: Heming Zhao <heming.zhao@suse.com>
commit f7c7a2f9a23e5b6e0f5251f29648d0238bb7757e upstream.
md_kick_rdev_from_array will remove rdev, so we should
use rdev_for_each_safe to search list.
How to trigger:
env: Two nodes on kvm-qemu x86_64 VMs (2C2G with 2 iscsi luns).
```
node2=192.168.0.3
for i in {1..20}; do
echo ==== $i `date` ====;
mdadm -Ss && ssh ${node2} "mdadm -Ss"
wipefs -a /dev/sda /dev/sdb
mdadm -CR /dev/md0 -b clustered -e 1.2 -n 2 -l 1 /dev/sda \
/dev/sdb --assume-clean
ssh ${node2} "mdadm -A /dev/md0 /dev/sda /dev/sdb"
mdadm --wait /dev/md0
ssh ${node2} "mdadm --wait /dev/md0"
mdadm --manage /dev/md0 --fail /dev/sda --remove /dev/sda
sleep 1
done
```
Crash stack:
```
stack segment: 0000 [#1] SMP
... ...
RIP: 0010:md_check_recovery+0x1e8/0x570 [md_mod]
... ...
RSP: 0018:ffffb149807a7d68 EFLAGS: 00010207
RAX: 0000000000000000 RBX: ffff9d494c180800 RCX: ffff9d490fc01e50
RDX: fffff047c0ed8308 RSI: 0000000000000246 RDI: 0000000000000246
RBP: 6b6b6b6b6b6b6b6b R08: ffff9d490fc01e40 R09: 0000000000000000
R10: 0000000000000001 R11: 0000000000000001 R12: 0000000000000000
R13: ffff9d494c180818 R14: ffff9d493399ef38 R15: ffff9d4933a1d800
FS: 0000000000000000(0000) GS:ffff9d494f700000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fe68cab9010 CR3: 000000004c6be001 CR4: 00000000003706e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
raid1d+0x5c/0xd40 [raid1]
? finish_task_switch+0x75/0x2a0
? lock_timer_base+0x67/0x80
? try_to_del_timer_sync+0x4d/0x80
? del_timer_sync+0x41/0x50
? schedule_timeout+0x254/0x2d0
? md_start_sync+0xe0/0xe0 [md_mod]
? md_thread+0x127/0x160 [md_mod]
md_thread+0x127/0x160 [md_mod]
? wait_woken+0x80/0x80
kthread+0x10d/0x130
? kthread_park+0xa0/0xa0
ret_from_fork+0x1f/0x40
```
Fixes: dbb64f8635f5d ("md-cluster: Fix adding of new disk with new reload code")
Fixes: 659b254fa7392 ("md-cluster: remove a disk asynchronously from cluster environment")
Cc: stable@vger.kernel.org
Reviewed-by: Gang He <ghe@suse.com>
Signed-off-by: Heming Zhao <heming.zhao@suse.com>
Signed-off-by: Song Liu <song@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/md/md.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
--- a/drivers/md/md.c
+++ b/drivers/md/md.c
@@ -8883,11 +8883,11 @@ void md_check_recovery(struct mddev *mdd
}
if (mddev_is_clustered(mddev)) {
- struct md_rdev *rdev;
+ struct md_rdev *rdev, *tmp;
/* kick the device if another node issued a
* remove disk.
*/
- rdev_for_each(rdev, mddev) {
+ rdev_for_each_safe(rdev, tmp, mddev) {
if (test_and_clear_bit(ClusterRemove, &rdev->flags) &&
rdev->raid_disk < 0)
md_kick_rdev_from_array(rdev);
@@ -9187,7 +9187,7 @@ err_wq:
static void check_sb_changes(struct mddev *mddev, struct md_rdev *rdev)
{
struct mdp_superblock_1 *sb = page_address(rdev->sb_page);
- struct md_rdev *rdev2;
+ struct md_rdev *rdev2, *tmp;
int role, ret;
char b[BDEVNAME_SIZE];
@@ -9204,7 +9204,7 @@ static void check_sb_changes(struct mdde
}
/* Check for change of roles in the active devices */
- rdev_for_each(rdev2, mddev) {
+ rdev_for_each_safe(rdev2, tmp, mddev) {
if (test_bit(Faulty, &rdev2->flags))
continue;
^ permalink raw reply [flat|nested] 440+ messages in thread
* [PATCH 4.19 141/425] md: split mddev_find
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (139 preceding siblings ...)
2021-05-20 9:18 ` [PATCH 4.19 140/425] md-cluster: fix use-after-free issue when removing rdev Greg Kroah-Hartman
@ 2021-05-20 9:18 ` Greg Kroah-Hartman
2021-05-20 9:18 ` [PATCH 4.19 142/425] md: factor out a mddev_find_locked helper from mddev_find Greg Kroah-Hartman
` (290 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:18 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable
From: Christoph Hellwig <hch@lst.de>
commit 65aa97c4d2bfd76677c211b9d03ef05a98c6d68e upstream.
Split mddev_find into a simple mddev_find that just finds an existing
mddev by the unit number, and a more complicated mddev_find that deals
with find or allocating a mddev.
This turns out to fix this bug reported by Zhao Heming.
----------------------------- snip ------------------------------
commit d3374825ce57 ("md: make devices disappear when they are no longer
needed.") introduced protection between mddev creating & removing. The
md_open shouldn't create mddev when all_mddevs list doesn't contain
mddev. With currently code logic, there will be very easy to trigger
soft lockup in non-preempt env.
---
drivers/md/md.c | 24 +++++++++++++++++++-----
1 file changed, 19 insertions(+), 5 deletions(-)
--- a/drivers/md/md.c
+++ b/drivers/md/md.c
@@ -585,6 +585,22 @@ EXPORT_SYMBOL_GPL(mddev_init);
static struct mddev *mddev_find(dev_t unit)
{
+ struct mddev *mddev;
+
+ if (MAJOR(unit) != MD_MAJOR)
+ unit &= ~((1 << MdpMinorShift) - 1);
+
+ spin_lock(&all_mddevs_lock);
+ mddev = mddev_find_locked(unit);
+ if (mddev)
+ mddev_get(mddev);
+ spin_unlock(&all_mddevs_lock);
+
+ return mddev;
+}
+
+static struct mddev *mddev_find_or_alloc(dev_t unit)
+{
struct mddev *mddev, *new = NULL;
if (unit && MAJOR(unit) != MD_MAJOR)
@@ -5302,7 +5318,7 @@ static int md_alloc(dev_t dev, char *nam
* writing to /sys/module/md_mod/parameters/new_array.
*/
static DEFINE_MUTEX(disks_mutex);
- struct mddev *mddev = mddev_find(dev);
+ struct mddev *mddev = mddev_find_or_alloc(dev);
struct gendisk *disk;
int partitioned;
int shift;
@@ -6155,11 +6171,9 @@ static void autorun_devices(int part)
md_probe(dev, NULL, NULL);
mddev = mddev_find(dev);
- if (!mddev || !mddev->gendisk) {
- if (mddev)
- mddev_put(mddev);
+ if (!mddev)
break;
- }
+
if (mddev_lock(mddev))
pr_warn("md: %s locked, cannot run\n", mdname(mddev));
else if (mddev->raid_disks || mddev->major_version
^ permalink raw reply [flat|nested] 440+ messages in thread
* [PATCH 4.19 142/425] md: factor out a mddev_find_locked helper from mddev_find
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (140 preceding siblings ...)
2021-05-20 9:18 ` [PATCH 4.19 141/425] md: split mddev_find Greg Kroah-Hartman
@ 2021-05-20 9:18 ` Greg Kroah-Hartman
2021-05-20 9:18 ` [PATCH 4.19 143/425] md: md_open returns -EBUSY when entering racing area Greg Kroah-Hartman
` (289 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:18 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Heming Zhao, Christoph Hellwig, Song Liu
From: Christoph Hellwig <hch@lst.de>
commit 8b57251f9a91f5e5a599de7549915d2d226cc3af upstream.
Factor out a self-contained helper to just lookup a mddev by the dev_t
"unit".
Cc: stable@vger.kernel.org
Reviewed-by: Heming Zhao <heming.zhao@suse.com>
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Song Liu <song@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/md/md.c | 32 +++++++++++++++++++-------------
1 file changed, 19 insertions(+), 13 deletions(-)
--- a/drivers/md/md.c
+++ b/drivers/md/md.c
@@ -583,6 +583,17 @@ void mddev_init(struct mddev *mddev)
}
EXPORT_SYMBOL_GPL(mddev_init);
+static struct mddev *mddev_find_locked(dev_t unit)
+{
+ struct mddev *mddev;
+
+ list_for_each_entry(mddev, &all_mddevs, all_mddevs)
+ if (mddev->unit == unit)
+ return mddev;
+
+ return NULL;
+}
+
static struct mddev *mddev_find(dev_t unit)
{
struct mddev *mddev;
@@ -610,13 +621,13 @@ static struct mddev *mddev_find_or_alloc
spin_lock(&all_mddevs_lock);
if (unit) {
- list_for_each_entry(mddev, &all_mddevs, all_mddevs)
- if (mddev->unit == unit) {
- mddev_get(mddev);
- spin_unlock(&all_mddevs_lock);
- kfree(new);
- return mddev;
- }
+ mddev = mddev_find_locked(unit);
+ if (mddev) {
+ mddev_get(mddev);
+ spin_unlock(&all_mddevs_lock);
+ kfree(new);
+ return mddev;
+ }
if (new) {
list_add(&new->all_mddevs, &all_mddevs);
@@ -642,12 +653,7 @@ static struct mddev *mddev_find_or_alloc
return NULL;
}
- is_free = 1;
- list_for_each_entry(mddev, &all_mddevs, all_mddevs)
- if (mddev->unit == dev) {
- is_free = 0;
- break;
- }
+ is_free = !mddev_find_locked(dev);
}
new->unit = dev;
new->md_minor = MINOR(dev);
^ permalink raw reply [flat|nested] 440+ messages in thread
* [PATCH 4.19 143/425] md: md_open returns -EBUSY when entering racing area
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (141 preceding siblings ...)
2021-05-20 9:18 ` [PATCH 4.19 142/425] md: factor out a mddev_find_locked helper from mddev_find Greg Kroah-Hartman
@ 2021-05-20 9:18 ` Greg Kroah-Hartman
2021-05-20 9:18 ` [PATCH 4.19 144/425] md: Fix missing unused status line of /proc/mdstat Greg Kroah-Hartman
` (288 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:18 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable
From: Zhao Heming <heming.zhao@suse.com>
commit 6a4db2a60306eb65bfb14ccc9fde035b74a4b4e7 upstream.
commit d3374825ce57 ("md: make devices disappear when they are no longer
needed.") introduced protection between mddev creating & removing. The
md_open shouldn't create mddev when all_mddevs list doesn't contain
mddev. With currently code logic, there will be very easy to trigger
soft lockup in non-preempt env.
This patch changes md_open returning from -ERESTARTSYS to -EBUSY, which
will break the infinitely retry when md_open enter racing area.
This patch is partly fix soft lockup issue, full fix needs mddev_find
is split into two functions: mddev_find & mddev_find_or_alloc. And
md_open should call new mddev_find (it only does searching job).
For more detail, please refer with Christoph's "split mddev_find" patch
in later commits.
---
drivers/md/md.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
--- a/drivers/md/md.c
+++ b/drivers/md/md.c
@@ -7481,8 +7481,7 @@ static int md_open(struct block_device *
/* Wait until bdev->bd_disk is definitely gone */
if (work_pending(&mddev->del_work))
flush_workqueue(md_misc_wq);
- /* Then retry the open from the top */
- return -ERESTARTSYS;
+ return -EBUSY;
}
BUG_ON(mddev != bdev->bd_disk->private_data);
^ permalink raw reply [flat|nested] 440+ messages in thread
* [PATCH 4.19 144/425] md: Fix missing unused status line of /proc/mdstat
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (142 preceding siblings ...)
2021-05-20 9:18 ` [PATCH 4.19 143/425] md: md_open returns -EBUSY when entering racing area Greg Kroah-Hartman
@ 2021-05-20 9:18 ` Greg Kroah-Hartman
2021-05-20 9:18 ` [PATCH 4.19 145/425] ipw2x00: potential buffer overflow in libipw_wx_set_encodeext() Greg Kroah-Hartman
` (287 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:18 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Jan Glauber, Song Liu
From: Jan Glauber <jglauber@digitalocean.com>
commit 7abfabaf5f805f5171d133ce6af9b65ab766e76a upstream.
Reading /proc/mdstat with a read buffer size that would not
fit the unused status line in the first read will skip this
line from the output.
So 'dd if=/proc/mdstat bs=64 2>/dev/null' will not print something
like: unused devices: <none>
Don't return NULL immediately in start() for v=2 but call
show() once to print the status line also for multiple reads.
Cc: stable@vger.kernel.org
Fixes: 1f4aace60b0e ("fs/seq_file.c: simplify seq_file iteration code and interface")
Signed-off-by: Jan Glauber <jglauber@digitalocean.com>
Signed-off-by: Song Liu <songliubraving@fb.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/md/md.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
--- a/drivers/md/md.c
+++ b/drivers/md/md.c
@@ -7814,7 +7814,11 @@ static void *md_seq_start(struct seq_fil
loff_t l = *pos;
struct mddev *mddev;
- if (l >= 0x10000)
+ if (l == 0x10000) {
+ ++*pos;
+ return (void *)2;
+ }
+ if (l > 0x10000)
return NULL;
if (!l--)
/* header */
^ permalink raw reply [flat|nested] 440+ messages in thread
* [PATCH 4.19 145/425] ipw2x00: potential buffer overflow in libipw_wx_set_encodeext()
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (143 preceding siblings ...)
2021-05-20 9:18 ` [PATCH 4.19 144/425] md: Fix missing unused status line of /proc/mdstat Greg Kroah-Hartman
@ 2021-05-20 9:18 ` Greg Kroah-Hartman
2021-05-20 9:18 ` [PATCH 4.19 146/425] cfg80211: scan: drop entry from hidden_list on overflow Greg Kroah-Hartman
` (286 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:18 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dan Carpenter, Stanislav Yakovlev,
Kalle Valo
From: Dan Carpenter <dan.carpenter@oracle.com>
commit 260a9ad9446723d4063ed802989758852809714d upstream.
The "ext->key_len" is a u16 that comes from the user. If it's over
SCM_KEY_LEN (32) that could lead to memory corruption.
Fixes: e0d369d1d969 ("[PATCH] ieee82011: Added WE-18 support to default wireless extension handler")
Cc: stable@vger.kernel.org
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Acked-by: Stanislav Yakovlev <stas.yakovlev@gmail.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/YHaoA1i+8uT4ir4h@mwanda
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/wireless/intel/ipw2x00/libipw_wx.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
--- a/drivers/net/wireless/intel/ipw2x00/libipw_wx.c
+++ b/drivers/net/wireless/intel/ipw2x00/libipw_wx.c
@@ -647,8 +647,10 @@ int libipw_wx_set_encodeext(struct libip
}
if (ext->alg != IW_ENCODE_ALG_NONE) {
- memcpy(sec.keys[idx], ext->key, ext->key_len);
- sec.key_sizes[idx] = ext->key_len;
+ int key_len = clamp_val(ext->key_len, 0, SCM_KEY_LEN);
+
+ memcpy(sec.keys[idx], ext->key, key_len);
+ sec.key_sizes[idx] = key_len;
sec.flags |= (1 << idx);
if (ext->alg == IW_ENCODE_ALG_WEP) {
sec.encode_alg[idx] = SEC_ALG_WEP;
^ permalink raw reply [flat|nested] 440+ messages in thread
* [PATCH 4.19 146/425] cfg80211: scan: drop entry from hidden_list on overflow
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (144 preceding siblings ...)
2021-05-20 9:18 ` [PATCH 4.19 145/425] ipw2x00: potential buffer overflow in libipw_wx_set_encodeext() Greg Kroah-Hartman
@ 2021-05-20 9:18 ` Greg Kroah-Hartman
2021-05-20 9:18 ` [PATCH 4.19 147/425] drm/radeon: fix copy of uninitialized variable back to userspace Greg Kroah-Hartman
` (285 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:18 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Dan Carpenter, Johannes Berg
From: Johannes Berg <johannes.berg@intel.com>
commit 010bfbe768f7ecc876ffba92db30432de4997e2a upstream.
If we overflow the maximum number of BSS entries and free the
new entry, drop it from any hidden_list that it may have been
added to in the code above or in cfg80211_combine_bsses().
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Link: https://lore.kernel.org/r/20210416094212.5de7d1676ad7.Ied283b0bc5f504845e7d6ab90626bdfa68bb3dc0@changeid
Cc: stable@vger.kernel.org
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/wireless/scan.c | 2 ++
1 file changed, 2 insertions(+)
--- a/net/wireless/scan.c
+++ b/net/wireless/scan.c
@@ -1036,6 +1036,8 @@ cfg80211_bss_update(struct cfg80211_regi
if (rdev->bss_entries >= bss_entries_limit &&
!cfg80211_bss_expire_oldest(rdev)) {
+ if (!list_empty(&new->hidden_list))
+ list_del(&new->hidden_list);
kfree(new);
goto drop;
}
^ permalink raw reply [flat|nested] 440+ messages in thread
* [PATCH 4.19 147/425] drm/radeon: fix copy of uninitialized variable back to userspace
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (145 preceding siblings ...)
2021-05-20 9:18 ` [PATCH 4.19 146/425] cfg80211: scan: drop entry from hidden_list on overflow Greg Kroah-Hartman
@ 2021-05-20 9:18 ` Greg Kroah-Hartman
2021-05-20 9:18 ` [PATCH 4.19 148/425] ALSA: hda/realtek: Re-order ALC882 Acer quirk table entries Greg Kroah-Hartman
` (284 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:18 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Christian König, Colin Ian King,
Alex Deucher
From: Colin Ian King <colin.king@canonical.com>
commit 8dbc2ccac5a65c5b57e3070e36a3dc97c7970d96 upstream.
Currently the ioctl command RADEON_INFO_SI_BACKEND_ENABLED_MASK can
copy back uninitialised data in value_tmp that pointer *value points
to. This can occur when rdev->family is less than CHIP_BONAIRE and
less than CHIP_TAHITI. Fix this by adding in a missing -EINVAL
so that no invalid value is copied back to userspace.
Addresses-Coverity: ("Uninitialized scalar variable)
Cc: stable@vger.kernel.org # 3.13+
Fixes: 439a1cfffe2c ("drm/radeon: expose render backend mask to the userspace")
Reviewed-by: Christian König <christian.koenig@amd.com>
Signed-off-by: Colin Ian King <colin.king@canonical.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/radeon/radeon_kms.c | 1 +
1 file changed, 1 insertion(+)
--- a/drivers/gpu/drm/radeon/radeon_kms.c
+++ b/drivers/gpu/drm/radeon/radeon_kms.c
@@ -501,6 +501,7 @@ static int radeon_info_ioctl(struct drm_
*value = rdev->config.si.backend_enable_mask;
} else {
DRM_DEBUG_KMS("BACKEND_ENABLED_MASK is si+ only!\n");
+ return -EINVAL;
}
break;
case RADEON_INFO_MAX_SCLK:
^ permalink raw reply [flat|nested] 440+ messages in thread
* [PATCH 4.19 148/425] ALSA: hda/realtek: Re-order ALC882 Acer quirk table entries
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (146 preceding siblings ...)
2021-05-20 9:18 ` [PATCH 4.19 147/425] drm/radeon: fix copy of uninitialized variable back to userspace Greg Kroah-Hartman
@ 2021-05-20 9:18 ` Greg Kroah-Hartman
2021-05-20 9:18 ` [PATCH 4.19 149/425] ALSA: hda/realtek: Re-order ALC882 Sony " Greg Kroah-Hartman
` (283 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:18 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Takashi Iwai
From: Takashi Iwai <tiwai@suse.de>
commit b265047ac56bad8c4f3d0c8bf9cb4e828ee0d28e upstream.
Just re-order the alc882_fixup_tbl[] entries for Acer devices for
avoiding the oversight of the duplicated or unapplied item in future.
No functional changes.
Also Cc-to-stable for the further patch applications.
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20210428112704.23967-2-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
sound/pci/hda/patch_realtek.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
--- a/sound/pci/hda/patch_realtek.c
+++ b/sound/pci/hda/patch_realtek.c
@@ -2445,13 +2445,13 @@ static const struct snd_pci_quirk alc882
ALC882_FIXUP_ACER_ASPIRE_8930G),
SND_PCI_QUIRK(0x1025, 0x0146, "Acer Aspire 6935G",
ALC882_FIXUP_ACER_ASPIRE_8930G),
+ SND_PCI_QUIRK(0x1025, 0x0142, "Acer Aspire 7730G",
+ ALC882_FIXUP_ACER_ASPIRE_4930G),
+ SND_PCI_QUIRK(0x1025, 0x0155, "Packard-Bell M5120", ALC882_FIXUP_PB_M5210),
SND_PCI_QUIRK(0x1025, 0x015e, "Acer Aspire 6930G",
ALC882_FIXUP_ACER_ASPIRE_4930G),
SND_PCI_QUIRK(0x1025, 0x0166, "Acer Aspire 6530G",
ALC882_FIXUP_ACER_ASPIRE_4930G),
- SND_PCI_QUIRK(0x1025, 0x0142, "Acer Aspire 7730G",
- ALC882_FIXUP_ACER_ASPIRE_4930G),
- SND_PCI_QUIRK(0x1025, 0x0155, "Packard-Bell M5120", ALC882_FIXUP_PB_M5210),
SND_PCI_QUIRK(0x1025, 0x021e, "Acer Aspire 5739G",
ALC882_FIXUP_ACER_ASPIRE_4930G),
SND_PCI_QUIRK(0x1025, 0x0259, "Acer Aspire 5935", ALC889_FIXUP_DAC_ROUTE),
^ permalink raw reply [flat|nested] 440+ messages in thread
* [PATCH 4.19 149/425] ALSA: hda/realtek: Re-order ALC882 Sony quirk table entries
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (147 preceding siblings ...)
2021-05-20 9:18 ` [PATCH 4.19 148/425] ALSA: hda/realtek: Re-order ALC882 Acer quirk table entries Greg Kroah-Hartman
@ 2021-05-20 9:18 ` Greg Kroah-Hartman
2021-05-20 9:18 ` [PATCH 4.19 150/425] ALSA: hda/realtek: Re-order ALC882 Clevo " Greg Kroah-Hartman
` (282 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:18 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Takashi Iwai
From: Takashi Iwai <tiwai@suse.de>
commit b7529c18feecb1af92f9db08c8e7fe446a82d96d upstream.
Just re-order the alc882_fixup_tbl[] entries for Sony devices for
avoiding the oversight of the duplicated or unapplied item in future.
No functional changes.
Also Cc-to-stable for the further patch applications.
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20210428112704.23967-3-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
sound/pci/hda/patch_realtek.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/sound/pci/hda/patch_realtek.c
+++ b/sound/pci/hda/patch_realtek.c
@@ -2464,11 +2464,11 @@ static const struct snd_pci_quirk alc882
SND_PCI_QUIRK(0x1043, 0x835f, "Asus Eee 1601", ALC888_FIXUP_EEE1601),
SND_PCI_QUIRK(0x1043, 0x84bc, "ASUS ET2700", ALC887_FIXUP_ASUS_BASS),
SND_PCI_QUIRK(0x1043, 0x8691, "ASUS ROG Ranger VIII", ALC882_FIXUP_GPIO3),
+ SND_PCI_QUIRK(0x104d, 0x9043, "Sony Vaio VGC-LN51JGB", ALC882_FIXUP_NO_PRIMARY_HP),
+ SND_PCI_QUIRK(0x104d, 0x9044, "Sony VAIO AiO", ALC882_FIXUP_NO_PRIMARY_HP),
SND_PCI_QUIRK(0x104d, 0x9047, "Sony Vaio TT", ALC889_FIXUP_VAIO_TT),
SND_PCI_QUIRK(0x104d, 0x905a, "Sony Vaio Z", ALC882_FIXUP_NO_PRIMARY_HP),
SND_PCI_QUIRK(0x104d, 0x9060, "Sony Vaio VPCL14M1R", ALC882_FIXUP_NO_PRIMARY_HP),
- SND_PCI_QUIRK(0x104d, 0x9043, "Sony Vaio VGC-LN51JGB", ALC882_FIXUP_NO_PRIMARY_HP),
- SND_PCI_QUIRK(0x104d, 0x9044, "Sony VAIO AiO", ALC882_FIXUP_NO_PRIMARY_HP),
/* All Apple entries are in codec SSIDs */
SND_PCI_QUIRK(0x106b, 0x00a0, "MacBookPro 3,1", ALC889_FIXUP_MBP_VREF),
^ permalink raw reply [flat|nested] 440+ messages in thread
* [PATCH 4.19 150/425] ALSA: hda/realtek: Re-order ALC882 Clevo quirk table entries
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (148 preceding siblings ...)
2021-05-20 9:18 ` [PATCH 4.19 149/425] ALSA: hda/realtek: Re-order ALC882 Sony " Greg Kroah-Hartman
@ 2021-05-20 9:18 ` Greg Kroah-Hartman
2021-05-20 9:18 ` [PATCH 4.19 151/425] ALSA: hda/realtek: Re-order ALC269 HP " Greg Kroah-Hartman
` (281 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:18 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Takashi Iwai
From: Takashi Iwai <tiwai@suse.de>
commit 13e1a4cd490b959a4c72c9f4fb502ef56b190062 upstream.
Just re-order the alc882_fixup_tbl[] entries for Clevo devices for
avoiding the oversight of the duplicated or unapplied item in future.
No functional changes.
Also, user lower hex letters in the entry.
Also Cc-to-stable for the further patch applications.
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20210428112704.23967-4-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
sound/pci/hda/patch_realtek.c | 22 +++++++++++-----------
1 file changed, 11 insertions(+), 11 deletions(-)
--- a/sound/pci/hda/patch_realtek.c
+++ b/sound/pci/hda/patch_realtek.c
@@ -2511,9 +2511,19 @@ static const struct snd_pci_quirk alc882
SND_PCI_QUIRK(0x1462, 0xda57, "MSI Z270-Gaming", ALC1220_FIXUP_GB_DUAL_CODECS),
SND_PCI_QUIRK_VENDOR(0x1462, "MSI", ALC882_FIXUP_GPIO3),
SND_PCI_QUIRK(0x147b, 0x107a, "Abit AW9D-MAX", ALC882_FIXUP_ABIT_AW9D_MAX),
+ SND_PCI_QUIRK(0x1558, 0x50d3, "Clevo PC50[ER][CDF]", ALC1220_FIXUP_CLEVO_PB51ED_PINS),
+ SND_PCI_QUIRK(0x1558, 0x65d1, "Clevo PB51[ER][CDF]", ALC1220_FIXUP_CLEVO_PB51ED_PINS),
+ SND_PCI_QUIRK(0x1558, 0x65d2, "Clevo PB51R[CDF]", ALC1220_FIXUP_CLEVO_PB51ED_PINS),
+ SND_PCI_QUIRK(0x1558, 0x65e1, "Clevo PB51[ED][DF]", ALC1220_FIXUP_CLEVO_PB51ED_PINS),
+ SND_PCI_QUIRK(0x1558, 0x65e5, "Clevo PC50D[PRS](?:-D|-G)?", ALC1220_FIXUP_CLEVO_PB51ED_PINS),
+ SND_PCI_QUIRK(0x1558, 0x67d1, "Clevo PB71[ER][CDF]", ALC1220_FIXUP_CLEVO_PB51ED_PINS),
+ SND_PCI_QUIRK(0x1558, 0x67e1, "Clevo PB71[DE][CDF]", ALC1220_FIXUP_CLEVO_PB51ED_PINS),
+ SND_PCI_QUIRK(0x1558, 0x67e5, "Clevo PC70D[PRS](?:-D|-G)?", ALC1220_FIXUP_CLEVO_PB51ED_PINS),
+ SND_PCI_QUIRK(0x1558, 0x70d1, "Clevo PC70[ER][CDF]", ALC1220_FIXUP_CLEVO_PB51ED_PINS),
+ SND_PCI_QUIRK(0x1558, 0x7714, "Clevo X170", ALC1220_FIXUP_CLEVO_PB51ED_PINS),
SND_PCI_QUIRK(0x1558, 0x9501, "Clevo P950HR", ALC1220_FIXUP_CLEVO_P950),
SND_PCI_QUIRK(0x1558, 0x9506, "Clevo P955HQ", ALC1220_FIXUP_CLEVO_P950),
- SND_PCI_QUIRK(0x1558, 0x950A, "Clevo P955H[PR]", ALC1220_FIXUP_CLEVO_P950),
+ SND_PCI_QUIRK(0x1558, 0x950a, "Clevo P955H[PR]", ALC1220_FIXUP_CLEVO_P950),
SND_PCI_QUIRK(0x1558, 0x95e1, "Clevo P95xER", ALC1220_FIXUP_CLEVO_P950),
SND_PCI_QUIRK(0x1558, 0x95e2, "Clevo P950ER", ALC1220_FIXUP_CLEVO_P950),
SND_PCI_QUIRK(0x1558, 0x95e3, "Clevo P955[ER]T", ALC1220_FIXUP_CLEVO_P950),
@@ -2523,16 +2533,6 @@ static const struct snd_pci_quirk alc882
SND_PCI_QUIRK(0x1558, 0x96e1, "Clevo P960[ER][CDFN]-K", ALC1220_FIXUP_CLEVO_P950),
SND_PCI_QUIRK(0x1558, 0x97e1, "Clevo P970[ER][CDFN]", ALC1220_FIXUP_CLEVO_P950),
SND_PCI_QUIRK(0x1558, 0x97e2, "Clevo P970RC-M", ALC1220_FIXUP_CLEVO_P950),
- SND_PCI_QUIRK(0x1558, 0x50d3, "Clevo PC50[ER][CDF]", ALC1220_FIXUP_CLEVO_PB51ED_PINS),
- SND_PCI_QUIRK(0x1558, 0x65d1, "Clevo PB51[ER][CDF]", ALC1220_FIXUP_CLEVO_PB51ED_PINS),
- SND_PCI_QUIRK(0x1558, 0x65d2, "Clevo PB51R[CDF]", ALC1220_FIXUP_CLEVO_PB51ED_PINS),
- SND_PCI_QUIRK(0x1558, 0x65e1, "Clevo PB51[ED][DF]", ALC1220_FIXUP_CLEVO_PB51ED_PINS),
- SND_PCI_QUIRK(0x1558, 0x65e5, "Clevo PC50D[PRS](?:-D|-G)?", ALC1220_FIXUP_CLEVO_PB51ED_PINS),
- SND_PCI_QUIRK(0x1558, 0x67d1, "Clevo PB71[ER][CDF]", ALC1220_FIXUP_CLEVO_PB51ED_PINS),
- SND_PCI_QUIRK(0x1558, 0x67e1, "Clevo PB71[DE][CDF]", ALC1220_FIXUP_CLEVO_PB51ED_PINS),
- SND_PCI_QUIRK(0x1558, 0x67e5, "Clevo PC70D[PRS](?:-D|-G)?", ALC1220_FIXUP_CLEVO_PB51ED_PINS),
- SND_PCI_QUIRK(0x1558, 0x70d1, "Clevo PC70[ER][CDF]", ALC1220_FIXUP_CLEVO_PB51ED_PINS),
- SND_PCI_QUIRK(0x1558, 0x7714, "Clevo X170", ALC1220_FIXUP_CLEVO_PB51ED_PINS),
SND_PCI_QUIRK_VENDOR(0x1558, "Clevo laptop", ALC882_FIXUP_EAPD),
SND_PCI_QUIRK(0x161f, 0x2054, "Medion laptop", ALC883_FIXUP_EAPD),
SND_PCI_QUIRK(0x17aa, 0x3a0d, "Lenovo Y530", ALC882_FIXUP_LENOVO_Y530),
^ permalink raw reply [flat|nested] 440+ messages in thread
* [PATCH 4.19 151/425] ALSA: hda/realtek: Re-order ALC269 HP quirk table entries
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (149 preceding siblings ...)
2021-05-20 9:18 ` [PATCH 4.19 150/425] ALSA: hda/realtek: Re-order ALC882 Clevo " Greg Kroah-Hartman
@ 2021-05-20 9:18 ` Greg Kroah-Hartman
2021-05-20 9:18 ` [PATCH 4.19 152/425] ALSA: hda/realtek: Re-order ALC269 Dell " Greg Kroah-Hartman
` (280 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:18 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Takashi Iwai
From: Takashi Iwai <tiwai@suse.de>
commit 45461e3b554c75ddff9703539f3711cc3dfb0422 upstream.
Just re-order the alc269_fixup_tbl[] entries for HP devices for
avoiding the oversight of the duplicated or unapplied item in future.
No functional changes.
Formerly, some entries were grouped for the actual codec, but this
doesn't seem reasonable to keep in that way. So now we simply keep
the PCI SSID order for the whole.
Also Cc-to-stable for the further patch applications.
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20210428112704.23967-5-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
sound/pci/hda/patch_realtek.c | 44 ++++++++++++++++++++----------------------
1 file changed, 21 insertions(+), 23 deletions(-)
--- a/sound/pci/hda/patch_realtek.c
+++ b/sound/pci/hda/patch_realtek.c
@@ -7029,35 +7029,18 @@ static const struct snd_pci_quirk alc269
SND_PCI_QUIRK(0x103c, 0x1586, "HP", ALC269_FIXUP_HP_MUTE_LED_MIC2),
SND_PCI_QUIRK(0x103c, 0x18e6, "HP", ALC269_FIXUP_HP_GPIO_LED),
SND_PCI_QUIRK(0x103c, 0x218b, "HP", ALC269_FIXUP_LIMIT_INT_MIC_BOOST_MUTE_LED),
- SND_PCI_QUIRK(0x103c, 0x225f, "HP", ALC280_FIXUP_HP_GPIO2_MIC_HOTKEY),
- /* ALC282 */
SND_PCI_QUIRK(0x103c, 0x21f9, "HP", ALC269_FIXUP_HP_MUTE_LED_MIC1),
SND_PCI_QUIRK(0x103c, 0x2210, "HP", ALC269_FIXUP_HP_MUTE_LED_MIC1),
SND_PCI_QUIRK(0x103c, 0x2214, "HP", ALC269_FIXUP_HP_MUTE_LED_MIC1),
+ SND_PCI_QUIRK(0x103c, 0x221b, "HP", ALC269_FIXUP_HP_GPIO_MIC1_LED),
+ SND_PCI_QUIRK(0x103c, 0x221c, "HP EliteBook 755 G2", ALC280_FIXUP_HP_HEADSET_MIC),
+ SND_PCI_QUIRK(0x103c, 0x2221, "HP", ALC269_FIXUP_HP_GPIO_MIC1_LED),
+ SND_PCI_QUIRK(0x103c, 0x2225, "HP", ALC269_FIXUP_HP_GPIO_MIC1_LED),
SND_PCI_QUIRK(0x103c, 0x2236, "HP", ALC269_FIXUP_HP_LINE1_MIC1_LED),
SND_PCI_QUIRK(0x103c, 0x2237, "HP", ALC269_FIXUP_HP_LINE1_MIC1_LED),
SND_PCI_QUIRK(0x103c, 0x2238, "HP", ALC269_FIXUP_HP_LINE1_MIC1_LED),
SND_PCI_QUIRK(0x103c, 0x2239, "HP", ALC269_FIXUP_HP_LINE1_MIC1_LED),
SND_PCI_QUIRK(0x103c, 0x224b, "HP", ALC269_FIXUP_HP_LINE1_MIC1_LED),
- SND_PCI_QUIRK(0x103c, 0x2268, "HP", ALC269_FIXUP_HP_MUTE_LED_MIC1),
- SND_PCI_QUIRK(0x103c, 0x226a, "HP", ALC269_FIXUP_HP_MUTE_LED_MIC1),
- SND_PCI_QUIRK(0x103c, 0x226b, "HP", ALC269_FIXUP_HP_MUTE_LED_MIC1),
- SND_PCI_QUIRK(0x103c, 0x226e, "HP", ALC269_FIXUP_HP_MUTE_LED_MIC1),
- SND_PCI_QUIRK(0x103c, 0x2271, "HP", ALC286_FIXUP_HP_GPIO_LED),
- SND_PCI_QUIRK(0x103c, 0x2272, "HP", ALC280_FIXUP_HP_DOCK_PINS),
- SND_PCI_QUIRK(0x103c, 0x2273, "HP", ALC280_FIXUP_HP_DOCK_PINS),
- SND_PCI_QUIRK(0x103c, 0x229e, "HP", ALC269_FIXUP_HP_MUTE_LED_MIC1),
- SND_PCI_QUIRK(0x103c, 0x22b2, "HP", ALC269_FIXUP_HP_MUTE_LED_MIC1),
- SND_PCI_QUIRK(0x103c, 0x22b7, "HP", ALC269_FIXUP_HP_MUTE_LED_MIC1),
- SND_PCI_QUIRK(0x103c, 0x22bf, "HP", ALC269_FIXUP_HP_MUTE_LED_MIC1),
- SND_PCI_QUIRK(0x103c, 0x22cf, "HP", ALC269_FIXUP_HP_MUTE_LED_MIC1),
- SND_PCI_QUIRK(0x103c, 0x22db, "HP", ALC280_FIXUP_HP_9480M),
- SND_PCI_QUIRK(0x103c, 0x22dc, "HP", ALC269_FIXUP_HP_GPIO_MIC1_LED),
- SND_PCI_QUIRK(0x103c, 0x22fb, "HP", ALC269_FIXUP_HP_GPIO_MIC1_LED),
- /* ALC290 */
- SND_PCI_QUIRK(0x103c, 0x221b, "HP", ALC269_FIXUP_HP_GPIO_MIC1_LED),
- SND_PCI_QUIRK(0x103c, 0x2221, "HP", ALC269_FIXUP_HP_GPIO_MIC1_LED),
- SND_PCI_QUIRK(0x103c, 0x2225, "HP", ALC269_FIXUP_HP_GPIO_MIC1_LED),
SND_PCI_QUIRK(0x103c, 0x2253, "HP", ALC269_FIXUP_HP_GPIO_MIC1_LED),
SND_PCI_QUIRK(0x103c, 0x2254, "HP", ALC269_FIXUP_HP_GPIO_MIC1_LED),
SND_PCI_QUIRK(0x103c, 0x2255, "HP", ALC269_FIXUP_HP_GPIO_MIC1_LED),
@@ -7065,26 +7048,41 @@ static const struct snd_pci_quirk alc269
SND_PCI_QUIRK(0x103c, 0x2257, "HP", ALC269_FIXUP_HP_GPIO_MIC1_LED),
SND_PCI_QUIRK(0x103c, 0x2259, "HP", ALC269_FIXUP_HP_GPIO_MIC1_LED),
SND_PCI_QUIRK(0x103c, 0x225a, "HP", ALC269_FIXUP_HP_DOCK_GPIO_MIC1_LED),
+ SND_PCI_QUIRK(0x103c, 0x225f, "HP", ALC280_FIXUP_HP_GPIO2_MIC_HOTKEY),
SND_PCI_QUIRK(0x103c, 0x2260, "HP", ALC269_FIXUP_HP_MUTE_LED_MIC1),
SND_PCI_QUIRK(0x103c, 0x2263, "HP", ALC269_FIXUP_HP_MUTE_LED_MIC1),
SND_PCI_QUIRK(0x103c, 0x2264, "HP", ALC269_FIXUP_HP_MUTE_LED_MIC1),
SND_PCI_QUIRK(0x103c, 0x2265, "HP", ALC269_FIXUP_HP_MUTE_LED_MIC1),
+ SND_PCI_QUIRK(0x103c, 0x2268, "HP", ALC269_FIXUP_HP_MUTE_LED_MIC1),
+ SND_PCI_QUIRK(0x103c, 0x226a, "HP", ALC269_FIXUP_HP_MUTE_LED_MIC1),
+ SND_PCI_QUIRK(0x103c, 0x226b, "HP", ALC269_FIXUP_HP_MUTE_LED_MIC1),
+ SND_PCI_QUIRK(0x103c, 0x226e, "HP", ALC269_FIXUP_HP_MUTE_LED_MIC1),
+ SND_PCI_QUIRK(0x103c, 0x2271, "HP", ALC286_FIXUP_HP_GPIO_LED),
SND_PCI_QUIRK(0x103c, 0x2272, "HP", ALC269_FIXUP_HP_GPIO_MIC1_LED),
+ SND_PCI_QUIRK(0x103c, 0x2272, "HP", ALC280_FIXUP_HP_DOCK_PINS),
SND_PCI_QUIRK(0x103c, 0x2273, "HP", ALC269_FIXUP_HP_GPIO_MIC1_LED),
+ SND_PCI_QUIRK(0x103c, 0x2273, "HP", ALC280_FIXUP_HP_DOCK_PINS),
SND_PCI_QUIRK(0x103c, 0x2278, "HP", ALC269_FIXUP_HP_GPIO_MIC1_LED),
SND_PCI_QUIRK(0x103c, 0x227f, "HP", ALC269_FIXUP_HP_MUTE_LED_MIC1),
SND_PCI_QUIRK(0x103c, 0x2282, "HP", ALC269_FIXUP_HP_MUTE_LED_MIC1),
SND_PCI_QUIRK(0x103c, 0x228b, "HP", ALC269_FIXUP_HP_MUTE_LED_MIC1),
SND_PCI_QUIRK(0x103c, 0x228e, "HP", ALC269_FIXUP_HP_MUTE_LED_MIC1),
+ SND_PCI_QUIRK(0x103c, 0x229e, "HP", ALC269_FIXUP_HP_MUTE_LED_MIC1),
+ SND_PCI_QUIRK(0x103c, 0x22b2, "HP", ALC269_FIXUP_HP_MUTE_LED_MIC1),
+ SND_PCI_QUIRK(0x103c, 0x22b7, "HP", ALC269_FIXUP_HP_MUTE_LED_MIC1),
+ SND_PCI_QUIRK(0x103c, 0x22bf, "HP", ALC269_FIXUP_HP_MUTE_LED_MIC1),
+ SND_PCI_QUIRK(0x103c, 0x22c4, "HP", ALC269_FIXUP_HP_MUTE_LED_MIC1),
SND_PCI_QUIRK(0x103c, 0x22c5, "HP", ALC269_FIXUP_HP_MUTE_LED_MIC1),
SND_PCI_QUIRK(0x103c, 0x22c7, "HP", ALC269_FIXUP_HP_MUTE_LED_MIC1),
SND_PCI_QUIRK(0x103c, 0x22c8, "HP", ALC269_FIXUP_HP_MUTE_LED_MIC1),
- SND_PCI_QUIRK(0x103c, 0x22c4, "HP", ALC269_FIXUP_HP_MUTE_LED_MIC1),
+ SND_PCI_QUIRK(0x103c, 0x22cf, "HP", ALC269_FIXUP_HP_MUTE_LED_MIC1),
+ SND_PCI_QUIRK(0x103c, 0x22db, "HP", ALC280_FIXUP_HP_9480M),
+ SND_PCI_QUIRK(0x103c, 0x22dc, "HP", ALC269_FIXUP_HP_GPIO_MIC1_LED),
+ SND_PCI_QUIRK(0x103c, 0x22fb, "HP", ALC269_FIXUP_HP_GPIO_MIC1_LED),
SND_PCI_QUIRK(0x103c, 0x2334, "HP", ALC269_FIXUP_HP_MUTE_LED_MIC1),
SND_PCI_QUIRK(0x103c, 0x2335, "HP", ALC269_FIXUP_HP_MUTE_LED_MIC1),
SND_PCI_QUIRK(0x103c, 0x2336, "HP", ALC269_FIXUP_HP_MUTE_LED_MIC1),
SND_PCI_QUIRK(0x103c, 0x2337, "HP", ALC269_FIXUP_HP_MUTE_LED_MIC1),
- SND_PCI_QUIRK(0x103c, 0x221c, "HP EliteBook 755 G2", ALC280_FIXUP_HP_HEADSET_MIC),
SND_PCI_QUIRK(0x103c, 0x802e, "HP Z240 SFF", ALC221_FIXUP_HP_MIC_NO_PRESENCE),
SND_PCI_QUIRK(0x103c, 0x802f, "HP Z240", ALC221_FIXUP_HP_MIC_NO_PRESENCE),
SND_PCI_QUIRK(0x103c, 0x820d, "HP Pavilion 15", ALC269_FIXUP_HP_MUTE_LED_MIC3),
^ permalink raw reply [flat|nested] 440+ messages in thread
* [PATCH 4.19 152/425] ALSA: hda/realtek: Re-order ALC269 Dell quirk table entries
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (150 preceding siblings ...)
2021-05-20 9:18 ` [PATCH 4.19 151/425] ALSA: hda/realtek: Re-order ALC269 HP " Greg Kroah-Hartman
@ 2021-05-20 9:18 ` Greg Kroah-Hartman
2021-05-20 9:18 ` [PATCH 4.19 153/425] ALSA: hda/realtek: Re-order ALC269 Sony " Greg Kroah-Hartman
` (279 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:18 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Takashi Iwai
From: Takashi Iwai <tiwai@suse.de>
commit aa143ad39a52d968ac69e426d329bb74f270e6ca upstream.
Just re-order the alc269_fixup_tbl[] entries for Dell devices for
avoiding the oversight of the duplicated or unapplied item in future.
No functional changes.
Also Cc-to-stable for the further patch applications.
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20210428112704.23967-7-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
sound/pci/hda/patch_realtek.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/sound/pci/hda/patch_realtek.c
+++ b/sound/pci/hda/patch_realtek.c
@@ -7009,8 +7009,8 @@ static const struct snd_pci_quirk alc269
SND_PCI_QUIRK(0x1028, 0x0738, "Dell Precision 5820", ALC269_FIXUP_NO_SHUTUP),
SND_PCI_QUIRK(0x1028, 0x075c, "Dell XPS 27 7760", ALC298_FIXUP_SPK_VOLUME),
SND_PCI_QUIRK(0x1028, 0x075d, "Dell AIO", ALC298_FIXUP_SPK_VOLUME),
- SND_PCI_QUIRK(0x1028, 0x07b0, "Dell Precision 7520", ALC295_FIXUP_DISABLE_DAC3),
SND_PCI_QUIRK(0x1028, 0x0798, "Dell Inspiron 17 7000 Gaming", ALC256_FIXUP_DELL_INSPIRON_7559_SUBWOOFER),
+ SND_PCI_QUIRK(0x1028, 0x07b0, "Dell Precision 7520", ALC295_FIXUP_DISABLE_DAC3),
SND_PCI_QUIRK(0x1028, 0x080c, "Dell WYSE", ALC225_FIXUP_DELL_WYSE_MIC_NO_PRESENCE),
SND_PCI_QUIRK(0x1028, 0x084b, "Dell", ALC274_FIXUP_DELL_AIO_LINEOUT_VERB),
SND_PCI_QUIRK(0x1028, 0x084e, "Dell", ALC274_FIXUP_DELL_AIO_LINEOUT_VERB),
@@ -7020,8 +7020,8 @@ static const struct snd_pci_quirk alc269
SND_PCI_QUIRK(0x1028, 0x08ad, "Dell WYSE AIO", ALC225_FIXUP_DELL_WYSE_AIO_MIC_NO_PRESENCE),
SND_PCI_QUIRK(0x1028, 0x08ae, "Dell WYSE NB", ALC225_FIXUP_DELL1_MIC_NO_PRESENCE),
SND_PCI_QUIRK(0x1028, 0x0935, "Dell", ALC274_FIXUP_DELL_AIO_LINEOUT_VERB),
- SND_PCI_QUIRK(0x1028, 0x097e, "Dell Precision", ALC289_FIXUP_DUAL_SPK),
SND_PCI_QUIRK(0x1028, 0x097d, "Dell Precision", ALC289_FIXUP_DUAL_SPK),
+ SND_PCI_QUIRK(0x1028, 0x097e, "Dell Precision", ALC289_FIXUP_DUAL_SPK),
SND_PCI_QUIRK(0x1028, 0x098d, "Dell Precision", ALC233_FIXUP_ASUS_MIC_NO_PRESENCE),
SND_PCI_QUIRK(0x1028, 0x09bf, "Dell Precision", ALC233_FIXUP_ASUS_MIC_NO_PRESENCE),
SND_PCI_QUIRK(0x1028, 0x164a, "Dell", ALC293_FIXUP_DELL1_MIC_NO_PRESENCE),
^ permalink raw reply [flat|nested] 440+ messages in thread
* [PATCH 4.19 153/425] ALSA: hda/realtek: Re-order ALC269 Sony quirk table entries
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (151 preceding siblings ...)
2021-05-20 9:18 ` [PATCH 4.19 152/425] ALSA: hda/realtek: Re-order ALC269 Dell " Greg Kroah-Hartman
@ 2021-05-20 9:18 ` Greg Kroah-Hartman
2021-05-20 9:18 ` [PATCH 4.19 154/425] ALSA: hda/realtek: Re-order ALC269 Lenovo " Greg Kroah-Hartman
` (278 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:18 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Takashi Iwai
From: Takashi Iwai <tiwai@suse.de>
commit cab561f8d4bc9b196ae20c960aa5da89fd786ab5 upstream.
Just re-order the alc269_fixup_tbl[] entries for Sony devices for
avoiding the oversight of the duplicated or unapplied item in future.
No functional changes.
Also Cc-to-stable for the further patch applications.
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20210428112704.23967-9-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
sound/pci/hda/patch_realtek.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/sound/pci/hda/patch_realtek.c
+++ b/sound/pci/hda/patch_realtek.c
@@ -7128,12 +7128,12 @@ static const struct snd_pci_quirk alc269
SND_PCI_QUIRK(0x1043, 0x8398, "ASUS P1005", ALC269_FIXUP_STEREO_DMIC),
SND_PCI_QUIRK(0x1043, 0x83ce, "ASUS P1005", ALC269_FIXUP_STEREO_DMIC),
SND_PCI_QUIRK(0x1043, 0x8516, "ASUS X101CH", ALC269_FIXUP_ASUS_X101),
- SND_PCI_QUIRK(0x104d, 0x90b5, "Sony VAIO Pro 11", ALC286_FIXUP_SONY_MIC_NO_PRESENCE),
- SND_PCI_QUIRK(0x104d, 0x90b6, "Sony VAIO Pro 13", ALC286_FIXUP_SONY_MIC_NO_PRESENCE),
SND_PCI_QUIRK(0x104d, 0x9073, "Sony VAIO", ALC275_FIXUP_SONY_VAIO_GPIO2),
SND_PCI_QUIRK(0x104d, 0x907b, "Sony VAIO", ALC275_FIXUP_SONY_HWEQ),
SND_PCI_QUIRK(0x104d, 0x9084, "Sony VAIO", ALC275_FIXUP_SONY_HWEQ),
SND_PCI_QUIRK(0x104d, 0x9099, "Sony VAIO S13", ALC275_FIXUP_SONY_DISABLE_AAMIX),
+ SND_PCI_QUIRK(0x104d, 0x90b5, "Sony VAIO Pro 11", ALC286_FIXUP_SONY_MIC_NO_PRESENCE),
+ SND_PCI_QUIRK(0x104d, 0x90b6, "Sony VAIO Pro 13", ALC286_FIXUP_SONY_MIC_NO_PRESENCE),
SND_PCI_QUIRK(0x10cf, 0x1475, "Lifebook", ALC269_FIXUP_LIFEBOOK),
SND_PCI_QUIRK(0x10cf, 0x159f, "Lifebook E780", ALC269_FIXUP_LIFEBOOK_NO_HP_TO_LINEOUT),
SND_PCI_QUIRK(0x10cf, 0x15dc, "Lifebook T731", ALC269_FIXUP_LIFEBOOK_HP_PIN),
^ permalink raw reply [flat|nested] 440+ messages in thread
* [PATCH 4.19 154/425] ALSA: hda/realtek: Re-order ALC269 Lenovo quirk table entries
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (152 preceding siblings ...)
2021-05-20 9:18 ` [PATCH 4.19 153/425] ALSA: hda/realtek: Re-order ALC269 Sony " Greg Kroah-Hartman
@ 2021-05-20 9:18 ` Greg Kroah-Hartman
2021-05-20 9:18 ` [PATCH 4.19 155/425] ALSA: hda/realtek: Remove redundant entry for ALC861 Haier/Uniwill devices Greg Kroah-Hartman
` (277 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:18 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Takashi Iwai
From: Takashi Iwai <tiwai@suse.de>
commit f552ff54c2a700616a02b038e4bf3cbf859f65b7 upstream.
Just re-order the alc269_fixup_tbl[] entries for Lenovo devices for
avoiding the oversight of the duplicated or unapplied item in future.
No functional changes.
Also Cc-to-stable for the further patch applications.
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20210428112704.23967-10-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
sound/pci/hda/patch_realtek.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/sound/pci/hda/patch_realtek.c
+++ b/sound/pci/hda/patch_realtek.c
@@ -7199,9 +7199,9 @@ static const struct snd_pci_quirk alc269
SND_PCI_QUIRK(0x17aa, 0x21b8, "Thinkpad Edge 14", ALC269_FIXUP_SKU_IGNORE),
SND_PCI_QUIRK(0x17aa, 0x21ca, "Thinkpad L412", ALC269_FIXUP_SKU_IGNORE),
SND_PCI_QUIRK(0x17aa, 0x21e9, "Thinkpad Edge 15", ALC269_FIXUP_SKU_IGNORE),
+ SND_PCI_QUIRK(0x17aa, 0x21f3, "Thinkpad T430", ALC269_FIXUP_LENOVO_DOCK),
SND_PCI_QUIRK(0x17aa, 0x21f6, "Thinkpad T530", ALC269_FIXUP_LENOVO_DOCK_LIMIT_BOOST),
SND_PCI_QUIRK(0x17aa, 0x21fa, "Thinkpad X230", ALC269_FIXUP_LENOVO_DOCK),
- SND_PCI_QUIRK(0x17aa, 0x21f3, "Thinkpad T430", ALC269_FIXUP_LENOVO_DOCK),
SND_PCI_QUIRK(0x17aa, 0x21fb, "Thinkpad T430s", ALC269_FIXUP_LENOVO_DOCK),
SND_PCI_QUIRK(0x17aa, 0x2203, "Thinkpad X230 Tablet", ALC269_FIXUP_LENOVO_DOCK),
SND_PCI_QUIRK(0x17aa, 0x2208, "Thinkpad T431s", ALC269_FIXUP_LENOVO_DOCK),
@@ -7243,6 +7243,7 @@ static const struct snd_pci_quirk alc269
SND_PCI_QUIRK(0x17aa, 0x3902, "Lenovo E50-80", ALC269_FIXUP_DMIC_THINKPAD_ACPI),
SND_PCI_QUIRK(0x17aa, 0x3977, "IdeaPad S210", ALC283_FIXUP_INT_MIC),
SND_PCI_QUIRK(0x17aa, 0x3978, "Lenovo B50-70", ALC269_FIXUP_DMIC_THINKPAD_ACPI),
+ SND_PCI_QUIRK(0x17aa, 0x3bf8, "Quanta FL1", ALC269_FIXUP_PCM_44K),
SND_PCI_QUIRK(0x17aa, 0x5013, "Thinkpad", ALC269_FIXUP_LIMIT_INT_MIC_BOOST),
SND_PCI_QUIRK(0x17aa, 0x501a, "Thinkpad", ALC283_FIXUP_INT_MIC),
SND_PCI_QUIRK(0x17aa, 0x501e, "Thinkpad L440", ALC292_FIXUP_TPT440_DOCK),
@@ -7261,7 +7262,6 @@ static const struct snd_pci_quirk alc269
SND_PCI_QUIRK(0x17aa, 0x5109, "Thinkpad", ALC269_FIXUP_LIMIT_INT_MIC_BOOST),
SND_PCI_QUIRK(0x17aa, 0x511e, "Thinkpad", ALC298_FIXUP_TPT470_DOCK),
SND_PCI_QUIRK(0x17aa, 0x511f, "Thinkpad", ALC298_FIXUP_TPT470_DOCK),
- SND_PCI_QUIRK(0x17aa, 0x3bf8, "Quanta FL1", ALC269_FIXUP_PCM_44K),
SND_PCI_QUIRK(0x17aa, 0x9e54, "LENOVO NB", ALC269_FIXUP_LENOVO_EAPD),
SND_PCI_QUIRK(0x19e5, 0x3204, "Huawei MBXP", ALC256_FIXUP_HUAWEI_MBXP_PINS),
SND_PCI_QUIRK(0x1b7d, 0xa831, "Ordissimo EVE2 ", ALC269VB_FIXUP_ORDISSIMO_EVE2), /* Also known as Malata PC-B1303 */
^ permalink raw reply [flat|nested] 440+ messages in thread
* [PATCH 4.19 155/425] ALSA: hda/realtek: Remove redundant entry for ALC861 Haier/Uniwill devices
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (153 preceding siblings ...)
2021-05-20 9:18 ` [PATCH 4.19 154/425] ALSA: hda/realtek: Re-order ALC269 Lenovo " Greg Kroah-Hartman
@ 2021-05-20 9:18 ` Greg Kroah-Hartman
2021-05-20 9:18 ` [PATCH 4.19 156/425] x86/cpu: Initialize MSR_TSC_AUX if RDTSCP *or* RDPID is supported Greg Kroah-Hartman
` (276 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:18 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Takashi Iwai
From: Takashi Iwai <tiwai@suse.de>
commit defce244b01ee12534910a4544e11be5eb927d25 upstream.
The quirk entry for Uniwill ECS M31EI is with the PCI SSID device 0,
which means matching with all. That is, it's essentially equivalent
with SND_PCI_QUIRK_VENDOR(0x1584), which also matches with the
previous entry for Haier W18 applying the very same quirk.
Let's unify them with the single vendor-quirk entry.
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20210428112704.23967-13-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
sound/pci/hda/patch_realtek.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
--- a/sound/pci/hda/patch_realtek.c
+++ b/sound/pci/hda/patch_realtek.c
@@ -8175,8 +8175,7 @@ static const struct snd_pci_quirk alc861
SND_PCI_QUIRK(0x1043, 0x1393, "ASUS A6Rp", ALC861_FIXUP_ASUS_A6RP),
SND_PCI_QUIRK_VENDOR(0x1043, "ASUS laptop", ALC861_FIXUP_AMP_VREF_0F),
SND_PCI_QUIRK(0x1462, 0x7254, "HP DX2200", ALC861_FIXUP_NO_JACK_DETECT),
- SND_PCI_QUIRK(0x1584, 0x2b01, "Haier W18", ALC861_FIXUP_AMP_VREF_0F),
- SND_PCI_QUIRK(0x1584, 0x0000, "Uniwill ECS M31EI", ALC861_FIXUP_AMP_VREF_0F),
+ SND_PCI_QUIRK_VENDOR(0x1584, "Haier/Uniwill", ALC861_FIXUP_AMP_VREF_0F),
SND_PCI_QUIRK(0x1734, 0x10c7, "FSC Amilo Pi1505", ALC861_FIXUP_FSC_AMILO_PI1505),
{}
};
^ permalink raw reply [flat|nested] 440+ messages in thread
* [PATCH 4.19 156/425] x86/cpu: Initialize MSR_TSC_AUX if RDTSCP *or* RDPID is supported
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (154 preceding siblings ...)
2021-05-20 9:18 ` [PATCH 4.19 155/425] ALSA: hda/realtek: Remove redundant entry for ALC861 Haier/Uniwill devices Greg Kroah-Hartman
@ 2021-05-20 9:18 ` Greg Kroah-Hartman
2021-05-20 9:18 ` [PATCH 4.19 157/425] KVM: s390: split kvm_s390_logical_to_effective Greg Kroah-Hartman
` (275 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:18 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Sean Christopherson, Thomas Gleixner
From: Sean Christopherson <seanjc@google.com>
commit b6b4fbd90b155a0025223df2c137af8a701d53b3 upstream.
Initialize MSR_TSC_AUX with CPU node information if RDTSCP or RDPID is
supported. This fixes a bug where vdso_read_cpunode() will read garbage
via RDPID if RDPID is supported but RDTSCP is not. While no known CPU
supports RDPID but not RDTSCP, both Intel's SDM and AMD's APM allow for
RDPID to exist without RDTSCP, e.g. it's technically a legal CPU model
for a virtual machine.
Note, technically MSR_TSC_AUX could be initialized if and only if RDPID
is supported since RDTSCP is currently not used to retrieve the CPU node.
But, the cost of the superfluous WRMSR is negigible, whereas leaving
MSR_TSC_AUX uninitialized is just asking for future breakage if someone
decides to utilize RDTSCP.
Fixes: a582c540ac1b ("x86/vdso: Use RDPID in preference to LSL when available")
Signed-off-by: Sean Christopherson <seanjc@google.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/20210504225632.1532621-2-seanjc@google.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/entry/vdso/vma.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/arch/x86/entry/vdso/vma.c
+++ b/arch/x86/entry/vdso/vma.c
@@ -343,7 +343,7 @@ static void vgetcpu_cpu_init(void *arg)
#ifdef CONFIG_NUMA
node = cpu_to_node(cpu);
#endif
- if (static_cpu_has(X86_FEATURE_RDTSCP))
+ if (boot_cpu_has(X86_FEATURE_RDTSCP) || boot_cpu_has(X86_FEATURE_RDPID))
write_rdtscp_aux((node << 12) | cpu);
/*
^ permalink raw reply [flat|nested] 440+ messages in thread
* [PATCH 4.19 157/425] KVM: s390: split kvm_s390_logical_to_effective
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (155 preceding siblings ...)
2021-05-20 9:18 ` [PATCH 4.19 156/425] x86/cpu: Initialize MSR_TSC_AUX if RDTSCP *or* RDPID is supported Greg Kroah-Hartman
@ 2021-05-20 9:18 ` Greg Kroah-Hartman
2021-05-20 9:18 ` [PATCH 4.19 158/425] KVM: s390: fix guarded storage control register handling Greg Kroah-Hartman
` (274 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:18 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Claudio Imbrenda, Christian Borntraeger
From: Claudio Imbrenda <imbrenda@linux.ibm.com>
commit f85f1baaa18932a041fd2b1c2ca6cfd9898c7d2b upstream.
Split kvm_s390_logical_to_effective to a generic function called
_kvm_s390_logical_to_effective. The new function takes a PSW and an address
and returns the address with the appropriate bits masked off. The old
function now calls the new function with the appropriate PSW from the vCPU.
This is needed to avoid code duplication for vSIE.
Signed-off-by: Claudio Imbrenda <imbrenda@linux.ibm.com>
Reviewed-by: Christian Borntraeger <borntraeger@de.ibm.com>
Cc: stable@vger.kernel.org # for VSIE: correctly handle MVPG when in VSIE
Link: https://lore.kernel.org/r/20210302174443.514363-2-imbrenda@linux.ibm.com
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/s390/kvm/gaccess.h | 31 ++++++++++++++++++++++++-------
1 file changed, 24 insertions(+), 7 deletions(-)
--- a/arch/s390/kvm/gaccess.h
+++ b/arch/s390/kvm/gaccess.h
@@ -37,6 +37,29 @@ static inline unsigned long kvm_s390_rea
}
/**
+ * _kvm_s390_logical_to_effective - convert guest logical to effective address
+ * @psw: psw of the guest
+ * @ga: guest logical address
+ *
+ * Convert a guest logical address to an effective address by applying the
+ * rules of the addressing mode defined by bits 31 and 32 of the given PSW
+ * (extendended/basic addressing mode).
+ *
+ * Depending on the addressing mode, the upper 40 bits (24 bit addressing
+ * mode), 33 bits (31 bit addressing mode) or no bits (64 bit addressing
+ * mode) of @ga will be zeroed and the remaining bits will be returned.
+ */
+static inline unsigned long _kvm_s390_logical_to_effective(psw_t *psw,
+ unsigned long ga)
+{
+ if (psw_bits(*psw).eaba == PSW_BITS_AMODE_64BIT)
+ return ga;
+ if (psw_bits(*psw).eaba == PSW_BITS_AMODE_31BIT)
+ return ga & ((1UL << 31) - 1);
+ return ga & ((1UL << 24) - 1);
+}
+
+/**
* kvm_s390_logical_to_effective - convert guest logical to effective address
* @vcpu: guest virtual cpu
* @ga: guest logical address
@@ -52,13 +75,7 @@ static inline unsigned long kvm_s390_rea
static inline unsigned long kvm_s390_logical_to_effective(struct kvm_vcpu *vcpu,
unsigned long ga)
{
- psw_t *psw = &vcpu->arch.sie_block->gpsw;
-
- if (psw_bits(*psw).eaba == PSW_BITS_AMODE_64BIT)
- return ga;
- if (psw_bits(*psw).eaba == PSW_BITS_AMODE_31BIT)
- return ga & ((1UL << 31) - 1);
- return ga & ((1UL << 24) - 1);
+ return _kvm_s390_logical_to_effective(&vcpu->arch.sie_block->gpsw, ga);
}
/*
^ permalink raw reply [flat|nested] 440+ messages in thread
* [PATCH 4.19 158/425] KVM: s390: fix guarded storage control register handling
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (156 preceding siblings ...)
2021-05-20 9:18 ` [PATCH 4.19 157/425] KVM: s390: split kvm_s390_logical_to_effective Greg Kroah-Hartman
@ 2021-05-20 9:18 ` Greg Kroah-Hartman
2021-05-20 9:18 ` [PATCH 4.19 159/425] KVM: s390: split kvm_s390_real_to_abs Greg Kroah-Hartman
` (273 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:18 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Heiko Carstens,
Christian Borntraeger, David Hildenbrand, Janosch Frank,
Cornelia Huck
From: Heiko Carstens <hca@linux.ibm.com>
commit 44bada28219031f9e8e86b84460606efa57b871e upstream.
store_regs_fmt2() has an ordering problem: first the guarded storage
facility is enabled on the local cpu, then preemption disabled, and
then the STGSC (store guarded storage controls) instruction is
executed.
If the process gets scheduled away between enabling the guarded
storage facility and before preemption is disabled, this might lead to
a special operation exception and therefore kernel crash as soon as
the process is scheduled back and the STGSC instruction is executed.
Fixes: 4e0b1ab72b8a ("KVM: s390: gs support for kvm guests")
Signed-off-by: Heiko Carstens <hca@linux.ibm.com>
Reviewed-by: Christian Borntraeger <borntraeger@de.ibm.com>
Reviewed-by: David Hildenbrand <david@redhat.com>
Reviewed-by: Janosch Frank <frankja@linux.ibm.com>
Reviewed-by: Cornelia Huck <cohuck@redhat.com>
Cc: <stable@vger.kernel.org> # 4.12
Link: https://lore.kernel.org/r/20210415080127.1061275-1-hca@linux.ibm.com
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/s390/kvm/kvm-s390.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/arch/s390/kvm/kvm-s390.c
+++ b/arch/s390/kvm/kvm-s390.c
@@ -3624,16 +3624,16 @@ static void store_regs(struct kvm_vcpu *
current->thread.fpu.fpc = vcpu->arch.host_fpregs.fpc;
current->thread.fpu.regs = vcpu->arch.host_fpregs.regs;
if (MACHINE_HAS_GS) {
+ preempt_disable();
__ctl_set_bit(2, 4);
if (vcpu->arch.gs_enabled)
save_gs_cb(current->thread.gs_cb);
- preempt_disable();
current->thread.gs_cb = vcpu->arch.host_gscb;
restore_gs_cb(vcpu->arch.host_gscb);
- preempt_enable();
if (!vcpu->arch.host_gscb)
__ctl_clear_bit(2, 4);
vcpu->arch.host_gscb = NULL;
+ preempt_enable();
}
/* SIE will save etoken directly into SDNX and therefore kvm_run */
}
^ permalink raw reply [flat|nested] 440+ messages in thread
* [PATCH 4.19 159/425] KVM: s390: split kvm_s390_real_to_abs
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (157 preceding siblings ...)
2021-05-20 9:18 ` [PATCH 4.19 158/425] KVM: s390: fix guarded storage control register handling Greg Kroah-Hartman
@ 2021-05-20 9:18 ` Greg Kroah-Hartman
2021-05-20 9:18 ` [PATCH 4.19 160/425] ovl: fix missing revert_creds() on error path Greg Kroah-Hartman
` (272 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:18 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Claudio Imbrenda, David Hildenbrand,
Thomas Huth, Christian Borntraeger
From: Claudio Imbrenda <imbrenda@linux.ibm.com>
commit c5d1f6b531e68888cbe6718b3f77a60115d58b9c upstream.
A new function _kvm_s390_real_to_abs will apply prefixing to a real address
with a given prefix value.
The old kvm_s390_real_to_abs becomes now a wrapper around the new function.
This is needed to avoid code duplication in vSIE.
Signed-off-by: Claudio Imbrenda <imbrenda@linux.ibm.com>
Reviewed-by: David Hildenbrand <david@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/20210322140559.500716-2-imbrenda@linux.ibm.com
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/s390/kvm/gaccess.h | 23 +++++++++++++++++------
1 file changed, 17 insertions(+), 6 deletions(-)
--- a/arch/s390/kvm/gaccess.h
+++ b/arch/s390/kvm/gaccess.h
@@ -18,17 +18,14 @@
/**
* kvm_s390_real_to_abs - convert guest real address to guest absolute address
- * @vcpu - guest virtual cpu
+ * @prefix - guest prefix
* @gra - guest real address
*
* Returns the guest absolute address that corresponds to the passed guest real
- * address @gra of a virtual guest cpu by applying its prefix.
+ * address @gra of by applying the given prefix.
*/
-static inline unsigned long kvm_s390_real_to_abs(struct kvm_vcpu *vcpu,
- unsigned long gra)
+static inline unsigned long _kvm_s390_real_to_abs(u32 prefix, unsigned long gra)
{
- unsigned long prefix = kvm_s390_get_prefix(vcpu);
-
if (gra < 2 * PAGE_SIZE)
gra += prefix;
else if (gra >= prefix && gra < prefix + 2 * PAGE_SIZE)
@@ -37,6 +34,20 @@ static inline unsigned long kvm_s390_rea
}
/**
+ * kvm_s390_real_to_abs - convert guest real address to guest absolute address
+ * @vcpu - guest virtual cpu
+ * @gra - guest real address
+ *
+ * Returns the guest absolute address that corresponds to the passed guest real
+ * address @gra of a virtual guest cpu by applying its prefix.
+ */
+static inline unsigned long kvm_s390_real_to_abs(struct kvm_vcpu *vcpu,
+ unsigned long gra)
+{
+ return _kvm_s390_real_to_abs(kvm_s390_get_prefix(vcpu), gra);
+}
+
+/**
* _kvm_s390_logical_to_effective - convert guest logical to effective address
* @psw: psw of the guest
* @ga: guest logical address
^ permalink raw reply [flat|nested] 440+ messages in thread
* [PATCH 4.19 160/425] ovl: fix missing revert_creds() on error path
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (158 preceding siblings ...)
2021-05-20 9:18 ` [PATCH 4.19 159/425] KVM: s390: split kvm_s390_real_to_abs Greg Kroah-Hartman
@ 2021-05-20 9:18 ` Greg Kroah-Hartman
2021-05-20 9:18 ` [PATCH 4.19 161/425] usb: gadget: pch_udc: Revert d3cb25a12138 completely Greg Kroah-Hartman
` (271 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:18 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Dan Carpenter, Miklos Szeredi
From: Dan Carpenter <dan.carpenter@oracle.com>
commit 7b279bbfd2b230c7a210ff8f405799c7e46bbf48 upstream.
Smatch complains about missing that the ovl_override_creds() doesn't
have a matching revert_creds() if the dentry is disconnected. Fix this
by moving the ovl_override_creds() until after the disconnected check.
Fixes: aa3ff3c152ff ("ovl: copy up of disconnected dentries")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/overlayfs/copy_up.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/fs/overlayfs/copy_up.c
+++ b/fs/overlayfs/copy_up.c
@@ -824,7 +824,7 @@ static int ovl_copy_up_one(struct dentry
int ovl_copy_up_flags(struct dentry *dentry, int flags)
{
int err = 0;
- const struct cred *old_cred = ovl_override_creds(dentry->d_sb);
+ const struct cred *old_cred;
bool disconnected = (dentry->d_flags & DCACHE_DISCONNECTED);
/*
@@ -835,6 +835,7 @@ int ovl_copy_up_flags(struct dentry *den
if (WARN_ON(disconnected && d_is_dir(dentry)))
return -EIO;
+ old_cred = ovl_override_creds(dentry->d_sb);
while (!err) {
struct dentry *next;
struct dentry *parent = NULL;
^ permalink raw reply [flat|nested] 440+ messages in thread
* [PATCH 4.19 161/425] usb: gadget: pch_udc: Revert d3cb25a12138 completely
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (159 preceding siblings ...)
2021-05-20 9:18 ` [PATCH 4.19 160/425] ovl: fix missing revert_creds() on error path Greg Kroah-Hartman
@ 2021-05-20 9:18 ` Greg Kroah-Hartman
2021-05-20 9:18 ` [PATCH 4.19 162/425] memory: gpmc: fix out of bounds read and dereference on gpmc_cs[] Greg Kroah-Hartman
` (270 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:18 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Iago Abal, Andy Shevchenko
From: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
commit 50a318cc9b54a36f00beadf77e578a50f3620477 upstream.
The commit d3cb25a12138 ("usb: gadget: udc: fix spin_lock in pch_udc")
obviously was not thought through and had made the situation even worse
than it was before. Two changes after almost reverted it. but a few
leftovers have been left as it. With this revert d3cb25a12138 completely.
While at it, narrow down the scope of unlocked section to prevent
potential race when prot_stall is assigned.
Fixes: d3cb25a12138 ("usb: gadget: udc: fix spin_lock in pch_udc")
Fixes: 9903b6bedd38 ("usb: gadget: pch-udc: fix lock")
Fixes: 1d23d16a88e6 ("usb: gadget: pch_udc: reorder spin_[un]lock to avoid deadlock")
Cc: Iago Abal <mail@iagoabal.eu>
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Link: https://lore.kernel.org/r/20210323153626.54908-5-andriy.shevchenko@linux.intel.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/gadget/udc/pch_udc.c | 17 +++++++++++++----
1 file changed, 13 insertions(+), 4 deletions(-)
--- a/drivers/usb/gadget/udc/pch_udc.c
+++ b/drivers/usb/gadget/udc/pch_udc.c
@@ -600,18 +600,22 @@ static void pch_udc_reconnect(struct pch
static inline void pch_udc_vbus_session(struct pch_udc_dev *dev,
int is_active)
{
+ unsigned long iflags;
+
+ spin_lock_irqsave(&dev->lock, iflags);
if (is_active) {
pch_udc_reconnect(dev);
dev->vbus_session = 1;
} else {
if (dev->driver && dev->driver->disconnect) {
- spin_lock(&dev->lock);
+ spin_unlock_irqrestore(&dev->lock, iflags);
dev->driver->disconnect(&dev->gadget);
- spin_unlock(&dev->lock);
+ spin_lock_irqsave(&dev->lock, iflags);
}
pch_udc_set_disconnect(dev);
dev->vbus_session = 0;
}
+ spin_unlock_irqrestore(&dev->lock, iflags);
}
/**
@@ -1168,20 +1172,25 @@ static int pch_udc_pcd_selfpowered(struc
static int pch_udc_pcd_pullup(struct usb_gadget *gadget, int is_on)
{
struct pch_udc_dev *dev;
+ unsigned long iflags;
if (!gadget)
return -EINVAL;
+
dev = container_of(gadget, struct pch_udc_dev, gadget);
+
+ spin_lock_irqsave(&dev->lock, iflags);
if (is_on) {
pch_udc_reconnect(dev);
} else {
if (dev->driver && dev->driver->disconnect) {
- spin_lock(&dev->lock);
+ spin_unlock_irqrestore(&dev->lock, iflags);
dev->driver->disconnect(&dev->gadget);
- spin_unlock(&dev->lock);
+ spin_lock_irqsave(&dev->lock, iflags);
}
pch_udc_set_disconnect(dev);
}
+ spin_unlock_irqrestore(&dev->lock, iflags);
return 0;
}
^ permalink raw reply [flat|nested] 440+ messages in thread
* [PATCH 4.19 162/425] memory: gpmc: fix out of bounds read and dereference on gpmc_cs[]
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (160 preceding siblings ...)
2021-05-20 9:18 ` [PATCH 4.19 161/425] usb: gadget: pch_udc: Revert d3cb25a12138 completely Greg Kroah-Hartman
@ 2021-05-20 9:18 ` Greg Kroah-Hartman
2021-05-20 9:18 ` [PATCH 4.19 163/425] ARM: dts: exynos: correct fuel gauge interrupt trigger level on Midas family Greg Kroah-Hartman
` (269 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:18 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Colin Ian King, Tony Lindgren,
Krzysztof Kozlowski, Sasha Levin
From: Colin Ian King <colin.king@canonical.com>
[ Upstream commit e004c3e67b6459c99285b18366a71af467d869f5 ]
Currently the array gpmc_cs is indexed by cs before it cs is range checked
and the pointer read from this out-of-index read is dereferenced. Fix this
by performing the range check on cs before the read and the following
pointer dereference.
Addresses-Coverity: ("Negative array index read")
Fixes: 9ed7a776eb50 ("ARM: OMAP2+: Fix support for multiple devices on a GPMC chip select")
Signed-off-by: Colin Ian King <colin.king@canonical.com>
Reviewed-by: Tony Lindgren <tony@atomide.com>
Link: https://lore.kernel.org/r/20210223193821.17232-1-colin.king@canonical.com
Signed-off-by: Krzysztof Kozlowski <krzk@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/memory/omap-gpmc.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/drivers/memory/omap-gpmc.c b/drivers/memory/omap-gpmc.c
index 2ca507f3a58c..d8f2cacea750 100644
--- a/drivers/memory/omap-gpmc.c
+++ b/drivers/memory/omap-gpmc.c
@@ -1028,8 +1028,8 @@ EXPORT_SYMBOL(gpmc_cs_request);
void gpmc_cs_free(int cs)
{
- struct gpmc_cs_data *gpmc = &gpmc_cs[cs];
- struct resource *res = &gpmc->mem;
+ struct gpmc_cs_data *gpmc;
+ struct resource *res;
spin_lock(&gpmc_mem_lock);
if (cs >= gpmc_cs_num || cs < 0 || !gpmc_cs_reserved(cs)) {
@@ -1038,6 +1038,9 @@ void gpmc_cs_free(int cs)
spin_unlock(&gpmc_mem_lock);
return;
}
+ gpmc = &gpmc_cs[cs];
+ res = &gpmc->mem;
+
gpmc_cs_disable_mem(cs);
if (res->flags)
release_resource(res);
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 163/425] ARM: dts: exynos: correct fuel gauge interrupt trigger level on Midas family
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (161 preceding siblings ...)
2021-05-20 9:18 ` [PATCH 4.19 162/425] memory: gpmc: fix out of bounds read and dereference on gpmc_cs[] Greg Kroah-Hartman
@ 2021-05-20 9:18 ` Greg Kroah-Hartman
2021-05-20 9:18 ` [PATCH 4.19 164/425] ARM: dts: exynos: correct MUIC " Greg Kroah-Hartman
` (268 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:18 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Krzysztof Kozlowski, Sasha Levin
From: Krzysztof Kozlowski <krzk@kernel.org>
[ Upstream commit 8a45f33bd36efbb624198cfa9fdf1f66fd1c3d26 ]
The Maxim fuel gauge datasheets describe the interrupt line as active
low with a requirement of acknowledge from the CPU. The falling edge
interrupt will mostly work but it's not correct.
Fixes: e8614292cd41 ("ARM: dts: Add Maxim 77693 fuel gauge node for exynos4412-trats2")
Signed-off-by: Krzysztof Kozlowski <krzk@kernel.org>
Link: https://lore.kernel.org/r/20201210212534.216197-3-krzk@kernel.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/boot/dts/exynos4412-midas.dtsi | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/arm/boot/dts/exynos4412-midas.dtsi b/arch/arm/boot/dts/exynos4412-midas.dtsi
index c0476c290977..d4bb5f65b9f3 100644
--- a/arch/arm/boot/dts/exynos4412-midas.dtsi
+++ b/arch/arm/boot/dts/exynos4412-midas.dtsi
@@ -187,7 +187,7 @@
max77693-fuel-gauge@36 {
compatible = "maxim,max17047";
interrupt-parent = <&gpx2>;
- interrupts = <3 IRQ_TYPE_EDGE_FALLING>;
+ interrupts = <3 IRQ_TYPE_LEVEL_LOW>;
pinctrl-names = "default";
pinctrl-0 = <&max77693_fuel_irq>;
reg = <0x36>;
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 164/425] ARM: dts: exynos: correct MUIC interrupt trigger level on Midas family
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (162 preceding siblings ...)
2021-05-20 9:18 ` [PATCH 4.19 163/425] ARM: dts: exynos: correct fuel gauge interrupt trigger level on Midas family Greg Kroah-Hartman
@ 2021-05-20 9:18 ` Greg Kroah-Hartman
2021-05-20 9:18 ` [PATCH 4.19 165/425] ARM: dts: exynos: correct PMIC " Greg Kroah-Hartman
` (267 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:18 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Krzysztof Kozlowski, Sasha Levin
From: Krzysztof Kozlowski <krzk@kernel.org>
[ Upstream commit 15107e443ab8c6cb35eff10438993e4bc944d9ae ]
The Maxim MUIC datasheets describe the interrupt line as active low
with a requirement of acknowledge from the CPU. Without specifying the
interrupt type in Devicetree, kernel might apply some fixed
configuration, not necessarily working for this hardware.
Additionally, the interrupt line is shared so using level sensitive
interrupt is here especially important to avoid races.
Fixes: 7eec1266751b ("ARM: dts: Add Maxim 77693 PMIC to exynos4412-trats2")
Signed-off-by: Krzysztof Kozlowski <krzk@kernel.org>
Link: https://lore.kernel.org/r/20201210212534.216197-4-krzk@kernel.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/boot/dts/exynos4412-midas.dtsi | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/arm/boot/dts/exynos4412-midas.dtsi b/arch/arm/boot/dts/exynos4412-midas.dtsi
index d4bb5f65b9f3..c6cc3d2a1121 100644
--- a/arch/arm/boot/dts/exynos4412-midas.dtsi
+++ b/arch/arm/boot/dts/exynos4412-midas.dtsi
@@ -139,7 +139,7 @@
max77693@66 {
compatible = "maxim,max77693";
interrupt-parent = <&gpx1>;
- interrupts = <5 IRQ_TYPE_EDGE_FALLING>;
+ interrupts = <5 IRQ_TYPE_LEVEL_LOW>;
pinctrl-names = "default";
pinctrl-0 = <&max77693_irq>;
reg = <0x66>;
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 165/425] ARM: dts: exynos: correct PMIC interrupt trigger level on Midas family
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (163 preceding siblings ...)
2021-05-20 9:18 ` [PATCH 4.19 164/425] ARM: dts: exynos: correct MUIC " Greg Kroah-Hartman
@ 2021-05-20 9:18 ` Greg Kroah-Hartman
2021-05-20 9:18 ` [PATCH 4.19 166/425] ARM: dts: exynos: correct PMIC interrupt trigger level on Odroid X/U3 family Greg Kroah-Hartman
` (266 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:18 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Krzysztof Kozlowski, Sasha Levin
From: Krzysztof Kozlowski <krzk@kernel.org>
[ Upstream commit e52dcd6e70fab51f53292e53336ecb007bb60889 ]
The Maxim PMIC datasheets describe the interrupt line as active low
with a requirement of acknowledge from the CPU. Without specifying the
interrupt type in Devicetree, kernel might apply some fixed
configuration, not necessarily working for this hardware.
Additionally, the interrupt line is shared so using level sensitive
interrupt is here especially important to avoid races.
Fixes: 15dfdfad2d4a ("ARM: dts: Add basic dts for Exynos4412-based Trats 2 board")
Signed-off-by: Krzysztof Kozlowski <krzk@kernel.org>
Link: https://lore.kernel.org/r/20201210212534.216197-5-krzk@kernel.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/boot/dts/exynos4412-midas.dtsi | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/arm/boot/dts/exynos4412-midas.dtsi b/arch/arm/boot/dts/exynos4412-midas.dtsi
index c6cc3d2a1121..60fbad25b5f2 100644
--- a/arch/arm/boot/dts/exynos4412-midas.dtsi
+++ b/arch/arm/boot/dts/exynos4412-midas.dtsi
@@ -579,7 +579,7 @@
max77686: max77686_pmic@9 {
compatible = "maxim,max77686";
interrupt-parent = <&gpx0>;
- interrupts = <7 IRQ_TYPE_NONE>;
+ interrupts = <7 IRQ_TYPE_LEVEL_LOW>;
pinctrl-0 = <&max77686_irq>;
pinctrl-names = "default";
reg = <0x09>;
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 166/425] ARM: dts: exynos: correct PMIC interrupt trigger level on Odroid X/U3 family
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (164 preceding siblings ...)
2021-05-20 9:18 ` [PATCH 4.19 165/425] ARM: dts: exynos: correct PMIC " Greg Kroah-Hartman
@ 2021-05-20 9:18 ` Greg Kroah-Hartman
2021-05-20 9:18 ` [PATCH 4.19 167/425] ARM: dts: exynos: correct PMIC interrupt trigger level on SMDK5250 Greg Kroah-Hartman
` (265 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:18 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Krzysztof Kozlowski, Sasha Levin
From: Krzysztof Kozlowski <krzk@kernel.org>
[ Upstream commit 6503c568e97a52f8b7a3109718db438e52e59485 ]
The Maxim PMIC datasheets describe the interrupt line as active low
with a requirement of acknowledge from the CPU. Without specifying the
interrupt type in Devicetree, kernel might apply some fixed
configuration, not necessarily working for this hardware.
Additionally, the interrupt line is shared so using level sensitive
interrupt is here especially important to avoid races.
Fixes: eea6653aae7b ("ARM: dts: Enable PMIC interrupts for exynos4412-odroid-common")
Signed-off-by: Krzysztof Kozlowski <krzk@kernel.org>
Link: https://lore.kernel.org/r/20201210212534.216197-6-krzk@kernel.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/boot/dts/exynos4412-odroid-common.dtsi | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/arm/boot/dts/exynos4412-odroid-common.dtsi b/arch/arm/boot/dts/exynos4412-odroid-common.dtsi
index 00820d239753..dbca8eeefae1 100644
--- a/arch/arm/boot/dts/exynos4412-odroid-common.dtsi
+++ b/arch/arm/boot/dts/exynos4412-odroid-common.dtsi
@@ -265,7 +265,7 @@
max77686: pmic@9 {
compatible = "maxim,max77686";
interrupt-parent = <&gpx3>;
- interrupts = <2 IRQ_TYPE_NONE>;
+ interrupts = <2 IRQ_TYPE_LEVEL_LOW>;
pinctrl-names = "default";
pinctrl-0 = <&max77686_irq>;
reg = <0x09>;
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 167/425] ARM: dts: exynos: correct PMIC interrupt trigger level on SMDK5250
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (165 preceding siblings ...)
2021-05-20 9:18 ` [PATCH 4.19 166/425] ARM: dts: exynos: correct PMIC interrupt trigger level on Odroid X/U3 family Greg Kroah-Hartman
@ 2021-05-20 9:18 ` Greg Kroah-Hartman
2021-05-20 9:18 ` [PATCH 4.19 168/425] ARM: dts: exynos: correct PMIC interrupt trigger level on Snow Greg Kroah-Hartman
` (264 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:18 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Krzysztof Kozlowski, Sasha Levin
From: Krzysztof Kozlowski <krzk@kernel.org>
[ Upstream commit f6368c60561370e4a92fac22982a3bd656172170 ]
The Maxim PMIC datasheets describe the interrupt line as active low
with a requirement of acknowledge from the CPU. Without specifying the
interrupt type in Devicetree, kernel might apply some fixed
configuration, not necessarily working for this hardware.
Additionally, the interrupt line is shared so using level sensitive
interrupt is here especially important to avoid races.
Fixes: 47580e8d94c2 ("ARM: dts: Specify MAX77686 pmic interrupt for exynos5250-smdk5250")
Signed-off-by: Krzysztof Kozlowski <krzk@kernel.org>
Link: https://lore.kernel.org/r/20201210212534.216197-8-krzk@kernel.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/boot/dts/exynos5250-smdk5250.dts | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/arm/boot/dts/exynos5250-smdk5250.dts b/arch/arm/boot/dts/exynos5250-smdk5250.dts
index d5e66189ed2a..594b246afbed 100644
--- a/arch/arm/boot/dts/exynos5250-smdk5250.dts
+++ b/arch/arm/boot/dts/exynos5250-smdk5250.dts
@@ -132,7 +132,7 @@
compatible = "maxim,max77686";
reg = <0x09>;
interrupt-parent = <&gpx3>;
- interrupts = <2 IRQ_TYPE_NONE>;
+ interrupts = <2 IRQ_TYPE_LEVEL_LOW>;
pinctrl-names = "default";
pinctrl-0 = <&max77686_irq>;
wakeup-source;
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 168/425] ARM: dts: exynos: correct PMIC interrupt trigger level on Snow
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (166 preceding siblings ...)
2021-05-20 9:18 ` [PATCH 4.19 167/425] ARM: dts: exynos: correct PMIC interrupt trigger level on SMDK5250 Greg Kroah-Hartman
@ 2021-05-20 9:18 ` Greg Kroah-Hartman
2021-05-20 9:18 ` [PATCH 4.19 169/425] serial: stm32: fix incorrect characters on console Greg Kroah-Hartman
` (263 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:18 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Krzysztof Kozlowski, Sasha Levin
From: Krzysztof Kozlowski <krzk@kernel.org>
[ Upstream commit 8987efbb17c2522be8615085df9a14da2ab53d34 ]
The Maxim PMIC datasheets describe the interrupt line as active low
with a requirement of acknowledge from the CPU. Without specifying the
interrupt type in Devicetree, kernel might apply some fixed
configuration, not necessarily working for this hardware.
Additionally, the interrupt line is shared so using level sensitive
interrupt is here especially important to avoid races.
Fixes: c61248afa819 ("ARM: dts: Add max77686 RTC interrupt to cros5250-common")
Signed-off-by: Krzysztof Kozlowski <krzk@kernel.org>
Link: https://lore.kernel.org/r/20201210212534.216197-9-krzk@kernel.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/boot/dts/exynos5250-snow-common.dtsi | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/arm/boot/dts/exynos5250-snow-common.dtsi b/arch/arm/boot/dts/exynos5250-snow-common.dtsi
index fd9226d3b207..3981acb00b5e 100644
--- a/arch/arm/boot/dts/exynos5250-snow-common.dtsi
+++ b/arch/arm/boot/dts/exynos5250-snow-common.dtsi
@@ -292,7 +292,7 @@
max77686: max77686@9 {
compatible = "maxim,max77686";
interrupt-parent = <&gpx3>;
- interrupts = <2 IRQ_TYPE_NONE>;
+ interrupts = <2 IRQ_TYPE_LEVEL_LOW>;
pinctrl-names = "default";
pinctrl-0 = <&max77686_irq>;
wakeup-source;
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 169/425] serial: stm32: fix incorrect characters on console
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (167 preceding siblings ...)
2021-05-20 9:18 ` [PATCH 4.19 168/425] ARM: dts: exynos: correct PMIC interrupt trigger level on Snow Greg Kroah-Hartman
@ 2021-05-20 9:18 ` Greg Kroah-Hartman
2021-05-20 9:18 ` [PATCH 4.19 170/425] serial: stm32: fix tx_empty condition Greg Kroah-Hartman
` (262 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:18 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Erwan Le Ray, Sasha Levin
From: Erwan Le Ray <erwan.leray@foss.st.com>
[ Upstream commit f264c6f6aece81a9f8fbdf912b20bd3feb476a7a ]
Incorrect characters are observed on console during boot. This issue occurs
when init/main.c is modifying termios settings to open /dev/console on the
rootfs.
This patch adds a waiting loop in set_termios to wait for TX shift register
empty (and TX FIFO if any) before stopping serial port.
Fixes: 48a6092fb41f ("serial: stm32-usart: Add STM32 USART Driver")
Signed-off-by: Erwan Le Ray <erwan.leray@foss.st.com>
Link: https://lore.kernel.org/r/20210304162308.8984-4-erwan.leray@foss.st.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/tty/serial/stm32-usart.c | 12 +++++++++++-
1 file changed, 11 insertions(+), 1 deletion(-)
diff --git a/drivers/tty/serial/stm32-usart.c b/drivers/tty/serial/stm32-usart.c
index bce4ac1787ad..09cecd34d13e 100644
--- a/drivers/tty/serial/stm32-usart.c
+++ b/drivers/tty/serial/stm32-usart.c
@@ -637,8 +637,9 @@ static void stm32_set_termios(struct uart_port *port, struct ktermios *termios,
unsigned int baud, bits;
u32 usartdiv, mantissa, fraction, oversampling;
tcflag_t cflag = termios->c_cflag;
- u32 cr1, cr2, cr3;
+ u32 cr1, cr2, cr3, isr;
unsigned long flags;
+ int ret;
if (!stm32_port->hw_flow_control)
cflag &= ~CRTSCTS;
@@ -647,6 +648,15 @@ static void stm32_set_termios(struct uart_port *port, struct ktermios *termios,
spin_lock_irqsave(&port->lock, flags);
+ ret = readl_relaxed_poll_timeout_atomic(port->membase + ofs->isr,
+ isr,
+ (isr & USART_SR_TC),
+ 10, 100000);
+
+ /* Send the TC error message only when ISR_TC is not set. */
+ if (ret)
+ dev_err(port->dev, "Transmission is not complete\n");
+
/* Stop serial port and reset value */
writel_relaxed(0, port->membase + ofs->cr1);
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 170/425] serial: stm32: fix tx_empty condition
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (168 preceding siblings ...)
2021-05-20 9:18 ` [PATCH 4.19 169/425] serial: stm32: fix incorrect characters on console Greg Kroah-Hartman
@ 2021-05-20 9:18 ` Greg Kroah-Hartman
2021-05-20 9:19 ` [PATCH 4.19 171/425] usb: typec: tcpci: Check ROLE_CONTROL while interpreting CC_STATUS Greg Kroah-Hartman
` (261 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:18 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Erwan Le Ray, Sasha Levin
From: Erwan Le Ray <erwan.leray@foss.st.com>
[ Upstream commit 3db1d52466dc11dca4e47ef12a6e6e97f846af62 ]
In "tx_empty", we should poll TC bit in both DMA and PIO modes (instead of
TXE) to check transmission data register has been transmitted independently
of the FIFO mode. TC indicates that both transmit register and shift
register are empty. When shift register is empty, tx_empty should return
TIOCSER_TEMT instead of TC value.
Cleans the USART_CR_TC TCCF register define (transmission complete clear
flag) as it is duplicate of USART_ICR_TCCF.
Fixes: 48a6092fb41f ("serial: stm32-usart: Add STM32 USART Driver")
Signed-off-by: Erwan Le Ray <erwan.leray@foss.st.com>
Link: https://lore.kernel.org/r/20210304162308.8984-13-erwan.leray@foss.st.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/tty/serial/stm32-usart.c | 5 ++++-
drivers/tty/serial/stm32-usart.h | 3 ---
2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/drivers/tty/serial/stm32-usart.c b/drivers/tty/serial/stm32-usart.c
index 09cecd34d13e..50073ead5881 100644
--- a/drivers/tty/serial/stm32-usart.c
+++ b/drivers/tty/serial/stm32-usart.c
@@ -472,7 +472,10 @@ static unsigned int stm32_tx_empty(struct uart_port *port)
struct stm32_port *stm32_port = to_stm32_port(port);
struct stm32_usart_offsets *ofs = &stm32_port->info->ofs;
- return readl_relaxed(port->membase + ofs->isr) & USART_SR_TXE;
+ if (readl_relaxed(port->membase + ofs->isr) & USART_SR_TC)
+ return TIOCSER_TEMT;
+
+ return 0;
}
static void stm32_set_mctrl(struct uart_port *port, unsigned int mctrl)
diff --git a/drivers/tty/serial/stm32-usart.h b/drivers/tty/serial/stm32-usart.h
index 30d2433e27c3..00daee7f83ee 100644
--- a/drivers/tty/serial/stm32-usart.h
+++ b/drivers/tty/serial/stm32-usart.h
@@ -123,9 +123,6 @@ struct stm32_usart_info stm32h7_info = {
/* Dummy bits */
#define USART_SR_DUMMY_RX BIT(16)
-/* USART_ICR (F7) */
-#define USART_CR_TC BIT(6)
-
/* USART_DR */
#define USART_DR_MASK GENMASK(8, 0)
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 171/425] usb: typec: tcpci: Check ROLE_CONTROL while interpreting CC_STATUS
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (169 preceding siblings ...)
2021-05-20 9:18 ` [PATCH 4.19 170/425] serial: stm32: fix tx_empty condition Greg Kroah-Hartman
@ 2021-05-20 9:19 ` Greg Kroah-Hartman
2021-05-20 9:19 ` [PATCH 4.19 172/425] regmap: set debugfs_name to NULL after it is freed Greg Kroah-Hartman
` (260 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:19 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Heikki Krogerus,
Badhri Jagan Sridharan, Sasha Levin
From: Badhri Jagan Sridharan <badhri@google.com>
[ Upstream commit 19c234a14eafca78e0bc14ffb8be3891096ce147 ]
While interpreting CC_STATUS, ROLE_CONTROL has to be read to make
sure that CC1/CC2 is not forced presenting Rp/Rd.
>From the TCPCI spec:
4.4.5.2 ROLE_CONTROL (Normative):
The TCPM shall write B6 (DRP) = 0b and B3..0 (CC1/CC2) if it wishes
to control the Rp/Rd directly instead of having the TCPC perform
DRP toggling autonomously. When controlling Rp/Rd directly, the
TCPM writes to B3..0 (CC1/CC2) each time it wishes to change the
CC1/CC2 values. This control is used for TCPM-TCPC implementing
Source or Sink only as well as when a connection has been detected
via DRP toggling but the TCPM wishes to attempt Try.Src or Try.Snk.
Table 4-22. CC_STATUS Register Definition:
If (ROLE_CONTROL.CC1 = Rd) or ConnectResult=1)
00b: SNK.Open (Below maximum vRa)
01b: SNK.Default (Above minimum vRd-Connect)
10b: SNK.Power1.5 (Above minimum vRd-Connect) Detects Rp-1.5A
11b: SNK.Power3.0 (Above minimum vRd-Connect) Detects Rp-3.0A
If (ROLE_CONTROL.CC2=Rd) or (ConnectResult=1)
00b: SNK.Open (Below maximum vRa)
01b: SNK.Default (Above minimum vRd-Connect)
10b: SNK.Power1.5 (Above minimum vRd-Connect) Detects Rp 1.5A
11b: SNK.Power3.0 (Above minimum vRd-Connect) Detects Rp 3.0A
Fixes: 74e656d6b0551 ("staging: typec: Type-C Port Controller Interface driver (tcpci)")
Acked-by: Heikki Krogerus <heikki.krogerus@linux.intel.com>
Signed-off-by: Badhri Jagan Sridharan <badhri@google.com>
Link: https://lore.kernel.org/r/20210304070931.1947316-1-badhri@google.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/usb/typec/tcpci.c | 21 ++++++++++++++++++---
1 file changed, 18 insertions(+), 3 deletions(-)
diff --git a/drivers/usb/typec/tcpci.c b/drivers/usb/typec/tcpci.c
index dfae41fe1331..2c34add37708 100644
--- a/drivers/usb/typec/tcpci.c
+++ b/drivers/usb/typec/tcpci.c
@@ -20,6 +20,15 @@
#define PD_RETRY_COUNT 3
+#define tcpc_presenting_cc1_rd(reg) \
+ (!(TCPC_ROLE_CTRL_DRP & (reg)) && \
+ (((reg) & (TCPC_ROLE_CTRL_CC1_MASK << TCPC_ROLE_CTRL_CC1_SHIFT)) == \
+ (TCPC_ROLE_CTRL_CC_RD << TCPC_ROLE_CTRL_CC1_SHIFT)))
+#define tcpc_presenting_cc2_rd(reg) \
+ (!(TCPC_ROLE_CTRL_DRP & (reg)) && \
+ (((reg) & (TCPC_ROLE_CTRL_CC2_MASK << TCPC_ROLE_CTRL_CC2_SHIFT)) == \
+ (TCPC_ROLE_CTRL_CC_RD << TCPC_ROLE_CTRL_CC2_SHIFT)))
+
struct tcpci {
struct device *dev;
@@ -168,19 +177,25 @@ static int tcpci_get_cc(struct tcpc_dev *tcpc,
enum typec_cc_status *cc1, enum typec_cc_status *cc2)
{
struct tcpci *tcpci = tcpc_to_tcpci(tcpc);
- unsigned int reg;
+ unsigned int reg, role_control;
int ret;
+ ret = regmap_read(tcpci->regmap, TCPC_ROLE_CTRL, &role_control);
+ if (ret < 0)
+ return ret;
+
ret = regmap_read(tcpci->regmap, TCPC_CC_STATUS, ®);
if (ret < 0)
return ret;
*cc1 = tcpci_to_typec_cc((reg >> TCPC_CC_STATUS_CC1_SHIFT) &
TCPC_CC_STATUS_CC1_MASK,
- reg & TCPC_CC_STATUS_TERM);
+ reg & TCPC_CC_STATUS_TERM ||
+ tcpc_presenting_cc1_rd(role_control));
*cc2 = tcpci_to_typec_cc((reg >> TCPC_CC_STATUS_CC2_SHIFT) &
TCPC_CC_STATUS_CC2_MASK,
- reg & TCPC_CC_STATUS_TERM);
+ reg & TCPC_CC_STATUS_TERM ||
+ tcpc_presenting_cc2_rd(role_control));
return 0;
}
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 172/425] regmap: set debugfs_name to NULL after it is freed
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (170 preceding siblings ...)
2021-05-20 9:19 ` [PATCH 4.19 171/425] usb: typec: tcpci: Check ROLE_CONTROL while interpreting CC_STATUS Greg Kroah-Hartman
@ 2021-05-20 9:19 ` Greg Kroah-Hartman
2021-05-20 9:19 ` [PATCH 4.19 173/425] mtd: rawnand: fsmc: Fix error code in fsmc_nand_probe() Greg Kroah-Hartman
` (259 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:19 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Meng Li, Mark Brown, Sasha Levin
From: Meng Li <Meng.Li@windriver.com>
[ Upstream commit e41a962f82e7afb5b1ee644f48ad0b3aee656268 ]
There is a upstream commit cffa4b2122f5("regmap:debugfs:
Fix a memory leak when calling regmap_attach_dev") that
adds a if condition when create name for debugfs_name.
With below function invoking logical, debugfs_name is
freed in regmap_debugfs_exit(), but it is not created again
because of the if condition introduced by above commit.
regmap_reinit_cache()
regmap_debugfs_exit()
...
regmap_debugfs_init()
So, set debugfs_name to NULL after it is freed.
Fixes: cffa4b2122f5 ("regmap: debugfs: Fix a memory leak when calling regmap_attach_dev")
Signed-off-by: Meng Li <Meng.Li@windriver.com>
Link: https://lore.kernel.org/r/20210226021737.7690-1-Meng.Li@windriver.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/base/regmap/regmap-debugfs.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/base/regmap/regmap-debugfs.c b/drivers/base/regmap/regmap-debugfs.c
index c9e5381a887b..de706734b921 100644
--- a/drivers/base/regmap/regmap-debugfs.c
+++ b/drivers/base/regmap/regmap-debugfs.c
@@ -665,6 +665,7 @@ void regmap_debugfs_exit(struct regmap *map)
regmap_debugfs_free_dump_cache(map);
mutex_unlock(&map->cache_lock);
kfree(map->debugfs_name);
+ map->debugfs_name = NULL;
} else {
struct regmap_debugfs_node *node, *tmp;
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 173/425] mtd: rawnand: fsmc: Fix error code in fsmc_nand_probe()
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (171 preceding siblings ...)
2021-05-20 9:19 ` [PATCH 4.19 172/425] regmap: set debugfs_name to NULL after it is freed Greg Kroah-Hartman
@ 2021-05-20 9:19 ` Greg Kroah-Hartman
2021-05-20 9:19 ` [PATCH 4.19 174/425] mtd: rawnand: brcmnand: fix OOB R/W with Hamming ECC Greg Kroah-Hartman
` (258 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:19 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dan Carpenter, Miquel Raynal, Sasha Levin
From: Dan Carpenter <dan.carpenter@oracle.com>
[ Upstream commit e7a97528e3c787802d8c643d6ab2f428511bb047 ]
If dma_request_channel() fails then the probe fails and it should
return a negative error code, but currently it returns success.
fixes: 4774fb0a48aa ("mtd: nand/fsmc: Add DMA support")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
Link: https://lore.kernel.org/linux-mtd/YCqaOZ83OvPOzLwh@mwanda
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/mtd/nand/raw/fsmc_nand.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/mtd/nand/raw/fsmc_nand.c b/drivers/mtd/nand/raw/fsmc_nand.c
index 25d354e9448e..a31bb1da44ec 100644
--- a/drivers/mtd/nand/raw/fsmc_nand.c
+++ b/drivers/mtd/nand/raw/fsmc_nand.c
@@ -1099,11 +1099,13 @@ static int __init fsmc_nand_probe(struct platform_device *pdev)
host->read_dma_chan = dma_request_channel(mask, filter, NULL);
if (!host->read_dma_chan) {
dev_err(&pdev->dev, "Unable to get read dma channel\n");
+ ret = -ENODEV;
goto disable_clk;
}
host->write_dma_chan = dma_request_channel(mask, filter, NULL);
if (!host->write_dma_chan) {
dev_err(&pdev->dev, "Unable to get write dma channel\n");
+ ret = -ENODEV;
goto release_dma_read_chan;
}
}
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 174/425] mtd: rawnand: brcmnand: fix OOB R/W with Hamming ECC
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (172 preceding siblings ...)
2021-05-20 9:19 ` [PATCH 4.19 173/425] mtd: rawnand: fsmc: Fix error code in fsmc_nand_probe() Greg Kroah-Hartman
@ 2021-05-20 9:19 ` Greg Kroah-Hartman
2021-05-20 9:19 ` [PATCH 4.19 175/425] mtd: Handle possible -EPROBE_DEFER from parse_mtd_partitions() Greg Kroah-Hartman
` (257 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:19 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Álvaro Fernández Rojas,
Brian Norris, Miquel Raynal, Sasha Levin
From: Álvaro Fernández Rojas <noltari@gmail.com>
[ Upstream commit f5200c14242fb8fa4a9b93f7fd4064d237e58785 ]
Hamming ECC doesn't cover the OOB data, so reading or writing OOB shall
always be done without ECC enabled.
This is a problem when adding JFFS2 cleanmarkers to erased blocks. If JFFS2
clenmarkers are added to the OOB with ECC enabled, OOB bytes will be changed
from ff ff ff to 00 00 00, reporting incorrect ECC errors.
Fixes: 27c5b17cd1b1 ("mtd: nand: add NAND driver "library" for Broadcom STB NAND controller")
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
Acked-by: Brian Norris <computersforpeace@gmail.com>
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
Link: https://lore.kernel.org/linux-mtd/20210224080210.23686-1-noltari@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/mtd/nand/raw/brcmnand/brcmnand.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/drivers/mtd/nand/raw/brcmnand/brcmnand.c b/drivers/mtd/nand/raw/brcmnand/brcmnand.c
index aad8d107b85d..774ffa9e23f3 100644
--- a/drivers/mtd/nand/raw/brcmnand/brcmnand.c
+++ b/drivers/mtd/nand/raw/brcmnand/brcmnand.c
@@ -2239,6 +2239,12 @@ static int brcmnand_attach_chip(struct nand_chip *chip)
ret = brcmstb_choose_ecc_layout(host);
+ /* If OOB is written with ECC enabled it will cause ECC errors */
+ if (is_hamming_ecc(host->ctrl, &host->hwcfg)) {
+ chip->ecc.write_oob = brcmnand_write_oob_raw;
+ chip->ecc.read_oob = brcmnand_read_oob_raw;
+ }
+
return ret;
}
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 175/425] mtd: Handle possible -EPROBE_DEFER from parse_mtd_partitions()
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (173 preceding siblings ...)
2021-05-20 9:19 ` [PATCH 4.19 174/425] mtd: rawnand: brcmnand: fix OOB R/W with Hamming ECC Greg Kroah-Hartman
@ 2021-05-20 9:19 ` Greg Kroah-Hartman
2021-05-20 9:19 ` [PATCH 4.19 176/425] mtd: rawnand: qcom: Return actual error code instead of -ENODEV Greg Kroah-Hartman
` (256 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:19 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Manivannan Sadhasivam, Miquel Raynal,
Sasha Levin
From: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
[ Upstream commit 08608adb520e51403be7592c2214846fa440a23a ]
There are chances that the parse_mtd_partitions() function will return
-EPROBE_DEFER in mtd_device_parse_register(). This might happen when
the dependency is not available for the parser. For instance, on SDX55
the MTD_QCOMSMEM_PARTS parser depends on the QCOM_SMEM driver to parse
the partitions defined in the shared memory region. With the current
flow, the error returned from parse_mtd_partitions() will be discarded
in favor of trying to add the fallback partition.
This will prevent the driver to end up in probe deferred pool and the
partitions won't be parsed even after the QCOM_SMEM driver is available.
Fix this issue by bailing out of mtd_device_parse_register() when
-EPROBE_DEFER error is returned from parse_mtd_partitions() function and
propagate the error code to the driver core for probing later.
Fixes: 5ac67ce36cfe ("mtd: move code adding (registering) partitions to the parse_mtd_partitions()")
Signed-off-by: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/mtd/mtdcore.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/mtd/mtdcore.c b/drivers/mtd/mtdcore.c
index 97ac219c082e..a0b1a7814e2e 100644
--- a/drivers/mtd/mtdcore.c
+++ b/drivers/mtd/mtdcore.c
@@ -712,6 +712,9 @@ int mtd_device_parse_register(struct mtd_info *mtd, const char * const *types,
/* Prefer parsed partitions over driver-provided fallback */
ret = parse_mtd_partitions(mtd, types, parser_data);
+ if (ret == -EPROBE_DEFER)
+ goto out;
+
if (ret > 0)
ret = 0;
else if (nr_parts)
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 176/425] mtd: rawnand: qcom: Return actual error code instead of -ENODEV
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (174 preceding siblings ...)
2021-05-20 9:19 ` [PATCH 4.19 175/425] mtd: Handle possible -EPROBE_DEFER from parse_mtd_partitions() Greg Kroah-Hartman
@ 2021-05-20 9:19 ` Greg Kroah-Hartman
2021-05-20 9:19 ` [PATCH 4.19 177/425] x86/microcode: Check for offline CPUs before requesting new microcode Greg Kroah-Hartman
` (255 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:19 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Manivannan Sadhasivam, Miquel Raynal,
Sasha Levin
From: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
[ Upstream commit 55fbb9ba4f06cb6aff32daca1e1910173c13ec51 ]
In qcom_probe_nand_devices() function, the error code returned by
qcom_nand_host_init_and_register() is converted to -ENODEV in the case
of failure. This poses issue if -EPROBE_DEFER is returned when the
dependency is not available for a component like parser.
So let's restructure the error handling logic a bit and return the
actual error code in case of qcom_nand_host_init_and_register() failure.
Fixes: c76b78d8ec05 ("mtd: nand: Qualcomm NAND controller driver")
Signed-off-by: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/mtd/nand/raw/qcom_nandc.c | 7 ++-----
1 file changed, 2 insertions(+), 5 deletions(-)
diff --git a/drivers/mtd/nand/raw/qcom_nandc.c b/drivers/mtd/nand/raw/qcom_nandc.c
index 2726f1824233..148c7a16f318 100644
--- a/drivers/mtd/nand/raw/qcom_nandc.c
+++ b/drivers/mtd/nand/raw/qcom_nandc.c
@@ -2865,7 +2865,7 @@ static int qcom_probe_nand_devices(struct qcom_nand_controller *nandc)
struct device *dev = nandc->dev;
struct device_node *dn = dev->of_node, *child;
struct qcom_nand_host *host;
- int ret;
+ int ret = -ENODEV;
for_each_available_child_of_node(dn, child) {
host = devm_kzalloc(dev, sizeof(*host), GFP_KERNEL);
@@ -2883,10 +2883,7 @@ static int qcom_probe_nand_devices(struct qcom_nand_controller *nandc)
list_add_tail(&host->node, &nandc->host_list);
}
- if (list_empty(&nandc->host_list))
- return -ENODEV;
-
- return 0;
+ return ret;
}
/* parse custom DT properties here */
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 177/425] x86/microcode: Check for offline CPUs before requesting new microcode
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (175 preceding siblings ...)
2021-05-20 9:19 ` [PATCH 4.19 176/425] mtd: rawnand: qcom: Return actual error code instead of -ENODEV Greg Kroah-Hartman
@ 2021-05-20 9:19 ` Greg Kroah-Hartman
2021-05-20 9:19 ` [PATCH 4.19 178/425] usb: gadget: pch_udc: Replace cpu_to_le32() by lower_32_bits() Greg Kroah-Hartman
` (254 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:19 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Otavio Pontes, Borislav Petkov,
Tony Luck, Ashok Raj, Sasha Levin
From: Otavio Pontes <otavio.pontes@intel.com>
[ Upstream commit 7189b3c11903667808029ec9766a6e96de5012a5 ]
Currently, the late microcode loading mechanism checks whether any CPUs
are offlined, and, in such a case, aborts the load attempt.
However, this must be done before the kernel caches new microcode from
the filesystem. Otherwise, when offlined CPUs are onlined later, those
cores are going to be updated through the CPU hotplug notifier callback
with the new microcode, while CPUs previously onine will continue to run
with the older microcode.
For example:
Turn off one core (2 threads):
echo 0 > /sys/devices/system/cpu/cpu3/online
echo 0 > /sys/devices/system/cpu/cpu1/online
Install the ucode fails because a primary SMT thread is offline:
cp intel-ucode/06-8e-09 /lib/firmware/intel-ucode/
echo 1 > /sys/devices/system/cpu/microcode/reload
bash: echo: write error: Invalid argument
Turn the core back on
echo 1 > /sys/devices/system/cpu/cpu3/online
echo 1 > /sys/devices/system/cpu/cpu1/online
cat /proc/cpuinfo |grep microcode
microcode : 0x30
microcode : 0xde
microcode : 0x30
microcode : 0xde
The rationale for why the update is aborted when at least one primary
thread is offline is because even if that thread is soft-offlined
and idle, it will still have to participate in broadcasted MCE's
synchronization dance or enter SMM, and in both examples it will execute
instructions so it better have the same microcode revision as the other
cores.
[ bp: Heavily edit and extend commit message with the reasoning behind all
this. ]
Fixes: 30ec26da9967 ("x86/microcode: Do not upload microcode if CPUs are offline")
Signed-off-by: Otavio Pontes <otavio.pontes@intel.com>
Signed-off-by: Borislav Petkov <bp@suse.de>
Reviewed-by: Tony Luck <tony.luck@intel.com>
Acked-by: Ashok Raj <ashok.raj@intel.com>
Link: https://lkml.kernel.org/r/20210319165515.9240-2-otavio.pontes@intel.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/x86/kernel/cpu/microcode/core.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/arch/x86/kernel/cpu/microcode/core.c b/arch/x86/kernel/cpu/microcode/core.c
index a96091d44a45..eab4de387ce6 100644
--- a/arch/x86/kernel/cpu/microcode/core.c
+++ b/arch/x86/kernel/cpu/microcode/core.c
@@ -627,16 +627,16 @@ static ssize_t reload_store(struct device *dev,
if (val != 1)
return size;
- tmp_ret = microcode_ops->request_microcode_fw(bsp, µcode_pdev->dev, true);
- if (tmp_ret != UCODE_NEW)
- return size;
-
get_online_cpus();
ret = check_online_cpus();
if (ret)
goto put;
+ tmp_ret = microcode_ops->request_microcode_fw(bsp, µcode_pdev->dev, true);
+ if (tmp_ret != UCODE_NEW)
+ goto put;
+
mutex_lock(µcode_mutex);
ret = microcode_reload_late();
mutex_unlock(µcode_mutex);
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 178/425] usb: gadget: pch_udc: Replace cpu_to_le32() by lower_32_bits()
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (176 preceding siblings ...)
2021-05-20 9:19 ` [PATCH 4.19 177/425] x86/microcode: Check for offline CPUs before requesting new microcode Greg Kroah-Hartman
@ 2021-05-20 9:19 ` Greg Kroah-Hartman
2021-05-20 9:19 ` [PATCH 4.19 179/425] usb: gadget: pch_udc: Check if driver is present before calling ->setup() Greg Kroah-Hartman
` (253 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:19 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Andy Shevchenko, Sasha Levin
From: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
[ Upstream commit 91356fed6afd1c83bf0d3df1fc336d54e38f0458 ]
Either way ~0 will be in the correct byte order, hence
replace cpu_to_le32() by lower_32_bits(). Moreover,
it makes sparse happy, otherwise it complains:
.../pch_udc.c:1813:27: warning: incorrect type in assignment (different base types)
.../pch_udc.c:1813:27: expected unsigned int [usertype] dataptr
.../pch_udc.c:1813:27: got restricted __le32 [usertype]
Fixes: f646cf94520e ("USB device driver of Topcliff PCH")
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Link: https://lore.kernel.org/r/20210323153626.54908-1-andriy.shevchenko@linux.intel.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/usb/gadget/udc/pch_udc.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/usb/gadget/udc/pch_udc.c b/drivers/usb/gadget/udc/pch_udc.c
index 8e304e9845d9..527814361c3d 100644
--- a/drivers/usb/gadget/udc/pch_udc.c
+++ b/drivers/usb/gadget/udc/pch_udc.c
@@ -1782,7 +1782,7 @@ static struct usb_request *pch_udc_alloc_request(struct usb_ep *usbep,
}
/* prevent from using desc. - set HOST BUSY */
dma_desc->status |= PCH_UDC_BS_HST_BSY;
- dma_desc->dataptr = cpu_to_le32(DMA_ADDR_INVALID);
+ dma_desc->dataptr = lower_32_bits(DMA_ADDR_INVALID);
req->td_data = dma_desc;
req->td_data_last = dma_desc;
req->chain_len = 1;
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 179/425] usb: gadget: pch_udc: Check if driver is present before calling ->setup()
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (177 preceding siblings ...)
2021-05-20 9:19 ` [PATCH 4.19 178/425] usb: gadget: pch_udc: Replace cpu_to_le32() by lower_32_bits() Greg Kroah-Hartman
@ 2021-05-20 9:19 ` Greg Kroah-Hartman
2021-05-20 9:19 ` [PATCH 4.19 180/425] usb: gadget: pch_udc: Check for DMA mapping error Greg Kroah-Hartman
` (252 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:19 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Andy Shevchenko, Sasha Levin
From: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
[ Upstream commit fbdbbe6d3ee502b3bdeb4f255196bb45003614be ]
Since we have a separate routine for VBUS sense, the interrupt may occur
before gadget driver is present. Hence, ->setup() call may oops the kernel:
[ 55.245843] BUG: kernel NULL pointer dereference, address: 00000010
...
[ 55.245843] EIP: pch_udc_isr.cold+0x162/0x33f
...
[ 55.245843] <IRQ>
[ 55.245843] ? pch_udc_svc_data_out+0x160/0x160
Check if driver is present before calling ->setup().
Fixes: f646cf94520e ("USB device driver of Topcliff PCH")
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Link: https://lore.kernel.org/r/20210323153626.54908-2-andriy.shevchenko@linux.intel.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/usb/gadget/udc/pch_udc.c | 28 ++++++++++++++++++----------
1 file changed, 18 insertions(+), 10 deletions(-)
diff --git a/drivers/usb/gadget/udc/pch_udc.c b/drivers/usb/gadget/udc/pch_udc.c
index 527814361c3d..d87c9217cb57 100644
--- a/drivers/usb/gadget/udc/pch_udc.c
+++ b/drivers/usb/gadget/udc/pch_udc.c
@@ -2325,6 +2325,21 @@ static void pch_udc_svc_data_out(struct pch_udc_dev *dev, int ep_num)
pch_udc_set_dma(dev, DMA_DIR_RX);
}
+static int pch_udc_gadget_setup(struct pch_udc_dev *dev)
+ __must_hold(&dev->lock)
+{
+ int rc;
+
+ /* In some cases we can get an interrupt before driver gets setup */
+ if (!dev->driver)
+ return -ESHUTDOWN;
+
+ spin_unlock(&dev->lock);
+ rc = dev->driver->setup(&dev->gadget, &dev->setup_data);
+ spin_lock(&dev->lock);
+ return rc;
+}
+
/**
* pch_udc_svc_control_in() - Handle Control IN endpoint interrupts
* @dev: Reference to the device structure
@@ -2396,15 +2411,12 @@ static void pch_udc_svc_control_out(struct pch_udc_dev *dev)
dev->gadget.ep0 = &dev->ep[UDC_EP0IN_IDX].ep;
else /* OUT */
dev->gadget.ep0 = &ep->ep;
- spin_lock(&dev->lock);
/* If Mass storage Reset */
if ((dev->setup_data.bRequestType == 0x21) &&
(dev->setup_data.bRequest == 0xFF))
dev->prot_stall = 0;
/* call gadget with setup data received */
- setup_supported = dev->driver->setup(&dev->gadget,
- &dev->setup_data);
- spin_unlock(&dev->lock);
+ setup_supported = pch_udc_gadget_setup(dev);
if (dev->setup_data.bRequestType & USB_DIR_IN) {
ep->td_data->status = (ep->td_data->status &
@@ -2652,9 +2664,7 @@ static void pch_udc_svc_intf_interrupt(struct pch_udc_dev *dev)
dev->ep[i].halted = 0;
}
dev->stall = 0;
- spin_unlock(&dev->lock);
- dev->driver->setup(&dev->gadget, &dev->setup_data);
- spin_lock(&dev->lock);
+ pch_udc_gadget_setup(dev);
}
/**
@@ -2689,9 +2699,7 @@ static void pch_udc_svc_cfg_interrupt(struct pch_udc_dev *dev)
dev->stall = 0;
/* call gadget zero with setup data received */
- spin_unlock(&dev->lock);
- dev->driver->setup(&dev->gadget, &dev->setup_data);
- spin_lock(&dev->lock);
+ pch_udc_gadget_setup(dev);
}
/**
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 180/425] usb: gadget: pch_udc: Check for DMA mapping error
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (178 preceding siblings ...)
2021-05-20 9:19 ` [PATCH 4.19 179/425] usb: gadget: pch_udc: Check if driver is present before calling ->setup() Greg Kroah-Hartman
@ 2021-05-20 9:19 ` Greg Kroah-Hartman
2021-05-20 9:19 ` [PATCH 4.19 181/425] crypto: qat - dont release uninitialized resources Greg Kroah-Hartman
` (251 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:19 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Andy Shevchenko, Sasha Levin
From: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
[ Upstream commit 4a28d77e359009b846951b06f7c0d8eec8dce298 ]
DMA mapping might fail, we have to check it with dma_mapping_error().
Otherwise DMA-API is not happy:
DMA-API: pch_udc 0000:02:02.4: device driver failed to check map error[device address=0x00000000027ee678] [size=64 bytes] [mapped as single]
Fixes: abab0c67c061 ("usb: pch_udc: Fixed issue which does not work with g_serial")
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Link: https://lore.kernel.org/r/20210323153626.54908-3-andriy.shevchenko@linux.intel.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/usb/gadget/udc/pch_udc.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/usb/gadget/udc/pch_udc.c b/drivers/usb/gadget/udc/pch_udc.c
index d87c9217cb57..14e99905cbee 100644
--- a/drivers/usb/gadget/udc/pch_udc.c
+++ b/drivers/usb/gadget/udc/pch_udc.c
@@ -2973,7 +2973,7 @@ static int init_dma_pools(struct pch_udc_dev *dev)
dev->dma_addr = dma_map_single(&dev->pdev->dev, ep0out_buf,
UDC_EP0OUT_BUFF_SIZE * 4,
DMA_FROM_DEVICE);
- return 0;
+ return dma_mapping_error(&dev->pdev->dev, dev->dma_addr);
}
static int pch_udc_start(struct usb_gadget *g,
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 181/425] crypto: qat - dont release uninitialized resources
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (179 preceding siblings ...)
2021-05-20 9:19 ` [PATCH 4.19 180/425] usb: gadget: pch_udc: Check for DMA mapping error Greg Kroah-Hartman
@ 2021-05-20 9:19 ` Greg Kroah-Hartman
2021-05-20 9:19 ` [PATCH 4.19 182/425] crypto: qat - ADF_STATUS_PF_RUNNING should be set after adf_dev_init Greg Kroah-Hartman
` (250 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:19 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Tong Zhang, Andy Shevchenko,
Giovanni Cabiddu, Herbert Xu, Sasha Levin
From: Tong Zhang <ztong0001@gmail.com>
[ Upstream commit b66accaab3791e15ac99c92f236d0d3a6d5bd64e ]
adf_vf_isr_resource_alloc() is not unwinding correctly when error
happens and it want to release uninitialized resources.
To fix this, only release initialized resources.
[ 1.792845] Trying to free already-free IRQ 11
[ 1.793091] WARNING: CPU: 0 PID: 182 at kernel/irq/manage.c:1821 free_irq+0x202/0x380
[ 1.801340] Call Trace:
[ 1.801477] adf_vf_isr_resource_free+0x32/0xb0 [intel_qat]
[ 1.801785] adf_vf_isr_resource_alloc+0x14d/0x150 [intel_qat]
[ 1.802105] adf_dev_init+0xba/0x140 [intel_qat]
Signed-off-by: Tong Zhang <ztong0001@gmail.com>
Reviewed-by: Andy Shevchenko <andy.shevchenko@gmail.com>
Fixes: dd0f368398ea ("crypto: qat - Add qat dh895xcc VF driver")
Acked-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/crypto/qat/qat_common/adf_vf_isr.c | 17 +++++++++++++----
1 file changed, 13 insertions(+), 4 deletions(-)
diff --git a/drivers/crypto/qat/qat_common/adf_vf_isr.c b/drivers/crypto/qat/qat_common/adf_vf_isr.c
index 4a73fc70f7a9..df9a1f35b832 100644
--- a/drivers/crypto/qat/qat_common/adf_vf_isr.c
+++ b/drivers/crypto/qat/qat_common/adf_vf_isr.c
@@ -304,17 +304,26 @@ int adf_vf_isr_resource_alloc(struct adf_accel_dev *accel_dev)
goto err_out;
if (adf_setup_pf2vf_bh(accel_dev))
- goto err_out;
+ goto err_disable_msi;
if (adf_setup_bh(accel_dev))
- goto err_out;
+ goto err_cleanup_pf2vf_bh;
if (adf_request_msi_irq(accel_dev))
- goto err_out;
+ goto err_cleanup_bh;
return 0;
+
+err_cleanup_bh:
+ adf_cleanup_bh(accel_dev);
+
+err_cleanup_pf2vf_bh:
+ adf_cleanup_pf2vf_bh(accel_dev);
+
+err_disable_msi:
+ adf_disable_msi(accel_dev);
+
err_out:
- adf_vf_isr_resource_free(accel_dev);
return -EFAULT;
}
EXPORT_SYMBOL_GPL(adf_vf_isr_resource_alloc);
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 182/425] crypto: qat - ADF_STATUS_PF_RUNNING should be set after adf_dev_init
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (180 preceding siblings ...)
2021-05-20 9:19 ` [PATCH 4.19 181/425] crypto: qat - dont release uninitialized resources Greg Kroah-Hartman
@ 2021-05-20 9:19 ` Greg Kroah-Hartman
2021-05-20 9:19 ` [PATCH 4.19 183/425] fotg210-udc: Fix DMA on EP0 for length > max packet size Greg Kroah-Hartman
` (249 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:19 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Tong Zhang, Andy Shevchenko,
Giovanni Cabiddu, Herbert Xu, Sasha Levin
From: Tong Zhang <ztong0001@gmail.com>
[ Upstream commit 8609f5cfdc872fc3a462efa6a3eca5cb1e2f6446 ]
ADF_STATUS_PF_RUNNING is (only) used and checked by adf_vf2pf_shutdown()
before calling adf_iov_putmsg()->mutex_lock(vf2pf_lock), however the
vf2pf_lock is initialized in adf_dev_init(), which can fail and when it
fail, the vf2pf_lock is either not initialized or destroyed, a subsequent
use of vf2pf_lock will cause issue.
To fix this issue, only set this flag if adf_dev_init() returns 0.
[ 7.178404] BUG: KASAN: user-memory-access in __mutex_lock.isra.0+0x1ac/0x7c0
[ 7.180345] Call Trace:
[ 7.182576] mutex_lock+0xc9/0xd0
[ 7.183257] adf_iov_putmsg+0x118/0x1a0 [intel_qat]
[ 7.183541] adf_vf2pf_shutdown+0x4d/0x7b [intel_qat]
[ 7.183834] adf_dev_shutdown+0x172/0x2b0 [intel_qat]
[ 7.184127] adf_probe+0x5e9/0x600 [qat_dh895xccvf]
Signed-off-by: Tong Zhang <ztong0001@gmail.com>
Reviewed-by: Andy Shevchenko <andy.shevchenko@gmail.com>
Fixes: 25c6ffb249f6 ("crypto: qat - check if PF is running")
Acked-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/crypto/qat/qat_c3xxxvf/adf_drv.c | 4 ++--
drivers/crypto/qat/qat_c62xvf/adf_drv.c | 4 ++--
drivers/crypto/qat/qat_dh895xccvf/adf_drv.c | 4 ++--
3 files changed, 6 insertions(+), 6 deletions(-)
diff --git a/drivers/crypto/qat/qat_c3xxxvf/adf_drv.c b/drivers/crypto/qat/qat_c3xxxvf/adf_drv.c
index 613c7d5644ce..e87b7c466bdb 100644
--- a/drivers/crypto/qat/qat_c3xxxvf/adf_drv.c
+++ b/drivers/crypto/qat/qat_c3xxxvf/adf_drv.c
@@ -238,12 +238,12 @@ static int adf_probe(struct pci_dev *pdev, const struct pci_device_id *ent)
if (ret)
goto out_err_free_reg;
- set_bit(ADF_STATUS_PF_RUNNING, &accel_dev->status);
-
ret = adf_dev_init(accel_dev);
if (ret)
goto out_err_dev_shutdown;
+ set_bit(ADF_STATUS_PF_RUNNING, &accel_dev->status);
+
ret = adf_dev_start(accel_dev);
if (ret)
goto out_err_dev_stop;
diff --git a/drivers/crypto/qat/qat_c62xvf/adf_drv.c b/drivers/crypto/qat/qat_c62xvf/adf_drv.c
index 278452b8ef81..a8f3f2ecae70 100644
--- a/drivers/crypto/qat/qat_c62xvf/adf_drv.c
+++ b/drivers/crypto/qat/qat_c62xvf/adf_drv.c
@@ -238,12 +238,12 @@ static int adf_probe(struct pci_dev *pdev, const struct pci_device_id *ent)
if (ret)
goto out_err_free_reg;
- set_bit(ADF_STATUS_PF_RUNNING, &accel_dev->status);
-
ret = adf_dev_init(accel_dev);
if (ret)
goto out_err_dev_shutdown;
+ set_bit(ADF_STATUS_PF_RUNNING, &accel_dev->status);
+
ret = adf_dev_start(accel_dev);
if (ret)
goto out_err_dev_stop;
diff --git a/drivers/crypto/qat/qat_dh895xccvf/adf_drv.c b/drivers/crypto/qat/qat_dh895xccvf/adf_drv.c
index 3da0f951cb59..1b954abf67fb 100644
--- a/drivers/crypto/qat/qat_dh895xccvf/adf_drv.c
+++ b/drivers/crypto/qat/qat_dh895xccvf/adf_drv.c
@@ -238,12 +238,12 @@ static int adf_probe(struct pci_dev *pdev, const struct pci_device_id *ent)
if (ret)
goto out_err_free_reg;
- set_bit(ADF_STATUS_PF_RUNNING, &accel_dev->status);
-
ret = adf_dev_init(accel_dev);
if (ret)
goto out_err_dev_shutdown;
+ set_bit(ADF_STATUS_PF_RUNNING, &accel_dev->status);
+
ret = adf_dev_start(accel_dev);
if (ret)
goto out_err_dev_stop;
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 183/425] fotg210-udc: Fix DMA on EP0 for length > max packet size
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (181 preceding siblings ...)
2021-05-20 9:19 ` [PATCH 4.19 182/425] crypto: qat - ADF_STATUS_PF_RUNNING should be set after adf_dev_init Greg Kroah-Hartman
@ 2021-05-20 9:19 ` Greg Kroah-Hartman
2021-05-20 9:19 ` [PATCH 4.19 184/425] fotg210-udc: Fix EP0 IN requests bigger than two packets Greg Kroah-Hartman
` (248 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:19 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Fabian Vogt, Sasha Levin
From: Fabian Vogt <fabian@ritter-vogt.de>
[ Upstream commit 755915fc28edfc608fa89a163014acb2f31c1e19 ]
For a 75 Byte request, it would send the first 64 separately, then detect
that the remaining 11 Byte fit into a single DMA, but due to this bug set
the length to the original 75 Bytes. This leads to a DMA failure (which is
ignored...) and the request completes without the remaining bytes having
been sent.
Fixes: b84a8dee23fd ("usb: gadget: add Faraday fotg210_udc driver")
Signed-off-by: Fabian Vogt <fabian@ritter-vogt.de>
Link: https://lore.kernel.org/r/20210324141115.9384-2-fabian@ritter-vogt.de
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/usb/gadget/udc/fotg210-udc.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/usb/gadget/udc/fotg210-udc.c b/drivers/usb/gadget/udc/fotg210-udc.c
index bc6abaea907d..d698d4ab121b 100644
--- a/drivers/usb/gadget/udc/fotg210-udc.c
+++ b/drivers/usb/gadget/udc/fotg210-udc.c
@@ -345,7 +345,7 @@ static void fotg210_start_dma(struct fotg210_ep *ep,
if (req->req.length - req->req.actual > ep->ep.maxpacket)
length = ep->ep.maxpacket;
else
- length = req->req.length;
+ length = req->req.length - req->req.actual;
}
d = dma_map_single(NULL, buffer, length,
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 184/425] fotg210-udc: Fix EP0 IN requests bigger than two packets
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (182 preceding siblings ...)
2021-05-20 9:19 ` [PATCH 4.19 183/425] fotg210-udc: Fix DMA on EP0 for length > max packet size Greg Kroah-Hartman
@ 2021-05-20 9:19 ` Greg Kroah-Hartman
2021-05-20 9:19 ` [PATCH 4.19 185/425] fotg210-udc: Remove a dubious condition leading to fotg210_done Greg Kroah-Hartman
` (247 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:19 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Fabian Vogt, Sasha Levin
From: Fabian Vogt <fabian@ritter-vogt.de>
[ Upstream commit 078ba935651e149c92c41161e0322e3372cc2705 ]
For a 134 Byte packet, it sends the first two 64 Byte packets just fine,
but then notice that less than a packet is remaining and call fotg210_done
without actually sending the rest.
Fixes: b84a8dee23fd ("usb: gadget: add Faraday fotg210_udc driver")
Signed-off-by: Fabian Vogt <fabian@ritter-vogt.de>
Link: https://lore.kernel.org/r/20210324141115.9384-3-fabian@ritter-vogt.de
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/usb/gadget/udc/fotg210-udc.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/usb/gadget/udc/fotg210-udc.c b/drivers/usb/gadget/udc/fotg210-udc.c
index d698d4ab121b..a35a55eff429 100644
--- a/drivers/usb/gadget/udc/fotg210-udc.c
+++ b/drivers/usb/gadget/udc/fotg210-udc.c
@@ -824,7 +824,7 @@ static void fotg210_ep0in(struct fotg210_udc *fotg210)
if (req->req.length)
fotg210_start_dma(ep, req);
- if ((req->req.length - req->req.actual) < ep->ep.maxpacket)
+ if (req->req.actual == req->req.length)
fotg210_done(ep, req, 0);
} else {
fotg210_set_cxdone(fotg210);
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 185/425] fotg210-udc: Remove a dubious condition leading to fotg210_done
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (183 preceding siblings ...)
2021-05-20 9:19 ` [PATCH 4.19 184/425] fotg210-udc: Fix EP0 IN requests bigger than two packets Greg Kroah-Hartman
@ 2021-05-20 9:19 ` Greg Kroah-Hartman
2021-05-20 9:19 ` [PATCH 4.19 186/425] fotg210-udc: Mask GRP2 interrupts we dont handle Greg Kroah-Hartman
` (246 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:19 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Fabian Vogt, Sasha Levin
From: Fabian Vogt <fabian@ritter-vogt.de>
[ Upstream commit c7f755b243494d6043aadcd9a2989cb157958b95 ]
When the EP0 IN request was not completed but less than a packet sent,
it would complete the request successfully. That doesn't make sense
and can't really happen as fotg210_start_dma always sends
min(length, maxpkt) bytes.
Fixes: b84a8dee23fd ("usb: gadget: add Faraday fotg210_udc driver")
Signed-off-by: Fabian Vogt <fabian@ritter-vogt.de>
Link: https://lore.kernel.org/r/20210324141115.9384-4-fabian@ritter-vogt.de
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/usb/gadget/udc/fotg210-udc.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/drivers/usb/gadget/udc/fotg210-udc.c b/drivers/usb/gadget/udc/fotg210-udc.c
index a35a55eff429..6e284332b11f 100644
--- a/drivers/usb/gadget/udc/fotg210-udc.c
+++ b/drivers/usb/gadget/udc/fotg210-udc.c
@@ -382,8 +382,7 @@ static void fotg210_ep0_queue(struct fotg210_ep *ep,
}
if (ep->dir_in) { /* if IN */
fotg210_start_dma(ep, req);
- if ((req->req.length == req->req.actual) ||
- (req->req.actual < ep->ep.maxpacket))
+ if (req->req.length == req->req.actual)
fotg210_done(ep, req, 0);
} else { /* OUT */
u32 value = ioread32(ep->fotg210->reg + FOTG210_DMISGR0);
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 186/425] fotg210-udc: Mask GRP2 interrupts we dont handle
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (184 preceding siblings ...)
2021-05-20 9:19 ` [PATCH 4.19 185/425] fotg210-udc: Remove a dubious condition leading to fotg210_done Greg Kroah-Hartman
@ 2021-05-20 9:19 ` Greg Kroah-Hartman
2021-05-20 9:19 ` [PATCH 4.19 187/425] fotg210-udc: Dont DMA more than the buffer can take Greg Kroah-Hartman
` (245 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:19 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Fabian Vogt, Sasha Levin
From: Fabian Vogt <fabian@ritter-vogt.de>
[ Upstream commit 9aee3a23d6455200702f3a57e731fa11e8408667 ]
Currently it leaves unhandled interrupts unmasked, but those are never
acked. In the case of a "device idle" interrupt, this leads to an
effectively frozen system until plugging it in.
Fixes: b84a8dee23fd ("usb: gadget: add Faraday fotg210_udc driver")
Signed-off-by: Fabian Vogt <fabian@ritter-vogt.de>
Link: https://lore.kernel.org/r/20210324141115.9384-5-fabian@ritter-vogt.de
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/usb/gadget/udc/fotg210-udc.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/drivers/usb/gadget/udc/fotg210-udc.c b/drivers/usb/gadget/udc/fotg210-udc.c
index 6e284332b11f..41cc5babd50d 100644
--- a/drivers/usb/gadget/udc/fotg210-udc.c
+++ b/drivers/usb/gadget/udc/fotg210-udc.c
@@ -1030,6 +1030,12 @@ static void fotg210_init(struct fotg210_udc *fotg210)
value &= ~DMCR_GLINT_EN;
iowrite32(value, fotg210->reg + FOTG210_DMCR);
+ /* enable only grp2 irqs we handle */
+ iowrite32(~(DISGR2_DMA_ERROR | DISGR2_RX0BYTE_INT | DISGR2_TX0BYTE_INT
+ | DISGR2_ISO_SEQ_ABORT_INT | DISGR2_ISO_SEQ_ERR_INT
+ | DISGR2_RESM_INT | DISGR2_SUSP_INT | DISGR2_USBRST_INT),
+ fotg210->reg + FOTG210_DMISGR2);
+
/* disable all fifo interrupt */
iowrite32(~(u32)0, fotg210->reg + FOTG210_DMISGR1);
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 187/425] fotg210-udc: Dont DMA more than the buffer can take
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (185 preceding siblings ...)
2021-05-20 9:19 ` [PATCH 4.19 186/425] fotg210-udc: Mask GRP2 interrupts we dont handle Greg Kroah-Hartman
@ 2021-05-20 9:19 ` Greg Kroah-Hartman
2021-05-20 9:19 ` [PATCH 4.19 188/425] fotg210-udc: Complete OUT requests on short packets Greg Kroah-Hartman
` (244 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:19 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Fabian Vogt, Sasha Levin
From: Fabian Vogt <fabian@ritter-vogt.de>
[ Upstream commit 3e7c2510bdfe89a9ec223dd7acd6bfc8bb1cbeb6 ]
Before this, it wrote as much as available into the buffer, even if it
didn't fit.
Fixes: b84a8dee23fd ("usb: gadget: add Faraday fotg210_udc driver")
Signed-off-by: Fabian Vogt <fabian@ritter-vogt.de>
Link: https://lore.kernel.org/r/20210324141115.9384-7-fabian@ritter-vogt.de
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/usb/gadget/udc/fotg210-udc.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/drivers/usb/gadget/udc/fotg210-udc.c b/drivers/usb/gadget/udc/fotg210-udc.c
index 41cc5babd50d..7ae0243c32e5 100644
--- a/drivers/usb/gadget/udc/fotg210-udc.c
+++ b/drivers/usb/gadget/udc/fotg210-udc.c
@@ -337,8 +337,9 @@ static void fotg210_start_dma(struct fotg210_ep *ep,
} else {
buffer = req->req.buf + req->req.actual;
length = ioread32(ep->fotg210->reg +
- FOTG210_FIBCR(ep->epnum - 1));
- length &= FIBCR_BCFX;
+ FOTG210_FIBCR(ep->epnum - 1)) & FIBCR_BCFX;
+ if (length > req->req.length - req->req.actual)
+ length = req->req.length - req->req.actual;
}
} else {
buffer = req->req.buf + req->req.actual;
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 188/425] fotg210-udc: Complete OUT requests on short packets
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (186 preceding siblings ...)
2021-05-20 9:19 ` [PATCH 4.19 187/425] fotg210-udc: Dont DMA more than the buffer can take Greg Kroah-Hartman
@ 2021-05-20 9:19 ` Greg Kroah-Hartman
2021-05-20 9:19 ` [PATCH 4.19 189/425] mtd: require write permissions for locking and badblock ioctls Greg Kroah-Hartman
` (243 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:19 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Fabian Vogt, Sasha Levin
From: Fabian Vogt <fabian@ritter-vogt.de>
[ Upstream commit 75bb93be0027123b5db6cbcce89eb62f0f6b3c5b ]
A short packet indicates the end of a transfer and marks the request as
complete.
Fixes: b84a8dee23fd ("usb: gadget: add Faraday fotg210_udc driver")
Signed-off-by: Fabian Vogt <fabian@ritter-vogt.de>
Link: https://lore.kernel.org/r/20210324141115.9384-8-fabian@ritter-vogt.de
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/usb/gadget/udc/fotg210-udc.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/drivers/usb/gadget/udc/fotg210-udc.c b/drivers/usb/gadget/udc/fotg210-udc.c
index 7ae0243c32e5..785822ecc3f1 100644
--- a/drivers/usb/gadget/udc/fotg210-udc.c
+++ b/drivers/usb/gadget/udc/fotg210-udc.c
@@ -853,12 +853,16 @@ static void fotg210_out_fifo_handler(struct fotg210_ep *ep)
{
struct fotg210_request *req = list_entry(ep->queue.next,
struct fotg210_request, queue);
+ int disgr1 = ioread32(ep->fotg210->reg + FOTG210_DISGR1);
fotg210_start_dma(ep, req);
- /* finish out transfer */
+ /* Complete the request when it's full or a short packet arrived.
+ * Like other drivers, short_not_ok isn't handled.
+ */
+
if (req->req.length == req->req.actual ||
- req->req.actual < ep->ep.maxpacket)
+ (disgr1 & DISGR1_SPK_INT(ep->epnum - 1)))
fotg210_done(ep, req, 0);
}
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 189/425] mtd: require write permissions for locking and badblock ioctls
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (187 preceding siblings ...)
2021-05-20 9:19 ` [PATCH 4.19 188/425] fotg210-udc: Complete OUT requests on short packets Greg Kroah-Hartman
@ 2021-05-20 9:19 ` Greg Kroah-Hartman
2021-05-20 9:19 ` [PATCH 4.19 190/425] bus: qcom: Put child node before return Greg Kroah-Hartman
` (242 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:19 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Michael Walle,
Rafał Miłecki, Richard Weinberger, Miquel Raynal,
Sasha Levin
From: Michael Walle <michael@walle.cc>
[ Upstream commit 1e97743fd180981bef5f01402342bb54bf1c6366 ]
MEMLOCK, MEMUNLOCK and OTPLOCK modify protection bits. Thus require
write permission. Depending on the hardware MEMLOCK might even be
write-once, e.g. for SPI-NOR flashes with their WP# tied to GND. OTPLOCK
is always write-once.
MEMSETBADBLOCK modifies the bad block table.
Fixes: f7e6b19bc764 ("mtd: properly check all write ioctls for permissions")
Signed-off-by: Michael Walle <michael@walle.cc>
Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Acked-by: Rafał Miłecki <rafal@milecki.pl>
Acked-by: Richard Weinberger <richard@nod.at>
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
Link: https://lore.kernel.org/linux-mtd/20210303155735.25887-1-michael@walle.cc
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/mtd/mtdchar.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/drivers/mtd/mtdchar.c b/drivers/mtd/mtdchar.c
index 5afc653c09e2..82d38001d517 100644
--- a/drivers/mtd/mtdchar.c
+++ b/drivers/mtd/mtdchar.c
@@ -663,16 +663,12 @@ static int mtdchar_ioctl(struct file *file, u_int cmd, u_long arg)
case MEMGETINFO:
case MEMREADOOB:
case MEMREADOOB64:
- case MEMLOCK:
- case MEMUNLOCK:
case MEMISLOCKED:
case MEMGETOOBSEL:
case MEMGETBADBLOCK:
- case MEMSETBADBLOCK:
case OTPSELECT:
case OTPGETREGIONCOUNT:
case OTPGETREGIONINFO:
- case OTPLOCK:
case ECCGETLAYOUT:
case ECCGETSTATS:
case MTDFILEMODE:
@@ -683,9 +679,13 @@ static int mtdchar_ioctl(struct file *file, u_int cmd, u_long arg)
/* "dangerous" commands */
case MEMERASE:
case MEMERASE64:
+ case MEMLOCK:
+ case MEMUNLOCK:
+ case MEMSETBADBLOCK:
case MEMWRITEOOB:
case MEMWRITEOOB64:
case MEMWRITE:
+ case OTPLOCK:
if (!(file->f_mode & FMODE_WRITE))
return -EPERM;
break;
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 190/425] bus: qcom: Put child node before return
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (188 preceding siblings ...)
2021-05-20 9:19 ` [PATCH 4.19 189/425] mtd: require write permissions for locking and badblock ioctls Greg Kroah-Hartman
@ 2021-05-20 9:19 ` Greg Kroah-Hartman
2021-05-20 9:19 ` [PATCH 4.19 191/425] soundwire: bus: Fix device found flag correctly Greg Kroah-Hartman
` (241 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:19 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Linus Walleij, Pan Bian,
Bjorn Andersson, Sasha Levin
From: Pan Bian <bianpan2016@163.com>
[ Upstream commit ac6ad7c2a862d682bb584a4bc904d89fa7721af8 ]
Put child node before return to fix potential reference count leak.
Generally, the reference count of child is incremented and decremented
automatically in the macro for_each_available_child_of_node() and should
be decremented manually if the loop is broken in loop body.
Reviewed-by: Linus Walleij <linus.walleij@linaro.org>
Fixes: 335a12754808 ("bus: qcom: add EBI2 driver")
Signed-off-by: Pan Bian <bianpan2016@163.com>
Link: https://lore.kernel.org/r/20210121114907.109267-1-bianpan2016@163.com
Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/bus/qcom-ebi2.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/bus/qcom-ebi2.c b/drivers/bus/qcom-ebi2.c
index a6444244c411..bfb67aa00bec 100644
--- a/drivers/bus/qcom-ebi2.c
+++ b/drivers/bus/qcom-ebi2.c
@@ -357,8 +357,10 @@ static int qcom_ebi2_probe(struct platform_device *pdev)
/* Figure out the chipselect */
ret = of_property_read_u32(child, "reg", &csindex);
- if (ret)
+ if (ret) {
+ of_node_put(child);
return ret;
+ }
if (csindex > 5) {
dev_err(dev,
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 191/425] soundwire: bus: Fix device found flag correctly
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (189 preceding siblings ...)
2021-05-20 9:19 ` [PATCH 4.19 190/425] bus: qcom: Put child node before return Greg Kroah-Hartman
@ 2021-05-20 9:19 ` Greg Kroah-Hartman
2021-05-20 9:19 ` [PATCH 4.19 192/425] phy: marvell: ARMADA375_USBCLUSTER_PHY should not default to y, unconditionally Greg Kroah-Hartman
` (240 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:19 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Srinivas Kandagatla,
Pierre-Louis Bossart, Vinod Koul, Sasha Levin
From: Srinivas Kandagatla <srinivas.kandagatla@linaro.org>
[ Upstream commit f03690f4f6992225d05dbd1171212e5be5a370dd ]
found flag is used to indicate SoundWire devices that are
both enumerated on the bus and available in the device list.
However this flag is not reset correctly after one iteration,
This could miss some of the devices that are enumerated on the
bus but not in device list. So reset this correctly to fix this issue!
Fixes: d52d7a1be02c ("soundwire: Add Slave status handling helpers")
Signed-off-by: Srinivas Kandagatla <srinivas.kandagatla@linaro.org>
Reviewed-by: Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
Link: https://lore.kernel.org/r/20210309104816.20350-1-srinivas.kandagatla@linaro.org
Signed-off-by: Vinod Koul <vkoul@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/soundwire/bus.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/soundwire/bus.c b/drivers/soundwire/bus.c
index df172bf3925f..0089b606b70d 100644
--- a/drivers/soundwire/bus.c
+++ b/drivers/soundwire/bus.c
@@ -514,7 +514,7 @@ static int sdw_program_device_num(struct sdw_bus *bus)
struct sdw_slave *slave, *_s;
struct sdw_slave_id id;
struct sdw_msg msg;
- bool found = false;
+ bool found;
int count = 0, ret;
u64 addr;
@@ -545,6 +545,7 @@ static int sdw_program_device_num(struct sdw_bus *bus)
sdw_extract_slave_id(bus, addr, &id);
+ found = false;
/* Now compare with entries */
list_for_each_entry_safe(slave, _s, &bus->slaves, node) {
if (sdw_compare_devid(slave, id) == 0) {
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 192/425] phy: marvell: ARMADA375_USBCLUSTER_PHY should not default to y, unconditionally
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (190 preceding siblings ...)
2021-05-20 9:19 ` [PATCH 4.19 191/425] soundwire: bus: Fix device found flag correctly Greg Kroah-Hartman
@ 2021-05-20 9:19 ` Greg Kroah-Hartman
2021-05-20 9:19 ` [PATCH 4.19 193/425] crypto: qat - fix error path in adf_isr_resource_alloc() Greg Kroah-Hartman
` (239 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:19 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Geert Uytterhoeven, Vinod Koul, Sasha Levin
From: Geert Uytterhoeven <geert+renesas@glider.be>
[ Upstream commit 6cb17707aad869de163d7bf42c253caf501be4e2 ]
Merely enabling CONFIG_COMPILE_TEST should not enable additional code.
To fix this, restrict the automatic enabling of ARMADA375_USBCLUSTER_PHY
to MACH_ARMADA_375, and ask the user in case of compile-testing.
Fixes: eee47538ec1f2619 ("phy: add support for USB cluster on the Armada 375 SoC")
Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be>
Link: https://lore.kernel.org/r/20210208150252.424706-1-geert+renesas@glider.be
Signed-off-by: Vinod Koul <vkoul@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/phy/marvell/Kconfig | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/phy/marvell/Kconfig b/drivers/phy/marvell/Kconfig
index 68e321225400..ed4d3904e53f 100644
--- a/drivers/phy/marvell/Kconfig
+++ b/drivers/phy/marvell/Kconfig
@@ -2,8 +2,8 @@
# Phy drivers for Marvell platforms
#
config ARMADA375_USBCLUSTER_PHY
- def_bool y
- depends on MACH_ARMADA_375 || COMPILE_TEST
+ bool "Armada 375 USB cluster PHY support" if COMPILE_TEST
+ default y if MACH_ARMADA_375
depends on OF && HAS_IOMEM
select GENERIC_PHY
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 193/425] crypto: qat - fix error path in adf_isr_resource_alloc()
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (191 preceding siblings ...)
2021-05-20 9:19 ` [PATCH 4.19 192/425] phy: marvell: ARMADA375_USBCLUSTER_PHY should not default to y, unconditionally Greg Kroah-Hartman
@ 2021-05-20 9:19 ` Greg Kroah-Hartman
2021-05-20 9:19 ` [PATCH 4.19 194/425] usb: gadget: aspeed: fix dma map failure Greg Kroah-Hartman
` (238 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:19 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Giovanni Cabiddu, Marco Chiappero,
Herbert Xu, Sasha Levin
From: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
[ Upstream commit 83dc1173d73f80cbce2fee4d308f51f87b2f26ae ]
The function adf_isr_resource_alloc() is not unwinding correctly in case
of error.
This patch fixes the error paths and propagate the errors to the caller.
Fixes: 7afa232e76ce ("crypto: qat - Intel(R) QAT DH895xcc accelerator")
Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
Reviewed-by: Marco Chiappero <marco.chiappero@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/crypto/qat/qat_common/adf_isr.c | 29 ++++++++++++++++++-------
1 file changed, 21 insertions(+), 8 deletions(-)
diff --git a/drivers/crypto/qat/qat_common/adf_isr.c b/drivers/crypto/qat/qat_common/adf_isr.c
index cd1cdf5305bc..4898ef41fd9f 100644
--- a/drivers/crypto/qat/qat_common/adf_isr.c
+++ b/drivers/crypto/qat/qat_common/adf_isr.c
@@ -330,19 +330,32 @@ int adf_isr_resource_alloc(struct adf_accel_dev *accel_dev)
ret = adf_isr_alloc_msix_entry_table(accel_dev);
if (ret)
- return ret;
- if (adf_enable_msix(accel_dev))
goto err_out;
- if (adf_setup_bh(accel_dev))
- goto err_out;
+ ret = adf_enable_msix(accel_dev);
+ if (ret)
+ goto err_free_msix_table;
- if (adf_request_irqs(accel_dev))
- goto err_out;
+ ret = adf_setup_bh(accel_dev);
+ if (ret)
+ goto err_disable_msix;
+
+ ret = adf_request_irqs(accel_dev);
+ if (ret)
+ goto err_cleanup_bh;
return 0;
+
+err_cleanup_bh:
+ adf_cleanup_bh(accel_dev);
+
+err_disable_msix:
+ adf_disable_msix(&accel_dev->accel_pci_dev);
+
+err_free_msix_table:
+ adf_isr_free_msix_entry_table(accel_dev);
+
err_out:
- adf_isr_resource_free(accel_dev);
- return -EFAULT;
+ return ret;
}
EXPORT_SYMBOL_GPL(adf_isr_resource_alloc);
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 194/425] usb: gadget: aspeed: fix dma map failure
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (192 preceding siblings ...)
2021-05-20 9:19 ` [PATCH 4.19 193/425] crypto: qat - fix error path in adf_isr_resource_alloc() Greg Kroah-Hartman
@ 2021-05-20 9:19 ` Greg Kroah-Hartman
2021-05-20 9:19 ` [PATCH 4.19 195/425] USB: gadget: udc: fix wrong pointer passed to IS_ERR() and PTR_ERR() Greg Kroah-Hartman
` (237 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:19 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Joel Stanley, Tao Ren, Sasha Levin
From: Tao Ren <rentao.bupt@gmail.com>
[ Upstream commit bd4d607044b961cecbf8c4c2f3bb5da4fb156993 ]
Currently the virtual port_dev device is passed to DMA API, and this is
wrong because the device passed to DMA API calls must be the actual
hardware device performing the DMA.
The patch replaces usb_gadget_map_request/usb_gadget_unmap_request APIs
with usb_gadget_map_request_by_dev/usb_gadget_unmap_request_by_dev APIs
so the DMA capable platform device can be passed to the DMA APIs.
The patch fixes below backtrace detected on Facebook AST2500 OpenBMC
platforms:
[<80106550>] show_stack+0x20/0x24
[<80106868>] dump_stack+0x28/0x30
[<80823540>] __warn+0xfc/0x110
[<8011ac30>] warn_slowpath_fmt+0xb0/0xc0
[<8011ad44>] dma_map_page_attrs+0x24c/0x314
[<8016a27c>] usb_gadget_map_request_by_dev+0x100/0x1e4
[<805cedd8>] usb_gadget_map_request+0x1c/0x20
[<805cefbc>] ast_vhub_epn_queue+0xa0/0x1d8
[<7f02f710>] usb_ep_queue+0x48/0xc4
[<805cd3e8>] ecm_do_notify+0xf8/0x248
[<7f145920>] ecm_set_alt+0xc8/0x1d0
[<7f145c34>] composite_setup+0x680/0x1d30
[<7f00deb8>] ast_vhub_ep0_handle_setup+0xa4/0x1bc
[<7f02ee94>] ast_vhub_dev_irq+0x58/0x84
[<7f0309e0>] ast_vhub_irq+0xb0/0x1c8
[<7f02e118>] __handle_irq_event_percpu+0x50/0x19c
[<8015e5bc>] handle_irq_event_percpu+0x38/0x8c
[<8015e758>] handle_irq_event+0x38/0x4c
Fixes: 7ecca2a4080c ("usb/gadget: Add driver for Aspeed SoC virtual hub")
Reviewed-by: Joel Stanley <joel@jms.id.au>
Signed-off-by: Tao Ren <rentao.bupt@gmail.com>
Link: https://lore.kernel.org/r/20210331045831.28700-1-rentao.bupt@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/usb/gadget/udc/aspeed-vhub/core.c | 3 ++-
drivers/usb/gadget/udc/aspeed-vhub/epn.c | 2 +-
2 files changed, 3 insertions(+), 2 deletions(-)
diff --git a/drivers/usb/gadget/udc/aspeed-vhub/core.c b/drivers/usb/gadget/udc/aspeed-vhub/core.c
index db3628be38c0..902e61be4d64 100644
--- a/drivers/usb/gadget/udc/aspeed-vhub/core.c
+++ b/drivers/usb/gadget/udc/aspeed-vhub/core.c
@@ -36,6 +36,7 @@ void ast_vhub_done(struct ast_vhub_ep *ep, struct ast_vhub_req *req,
int status)
{
bool internal = req->internal;
+ struct ast_vhub *vhub = ep->vhub;
EPVDBG(ep, "completing request @%p, status %d\n", req, status);
@@ -46,7 +47,7 @@ void ast_vhub_done(struct ast_vhub_ep *ep, struct ast_vhub_req *req,
if (req->req.dma) {
if (!WARN_ON(!ep->dev))
- usb_gadget_unmap_request(&ep->dev->gadget,
+ usb_gadget_unmap_request_by_dev(&vhub->pdev->dev,
&req->req, ep->epn.is_in);
req->req.dma = 0;
}
diff --git a/drivers/usb/gadget/udc/aspeed-vhub/epn.c b/drivers/usb/gadget/udc/aspeed-vhub/epn.c
index ae853cf36966..931f540a747e 100644
--- a/drivers/usb/gadget/udc/aspeed-vhub/epn.c
+++ b/drivers/usb/gadget/udc/aspeed-vhub/epn.c
@@ -376,7 +376,7 @@ static int ast_vhub_epn_queue(struct usb_ep* u_ep, struct usb_request *u_req,
if (ep->epn.desc_mode ||
((((unsigned long)u_req->buf & 7) == 0) &&
(ep->epn.is_in || !(u_req->length & (u_ep->maxpacket - 1))))) {
- rc = usb_gadget_map_request(&ep->dev->gadget, u_req,
+ rc = usb_gadget_map_request_by_dev(&vhub->pdev->dev, u_req,
ep->epn.is_in);
if (rc) {
dev_warn(&vhub->pdev->dev,
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 195/425] USB: gadget: udc: fix wrong pointer passed to IS_ERR() and PTR_ERR()
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (193 preceding siblings ...)
2021-05-20 9:19 ` [PATCH 4.19 194/425] usb: gadget: aspeed: fix dma map failure Greg Kroah-Hartman
@ 2021-05-20 9:19 ` Greg Kroah-Hartman
2021-05-20 9:19 ` [PATCH 4.19 196/425] soundwire: stream: fix memory leak in stream config error path Greg Kroah-Hartman
` (236 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:19 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hulk Robot, Yang Yingliang, Sasha Levin
From: Yang Yingliang <yangyingliang@huawei.com>
[ Upstream commit 2e3d055bf27d70204cae349335a62a4f9b7c165a ]
IS_ERR() and PTR_ERR() use wrong pointer, it should be
udc->virt_addr, fix it.
Fixes: 1b9f35adb0ff ("usb: gadget: udc: Add Synopsys UDC Platform driver")
Reported-by: Hulk Robot <hulkci@huawei.com>
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
Link: https://lore.kernel.org/r/20210330130159.1051979-1-yangyingliang@huawei.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/usb/gadget/udc/snps_udc_plat.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/usb/gadget/udc/snps_udc_plat.c b/drivers/usb/gadget/udc/snps_udc_plat.c
index 32f1d3e90c26..99805d60a7ab 100644
--- a/drivers/usb/gadget/udc/snps_udc_plat.c
+++ b/drivers/usb/gadget/udc/snps_udc_plat.c
@@ -114,8 +114,8 @@ static int udc_plat_probe(struct platform_device *pdev)
res = platform_get_resource(pdev, IORESOURCE_MEM, 0);
udc->virt_addr = devm_ioremap_resource(dev, res);
- if (IS_ERR(udc->regs))
- return PTR_ERR(udc->regs);
+ if (IS_ERR(udc->virt_addr))
+ return PTR_ERR(udc->virt_addr);
/* udc csr registers base */
udc->csr = udc->virt_addr + UDC_CSR_ADDR;
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 196/425] soundwire: stream: fix memory leak in stream config error path
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (194 preceding siblings ...)
2021-05-20 9:19 ` [PATCH 4.19 195/425] USB: gadget: udc: fix wrong pointer passed to IS_ERR() and PTR_ERR() Greg Kroah-Hartman
@ 2021-05-20 9:19 ` Greg Kroah-Hartman
2021-05-20 9:19 ` [PATCH 4.19 197/425] mtd: rawnand: gpmi: Fix a double free in gpmi_nand_init Greg Kroah-Hartman
` (235 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:19 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Rander Wang, Keyon Jie,
Guennadi Liakhovetski, Pierre-Louis Bossart, Bard Liao,
Vinod Koul, Sasha Levin
From: Rander Wang <rander.wang@intel.com>
[ Upstream commit 48f17f96a81763c7c8bf5500460a359b9939359f ]
When stream config is failed, master runtime will release all
slave runtime in the slave_rt_list, but slave runtime is not
added to the list at this time. This patch frees slave runtime
in the config error path to fix the memory leak.
Fixes: 89e590535f32 ("soundwire: Add support for SoundWire stream management")
Signed-off-by: Rander Wang <rander.wang@intel.com>
Reviewed-by: Keyon Jie <yang.jie@intel.com>
Reviewed-by: Guennadi Liakhovetski <guennadi.liakhovetski@linux.intel.com>
Reviewed-by: Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
Signed-off-by: Bard Liao <yung-chuan.liao@linux.intel.com>
Link: https://lore.kernel.org/r/20210331004610.12242-1-yung-chuan.liao@linux.intel.com
Signed-off-by: Vinod Koul <vkoul@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/soundwire/stream.c | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/drivers/soundwire/stream.c b/drivers/soundwire/stream.c
index 907a548645b7..42bc701e2304 100644
--- a/drivers/soundwire/stream.c
+++ b/drivers/soundwire/stream.c
@@ -1182,8 +1182,16 @@ int sdw_stream_add_slave(struct sdw_slave *slave,
}
ret = sdw_config_stream(&slave->dev, stream, stream_config, true);
- if (ret)
+ if (ret) {
+ /*
+ * sdw_release_master_stream will release s_rt in slave_rt_list in
+ * stream_error case, but s_rt is only added to slave_rt_list
+ * when sdw_config_stream is successful, so free s_rt explicitly
+ * when sdw_config_stream is failed.
+ */
+ kfree(s_rt);
goto stream_error;
+ }
list_add_tail(&s_rt->m_rt_node, &m_rt->slave_rt_list);
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 197/425] mtd: rawnand: gpmi: Fix a double free in gpmi_nand_init
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (195 preceding siblings ...)
2021-05-20 9:19 ` [PATCH 4.19 196/425] soundwire: stream: fix memory leak in stream config error path Greg Kroah-Hartman
@ 2021-05-20 9:19 ` Greg Kroah-Hartman
2021-05-20 9:19 ` [PATCH 4.19 198/425] irqchip/gic-v3: Fix OF_BAD_ADDR error handling Greg Kroah-Hartman
` (234 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:19 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Lv Yunlong, Miquel Raynal, Sasha Levin
From: Lv Yunlong <lyl2019@mail.ustc.edu.cn>
[ Upstream commit 076de75de1e53160e9b099f75872c1f9adf41a0b ]
If the callee gpmi_alloc_dma_buffer() failed to alloc memory for
this->raw_buffer, gpmi_free_dma_buffer() will be called to free
this->auxiliary_virt. But this->auxiliary_virt is still a non-NULL
and valid ptr.
Then gpmi_alloc_dma_buffer() returns err and gpmi_free_dma_buffer()
is called again to free this->auxiliary_virt in err_out. This causes
a double free.
As gpmi_free_dma_buffer() has already called in gpmi_alloc_dma_buffer's
error path, so it should return err directly instead of releasing the dma
buffer again.
Fixes: 4d02423e9afe6 ("mtd: nand: gpmi: Fix gpmi_nand_init() error path")
Signed-off-by: Lv Yunlong <lyl2019@mail.ustc.edu.cn>
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
Link: https://lore.kernel.org/linux-mtd/20210403060905.5251-1-lyl2019@mail.ustc.edu.cn
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/mtd/nand/raw/gpmi-nand/gpmi-nand.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/mtd/nand/raw/gpmi-nand/gpmi-nand.c b/drivers/mtd/nand/raw/gpmi-nand/gpmi-nand.c
index fe99d9323d4a..6bd414bac34d 100644
--- a/drivers/mtd/nand/raw/gpmi-nand/gpmi-nand.c
+++ b/drivers/mtd/nand/raw/gpmi-nand/gpmi-nand.c
@@ -1931,7 +1931,7 @@ static int gpmi_nand_init(struct gpmi_nand_data *this)
this->bch_geometry.auxiliary_size = 128;
ret = gpmi_alloc_dma_buffer(this);
if (ret)
- goto err_out;
+ return ret;
chip->dummy_controller.ops = &gpmi_nand_controller_ops;
ret = nand_scan(chip, GPMI_IS_MX6(this) ? 2 : 1);
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 198/425] irqchip/gic-v3: Fix OF_BAD_ADDR error handling
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (196 preceding siblings ...)
2021-05-20 9:19 ` [PATCH 4.19 197/425] mtd: rawnand: gpmi: Fix a double free in gpmi_nand_init Greg Kroah-Hartman
@ 2021-05-20 9:19 ` Greg Kroah-Hartman
2021-05-20 9:19 ` [PATCH 4.19 199/425] staging: rtl8192u: Fix potential infinite loop Greg Kroah-Hartman
` (233 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:19 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Arnd Bergmann, Marc Zyngier, Sasha Levin
From: Arnd Bergmann <arnd@arndb.de>
[ Upstream commit 8e13d96670a4c050d4883e6743a9e9858e5cfe10 ]
When building with extra warnings enabled, clang points out a
mistake in the error handling:
drivers/irqchip/irq-gic-v3-mbi.c:306:21: error: result of comparison of constant 18446744073709551615 with expression of type 'phys_addr_t' (aka 'unsigned int') is always false [-Werror,-Wtautological-constant-out-of-range-compare]
if (mbi_phys_base == OF_BAD_ADDR) {
Truncate the constant to the same type as the variable it gets compared
to, to shut make the check work and void the warning.
Fixes: 505287525c24 ("irqchip/gic-v3: Add support for Message Based Interrupts as an MSI controller")
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Marc Zyngier <maz@kernel.org>
Link: https://lore.kernel.org/r/20210323131842.2773094-1-arnd@kernel.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/irqchip/irq-gic-v3-mbi.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/irqchip/irq-gic-v3-mbi.c b/drivers/irqchip/irq-gic-v3-mbi.c
index fbfa7ff6deb1..9d011281d4b5 100644
--- a/drivers/irqchip/irq-gic-v3-mbi.c
+++ b/drivers/irqchip/irq-gic-v3-mbi.c
@@ -297,7 +297,7 @@ int __init mbi_init(struct fwnode_handle *fwnode, struct irq_domain *parent)
reg = of_get_property(np, "mbi-alias", NULL);
if (reg) {
mbi_phys_base = of_translate_address(np, reg);
- if (mbi_phys_base == OF_BAD_ADDR) {
+ if (mbi_phys_base == (phys_addr_t)OF_BAD_ADDR) {
ret = -ENXIO;
goto err_free_mbi;
}
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 199/425] staging: rtl8192u: Fix potential infinite loop
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (197 preceding siblings ...)
2021-05-20 9:19 ` [PATCH 4.19 198/425] irqchip/gic-v3: Fix OF_BAD_ADDR error handling Greg Kroah-Hartman
@ 2021-05-20 9:19 ` Greg Kroah-Hartman
2021-05-20 9:19 ` [PATCH 4.19 200/425] staging: greybus: uart: fix unprivileged TIOCCSERIAL Greg Kroah-Hartman
` (232 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:19 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Colin Ian King, Sasha Levin
From: Colin Ian King <colin.king@canonical.com>
[ Upstream commit f9b9263a25dc3d2eaaa829e207434db6951ca7bc ]
The for-loop iterates with a u8 loop counter i and compares this
with the loop upper limit of riv->ieee80211->LinkDetectInfo.SlotNum
that is a u16 type. There is a potential infinite loop if SlotNum
is larger than the u8 loop counter. Fix this by making the loop
counter the same type as SlotNum.
Addresses-Coverity: ("Infinite loop")
Fixes: 8fc8598e61f6 ("Staging: Added Realtek rtl8192u driver to staging")
Signed-off-by: Colin Ian King <colin.king@canonical.com>
Link: https://lore.kernel.org/r/20210407150308.496623-1-colin.king@canonical.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/staging/rtl8192u/r8192U_core.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/staging/rtl8192u/r8192U_core.c b/drivers/staging/rtl8192u/r8192U_core.c
index 87244a208976..cc12e6c36fed 100644
--- a/drivers/staging/rtl8192u/r8192U_core.c
+++ b/drivers/staging/rtl8192u/r8192U_core.c
@@ -3379,7 +3379,7 @@ static void rtl819x_update_rxcounts(struct r8192_priv *priv, u32 *TotalRxBcnNum,
u32 *TotalRxDataNum)
{
u16 SlotIndex;
- u8 i;
+ u16 i;
*TotalRxBcnNum = 0;
*TotalRxDataNum = 0;
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 200/425] staging: greybus: uart: fix unprivileged TIOCCSERIAL
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (198 preceding siblings ...)
2021-05-20 9:19 ` [PATCH 4.19 199/425] staging: rtl8192u: Fix potential infinite loop Greg Kroah-Hartman
@ 2021-05-20 9:19 ` Greg Kroah-Hartman
2021-05-20 9:19 ` [PATCH 4.19 201/425] spi: Fix use-after-free with devm_spi_alloc_* Greg Kroah-Hartman
` (231 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:19 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Johan Hovold, Sasha Levin
From: Johan Hovold <johan@kernel.org>
[ Upstream commit 60c6b305c11b5fd167ce5e2ce42f3a9098c388f0 ]
TIOCSSERIAL is a horrid, underspecified, legacy interface which for most
serial devices is only useful for setting the close_delay and
closing_wait parameters.
A non-privileged user has only ever been able to set the since long
deprecated ASYNC_SPD flags and trying to change any other *supported*
feature should result in -EPERM being returned. Setting the current
values for any supported features should return success.
Fix the greybus implementation which instead indicated that the
TIOCSSERIAL ioctl was not even implemented when a non-privileged user
set the current values.
Fixes: e68453ed28c5 ("greybus: uart-gb: now builds, more framework added")
Signed-off-by: Johan Hovold <johan@kernel.org>
Link: https://lore.kernel.org/r/20210407102334.32361-7-johan@kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/staging/greybus/uart.c | 2 --
1 file changed, 2 deletions(-)
diff --git a/drivers/staging/greybus/uart.c b/drivers/staging/greybus/uart.c
index f36d470aed24..2343914f7548 100644
--- a/drivers/staging/greybus/uart.c
+++ b/drivers/staging/greybus/uart.c
@@ -656,8 +656,6 @@ static int set_serial_info(struct gb_tty *gb_tty,
if ((close_delay != gb_tty->port.close_delay) ||
(closing_wait != gb_tty->port.closing_wait))
retval = -EPERM;
- else
- retval = -EOPNOTSUPP;
} else {
gb_tty->port.close_delay = close_delay;
gb_tty->port.closing_wait = closing_wait;
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 201/425] spi: Fix use-after-free with devm_spi_alloc_*
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (199 preceding siblings ...)
2021-05-20 9:19 ` [PATCH 4.19 200/425] staging: greybus: uart: fix unprivileged TIOCCSERIAL Greg Kroah-Hartman
@ 2021-05-20 9:19 ` Greg Kroah-Hartman
2021-05-20 9:19 ` [PATCH 4.19 202/425] soc: qcom: mdt_loader: Validate that p_filesz < p_memsz Greg Kroah-Hartman
` (230 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:19 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, William A. Kennington III,
Mark Brown, Sasha Levin
From: William A. Kennington III <wak@google.com>
[ Upstream commit 794aaf01444d4e765e2b067cba01cc69c1c68ed9 ]
We can't rely on the contents of the devres list during
spi_unregister_controller(), as the list is already torn down at the
time we perform devres_find() for devm_spi_release_controller. This
causes devices registered with devm_spi_alloc_{master,slave}() to be
mistakenly identified as legacy, non-devm managed devices and have their
reference counters decremented below 0.
------------[ cut here ]------------
WARNING: CPU: 1 PID: 660 at lib/refcount.c:28 refcount_warn_saturate+0x108/0x174
[<b0396f04>] (refcount_warn_saturate) from [<b03c56a4>] (kobject_put+0x90/0x98)
[<b03c5614>] (kobject_put) from [<b0447b4c>] (put_device+0x20/0x24)
r4:b6700140
[<b0447b2c>] (put_device) from [<b07515e8>] (devm_spi_release_controller+0x3c/0x40)
[<b07515ac>] (devm_spi_release_controller) from [<b045343c>] (release_nodes+0x84/0xc4)
r5:b6700180 r4:b6700100
[<b04533b8>] (release_nodes) from [<b0454160>] (devres_release_all+0x5c/0x60)
r8:b1638c54 r7:b117ad94 r6:b1638c10 r5:b117ad94 r4:b163dc10
[<b0454104>] (devres_release_all) from [<b044e41c>] (__device_release_driver+0x144/0x1ec)
r5:b117ad94 r4:b163dc10
[<b044e2d8>] (__device_release_driver) from [<b044f70c>] (device_driver_detach+0x84/0xa0)
r9:00000000 r8:00000000 r7:b117ad94 r6:b163dc54 r5:b1638c10 r4:b163dc10
[<b044f688>] (device_driver_detach) from [<b044d274>] (unbind_store+0xe4/0xf8)
Instead, determine the devm allocation state as a flag on the
controller which is guaranteed to be stable during cleanup.
Fixes: 5e844cc37a5c ("spi: Introduce device-managed SPI controller allocation")
Signed-off-by: William A. Kennington III <wak@google.com>
Link: https://lore.kernel.org/r/20210407095527.2771582-1-wak@google.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/spi/spi.c | 9 ++-------
include/linux/spi/spi.h | 3 +++
2 files changed, 5 insertions(+), 7 deletions(-)
diff --git a/drivers/spi/spi.c b/drivers/spi/spi.c
index 7dabbc82b646..bbe33016d371 100644
--- a/drivers/spi/spi.c
+++ b/drivers/spi/spi.c
@@ -2084,6 +2084,7 @@ struct spi_controller *__devm_spi_alloc_controller(struct device *dev,
ctlr = __spi_alloc_controller(dev, size, slave);
if (ctlr) {
+ ctlr->devm_allocated = true;
*ptr = ctlr;
devres_add(dev, ptr);
} else {
@@ -2344,11 +2345,6 @@ int devm_spi_register_controller(struct device *dev,
}
EXPORT_SYMBOL_GPL(devm_spi_register_controller);
-static int devm_spi_match_controller(struct device *dev, void *res, void *ctlr)
-{
- return *(struct spi_controller **)res == ctlr;
-}
-
static int __unregister(struct device *dev, void *null)
{
spi_unregister_device(to_spi_device(dev));
@@ -2395,8 +2391,7 @@ void spi_unregister_controller(struct spi_controller *ctlr)
/* Release the last reference on the controller if its driver
* has not yet been converted to devm_spi_alloc_master/slave().
*/
- if (!devres_find(ctlr->dev.parent, devm_spi_release_controller,
- devm_spi_match_controller, ctlr))
+ if (!ctlr->devm_allocated)
put_device(&ctlr->dev);
/* free bus id */
diff --git a/include/linux/spi/spi.h b/include/linux/spi/spi.h
index 8ceba9b8e51e..16158fe097a8 100644
--- a/include/linux/spi/spi.h
+++ b/include/linux/spi/spi.h
@@ -450,6 +450,9 @@ struct spi_controller {
#define SPI_MASTER_GPIO_SS BIT(5) /* GPIO CS must select slave */
+ /* flag indicating this is a non-devres managed controller */
+ bool devm_allocated;
+
/* flag indicating this is an SPI slave controller */
bool slave;
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 202/425] soc: qcom: mdt_loader: Validate that p_filesz < p_memsz
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (200 preceding siblings ...)
2021-05-20 9:19 ` [PATCH 4.19 201/425] spi: Fix use-after-free with devm_spi_alloc_* Greg Kroah-Hartman
@ 2021-05-20 9:19 ` Greg Kroah-Hartman
2021-05-20 9:19 ` [PATCH 4.19 203/425] soc: qcom: mdt_loader: Detect truncated read of segments Greg Kroah-Hartman
` (229 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:19 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Sibi Sankar, Bjorn Andersson, Sasha Levin
From: Bjorn Andersson <bjorn.andersson@linaro.org>
[ Upstream commit 84168d1b54e76a1bcb5192991adde5176abe02e3 ]
The code validates that segments of p_memsz bytes of a segment will fit
in the provided memory region, but does not validate that p_filesz bytes
will, which means that an incorrectly crafted ELF header might write
beyond the provided memory region.
Fixes: 051fb70fd4ea ("remoteproc: qcom: Driver for the self-authenticating Hexagon v5")
Reviewed-by: Sibi Sankar <sibis@codeaurora.org>
Link: https://lore.kernel.org/r/20210107233119.717173-1-bjorn.andersson@linaro.org
Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/soc/qcom/mdt_loader.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/drivers/soc/qcom/mdt_loader.c b/drivers/soc/qcom/mdt_loader.c
index 1c488024c698..7584b81d06a1 100644
--- a/drivers/soc/qcom/mdt_loader.c
+++ b/drivers/soc/qcom/mdt_loader.c
@@ -168,6 +168,14 @@ static int __qcom_mdt_load(struct device *dev, const struct firmware *fw,
break;
}
+ if (phdr->p_filesz > phdr->p_memsz) {
+ dev_err(dev,
+ "refusing to load segment %d with p_filesz > p_memsz\n",
+ i);
+ ret = -EINVAL;
+ break;
+ }
+
ptr = mem_region + offset;
if (phdr->p_filesz) {
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 203/425] soc: qcom: mdt_loader: Detect truncated read of segments
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (201 preceding siblings ...)
2021-05-20 9:19 ` [PATCH 4.19 202/425] soc: qcom: mdt_loader: Validate that p_filesz < p_memsz Greg Kroah-Hartman
@ 2021-05-20 9:19 ` Greg Kroah-Hartman
2021-05-20 9:19 ` [PATCH 4.19 204/425] ACPI: CPPC: Replace cppc_attr with kobj_attribute Greg Kroah-Hartman
` (228 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:19 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Sibi Sankar, Bjorn Andersson, Sasha Levin
From: Bjorn Andersson <bjorn.andersson@linaro.org>
[ Upstream commit 0648c55e3a21ccd816e99b6600d6199fbf39d23a ]
Given that no validation of how much data the firmware loader read in
for a given segment truncated segment files would best case result in a
hash verification failure, without any indication of what went wrong.
Improve this by validating that the firmware loader did return the
amount of data requested.
Fixes: 445c2410a449 ("soc: qcom: mdt_loader: Use request_firmware_into_buf()")
Reviewed-by: Sibi Sankar <sibis@codeaurora.org>
Link: https://lore.kernel.org/r/20210107232526.716989-1-bjorn.andersson@linaro.org
Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/soc/qcom/mdt_loader.c | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/drivers/soc/qcom/mdt_loader.c b/drivers/soc/qcom/mdt_loader.c
index 7584b81d06a1..47dffe7736ff 100644
--- a/drivers/soc/qcom/mdt_loader.c
+++ b/drivers/soc/qcom/mdt_loader.c
@@ -187,6 +187,15 @@ static int __qcom_mdt_load(struct device *dev, const struct firmware *fw,
break;
}
+ if (seg_fw->size != phdr->p_filesz) {
+ dev_err(dev,
+ "failed to load segment %d from truncated file %s\n",
+ i, fw_name);
+ release_firmware(seg_fw);
+ ret = -EINVAL;
+ break;
+ }
+
release_firmware(seg_fw);
}
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 204/425] ACPI: CPPC: Replace cppc_attr with kobj_attribute
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (202 preceding siblings ...)
2021-05-20 9:19 ` [PATCH 4.19 203/425] soc: qcom: mdt_loader: Detect truncated read of segments Greg Kroah-Hartman
@ 2021-05-20 9:19 ` Greg Kroah-Hartman
2021-05-20 9:19 ` [PATCH 4.19 205/425] crypto: qat - Fix a double free in adf_create_ring Greg Kroah-Hartman
` (227 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:19 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Nathan Chancellor, Rafael J. Wysocki,
Sasha Levin
From: Nathan Chancellor <nathan@kernel.org>
[ Upstream commit 2bc6262c6117dd18106d5aa50d53e945b5d99c51 ]
All of the CPPC sysfs show functions are called via indirect call in
kobj_attr_show(), where they should be of type
ssize_t (*show)(struct kobject *kobj, struct kobj_attribute *attr, char *buf);
because that is the type of the ->show() member in
'struct kobj_attribute' but they are actually of type
ssize_t (*show)(struct kobject *kobj, struct attribute *attr, char *buf);
because of the ->show() member in 'struct cppc_attr', resulting in a
Control Flow Integrity violation [1].
$ cat /sys/devices/system/cpu/cpu0/acpi_cppc/highest_perf
3400
$ dmesg | grep "CFI failure"
[ 175.970559] CFI failure (target: show_highest_perf+0x0/0x8):
As far as I can tell, the only difference between 'struct cppc_attr'
and 'struct kobj_attribute' aside from the type of the attr parameter
is the type of the count parameter in the ->store() member (ssize_t vs.
size_t), which does not actually matter because all of these nodes are
read-only.
Eliminate 'struct cppc_attr' in favor of 'struct kobj_attribute' to fix
the violation.
[1]: https://lore.kernel.org/r/20210401233216.2540591-1-samitolvanen@google.com/
Fixes: 158c998ea44b ("ACPI / CPPC: add sysfs support to compute delivered performance")
Link: https://github.com/ClangBuiltLinux/linux/issues/1343
Signed-off-by: Nathan Chancellor <nathan@kernel.org>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/acpi/cppc_acpi.c | 14 +++-----------
1 file changed, 3 insertions(+), 11 deletions(-)
diff --git a/drivers/acpi/cppc_acpi.c b/drivers/acpi/cppc_acpi.c
index 5c6ecbb66608..1b43f8ebfabe 100644
--- a/drivers/acpi/cppc_acpi.c
+++ b/drivers/acpi/cppc_acpi.c
@@ -122,23 +122,15 @@ static DEFINE_PER_CPU(struct cpc_desc *, cpc_desc_ptr);
*/
#define NUM_RETRIES 500ULL
-struct cppc_attr {
- struct attribute attr;
- ssize_t (*show)(struct kobject *kobj,
- struct attribute *attr, char *buf);
- ssize_t (*store)(struct kobject *kobj,
- struct attribute *attr, const char *c, ssize_t count);
-};
-
#define define_one_cppc_ro(_name) \
-static struct cppc_attr _name = \
+static struct kobj_attribute _name = \
__ATTR(_name, 0444, show_##_name, NULL)
#define to_cpc_desc(a) container_of(a, struct cpc_desc, kobj)
#define show_cppc_data(access_fn, struct_name, member_name) \
static ssize_t show_##member_name(struct kobject *kobj, \
- struct attribute *attr, char *buf) \
+ struct kobj_attribute *attr, char *buf) \
{ \
struct cpc_desc *cpc_ptr = to_cpc_desc(kobj); \
struct struct_name st_name = {0}; \
@@ -164,7 +156,7 @@ show_cppc_data(cppc_get_perf_ctrs, cppc_perf_fb_ctrs, reference_perf);
show_cppc_data(cppc_get_perf_ctrs, cppc_perf_fb_ctrs, wraparound_time);
static ssize_t show_feedback_ctrs(struct kobject *kobj,
- struct attribute *attr, char *buf)
+ struct kobj_attribute *attr, char *buf)
{
struct cpc_desc *cpc_ptr = to_cpc_desc(kobj);
struct cppc_perf_fb_ctrs fb_ctrs = {0};
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 205/425] crypto: qat - Fix a double free in adf_create_ring
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (203 preceding siblings ...)
2021-05-20 9:19 ` [PATCH 4.19 204/425] ACPI: CPPC: Replace cppc_attr with kobj_attribute Greg Kroah-Hartman
@ 2021-05-20 9:19 ` Greg Kroah-Hartman
2021-05-20 9:19 ` [PATCH 4.19 206/425] cpufreq: armada-37xx: Fix setting TBG parent for load levels Greg Kroah-Hartman
` (226 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:19 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Lv Yunlong, Herbert Xu, Sasha Levin
From: Lv Yunlong <lyl2019@mail.ustc.edu.cn>
[ Upstream commit f7cae626cabb3350b23722b78fe34dd7a615ca04 ]
In adf_create_ring, if the callee adf_init_ring() failed, the callee will
free the ring->base_addr by dma_free_coherent() and return -EFAULT. Then
adf_create_ring will goto err and the ring->base_addr will be freed again
in adf_cleanup_ring().
My patch sets ring->base_addr to NULL after the first freed to avoid the
double free.
Fixes: a672a9dc872ec ("crypto: qat - Intel(R) QAT transport code")
Signed-off-by: Lv Yunlong <lyl2019@mail.ustc.edu.cn>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/crypto/qat/qat_common/adf_transport.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/crypto/qat/qat_common/adf_transport.c b/drivers/crypto/qat/qat_common/adf_transport.c
index 57d2622728a5..4c0067f8c079 100644
--- a/drivers/crypto/qat/qat_common/adf_transport.c
+++ b/drivers/crypto/qat/qat_common/adf_transport.c
@@ -197,6 +197,7 @@ static int adf_init_ring(struct adf_etr_ring_data *ring)
dev_err(&GET_DEV(accel_dev), "Ring address not aligned\n");
dma_free_coherent(&GET_DEV(accel_dev), ring_size_bytes,
ring->base_addr, ring->dma_addr);
+ ring->base_addr = NULL;
return -EFAULT;
}
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 206/425] cpufreq: armada-37xx: Fix setting TBG parent for load levels
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (204 preceding siblings ...)
2021-05-20 9:19 ` [PATCH 4.19 205/425] crypto: qat - Fix a double free in adf_create_ring Greg Kroah-Hartman
@ 2021-05-20 9:19 ` Greg Kroah-Hartman
2021-05-20 9:19 ` [PATCH 4.19 207/425] clk: mvebu: armada-37xx-periph: remove .set_parent method for CPU PM clock Greg Kroah-Hartman
` (225 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:19 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Marek Behún, Gregory CLEMENT,
Pali Rohár, Tomasz Maciej Nowak, Anders Trier Olesen,
Philip Soares, Viresh Kumar, Sasha Levin
From: Marek Behún <kabel@kernel.org>
[ Upstream commit 22592df194e31baf371906cc720da38fa0ab68f5 ]
With CPU frequency determining software [1] we have discovered that
after this driver does one CPU frequency change, the base frequency of
the CPU is set to the frequency of TBG-A-P clock, instead of the TBG
that is parent to the CPU.
This can be reproduced on EspressoBIN and Turris MOX:
cd /sys/devices/system/cpu/cpufreq/policy0
echo powersave >scaling_governor
echo performance >scaling_governor
Running the mhz tool before this driver is loaded reports 1000 MHz, and
after loading the driver and executing commands above the tool reports
800 MHz.
The change of TBG clock selector is supposed to happen in function
armada37xx_cpufreq_dvfs_setup. Before the function returns, it does
this:
parent = clk_get_parent(clk);
clk_set_parent(clk, parent);
The armada-37xx-periph clock driver has the .set_parent method
implemented correctly for this, so if the method was actually called,
this would work. But since the introduction of the common clock
framework in commit b2476490ef11 ("clk: introduce the common clock..."),
the clk_set_parent function checks whether the parent is actually
changing, and if the requested new parent is same as the old parent
(which is obviously the case for the code above), the .set_parent method
is not called at all.
This patch fixes this issue by filling the correct TBG clock selector
directly in the armada37xx_cpufreq_dvfs_setup during the filling of
other registers at the same address. But the determination of CPU TBG
index cannot be done via the common clock framework, therefore we need
to access the North Bridge Peripheral Clock registers directly in this
driver.
[1] https://github.com/wtarreau/mhz
Signed-off-by: Marek Behún <kabel@kernel.org>
Acked-by: Gregory CLEMENT <gregory.clement@bootlin.com>
Tested-by: Pali Rohár <pali@kernel.org>
Tested-by: Tomasz Maciej Nowak <tmn505@gmail.com>
Tested-by: Anders Trier Olesen <anders.trier.olesen@gmail.com>
Tested-by: Philip Soares <philips@netisense.com>
Fixes: 92ce45fb875d ("cpufreq: Add DVFS support for Armada 37xx")
Signed-off-by: Viresh Kumar <viresh.kumar@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/cpufreq/armada-37xx-cpufreq.c | 35 ++++++++++++++++++---------
1 file changed, 23 insertions(+), 12 deletions(-)
diff --git a/drivers/cpufreq/armada-37xx-cpufreq.c b/drivers/cpufreq/armada-37xx-cpufreq.c
index 9b0b490d70ff..99fb0ae7e2d7 100644
--- a/drivers/cpufreq/armada-37xx-cpufreq.c
+++ b/drivers/cpufreq/armada-37xx-cpufreq.c
@@ -25,6 +25,10 @@
#include "cpufreq-dt.h"
+/* Clk register set */
+#define ARMADA_37XX_CLK_TBG_SEL 0
+#define ARMADA_37XX_CLK_TBG_SEL_CPU_OFF 22
+
/* Power management in North Bridge register set */
#define ARMADA_37XX_NB_L0L1 0x18
#define ARMADA_37XX_NB_L2L3 0x1C
@@ -120,10 +124,15 @@ static struct armada_37xx_dvfs *armada_37xx_cpu_freq_info_get(u32 freq)
* will be configured then the DVFS will be enabled.
*/
static void __init armada37xx_cpufreq_dvfs_setup(struct regmap *base,
- struct clk *clk, u8 *divider)
+ struct regmap *clk_base, u8 *divider)
{
+ u32 cpu_tbg_sel;
int load_lvl;
- struct clk *parent;
+
+ /* Determine to which TBG clock is CPU connected */
+ regmap_read(clk_base, ARMADA_37XX_CLK_TBG_SEL, &cpu_tbg_sel);
+ cpu_tbg_sel >>= ARMADA_37XX_CLK_TBG_SEL_CPU_OFF;
+ cpu_tbg_sel &= ARMADA_37XX_NB_TBG_SEL_MASK;
for (load_lvl = 0; load_lvl < LOAD_LEVEL_NR; load_lvl++) {
unsigned int reg, mask, val, offset = 0;
@@ -142,6 +151,11 @@ static void __init armada37xx_cpufreq_dvfs_setup(struct regmap *base,
mask = (ARMADA_37XX_NB_CLK_SEL_MASK
<< ARMADA_37XX_NB_CLK_SEL_OFF);
+ /* Set TBG index, for all levels we use the same TBG */
+ val = cpu_tbg_sel << ARMADA_37XX_NB_TBG_SEL_OFF;
+ mask = (ARMADA_37XX_NB_TBG_SEL_MASK
+ << ARMADA_37XX_NB_TBG_SEL_OFF);
+
/*
* Set cpu divider based on the pre-computed array in
* order to have balanced step.
@@ -160,14 +174,6 @@ static void __init armada37xx_cpufreq_dvfs_setup(struct regmap *base,
regmap_update_bits(base, reg, mask, val);
}
-
- /*
- * Set cpu clock source, for all the level we keep the same
- * clock source that the one already configured. For this one
- * we need to use the clock framework
- */
- parent = clk_get_parent(clk);
- clk_set_parent(clk, parent);
}
/*
@@ -360,11 +366,16 @@ static int __init armada37xx_cpufreq_driver_init(void)
struct platform_device *pdev;
unsigned long freq;
unsigned int cur_frequency, base_frequency;
- struct regmap *nb_pm_base, *avs_base;
+ struct regmap *nb_clk_base, *nb_pm_base, *avs_base;
struct device *cpu_dev;
int load_lvl, ret;
struct clk *clk, *parent;
+ nb_clk_base =
+ syscon_regmap_lookup_by_compatible("marvell,armada-3700-periph-clock-nb");
+ if (IS_ERR(nb_clk_base))
+ return -ENODEV;
+
nb_pm_base =
syscon_regmap_lookup_by_compatible("marvell,armada-3700-nb-pm");
@@ -441,7 +452,7 @@ static int __init armada37xx_cpufreq_driver_init(void)
armada37xx_cpufreq_avs_configure(avs_base, dvfs);
armada37xx_cpufreq_avs_setup(avs_base, dvfs);
- armada37xx_cpufreq_dvfs_setup(nb_pm_base, clk, dvfs->divider);
+ armada37xx_cpufreq_dvfs_setup(nb_pm_base, nb_clk_base, dvfs->divider);
clk_put(clk);
for (load_lvl = ARMADA_37XX_DVFS_LOAD_0; load_lvl < LOAD_LEVEL_NR;
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 207/425] clk: mvebu: armada-37xx-periph: remove .set_parent method for CPU PM clock
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (205 preceding siblings ...)
2021-05-20 9:19 ` [PATCH 4.19 206/425] cpufreq: armada-37xx: Fix setting TBG parent for load levels Greg Kroah-Hartman
@ 2021-05-20 9:19 ` Greg Kroah-Hartman
2021-05-20 9:19 ` [PATCH 4.19 208/425] cpufreq: armada-37xx: Fix the AVS value for load L1 Greg Kroah-Hartman
` (224 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:19 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Marek Behún, Stephen Boyd,
Gregory CLEMENT, Pali Rohár, Tomasz Maciej Nowak,
Anders Trier Olesen, Philip Soares, Viresh Kumar, Sasha Levin
From: Marek Behún <kabel@kernel.org>
[ Upstream commit 4e435a9dd26c46ac018997cc0562d50b1a96f372 ]
Remove the .set_parent method in clk_pm_cpu_ops.
This method was supposed to be needed by the armada-37xx-cpufreq driver,
but was never actually called due to wrong assumptions in the cpufreq
driver. After this was fixed in the cpufreq driver, this method is not
needed anymore.
Signed-off-by: Marek Behún <kabel@kernel.org>
Acked-by: Stephen Boyd <sboyd@kernel.org>
Acked-by: Gregory CLEMENT <gregory.clement@bootlin.com>
Tested-by: Pali Rohár <pali@kernel.org>
Tested-by: Tomasz Maciej Nowak <tmn505@gmail.com>
Tested-by: Anders Trier Olesen <anders.trier.olesen@gmail.com>
Tested-by: Philip Soares <philips@netisense.com>
Fixes: 2089dc33ea0e ("clk: mvebu: armada-37xx-periph: add DVFS support for cpu clocks")
Signed-off-by: Viresh Kumar <viresh.kumar@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/clk/mvebu/armada-37xx-periph.c | 28 --------------------------
1 file changed, 28 deletions(-)
diff --git a/drivers/clk/mvebu/armada-37xx-periph.c b/drivers/clk/mvebu/armada-37xx-periph.c
index 499f5962c8b0..a7e40ff3e57d 100644
--- a/drivers/clk/mvebu/armada-37xx-periph.c
+++ b/drivers/clk/mvebu/armada-37xx-periph.c
@@ -428,33 +428,6 @@ static u8 clk_pm_cpu_get_parent(struct clk_hw *hw)
return val;
}
-static int clk_pm_cpu_set_parent(struct clk_hw *hw, u8 index)
-{
- struct clk_pm_cpu *pm_cpu = to_clk_pm_cpu(hw);
- struct regmap *base = pm_cpu->nb_pm_base;
- int load_level;
-
- /*
- * We set the clock parent only if the DVFS is available but
- * not enabled.
- */
- if (IS_ERR(base) || armada_3700_pm_dvfs_is_enabled(base))
- return -EINVAL;
-
- /* Set the parent clock for all the load level */
- for (load_level = 0; load_level < LOAD_LEVEL_NR; load_level++) {
- unsigned int reg, mask, val,
- offset = ARMADA_37XX_NB_TBG_SEL_OFF;
-
- armada_3700_pm_dvfs_update_regs(load_level, ®, &offset);
-
- val = index << offset;
- mask = ARMADA_37XX_NB_TBG_SEL_MASK << offset;
- regmap_update_bits(base, reg, mask, val);
- }
- return 0;
-}
-
static unsigned long clk_pm_cpu_recalc_rate(struct clk_hw *hw,
unsigned long parent_rate)
{
@@ -580,7 +553,6 @@ static int clk_pm_cpu_set_rate(struct clk_hw *hw, unsigned long rate,
static const struct clk_ops clk_pm_cpu_ops = {
.get_parent = clk_pm_cpu_get_parent,
- .set_parent = clk_pm_cpu_set_parent,
.round_rate = clk_pm_cpu_round_rate,
.set_rate = clk_pm_cpu_set_rate,
.recalc_rate = clk_pm_cpu_recalc_rate,
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 208/425] cpufreq: armada-37xx: Fix the AVS value for load L1
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (206 preceding siblings ...)
2021-05-20 9:19 ` [PATCH 4.19 207/425] clk: mvebu: armada-37xx-periph: remove .set_parent method for CPU PM clock Greg Kroah-Hartman
@ 2021-05-20 9:19 ` Greg Kroah-Hartman
2021-05-20 9:19 ` [PATCH 4.19 209/425] clk: mvebu: armada-37xx-periph: Fix switching CPU freq from 250 Mhz to 1 GHz Greg Kroah-Hartman
` (223 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:19 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Pali Rohár, Gregory CLEMENT,
Tomasz Maciej Nowak, Anders Trier Olesen, Philip Soares,
Viresh Kumar, Sasha Levin
From: Pali Rohár <pali@kernel.org>
[ Upstream commit d118ac2062b5b8331c8768ac81e016617e0996ee ]
The original CPU voltage value for load L1 is too low for Armada 37xx SoC
when base CPU frequency is 1000 or 1200 MHz. It leads to instabilities
where CPU gets stuck soon after dynamic voltage scaling from load L1 to L0.
Update the CPU voltage value for load L1 accordingly when base frequency is
1000 or 1200 MHz. The minimal L1 value for base CPU frequency 1000 MHz is
updated from the original 1.05V to 1.108V and for 1200 MHz is updated to
1.155V. This minimal L1 value is used only in the case when it is lower
than value for L0.
This change fixes CPU instability issues on 1 GHz and 1.2 GHz variants of
Espressobin and 1 GHz Turris Mox.
Marvell previously for 1 GHz variant of Espressobin provided a patch [1]
suitable only for their Marvell Linux kernel 4.4 fork which workarounded
this issue. Patch forced CPU voltage value to 1.108V in all loads. But
such change does not fix CPU instability issues on 1.2 GHz variants of
Armada 3720 SoC.
During testing we come to the conclusion that using 1.108V as minimal
value for L1 load makes 1 GHz variants of Espressobin and Turris Mox boards
stable. And similarly 1.155V for 1.2 GHz variant of Espressobin.
These two values 1.108V and 1.155V are documented in Armada 3700 Hardware
Specifications as typical initial CPU voltage values.
Discussion about this issue is also at the Armbian forum [2].
[1] - https://github.com/MarvellEmbeddedProcessors/linux-marvell/commit/dc33b62c90696afb6adc7dbcc4ebbd48bedec269
[2] - https://forum.armbian.com/topic/10429-how-to-make-espressobin-v7-stable/
Signed-off-by: Pali Rohár <pali@kernel.org>
Acked-by: Gregory CLEMENT <gregory.clement@bootlin.com>
Tested-by: Tomasz Maciej Nowak <tmn505@gmail.com>
Tested-by: Anders Trier Olesen <anders.trier.olesen@gmail.com>
Tested-by: Philip Soares <philips@netisense.com>
Fixes: 1c3528232f4b ("cpufreq: armada-37xx: Add AVS support")
Signed-off-by: Viresh Kumar <viresh.kumar@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/cpufreq/armada-37xx-cpufreq.c | 37 +++++++++++++++++++++++++++
1 file changed, 37 insertions(+)
diff --git a/drivers/cpufreq/armada-37xx-cpufreq.c b/drivers/cpufreq/armada-37xx-cpufreq.c
index 99fb0ae7e2d7..dacb17e28305 100644
--- a/drivers/cpufreq/armada-37xx-cpufreq.c
+++ b/drivers/cpufreq/armada-37xx-cpufreq.c
@@ -73,6 +73,8 @@
#define LOAD_LEVEL_NR 4
#define MIN_VOLT_MV 1000
+#define MIN_VOLT_MV_FOR_L1_1000MHZ 1108
+#define MIN_VOLT_MV_FOR_L1_1200MHZ 1155
/* AVS value for the corresponding voltage (in mV) */
static int avs_map[] = {
@@ -208,6 +210,8 @@ static u32 armada_37xx_avs_val_match(int target_vm)
* - L2 & L3 voltage should be about 150mv smaller than L0 voltage.
* This function calculates L1 & L2 & L3 AVS values dynamically based
* on L0 voltage and fill all AVS values to the AVS value table.
+ * When base CPU frequency is 1000 or 1200 MHz then there is additional
+ * minimal avs value for load L1.
*/
static void __init armada37xx_cpufreq_avs_configure(struct regmap *base,
struct armada_37xx_dvfs *dvfs)
@@ -239,6 +243,19 @@ static void __init armada37xx_cpufreq_avs_configure(struct regmap *base,
for (load_level = 1; load_level < LOAD_LEVEL_NR; load_level++)
dvfs->avs[load_level] = avs_min;
+ /*
+ * Set the avs values for load L0 and L1 when base CPU frequency
+ * is 1000/1200 MHz to its typical initial values according to
+ * the Armada 3700 Hardware Specifications.
+ */
+ if (dvfs->cpu_freq_max >= 1000*1000*1000) {
+ if (dvfs->cpu_freq_max >= 1200*1000*1000)
+ avs_min = armada_37xx_avs_val_match(MIN_VOLT_MV_FOR_L1_1200MHZ);
+ else
+ avs_min = armada_37xx_avs_val_match(MIN_VOLT_MV_FOR_L1_1000MHZ);
+ dvfs->avs[0] = dvfs->avs[1] = avs_min;
+ }
+
return;
}
@@ -258,6 +275,26 @@ static void __init armada37xx_cpufreq_avs_configure(struct regmap *base,
target_vm = avs_map[l0_vdd_min] - 150;
target_vm = target_vm > MIN_VOLT_MV ? target_vm : MIN_VOLT_MV;
dvfs->avs[2] = dvfs->avs[3] = armada_37xx_avs_val_match(target_vm);
+
+ /*
+ * Fix the avs value for load L1 when base CPU frequency is 1000/1200 MHz,
+ * otherwise the CPU gets stuck when switching from load L1 to load L0.
+ * Also ensure that avs value for load L1 is not higher than for L0.
+ */
+ if (dvfs->cpu_freq_max >= 1000*1000*1000) {
+ u32 avs_min_l1;
+
+ if (dvfs->cpu_freq_max >= 1200*1000*1000)
+ avs_min_l1 = armada_37xx_avs_val_match(MIN_VOLT_MV_FOR_L1_1200MHZ);
+ else
+ avs_min_l1 = armada_37xx_avs_val_match(MIN_VOLT_MV_FOR_L1_1000MHZ);
+
+ if (avs_min_l1 > dvfs->avs[0])
+ avs_min_l1 = dvfs->avs[0];
+
+ if (dvfs->avs[1] < avs_min_l1)
+ dvfs->avs[1] = avs_min_l1;
+ }
}
static void __init armada37xx_cpufreq_avs_setup(struct regmap *base,
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 209/425] clk: mvebu: armada-37xx-periph: Fix switching CPU freq from 250 Mhz to 1 GHz
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (207 preceding siblings ...)
2021-05-20 9:19 ` [PATCH 4.19 208/425] cpufreq: armada-37xx: Fix the AVS value for load L1 Greg Kroah-Hartman
@ 2021-05-20 9:19 ` Greg Kroah-Hartman
2021-05-20 9:19 ` [PATCH 4.19 210/425] clk: mvebu: armada-37xx-periph: Fix workaround for switching from L1 to L0 Greg Kroah-Hartman
` (222 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:19 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Pali Rohár, Stephen Boyd,
Gregory CLEMENT, Tomasz Maciej Nowak, Anders Trier Olesen,
Philip Soares, Viresh Kumar, Sasha Levin
From: Pali Rohár <pali@kernel.org>
[ Upstream commit 4decb9187589f61fe9fc2bc4d9b01160b0a610c5 ]
It was observed that the workaround introduced by commit 61c40f35f5cd
("clk: mvebu: armada-37xx-periph: Fix switching CPU rate from 300Mhz to
1.2GHz") when base CPU frequency is 1.2 GHz is also required when base
CPU frequency is 1 GHz. Otherwise switching CPU frequency directly from
L2 (250 MHz) to L0 (1 GHz) causes a crash.
When base CPU frequency is just 800 MHz no crashed were observed during
switch from L2 to L0.
Signed-off-by: Pali Rohár <pali@kernel.org>
Acked-by: Stephen Boyd <sboyd@kernel.org>
Acked-by: Gregory CLEMENT <gregory.clement@bootlin.com>
Tested-by: Tomasz Maciej Nowak <tmn505@gmail.com>
Tested-by: Anders Trier Olesen <anders.trier.olesen@gmail.com>
Tested-by: Philip Soares <philips@netisense.com>
Fixes: 2089dc33ea0e ("clk: mvebu: armada-37xx-periph: add DVFS support for cpu clocks")
Signed-off-by: Viresh Kumar <viresh.kumar@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/clk/mvebu/armada-37xx-periph.c | 12 +++++++-----
1 file changed, 7 insertions(+), 5 deletions(-)
diff --git a/drivers/clk/mvebu/armada-37xx-periph.c b/drivers/clk/mvebu/armada-37xx-periph.c
index a7e40ff3e57d..a05449cb0e3b 100644
--- a/drivers/clk/mvebu/armada-37xx-periph.c
+++ b/drivers/clk/mvebu/armada-37xx-periph.c
@@ -475,8 +475,10 @@ static long clk_pm_cpu_round_rate(struct clk_hw *hw, unsigned long rate,
}
/*
- * Switching the CPU from the L2 or L3 frequencies (300 and 200 Mhz
- * respectively) to L0 frequency (1.2 Ghz) requires a significant
+ * Workaround when base CPU frequnecy is 1000 or 1200 MHz
+ *
+ * Switching the CPU from the L2 or L3 frequencies (250/300 or 200 MHz
+ * respectively) to L0 frequency (1/1.2 GHz) requires a significant
* amount of time to let VDD stabilize to the appropriate
* voltage. This amount of time is large enough that it cannot be
* covered by the hardware countdown register. Due to this, the CPU
@@ -486,15 +488,15 @@ static long clk_pm_cpu_round_rate(struct clk_hw *hw, unsigned long rate,
* To work around this problem, we prevent switching directly from the
* L2/L3 frequencies to the L0 frequency, and instead switch to the L1
* frequency in-between. The sequence therefore becomes:
- * 1. First switch from L2/L3(200/300MHz) to L1(600MHZ)
+ * 1. First switch from L2/L3 (200/250/300 MHz) to L1 (500/600 MHz)
* 2. Sleep 20ms for stabling VDD voltage
- * 3. Then switch from L1(600MHZ) to L0(1200Mhz).
+ * 3. Then switch from L1 (500/600 MHz) to L0 (1000/1200 MHz).
*/
static void clk_pm_cpu_set_rate_wa(unsigned long rate, struct regmap *base)
{
unsigned int cur_level;
- if (rate != 1200 * 1000 * 1000)
+ if (rate < 1000 * 1000 * 1000)
return;
regmap_read(base, ARMADA_37XX_NB_CPU_LOAD, &cur_level);
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 210/425] clk: mvebu: armada-37xx-periph: Fix workaround for switching from L1 to L0
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (208 preceding siblings ...)
2021-05-20 9:19 ` [PATCH 4.19 209/425] clk: mvebu: armada-37xx-periph: Fix switching CPU freq from 250 Mhz to 1 GHz Greg Kroah-Hartman
@ 2021-05-20 9:19 ` Greg Kroah-Hartman
2021-05-20 9:19 ` [PATCH 4.19 211/425] cpufreq: armada-37xx: Fix driver cleanup when registration failed Greg Kroah-Hartman
` (221 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:19 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Marek Behún, Pali Rohár,
Stephen Boyd, Gregory CLEMENT, Tomasz Maciej Nowak,
Anders Trier Olesen, Philip Soares, Viresh Kumar, Sasha Levin
From: Pali Rohár <pali@kernel.org>
[ Upstream commit e93033aff684641f71a436ca7a9d2a742126baaf ]
When CPU frequency is at 250 MHz and set_rate() is called with 500 MHz (L1)
quickly followed by a call with 1 GHz (L0), the CPU does not necessarily
stay in L1 for at least 20ms as is required by Marvell errata.
This situation happens frequently with the ondemand cpufreq governor and
can be also reproduced with userspace governor. In most cases it causes CPU
to crash.
This change fixes the above issue and ensures that the CPU always stays in
L1 for at least 20ms when switching from any state to L0.
Signed-off-by: Marek Behún <kabel@kernel.org>
Signed-off-by: Pali Rohár <pali@kernel.org>
Acked-by: Stephen Boyd <sboyd@kernel.org>
Acked-by: Gregory CLEMENT <gregory.clement@bootlin.com>
Tested-by: Tomasz Maciej Nowak <tmn505@gmail.com>
Tested-by: Anders Trier Olesen <anders.trier.olesen@gmail.com>
Tested-by: Philip Soares <philips@netisense.com>
Fixes: 61c40f35f5cd ("clk: mvebu: armada-37xx-periph: Fix switching CPU rate from 300Mhz to 1.2GHz")
Signed-off-by: Viresh Kumar <viresh.kumar@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/clk/mvebu/armada-37xx-periph.c | 45 ++++++++++++++++++++++----
1 file changed, 39 insertions(+), 6 deletions(-)
diff --git a/drivers/clk/mvebu/armada-37xx-periph.c b/drivers/clk/mvebu/armada-37xx-periph.c
index a05449cb0e3b..5d10733d6c04 100644
--- a/drivers/clk/mvebu/armada-37xx-periph.c
+++ b/drivers/clk/mvebu/armada-37xx-periph.c
@@ -74,6 +74,7 @@ struct clk_pm_cpu {
void __iomem *reg_div;
u8 shift_div;
struct regmap *nb_pm_base;
+ unsigned long l1_expiration;
};
#define to_clk_double_div(_hw) container_of(_hw, struct clk_double_div, hw)
@@ -492,22 +493,52 @@ static long clk_pm_cpu_round_rate(struct clk_hw *hw, unsigned long rate,
* 2. Sleep 20ms for stabling VDD voltage
* 3. Then switch from L1 (500/600 MHz) to L0 (1000/1200 MHz).
*/
-static void clk_pm_cpu_set_rate_wa(unsigned long rate, struct regmap *base)
+static void clk_pm_cpu_set_rate_wa(struct clk_pm_cpu *pm_cpu,
+ unsigned int new_level, unsigned long rate,
+ struct regmap *base)
{
unsigned int cur_level;
- if (rate < 1000 * 1000 * 1000)
- return;
-
regmap_read(base, ARMADA_37XX_NB_CPU_LOAD, &cur_level);
cur_level &= ARMADA_37XX_NB_CPU_LOAD_MASK;
- if (cur_level <= ARMADA_37XX_DVFS_LOAD_1)
+
+ if (cur_level == new_level)
+ return;
+
+ /*
+ * System wants to go to L1 on its own. If we are going from L2/L3,
+ * remember when 20ms will expire. If from L0, set the value so that
+ * next switch to L0 won't have to wait.
+ */
+ if (new_level == ARMADA_37XX_DVFS_LOAD_1) {
+ if (cur_level == ARMADA_37XX_DVFS_LOAD_0)
+ pm_cpu->l1_expiration = jiffies;
+ else
+ pm_cpu->l1_expiration = jiffies + msecs_to_jiffies(20);
return;
+ }
+
+ /*
+ * If we are setting to L2/L3, just invalidate L1 expiration time,
+ * sleeping is not needed.
+ */
+ if (rate < 1000*1000*1000)
+ goto invalidate_l1_exp;
+
+ /*
+ * We are going to L0 with rate >= 1GHz. Check whether we have been at
+ * L1 for long enough time. If not, go to L1 for 20ms.
+ */
+ if (pm_cpu->l1_expiration && jiffies >= pm_cpu->l1_expiration)
+ goto invalidate_l1_exp;
regmap_update_bits(base, ARMADA_37XX_NB_CPU_LOAD,
ARMADA_37XX_NB_CPU_LOAD_MASK,
ARMADA_37XX_DVFS_LOAD_1);
msleep(20);
+
+invalidate_l1_exp:
+ pm_cpu->l1_expiration = 0;
}
static int clk_pm_cpu_set_rate(struct clk_hw *hw, unsigned long rate,
@@ -541,7 +572,9 @@ static int clk_pm_cpu_set_rate(struct clk_hw *hw, unsigned long rate,
reg = ARMADA_37XX_NB_CPU_LOAD;
mask = ARMADA_37XX_NB_CPU_LOAD_MASK;
- clk_pm_cpu_set_rate_wa(rate, base);
+ /* Apply workaround when base CPU frequency is 1000 or 1200 MHz */
+ if (parent_rate >= 1000*1000*1000)
+ clk_pm_cpu_set_rate_wa(pm_cpu, load_level, rate, base);
regmap_update_bits(base, reg, mask, load_level);
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 211/425] cpufreq: armada-37xx: Fix driver cleanup when registration failed
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (209 preceding siblings ...)
2021-05-20 9:19 ` [PATCH 4.19 210/425] clk: mvebu: armada-37xx-periph: Fix workaround for switching from L1 to L0 Greg Kroah-Hartman
@ 2021-05-20 9:19 ` Greg Kroah-Hartman
2021-05-20 9:19 ` [PATCH 4.19 212/425] cpufreq: armada-37xx: Fix determining base CPU frequency Greg Kroah-Hartman
` (220 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:19 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Pali Rohár, Gregory CLEMENT,
Tomasz Maciej Nowak, Anders Trier Olesen, Philip Soares,
Viresh Kumar, Sasha Levin
From: Pali Rohár <pali@kernel.org>
[ Upstream commit 92963903a8e11b9576eb7249f8e81eefa93b6f96 ]
Commit 8db82563451f ("cpufreq: armada-37xx: fix frequency calculation for
opp") changed calculation of frequency passed to the dev_pm_opp_add()
function call. But the code for dev_pm_opp_remove() function call was not
updated, so the driver cleanup phase does not work when registration fails.
This fixes the issue by using the same frequency in both calls.
Signed-off-by: Pali Rohár <pali@kernel.org>
Acked-by: Gregory CLEMENT <gregory.clement@bootlin.com>
Tested-by: Tomasz Maciej Nowak <tmn505@gmail.com>
Tested-by: Anders Trier Olesen <anders.trier.olesen@gmail.com>
Tested-by: Philip Soares <philips@netisense.com>
Fixes: 8db82563451f ("cpufreq: armada-37xx: fix frequency calculation for opp")
Signed-off-by: Viresh Kumar <viresh.kumar@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/cpufreq/armada-37xx-cpufreq.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/cpufreq/armada-37xx-cpufreq.c b/drivers/cpufreq/armada-37xx-cpufreq.c
index dacb17e28305..6a4ac26ac6a8 100644
--- a/drivers/cpufreq/armada-37xx-cpufreq.c
+++ b/drivers/cpufreq/armada-37xx-cpufreq.c
@@ -523,7 +523,7 @@ disable_dvfs:
remove_opp:
/* clean-up the already added opp before leaving */
while (load_lvl-- > ARMADA_37XX_DVFS_LOAD_0) {
- freq = cur_frequency / dvfs->divider[load_lvl];
+ freq = base_frequency / dvfs->divider[load_lvl];
dev_pm_opp_remove(cpu_dev, freq);
}
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 212/425] cpufreq: armada-37xx: Fix determining base CPU frequency
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (210 preceding siblings ...)
2021-05-20 9:19 ` [PATCH 4.19 211/425] cpufreq: armada-37xx: Fix driver cleanup when registration failed Greg Kroah-Hartman
@ 2021-05-20 9:19 ` Greg Kroah-Hartman
2021-05-20 9:19 ` [PATCH 4.19 213/425] usb: gadget: r8a66597: Add missing null check on return from platform_get_resource Greg Kroah-Hartman
` (219 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:19 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Pali Rohár, Gregory CLEMENT,
Tomasz Maciej Nowak, Anders Trier Olesen, Philip Soares,
Viresh Kumar, Sasha Levin
From: Pali Rohár <pali@kernel.org>
[ Upstream commit 8bad3bf23cbc40abe1d24cec08a114df6facf858 ]
When current CPU load is not L0 then loading armada-37xx-cpufreq.ko driver
fails with following error:
# modprobe armada-37xx-cpufreq
[ 502.702097] Unsupported CPU frequency 250 MHz
This issue was partially fixed by commit 8db82563451f ("cpufreq:
armada-37xx: fix frequency calculation for opp"), but only for calculating
CPU frequency for opp.
Fix this also for determination of base CPU frequency.
Signed-off-by: Pali Rohár <pali@kernel.org>
Acked-by: Gregory CLEMENT <gregory.clement@bootlin.com>
Tested-by: Tomasz Maciej Nowak <tmn505@gmail.com>
Tested-by: Anders Trier Olesen <anders.trier.olesen@gmail.com>
Tested-by: Philip Soares <philips@netisense.com>
Fixes: 92ce45fb875d ("cpufreq: Add DVFS support for Armada 37xx")
Signed-off-by: Viresh Kumar <viresh.kumar@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/cpufreq/armada-37xx-cpufreq.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/cpufreq/armada-37xx-cpufreq.c b/drivers/cpufreq/armada-37xx-cpufreq.c
index 6a4ac26ac6a8..a36452bd9612 100644
--- a/drivers/cpufreq/armada-37xx-cpufreq.c
+++ b/drivers/cpufreq/armada-37xx-cpufreq.c
@@ -471,7 +471,7 @@ static int __init armada37xx_cpufreq_driver_init(void)
return -EINVAL;
}
- dvfs = armada_37xx_cpu_freq_info_get(cur_frequency);
+ dvfs = armada_37xx_cpu_freq_info_get(base_frequency);
if (!dvfs) {
clk_put(clk);
return -EINVAL;
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 213/425] usb: gadget: r8a66597: Add missing null check on return from platform_get_resource
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (211 preceding siblings ...)
2021-05-20 9:19 ` [PATCH 4.19 212/425] cpufreq: armada-37xx: Fix determining base CPU frequency Greg Kroah-Hartman
@ 2021-05-20 9:19 ` Greg Kroah-Hartman
2021-05-20 9:19 ` [PATCH 4.19 214/425] USB: cdc-acm: fix unprivileged TIOCCSERIAL Greg Kroah-Hartman
` (218 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:19 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Colin Ian King, Sasha Levin
From: Colin Ian King <colin.king@canonical.com>
[ Upstream commit 9c2076090c2815fe7c49676df68dde7e60a9b9fc ]
The call to platform_get_resource can potentially return a NULL pointer
on failure, so add this check and return -EINVAL if it fails.
Fixes: c41442474a26 ("usb: gadget: R8A66597 peripheral controller support.")
Signed-off-by: Colin Ian King <colin.king@canonical.com>
Addresses-Coverity: ("Dereference null return")
Link: https://lore.kernel.org/r/20210406184510.433497-1-colin.king@canonical.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/usb/gadget/udc/r8a66597-udc.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/usb/gadget/udc/r8a66597-udc.c b/drivers/usb/gadget/udc/r8a66597-udc.c
index 11e25a3f4f1f..a766476fd742 100644
--- a/drivers/usb/gadget/udc/r8a66597-udc.c
+++ b/drivers/usb/gadget/udc/r8a66597-udc.c
@@ -1852,6 +1852,8 @@ static int r8a66597_probe(struct platform_device *pdev)
return PTR_ERR(reg);
ires = platform_get_resource(pdev, IORESOURCE_IRQ, 0);
+ if (!ires)
+ return -EINVAL;
irq = ires->start;
irq_trigger = ires->flags & IRQF_TRIGGER_MASK;
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 214/425] USB: cdc-acm: fix unprivileged TIOCCSERIAL
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (212 preceding siblings ...)
2021-05-20 9:19 ` [PATCH 4.19 213/425] usb: gadget: r8a66597: Add missing null check on return from platform_get_resource Greg Kroah-Hartman
@ 2021-05-20 9:19 ` Greg Kroah-Hartman
2021-05-20 9:19 ` [PATCH 4.19 215/425] tty: actually undefine superseded ASYNC flags Greg Kroah-Hartman
` (217 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:19 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Oliver Neukum, Johan Hovold, Sasha Levin
From: Johan Hovold <johan@kernel.org>
[ Upstream commit dd5619582d60007139f0447382d2839f4f9e339b ]
TIOCSSERIAL is a horrid, underspecified, legacy interface which for most
serial devices is only useful for setting the close_delay and
closing_wait parameters.
A non-privileged user has only ever been able to set the since long
deprecated ASYNC_SPD flags and trying to change any other *supported*
feature should result in -EPERM being returned. Setting the current
values for any supported features should return success.
Fix the cdc-acm implementation which instead indicated that the
TIOCSSERIAL ioctl was not even implemented when a non-privileged user
set the current values.
Fixes: ba2d8ce9db0a ("cdc-acm: implement TIOCSSERIAL to avoid blocking close(2)")
Acked-by: Oliver Neukum <oneukum@suse.com>
Signed-off-by: Johan Hovold <johan@kernel.org>
Link: https://lore.kernel.org/r/20210408131602.27956-3-johan@kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/usb/class/cdc-acm.c | 2 --
1 file changed, 2 deletions(-)
diff --git a/drivers/usb/class/cdc-acm.c b/drivers/usb/class/cdc-acm.c
index 7f4f21ba8efc..738de8c9c354 100644
--- a/drivers/usb/class/cdc-acm.c
+++ b/drivers/usb/class/cdc-acm.c
@@ -987,8 +987,6 @@ static int set_serial_info(struct acm *acm,
if ((new_serial.close_delay != old_close_delay) ||
(new_serial.closing_wait != old_closing_wait))
retval = -EPERM;
- else
- retval = -EOPNOTSUPP;
} else {
acm->port.close_delay = close_delay;
acm->port.closing_wait = closing_wait;
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 215/425] tty: actually undefine superseded ASYNC flags
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (213 preceding siblings ...)
2021-05-20 9:19 ` [PATCH 4.19 214/425] USB: cdc-acm: fix unprivileged TIOCCSERIAL Greg Kroah-Hartman
@ 2021-05-20 9:19 ` Greg Kroah-Hartman
2021-05-20 9:19 ` [PATCH 4.19 216/425] tty: fix return value for unsupported ioctls Greg Kroah-Hartman
` (216 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:19 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Johan Hovold, Sasha Levin
From: Johan Hovold <johan@kernel.org>
[ Upstream commit d09845e98a05850a8094ea8fd6dd09a8e6824fff ]
Some kernel-internal ASYNC flags have been superseded by tty-port flags
and should no longer be used by kernel drivers.
Fix the misspelled "__KERNEL__" compile guards which failed their sole
purpose to break out-of-tree drivers that have not yet been updated.
Fixes: 5c0517fefc92 ("tty: core: Undefine ASYNC_* flags superceded by TTY_PORT* flags")
Signed-off-by: Johan Hovold <johan@kernel.org>
Link: https://lore.kernel.org/r/20210407095208.31838-2-johan@kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/uapi/linux/tty_flags.h | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/include/uapi/linux/tty_flags.h b/include/uapi/linux/tty_flags.h
index 900a32e63424..6a3ac496a56c 100644
--- a/include/uapi/linux/tty_flags.h
+++ b/include/uapi/linux/tty_flags.h
@@ -39,7 +39,7 @@
* WARNING: These flags are no longer used and have been superceded by the
* TTY_PORT_ flags in the iflags field (and not userspace-visible)
*/
-#ifndef _KERNEL_
+#ifndef __KERNEL__
#define ASYNCB_INITIALIZED 31 /* Serial port was initialized */
#define ASYNCB_SUSPENDED 30 /* Serial port is suspended */
#define ASYNCB_NORMAL_ACTIVE 29 /* Normal device is active */
@@ -81,7 +81,7 @@
#define ASYNC_SPD_WARP (ASYNC_SPD_HI|ASYNC_SPD_SHI)
#define ASYNC_SPD_MASK (ASYNC_SPD_HI|ASYNC_SPD_VHI|ASYNC_SPD_SHI)
-#ifndef _KERNEL_
+#ifndef __KERNEL__
/* These flags are no longer used (and were always masked from userspace) */
#define ASYNC_INITIALIZED (1U << ASYNCB_INITIALIZED)
#define ASYNC_NORMAL_ACTIVE (1U << ASYNCB_NORMAL_ACTIVE)
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 216/425] tty: fix return value for unsupported ioctls
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (214 preceding siblings ...)
2021-05-20 9:19 ` [PATCH 4.19 215/425] tty: actually undefine superseded ASYNC flags Greg Kroah-Hartman
@ 2021-05-20 9:19 ` Greg Kroah-Hartman
2021-05-20 9:19 ` [PATCH 4.19 217/425] firmware: qcom-scm: Fix QCOM_SCM configuration Greg Kroah-Hartman
` (215 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:19 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Johan Hovold, Sasha Levin
From: Johan Hovold <johan@kernel.org>
[ Upstream commit 1b8b20868a6d64cfe8174a21b25b74367bdf0560 ]
Drivers should return -ENOTTY ("Inappropriate I/O control operation")
when an ioctl isn't supported, while -EINVAL is used for invalid
arguments.
Fix up the TIOCMGET, TIOCMSET and TIOCGICOUNT helpers which returned
-EINVAL when a tty driver did not implement the corresponding
operations.
Note that the TIOCMGET and TIOCMSET helpers predate git and do not get a
corresponding Fixes tag below.
Fixes: d281da7ff6f7 ("tty: Make tiocgicount a handler")
Signed-off-by: Johan Hovold <johan@kernel.org>
Link: https://lore.kernel.org/r/20210407095208.31838-3-johan@kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/tty/tty_io.c | 8 ++++----
include/linux/tty_driver.h | 2 +-
2 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/drivers/tty/tty_io.c b/drivers/tty/tty_io.c
index ff6a360eef1e..9e9343adc2b4 100644
--- a/drivers/tty/tty_io.c
+++ b/drivers/tty/tty_io.c
@@ -2432,14 +2432,14 @@ out:
* @p: pointer to result
*
* Obtain the modem status bits from the tty driver if the feature
- * is supported. Return -EINVAL if it is not available.
+ * is supported. Return -ENOTTY if it is not available.
*
* Locking: none (up to the driver)
*/
static int tty_tiocmget(struct tty_struct *tty, int __user *p)
{
- int retval = -EINVAL;
+ int retval = -ENOTTY;
if (tty->ops->tiocmget) {
retval = tty->ops->tiocmget(tty);
@@ -2457,7 +2457,7 @@ static int tty_tiocmget(struct tty_struct *tty, int __user *p)
* @p: pointer to desired bits
*
* Set the modem status bits from the tty driver if the feature
- * is supported. Return -EINVAL if it is not available.
+ * is supported. Return -ENOTTY if it is not available.
*
* Locking: none (up to the driver)
*/
@@ -2469,7 +2469,7 @@ static int tty_tiocmset(struct tty_struct *tty, unsigned int cmd,
unsigned int set, clear, val;
if (tty->ops->tiocmset == NULL)
- return -EINVAL;
+ return -ENOTTY;
retval = get_user(val, p);
if (retval)
diff --git a/include/linux/tty_driver.h b/include/linux/tty_driver.h
index 71dbc891851a..e10b09672345 100644
--- a/include/linux/tty_driver.h
+++ b/include/linux/tty_driver.h
@@ -236,7 +236,7 @@
*
* Called when the device receives a TIOCGICOUNT ioctl. Passed a kernel
* structure to complete. This method is optional and will only be called
- * if provided (otherwise EINVAL will be returned).
+ * if provided (otherwise ENOTTY will be returned).
*/
#include <linux/export.h>
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 217/425] firmware: qcom-scm: Fix QCOM_SCM configuration
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (215 preceding siblings ...)
2021-05-20 9:19 ` [PATCH 4.19 216/425] tty: fix return value for unsupported ioctls Greg Kroah-Hartman
@ 2021-05-20 9:19 ` Greg Kroah-Hartman
2021-05-20 9:19 ` [PATCH 4.19 218/425] usbip: vudc: fix missing unlock on error in usbip_sockfd_store() Greg Kroah-Hartman
` (214 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:19 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Hulk Robot, He Ying, Sasha Levin
From: He Ying <heying24@huawei.com>
[ Upstream commit 2954a6f12f250890ec2433cec03ba92784d613e8 ]
When CONFIG_QCOM_SCM is y and CONFIG_HAVE_ARM_SMCCC
is not set, compiling errors are encountered as follows:
drivers/firmware/qcom_scm-smc.o: In function `__scm_smc_do_quirk':
qcom_scm-smc.c:(.text+0x36): undefined reference to `__arm_smccc_smc'
drivers/firmware/qcom_scm-legacy.o: In function `scm_legacy_call':
qcom_scm-legacy.c:(.text+0xe2): undefined reference to `__arm_smccc_smc'
drivers/firmware/qcom_scm-legacy.o: In function `scm_legacy_call_atomic':
qcom_scm-legacy.c:(.text+0x1f0): undefined reference to `__arm_smccc_smc'
Note that __arm_smccc_smc is defined when HAVE_ARM_SMCCC is y.
So add dependency on HAVE_ARM_SMCCC in QCOM_SCM configuration.
Fixes: 916f743da354 ("firmware: qcom: scm: Move the scm driver to drivers/firmware")
Reported-by: Hulk Robot <hulkci@huawei.com>
Signed-off-by: He Ying <heying24@huawei.com>
Link: https://lore.kernel.org/r/20210406094200.60952-1-heying24@huawei.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/firmware/Kconfig | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/firmware/Kconfig b/drivers/firmware/Kconfig
index ed212c8b4108..1c419e4cea83 100644
--- a/drivers/firmware/Kconfig
+++ b/drivers/firmware/Kconfig
@@ -248,6 +248,7 @@ config FW_CFG_SYSFS_CMDLINE
config QCOM_SCM
bool
depends on ARM || ARM64
+ depends on HAVE_ARM_SMCCC
select RESET_CONTROLLER
config QCOM_SCM_32
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 218/425] usbip: vudc: fix missing unlock on error in usbip_sockfd_store()
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (216 preceding siblings ...)
2021-05-20 9:19 ` [PATCH 4.19 217/425] firmware: qcom-scm: Fix QCOM_SCM configuration Greg Kroah-Hartman
@ 2021-05-20 9:19 ` Greg Kroah-Hartman
2021-05-20 9:19 ` [PATCH 4.19 219/425] platform/x86: pmc_atom: Match all Beckhoff Automation baytrail boards with critclk_systems DMI table Greg Kroah-Hartman
` (213 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:19 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hulk Robot, Shuah Khan, Ye Bin, Sasha Levin
From: Ye Bin <yebin10@huawei.com>
[ Upstream commit 1d08ed588c6a85a35a24c82eb4cf0807ec2b366a ]
Add the missing unlock before return from function usbip_sockfd_store()
in the error handling case.
Fixes: bd8b82042269 ("usbip: vudc synchronize sysfs code paths")
Reported-by: Hulk Robot <hulkci@huawei.com>
Acked-by: Shuah Khan <skhan@linuxfoundation.org>
Signed-off-by: Ye Bin <yebin10@huawei.com>
Link: https://lore.kernel.org/r/20210408112305.1022247-1-yebin10@huawei.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/usb/usbip/vudc_sysfs.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/usb/usbip/vudc_sysfs.c b/drivers/usb/usbip/vudc_sysfs.c
index de2babadd146..7b1437a51304 100644
--- a/drivers/usb/usbip/vudc_sysfs.c
+++ b/drivers/usb/usbip/vudc_sysfs.c
@@ -157,12 +157,14 @@ static ssize_t usbip_sockfd_store(struct device *dev,
tcp_rx = kthread_create(&v_rx_loop, &udc->ud, "vudc_rx");
if (IS_ERR(tcp_rx)) {
sockfd_put(socket);
+ mutex_unlock(&udc->ud.sysfs_lock);
return -EINVAL;
}
tcp_tx = kthread_create(&v_tx_loop, &udc->ud, "vudc_tx");
if (IS_ERR(tcp_tx)) {
kthread_stop(tcp_rx);
sockfd_put(socket);
+ mutex_unlock(&udc->ud.sysfs_lock);
return -EINVAL;
}
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 219/425] platform/x86: pmc_atom: Match all Beckhoff Automation baytrail boards with critclk_systems DMI table
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (217 preceding siblings ...)
2021-05-20 9:19 ` [PATCH 4.19 218/425] usbip: vudc: fix missing unlock on error in usbip_sockfd_store() Greg Kroah-Hartman
@ 2021-05-20 9:19 ` Greg Kroah-Hartman
2021-05-20 9:19 ` [PATCH 4.19 220/425] x86/platform/uv: Fix !KEXEC build failure Greg Kroah-Hartman
` (212 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:19 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Andy Shevchenko, Steffen Dirkwinkel,
Hans de Goede, Sasha Levin
From: Steffen Dirkwinkel <s.dirkwinkel@beckhoff.com>
[ Upstream commit d21e5abd3a005253eb033090aab2e43bce090d89 ]
pmc_plt_clk* clocks are used for ethernet controllers, so need to stay
turned on. This adds the affected board family to critclk_systems DMI
table, so the clocks are marked as CLK_CRITICAL and not turned off.
This replaces the previously listed boards with a match for the whole
device family CBxx63. CBxx63 matches only baytrail devices.
There are new affected boards that would otherwise need to be listed.
There are unaffected boards in the family, but having the clocks
turned on is not an issue.
Fixes: 648e921888ad ("clk: x86: Stop marking clocks as CLK_IS_CRITICAL")
Reviewed-by: Andy Shevchenko <andy.shevchenko@gmail.com>
Signed-off-by: Steffen Dirkwinkel <s.dirkwinkel@beckhoff.com>
Link: https://lore.kernel.org/r/20210412133006.397679-1-linux-kernel-dev@beckhoff.com
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/platform/x86/pmc_atom.c | 28 ++--------------------------
1 file changed, 2 insertions(+), 26 deletions(-)
diff --git a/drivers/platform/x86/pmc_atom.c b/drivers/platform/x86/pmc_atom.c
index 26351e9e0aaf..682fc49d172c 100644
--- a/drivers/platform/x86/pmc_atom.c
+++ b/drivers/platform/x86/pmc_atom.c
@@ -423,34 +423,10 @@ static const struct dmi_system_id critclk_systems[] = {
},
{
/* pmc_plt_clk* - are used for ethernet controllers */
- .ident = "Beckhoff CB3163",
+ .ident = "Beckhoff Baytrail",
.matches = {
DMI_MATCH(DMI_SYS_VENDOR, "Beckhoff Automation"),
- DMI_MATCH(DMI_BOARD_NAME, "CB3163"),
- },
- },
- {
- /* pmc_plt_clk* - are used for ethernet controllers */
- .ident = "Beckhoff CB4063",
- .matches = {
- DMI_MATCH(DMI_SYS_VENDOR, "Beckhoff Automation"),
- DMI_MATCH(DMI_BOARD_NAME, "CB4063"),
- },
- },
- {
- /* pmc_plt_clk* - are used for ethernet controllers */
- .ident = "Beckhoff CB6263",
- .matches = {
- DMI_MATCH(DMI_SYS_VENDOR, "Beckhoff Automation"),
- DMI_MATCH(DMI_BOARD_NAME, "CB6263"),
- },
- },
- {
- /* pmc_plt_clk* - are used for ethernet controllers */
- .ident = "Beckhoff CB6363",
- .matches = {
- DMI_MATCH(DMI_SYS_VENDOR, "Beckhoff Automation"),
- DMI_MATCH(DMI_BOARD_NAME, "CB6363"),
+ DMI_MATCH(DMI_PRODUCT_FAMILY, "CBxx63"),
},
},
{
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 220/425] x86/platform/uv: Fix !KEXEC build failure
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (218 preceding siblings ...)
2021-05-20 9:19 ` [PATCH 4.19 219/425] platform/x86: pmc_atom: Match all Beckhoff Automation baytrail boards with critclk_systems DMI table Greg Kroah-Hartman
@ 2021-05-20 9:19 ` Greg Kroah-Hartman
2021-05-20 9:19 ` [PATCH 4.19 221/425] Drivers: hv: vmbus: Increase wait time for VMbus unload Greg Kroah-Hartman
` (211 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:19 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Ingo Molnar, Mike Travis, Sasha Levin
From: Ingo Molnar <mingo@kernel.org>
[ Upstream commit c2209ea55612efac75de0a58ef5f7394fae7fa0f ]
When KEXEC is disabled, the UV build fails:
arch/x86/platform/uv/uv_nmi.c:875:14: error: ‘uv_nmi_kexec_failed’ undeclared (first use in this function)
Since uv_nmi_kexec_failed is only defined in the KEXEC_CORE #ifdef branch,
this code cannot ever have been build tested:
if (main)
pr_err("UV: NMI kdump: KEXEC not supported in this kernel\n");
atomic_set(&uv_nmi_kexec_failed, 1);
Nor is this use possible in uv_handle_nmi():
atomic_set(&uv_nmi_kexec_failed, 0);
These bugs were introduced in this commit:
d0a9964e9873: ("x86/platform/uv: Implement simple dump failover if kdump fails")
Which added the uv_nmi_kexec_failed assignments to !KEXEC code, while making the
definition KEXEC-only - apparently without testing the !KEXEC case.
Instead of complicating the #ifdef maze, simplify the code by requiring X86_UV
to depend on KEXEC_CORE. This pattern is present in other architectures as well.
( We'll remove the untested, 7 years old !KEXEC complications from the file in a
separate commit. )
Fixes: d0a9964e9873: ("x86/platform/uv: Implement simple dump failover if kdump fails")
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Cc: Mike Travis <travis@sgi.com>
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/x86/Kconfig | 1 +
1 file changed, 1 insertion(+)
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
index af35f5caadbe..d994501d9179 100644
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -533,6 +533,7 @@ config X86_UV
depends on X86_EXTENDED_PLATFORM
depends on NUMA
depends on EFI
+ depends on KEXEC_CORE
depends on X86_X2APIC
depends on PCI
---help---
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 221/425] Drivers: hv: vmbus: Increase wait time for VMbus unload
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (219 preceding siblings ...)
2021-05-20 9:19 ` [PATCH 4.19 220/425] x86/platform/uv: Fix !KEXEC build failure Greg Kroah-Hartman
@ 2021-05-20 9:19 ` Greg Kroah-Hartman
2021-05-20 9:19 ` [PATCH 4.19 222/425] usb: dwc2: Fix host mode hibernation exit with remote wakeup flow Greg Kroah-Hartman
` (210 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:19 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Michael Kelley, Vitaly Kuznetsov,
Wei Liu, Sasha Levin
From: Michael Kelley <mikelley@microsoft.com>
[ Upstream commit 77db0ec8b7764cb9b09b78066ebfd47b2c0c1909 ]
When running in Azure, disks may be connected to a Linux VM with
read/write caching enabled. If a VM panics and issues a VMbus
UNLOAD request to Hyper-V, the response is delayed until all dirty
data in the disk cache is flushed. In extreme cases, this flushing
can take 10's of seconds, depending on the disk speed and the amount
of dirty data. If kdump is configured for the VM, the current 10 second
timeout in vmbus_wait_for_unload() may be exceeded, and the UNLOAD
complete message may arrive well after the kdump kernel is already
running, causing problems. Note that no problem occurs if kdump is
not enabled because Hyper-V waits for the cache flush before doing
a reboot through the BIOS/UEFI code.
Fix this problem by increasing the timeout in vmbus_wait_for_unload()
to 100 seconds. Also output periodic messages so that if anyone is
watching the serial console, they won't think the VM is completely
hung.
Fixes: 911e1987efc8 ("Drivers: hv: vmbus: Add timeout to vmbus_wait_for_unload")
Signed-off-by: Michael Kelley <mikelley@microsoft.com>
Reviewed-by: Vitaly Kuznetsov <vkuznets@redhat.com>
Link: https://lore.kernel.org/r/1618894089-126662-1-git-send-email-mikelley@microsoft.com
Signed-off-by: Wei Liu <wei.liu@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/hv/channel_mgmt.c | 30 +++++++++++++++++++++++++-----
1 file changed, 25 insertions(+), 5 deletions(-)
diff --git a/drivers/hv/channel_mgmt.c b/drivers/hv/channel_mgmt.c
index ac9617671757..cdd4392c589d 100644
--- a/drivers/hv/channel_mgmt.c
+++ b/drivers/hv/channel_mgmt.c
@@ -773,6 +773,12 @@ static void init_vp_index(struct vmbus_channel *channel, u16 dev_type)
free_cpumask_var(available_mask);
}
+#define UNLOAD_DELAY_UNIT_MS 10 /* 10 milliseconds */
+#define UNLOAD_WAIT_MS (100*1000) /* 100 seconds */
+#define UNLOAD_WAIT_LOOPS (UNLOAD_WAIT_MS/UNLOAD_DELAY_UNIT_MS)
+#define UNLOAD_MSG_MS (5*1000) /* Every 5 seconds */
+#define UNLOAD_MSG_LOOPS (UNLOAD_MSG_MS/UNLOAD_DELAY_UNIT_MS)
+
static void vmbus_wait_for_unload(void)
{
int cpu;
@@ -790,12 +796,17 @@ static void vmbus_wait_for_unload(void)
* vmbus_connection.unload_event. If not, the last thing we can do is
* read message pages for all CPUs directly.
*
- * Wait no more than 10 seconds so that the panic path can't get
- * hung forever in case the response message isn't seen.
+ * Wait up to 100 seconds since an Azure host must writeback any dirty
+ * data in its disk cache before the VMbus UNLOAD request will
+ * complete. This flushing has been empirically observed to take up
+ * to 50 seconds in cases with a lot of dirty data, so allow additional
+ * leeway and for inaccuracies in mdelay(). But eventually time out so
+ * that the panic path can't get hung forever in case the response
+ * message isn't seen.
*/
- for (i = 0; i < 1000; i++) {
+ for (i = 1; i <= UNLOAD_WAIT_LOOPS; i++) {
if (completion_done(&vmbus_connection.unload_event))
- break;
+ goto completed;
for_each_online_cpu(cpu) {
struct hv_per_cpu_context *hv_cpu
@@ -818,9 +829,18 @@ static void vmbus_wait_for_unload(void)
vmbus_signal_eom(msg, message_type);
}
- mdelay(10);
+ /*
+ * Give a notice periodically so someone watching the
+ * serial output won't think it is completely hung.
+ */
+ if (!(i % UNLOAD_MSG_LOOPS))
+ pr_notice("Waiting for VMBus UNLOAD to complete\n");
+
+ mdelay(UNLOAD_DELAY_UNIT_MS);
}
+ pr_err("Continuing even though VMBus UNLOAD did not complete\n");
+completed:
/*
* We're crashing and already got the UNLOAD_RESPONSE, cleanup all
* maybe-pending messages on all CPUs to be able to receive new
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 222/425] usb: dwc2: Fix host mode hibernation exit with remote wakeup flow.
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (220 preceding siblings ...)
2021-05-20 9:19 ` [PATCH 4.19 221/425] Drivers: hv: vmbus: Increase wait time for VMbus unload Greg Kroah-Hartman
@ 2021-05-20 9:19 ` Greg Kroah-Hartman
2021-05-20 9:19 ` [PATCH 4.19 223/425] usb: dwc2: Fix hibernation between host and device modes Greg Kroah-Hartman
` (209 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:19 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Minas Harutyunyan, Artur Petrosyan,
Sasha Levin
From: Artur Petrosyan <Arthur.Petrosyan@synopsys.com>
[ Upstream commit c2db8d7b9568b10e014af83b3c15e39929e3579e ]
Added setting "port_connect_status_change" flag to "1" in order
to re-enumerate, because after exit from hibernation port
connection status is not detected.
Fixes: c5c403dc4336 ("usb: dwc2: Add host/device hibernation functions")
Acked-by: Minas Harutyunyan <Minas.Harutyunyan@synopsys.com>
Signed-off-by: Artur Petrosyan <Arthur.Petrosyan@synopsys.com>
Link: https://lore.kernel.org/r/20210416124707.5EEC2A005D@mailhost.synopsys.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/usb/dwc2/hcd.c | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/drivers/usb/dwc2/hcd.c b/drivers/usb/dwc2/hcd.c
index 91686e1b24d9..58e53e3d905b 100644
--- a/drivers/usb/dwc2/hcd.c
+++ b/drivers/usb/dwc2/hcd.c
@@ -5741,7 +5741,15 @@ int dwc2_host_exit_hibernation(struct dwc2_hsotg *hsotg, int rem_wakeup,
return ret;
}
- dwc2_hcd_rem_wakeup(hsotg);
+ if (rem_wakeup) {
+ dwc2_hcd_rem_wakeup(hsotg);
+ /*
+ * Change "port_connect_status_change" flag to re-enumerate,
+ * because after exit from hibernation port connection status
+ * is not detected.
+ */
+ hsotg->flags.b.port_connect_status_change = 1;
+ }
hsotg->hibernated = 0;
hsotg->bus_suspended = 0;
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 223/425] usb: dwc2: Fix hibernation between host and device modes.
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (221 preceding siblings ...)
2021-05-20 9:19 ` [PATCH 4.19 222/425] usb: dwc2: Fix host mode hibernation exit with remote wakeup flow Greg Kroah-Hartman
@ 2021-05-20 9:19 ` Greg Kroah-Hartman
2021-05-20 9:19 ` [PATCH 4.19 224/425] ttyprintk: Add TTY hangup callback Greg Kroah-Hartman
` (208 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:19 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Minas Harutyunyan, Artur Petrosyan,
Sasha Levin
From: Artur Petrosyan <Arthur.Petrosyan@synopsys.com>
[ Upstream commit 24d209dba5a3959b2ebde7cf3ad40c8015e814cf ]
When core is in hibernation in host mode and a device cable
was connected then driver exited from device hibernation.
However, registers saved for host mode and when exited from
device hibernation register restore would be done for device
register which was wrong because there was no device registers
stored to restore.
- Added dwc_handle_gpwrdn_disc_det() function which handles
gpwrdn disconnect detect flow and exits hibernation
without restoring the registers.
- Updated exiting from hibernation in GPWRDN_STS_CHGINT with
calling dwc_handle_gpwrdn_disc_det() function. Here no register
is restored which is the solution described above.
Fixes: 65c9c4c6b01f ("usb: dwc2: Add dwc2_handle_gpwrdn_intr() handler")
Acked-by: Minas Harutyunyan <Minas.Harutyunyan@synopsys.com>
Signed-off-by: Artur Petrosyan <Arthur.Petrosyan@synopsys.com>
Signed-off-by: Minas Harutyunyan <Minas.Harutyunyan@synopsys.com>
Link: https://lore.kernel.org/r/20210416124715.75355A005D@mailhost.synopsys.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/usb/dwc2/core_intr.c | 154 +++++++++++++++++++----------------
1 file changed, 83 insertions(+), 71 deletions(-)
diff --git a/drivers/usb/dwc2/core_intr.c b/drivers/usb/dwc2/core_intr.c
index 14efa28e048f..af26a8a20e0b 100644
--- a/drivers/usb/dwc2/core_intr.c
+++ b/drivers/usb/dwc2/core_intr.c
@@ -653,6 +653,71 @@ static u32 dwc2_read_common_intr(struct dwc2_hsotg *hsotg)
return 0;
}
+/**
+ * dwc_handle_gpwrdn_disc_det() - Handles the gpwrdn disconnect detect.
+ * Exits hibernation without restoring registers.
+ *
+ * @hsotg: Programming view of DWC_otg controller
+ * @gpwrdn: GPWRDN register
+ */
+static inline void dwc_handle_gpwrdn_disc_det(struct dwc2_hsotg *hsotg,
+ u32 gpwrdn)
+{
+ u32 gpwrdn_tmp;
+
+ /* Switch-on voltage to the core */
+ gpwrdn_tmp = dwc2_readl(hsotg, GPWRDN);
+ gpwrdn_tmp &= ~GPWRDN_PWRDNSWTCH;
+ dwc2_writel(hsotg, gpwrdn_tmp, GPWRDN);
+ udelay(5);
+
+ /* Reset core */
+ gpwrdn_tmp = dwc2_readl(hsotg, GPWRDN);
+ gpwrdn_tmp &= ~GPWRDN_PWRDNRSTN;
+ dwc2_writel(hsotg, gpwrdn_tmp, GPWRDN);
+ udelay(5);
+
+ /* Disable Power Down Clamp */
+ gpwrdn_tmp = dwc2_readl(hsotg, GPWRDN);
+ gpwrdn_tmp &= ~GPWRDN_PWRDNCLMP;
+ dwc2_writel(hsotg, gpwrdn_tmp, GPWRDN);
+ udelay(5);
+
+ /* Deassert reset core */
+ gpwrdn_tmp = dwc2_readl(hsotg, GPWRDN);
+ gpwrdn_tmp |= GPWRDN_PWRDNRSTN;
+ dwc2_writel(hsotg, gpwrdn_tmp, GPWRDN);
+ udelay(5);
+
+ /* Disable PMU interrupt */
+ gpwrdn_tmp = dwc2_readl(hsotg, GPWRDN);
+ gpwrdn_tmp &= ~GPWRDN_PMUINTSEL;
+ dwc2_writel(hsotg, gpwrdn_tmp, GPWRDN);
+
+ /* De-assert Wakeup Logic */
+ gpwrdn_tmp = dwc2_readl(hsotg, GPWRDN);
+ gpwrdn_tmp &= ~GPWRDN_PMUACTV;
+ dwc2_writel(hsotg, gpwrdn_tmp, GPWRDN);
+
+ hsotg->hibernated = 0;
+ hsotg->bus_suspended = 0;
+
+ if (gpwrdn & GPWRDN_IDSTS) {
+ hsotg->op_state = OTG_STATE_B_PERIPHERAL;
+ dwc2_core_init(hsotg, false);
+ dwc2_enable_global_interrupts(hsotg);
+ dwc2_hsotg_core_init_disconnected(hsotg, false);
+ dwc2_hsotg_core_connect(hsotg);
+ } else {
+ hsotg->op_state = OTG_STATE_A_HOST;
+
+ /* Initialize the Core for Host mode */
+ dwc2_core_init(hsotg, false);
+ dwc2_enable_global_interrupts(hsotg);
+ dwc2_hcd_start(hsotg);
+ }
+}
+
/*
* GPWRDN interrupt handler.
*
@@ -674,64 +739,14 @@ static void dwc2_handle_gpwrdn_intr(struct dwc2_hsotg *hsotg)
if ((gpwrdn & GPWRDN_DISCONN_DET) &&
(gpwrdn & GPWRDN_DISCONN_DET_MSK) && !linestate) {
- u32 gpwrdn_tmp;
-
dev_dbg(hsotg->dev, "%s: GPWRDN_DISCONN_DET\n", __func__);
-
- /* Switch-on voltage to the core */
- gpwrdn_tmp = dwc2_readl(hsotg, GPWRDN);
- gpwrdn_tmp &= ~GPWRDN_PWRDNSWTCH;
- dwc2_writel(hsotg, gpwrdn_tmp, GPWRDN);
- udelay(10);
-
- /* Reset core */
- gpwrdn_tmp = dwc2_readl(hsotg, GPWRDN);
- gpwrdn_tmp &= ~GPWRDN_PWRDNRSTN;
- dwc2_writel(hsotg, gpwrdn_tmp, GPWRDN);
- udelay(10);
-
- /* Disable Power Down Clamp */
- gpwrdn_tmp = dwc2_readl(hsotg, GPWRDN);
- gpwrdn_tmp &= ~GPWRDN_PWRDNCLMP;
- dwc2_writel(hsotg, gpwrdn_tmp, GPWRDN);
- udelay(10);
-
- /* Deassert reset core */
- gpwrdn_tmp = dwc2_readl(hsotg, GPWRDN);
- gpwrdn_tmp |= GPWRDN_PWRDNRSTN;
- dwc2_writel(hsotg, gpwrdn_tmp, GPWRDN);
- udelay(10);
-
- /* Disable PMU interrupt */
- gpwrdn_tmp = dwc2_readl(hsotg, GPWRDN);
- gpwrdn_tmp &= ~GPWRDN_PMUINTSEL;
- dwc2_writel(hsotg, gpwrdn_tmp, GPWRDN);
-
- /* De-assert Wakeup Logic */
- gpwrdn_tmp = dwc2_readl(hsotg, GPWRDN);
- gpwrdn_tmp &= ~GPWRDN_PMUACTV;
- dwc2_writel(hsotg, gpwrdn_tmp, GPWRDN);
-
- hsotg->hibernated = 0;
-
- if (gpwrdn & GPWRDN_IDSTS) {
- hsotg->op_state = OTG_STATE_B_PERIPHERAL;
- dwc2_core_init(hsotg, false);
- dwc2_enable_global_interrupts(hsotg);
- dwc2_hsotg_core_init_disconnected(hsotg, false);
- dwc2_hsotg_core_connect(hsotg);
- } else {
- hsotg->op_state = OTG_STATE_A_HOST;
-
- /* Initialize the Core for Host mode */
- dwc2_core_init(hsotg, false);
- dwc2_enable_global_interrupts(hsotg);
- dwc2_hcd_start(hsotg);
- }
- }
-
- if ((gpwrdn & GPWRDN_LNSTSCHG) &&
- (gpwrdn & GPWRDN_LNSTSCHG_MSK) && linestate) {
+ /*
+ * Call disconnect detect function to exit from
+ * hibernation
+ */
+ dwc_handle_gpwrdn_disc_det(hsotg, gpwrdn);
+ } else if ((gpwrdn & GPWRDN_LNSTSCHG) &&
+ (gpwrdn & GPWRDN_LNSTSCHG_MSK) && linestate) {
dev_dbg(hsotg->dev, "%s: GPWRDN_LNSTSCHG\n", __func__);
if (hsotg->hw_params.hibernation &&
hsotg->hibernated) {
@@ -742,24 +757,21 @@ static void dwc2_handle_gpwrdn_intr(struct dwc2_hsotg *hsotg)
dwc2_exit_hibernation(hsotg, 1, 0, 1);
}
}
- }
- if ((gpwrdn & GPWRDN_RST_DET) && (gpwrdn & GPWRDN_RST_DET_MSK)) {
+ } else if ((gpwrdn & GPWRDN_RST_DET) &&
+ (gpwrdn & GPWRDN_RST_DET_MSK)) {
dev_dbg(hsotg->dev, "%s: GPWRDN_RST_DET\n", __func__);
if (!linestate && (gpwrdn & GPWRDN_BSESSVLD))
dwc2_exit_hibernation(hsotg, 0, 1, 0);
- }
- if ((gpwrdn & GPWRDN_STS_CHGINT) &&
- (gpwrdn & GPWRDN_STS_CHGINT_MSK) && linestate) {
+ } else if ((gpwrdn & GPWRDN_STS_CHGINT) &&
+ (gpwrdn & GPWRDN_STS_CHGINT_MSK)) {
dev_dbg(hsotg->dev, "%s: GPWRDN_STS_CHGINT\n", __func__);
- if (hsotg->hw_params.hibernation &&
- hsotg->hibernated) {
- if (gpwrdn & GPWRDN_IDSTS) {
- dwc2_exit_hibernation(hsotg, 0, 0, 0);
- call_gadget(hsotg, resume);
- } else {
- dwc2_exit_hibernation(hsotg, 1, 0, 1);
- }
- }
+ /*
+ * As GPWRDN_STS_CHGINT exit from hibernation flow is
+ * the same as in GPWRDN_DISCONN_DET flow. Call
+ * disconnect detect helper function to exit from
+ * hibernation.
+ */
+ dwc_handle_gpwrdn_disc_det(hsotg, gpwrdn);
}
}
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 224/425] ttyprintk: Add TTY hangup callback.
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (222 preceding siblings ...)
2021-05-20 9:19 ` [PATCH 4.19 223/425] usb: dwc2: Fix hibernation between host and device modes Greg Kroah-Hartman
@ 2021-05-20 9:19 ` Greg Kroah-Hartman
2021-05-20 9:19 ` [PATCH 4.19 225/425] soc: aspeed: fix a ternary sign expansion bug Greg Kroah-Hartman
` (207 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:19 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, syzbot, syzbot, Tetsuo Handa, Sasha Levin
From: Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp>
[ Upstream commit c0070e1e60270f6a1e09442a9ab2335f3eaeaad2 ]
syzbot is reporting hung task due to flood of
tty_warn(tty, "%s: tty->count = 1 port count = %d\n", __func__,
port->count);
message [1], for ioctl(TIOCVHANGUP) prevents tty_port_close() from
decrementing port->count due to tty_hung_up_p() == true.
----------
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
#include <sys/ioctl.h>
#include <unistd.h>
int main(int argc, char *argv[])
{
int i;
int fd[10];
for (i = 0; i < 10; i++)
fd[i] = open("/dev/ttyprintk", O_WRONLY);
ioctl(fd[0], TIOCVHANGUP);
for (i = 0; i < 10; i++)
close(fd[i]);
close(open("/dev/ttyprintk", O_WRONLY));
return 0;
}
----------
When TTY hangup happens, port->count needs to be reset via
"struct tty_operations"->hangup callback.
[1] https://syzkaller.appspot.com/bug?id=39ea6caa479af471183997376dc7e90bc7d64a6a
Reported-by: syzbot <syzbot+43e93968b964e369db0b@syzkaller.appspotmail.com>
Reported-by: syzbot <syzbot+3ed715090790806d8b18@syzkaller.appspotmail.com>
Tested-by: syzbot <syzbot+43e93968b964e369db0b@syzkaller.appspotmail.com>
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Fixes: 24b4b67d17c308aa ("add ttyprintk driver")
Link: https://lore.kernel.org/r/17e0652d-89b7-c8c0-fb53-e7566ac9add4@i-love.sakura.ne.jp
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/char/ttyprintk.c | 11 +++++++++++
1 file changed, 11 insertions(+)
diff --git a/drivers/char/ttyprintk.c b/drivers/char/ttyprintk.c
index 774748497ace..e56ac5adb5fc 100644
--- a/drivers/char/ttyprintk.c
+++ b/drivers/char/ttyprintk.c
@@ -159,12 +159,23 @@ static int tpk_ioctl(struct tty_struct *tty,
return 0;
}
+/*
+ * TTY operations hangup function.
+ */
+static void tpk_hangup(struct tty_struct *tty)
+{
+ struct ttyprintk_port *tpkp = tty->driver_data;
+
+ tty_port_hangup(&tpkp->port);
+}
+
static const struct tty_operations ttyprintk_ops = {
.open = tpk_open,
.close = tpk_close,
.write = tpk_write,
.write_room = tpk_write_room,
.ioctl = tpk_ioctl,
+ .hangup = tpk_hangup,
};
static const struct tty_port_operations null_ops = { };
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 225/425] soc: aspeed: fix a ternary sign expansion bug
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (223 preceding siblings ...)
2021-05-20 9:19 ` [PATCH 4.19 224/425] ttyprintk: Add TTY hangup callback Greg Kroah-Hartman
@ 2021-05-20 9:19 ` Greg Kroah-Hartman
2021-05-20 9:19 ` [PATCH 4.19 226/425] media: vivid: fix assignment of dev->fbuf_out_flags Greg Kroah-Hartman
` (206 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:19 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dan Carpenter, Joel Stanley,
Patrick Venture, Arnd Bergmann, Sasha Levin
From: Dan Carpenter <dan.carpenter@oracle.com>
[ Upstream commit 5ffa828534036348fa90fb3079ccc0972d202c4a ]
The intent here was to return negative error codes but it actually
returns positive values. The problem is that type promotion with
ternary operations is quite complicated.
"ret" is an int. "copied" is a u32. And the snoop_file_read() function
returns long. What happens is that "ret" is cast to u32 and becomes
positive then it's cast to long and it's still positive.
Fix this by removing the ternary so that "ret" is type promoted directly
to long.
Fixes: 3772e5da4454 ("drivers/misc: Aspeed LPC snoop output using misc chardev")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Joel Stanley <joel@jms.id.au>
Reviewed-by: Patrick Venture <venture@google.com>
Link: https://lore.kernel.org/r/YIE90PSXsMTa2Y8n@mwanda
Link: https://lore.kernel.org/r/20210423000919.1249474-1-joel@jms.id.au'
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/misc/aspeed-lpc-snoop.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/misc/aspeed-lpc-snoop.c b/drivers/misc/aspeed-lpc-snoop.c
index b4a776bf44bc..e2cb0b9607d1 100644
--- a/drivers/misc/aspeed-lpc-snoop.c
+++ b/drivers/misc/aspeed-lpc-snoop.c
@@ -99,8 +99,10 @@ static ssize_t snoop_file_read(struct file *file, char __user *buffer,
return -EINTR;
}
ret = kfifo_to_user(&chan->fifo, buffer, count, &copied);
+ if (ret)
+ return ret;
- return ret ? ret : copied;
+ return copied;
}
static __poll_t snoop_file_poll(struct file *file,
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 226/425] media: vivid: fix assignment of dev->fbuf_out_flags
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (224 preceding siblings ...)
2021-05-20 9:19 ` [PATCH 4.19 225/425] soc: aspeed: fix a ternary sign expansion bug Greg Kroah-Hartman
@ 2021-05-20 9:19 ` Greg Kroah-Hartman
2021-05-20 9:19 ` [PATCH 4.19 227/425] media: omap4iss: return error code when omap4iss_get() failed Greg Kroah-Hartman
` (205 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:19 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Colin Ian King, Hans Verkuil,
Mauro Carvalho Chehab, Sasha Levin
From: Colin Ian King <colin.king@canonical.com>
[ Upstream commit 5cde22fcc7271812a7944c47b40100df15908358 ]
Currently the chroma_flags and alpha_flags are being zero'd with a bit-wise
mask and the following statement should be bit-wise or'ing in the new flag
bits but instead is making a direct assignment. Fix this by using the |=
operator rather than an assignment.
Addresses-Coverity: ("Unused value")
Fixes: ef834f7836ec ("[media] vivid: add the video capture and output parts")
Signed-off-by: Colin Ian King <colin.king@canonical.com>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/platform/vivid/vivid-vid-out.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/media/platform/vivid/vivid-vid-out.c b/drivers/media/platform/vivid/vivid-vid-out.c
index 0f909500a0b8..ecd9e36ef3f6 100644
--- a/drivers/media/platform/vivid/vivid-vid-out.c
+++ b/drivers/media/platform/vivid/vivid-vid-out.c
@@ -998,7 +998,7 @@ int vivid_vid_out_s_fbuf(struct file *file, void *fh,
return -EINVAL;
}
dev->fbuf_out_flags &= ~(chroma_flags | alpha_flags);
- dev->fbuf_out_flags = a->flags & (chroma_flags | alpha_flags);
+ dev->fbuf_out_flags |= a->flags & (chroma_flags | alpha_flags);
return 0;
}
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 227/425] media: omap4iss: return error code when omap4iss_get() failed
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (225 preceding siblings ...)
2021-05-20 9:19 ` [PATCH 4.19 226/425] media: vivid: fix assignment of dev->fbuf_out_flags Greg Kroah-Hartman
@ 2021-05-20 9:19 ` Greg Kroah-Hartman
2021-05-20 9:19 ` [PATCH 4.19 228/425] media: m88rs6000t: avoid potential out-of-bounds reads on arrays Greg Kroah-Hartman
` (204 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:19 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hulk Robot, Yang Yingliang,
Hans Verkuil, Mauro Carvalho Chehab, Sasha Levin
From: Yang Yingliang <yangyingliang@huawei.com>
[ Upstream commit 8938c48fa25b491842ece9eb38f0bea0fcbaca44 ]
If omap4iss_get() failed, it need return error code in iss_probe().
Fixes: 59f0ad807681 ("[media] v4l: omap4iss: Add support for OMAP4...")
Reported-by: Hulk Robot <hulkci@huawei.com>
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/staging/media/omap4iss/iss.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/staging/media/omap4iss/iss.c b/drivers/staging/media/omap4iss/iss.c
index b1036baebb03..d796e754610c 100644
--- a/drivers/staging/media/omap4iss/iss.c
+++ b/drivers/staging/media/omap4iss/iss.c
@@ -1244,8 +1244,10 @@ static int iss_probe(struct platform_device *pdev)
if (ret < 0)
goto error;
- if (!omap4iss_get(iss))
+ if (!omap4iss_get(iss)) {
+ ret = -EINVAL;
goto error;
+ }
ret = iss_reset(iss);
if (ret < 0)
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 228/425] media: m88rs6000t: avoid potential out-of-bounds reads on arrays
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (226 preceding siblings ...)
2021-05-20 9:19 ` [PATCH 4.19 227/425] media: omap4iss: return error code when omap4iss_get() failed Greg Kroah-Hartman
@ 2021-05-20 9:19 ` Greg Kroah-Hartman
2021-05-20 9:19 ` [PATCH 4.19 229/425] drm/amdkfd: fix build error with AMD_IOMMU_V2=m Greg Kroah-Hartman
` (203 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:19 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Colin Ian King,
Mauro Carvalho Chehab, Sasha Levin
From: Colin Ian King <colin.king@canonical.com>
[ Upstream commit 9baa3d64e8e2373ddd11c346439e5dfccb2cbb0d ]
There a 3 array for-loops that don't check the upper bounds of the
index into arrays and this may lead to potential out-of-bounds
reads. Fix this by adding array size upper bounds checks to be
full safe.
Addresses-Coverity: ("Out-of-bounds read")
Link: https://lore.kernel.org/linux-media/20201007121628.20676-1-colin.king@canonical.com
Fixes: 333829110f1d ("[media] m88rs6000t: add new dvb-s/s2 tuner for integrated chip M88RS6000")
Signed-off-by: Colin Ian King <colin.king@canonical.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/tuners/m88rs6000t.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/drivers/media/tuners/m88rs6000t.c b/drivers/media/tuners/m88rs6000t.c
index 3df2f23a40be..3fe13de48777 100644
--- a/drivers/media/tuners/m88rs6000t.c
+++ b/drivers/media/tuners/m88rs6000t.c
@@ -534,7 +534,7 @@ static int m88rs6000t_get_rf_strength(struct dvb_frontend *fe, u16 *strength)
PGA2_cri = PGA2_GC >> 2;
PGA2_crf = PGA2_GC & 0x03;
- for (i = 0; i <= RF_GC; i++)
+ for (i = 0; i <= RF_GC && i < ARRAY_SIZE(RFGS); i++)
RFG += RFGS[i];
if (RF_GC == 0)
@@ -546,12 +546,12 @@ static int m88rs6000t_get_rf_strength(struct dvb_frontend *fe, u16 *strength)
if (RF_GC == 3)
RFG += 100;
- for (i = 0; i <= IF_GC; i++)
+ for (i = 0; i <= IF_GC && i < ARRAY_SIZE(IFGS); i++)
IFG += IFGS[i];
TIAG = TIA_GC * TIA_GS;
- for (i = 0; i <= BB_GC; i++)
+ for (i = 0; i <= BB_GC && i < ARRAY_SIZE(BBGS); i++)
BBG += BBGS[i];
PGA2G = PGA2_cri * PGA2_cri_GS + PGA2_crf * PGA2_crf_GS;
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 229/425] drm/amdkfd: fix build error with AMD_IOMMU_V2=m
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (227 preceding siblings ...)
2021-05-20 9:19 ` [PATCH 4.19 228/425] media: m88rs6000t: avoid potential out-of-bounds reads on arrays Greg Kroah-Hartman
@ 2021-05-20 9:19 ` Greg Kroah-Hartman
2021-05-20 9:19 ` [PATCH 4.19 230/425] x86/kprobes: Fix to check non boostable prefixes correctly Greg Kroah-Hartman
` (202 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:19 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Arnd Bergmann, Felix Kuehling,
Christian König, Alex Deucher, Sasha Levin
From: Felix Kuehling <Felix.Kuehling@amd.com>
[ Upstream commit 1e87068570a2cc4db5f95a881686add71729e769 ]
Using 'imply AMD_IOMMU_V2' does not guarantee that the driver can link
against the exported functions. If the GPU driver is built-in but the
IOMMU driver is a loadable module, the kfd_iommu.c file is indeed
built but does not work:
x86_64-linux-ld: drivers/gpu/drm/amd/amdkfd/kfd_iommu.o: in function `kfd_iommu_bind_process_to_device':
kfd_iommu.c:(.text+0x516): undefined reference to `amd_iommu_bind_pasid'
x86_64-linux-ld: drivers/gpu/drm/amd/amdkfd/kfd_iommu.o: in function `kfd_iommu_unbind_process':
kfd_iommu.c:(.text+0x691): undefined reference to `amd_iommu_unbind_pasid'
x86_64-linux-ld: drivers/gpu/drm/amd/amdkfd/kfd_iommu.o: in function `kfd_iommu_suspend':
kfd_iommu.c:(.text+0x966): undefined reference to `amd_iommu_set_invalidate_ctx_cb'
x86_64-linux-ld: kfd_iommu.c:(.text+0x97f): undefined reference to `amd_iommu_set_invalid_ppr_cb'
x86_64-linux-ld: kfd_iommu.c:(.text+0x9a4): undefined reference to `amd_iommu_free_device'
x86_64-linux-ld: drivers/gpu/drm/amd/amdkfd/kfd_iommu.o: in function `kfd_iommu_resume':
kfd_iommu.c:(.text+0xa9a): undefined reference to `amd_iommu_init_device'
x86_64-linux-ld: kfd_iommu.c:(.text+0xadc): undefined reference to `amd_iommu_set_invalidate_ctx_cb'
x86_64-linux-ld: kfd_iommu.c:(.text+0xaff): undefined reference to `amd_iommu_set_invalid_ppr_cb'
x86_64-linux-ld: kfd_iommu.c:(.text+0xc72): undefined reference to `amd_iommu_bind_pasid'
x86_64-linux-ld: kfd_iommu.c:(.text+0xe08): undefined reference to `amd_iommu_set_invalidate_ctx_cb'
x86_64-linux-ld: kfd_iommu.c:(.text+0xe26): undefined reference to `amd_iommu_set_invalid_ppr_cb'
x86_64-linux-ld: kfd_iommu.c:(.text+0xe42): undefined reference to `amd_iommu_free_device'
Use IS_REACHABLE to only build IOMMU-V2 support if the amd_iommu symbols
are reachable by the amdkfd driver. Output a warning if they are not,
because that may not be what the user was expecting.
Fixes: 64d1c3a43a6f ("drm/amdkfd: Centralize IOMMUv2 code and make it conditional")
Reported-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Felix Kuehling <Felix.Kuehling@amd.com>
Reviewed-by: Christian König <christian.koenig@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/amd/amdkfd/kfd_iommu.c | 6 ++++++
drivers/gpu/drm/amd/amdkfd/kfd_iommu.h | 9 +++++++--
2 files changed, 13 insertions(+), 2 deletions(-)
diff --git a/drivers/gpu/drm/amd/amdkfd/kfd_iommu.c b/drivers/gpu/drm/amd/amdkfd/kfd_iommu.c
index 01494752c36a..f3a526ed8059 100644
--- a/drivers/gpu/drm/amd/amdkfd/kfd_iommu.c
+++ b/drivers/gpu/drm/amd/amdkfd/kfd_iommu.c
@@ -20,6 +20,10 @@
* OTHER DEALINGS IN THE SOFTWARE.
*/
+#include <linux/kconfig.h>
+
+#if IS_REACHABLE(CONFIG_AMD_IOMMU_V2)
+
#include <linux/printk.h>
#include <linux/device.h>
#include <linux/slab.h>
@@ -366,3 +370,5 @@ int kfd_iommu_add_perf_counters(struct kfd_topology_device *kdev)
return 0;
}
+
+#endif
diff --git a/drivers/gpu/drm/amd/amdkfd/kfd_iommu.h b/drivers/gpu/drm/amd/amdkfd/kfd_iommu.h
index dd23d9fdf6a8..afd420b01a0c 100644
--- a/drivers/gpu/drm/amd/amdkfd/kfd_iommu.h
+++ b/drivers/gpu/drm/amd/amdkfd/kfd_iommu.h
@@ -23,7 +23,9 @@
#ifndef __KFD_IOMMU_H__
#define __KFD_IOMMU_H__
-#if defined(CONFIG_AMD_IOMMU_V2_MODULE) || defined(CONFIG_AMD_IOMMU_V2)
+#include <linux/kconfig.h>
+
+#if IS_REACHABLE(CONFIG_AMD_IOMMU_V2)
#define KFD_SUPPORT_IOMMU_V2
@@ -46,6 +48,9 @@ static inline int kfd_iommu_check_device(struct kfd_dev *kfd)
}
static inline int kfd_iommu_device_init(struct kfd_dev *kfd)
{
+#if IS_MODULE(CONFIG_AMD_IOMMU_V2)
+ WARN_ONCE(1, "iommu_v2 module is not usable by built-in KFD");
+#endif
return 0;
}
@@ -73,6 +78,6 @@ static inline int kfd_iommu_add_perf_counters(struct kfd_topology_device *kdev)
return 0;
}
-#endif /* defined(CONFIG_AMD_IOMMU_V2) */
+#endif /* IS_REACHABLE(CONFIG_AMD_IOMMU_V2) */
#endif /* __KFD_IOMMU_H__ */
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 230/425] x86/kprobes: Fix to check non boostable prefixes correctly
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (228 preceding siblings ...)
2021-05-20 9:19 ` [PATCH 4.19 229/425] drm/amdkfd: fix build error with AMD_IOMMU_V2=m Greg Kroah-Hartman
@ 2021-05-20 9:19 ` Greg Kroah-Hartman
2021-05-20 9:20 ` [PATCH 4.19 231/425] pata_arasan_cf: fix IRQ check Greg Kroah-Hartman
` (201 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:19 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Masami Hiramatsu, Ingo Molnar, Sasha Levin
From: Masami Hiramatsu <mhiramat@kernel.org>
[ Upstream commit 6dd3b8c9f58816a1354be39559f630cd1bd12159 ]
There are 2 bugs in the can_boost() function because of using
x86 insn decoder. Since the insn->opcode never has a prefix byte,
it can not find CS override prefix in it. And the insn->attr is
the attribute of the opcode, thus inat_is_address_size_prefix(
insn->attr) always returns false.
Fix those by checking each prefix bytes with for_each_insn_prefix
loop and getting the correct attribute for each prefix byte.
Also, this removes unlikely, because this is a slow path.
Fixes: a8d11cd0714f ("kprobes/x86: Consolidate insn decoder users for copying code")
Signed-off-by: Masami Hiramatsu <mhiramat@kernel.org>
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Link: https://lore.kernel.org/r/161666691162.1120877.2808435205294352583.stgit@devnote2
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/x86/kernel/kprobes/core.c | 17 ++++++++++++-----
1 file changed, 12 insertions(+), 5 deletions(-)
diff --git a/arch/x86/kernel/kprobes/core.c b/arch/x86/kernel/kprobes/core.c
index dfc3ab44bc5d..3334e1400345 100644
--- a/arch/x86/kernel/kprobes/core.c
+++ b/arch/x86/kernel/kprobes/core.c
@@ -170,6 +170,8 @@ NOKPROBE_SYMBOL(skip_prefixes);
int can_boost(struct insn *insn, void *addr)
{
kprobe_opcode_t opcode;
+ insn_byte_t prefix;
+ int i;
if (search_exception_tables((unsigned long)addr))
return 0; /* Page fault may occur on this address. */
@@ -182,9 +184,14 @@ int can_boost(struct insn *insn, void *addr)
if (insn->opcode.nbytes != 1)
return 0;
- /* Can't boost Address-size override prefix */
- if (unlikely(inat_is_address_size_prefix(insn->attr)))
- return 0;
+ for_each_insn_prefix(insn, i, prefix) {
+ insn_attr_t attr;
+
+ attr = inat_get_opcode_attribute(prefix);
+ /* Can't boost Address-size override prefix and CS override prefix */
+ if (prefix == 0x2e || inat_is_address_size_prefix(attr))
+ return 0;
+ }
opcode = insn->opcode.bytes[0];
@@ -209,8 +216,8 @@ int can_boost(struct insn *insn, void *addr)
/* clear and set flags are boostable */
return (opcode == 0xf5 || (0xf7 < opcode && opcode < 0xfe));
default:
- /* CS override prefix and call are not boostable */
- return (opcode != 0x2e && opcode != 0x9a);
+ /* call is not boostable */
+ return opcode != 0x9a;
}
}
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 231/425] pata_arasan_cf: fix IRQ check
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (229 preceding siblings ...)
2021-05-20 9:19 ` [PATCH 4.19 230/425] x86/kprobes: Fix to check non boostable prefixes correctly Greg Kroah-Hartman
@ 2021-05-20 9:20 ` Greg Kroah-Hartman
2021-05-20 9:20 ` [PATCH 4.19 232/425] pata_ipx4xx_cf: " Greg Kroah-Hartman
` (200 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:20 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Sergey Shtylyov, Viresh Kumar,
Jens Axboe, Sasha Levin
From: Sergey Shtylyov <s.shtylyov@omprussia.ru>
[ Upstream commit c7e8f404d56b99c80990b19a402c3f640d74be05 ]
The driver's probe() method is written as if platform_get_irq() returns 0
on error, while actually it returns a negative error code (with all the
other values considered valid IRQs). Rewrite the driver's IRQ checking code
to pass the positive IRQ #s to ata_host_activate(), propagate upstream
-EPROBE_DEFER, and set up the driver to polling mode on (negative) errors
and IRQ0 (libata treats IRQ #0 as a polling mode anyway)...
Fixes: a480167b23ef ("pata_arasan_cf: Adding support for arasan compact flash host controller")
Signed-off-by: Sergey Shtylyov <s.shtylyov@omprussia.ru>
Acked-by: Viresh Kumar <viresh.kumar@linaro.org>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/ata/pata_arasan_cf.c | 15 +++++++++++----
1 file changed, 11 insertions(+), 4 deletions(-)
diff --git a/drivers/ata/pata_arasan_cf.c b/drivers/ata/pata_arasan_cf.c
index ebecab8c3f36..7c1c399450f3 100644
--- a/drivers/ata/pata_arasan_cf.c
+++ b/drivers/ata/pata_arasan_cf.c
@@ -817,12 +817,19 @@ static int arasan_cf_probe(struct platform_device *pdev)
else
quirk = CF_BROKEN_UDMA; /* as it is on spear1340 */
- /* if irq is 0, support only PIO */
- acdev->irq = platform_get_irq(pdev, 0);
- if (acdev->irq)
+ /*
+ * If there's an error getting IRQ (or we do get IRQ0),
+ * support only PIO
+ */
+ ret = platform_get_irq(pdev, 0);
+ if (ret > 0) {
+ acdev->irq = ret;
irq_handler = arasan_cf_interrupt;
- else
+ } else if (ret == -EPROBE_DEFER) {
+ return ret;
+ } else {
quirk |= CF_BROKEN_MWDMA | CF_BROKEN_UDMA;
+ }
acdev->pbase = res->start;
acdev->vbase = devm_ioremap_nocache(&pdev->dev, res->start,
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 232/425] pata_ipx4xx_cf: fix IRQ check
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (230 preceding siblings ...)
2021-05-20 9:20 ` [PATCH 4.19 231/425] pata_arasan_cf: fix IRQ check Greg Kroah-Hartman
@ 2021-05-20 9:20 ` Greg Kroah-Hartman
2021-05-20 9:20 ` [PATCH 4.19 233/425] sata_mv: add IRQ checks Greg Kroah-Hartman
` (199 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:20 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Sergey Shtylyov, Jens Axboe, Sasha Levin
From: Sergey Shtylyov <s.shtylyov@omprussia.ru>
[ Upstream commit e379b40cc0f179403ce0b82b7e539f635a568da5 ]
The driver's probe() method is written as if platform_get_irq() returns 0
on error, while actually it returns a negative error code (with all the
other values considered valid IRQs). Rewrite the driver's IRQ checking
code to pass the positive IRQ #s to ata_host_activate(), propagate errors
upstream, and treat IRQ0 as error, returning -EINVAL, as the libata code
treats 0 as an indication that polling should be used anyway...
Fixes: 0df0d0a0ea9f ("[libata] ARM: add ixp4xx PATA driver")
Signed-off-by: Sergey Shtylyov <s.shtylyov@omprussia.ru>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/ata/pata_ixp4xx_cf.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/drivers/ata/pata_ixp4xx_cf.c b/drivers/ata/pata_ixp4xx_cf.c
index 0b0d93065f5a..867621f8c387 100644
--- a/drivers/ata/pata_ixp4xx_cf.c
+++ b/drivers/ata/pata_ixp4xx_cf.c
@@ -169,8 +169,12 @@ static int ixp4xx_pata_probe(struct platform_device *pdev)
return -ENOMEM;
irq = platform_get_irq(pdev, 0);
- if (irq)
+ if (irq > 0)
irq_set_irq_type(irq, IRQ_TYPE_EDGE_RISING);
+ else if (irq < 0)
+ return irq;
+ else
+ return -EINVAL;
/* Setup expansion bus chip selects */
*data->cs0_cfg = data->cs0_bits;
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 233/425] sata_mv: add IRQ checks
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (231 preceding siblings ...)
2021-05-20 9:20 ` [PATCH 4.19 232/425] pata_ipx4xx_cf: " Greg Kroah-Hartman
@ 2021-05-20 9:20 ` Greg Kroah-Hartman
2021-05-20 9:20 ` [PATCH 4.19 234/425] ata: libahci_platform: fix IRQ check Greg Kroah-Hartman
` (198 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:20 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Sergey Shtylyov, Jens Axboe, Sasha Levin
From: Sergey Shtylyov <s.shtylyov@omprussia.ru>
[ Upstream commit e6471a65fdd5efbb8dd2732dd0f063f960685ceb ]
The function mv_platform_probe() neglects to check the results of the
calls to platform_get_irq() and irq_of_parse_and_map() and blithely
passes them to ata_host_activate() -- while the latter only checks
for IRQ0 (treating it as a polling mode indicattion) and passes the
negative values to devm_request_irq() causing it to fail as it takes
unsigned values for the IRQ #...
Add to mv_platform_probe() the proper IRQ checks to pass the positive IRQ
#s to ata_host_activate(), propagate upstream the negative error codes,
and override the IRQ0 with -EINVAL (as we don't want the polling mode).
Fixes: f351b2d638c3 ("sata_mv: Support SoC controllers")
Signed-off-by: Sergey Shtylyov <s.shtylyov@omprussia.ru>
Link: https://lore.kernel.org/r/51436f00-27a1-e20b-c21b-0e817e0a7c86@omprussia.ru
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/ata/sata_mv.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/drivers/ata/sata_mv.c b/drivers/ata/sata_mv.c
index 2910b22fac11..57ef11ecbb9b 100644
--- a/drivers/ata/sata_mv.c
+++ b/drivers/ata/sata_mv.c
@@ -4110,6 +4110,10 @@ static int mv_platform_probe(struct platform_device *pdev)
n_ports = mv_platform_data->n_ports;
irq = platform_get_irq(pdev, 0);
}
+ if (irq < 0)
+ return irq;
+ if (!irq)
+ return -EINVAL;
host = ata_host_alloc_pinfo(&pdev->dev, ppi, n_ports);
hpriv = devm_kzalloc(&pdev->dev, sizeof(*hpriv), GFP_KERNEL);
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 234/425] ata: libahci_platform: fix IRQ check
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (232 preceding siblings ...)
2021-05-20 9:20 ` [PATCH 4.19 233/425] sata_mv: add IRQ checks Greg Kroah-Hartman
@ 2021-05-20 9:20 ` Greg Kroah-Hartman
2021-05-20 9:20 ` [PATCH 4.19 235/425] nvme: retrigger ANA log update if group descriptor isnt found Greg Kroah-Hartman
` (197 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:20 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Sergey Shtylyov, Jens Axboe, Sasha Levin
From: Sergey Shtylyov <s.shtylyov@omprussia.ru>
[ Upstream commit b30d0040f06159de97ad9c0b1536f47250719d7d ]
Iff platform_get_irq() returns 0, ahci_platform_init_host() would return 0
early (as if the call was successful). Override IRQ0 with -EINVAL instead
as the 'libata' regards 0 as "no IRQ" (thus polling) anyway...
Fixes: c034640a32f8 ("ata: libahci: properly propagate return value of platform_get_irq()")
Signed-off-by: Sergey Shtylyov <s.shtylyov@omprussia.ru>
Link: https://lore.kernel.org/r/4448c8cc-331f-2915-0e17-38ea34e251c8@omprussia.ru
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/ata/libahci_platform.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/ata/libahci_platform.c b/drivers/ata/libahci_platform.c
index 522b543f718d..6a55aac0c60f 100644
--- a/drivers/ata/libahci_platform.c
+++ b/drivers/ata/libahci_platform.c
@@ -544,11 +544,13 @@ int ahci_platform_init_host(struct platform_device *pdev,
int i, irq, n_ports, rc;
irq = platform_get_irq(pdev, 0);
- if (irq <= 0) {
+ if (irq < 0) {
if (irq != -EPROBE_DEFER)
dev_err(dev, "no irq\n");
return irq;
}
+ if (!irq)
+ return -EINVAL;
hpriv->irq = irq;
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 235/425] nvme: retrigger ANA log update if group descriptor isnt found
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (233 preceding siblings ...)
2021-05-20 9:20 ` [PATCH 4.19 234/425] ata: libahci_platform: fix IRQ check Greg Kroah-Hartman
@ 2021-05-20 9:20 ` Greg Kroah-Hartman
2021-05-20 9:20 ` [PATCH 4.19 236/425] vfio/mdev: Do not allow a mdev_type to have a NULL parent pointer Greg Kroah-Hartman
` (196 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:20 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Martin George, Hannes Reinecke,
Keith Busch, Sagi Grimberg, Christoph Hellwig, Sasha Levin
From: Hannes Reinecke <hare@suse.de>
[ Upstream commit dd8f7fa908f66dd44abcd83cbb50410524b9f8ef ]
If ANA is enabled but no ANA group descriptor is found when creating
a new namespace the ANA log is most likely out of date, so trigger
a re-read. The namespace will be tagged with the NS_ANA_PENDING flag
to exclude it from path selection until the ANA log has been re-read.
Fixes: 32acab3181c7 ("nvme: implement multipath access to nvme subsystems")
Reported-by: Martin George <marting@netapp.com>
Signed-off-by: Hannes Reinecke <hare@suse.de>
Reviewed-by: Keith Busch <kbusch@kernel.org>
Reviewed-by: Sagi Grimberg <sagi@grimberg.me>
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/nvme/host/multipath.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/drivers/nvme/host/multipath.c b/drivers/nvme/host/multipath.c
index 4ef05fe00dac..64f699a1afd7 100644
--- a/drivers/nvme/host/multipath.c
+++ b/drivers/nvme/host/multipath.c
@@ -516,6 +516,10 @@ void nvme_mpath_add_disk(struct nvme_ns *ns, struct nvme_id_ns *id)
if (desc.state) {
/* found the group desc: update */
nvme_update_ns_ana_state(&desc, ns);
+ } else {
+ /* group desc not found: trigger a re-read */
+ set_bit(NVME_NS_ANA_PENDING, &ns->flags);
+ queue_work(nvme_wq, &ns->ctrl->ana_work);
}
} else {
mutex_lock(&ns->head->lock);
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 236/425] vfio/mdev: Do not allow a mdev_type to have a NULL parent pointer
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (234 preceding siblings ...)
2021-05-20 9:20 ` [PATCH 4.19 235/425] nvme: retrigger ANA log update if group descriptor isnt found Greg Kroah-Hartman
@ 2021-05-20 9:20 ` Greg Kroah-Hartman
2021-05-20 9:20 ` [PATCH 4.19 237/425] clk: qcom: a53-pll: Add missing MODULE_DEVICE_TABLE Greg Kroah-Hartman
` (195 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:20 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Christoph Hellwig, Kevin Tian,
Max Gurtovoy, Cornelia Huck, Jason Gunthorpe, Alex Williamson,
Sasha Levin
From: Jason Gunthorpe <jgg@nvidia.com>
[ Upstream commit b5a1f8921d5040bb788492bf33a66758021e4be5 ]
There is a small race where the parent is NULL even though the kobj has
already been made visible in sysfs.
For instance the attribute_group is made visible in sysfs_create_files()
and the mdev_type_attr_show() does:
ret = attr->show(kobj, type->parent->dev, buf);
Which will crash on NULL parent. Move the parent setup to before the type
pointer leaves the stack frame.
Fixes: 7b96953bc640 ("vfio: Mediated device Core driver")
Reviewed-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Kevin Tian <kevin.tian@intel.com>
Reviewed-by: Max Gurtovoy <mgurtovoy@nvidia.com>
Reviewed-by: Cornelia Huck <cohuck@redhat.com>
Signed-off-by: Jason Gunthorpe <jgg@nvidia.com>
Message-Id: <2-v2-d36939638fc6+d54-vfio2_jgg@nvidia.com>
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/vfio/mdev/mdev_sysfs.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/vfio/mdev/mdev_sysfs.c b/drivers/vfio/mdev/mdev_sysfs.c
index 1692a0cc3036..c99fcc6c2eba 100644
--- a/drivers/vfio/mdev/mdev_sysfs.c
+++ b/drivers/vfio/mdev/mdev_sysfs.c
@@ -108,6 +108,7 @@ struct mdev_type *add_mdev_supported_type(struct mdev_parent *parent,
return ERR_PTR(-ENOMEM);
type->kobj.kset = parent->mdev_types_kset;
+ type->parent = parent;
ret = kobject_init_and_add(&type->kobj, &mdev_type_ktype, NULL,
"%s-%s", dev_driver_string(parent->dev),
@@ -135,7 +136,6 @@ struct mdev_type *add_mdev_supported_type(struct mdev_parent *parent,
}
type->group = group;
- type->parent = parent;
return type;
attrs_failed:
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 237/425] clk: qcom: a53-pll: Add missing MODULE_DEVICE_TABLE
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (235 preceding siblings ...)
2021-05-20 9:20 ` [PATCH 4.19 236/425] vfio/mdev: Do not allow a mdev_type to have a NULL parent pointer Greg Kroah-Hartman
@ 2021-05-20 9:20 ` Greg Kroah-Hartman
2021-05-20 9:20 ` [PATCH 4.19 238/425] clk: uniphier: Fix potential infinite loop Greg Kroah-Hartman
` (194 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:20 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Chen Hui, Manivannan Sadhasivam,
Stephen Boyd, Sasha Levin
From: Chen Hui <clare.chenhui@huawei.com>
[ Upstream commit 790b516ada10a4dcc0f0a56dc0ced475d86d5820 ]
CONFIG_QCOM_A53PLL is tristate option and therefore this driver can be
compiled as a module. This patch adds missing MODULE_DEVICE_TABLE
definition which generates correct modalias for automatic loading of
this driver when it is built as an external module.
Fixes: 0c6ab1b8f894 ("clk: qcom: Add A53 PLL support")
Signed-off-by: Chen Hui <clare.chenhui@huawei.com>
Reviewed-by: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
Link: https://lore.kernel.org/r/20210409082352.233810-3-clare.chenhui@huawei.com
Signed-off-by: Stephen Boyd <sboyd@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/clk/qcom/a53-pll.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/clk/qcom/a53-pll.c b/drivers/clk/qcom/a53-pll.c
index 45cfc57bff92..af6ac17c7dae 100644
--- a/drivers/clk/qcom/a53-pll.c
+++ b/drivers/clk/qcom/a53-pll.c
@@ -93,6 +93,7 @@ static const struct of_device_id qcom_a53pll_match_table[] = {
{ .compatible = "qcom,msm8916-a53pll" },
{ }
};
+MODULE_DEVICE_TABLE(of, qcom_a53pll_match_table);
static struct platform_driver qcom_a53pll_driver = {
.probe = qcom_a53pll_probe,
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 238/425] clk: uniphier: Fix potential infinite loop
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (236 preceding siblings ...)
2021-05-20 9:20 ` [PATCH 4.19 237/425] clk: qcom: a53-pll: Add missing MODULE_DEVICE_TABLE Greg Kroah-Hartman
@ 2021-05-20 9:20 ` Greg Kroah-Hartman
2021-05-20 9:20 ` [PATCH 4.19 239/425] scsi: jazz_esp: Add IRQ check Greg Kroah-Hartman
` (193 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:20 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Colin Ian King, Masahiro Yamada,
Stephen Boyd, Sasha Levin
From: Colin Ian King <colin.king@canonical.com>
[ Upstream commit f6b1340dc751a6caa2a0567b667d0f4f4172cd58 ]
The for-loop iterates with a u8 loop counter i and compares this
with the loop upper limit of num_parents that is an int type.
There is a potential infinite loop if num_parents is larger than
the u8 loop counter. Fix this by making the loop counter the same
type as num_parents. Also make num_parents an unsigned int to
match the return type of the call to clk_hw_get_num_parents.
Addresses-Coverity: ("Infinite loop")
Fixes: 734d82f4a678 ("clk: uniphier: add core support code for UniPhier clock driver")
Signed-off-by: Colin Ian King <colin.king@canonical.com>
Reviewed-by: Masahiro Yamada <masahiroy@kernel.org>
Link: https://lore.kernel.org/r/20210409090104.629722-1-colin.king@canonical.com
Signed-off-by: Stephen Boyd <sboyd@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/clk/uniphier/clk-uniphier-mux.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/clk/uniphier/clk-uniphier-mux.c b/drivers/clk/uniphier/clk-uniphier-mux.c
index 2c243a894f3b..3a52ab968ac2 100644
--- a/drivers/clk/uniphier/clk-uniphier-mux.c
+++ b/drivers/clk/uniphier/clk-uniphier-mux.c
@@ -40,10 +40,10 @@ static int uniphier_clk_mux_set_parent(struct clk_hw *hw, u8 index)
static u8 uniphier_clk_mux_get_parent(struct clk_hw *hw)
{
struct uniphier_clk_mux *mux = to_uniphier_clk_mux(hw);
- int num_parents = clk_hw_get_num_parents(hw);
+ unsigned int num_parents = clk_hw_get_num_parents(hw);
int ret;
unsigned int val;
- u8 i;
+ unsigned int i;
ret = regmap_read(mux->regmap, mux->reg, &val);
if (ret)
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 239/425] scsi: jazz_esp: Add IRQ check
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (237 preceding siblings ...)
2021-05-20 9:20 ` [PATCH 4.19 238/425] clk: uniphier: Fix potential infinite loop Greg Kroah-Hartman
@ 2021-05-20 9:20 ` Greg Kroah-Hartman
2021-05-20 9:20 ` [PATCH 4.19 240/425] scsi: sun3x_esp: " Greg Kroah-Hartman
` (192 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:20 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Sergey Shtylyov, Martin K. Petersen,
Sasha Levin
From: Sergey Shtylyov <s.shtylyov@omprussia.ru>
[ Upstream commit 38fca15c29db6ed06e894ac194502633e2a7d1fb ]
The driver neglects to check the result of platform_get_irq()'s call and
blithely passes the negative error codes to request_irq() (which takes
*unsigned* IRQ #), causing it to fail with -EINVAL, overriding the real
error code. Stop calling request_irq() with the invalid IRQ #s.
Link: https://lore.kernel.org/r/594aa9ae-2215-49f6-f73c-33bd38989912@omprussia.ru
Fixes: 352e921f0dd4 ("[SCSI] jazz_esp: converted to use esp_core")
Signed-off-by: Sergey Shtylyov <s.shtylyov@omprussia.ru>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/scsi/jazz_esp.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/scsi/jazz_esp.c b/drivers/scsi/jazz_esp.c
index 6eb5ff3e2e61..7dfe4237e5e8 100644
--- a/drivers/scsi/jazz_esp.c
+++ b/drivers/scsi/jazz_esp.c
@@ -170,7 +170,9 @@ static int esp_jazz_probe(struct platform_device *dev)
if (!esp->command_block)
goto fail_unmap_regs;
- host->irq = platform_get_irq(dev, 0);
+ host->irq = err = platform_get_irq(dev, 0);
+ if (err < 0)
+ goto fail_unmap_command_block;
err = request_irq(host->irq, scsi_esp_intr, IRQF_SHARED, "ESP", esp);
if (err < 0)
goto fail_unmap_command_block;
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 240/425] scsi: sun3x_esp: Add IRQ check
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (238 preceding siblings ...)
2021-05-20 9:20 ` [PATCH 4.19 239/425] scsi: jazz_esp: Add IRQ check Greg Kroah-Hartman
@ 2021-05-20 9:20 ` Greg Kroah-Hartman
2021-05-20 9:20 ` [PATCH 4.19 241/425] scsi: sni_53c710: " Greg Kroah-Hartman
` (191 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:20 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Sergey Shtylyov, Martin K. Petersen,
Sasha Levin
From: Sergey Shtylyov <s.shtylyov@omprussia.ru>
[ Upstream commit 14b321380eb333c82853d7d612d0995f05f88fdc ]
The driver neglects to check the result of platform_get_irq()'s call and
blithely passes the negative error codes to request_irq() (which takes
*unsigned* IRQ #), causing it to fail with -EINVAL, overriding the real
error code. Stop calling request_irq() with the invalid IRQ #s.
Link: https://lore.kernel.org/r/363eb4c8-a3bf-4dc9-2a9e-90f349030a15@omprussia.ru
Fixes: 0bb67f181834 ("[SCSI] sun3x_esp: convert to esp_scsi")
Signed-off-by: Sergey Shtylyov <s.shtylyov@omprussia.ru>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/scsi/sun3x_esp.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/scsi/sun3x_esp.c b/drivers/scsi/sun3x_esp.c
index 0b1421cdf8a0..f9aa95e48eee 100644
--- a/drivers/scsi/sun3x_esp.c
+++ b/drivers/scsi/sun3x_esp.c
@@ -233,7 +233,9 @@ static int esp_sun3x_probe(struct platform_device *dev)
if (!esp->command_block)
goto fail_unmap_regs_dma;
- host->irq = platform_get_irq(dev, 0);
+ host->irq = err = platform_get_irq(dev, 0);
+ if (err < 0)
+ goto fail_unmap_command_block;
err = request_irq(host->irq, scsi_esp_intr, IRQF_SHARED,
"SUN3X ESP", esp);
if (err < 0)
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 241/425] scsi: sni_53c710: Add IRQ check
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (239 preceding siblings ...)
2021-05-20 9:20 ` [PATCH 4.19 240/425] scsi: sun3x_esp: " Greg Kroah-Hartman
@ 2021-05-20 9:20 ` Greg Kroah-Hartman
2021-05-20 9:20 ` [PATCH 4.19 242/425] scsi: ibmvfc: Fix invalid state machine BUG_ON() Greg Kroah-Hartman
` (190 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:20 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Sergey Shtylyov, Martin K. Petersen,
Sasha Levin
From: Sergey Shtylyov <s.shtylyov@omprussia.ru>
[ Upstream commit 1160d61bc51e87e509cfaf9da50a0060f67b6de4 ]
The driver neglects to check the result of platform_get_irq()'s call and
blithely passes the negative error codes to request_irq() (which takes
*unsigned* IRQ #s), causing it to fail with -EINVAL (overridden by -ENODEV
further below). Stop calling request_irq() with the invalid IRQ #s.
Link: https://lore.kernel.org/r/8f4b8fa5-8251-b977-70a1-9099bcb4bb17@omprussia.ru
Fixes: c27d85f3f3c5 ("[SCSI] SNI RM 53c710 driver")
Signed-off-by: Sergey Shtylyov <s.shtylyov@omprussia.ru>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/scsi/sni_53c710.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/drivers/scsi/sni_53c710.c b/drivers/scsi/sni_53c710.c
index 3102a75984d3..aed91afb79b6 100644
--- a/drivers/scsi/sni_53c710.c
+++ b/drivers/scsi/sni_53c710.c
@@ -71,6 +71,7 @@ static int snirm710_probe(struct platform_device *dev)
struct NCR_700_Host_Parameters *hostdata;
struct Scsi_Host *host;
struct resource *res;
+ int rc;
res = platform_get_resource(dev, IORESOURCE_MEM, 0);
if (!res)
@@ -96,7 +97,9 @@ static int snirm710_probe(struct platform_device *dev)
goto out_kfree;
host->this_id = 7;
host->base = base;
- host->irq = platform_get_irq(dev, 0);
+ host->irq = rc = platform_get_irq(dev, 0);
+ if (rc < 0)
+ goto out_put_host;
if(request_irq(host->irq, NCR_700_intr, IRQF_SHARED, "snirm710", host)) {
printk(KERN_ERR "snirm710: request_irq failed!\n");
goto out_put_host;
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 242/425] scsi: ibmvfc: Fix invalid state machine BUG_ON()
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (240 preceding siblings ...)
2021-05-20 9:20 ` [PATCH 4.19 241/425] scsi: sni_53c710: " Greg Kroah-Hartman
@ 2021-05-20 9:20 ` Greg Kroah-Hartman
2021-05-20 9:20 ` [PATCH 4.19 243/425] mfd: stm32-timers: Avoid clearing auto reload register Greg Kroah-Hartman
` (189 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:20 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Brian King, Tyrel Datwyler,
Martin K. Petersen, Sasha Levin
From: Brian King <brking@linux.vnet.ibm.com>
[ Upstream commit 15cfef8623a449d40d16541687afd58e78033be3 ]
This fixes an issue hitting the BUG_ON() in ibmvfc_do_work(). When going
through a host action of IBMVFC_HOST_ACTION_RESET, we change the action to
IBMVFC_HOST_ACTION_TGT_DEL, then drop the host lock, and reset the CRQ,
which changes the host state to IBMVFC_NO_CRQ. If, prior to setting the
host state to IBMVFC_NO_CRQ, ibmvfc_init_host() is called, it can then end
up changing the host action to IBMVFC_HOST_ACTION_INIT. If we then change
the host state to IBMVFC_NO_CRQ, we will then hit the BUG_ON().
Make a couple of changes to avoid this. Leave the host action to be
IBMVFC_HOST_ACTION_RESET or IBMVFC_HOST_ACTION_REENABLE until after we drop
the host lock and reset or reenable the CRQ. Also harden the host state
machine to ensure we cannot leave the reset / reenable state until we've
finished processing the reset or reenable.
Link: https://lore.kernel.org/r/20210413001009.902400-1-tyreld@linux.ibm.com
Fixes: 73ee5d867287 ("[SCSI] ibmvfc: Fix soft lockup on resume")
Signed-off-by: Brian King <brking@linux.vnet.ibm.com>
[tyreld: added fixes tag]
Signed-off-by: Tyrel Datwyler <tyreld@linux.ibm.com>
[mkp: fix comment checkpatch warnings]
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/scsi/ibmvscsi/ibmvfc.c | 57 ++++++++++++++++++++++------------
1 file changed, 38 insertions(+), 19 deletions(-)
diff --git a/drivers/scsi/ibmvscsi/ibmvfc.c b/drivers/scsi/ibmvscsi/ibmvfc.c
index 50078a199fea..b811436a46d0 100644
--- a/drivers/scsi/ibmvscsi/ibmvfc.c
+++ b/drivers/scsi/ibmvscsi/ibmvfc.c
@@ -506,8 +506,17 @@ static void ibmvfc_set_host_action(struct ibmvfc_host *vhost,
if (vhost->action == IBMVFC_HOST_ACTION_ALLOC_TGTS)
vhost->action = action;
break;
+ case IBMVFC_HOST_ACTION_REENABLE:
+ case IBMVFC_HOST_ACTION_RESET:
+ vhost->action = action;
+ break;
case IBMVFC_HOST_ACTION_INIT:
case IBMVFC_HOST_ACTION_TGT_DEL:
+ case IBMVFC_HOST_ACTION_LOGO:
+ case IBMVFC_HOST_ACTION_QUERY_TGTS:
+ case IBMVFC_HOST_ACTION_TGT_DEL_FAILED:
+ case IBMVFC_HOST_ACTION_NONE:
+ default:
switch (vhost->action) {
case IBMVFC_HOST_ACTION_RESET:
case IBMVFC_HOST_ACTION_REENABLE:
@@ -517,15 +526,6 @@ static void ibmvfc_set_host_action(struct ibmvfc_host *vhost,
break;
}
break;
- case IBMVFC_HOST_ACTION_LOGO:
- case IBMVFC_HOST_ACTION_QUERY_TGTS:
- case IBMVFC_HOST_ACTION_TGT_DEL_FAILED:
- case IBMVFC_HOST_ACTION_NONE:
- case IBMVFC_HOST_ACTION_RESET:
- case IBMVFC_HOST_ACTION_REENABLE:
- default:
- vhost->action = action;
- break;
}
}
@@ -4346,26 +4346,45 @@ static void ibmvfc_do_work(struct ibmvfc_host *vhost)
case IBMVFC_HOST_ACTION_INIT_WAIT:
break;
case IBMVFC_HOST_ACTION_RESET:
- vhost->action = IBMVFC_HOST_ACTION_TGT_DEL;
spin_unlock_irqrestore(vhost->host->host_lock, flags);
rc = ibmvfc_reset_crq(vhost);
+
spin_lock_irqsave(vhost->host->host_lock, flags);
- if (rc == H_CLOSED)
+ if (!rc || rc == H_CLOSED)
vio_enable_interrupts(to_vio_dev(vhost->dev));
- if (rc || (rc = ibmvfc_send_crq_init(vhost)) ||
- (rc = vio_enable_interrupts(to_vio_dev(vhost->dev)))) {
- ibmvfc_link_down(vhost, IBMVFC_LINK_DEAD);
- dev_err(vhost->dev, "Error after reset (rc=%d)\n", rc);
+ if (vhost->action == IBMVFC_HOST_ACTION_RESET) {
+ /*
+ * The only action we could have changed to would have
+ * been reenable, in which case, we skip the rest of
+ * this path and wait until we've done the re-enable
+ * before sending the crq init.
+ */
+ vhost->action = IBMVFC_HOST_ACTION_TGT_DEL;
+
+ if (rc || (rc = ibmvfc_send_crq_init(vhost)) ||
+ (rc = vio_enable_interrupts(to_vio_dev(vhost->dev)))) {
+ ibmvfc_link_down(vhost, IBMVFC_LINK_DEAD);
+ dev_err(vhost->dev, "Error after reset (rc=%d)\n", rc);
+ }
}
break;
case IBMVFC_HOST_ACTION_REENABLE:
- vhost->action = IBMVFC_HOST_ACTION_TGT_DEL;
spin_unlock_irqrestore(vhost->host->host_lock, flags);
rc = ibmvfc_reenable_crq_queue(vhost);
+
spin_lock_irqsave(vhost->host->host_lock, flags);
- if (rc || (rc = ibmvfc_send_crq_init(vhost))) {
- ibmvfc_link_down(vhost, IBMVFC_LINK_DEAD);
- dev_err(vhost->dev, "Error after enable (rc=%d)\n", rc);
+ if (vhost->action == IBMVFC_HOST_ACTION_REENABLE) {
+ /*
+ * The only action we could have changed to would have
+ * been reset, in which case, we skip the rest of this
+ * path and wait until we've done the reset before
+ * sending the crq init.
+ */
+ vhost->action = IBMVFC_HOST_ACTION_TGT_DEL;
+ if (rc || (rc = ibmvfc_send_crq_init(vhost))) {
+ ibmvfc_link_down(vhost, IBMVFC_LINK_DEAD);
+ dev_err(vhost->dev, "Error after enable (rc=%d)\n", rc);
+ }
}
break;
case IBMVFC_HOST_ACTION_LOGO:
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 243/425] mfd: stm32-timers: Avoid clearing auto reload register
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (241 preceding siblings ...)
2021-05-20 9:20 ` [PATCH 4.19 242/425] scsi: ibmvfc: Fix invalid state machine BUG_ON() Greg Kroah-Hartman
@ 2021-05-20 9:20 ` Greg Kroah-Hartman
2021-05-20 9:20 ` [PATCH 4.19 244/425] HSI: core: fix resource leaks in hsi_add_client_from_dt() Greg Kroah-Hartman
` (188 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:20 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Fabrice Gasnier,
William Breathitt Gray, Lee Jones, Sasha Levin
From: Fabrice Gasnier <fabrice.gasnier@foss.st.com>
[ Upstream commit 4917e498c6894ba077867aff78f82cffd5ffbb5c ]
The ARR register is cleared unconditionally upon probing, after the maximum
value has been read. This initial condition is rather not intuitive, when
considering the counter child driver. It rather expects the maximum value
by default:
- The counter interface shows a zero value by default for 'ceiling'
attribute.
- Enabling the counter without any prior configuration makes it doesn't
count.
The reset value of ARR register is the maximum. So Choice here
is to backup it, and restore it then, instead of clearing its value.
It also fixes the initial condition seen by the counter driver.
Fixes: d0f949e220fd ("mfd: Add STM32 Timers driver")
Signed-off-by: Fabrice Gasnier <fabrice.gasnier@foss.st.com>
Acked-by: William Breathitt Gray <vilhelm.gray@gmail.com>
Signed-off-by: Lee Jones <lee.jones@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/mfd/stm32-timers.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/drivers/mfd/stm32-timers.c b/drivers/mfd/stm32-timers.c
index efcd4b980c94..1adba6a46dcb 100644
--- a/drivers/mfd/stm32-timers.c
+++ b/drivers/mfd/stm32-timers.c
@@ -158,13 +158,18 @@ static const struct regmap_config stm32_timers_regmap_cfg = {
static void stm32_timers_get_arr_size(struct stm32_timers *ddata)
{
+ u32 arr;
+
+ /* Backup ARR to restore it after getting the maximum value */
+ regmap_read(ddata->regmap, TIM_ARR, &arr);
+
/*
* Only the available bits will be written so when readback
* we get the maximum value of auto reload register
*/
regmap_write(ddata->regmap, TIM_ARR, ~0L);
regmap_read(ddata->regmap, TIM_ARR, &ddata->max_arr);
- regmap_write(ddata->regmap, TIM_ARR, 0x0);
+ regmap_write(ddata->regmap, TIM_ARR, arr);
}
static void stm32_timers_dma_probe(struct device *dev,
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 244/425] HSI: core: fix resource leaks in hsi_add_client_from_dt()
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (242 preceding siblings ...)
2021-05-20 9:20 ` [PATCH 4.19 243/425] mfd: stm32-timers: Avoid clearing auto reload register Greg Kroah-Hartman
@ 2021-05-20 9:20 ` Greg Kroah-Hartman
2021-05-20 9:20 ` [PATCH 4.19 245/425] x86/events/amd/iommu: Fix sysfs type mismatch Greg Kroah-Hartman
` (187 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:20 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dan Carpenter, Jason Gunthorpe,
Sebastian Reichel, Sasha Levin
From: Dan Carpenter <dan.carpenter@oracle.com>
[ Upstream commit 5c08b0f75575648032f309a6f58294453423ed93 ]
If some of the allocations fail between the dev_set_name() and the
device_register() then the name will not be freed. Fix this by
moving dev_set_name() directly in front of the call to device_register().
Fixes: a2aa24734d9d ("HSI: Add common DT binding for HSI client devices")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Reviewed-by: Jason Gunthorpe <jgg@nvidia.com>
Signed-off-by: Sebastian Reichel <sebastian.reichel@collabora.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/hsi/hsi_core.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/drivers/hsi/hsi_core.c b/drivers/hsi/hsi_core.c
index 9065efd21851..71895da63810 100644
--- a/drivers/hsi/hsi_core.c
+++ b/drivers/hsi/hsi_core.c
@@ -223,8 +223,6 @@ static void hsi_add_client_from_dt(struct hsi_port *port,
if (err)
goto err;
- dev_set_name(&cl->device, "%s", name);
-
err = hsi_of_property_parse_mode(client, "hsi-mode", &mode);
if (err) {
err = hsi_of_property_parse_mode(client, "hsi-rx-mode",
@@ -306,6 +304,7 @@ static void hsi_add_client_from_dt(struct hsi_port *port,
cl->device.release = hsi_client_release;
cl->device.of_node = client;
+ dev_set_name(&cl->device, "%s", name);
if (device_register(&cl->device) < 0) {
pr_err("hsi: failed to register client: %s\n", name);
put_device(&cl->device);
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 245/425] x86/events/amd/iommu: Fix sysfs type mismatch
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (243 preceding siblings ...)
2021-05-20 9:20 ` [PATCH 4.19 244/425] HSI: core: fix resource leaks in hsi_add_client_from_dt() Greg Kroah-Hartman
@ 2021-05-20 9:20 ` Greg Kroah-Hartman
2021-05-20 9:20 ` [PATCH 4.19 246/425] sched/debug: Fix cgroup_path[] serialization Greg Kroah-Hartman
` (186 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:20 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Nathan Chancellor,
Peter Zijlstra (Intel),
Sasha Levin
From: Nathan Chancellor <nathan@kernel.org>
[ Upstream commit de5bc7b425d4c27ae5faa00ea7eb6b9780b9a355 ]
dev_attr_show() calls _iommu_event_show() via an indirect call but
_iommu_event_show()'s type does not currently match the type of the
show() member in 'struct device_attribute', resulting in a Control Flow
Integrity violation.
$ cat /sys/devices/amd_iommu_1/events/mem_dte_hit
csource=0x0a
$ dmesg | grep "CFI failure"
[ 3526.735140] CFI failure (target: _iommu_event_show...):
Change _iommu_event_show() and 'struct amd_iommu_event_desc' to
'struct device_attribute' so that there is no more CFI violation.
Fixes: 7be6296fdd75 ("perf/x86/amd: AMD IOMMU Performance Counter PERF uncore PMU implementation")
Signed-off-by: Nathan Chancellor <nathan@kernel.org>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Link: https://lkml.kernel.org/r/20210415001112.3024673-1-nathan@kernel.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/x86/events/amd/iommu.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/arch/x86/events/amd/iommu.c b/arch/x86/events/amd/iommu.c
index 0014d26391fa..c08bcba5c3a9 100644
--- a/arch/x86/events/amd/iommu.c
+++ b/arch/x86/events/amd/iommu.c
@@ -84,12 +84,12 @@ static struct attribute_group amd_iommu_events_group = {
};
struct amd_iommu_event_desc {
- struct kobj_attribute attr;
+ struct device_attribute attr;
const char *event;
};
-static ssize_t _iommu_event_show(struct kobject *kobj,
- struct kobj_attribute *attr, char *buf)
+static ssize_t _iommu_event_show(struct device *dev,
+ struct device_attribute *attr, char *buf)
{
struct amd_iommu_event_desc *event =
container_of(attr, struct amd_iommu_event_desc, attr);
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 246/425] sched/debug: Fix cgroup_path[] serialization
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (244 preceding siblings ...)
2021-05-20 9:20 ` [PATCH 4.19 245/425] x86/events/amd/iommu: Fix sysfs type mismatch Greg Kroah-Hartman
@ 2021-05-20 9:20 ` Greg Kroah-Hartman
2021-05-20 9:20 ` [PATCH 4.19 247/425] drivers/block/null_blk/main: Fix a double free in null_init Greg Kroah-Hartman
` (185 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:20 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Peter Zijlstra, Waiman Long, Sasha Levin
From: Waiman Long <longman@redhat.com>
[ Upstream commit ad789f84c9a145f8a18744c0387cec22ec51651e ]
The handling of sysrq key can be activated by echoing the key to
/proc/sysrq-trigger or via the magic key sequence typed into a terminal
that is connected to the system in some way (serial, USB or other mean).
In the former case, the handling is done in a user context. In the
latter case, it is likely to be in an interrupt context.
Currently in print_cpu() of kernel/sched/debug.c, sched_debug_lock is
taken with interrupt disabled for the whole duration of the calls to
print_*_stats() and print_rq() which could last for the quite some time
if the information dump happens on the serial console.
If the system has many cpus and the sched_debug_lock is somehow busy
(e.g. parallel sysrq-t), the system may hit a hard lockup panic
depending on the actually serial console implementation of the
system.
The purpose of sched_debug_lock is to serialize the use of the global
cgroup_path[] buffer in print_cpu(). The rests of the printk calls don't
need serialization from sched_debug_lock.
Calling printk() with interrupt disabled can still be problematic if
multiple instances are running. Allocating a stack buffer of PATH_MAX
bytes is not feasible because of the limited size of the kernel stack.
The solution implemented in this patch is to allow only one caller at a
time to use the full size group_path[], while other simultaneous callers
will have to use shorter stack buffers with the possibility of path
name truncation. A "..." suffix will be printed if truncation may have
happened. The cgroup path name is provided for informational purpose
only, so occasional path name truncation should not be a big problem.
Fixes: efe25c2c7b3a ("sched: Reinstate group names in /proc/sched_debug")
Suggested-by: Peter Zijlstra <peterz@infradead.org>
Signed-off-by: Waiman Long <longman@redhat.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Link: https://lkml.kernel.org/r/20210415195426.6677-1-longman@redhat.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/sched/debug.c | 42 +++++++++++++++++++++++++++++-------------
1 file changed, 29 insertions(+), 13 deletions(-)
diff --git a/kernel/sched/debug.c b/kernel/sched/debug.c
index 78fadf0438ea..9518606fa1e5 100644
--- a/kernel/sched/debug.c
+++ b/kernel/sched/debug.c
@@ -11,8 +11,6 @@
*/
#include "sched.h"
-static DEFINE_SPINLOCK(sched_debug_lock);
-
/*
* This allows printing both to /proc/sched_debug and
* to the console
@@ -434,16 +432,37 @@ static void print_cfs_group_stats(struct seq_file *m, int cpu, struct task_group
#endif
#ifdef CONFIG_CGROUP_SCHED
+static DEFINE_SPINLOCK(sched_debug_lock);
static char group_path[PATH_MAX];
-static char *task_group_path(struct task_group *tg)
+static void task_group_path(struct task_group *tg, char *path, int plen)
{
- if (autogroup_path(tg, group_path, PATH_MAX))
- return group_path;
+ if (autogroup_path(tg, path, plen))
+ return;
- cgroup_path(tg->css.cgroup, group_path, PATH_MAX);
+ cgroup_path(tg->css.cgroup, path, plen);
+}
- return group_path;
+/*
+ * Only 1 SEQ_printf_task_group_path() caller can use the full length
+ * group_path[] for cgroup path. Other simultaneous callers will have
+ * to use a shorter stack buffer. A "..." suffix is appended at the end
+ * of the stack buffer so that it will show up in case the output length
+ * matches the given buffer size to indicate possible path name truncation.
+ */
+#define SEQ_printf_task_group_path(m, tg, fmt...) \
+{ \
+ if (spin_trylock(&sched_debug_lock)) { \
+ task_group_path(tg, group_path, sizeof(group_path)); \
+ SEQ_printf(m, fmt, group_path); \
+ spin_unlock(&sched_debug_lock); \
+ } else { \
+ char buf[128]; \
+ char *bufend = buf + sizeof(buf) - 3; \
+ task_group_path(tg, buf, bufend - buf); \
+ strcpy(bufend - 1, "..."); \
+ SEQ_printf(m, fmt, buf); \
+ } \
}
#endif
@@ -470,7 +489,7 @@ print_task(struct seq_file *m, struct rq *rq, struct task_struct *p)
SEQ_printf(m, " %d %d", task_node(p), task_numa_group_id(p));
#endif
#ifdef CONFIG_CGROUP_SCHED
- SEQ_printf(m, " %s", task_group_path(task_group(p)));
+ SEQ_printf_task_group_path(m, task_group(p), " %s")
#endif
SEQ_printf(m, "\n");
@@ -507,7 +526,7 @@ void print_cfs_rq(struct seq_file *m, int cpu, struct cfs_rq *cfs_rq)
#ifdef CONFIG_FAIR_GROUP_SCHED
SEQ_printf(m, "\n");
- SEQ_printf(m, "cfs_rq[%d]:%s\n", cpu, task_group_path(cfs_rq->tg));
+ SEQ_printf_task_group_path(m, cfs_rq->tg, "cfs_rq[%d]:%s\n", cpu);
#else
SEQ_printf(m, "\n");
SEQ_printf(m, "cfs_rq[%d]:\n", cpu);
@@ -579,7 +598,7 @@ void print_rt_rq(struct seq_file *m, int cpu, struct rt_rq *rt_rq)
{
#ifdef CONFIG_RT_GROUP_SCHED
SEQ_printf(m, "\n");
- SEQ_printf(m, "rt_rq[%d]:%s\n", cpu, task_group_path(rt_rq->tg));
+ SEQ_printf_task_group_path(m, rt_rq->tg, "rt_rq[%d]:%s\n", cpu);
#else
SEQ_printf(m, "\n");
SEQ_printf(m, "rt_rq[%d]:\n", cpu);
@@ -631,7 +650,6 @@ void print_dl_rq(struct seq_file *m, int cpu, struct dl_rq *dl_rq)
static void print_cpu(struct seq_file *m, int cpu)
{
struct rq *rq = cpu_rq(cpu);
- unsigned long flags;
#ifdef CONFIG_X86
{
@@ -690,13 +708,11 @@ do { \
}
#undef P
- spin_lock_irqsave(&sched_debug_lock, flags);
print_cfs_stats(m, cpu);
print_rt_stats(m, cpu);
print_dl_stats(m, cpu);
print_rq(m, rq, cpu);
- spin_unlock_irqrestore(&sched_debug_lock, flags);
SEQ_printf(m, "\n");
}
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 247/425] drivers/block/null_blk/main: Fix a double free in null_init.
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (245 preceding siblings ...)
2021-05-20 9:20 ` [PATCH 4.19 246/425] sched/debug: Fix cgroup_path[] serialization Greg Kroah-Hartman
@ 2021-05-20 9:20 ` Greg Kroah-Hartman
2021-05-20 9:20 ` [PATCH 4.19 248/425] HID: plantronics: Workaround for double volume key presses Greg Kroah-Hartman
` (184 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:20 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Lv Yunlong, Jens Axboe, Sasha Levin
From: Lv Yunlong <lyl2019@mail.ustc.edu.cn>
[ Upstream commit 72ce11ddfa4e9e1879103581a60b7e34547eaa0a ]
In null_init, null_add_dev(dev) is called.
In null_add_dev, it calls null_free_zoned_dev(dev) to free dev->zones
via kvfree(dev->zones) in out_cleanup_zone branch and returns err.
Then null_init accept the err code and then calls null_free_dev(dev).
But in null_free_dev(dev), dev->zones is freed again by
null_free_zoned_dev().
My patch set dev->zones to NULL in null_free_zoned_dev() after
kvfree(dev->zones) is called, to avoid the double free.
Fixes: 2984c8684f962 ("nullb: factor disk parameters")
Signed-off-by: Lv Yunlong <lyl2019@mail.ustc.edu.cn>
Link: https://lore.kernel.org/r/20210426143229.7374-1-lyl2019@mail.ustc.edu.cn
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/block/null_blk_zoned.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/block/null_blk_zoned.c b/drivers/block/null_blk_zoned.c
index 079ed33fd806..ba018f1da512 100644
--- a/drivers/block/null_blk_zoned.c
+++ b/drivers/block/null_blk_zoned.c
@@ -56,6 +56,7 @@ int null_zone_init(struct nullb_device *dev)
void null_zone_exit(struct nullb_device *dev)
{
kvfree(dev->zones);
+ dev->zones = NULL;
}
static void null_zone_fill_bio(struct nullb_device *dev, struct bio *bio,
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 248/425] HID: plantronics: Workaround for double volume key presses
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (246 preceding siblings ...)
2021-05-20 9:20 ` [PATCH 4.19 247/425] drivers/block/null_blk/main: Fix a double free in null_init Greg Kroah-Hartman
@ 2021-05-20 9:20 ` Greg Kroah-Hartman
2021-05-20 9:20 ` [PATCH 4.19 249/425] perf symbols: Fix dso__fprintf_symbols_by_name() to return the number of printed chars Greg Kroah-Hartman
` (183 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:20 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Maxim Mikityanskiy, Jiri Kosina, Sasha Levin
From: Maxim Mikityanskiy <maxtram95@gmail.com>
[ Upstream commit f567d6ef8606fb427636e824c867229ecb5aefab ]
Plantronics Blackwire 3220 Series (047f:c056) sends HID reports twice
for each volume key press. This patch adds a quirk to hid-plantronics
for this product ID, which will ignore the second volume key press if
it happens within 5 ms from the last one that was handled.
The patch was tested on the mentioned model only, it shouldn't affect
other models, however, this quirk might be needed for them too.
Auto-repeat (when a key is held pressed) is not affected, because the
rate is about 3 times per second, which is far less frequent than once
in 5 ms.
Fixes: 81bb773faed7 ("HID: plantronics: Update to map volume up/down controls")
Signed-off-by: Maxim Mikityanskiy <maxtram95@gmail.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/hid/hid-ids.h | 1 +
drivers/hid/hid-plantronics.c | 60 +++++++++++++++++++++++++++++++++--
include/linux/hid.h | 2 ++
3 files changed, 61 insertions(+), 2 deletions(-)
diff --git a/drivers/hid/hid-ids.h b/drivers/hid/hid-ids.h
index 68908dac5835..75342f3dfb86 100644
--- a/drivers/hid/hid-ids.h
+++ b/drivers/hid/hid-ids.h
@@ -904,6 +904,7 @@
#define USB_DEVICE_ID_ORTEK_IHOME_IMAC_A210S 0x8003
#define USB_VENDOR_ID_PLANTRONICS 0x047f
+#define USB_DEVICE_ID_PLANTRONICS_BLACKWIRE_3220_SERIES 0xc056
#define USB_VENDOR_ID_PANASONIC 0x04da
#define USB_DEVICE_ID_PANABOARD_UBT780 0x1044
diff --git a/drivers/hid/hid-plantronics.c b/drivers/hid/hid-plantronics.c
index 584b10d3fc3d..460711c1124a 100644
--- a/drivers/hid/hid-plantronics.c
+++ b/drivers/hid/hid-plantronics.c
@@ -16,6 +16,7 @@
#include <linux/hid.h>
#include <linux/module.h>
+#include <linux/jiffies.h>
#define PLT_HID_1_0_PAGE 0xffa00000
#define PLT_HID_2_0_PAGE 0xffa20000
@@ -39,6 +40,16 @@
#define PLT_ALLOW_CONSUMER (field->application == HID_CP_CONSUMERCONTROL && \
(usage->hid & HID_USAGE_PAGE) == HID_UP_CONSUMER)
+#define PLT_QUIRK_DOUBLE_VOLUME_KEYS BIT(0)
+
+#define PLT_DOUBLE_KEY_TIMEOUT 5 /* ms */
+
+struct plt_drv_data {
+ unsigned long device_type;
+ unsigned long last_volume_key_ts;
+ u32 quirks;
+};
+
static int plantronics_input_mapping(struct hid_device *hdev,
struct hid_input *hi,
struct hid_field *field,
@@ -46,7 +57,8 @@ static int plantronics_input_mapping(struct hid_device *hdev,
unsigned long **bit, int *max)
{
unsigned short mapped_key;
- unsigned long plt_type = (unsigned long)hid_get_drvdata(hdev);
+ struct plt_drv_data *drv_data = hid_get_drvdata(hdev);
+ unsigned long plt_type = drv_data->device_type;
/* special case for PTT products */
if (field->application == HID_GD_JOYSTICK)
@@ -108,6 +120,30 @@ mapped:
return 1;
}
+static int plantronics_event(struct hid_device *hdev, struct hid_field *field,
+ struct hid_usage *usage, __s32 value)
+{
+ struct plt_drv_data *drv_data = hid_get_drvdata(hdev);
+
+ if (drv_data->quirks & PLT_QUIRK_DOUBLE_VOLUME_KEYS) {
+ unsigned long prev_ts, cur_ts;
+
+ /* Usages are filtered in plantronics_usages. */
+
+ if (!value) /* Handle key presses only. */
+ return 0;
+
+ prev_ts = drv_data->last_volume_key_ts;
+ cur_ts = jiffies;
+ if (jiffies_to_msecs(cur_ts - prev_ts) <= PLT_DOUBLE_KEY_TIMEOUT)
+ return 1; /* Ignore the repeated key. */
+
+ drv_data->last_volume_key_ts = cur_ts;
+ }
+
+ return 0;
+}
+
static unsigned long plantronics_device_type(struct hid_device *hdev)
{
unsigned i, col_page;
@@ -136,15 +172,24 @@ exit:
static int plantronics_probe(struct hid_device *hdev,
const struct hid_device_id *id)
{
+ struct plt_drv_data *drv_data;
int ret;
+ drv_data = devm_kzalloc(&hdev->dev, sizeof(*drv_data), GFP_KERNEL);
+ if (!drv_data)
+ return -ENOMEM;
+
ret = hid_parse(hdev);
if (ret) {
hid_err(hdev, "parse failed\n");
goto err;
}
- hid_set_drvdata(hdev, (void *)plantronics_device_type(hdev));
+ drv_data->device_type = plantronics_device_type(hdev);
+ drv_data->quirks = id->driver_data;
+ drv_data->last_volume_key_ts = jiffies - msecs_to_jiffies(PLT_DOUBLE_KEY_TIMEOUT);
+
+ hid_set_drvdata(hdev, drv_data);
ret = hid_hw_start(hdev, HID_CONNECT_DEFAULT |
HID_CONNECT_HIDINPUT_FORCE | HID_CONNECT_HIDDEV_FORCE);
@@ -156,15 +201,26 @@ err:
}
static const struct hid_device_id plantronics_devices[] = {
+ { HID_USB_DEVICE(USB_VENDOR_ID_PLANTRONICS,
+ USB_DEVICE_ID_PLANTRONICS_BLACKWIRE_3220_SERIES),
+ .driver_data = PLT_QUIRK_DOUBLE_VOLUME_KEYS },
{ HID_USB_DEVICE(USB_VENDOR_ID_PLANTRONICS, HID_ANY_ID) },
{ }
};
MODULE_DEVICE_TABLE(hid, plantronics_devices);
+static const struct hid_usage_id plantronics_usages[] = {
+ { HID_CP_VOLUMEUP, EV_KEY, HID_ANY_ID },
+ { HID_CP_VOLUMEDOWN, EV_KEY, HID_ANY_ID },
+ { HID_TERMINATOR, HID_TERMINATOR, HID_TERMINATOR }
+};
+
static struct hid_driver plantronics_driver = {
.name = "plantronics",
.id_table = plantronics_devices,
+ .usage_table = plantronics_usages,
.input_mapping = plantronics_input_mapping,
+ .event = plantronics_event,
.probe = plantronics_probe,
};
module_hid_driver(plantronics_driver);
diff --git a/include/linux/hid.h b/include/linux/hid.h
index a46b6832b373..4dcce83ca378 100644
--- a/include/linux/hid.h
+++ b/include/linux/hid.h
@@ -270,6 +270,8 @@ struct hid_item {
#define HID_CP_SELECTION 0x000c0080
#define HID_CP_MEDIASELECTION 0x000c0087
#define HID_CP_SELECTDISC 0x000c00ba
+#define HID_CP_VOLUMEUP 0x000c00e9
+#define HID_CP_VOLUMEDOWN 0x000c00ea
#define HID_CP_PLAYBACKSPEED 0x000c00f1
#define HID_CP_PROXIMITY 0x000c0109
#define HID_CP_SPEAKERSYSTEM 0x000c0160
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 249/425] perf symbols: Fix dso__fprintf_symbols_by_name() to return the number of printed chars
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (247 preceding siblings ...)
2021-05-20 9:20 ` [PATCH 4.19 248/425] HID: plantronics: Workaround for double volume key presses Greg Kroah-Hartman
@ 2021-05-20 9:20 ` Greg Kroah-Hartman
2021-05-20 9:20 ` [PATCH 4.19 250/425] net: lapbether: Prevent racing when checking whether the netif is running Greg Kroah-Hartman
` (182 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:20 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Yang Li, Alexander Shishkin,
Ingo Molnar, Jiri Olsa, Mark Rutland, Namhyung Kim,
Peter Zijlstra, Srikar Dronamraju, Arnaldo Carvalho de Melo,
Sasha Levin
From: Arnaldo Carvalho de Melo <acme@redhat.com>
[ Upstream commit 210e4c89ef61432040c6cd828fefa441f4887186 ]
The 'ret' variable was initialized to zero but then it was not updated
from the fprintf() return, fix it.
Reported-by: Yang Li <yang.lee@linux.alibaba.com>
cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
cc: Ingo Molnar <mingo@redhat.com>
cc: Jiri Olsa <jolsa@redhat.com>
cc: Mark Rutland <mark.rutland@arm.com>
cc: Namhyung Kim <namhyung@kernel.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Srikar Dronamraju <srikar@linux.vnet.ibm.com>
Fixes: 90f18e63fbd00513 ("perf symbols: List symbols in a dso in ascending name order")
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/perf/util/symbol_fprintf.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tools/perf/util/symbol_fprintf.c b/tools/perf/util/symbol_fprintf.c
index ed0205cc7942..1fd175bb4600 100644
--- a/tools/perf/util/symbol_fprintf.c
+++ b/tools/perf/util/symbol_fprintf.c
@@ -66,7 +66,7 @@ size_t dso__fprintf_symbols_by_name(struct dso *dso,
for (nd = rb_first(&dso->symbol_names); nd; nd = rb_next(nd)) {
pos = rb_entry(nd, struct symbol_name_rb_node, rb_node);
- fprintf(fp, "%s\n", pos->sym.name);
+ ret += fprintf(fp, "%s\n", pos->sym.name);
}
return ret;
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 250/425] net: lapbether: Prevent racing when checking whether the netif is running
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (248 preceding siblings ...)
2021-05-20 9:20 ` [PATCH 4.19 249/425] perf symbols: Fix dso__fprintf_symbols_by_name() to return the number of printed chars Greg Kroah-Hartman
@ 2021-05-20 9:20 ` Greg Kroah-Hartman
2021-05-20 9:20 ` [PATCH 4.19 251/425] powerpc/prom: Mark identical_pvr_fixup as __init Greg Kroah-Hartman
` (181 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:20 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Xie He, Martin Schiller,
David S. Miller, Sasha Levin
From: Xie He <xie.he.0141@gmail.com>
[ Upstream commit 5acd0cfbfbb5a688da1bfb1a2152b0c855115a35 ]
There are two "netif_running" checks in this driver. One is in
"lapbeth_xmit" and the other is in "lapbeth_rcv". They serve to make
sure that the LAPB APIs called in these functions are called before
"lapb_unregister" is called by the "ndo_stop" function.
However, these "netif_running" checks are unreliable, because it's
possible that immediately after "netif_running" returns true, "ndo_stop"
is called (which causes "lapb_unregister" to be called).
This patch adds locking to make sure "lapbeth_xmit" and "lapbeth_rcv" can
reliably check and ensure the netif is running while doing their work.
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Signed-off-by: Xie He <xie.he.0141@gmail.com>
Acked-by: Martin Schiller <ms@dev.tdt.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wan/lapbether.c | 32 +++++++++++++++++++++++++-------
1 file changed, 25 insertions(+), 7 deletions(-)
diff --git a/drivers/net/wan/lapbether.c b/drivers/net/wan/lapbether.c
index fad5fc8b9edb..3ec922bed2d8 100644
--- a/drivers/net/wan/lapbether.c
+++ b/drivers/net/wan/lapbether.c
@@ -56,6 +56,8 @@ struct lapbethdev {
struct list_head node;
struct net_device *ethdev; /* link to ethernet device */
struct net_device *axdev; /* lapbeth device (lapb#) */
+ bool up;
+ spinlock_t up_lock; /* Protects "up" */
};
static LIST_HEAD(lapbeth_devices);
@@ -103,8 +105,9 @@ static int lapbeth_rcv(struct sk_buff *skb, struct net_device *dev, struct packe
rcu_read_lock();
lapbeth = lapbeth_get_x25_dev(dev);
if (!lapbeth)
- goto drop_unlock;
- if (!netif_running(lapbeth->axdev))
+ goto drop_unlock_rcu;
+ spin_lock_bh(&lapbeth->up_lock);
+ if (!lapbeth->up)
goto drop_unlock;
len = skb->data[0] + skb->data[1] * 256;
@@ -119,11 +122,14 @@ static int lapbeth_rcv(struct sk_buff *skb, struct net_device *dev, struct packe
goto drop_unlock;
}
out:
+ spin_unlock_bh(&lapbeth->up_lock);
rcu_read_unlock();
return 0;
drop_unlock:
kfree_skb(skb);
goto out;
+drop_unlock_rcu:
+ rcu_read_unlock();
drop:
kfree_skb(skb);
return 0;
@@ -151,13 +157,11 @@ static int lapbeth_data_indication(struct net_device *dev, struct sk_buff *skb)
static netdev_tx_t lapbeth_xmit(struct sk_buff *skb,
struct net_device *dev)
{
+ struct lapbethdev *lapbeth = netdev_priv(dev);
int err;
- /*
- * Just to be *really* sure not to send anything if the interface
- * is down, the ethernet device may have gone.
- */
- if (!netif_running(dev))
+ spin_lock_bh(&lapbeth->up_lock);
+ if (!lapbeth->up)
goto drop;
/* There should be a pseudo header of 1 byte added by upper layers.
@@ -188,6 +192,7 @@ static netdev_tx_t lapbeth_xmit(struct sk_buff *skb,
goto drop;
}
out:
+ spin_unlock_bh(&lapbeth->up_lock);
return NETDEV_TX_OK;
drop:
kfree_skb(skb);
@@ -279,6 +284,7 @@ static const struct lapb_register_struct lapbeth_callbacks = {
*/
static int lapbeth_open(struct net_device *dev)
{
+ struct lapbethdev *lapbeth = netdev_priv(dev);
int err;
if ((err = lapb_register(dev, &lapbeth_callbacks)) != LAPB_OK) {
@@ -286,13 +292,22 @@ static int lapbeth_open(struct net_device *dev)
return -ENODEV;
}
+ spin_lock_bh(&lapbeth->up_lock);
+ lapbeth->up = true;
+ spin_unlock_bh(&lapbeth->up_lock);
+
return 0;
}
static int lapbeth_close(struct net_device *dev)
{
+ struct lapbethdev *lapbeth = netdev_priv(dev);
int err;
+ spin_lock_bh(&lapbeth->up_lock);
+ lapbeth->up = false;
+ spin_unlock_bh(&lapbeth->up_lock);
+
if ((err = lapb_unregister(dev)) != LAPB_OK)
pr_err("lapb_unregister error: %d\n", err);
@@ -350,6 +365,9 @@ static int lapbeth_new_device(struct net_device *dev)
dev_hold(dev);
lapbeth->ethdev = dev;
+ lapbeth->up = false;
+ spin_lock_init(&lapbeth->up_lock);
+
rc = -EIO;
if (register_netdevice(ndev))
goto fail;
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 251/425] powerpc/prom: Mark identical_pvr_fixup as __init
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (249 preceding siblings ...)
2021-05-20 9:20 ` [PATCH 4.19 250/425] net: lapbether: Prevent racing when checking whether the netif is running Greg Kroah-Hartman
@ 2021-05-20 9:20 ` Greg Kroah-Hartman
2021-05-20 9:20 ` [PATCH 4.19 252/425] powerpc: Fix HAVE_HARDLOCKUP_DETECTOR_ARCH build configuration Greg Kroah-Hartman
` (180 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:20 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Nathan Chancellor, Michael Ellerman,
Sasha Levin
From: Nathan Chancellor <nathan@kernel.org>
[ Upstream commit 1ef1dd9c7ed27b080445e1576e8a05957e0e4dfc ]
If identical_pvr_fixup() is not inlined, there are two modpost warnings:
WARNING: modpost: vmlinux.o(.text+0x54e8): Section mismatch in reference
from the function identical_pvr_fixup() to the function
.init.text:of_get_flat_dt_prop()
The function identical_pvr_fixup() references
the function __init of_get_flat_dt_prop().
This is often because identical_pvr_fixup lacks a __init
annotation or the annotation of of_get_flat_dt_prop is wrong.
WARNING: modpost: vmlinux.o(.text+0x551c): Section mismatch in reference
from the function identical_pvr_fixup() to the function
.init.text:identify_cpu()
The function identical_pvr_fixup() references
the function __init identify_cpu().
This is often because identical_pvr_fixup lacks a __init
annotation or the annotation of identify_cpu is wrong.
identical_pvr_fixup() calls two functions marked as __init and is only
called by a function marked as __init so it should be marked as __init
as well. At the same time, remove the inline keywork as it is not
necessary to inline this function. The compiler is still free to do so
if it feels it is worthwhile since commit 889b3c1245de ("compiler:
remove CONFIG_OPTIMIZE_INLINING entirely").
Fixes: 14b3d926a22b ("[POWERPC] 4xx: update 440EP(x)/440GR(x) identical PVR issue workaround")
Signed-off-by: Nathan Chancellor <nathan@kernel.org>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://github.com/ClangBuiltLinux/linux/issues/1316
Link: https://lore.kernel.org/r/20210302200829.2680663-1-nathan@kernel.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/powerpc/kernel/prom.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/powerpc/kernel/prom.c b/arch/powerpc/kernel/prom.c
index fd04692412db..f8c49e5d4bd3 100644
--- a/arch/powerpc/kernel/prom.c
+++ b/arch/powerpc/kernel/prom.c
@@ -266,7 +266,7 @@ static struct feature_property {
};
#if defined(CONFIG_44x) && defined(CONFIG_PPC_FPU)
-static inline void identical_pvr_fixup(unsigned long node)
+static __init void identical_pvr_fixup(unsigned long node)
{
unsigned int pvr;
const char *model = of_get_flat_dt_prop(node, "model", NULL);
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 252/425] powerpc: Fix HAVE_HARDLOCKUP_DETECTOR_ARCH build configuration
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (250 preceding siblings ...)
2021-05-20 9:20 ` [PATCH 4.19 251/425] powerpc/prom: Mark identical_pvr_fixup as __init Greg Kroah-Hartman
@ 2021-05-20 9:20 ` Greg Kroah-Hartman
2021-05-20 9:20 ` [PATCH 4.19 253/425] ALSA: core: remove redundant spin_lock pair in snd_card_disconnect Greg Kroah-Hartman
` (179 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:20 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hulk Robot, Chen Huang,
Michael Ellerman, Sasha Levin
From: Chen Huang <chenhuang5@huawei.com>
[ Upstream commit 4fe529449d85e78972fa327999961ecc83a0b6db ]
When compiling the powerpc with the SMP disabled, it shows the issue:
arch/powerpc/kernel/watchdog.c: In function ‘watchdog_smp_panic’:
arch/powerpc/kernel/watchdog.c:177:4: error: implicit declaration of function ‘smp_send_nmi_ipi’; did you mean ‘smp_send_stop’? [-Werror=implicit-function-declaration]
177 | smp_send_nmi_ipi(c, wd_lockup_ipi, 1000000);
| ^~~~~~~~~~~~~~~~
| smp_send_stop
cc1: all warnings being treated as errors
make[2]: *** [scripts/Makefile.build:273: arch/powerpc/kernel/watchdog.o] Error 1
make[1]: *** [scripts/Makefile.build:534: arch/powerpc/kernel] Error 2
make: *** [Makefile:1980: arch/powerpc] Error 2
make: *** Waiting for unfinished jobs....
We found that powerpc used ipi to implement hardlockup watchdog, so the
HAVE_HARDLOCKUP_DETECTOR_ARCH should depend on the SMP.
Fixes: 2104180a5369 ("powerpc/64s: implement arch-specific hardlockup watchdog")
Reported-by: Hulk Robot <hulkci@huawei.com>
Signed-off-by: Chen Huang <chenhuang5@huawei.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20210327094900.938555-1-chenhuang5@huawei.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/powerpc/Kconfig | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/powerpc/Kconfig b/arch/powerpc/Kconfig
index 6dd2a14e1ebc..f0e09d5f0bed 100644
--- a/arch/powerpc/Kconfig
+++ b/arch/powerpc/Kconfig
@@ -208,7 +208,7 @@ config PPC
select HAVE_MEMBLOCK_NODE_MAP
select HAVE_MOD_ARCH_SPECIFIC
select HAVE_NMI if PERF_EVENTS || (PPC64 && PPC_BOOK3S)
- select HAVE_HARDLOCKUP_DETECTOR_ARCH if (PPC64 && PPC_BOOK3S)
+ select HAVE_HARDLOCKUP_DETECTOR_ARCH if PPC64 && PPC_BOOK3S && SMP
select HAVE_OPROFILE
select HAVE_OPTPROBES if PPC64
select HAVE_PERF_EVENTS
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 253/425] ALSA: core: remove redundant spin_lock pair in snd_card_disconnect
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (251 preceding siblings ...)
2021-05-20 9:20 ` [PATCH 4.19 252/425] powerpc: Fix HAVE_HARDLOCKUP_DETECTOR_ARCH build configuration Greg Kroah-Hartman
@ 2021-05-20 9:20 ` Greg Kroah-Hartman
2021-05-20 9:20 ` [PATCH 4.19 254/425] bug: Remove redundant condition check in report_bug Greg Kroah-Hartman
` (178 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:20 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jia Zhou, Yi Wang, Takashi Iwai, Sasha Levin
From: Jia Zhou <zhou.jia2@zte.com.cn>
[ Upstream commit abc21649b3e5c34b143bf86f0c78e33d5815e250 ]
modification in commit 2a3f7221acdd ("ALSA: core: Fix card races between
register and disconnect") resulting in this problem.
Fixes: 2a3f7221acdd ("ALSA: core: Fix card races between register and disconnect")
Signed-off-by: Jia Zhou <zhou.jia2@zte.com.cn>
Signed-off-by: Yi Wang <wang.yi59@zte.com.cn>
Link: https://lore.kernel.org/r/1616989007-34429-1-git-send-email-wang.yi59@zte.com.cn
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/core/init.c | 2 --
1 file changed, 2 deletions(-)
diff --git a/sound/core/init.c b/sound/core/init.c
index 16b7cc7aa66b..3eafa15006f8 100644
--- a/sound/core/init.c
+++ b/sound/core/init.c
@@ -405,10 +405,8 @@ int snd_card_disconnect(struct snd_card *card)
return 0;
}
card->shutdown = 1;
- spin_unlock(&card->files_lock);
/* replace file->f_op with special dummy operations */
- spin_lock(&card->files_lock);
list_for_each_entry(mfile, &card->files_list, list) {
/* it's critical part, use endless loop */
/* we have no room to fail */
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 254/425] bug: Remove redundant condition check in report_bug
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (252 preceding siblings ...)
2021-05-20 9:20 ` [PATCH 4.19 253/425] ALSA: core: remove redundant spin_lock pair in snd_card_disconnect Greg Kroah-Hartman
@ 2021-05-20 9:20 ` Greg Kroah-Hartman
2021-05-20 9:20 ` [PATCH 4.19 255/425] nfc: pn533: prevent potential memory corruption Greg Kroah-Hartman
` (177 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:20 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Andrew Scull, Peter Zijlstra,
Steven Rostedt (VMware),
Will Deacon, Marc Zyngier, Sasha Levin
From: Andrew Scull <ascull@google.com>
[ Upstream commit 3ad1a6cb0abc63d036fc866bd7c2c5983516dec5 ]
report_bug() will return early if it cannot find a bug corresponding to
the provided address. The subsequent test for the bug will always be
true so remove it.
Fixes: 1b4cfe3c0a30d ("lib/bug.c: exclude non-BUG/WARN exceptions from report_bug()")
Signed-off-by: Andrew Scull <ascull@google.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: "Steven Rostedt (VMware)" <rostedt@goodmis.org>
Reviewed-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
Acked-by: Will Deacon <will@kernel.org>
Signed-off-by: Marc Zyngier <maz@kernel.org>
Link: https://lore.kernel.org/r/20210318143311.839894-2-ascull@google.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
lib/bug.c | 33 +++++++++++++++------------------
1 file changed, 15 insertions(+), 18 deletions(-)
diff --git a/lib/bug.c b/lib/bug.c
index 1077366f496b..f4fcac5dd766 100644
--- a/lib/bug.c
+++ b/lib/bug.c
@@ -155,30 +155,27 @@ enum bug_trap_type report_bug(unsigned long bugaddr, struct pt_regs *regs)
file = NULL;
line = 0;
- warning = 0;
- if (bug) {
#ifdef CONFIG_DEBUG_BUGVERBOSE
#ifndef CONFIG_GENERIC_BUG_RELATIVE_POINTERS
- file = bug->file;
+ file = bug->file;
#else
- file = (const char *)bug + bug->file_disp;
+ file = (const char *)bug + bug->file_disp;
#endif
- line = bug->line;
+ line = bug->line;
#endif
- warning = (bug->flags & BUGFLAG_WARNING) != 0;
- once = (bug->flags & BUGFLAG_ONCE) != 0;
- done = (bug->flags & BUGFLAG_DONE) != 0;
-
- if (warning && once) {
- if (done)
- return BUG_TRAP_TYPE_WARN;
-
- /*
- * Since this is the only store, concurrency is not an issue.
- */
- bug->flags |= BUGFLAG_DONE;
- }
+ warning = (bug->flags & BUGFLAG_WARNING) != 0;
+ once = (bug->flags & BUGFLAG_ONCE) != 0;
+ done = (bug->flags & BUGFLAG_DONE) != 0;
+
+ if (warning && once) {
+ if (done)
+ return BUG_TRAP_TYPE_WARN;
+
+ /*
+ * Since this is the only store, concurrency is not an issue.
+ */
+ bug->flags |= BUGFLAG_DONE;
}
if (warning) {
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 255/425] nfc: pn533: prevent potential memory corruption
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (253 preceding siblings ...)
2021-05-20 9:20 ` [PATCH 4.19 254/425] bug: Remove redundant condition check in report_bug Greg Kroah-Hartman
@ 2021-05-20 9:20 ` Greg Kroah-Hartman
2021-05-20 9:20 ` [PATCH 4.19 256/425] net: hns3: Limiting the scope of vector_ring_chain variable Greg Kroah-Hartman
` (176 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:20 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dan Carpenter, David S. Miller, Sasha Levin
From: Dan Carpenter <dan.carpenter@oracle.com>
[ Upstream commit ca4d4c34ae9aa5c3c0da76662c5e549d2fc0cc86 ]
If the "type_a->nfcid_len" is too large then it would lead to memory
corruption in pn533_target_found_type_a() when we do:
memcpy(nfc_tgt->nfcid1, tgt_type_a->nfcid_data, nfc_tgt->nfcid1_len);
Fixes: c3b1e1e8a76f ("NFC: Export NFCID1 from pn533")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/nfc/pn533/pn533.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/nfc/pn533/pn533.c b/drivers/nfc/pn533/pn533.c
index a0cc1cc45292..01da9331f4cb 100644
--- a/drivers/nfc/pn533/pn533.c
+++ b/drivers/nfc/pn533/pn533.c
@@ -692,6 +692,9 @@ static bool pn533_target_type_a_is_valid(struct pn533_target_type_a *type_a,
if (PN533_TYPE_A_SEL_CASCADE(type_a->sel_res) != 0)
return false;
+ if (type_a->nfcid_len > NFC_NFCID1_MAXSIZE)
+ return false;
+
return true;
}
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 256/425] net: hns3: Limiting the scope of vector_ring_chain variable
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (254 preceding siblings ...)
2021-05-20 9:20 ` [PATCH 4.19 255/425] nfc: pn533: prevent potential memory corruption Greg Kroah-Hartman
@ 2021-05-20 9:20 ` Greg Kroah-Hartman
2021-05-20 9:20 ` [PATCH 4.19 257/425] ALSA: usb-audio: Add error checks for usb_driver_claim_interface() calls Greg Kroah-Hartman
` (175 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:20 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Salil Mehta, David S. Miller, Sasha Levin
From: Salil Mehta <salil.mehta@huawei.com>
[ Upstream commit d392ecd1bc29ae15b0e284d5f732c2d36f244271 ]
Limiting the scope of the variable vector_ring_chain to the block where it
is used.
Fixes: 424eb834a9be ("net: hns3: Unified HNS3 {VF|PF} Ethernet Driver for hip08 SoC")
Signed-off-by: Salil Mehta <salil.mehta@huawei.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/hisilicon/hns3/hns3_enet.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/hisilicon/hns3/hns3_enet.c b/drivers/net/ethernet/hisilicon/hns3/hns3_enet.c
index 3eb8b85f6afb..3b89673f09da 100644
--- a/drivers/net/ethernet/hisilicon/hns3/hns3_enet.c
+++ b/drivers/net/ethernet/hisilicon/hns3/hns3_enet.c
@@ -2639,7 +2639,6 @@ static void hns3_add_ring_to_group(struct hns3_enet_ring_group *group,
static int hns3_nic_init_vector_data(struct hns3_nic_priv *priv)
{
- struct hnae3_ring_chain_node vector_ring_chain;
struct hnae3_handle *h = priv->ae_handle;
struct hns3_enet_tqp_vector *tqp_vector;
int ret = 0;
@@ -2669,6 +2668,8 @@ static int hns3_nic_init_vector_data(struct hns3_nic_priv *priv)
}
for (i = 0; i < priv->vector_num; i++) {
+ struct hnae3_ring_chain_node vector_ring_chain;
+
tqp_vector = &priv->tqp_vector[i];
tqp_vector->rx_group.total_bytes = 0;
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 257/425] ALSA: usb-audio: Add error checks for usb_driver_claim_interface() calls
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (255 preceding siblings ...)
2021-05-20 9:20 ` [PATCH 4.19 256/425] net: hns3: Limiting the scope of vector_ring_chain variable Greg Kroah-Hartman
@ 2021-05-20 9:20 ` Greg Kroah-Hartman
2021-05-20 9:20 ` [PATCH 4.19 258/425] liquidio: Fix unintented sign extension of a left shift of a u16 Greg Kroah-Hartman
` (174 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:20 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, coverity-bot, Takashi Iwai, Sasha Levin
From: Takashi Iwai <tiwai@suse.de>
[ Upstream commit 5fb45414ae03421255593fd5556aa2d1d82303aa ]
There are a few calls of usb_driver_claim_interface() but all of those
miss the proper error checks, as reported by Coverity. This patch
adds those missing checks.
Along with it, replace the magic pointer with -1 with a constant
USB_AUDIO_IFACE_UNUSED for better readability.
Reported-by: coverity-bot <keescook+coverity-bot@chromium.org>
Addresses-Coverity-ID: 1475943 ("Error handling issues")
Addresses-Coverity-ID: 1475944 ("Error handling issues")
Addresses-Coverity-ID: 1475945 ("Error handling issues")
Fixes: b1ce7ba619d9 ("ALSA: usb-audio: claim autodetected PCM interfaces all at once")
Fixes: e5779998bf8b ("ALSA: usb-audio: refactor code")
Link: https://lore.kernel.org/r/202104051059.FB7F3016@keescook
Link: https://lore.kernel.org/r/20210406113534.30455-1-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/usb/card.c | 14 +++++++-------
sound/usb/quirks.c | 16 ++++++++++++----
sound/usb/usbaudio.h | 2 ++
3 files changed, 21 insertions(+), 11 deletions(-)
diff --git a/sound/usb/card.c b/sound/usb/card.c
index ba096cb4a53e..ce8925e8419e 100644
--- a/sound/usb/card.c
+++ b/sound/usb/card.c
@@ -189,9 +189,8 @@ static int snd_usb_create_stream(struct snd_usb_audio *chip, int ctrlif, int int
ctrlif, interface);
return -EINVAL;
}
- usb_driver_claim_interface(&usb_audio_driver, iface, (void *)-1L);
-
- return 0;
+ return usb_driver_claim_interface(&usb_audio_driver, iface,
+ USB_AUDIO_IFACE_UNUSED);
}
if ((altsd->bInterfaceClass != USB_CLASS_AUDIO &&
@@ -211,7 +210,8 @@ static int snd_usb_create_stream(struct snd_usb_audio *chip, int ctrlif, int int
if (! snd_usb_parse_audio_interface(chip, interface)) {
usb_set_interface(dev, interface, 0); /* reset the current interface */
- usb_driver_claim_interface(&usb_audio_driver, iface, (void *)-1L);
+ return usb_driver_claim_interface(&usb_audio_driver, iface,
+ USB_AUDIO_IFACE_UNUSED);
}
return 0;
@@ -707,7 +707,7 @@ static void usb_audio_disconnect(struct usb_interface *intf)
struct snd_card *card;
struct list_head *p;
- if (chip == (void *)-1L)
+ if (chip == USB_AUDIO_IFACE_UNUSED)
return;
card = chip->card;
@@ -807,7 +807,7 @@ static int usb_audio_suspend(struct usb_interface *intf, pm_message_t message)
struct usb_mixer_interface *mixer;
struct list_head *p;
- if (chip == (void *)-1L)
+ if (chip == USB_AUDIO_IFACE_UNUSED)
return 0;
if (!chip->num_suspended_intf++) {
@@ -839,7 +839,7 @@ static int __usb_audio_resume(struct usb_interface *intf, bool reset_resume)
struct list_head *p;
int err = 0;
- if (chip == (void *)-1L)
+ if (chip == USB_AUDIO_IFACE_UNUSED)
return 0;
atomic_inc(&chip->active); /* avoid autopm */
diff --git a/sound/usb/quirks.c b/sound/usb/quirks.c
index 717edf3b5d3e..b5f2b18b8b42 100644
--- a/sound/usb/quirks.c
+++ b/sound/usb/quirks.c
@@ -66,8 +66,12 @@ static int create_composite_quirk(struct snd_usb_audio *chip,
if (!iface)
continue;
if (quirk->ifnum != probed_ifnum &&
- !usb_interface_claimed(iface))
- usb_driver_claim_interface(driver, iface, (void *)-1L);
+ !usb_interface_claimed(iface)) {
+ err = usb_driver_claim_interface(driver, iface,
+ USB_AUDIO_IFACE_UNUSED);
+ if (err < 0)
+ return err;
+ }
}
return 0;
@@ -401,8 +405,12 @@ static int create_autodetect_quirks(struct snd_usb_audio *chip,
continue;
err = create_autodetect_quirk(chip, iface, driver);
- if (err >= 0)
- usb_driver_claim_interface(driver, iface, (void *)-1L);
+ if (err >= 0) {
+ err = usb_driver_claim_interface(driver, iface,
+ USB_AUDIO_IFACE_UNUSED);
+ if (err < 0)
+ return err;
+ }
}
return 0;
diff --git a/sound/usb/usbaudio.h b/sound/usb/usbaudio.h
index 0d620c267e7a..0c7ea78317fc 100644
--- a/sound/usb/usbaudio.h
+++ b/sound/usb/usbaudio.h
@@ -68,6 +68,8 @@ struct snd_usb_audio {
struct usb_host_interface *ctrl_intf; /* the audio control interface */
};
+#define USB_AUDIO_IFACE_UNUSED ((void *)-1L)
+
#define usb_audio_err(chip, fmt, args...) \
dev_err(&(chip)->dev->dev, fmt, ##args)
#define usb_audio_warn(chip, fmt, args...) \
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 258/425] liquidio: Fix unintented sign extension of a left shift of a u16
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (256 preceding siblings ...)
2021-05-20 9:20 ` [PATCH 4.19 257/425] ALSA: usb-audio: Add error checks for usb_driver_claim_interface() calls Greg Kroah-Hartman
@ 2021-05-20 9:20 ` Greg Kroah-Hartman
2021-05-20 9:20 ` [PATCH 4.19 259/425] powerpc/64s: Fix pte update for kernel memory on radix Greg Kroah-Hartman
` (173 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:20 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Colin Ian King, David S. Miller, Sasha Levin
From: Colin Ian King <colin.king@canonical.com>
[ Upstream commit 298b58f00c0f86868ea717426beb5c1198772f81 ]
The macro CN23XX_PEM_BAR1_INDEX_REG is being used to shift oct->pcie_port
(a u16) left 24 places. There are two subtle issues here, first the
shift gets promoted to an signed int and then sign extended to a u64.
If oct->pcie_port is 0x80 or more then the upper bits get sign extended
to 1. Secondly shfiting a u16 24 bits will lead to an overflow so it
needs to be cast to a u64 for all the bits to not overflow.
It is entirely possible that the u16 port value is never large enough
for this to fail, but it is useful to fix unintended overflows such
as this.
Fix this by casting the port parameter to the macro to a u64 before
the shift.
Addresses-Coverity: ("Unintended sign extension")
Fixes: 5bc67f587ba7 ("liquidio: CN23XX register definitions")
Signed-off-by: Colin Ian King <colin.king@canonical.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/cavium/liquidio/cn23xx_pf_regs.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/cavium/liquidio/cn23xx_pf_regs.h b/drivers/net/ethernet/cavium/liquidio/cn23xx_pf_regs.h
index e6d4ad99cc38..3f1c189646f4 100644
--- a/drivers/net/ethernet/cavium/liquidio/cn23xx_pf_regs.h
+++ b/drivers/net/ethernet/cavium/liquidio/cn23xx_pf_regs.h
@@ -521,7 +521,7 @@
#define CN23XX_BAR1_INDEX_OFFSET 3
#define CN23XX_PEM_BAR1_INDEX_REG(port, idx) \
- (CN23XX_PEM_BAR1_INDEX_START + ((port) << CN23XX_PEM_OFFSET) + \
+ (CN23XX_PEM_BAR1_INDEX_START + (((u64)port) << CN23XX_PEM_OFFSET) + \
((idx) << CN23XX_BAR1_INDEX_OFFSET))
/*############################ DPI #########################*/
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 259/425] powerpc/64s: Fix pte update for kernel memory on radix
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (257 preceding siblings ...)
2021-05-20 9:20 ` [PATCH 4.19 258/425] liquidio: Fix unintented sign extension of a left shift of a u16 Greg Kroah-Hartman
@ 2021-05-20 9:20 ` Greg Kroah-Hartman
2021-05-20 9:20 ` [PATCH 4.19 260/425] powerpc/perf: Fix PMU constraint check for EBB events Greg Kroah-Hartman
` (172 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:20 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jordan Niethe, Nicholas Piggin,
Michael Ellerman, Sasha Levin
From: Jordan Niethe <jniethe5@gmail.com>
[ Upstream commit b8b2f37cf632434456182e9002d63cbc4cccc50c ]
When adding a PTE a ptesync is needed to order the update of the PTE
with subsequent accesses otherwise a spurious fault may be raised.
radix__set_pte_at() does not do this for performance gains. For
non-kernel memory this is not an issue as any faults of this kind are
corrected by the page fault handler. For kernel memory these faults
are not handled. The current solution is that there is a ptesync in
flush_cache_vmap() which should be called when mapping from the
vmalloc region.
However, map_kernel_page() does not call flush_cache_vmap(). This is
troublesome in particular for code patching with Strict RWX on radix.
In do_patch_instruction() the page frame that contains the instruction
to be patched is mapped and then immediately patched. With no ordering
or synchronization between setting up the PTE and writing to the page
it is possible for faults.
As the code patching is done using __put_user_asm_goto() the resulting
fault is obscured - but using a normal store instead it can be seen:
BUG: Unable to handle kernel data access on write at 0xc008000008f24a3c
Faulting instruction address: 0xc00000000008bd74
Oops: Kernel access of bad area, sig: 11 [#1]
LE PAGE_SIZE=64K MMU=Radix SMP NR_CPUS=2048 NUMA PowerNV
Modules linked in: nop_module(PO+) [last unloaded: nop_module]
CPU: 4 PID: 757 Comm: sh Tainted: P O 5.10.0-rc5-01361-ge3c1b78c8440-dirty #43
NIP: c00000000008bd74 LR: c00000000008bd50 CTR: c000000000025810
REGS: c000000016f634a0 TRAP: 0300 Tainted: P O (5.10.0-rc5-01361-ge3c1b78c8440-dirty)
MSR: 9000000000009033 <SF,HV,EE,ME,IR,DR,RI,LE> CR: 44002884 XER: 00000000
CFAR: c00000000007c68c DAR: c008000008f24a3c DSISR: 42000000 IRQMASK: 1
This results in the kind of issue reported here:
https://lore.kernel.org/linuxppc-dev/15AC5B0E-A221-4B8C-9039-FA96B8EF7C88@lca.pw/
Chris Riedl suggested a reliable way to reproduce the issue:
$ mount -t debugfs none /sys/kernel/debug
$ (while true; do echo function > /sys/kernel/debug/tracing/current_tracer ; echo nop > /sys/kernel/debug/tracing/current_tracer ; done) &
Turning ftrace on and off does a large amount of code patching which
in usually less then 5min will crash giving a trace like:
ftrace-powerpc: (____ptrval____): replaced (4b473b11) != old (60000000)
------------[ ftrace bug ]------------
ftrace failed to modify
[<c000000000bf8e5c>] napi_busy_loop+0xc/0x390
actual: 11:3b:47:4b
Setting ftrace call site to call ftrace function
ftrace record flags: 80000001
(1)
expected tramp: c00000000006c96c
------------[ cut here ]------------
WARNING: CPU: 4 PID: 809 at kernel/trace/ftrace.c:2065 ftrace_bug+0x28c/0x2e8
Modules linked in: nop_module(PO-) [last unloaded: nop_module]
CPU: 4 PID: 809 Comm: sh Tainted: P O 5.10.0-rc5-01360-gf878ccaf250a #1
NIP: c00000000024f334 LR: c00000000024f330 CTR: c0000000001a5af0
REGS: c000000004c8b760 TRAP: 0700 Tainted: P O (5.10.0-rc5-01360-gf878ccaf250a)
MSR: 900000000282b033 <SF,HV,VEC,VSX,EE,FP,ME,IR,DR,RI,LE> CR: 28008848 XER: 20040000
CFAR: c0000000001a9c98 IRQMASK: 0
GPR00: c00000000024f330 c000000004c8b9f0 c000000002770600 0000000000000022
GPR04: 00000000ffff7fff c000000004c8b6d0 0000000000000027 c0000007fe9bcdd8
GPR08: 0000000000000023 ffffffffffffffd8 0000000000000027 c000000002613118
GPR12: 0000000000008000 c0000007fffdca00 0000000000000000 0000000000000000
GPR16: 0000000023ec37c5 0000000000000000 0000000000000000 0000000000000008
GPR20: c000000004c8bc90 c0000000027a2d20 c000000004c8bcd0 c000000002612fe8
GPR24: 0000000000000038 0000000000000030 0000000000000028 0000000000000020
GPR28: c000000000ff1b68 c000000000bf8e5c c00000000312f700 c000000000fbb9b0
NIP ftrace_bug+0x28c/0x2e8
LR ftrace_bug+0x288/0x2e8
Call Trace:
ftrace_bug+0x288/0x2e8 (unreliable)
ftrace_modify_all_code+0x168/0x210
arch_ftrace_update_code+0x18/0x30
ftrace_run_update_code+0x44/0xc0
ftrace_startup+0xf8/0x1c0
register_ftrace_function+0x4c/0xc0
function_trace_init+0x80/0xb0
tracing_set_tracer+0x2a4/0x4f0
tracing_set_trace_write+0xd4/0x130
vfs_write+0xf0/0x330
ksys_write+0x84/0x140
system_call_exception+0x14c/0x230
system_call_common+0xf0/0x27c
To fix this when updating kernel memory PTEs using ptesync.
Fixes: f1cb8f9beba8 ("powerpc/64s/radix: avoid ptesync after set_pte and ptep_set_access_flags")
Signed-off-by: Jordan Niethe <jniethe5@gmail.com>
Reviewed-by: Nicholas Piggin <npiggin@gmail.com>
[mpe: Tidy up change log slightly]
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20210208032957.1232102-1-jniethe5@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/powerpc/include/asm/book3s/64/radix.h | 6 ++++--
arch/powerpc/mm/pgtable-radix.c | 4 ++--
2 files changed, 6 insertions(+), 4 deletions(-)
diff --git a/arch/powerpc/include/asm/book3s/64/radix.h b/arch/powerpc/include/asm/book3s/64/radix.h
index da01badef0cb..04b2bffbc5c9 100644
--- a/arch/powerpc/include/asm/book3s/64/radix.h
+++ b/arch/powerpc/include/asm/book3s/64/radix.h
@@ -204,8 +204,10 @@ static inline void radix__set_pte_at(struct mm_struct *mm, unsigned long addr,
* from ptesync, it should probably go into update_mmu_cache, rather
* than set_pte_at (which is used to set ptes unrelated to faults).
*
- * Spurious faults to vmalloc region are not tolerated, so there is
- * a ptesync in flush_cache_vmap.
+ * Spurious faults from the kernel memory are not tolerated, so there
+ * is a ptesync in flush_cache_vmap, and __map_kernel_page() follows
+ * the pte update sequence from ISA Book III 6.10 Translation Table
+ * Update Synchronization Requirements.
*/
}
diff --git a/arch/powerpc/mm/pgtable-radix.c b/arch/powerpc/mm/pgtable-radix.c
index 5404a631d583..9ee235fca427 100644
--- a/arch/powerpc/mm/pgtable-radix.c
+++ b/arch/powerpc/mm/pgtable-radix.c
@@ -115,7 +115,7 @@ static int early_map_kernel_page(unsigned long ea, unsigned long pa,
set_the_pte:
set_pte_at(&init_mm, ea, ptep, pfn_pte(pfn, flags));
- smp_wmb();
+ asm volatile("ptesync": : :"memory");
return 0;
}
@@ -169,7 +169,7 @@ static int __map_kernel_page(unsigned long ea, unsigned long pa,
set_the_pte:
set_pte_at(&init_mm, ea, ptep, pfn_pte(pfn, flags));
- smp_wmb();
+ asm volatile("ptesync": : :"memory");
return 0;
}
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 260/425] powerpc/perf: Fix PMU constraint check for EBB events
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (258 preceding siblings ...)
2021-05-20 9:20 ` [PATCH 4.19 259/425] powerpc/64s: Fix pte update for kernel memory on radix Greg Kroah-Hartman
@ 2021-05-20 9:20 ` Greg Kroah-Hartman
2021-05-20 9:20 ` [PATCH 4.19 261/425] powerpc: iommu: fix build when neither PCI or IBMVIO is set Greg Kroah-Hartman
` (171 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:20 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Thadeu Lima de Souza Cascardo,
Athira Rajeev, Michael Ellerman, Sasha Levin
From: Athira Rajeev <atrajeev@linux.vnet.ibm.com>
[ Upstream commit 10f8f96179ecc7f69c927f6d231f6d02736cea83 ]
The power PMU group constraints includes check for EBB events to make
sure all events in a group must agree on EBB. This will prevent
scheduling EBB and non-EBB events together. But in the existing check,
settings for constraint mask and value is interchanged. Patch fixes the
same.
Before the patch, PMU selftest "cpu_event_pinned_vs_ebb_test" fails with
below in dmesg logs. This happens because EBB event gets enabled along
with a non-EBB cpu event.
[35600.453346] cpu_event_pinne[41326]: illegal instruction (4)
at 10004a18 nip 10004a18 lr 100049f8 code 1 in
cpu_event_pinned_vs_ebb_test[10000000+10000]
Test results after the patch:
$ ./pmu/ebb/cpu_event_pinned_vs_ebb_test
test: cpu_event_pinned_vs_ebb
tags: git_version:v5.12-rc5-93-gf28c3125acd3-dirty
Binding to cpu 8
EBB Handler is at 0x100050c8
read error on event 0x7fffe6bd4040!
PM_RUN_INST_CMPL: result 9872 running/enabled 37930432
success: cpu_event_pinned_vs_ebb
This bug was hidden by other logic until commit 1908dc911792 (perf:
Tweak perf_event_attr::exclusive semantics).
Fixes: 4df489991182 ("powerpc/perf: Add power8 EBB support")
Reported-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
Signed-off-by: Athira Rajeev <atrajeev@linux.vnet.ibm.com>
[mpe: Mention commit 1908dc911792]
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/1617725761-1464-1-git-send-email-atrajeev@linux.vnet.ibm.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/powerpc/perf/isa207-common.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/arch/powerpc/perf/isa207-common.c b/arch/powerpc/perf/isa207-common.c
index 69a2dc2b16cf..a1ff4142cc6a 100644
--- a/arch/powerpc/perf/isa207-common.c
+++ b/arch/powerpc/perf/isa207-common.c
@@ -359,8 +359,8 @@ ebb_bhrb:
* EBB events are pinned & exclusive, so this should never actually
* hit, but we leave it as a fallback in case.
*/
- mask |= CNST_EBB_VAL(ebb);
- value |= CNST_EBB_MASK;
+ mask |= CNST_EBB_MASK;
+ value |= CNST_EBB_VAL(ebb);
*maskp = mask;
*valp = value;
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 261/425] powerpc: iommu: fix build when neither PCI or IBMVIO is set
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (259 preceding siblings ...)
2021-05-20 9:20 ` [PATCH 4.19 260/425] powerpc/perf: Fix PMU constraint check for EBB events Greg Kroah-Hartman
@ 2021-05-20 9:20 ` Greg Kroah-Hartman
2021-05-20 9:20 ` [PATCH 4.19 262/425] mac80211: bail out if cipher schemes are invalid Greg Kroah-Hartman
` (170 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:20 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, kernel test robot, Michael Ellerman,
Randy Dunlap, Sasha Levin
From: Randy Dunlap <rdunlap@infradead.org>
[ Upstream commit b27dadecdf9102838331b9a0b41ffc1cfe288154 ]
When neither CONFIG_PCI nor CONFIG_IBMVIO is set/enabled, iommu.c has a
build error. The fault injection code is not useful in that kernel config,
so make the FAIL_IOMMU option depend on PCI || IBMVIO.
Prevents this build error (warning escalated to error):
../arch/powerpc/kernel/iommu.c:178:30: error: 'fail_iommu_bus_notifier' defined but not used [-Werror=unused-variable]
178 | static struct notifier_block fail_iommu_bus_notifier = {
Fixes: d6b9a81b2a45 ("powerpc: IOMMU fault injection")
Reported-by: kernel test robot <lkp@intel.com>
Suggested-by: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
Acked-by: Randy Dunlap <rdunlap@infradead.org> # build-tested
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20210404192623.10697-1-rdunlap@infradead.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/powerpc/Kconfig.debug | 1 +
1 file changed, 1 insertion(+)
diff --git a/arch/powerpc/Kconfig.debug b/arch/powerpc/Kconfig.debug
index fd63cd914a74..ffe0cf0f0bea 100644
--- a/arch/powerpc/Kconfig.debug
+++ b/arch/powerpc/Kconfig.debug
@@ -350,6 +350,7 @@ config PPC_EARLY_DEBUG_CPM_ADDR
config FAIL_IOMMU
bool "Fault-injection capability for IOMMU"
depends on FAULT_INJECTION
+ depends on PCI || IBMVIO
help
Provide fault-injection capability for IOMMU. Each device can
be selectively enabled via the fail_iommu property.
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 262/425] mac80211: bail out if cipher schemes are invalid
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (260 preceding siblings ...)
2021-05-20 9:20 ` [PATCH 4.19 261/425] powerpc: iommu: fix build when neither PCI or IBMVIO is set Greg Kroah-Hartman
@ 2021-05-20 9:20 ` Greg Kroah-Hartman
2021-05-20 9:20 ` [PATCH 4.19 263/425] mt7601u: fix always true expression Greg Kroah-Hartman
` (169 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:20 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Johannes Berg, Sasha Levin
From: Johannes Berg <johannes.berg@intel.com>
[ Upstream commit db878e27a98106a70315d264cc92230d84009e72 ]
If any of the cipher schemes specified by the driver are invalid, bail
out and fail the registration rather than just warning. Otherwise, we
might later crash when we try to use the invalid cipher scheme, e.g.
if the hdr_len is (significantly) less than the pn_offs + pn_len, we'd
have an out-of-bounds access in RX validation.
Fixes: 2475b1cc0d52 ("mac80211: add generic cipher scheme support")
Link: https://lore.kernel.org/r/20210408143149.38a3a13a1b19.I6b7f5790fa0958ed8049cf02ac2a535c61e9bc96@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/mac80211/main.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/net/mac80211/main.c b/net/mac80211/main.c
index f44d00f35fe7..e8c4e9c0c5a0 100644
--- a/net/mac80211/main.c
+++ b/net/mac80211/main.c
@@ -1080,8 +1080,11 @@ int ieee80211_register_hw(struct ieee80211_hw *hw)
if (local->hw.wiphy->max_scan_ie_len)
local->hw.wiphy->max_scan_ie_len -= local->scan_ies_len;
- WARN_ON(!ieee80211_cs_list_valid(local->hw.cipher_schemes,
- local->hw.n_cipher_schemes));
+ if (WARN_ON(!ieee80211_cs_list_valid(local->hw.cipher_schemes,
+ local->hw.n_cipher_schemes))) {
+ result = -EINVAL;
+ goto fail_workqueue;
+ }
result = ieee80211_init_cipher_suites(local);
if (result < 0)
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 263/425] mt7601u: fix always true expression
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (261 preceding siblings ...)
2021-05-20 9:20 ` [PATCH 4.19 262/425] mac80211: bail out if cipher schemes are invalid Greg Kroah-Hartman
@ 2021-05-20 9:20 ` Greg Kroah-Hartman
2021-05-20 9:20 ` [PATCH 4.19 264/425] IB/hfi1: Fix error return code in parse_platform_config() Greg Kroah-Hartman
` (168 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:20 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Colin Ian King, Jakub Kicinski,
Kalle Valo, Sasha Levin
From: Colin Ian King <colin.king@canonical.com>
[ Upstream commit 87fce88658ba047ae62e83497d3f3c5dc22fa6f9 ]
Currently the expression ~nic_conf1 is always true because nic_conf1
is a u16 and according to 6.5.3.3 of the C standard the ~ operator
promotes the u16 to an integer before flipping all the bits. Thus
the top 16 bits of the integer result are all set so the expression
is always true. If the intention was to flip all the bits of nic_conf1
then casting the integer result back to a u16 is a suitabel fix.
Interestingly static analyzers seem to thing a bitwise ! should be
used instead of ~ for this scenario, so I think the original intent
of the expression may need some extra consideration.
Addresses-Coverity: ("Logical vs. bitwise operator")
Fixes: c869f77d6abb ("add mt7601u driver")
Signed-off-by: Colin Ian King <colin.king@canonical.com>
Acked-by: Jakub Kicinski <kubakici@wp.pl>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/20210225183241.1002129-1-colin.king@canonical.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/mediatek/mt7601u/eeprom.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/wireless/mediatek/mt7601u/eeprom.c b/drivers/net/wireless/mediatek/mt7601u/eeprom.c
index 76117b402880..6ab1035e4a12 100644
--- a/drivers/net/wireless/mediatek/mt7601u/eeprom.c
+++ b/drivers/net/wireless/mediatek/mt7601u/eeprom.c
@@ -107,7 +107,7 @@ mt7601u_has_tssi(struct mt7601u_dev *dev, u8 *eeprom)
{
u16 nic_conf1 = get_unaligned_le16(eeprom + MT_EE_NIC_CONF_1);
- return ~nic_conf1 && (nic_conf1 & MT_EE_NIC_CONF_1_TX_ALC_EN);
+ return (u16)~nic_conf1 && (nic_conf1 & MT_EE_NIC_CONF_1_TX_ALC_EN);
}
static void
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 264/425] IB/hfi1: Fix error return code in parse_platform_config()
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (262 preceding siblings ...)
2021-05-20 9:20 ` [PATCH 4.19 263/425] mt7601u: fix always true expression Greg Kroah-Hartman
@ 2021-05-20 9:20 ` Greg Kroah-Hartman
2021-05-20 9:20 ` [PATCH 4.19 265/425] net: thunderx: Fix unintentional sign extension issue Greg Kroah-Hartman
` (167 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:20 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hulk Robot, Wang Wensheng,
Jason Gunthorpe, Sasha Levin
From: Wang Wensheng <wangwensheng4@huawei.com>
[ Upstream commit 4c7d9c69adadfc31892c7e8e134deb3546552106 ]
Fix to return a negative error code from the error handling case instead
of 0, as done elsewhere in this function.
Fixes: 7724105686e7 ("IB/hfi1: add driver files")
Link: https://lore.kernel.org/r/20210408113140.103032-1-wangwensheng4@huawei.com
Reported-by: Hulk Robot <hulkci@huawei.com>
Signed-off-by: Wang Wensheng <wangwensheng4@huawei.com>
Signed-off-by: Jason Gunthorpe <jgg@nvidia.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/infiniband/hw/hfi1/firmware.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/infiniband/hw/hfi1/firmware.c b/drivers/infiniband/hw/hfi1/firmware.c
index 2b57ba70ddd6..c09080712485 100644
--- a/drivers/infiniband/hw/hfi1/firmware.c
+++ b/drivers/infiniband/hw/hfi1/firmware.c
@@ -1924,6 +1924,7 @@ int parse_platform_config(struct hfi1_devdata *dd)
dd_dev_err(dd, "%s: Failed CRC check at offset %ld\n",
__func__, (ptr -
(u32 *)dd->platform_config.data));
+ ret = -EINVAL;
goto bail;
}
/* Jump the CRC DWORD */
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 265/425] net: thunderx: Fix unintentional sign extension issue
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (263 preceding siblings ...)
2021-05-20 9:20 ` [PATCH 4.19 264/425] IB/hfi1: Fix error return code in parse_platform_config() Greg Kroah-Hartman
@ 2021-05-20 9:20 ` Greg Kroah-Hartman
2021-05-20 9:20 ` [PATCH 4.19 266/425] RDMA/srpt: Fix error return code in srpt_cm_req_recv() Greg Kroah-Hartman
` (166 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:20 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Colin Ian King, David S. Miller, Sasha Levin
From: Colin Ian King <colin.king@canonical.com>
[ Upstream commit e701a25840360706fe4cf5de0015913ca19c274b ]
The shifting of the u8 integers rq->caching by 26 bits to
the left will be promoted to a 32 bit signed int and then
sign-extended to a u64. In the event that rq->caching is
greater than 0x1f then all then all the upper 32 bits of
the u64 end up as also being set because of the int
sign-extension. Fix this by casting the u8 values to a
u64 before the 26 bit left shift.
Addresses-Coverity: ("Unintended sign extension")
Fixes: 4863dea3fab0 ("net: Adding support for Cavium ThunderX network controller")
Signed-off-by: Colin Ian King <colin.king@canonical.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/cavium/thunder/nicvf_queues.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/cavium/thunder/nicvf_queues.c b/drivers/net/ethernet/cavium/thunder/nicvf_queues.c
index 9a4cfa61ed93..d9bcbe469ab9 100644
--- a/drivers/net/ethernet/cavium/thunder/nicvf_queues.c
+++ b/drivers/net/ethernet/cavium/thunder/nicvf_queues.c
@@ -779,7 +779,7 @@ static void nicvf_rcv_queue_config(struct nicvf *nic, struct queue_set *qs,
mbx.rq.msg = NIC_MBOX_MSG_RQ_CFG;
mbx.rq.qs_num = qs->vnic_id;
mbx.rq.rq_num = qidx;
- mbx.rq.cfg = (rq->caching << 26) | (rq->cq_qs << 19) |
+ mbx.rq.cfg = ((u64)rq->caching << 26) | (rq->cq_qs << 19) |
(rq->cq_idx << 16) | (rq->cont_rbdr_qs << 9) |
(rq->cont_qs_rbdr_idx << 8) |
(rq->start_rbdr_qs << 1) | (rq->start_qs_rbdr_idx);
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 266/425] RDMA/srpt: Fix error return code in srpt_cm_req_recv()
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (264 preceding siblings ...)
2021-05-20 9:20 ` [PATCH 4.19 265/425] net: thunderx: Fix unintentional sign extension issue Greg Kroah-Hartman
@ 2021-05-20 9:20 ` Greg Kroah-Hartman
2021-05-20 9:20 ` [PATCH 4.19 267/425] i2c: cadence: add IRQ check Greg Kroah-Hartman
` (165 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:20 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hulk Robot, Wang Wensheng,
Bart Van Assche, Jason Gunthorpe, Sasha Levin
From: Wang Wensheng <wangwensheng4@huawei.com>
[ Upstream commit 6bc950beff0c440ac567cdc4e7f4542a9920953d ]
Fix to return a negative error code from the error handling case instead
of 0, as done elsewhere in this function.
Fixes: db7683d7deb2 ("IB/srpt: Fix login-related race conditions")
Link: https://lore.kernel.org/r/20210408113132.87250-1-wangwensheng4@huawei.com
Reported-by: Hulk Robot <hulkci@huawei.com>
Signed-off-by: Wang Wensheng <wangwensheng4@huawei.com>
Reviewed-by: Bart Van Assche <bvanassche@acm.org>
Signed-off-by: Jason Gunthorpe <jgg@nvidia.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/infiniband/ulp/srpt/ib_srpt.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/infiniband/ulp/srpt/ib_srpt.c b/drivers/infiniband/ulp/srpt/ib_srpt.c
index bc979a85a505..6090f1ce0c56 100644
--- a/drivers/infiniband/ulp/srpt/ib_srpt.c
+++ b/drivers/infiniband/ulp/srpt/ib_srpt.c
@@ -2301,6 +2301,7 @@ static int srpt_cm_req_recv(struct srpt_device *const sdev,
pr_info("rejected SRP_LOGIN_REQ because target %s_%d is not enabled\n",
sdev->device->name, port_num);
mutex_unlock(&sport->mutex);
+ ret = -EINVAL;
goto reject;
}
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 267/425] i2c: cadence: add IRQ check
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (265 preceding siblings ...)
2021-05-20 9:20 ` [PATCH 4.19 266/425] RDMA/srpt: Fix error return code in srpt_cm_req_recv() Greg Kroah-Hartman
@ 2021-05-20 9:20 ` Greg Kroah-Hartman
2021-05-20 9:20 ` [PATCH 4.19 268/425] i2c: emev2: " Greg Kroah-Hartman
` (164 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:20 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Sergey Shtylyov, Wolfram Sang, Sasha Levin
From: Sergey Shtylyov <s.shtylyov@omprussia.ru>
[ Upstream commit 5581c2c5d02bc63a0edb53e061c8e97cd490646e ]
The driver neglects to check the result of platform_get_irq()'s call and
blithely passes the negative error codes to devm_request_irq() (which
takes *unsigned* IRQ #), causing it to fail with -EINVAL, overriding
an original error code. Stop calling devm_request_irq() with invalid
IRQ #s.
Fixes: df8eb5691c48 ("i2c: Add driver for Cadence I2C controller")
Signed-off-by: Sergey Shtylyov <s.shtylyov@omprussia.ru>
Signed-off-by: Wolfram Sang <wsa@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/i2c/busses/i2c-cadence.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/drivers/i2c/busses/i2c-cadence.c b/drivers/i2c/busses/i2c-cadence.c
index b13605718291..c5475bb4fae6 100644
--- a/drivers/i2c/busses/i2c-cadence.c
+++ b/drivers/i2c/busses/i2c-cadence.c
@@ -906,7 +906,10 @@ static int cdns_i2c_probe(struct platform_device *pdev)
if (IS_ERR(id->membase))
return PTR_ERR(id->membase);
- id->irq = platform_get_irq(pdev, 0);
+ ret = platform_get_irq(pdev, 0);
+ if (ret < 0)
+ return ret;
+ id->irq = ret;
id->adap.owner = THIS_MODULE;
id->adap.dev.of_node = pdev->dev.of_node;
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 268/425] i2c: emev2: add IRQ check
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (266 preceding siblings ...)
2021-05-20 9:20 ` [PATCH 4.19 267/425] i2c: cadence: add IRQ check Greg Kroah-Hartman
@ 2021-05-20 9:20 ` Greg Kroah-Hartman
2021-05-20 9:20 ` [PATCH 4.19 269/425] i2c: jz4780: " Greg Kroah-Hartman
` (163 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:20 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Sergey Shtylyov, Wolfram Sang, Sasha Levin
From: Sergey Shtylyov <s.shtylyov@omprussia.ru>
[ Upstream commit bb6129c32867baa7988f7fd2066cf18ed662d240 ]
The driver neglects to check the result of platform_get_irq()'s call and
blithely passes the negative error codes to devm_request_irq() (which
takes *unsigned* IRQ #), causing it to fail with -EINVAL, overriding
an original error code. Stop calling devm_request_irq() with invalid
IRQ #s.
Fixes: 5faf6e1f58b4 ("i2c: emev2: add driver")
Signed-off-by: Sergey Shtylyov <s.shtylyov@omprussia.ru>
Signed-off-by: Wolfram Sang <wsa@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/i2c/busses/i2c-emev2.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/drivers/i2c/busses/i2c-emev2.c b/drivers/i2c/busses/i2c-emev2.c
index 959d4912ec0d..0230a13a6ab7 100644
--- a/drivers/i2c/busses/i2c-emev2.c
+++ b/drivers/i2c/busses/i2c-emev2.c
@@ -397,7 +397,10 @@ static int em_i2c_probe(struct platform_device *pdev)
em_i2c_reset(&priv->adap);
- priv->irq = platform_get_irq(pdev, 0);
+ ret = platform_get_irq(pdev, 0);
+ if (ret < 0)
+ goto err_clk;
+ priv->irq = ret;
ret = devm_request_irq(&pdev->dev, priv->irq, em_i2c_irq_handler, 0,
"em_i2c", priv);
if (ret)
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 269/425] i2c: jz4780: add IRQ check
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (267 preceding siblings ...)
2021-05-20 9:20 ` [PATCH 4.19 268/425] i2c: emev2: " Greg Kroah-Hartman
@ 2021-05-20 9:20 ` Greg Kroah-Hartman
2021-05-20 9:20 ` [PATCH 4.19 270/425] i2c: sh7760: " Greg Kroah-Hartman
` (162 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:20 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Sergey Shtylyov, Wolfram Sang, Sasha Levin
From: Sergey Shtylyov <s.shtylyov@omprussia.ru>
[ Upstream commit c5e5f7a8d931fb4beba245bdbc94734175fda9de ]
The driver neglects to check the result of platform_get_irq()'s call and
blithely passes the negative error codes to devm_request_irq() (which
takes *unsigned* IRQ #), causing it to fail with -EINVAL, overriding
an original error code. Stop calling devm_request_irq() with invalid
IRQ #s.
Fixes: ba92222ed63a ("i2c: jz4780: Add i2c bus controller driver for Ingenic JZ4780")
Signed-off-by: Sergey Shtylyov <s.shtylyov@omprussia.ru>
Signed-off-by: Wolfram Sang <wsa@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/i2c/busses/i2c-jz4780.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/drivers/i2c/busses/i2c-jz4780.c b/drivers/i2c/busses/i2c-jz4780.c
index 41ca9ff7b5da..4dd800c0db14 100644
--- a/drivers/i2c/busses/i2c-jz4780.c
+++ b/drivers/i2c/busses/i2c-jz4780.c
@@ -760,7 +760,10 @@ static int jz4780_i2c_probe(struct platform_device *pdev)
jz4780_i2c_writew(i2c, JZ4780_I2C_INTM, 0x0);
- i2c->irq = platform_get_irq(pdev, 0);
+ ret = platform_get_irq(pdev, 0);
+ if (ret < 0)
+ goto err;
+ i2c->irq = ret;
ret = devm_request_irq(&pdev->dev, i2c->irq, jz4780_i2c_irq, 0,
dev_name(&pdev->dev), i2c);
if (ret)
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 270/425] i2c: sh7760: add IRQ check
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (268 preceding siblings ...)
2021-05-20 9:20 ` [PATCH 4.19 269/425] i2c: jz4780: " Greg Kroah-Hartman
@ 2021-05-20 9:20 ` Greg Kroah-Hartman
2021-05-20 9:20 ` [PATCH 4.19 271/425] ASoC: ak5558: correct reset polarity Greg Kroah-Hartman
` (161 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:20 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Sergey Shtylyov, Wolfram Sang, Sasha Levin
From: Sergey Shtylyov <s.shtylyov@omprussia.ru>
[ Upstream commit e5b2e3e742015dd2aa6bc7bcef2cb59b2de1221c ]
The driver neglects to check the result of platform_get_irq()'s call and
blithely passes the negative error codes to devm_request_irq() (which
takes *unsigned* IRQ #), causing it to fail with -EINVAL, overriding
an original error code. Stop calling devm_request_irq() with invalid
IRQ #s.
Fixes: a26c20b1fa6d ("i2c: Renesas SH7760 I2C master driver")
Signed-off-by: Sergey Shtylyov <s.shtylyov@omprussia.ru>
Signed-off-by: Wolfram Sang <wsa@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/i2c/busses/i2c-sh7760.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/drivers/i2c/busses/i2c-sh7760.c b/drivers/i2c/busses/i2c-sh7760.c
index c2005c789d2b..c79c9f542c5a 100644
--- a/drivers/i2c/busses/i2c-sh7760.c
+++ b/drivers/i2c/busses/i2c-sh7760.c
@@ -471,7 +471,10 @@ static int sh7760_i2c_probe(struct platform_device *pdev)
goto out2;
}
- id->irq = platform_get_irq(pdev, 0);
+ ret = platform_get_irq(pdev, 0);
+ if (ret < 0)
+ return ret;
+ id->irq = ret;
id->adap.nr = pdev->id;
id->adap.algo = &sh7760_i2c_algo;
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 271/425] ASoC: ak5558: correct reset polarity
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (269 preceding siblings ...)
2021-05-20 9:20 ` [PATCH 4.19 270/425] i2c: sh7760: " Greg Kroah-Hartman
@ 2021-05-20 9:20 ` Greg Kroah-Hartman
2021-05-20 9:20 ` [PATCH 4.19 272/425] drm/i915/gvt: Fix error code in intel_gvt_init_device() Greg Kroah-Hartman
` (160 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:20 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Shengjiu Wang, Mark Brown, Sasha Levin
From: Shengjiu Wang <shengjiu.wang@nxp.com>
[ Upstream commit 0b93bbc977af55fd10687f2c96c807cba95cb927 ]
Reset (aka power off) happens when the reset gpio is made active.
The reset gpio is GPIO_ACTIVE_LOW
Fixes: 920884777480 ("ASoC: ak5558: Add support for AK5558 ADC driver")
Signed-off-by: Shengjiu Wang <shengjiu.wang@nxp.com>
Link: https://lore.kernel.org/r/1618382024-31725-1-git-send-email-shengjiu.wang@nxp.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/codecs/ak5558.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/sound/soc/codecs/ak5558.c b/sound/soc/codecs/ak5558.c
index 73c418517f8d..dda165b14222 100644
--- a/sound/soc/codecs/ak5558.c
+++ b/sound/soc/codecs/ak5558.c
@@ -271,7 +271,7 @@ static void ak5558_power_off(struct ak5558_priv *ak5558)
if (!ak5558->reset_gpiod)
return;
- gpiod_set_value_cansleep(ak5558->reset_gpiod, 0);
+ gpiod_set_value_cansleep(ak5558->reset_gpiod, 1);
usleep_range(1000, 2000);
}
@@ -280,7 +280,7 @@ static void ak5558_power_on(struct ak5558_priv *ak5558)
if (!ak5558->reset_gpiod)
return;
- gpiod_set_value_cansleep(ak5558->reset_gpiod, 1);
+ gpiod_set_value_cansleep(ak5558->reset_gpiod, 0);
usleep_range(1000, 2000);
}
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 272/425] drm/i915/gvt: Fix error code in intel_gvt_init_device()
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (270 preceding siblings ...)
2021-05-20 9:20 ` [PATCH 4.19 271/425] ASoC: ak5558: correct reset polarity Greg Kroah-Hartman
@ 2021-05-20 9:20 ` Greg Kroah-Hartman
2021-05-20 9:20 ` [PATCH 4.19 273/425] MIPS: pci-legacy: stop using of_pci_range_to_resource Greg Kroah-Hartman
` (159 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:20 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dan Carpenter, Zhenyu Wang, Sasha Levin
From: Dan Carpenter <dan.carpenter@oracle.com>
[ Upstream commit 329328ec6a87f2c1275f50d979d55513de458409 ]
The intel_gvt_init_vgpu_type_groups() function is only called from
intel_gvt_init_device(). If it fails then the intel_gvt_init_device()
prints the error code and propagates it back again. That's a bug
because false is zero/success. The fix is to modify it to return zero
or negative error codes and make everything consistent.
Fixes: c5d71cb31723 ("drm/i915/gvt: Move vGPU type related code into gvt file")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Zhenyu Wang <zhenyuw@linux.intel.com>
Link: http://patchwork.freedesktop.org/patch/msgid/YHaFQtk/DIVYK1u5@mwanda
Reviewed-by: Zhenyu Wang <zhenyuw@linux.intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/i915/gvt/gvt.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/drivers/gpu/drm/i915/gvt/gvt.c b/drivers/gpu/drm/i915/gvt/gvt.c
index 46c8b720e336..3e3876d141ce 100644
--- a/drivers/gpu/drm/i915/gvt/gvt.c
+++ b/drivers/gpu/drm/i915/gvt/gvt.c
@@ -128,7 +128,7 @@ static bool intel_get_gvt_attrs(struct attribute ***type_attrs,
return true;
}
-static bool intel_gvt_init_vgpu_type_groups(struct intel_gvt *gvt)
+static int intel_gvt_init_vgpu_type_groups(struct intel_gvt *gvt)
{
int i, j;
struct intel_vgpu_type *type;
@@ -146,7 +146,7 @@ static bool intel_gvt_init_vgpu_type_groups(struct intel_gvt *gvt)
gvt_vgpu_type_groups[i] = group;
}
- return true;
+ return 0;
unwind:
for (j = 0; j < i; j++) {
@@ -154,7 +154,7 @@ unwind:
kfree(group);
}
- return false;
+ return -ENOMEM;
}
static void intel_gvt_cleanup_vgpu_type_groups(struct intel_gvt *gvt)
@@ -416,7 +416,7 @@ int intel_gvt_init_device(struct drm_i915_private *dev_priv)
goto out_clean_thread;
ret = intel_gvt_init_vgpu_type_groups(gvt);
- if (ret == false) {
+ if (ret) {
gvt_err("failed to init vgpu type groups: %d\n", ret);
goto out_clean_types;
}
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 273/425] MIPS: pci-legacy: stop using of_pci_range_to_resource
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (271 preceding siblings ...)
2021-05-20 9:20 ` [PATCH 4.19 272/425] drm/i915/gvt: Fix error code in intel_gvt_init_device() Greg Kroah-Hartman
@ 2021-05-20 9:20 ` Greg Kroah-Hartman
2021-05-20 9:20 ` [PATCH 4.19 274/425] powerpc/pseries: extract host bridge from pci_bus prior to bus removal Greg Kroah-Hartman
` (158 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:20 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Ilya Lipnitskiy, Liviu Dudau,
Thomas Bogendoerfer, Sasha Levin
From: Ilya Lipnitskiy <ilya.lipnitskiy@gmail.com>
[ Upstream commit 3ecb9dc1581eebecaee56decac70e35365260866 ]
Mirror commit aeba3731b150 ("powerpc/pci: Fix IO space breakage after
of_pci_range_to_resource() change").
Most MIPS platforms do not define PCI_IOBASE, nor implement
pci_address_to_pio(). Moreover, IO_SPACE_LIMIT is 0xffff for most MIPS
platforms. of_pci_range_to_resource passes the _start address_ of the IO
range into pci_address_to_pio, which then checks it against
IO_SPACE_LIMIT and fails, because for MIPS platforms that use
pci-legacy (pci-lantiq, pci-rt3883, pci-mt7620), IO ranges start much
higher than 0xffff.
In fact, pci-mt7621 in staging already works around this problem, see
commit 09dd629eeabb ("staging: mt7621-pci: fix io space and properly set
resource limits")
So just stop using of_pci_range_to_resource, which does not work for
MIPS.
Fixes PCI errors like:
pci_bus 0000:00: root bus resource [io 0xffffffff]
Fixes: 0b0b0893d49b ("of/pci: Fix the conversion of IO ranges into IO resources")
Signed-off-by: Ilya Lipnitskiy <ilya.lipnitskiy@gmail.com>
Cc: Liviu Dudau <Liviu.Dudau@arm.com>
Signed-off-by: Thomas Bogendoerfer <tsbogend@alpha.franken.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/mips/pci/pci-legacy.c | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/arch/mips/pci/pci-legacy.c b/arch/mips/pci/pci-legacy.c
index 3c3b1e6abb53..e8b0751d5b76 100644
--- a/arch/mips/pci/pci-legacy.c
+++ b/arch/mips/pci/pci-legacy.c
@@ -169,8 +169,13 @@ void pci_load_of_ranges(struct pci_controller *hose, struct device_node *node)
res = hose->mem_resource;
break;
}
- if (res != NULL)
- of_pci_range_to_resource(&range, node, res);
+ if (res != NULL) {
+ res->name = node->full_name;
+ res->flags = range.flags;
+ res->start = range.cpu_addr;
+ res->end = range.cpu_addr + range.size - 1;
+ res->parent = res->child = res->sibling = NULL;
+ }
}
}
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 274/425] powerpc/pseries: extract host bridge from pci_bus prior to bus removal
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (272 preceding siblings ...)
2021-05-20 9:20 ` [PATCH 4.19 273/425] MIPS: pci-legacy: stop using of_pci_range_to_resource Greg Kroah-Hartman
@ 2021-05-20 9:20 ` Greg Kroah-Hartman
2021-05-20 9:20 ` [PATCH 4.19 275/425] rtlwifi: 8821ae: upgrade PHY and RF parameters Greg Kroah-Hartman
` (157 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:20 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Tyrel Datwyler, Michael Ellerman,
Sasha Levin
From: Tyrel Datwyler <tyreld@linux.ibm.com>
[ Upstream commit 38d0b1c9cec71e6d0f3bddef0bbce41d05a3e796 ]
The pci_bus->bridge reference may no longer be valid after
pci_bus_remove() resulting in passing a bad value to device_unregister()
for the associated bridge device.
Store the host_bridge reference in a separate variable prior to
pci_bus_remove().
Fixes: 7340056567e3 ("powerpc/pci: Reorder pci bus/bridge unregistration during PHB removal")
Signed-off-by: Tyrel Datwyler <tyreld@linux.ibm.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20210211182435.47968-1-tyreld@linux.ibm.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/powerpc/platforms/pseries/pci_dlpar.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/arch/powerpc/platforms/pseries/pci_dlpar.c b/arch/powerpc/platforms/pseries/pci_dlpar.c
index 561917fa54a8..afca4b737e80 100644
--- a/arch/powerpc/platforms/pseries/pci_dlpar.c
+++ b/arch/powerpc/platforms/pseries/pci_dlpar.c
@@ -66,6 +66,7 @@ EXPORT_SYMBOL_GPL(init_phb_dynamic);
int remove_phb_dynamic(struct pci_controller *phb)
{
struct pci_bus *b = phb->bus;
+ struct pci_host_bridge *host_bridge = to_pci_host_bridge(b->bridge);
struct resource *res;
int rc, i;
@@ -92,7 +93,8 @@ int remove_phb_dynamic(struct pci_controller *phb)
/* Remove the PCI bus and unregister the bridge device from sysfs */
phb->bus = NULL;
pci_remove_bus(b);
- device_unregister(b->bridge);
+ host_bridge->bus = NULL;
+ device_unregister(&host_bridge->dev);
/* Now release the IO resource */
if (res->flags & IORESOURCE_IO)
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 275/425] rtlwifi: 8821ae: upgrade PHY and RF parameters
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (273 preceding siblings ...)
2021-05-20 9:20 ` [PATCH 4.19 274/425] powerpc/pseries: extract host bridge from pci_bus prior to bus removal Greg Kroah-Hartman
@ 2021-05-20 9:20 ` Greg Kroah-Hartman
2021-05-20 9:20 ` [PATCH 4.19 276/425] i2c: sh7760: fix IRQ error path Greg Kroah-Hartman
` (156 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:20 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Ping-Ke Shih, Kai-Heng Feng,
Kalle Valo, Sasha Levin
From: Ping-Ke Shih <pkshih@realtek.com>
[ Upstream commit 18fb0bedb5fc2fddc057dbe48b7360a6ffda34b3 ]
The signal strength of 5G is quite low, so user can't connect to an AP far
away. New parameters with new format and its parser are updated by the commit
84d26fda52e2 ("rtlwifi: Update 8821ae new phy parameters and its parser."), but
some parameters are missing. Use this commit to update to the novel parameters
that use new format.
Fixes: 84d26fda52e2 ("rtlwifi: Update 8821ae new phy parameters and its parser")
Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Tested-by: Kai-Heng Feng <kai.heng.feng@canonical.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/20210219052607.7323-1-pkshih@realtek.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
.../realtek/rtlwifi/rtl8821ae/table.c | 500 +++++++++++++-----
1 file changed, 370 insertions(+), 130 deletions(-)
diff --git a/drivers/net/wireless/realtek/rtlwifi/rtl8821ae/table.c b/drivers/net/wireless/realtek/rtlwifi/rtl8821ae/table.c
index f87f9d03b9fa..ac44fd5d0597 100644
--- a/drivers/net/wireless/realtek/rtlwifi/rtl8821ae/table.c
+++ b/drivers/net/wireless/realtek/rtlwifi/rtl8821ae/table.c
@@ -272,7 +272,7 @@ u32 RTL8821AE_PHY_REG_ARRAY[] = {
0x824, 0x00030FE0,
0x828, 0x00000000,
0x82C, 0x002081DD,
- 0x830, 0x2AAA8E24,
+ 0x830, 0x2AAAEEC8,
0x834, 0x0037A706,
0x838, 0x06489B44,
0x83C, 0x0000095B,
@@ -347,10 +347,10 @@ u32 RTL8821AE_PHY_REG_ARRAY[] = {
0x9D8, 0x00000000,
0x9DC, 0x00000000,
0x9E0, 0x00005D00,
- 0x9E4, 0x00000002,
+ 0x9E4, 0x00000003,
0x9E8, 0x00000001,
0xA00, 0x00D047C8,
- 0xA04, 0x01FF000C,
+ 0xA04, 0x01FF800C,
0xA08, 0x8C8A8300,
0xA0C, 0x2E68000F,
0xA10, 0x9500BB78,
@@ -1343,7 +1343,11 @@ u32 RTL8821AE_RADIOA_ARRAY[] = {
0x083, 0x00021800,
0x084, 0x00028000,
0x085, 0x00048000,
+ 0x80000111, 0x00000000, 0x40000000, 0x00000000,
+ 0x086, 0x0009483A,
+ 0xA0000000, 0x00000000,
0x086, 0x00094838,
+ 0xB0000000, 0x00000000,
0x087, 0x00044980,
0x088, 0x00048000,
0x089, 0x0000D480,
@@ -1432,36 +1436,32 @@ u32 RTL8821AE_RADIOA_ARRAY[] = {
0x03C, 0x000CA000,
0x0EF, 0x00000000,
0x0EF, 0x00001100,
- 0xFF0F0104, 0xABCD,
+ 0x80000111, 0x00000000, 0x40000000, 0x00000000,
0x034, 0x0004ADF3,
0x034, 0x00049DF0,
- 0xFF0F0204, 0xCDEF,
+ 0x90000110, 0x00000000, 0x40000000, 0x00000000,
0x034, 0x0004ADF3,
0x034, 0x00049DF0,
- 0xFF0F0404, 0xCDEF,
- 0x034, 0x0004ADF3,
- 0x034, 0x00049DF0,
- 0xFF0F0200, 0xCDEF,
+ 0x90000210, 0x00000000, 0x40000000, 0x00000000,
0x034, 0x0004ADF5,
0x034, 0x00049DF2,
- 0xFF0F02C0, 0xCDEF,
+ 0x9000020c, 0x00000000, 0x40000000, 0x00000000,
+ 0x034, 0x0004A0F3,
+ 0x034, 0x000490B1,
+ 0x9000040c, 0x00000000, 0x40000000, 0x00000000,
0x034, 0x0004A0F3,
0x034, 0x000490B1,
- 0xCDCDCDCD, 0xCDCD,
+ 0x90000200, 0x00000000, 0x40000000, 0x00000000,
+ 0x034, 0x0004ADF5,
+ 0x034, 0x00049DF2,
+ 0x90000410, 0x00000000, 0x40000000, 0x00000000,
+ 0x034, 0x0004ADF3,
+ 0x034, 0x00049DF0,
+ 0xA0000000, 0x00000000,
0x034, 0x0004ADF7,
0x034, 0x00049DF3,
- 0xFF0F0104, 0xDEAD,
- 0xFF0F0104, 0xABCD,
- 0x034, 0x00048DED,
- 0x034, 0x00047DEA,
- 0x034, 0x00046DE7,
- 0x034, 0x00045CE9,
- 0x034, 0x00044CE6,
- 0x034, 0x000438C6,
- 0x034, 0x00042886,
- 0x034, 0x00041486,
- 0x034, 0x00040447,
- 0xFF0F0204, 0xCDEF,
+ 0xB0000000, 0x00000000,
+ 0x80000111, 0x00000000, 0x40000000, 0x00000000,
0x034, 0x00048DED,
0x034, 0x00047DEA,
0x034, 0x00046DE7,
@@ -1471,7 +1471,7 @@ u32 RTL8821AE_RADIOA_ARRAY[] = {
0x034, 0x00042886,
0x034, 0x00041486,
0x034, 0x00040447,
- 0xFF0F0404, 0xCDEF,
+ 0x90000110, 0x00000000, 0x40000000, 0x00000000,
0x034, 0x00048DED,
0x034, 0x00047DEA,
0x034, 0x00046DE7,
@@ -1481,7 +1481,17 @@ u32 RTL8821AE_RADIOA_ARRAY[] = {
0x034, 0x00042886,
0x034, 0x00041486,
0x034, 0x00040447,
- 0xFF0F02C0, 0xCDEF,
+ 0x9000020c, 0x00000000, 0x40000000, 0x00000000,
+ 0x034, 0x000480AE,
+ 0x034, 0x000470AB,
+ 0x034, 0x0004608B,
+ 0x034, 0x00045069,
+ 0x034, 0x00044048,
+ 0x034, 0x00043045,
+ 0x034, 0x00042026,
+ 0x034, 0x00041023,
+ 0x034, 0x00040002,
+ 0x9000040c, 0x00000000, 0x40000000, 0x00000000,
0x034, 0x000480AE,
0x034, 0x000470AB,
0x034, 0x0004608B,
@@ -1491,7 +1501,17 @@ u32 RTL8821AE_RADIOA_ARRAY[] = {
0x034, 0x00042026,
0x034, 0x00041023,
0x034, 0x00040002,
- 0xCDCDCDCD, 0xCDCD,
+ 0x90000410, 0x00000000, 0x40000000, 0x00000000,
+ 0x034, 0x00048DED,
+ 0x034, 0x00047DEA,
+ 0x034, 0x00046DE7,
+ 0x034, 0x00045CE9,
+ 0x034, 0x00044CE6,
+ 0x034, 0x000438C6,
+ 0x034, 0x00042886,
+ 0x034, 0x00041486,
+ 0x034, 0x00040447,
+ 0xA0000000, 0x00000000,
0x034, 0x00048DEF,
0x034, 0x00047DEC,
0x034, 0x00046DE9,
@@ -1501,38 +1521,36 @@ u32 RTL8821AE_RADIOA_ARRAY[] = {
0x034, 0x0004248A,
0x034, 0x0004108D,
0x034, 0x0004008A,
- 0xFF0F0104, 0xDEAD,
- 0xFF0F0200, 0xABCD,
+ 0xB0000000, 0x00000000,
+ 0x80000210, 0x00000000, 0x40000000, 0x00000000,
0x034, 0x0002ADF4,
- 0xFF0F02C0, 0xCDEF,
+ 0x9000020c, 0x00000000, 0x40000000, 0x00000000,
+ 0x034, 0x0002A0F3,
+ 0x9000040c, 0x00000000, 0x40000000, 0x00000000,
0x034, 0x0002A0F3,
- 0xCDCDCDCD, 0xCDCD,
+ 0x90000200, 0x00000000, 0x40000000, 0x00000000,
+ 0x034, 0x0002ADF4,
+ 0xA0000000, 0x00000000,
0x034, 0x0002ADF7,
- 0xFF0F0200, 0xDEAD,
- 0xFF0F0104, 0xABCD,
- 0x034, 0x00029DF4,
- 0xFF0F0204, 0xCDEF,
+ 0xB0000000, 0x00000000,
+ 0x80000111, 0x00000000, 0x40000000, 0x00000000,
0x034, 0x00029DF4,
- 0xFF0F0404, 0xCDEF,
+ 0x90000110, 0x00000000, 0x40000000, 0x00000000,
0x034, 0x00029DF4,
- 0xFF0F0200, 0xCDEF,
+ 0x90000210, 0x00000000, 0x40000000, 0x00000000,
0x034, 0x00029DF1,
- 0xFF0F02C0, 0xCDEF,
+ 0x9000020c, 0x00000000, 0x40000000, 0x00000000,
+ 0x034, 0x000290F0,
+ 0x9000040c, 0x00000000, 0x40000000, 0x00000000,
0x034, 0x000290F0,
- 0xCDCDCDCD, 0xCDCD,
+ 0x90000200, 0x00000000, 0x40000000, 0x00000000,
+ 0x034, 0x00029DF1,
+ 0x90000410, 0x00000000, 0x40000000, 0x00000000,
+ 0x034, 0x00029DF4,
+ 0xA0000000, 0x00000000,
0x034, 0x00029DF2,
- 0xFF0F0104, 0xDEAD,
- 0xFF0F0104, 0xABCD,
- 0x034, 0x00028DF1,
- 0x034, 0x00027DEE,
- 0x034, 0x00026DEB,
- 0x034, 0x00025CEC,
- 0x034, 0x00024CE9,
- 0x034, 0x000238CA,
- 0x034, 0x00022889,
- 0x034, 0x00021489,
- 0x034, 0x0002044A,
- 0xFF0F0204, 0xCDEF,
+ 0xB0000000, 0x00000000,
+ 0x80000111, 0x00000000, 0x40000000, 0x00000000,
0x034, 0x00028DF1,
0x034, 0x00027DEE,
0x034, 0x00026DEB,
@@ -1542,7 +1560,7 @@ u32 RTL8821AE_RADIOA_ARRAY[] = {
0x034, 0x00022889,
0x034, 0x00021489,
0x034, 0x0002044A,
- 0xFF0F0404, 0xCDEF,
+ 0x90000110, 0x00000000, 0x40000000, 0x00000000,
0x034, 0x00028DF1,
0x034, 0x00027DEE,
0x034, 0x00026DEB,
@@ -1552,7 +1570,7 @@ u32 RTL8821AE_RADIOA_ARRAY[] = {
0x034, 0x00022889,
0x034, 0x00021489,
0x034, 0x0002044A,
- 0xFF0F02C0, 0xCDEF,
+ 0x9000020c, 0x00000000, 0x40000000, 0x00000000,
0x034, 0x000280AF,
0x034, 0x000270AC,
0x034, 0x0002608B,
@@ -1562,7 +1580,27 @@ u32 RTL8821AE_RADIOA_ARRAY[] = {
0x034, 0x00022026,
0x034, 0x00021023,
0x034, 0x00020002,
- 0xCDCDCDCD, 0xCDCD,
+ 0x9000040c, 0x00000000, 0x40000000, 0x00000000,
+ 0x034, 0x000280AF,
+ 0x034, 0x000270AC,
+ 0x034, 0x0002608B,
+ 0x034, 0x00025069,
+ 0x034, 0x00024048,
+ 0x034, 0x00023045,
+ 0x034, 0x00022026,
+ 0x034, 0x00021023,
+ 0x034, 0x00020002,
+ 0x90000410, 0x00000000, 0x40000000, 0x00000000,
+ 0x034, 0x00028DF1,
+ 0x034, 0x00027DEE,
+ 0x034, 0x00026DEB,
+ 0x034, 0x00025CEC,
+ 0x034, 0x00024CE9,
+ 0x034, 0x000238CA,
+ 0x034, 0x00022889,
+ 0x034, 0x00021489,
+ 0x034, 0x0002044A,
+ 0xA0000000, 0x00000000,
0x034, 0x00028DEE,
0x034, 0x00027DEB,
0x034, 0x00026CCD,
@@ -1572,27 +1610,24 @@ u32 RTL8821AE_RADIOA_ARRAY[] = {
0x034, 0x00022849,
0x034, 0x00021449,
0x034, 0x0002004D,
- 0xFF0F0104, 0xDEAD,
- 0xFF0F02C0, 0xABCD,
+ 0xB0000000, 0x00000000,
+ 0x8000020c, 0x00000000, 0x40000000, 0x00000000,
+ 0x034, 0x0000A0D7,
+ 0x034, 0x000090D3,
+ 0x034, 0x000080B1,
+ 0x034, 0x000070AE,
+ 0x9000040c, 0x00000000, 0x40000000, 0x00000000,
0x034, 0x0000A0D7,
0x034, 0x000090D3,
0x034, 0x000080B1,
0x034, 0x000070AE,
- 0xCDCDCDCD, 0xCDCD,
+ 0xA0000000, 0x00000000,
0x034, 0x0000ADF7,
0x034, 0x00009DF4,
0x034, 0x00008DF1,
0x034, 0x00007DEE,
- 0xFF0F02C0, 0xDEAD,
- 0xFF0F0104, 0xABCD,
- 0x034, 0x00006DEB,
- 0x034, 0x00005CEC,
- 0x034, 0x00004CE9,
- 0x034, 0x000038CA,
- 0x034, 0x00002889,
- 0x034, 0x00001489,
- 0x034, 0x0000044A,
- 0xFF0F0204, 0xCDEF,
+ 0xB0000000, 0x00000000,
+ 0x80000111, 0x00000000, 0x40000000, 0x00000000,
0x034, 0x00006DEB,
0x034, 0x00005CEC,
0x034, 0x00004CE9,
@@ -1600,7 +1635,7 @@ u32 RTL8821AE_RADIOA_ARRAY[] = {
0x034, 0x00002889,
0x034, 0x00001489,
0x034, 0x0000044A,
- 0xFF0F0404, 0xCDEF,
+ 0x90000110, 0x00000000, 0x40000000, 0x00000000,
0x034, 0x00006DEB,
0x034, 0x00005CEC,
0x034, 0x00004CE9,
@@ -1608,7 +1643,7 @@ u32 RTL8821AE_RADIOA_ARRAY[] = {
0x034, 0x00002889,
0x034, 0x00001489,
0x034, 0x0000044A,
- 0xFF0F02C0, 0xCDEF,
+ 0x9000020c, 0x00000000, 0x40000000, 0x00000000,
0x034, 0x0000608D,
0x034, 0x0000506B,
0x034, 0x0000404A,
@@ -1616,7 +1651,23 @@ u32 RTL8821AE_RADIOA_ARRAY[] = {
0x034, 0x00002044,
0x034, 0x00001025,
0x034, 0x00000004,
- 0xCDCDCDCD, 0xCDCD,
+ 0x9000040c, 0x00000000, 0x40000000, 0x00000000,
+ 0x034, 0x0000608D,
+ 0x034, 0x0000506B,
+ 0x034, 0x0000404A,
+ 0x034, 0x00003047,
+ 0x034, 0x00002044,
+ 0x034, 0x00001025,
+ 0x034, 0x00000004,
+ 0x90000410, 0x00000000, 0x40000000, 0x00000000,
+ 0x034, 0x00006DEB,
+ 0x034, 0x00005CEC,
+ 0x034, 0x00004CE9,
+ 0x034, 0x000038CA,
+ 0x034, 0x00002889,
+ 0x034, 0x00001489,
+ 0x034, 0x0000044A,
+ 0xA0000000, 0x00000000,
0x034, 0x00006DCD,
0x034, 0x00005CCD,
0x034, 0x00004CCA,
@@ -1624,11 +1675,11 @@ u32 RTL8821AE_RADIOA_ARRAY[] = {
0x034, 0x00002888,
0x034, 0x00001488,
0x034, 0x00000486,
- 0xFF0F0104, 0xDEAD,
+ 0xB0000000, 0x00000000,
0x0EF, 0x00000000,
0x018, 0x0001712A,
0x0EF, 0x00000040,
- 0xFF0F0104, 0xABCD,
+ 0x80000111, 0x00000000, 0x40000000, 0x00000000,
0x035, 0x00000187,
0x035, 0x00008187,
0x035, 0x00010187,
@@ -1638,7 +1689,7 @@ u32 RTL8821AE_RADIOA_ARRAY[] = {
0x035, 0x00040188,
0x035, 0x00048188,
0x035, 0x00050188,
- 0xFF0F0204, 0xCDEF,
+ 0x90000110, 0x00000000, 0x40000000, 0x00000000,
0x035, 0x00000187,
0x035, 0x00008187,
0x035, 0x00010187,
@@ -1648,7 +1699,37 @@ u32 RTL8821AE_RADIOA_ARRAY[] = {
0x035, 0x00040188,
0x035, 0x00048188,
0x035, 0x00050188,
- 0xFF0F0404, 0xCDEF,
+ 0x90000210, 0x00000000, 0x40000000, 0x00000000,
+ 0x035, 0x00000128,
+ 0x035, 0x00008128,
+ 0x035, 0x00010128,
+ 0x035, 0x000201C8,
+ 0x035, 0x000281C8,
+ 0x035, 0x000301C8,
+ 0x035, 0x000401C8,
+ 0x035, 0x000481C8,
+ 0x035, 0x000501C8,
+ 0x9000040c, 0x00000000, 0x40000000, 0x00000000,
+ 0x035, 0x00000145,
+ 0x035, 0x00008145,
+ 0x035, 0x00010145,
+ 0x035, 0x00020196,
+ 0x035, 0x00028196,
+ 0x035, 0x00030196,
+ 0x035, 0x000401C7,
+ 0x035, 0x000481C7,
+ 0x035, 0x000501C7,
+ 0x90000200, 0x00000000, 0x40000000, 0x00000000,
+ 0x035, 0x00000128,
+ 0x035, 0x00008128,
+ 0x035, 0x00010128,
+ 0x035, 0x000201C8,
+ 0x035, 0x000281C8,
+ 0x035, 0x000301C8,
+ 0x035, 0x000401C8,
+ 0x035, 0x000481C8,
+ 0x035, 0x000501C8,
+ 0x90000410, 0x00000000, 0x40000000, 0x00000000,
0x035, 0x00000187,
0x035, 0x00008187,
0x035, 0x00010187,
@@ -1658,7 +1739,7 @@ u32 RTL8821AE_RADIOA_ARRAY[] = {
0x035, 0x00040188,
0x035, 0x00048188,
0x035, 0x00050188,
- 0xCDCDCDCD, 0xCDCD,
+ 0xA0000000, 0x00000000,
0x035, 0x00000145,
0x035, 0x00008145,
0x035, 0x00010145,
@@ -1668,11 +1749,11 @@ u32 RTL8821AE_RADIOA_ARRAY[] = {
0x035, 0x000401C7,
0x035, 0x000481C7,
0x035, 0x000501C7,
- 0xFF0F0104, 0xDEAD,
+ 0xB0000000, 0x00000000,
0x0EF, 0x00000000,
0x018, 0x0001712A,
0x0EF, 0x00000010,
- 0xFF0F0104, 0xABCD,
+ 0x80000111, 0x00000000, 0x40000000, 0x00000000,
0x036, 0x00085733,
0x036, 0x0008D733,
0x036, 0x00095733,
@@ -1685,7 +1766,7 @@ u32 RTL8821AE_RADIOA_ARRAY[] = {
0x036, 0x000CE4B4,
0x036, 0x000D64B4,
0x036, 0x000DE4B4,
- 0xFF0F0204, 0xCDEF,
+ 0x90000110, 0x00000000, 0x40000000, 0x00000000,
0x036, 0x00085733,
0x036, 0x0008D733,
0x036, 0x00095733,
@@ -1698,7 +1779,46 @@ u32 RTL8821AE_RADIOA_ARRAY[] = {
0x036, 0x000CE4B4,
0x036, 0x000D64B4,
0x036, 0x000DE4B4,
- 0xFF0F0404, 0xCDEF,
+ 0x90000210, 0x00000000, 0x40000000, 0x00000000,
+ 0x036, 0x000063B5,
+ 0x036, 0x0000E3B5,
+ 0x036, 0x000163B5,
+ 0x036, 0x0001E3B5,
+ 0x036, 0x000263B5,
+ 0x036, 0x0002E3B5,
+ 0x036, 0x000363B5,
+ 0x036, 0x0003E3B5,
+ 0x036, 0x000463B5,
+ 0x036, 0x0004E3B5,
+ 0x036, 0x000563B5,
+ 0x036, 0x0005E3B5,
+ 0x9000040c, 0x00000000, 0x40000000, 0x00000000,
+ 0x036, 0x000056B3,
+ 0x036, 0x0000D6B3,
+ 0x036, 0x000156B3,
+ 0x036, 0x0001D6B3,
+ 0x036, 0x00026634,
+ 0x036, 0x0002E634,
+ 0x036, 0x00036634,
+ 0x036, 0x0003E634,
+ 0x036, 0x000467B4,
+ 0x036, 0x0004E7B4,
+ 0x036, 0x000567B4,
+ 0x036, 0x0005E7B4,
+ 0x90000200, 0x00000000, 0x40000000, 0x00000000,
+ 0x036, 0x000063B5,
+ 0x036, 0x0000E3B5,
+ 0x036, 0x000163B5,
+ 0x036, 0x0001E3B5,
+ 0x036, 0x000263B5,
+ 0x036, 0x0002E3B5,
+ 0x036, 0x000363B5,
+ 0x036, 0x0003E3B5,
+ 0x036, 0x000463B5,
+ 0x036, 0x0004E3B5,
+ 0x036, 0x000563B5,
+ 0x036, 0x0005E3B5,
+ 0x90000410, 0x00000000, 0x40000000, 0x00000000,
0x036, 0x00085733,
0x036, 0x0008D733,
0x036, 0x00095733,
@@ -1711,7 +1831,7 @@ u32 RTL8821AE_RADIOA_ARRAY[] = {
0x036, 0x000CE4B4,
0x036, 0x000D64B4,
0x036, 0x000DE4B4,
- 0xCDCDCDCD, 0xCDCD,
+ 0xA0000000, 0x00000000,
0x036, 0x000056B3,
0x036, 0x0000D6B3,
0x036, 0x000156B3,
@@ -1724,103 +1844,162 @@ u32 RTL8821AE_RADIOA_ARRAY[] = {
0x036, 0x0004E7B4,
0x036, 0x000567B4,
0x036, 0x0005E7B4,
- 0xFF0F0104, 0xDEAD,
+ 0xB0000000, 0x00000000,
0x0EF, 0x00000000,
0x0EF, 0x00000008,
- 0xFF0F0104, 0xABCD,
+ 0x80000111, 0x00000000, 0x40000000, 0x00000000,
0x03C, 0x000001C8,
0x03C, 0x00000492,
- 0xFF0F0204, 0xCDEF,
+ 0x90000110, 0x00000000, 0x40000000, 0x00000000,
0x03C, 0x000001C8,
0x03C, 0x00000492,
- 0xFF0F0404, 0xCDEF,
+ 0x90000210, 0x00000000, 0x40000000, 0x00000000,
+ 0x03C, 0x000001B6,
+ 0x03C, 0x00000492,
+ 0x9000040c, 0x00000000, 0x40000000, 0x00000000,
+ 0x03C, 0x0000022A,
+ 0x03C, 0x00000594,
+ 0x90000200, 0x00000000, 0x40000000, 0x00000000,
+ 0x03C, 0x000001B6,
+ 0x03C, 0x00000492,
+ 0x90000410, 0x00000000, 0x40000000, 0x00000000,
0x03C, 0x000001C8,
0x03C, 0x00000492,
- 0xCDCDCDCD, 0xCDCD,
+ 0xA0000000, 0x00000000,
0x03C, 0x0000022A,
0x03C, 0x00000594,
- 0xFF0F0104, 0xDEAD,
- 0xFF0F0104, 0xABCD,
+ 0xB0000000, 0x00000000,
+ 0x80000111, 0x00000000, 0x40000000, 0x00000000,
0x03C, 0x00000800,
- 0xFF0F0204, 0xCDEF,
+ 0x90000110, 0x00000000, 0x40000000, 0x00000000,
0x03C, 0x00000800,
- 0xFF0F0404, 0xCDEF,
+ 0x90000210, 0x00000000, 0x40000000, 0x00000000,
0x03C, 0x00000800,
- 0xFF0F02C0, 0xCDEF,
+ 0x9000020c, 0x00000000, 0x40000000, 0x00000000,
0x03C, 0x00000820,
- 0xCDCDCDCD, 0xCDCD,
+ 0x9000040c, 0x00000000, 0x40000000, 0x00000000,
+ 0x03C, 0x00000820,
+ 0x90000200, 0x00000000, 0x40000000, 0x00000000,
+ 0x03C, 0x00000800,
+ 0x90000410, 0x00000000, 0x40000000, 0x00000000,
+ 0x03C, 0x00000800,
+ 0xA0000000, 0x00000000,
0x03C, 0x00000900,
- 0xFF0F0104, 0xDEAD,
+ 0xB0000000, 0x00000000,
0x0EF, 0x00000000,
0x018, 0x0001712A,
0x0EF, 0x00000002,
- 0xFF0F0104, 0xABCD,
+ 0x80000111, 0x00000000, 0x40000000, 0x00000000,
0x008, 0x0004E400,
- 0xFF0F0204, 0xCDEF,
+ 0x90000110, 0x00000000, 0x40000000, 0x00000000,
0x008, 0x0004E400,
- 0xFF0F0404, 0xCDEF,
+ 0x90000210, 0x00000000, 0x40000000, 0x00000000,
+ 0x008, 0x00002000,
+ 0x9000020c, 0x00000000, 0x40000000, 0x00000000,
+ 0x008, 0x00002000,
+ 0x9000040c, 0x00000000, 0x40000000, 0x00000000,
+ 0x008, 0x00002000,
+ 0x90000200, 0x00000000, 0x40000000, 0x00000000,
+ 0x008, 0x00002000,
+ 0x90000410, 0x00000000, 0x40000000, 0x00000000,
0x008, 0x0004E400,
- 0xCDCDCDCD, 0xCDCD,
+ 0xA0000000, 0x00000000,
0x008, 0x00002000,
- 0xFF0F0104, 0xDEAD,
+ 0xB0000000, 0x00000000,
0x0EF, 0x00000000,
0x0DF, 0x000000C0,
- 0x01F, 0x00040064,
- 0xFF0F0104, 0xABCD,
+ 0x01F, 0x00000064,
+ 0x80000111, 0x00000000, 0x40000000, 0x00000000,
0x058, 0x000A7284,
0x059, 0x000600EC,
- 0xFF0F0204, 0xCDEF,
+ 0x90000110, 0x00000000, 0x40000000, 0x00000000,
0x058, 0x000A7284,
0x059, 0x000600EC,
- 0xFF0F0404, 0xCDEF,
+ 0x9000020c, 0x00000000, 0x40000000, 0x00000000,
+ 0x058, 0x00081184,
+ 0x059, 0x0006016C,
+ 0x9000040c, 0x00000000, 0x40000000, 0x00000000,
+ 0x058, 0x00081184,
+ 0x059, 0x0006016C,
+ 0x90000200, 0x00000000, 0x40000000, 0x00000000,
+ 0x058, 0x00081184,
+ 0x059, 0x0006016C,
+ 0x90000410, 0x00000000, 0x40000000, 0x00000000,
0x058, 0x000A7284,
0x059, 0x000600EC,
- 0xCDCDCDCD, 0xCDCD,
+ 0xA0000000, 0x00000000,
0x058, 0x00081184,
0x059, 0x0006016C,
- 0xFF0F0104, 0xDEAD,
- 0xFF0F0104, 0xABCD,
+ 0xB0000000, 0x00000000,
+ 0x80000111, 0x00000000, 0x40000000, 0x00000000,
0x061, 0x000E8D73,
0x062, 0x00093FC5,
- 0xFF0F0204, 0xCDEF,
+ 0x90000110, 0x00000000, 0x40000000, 0x00000000,
0x061, 0x000E8D73,
0x062, 0x00093FC5,
- 0xFF0F0404, 0xCDEF,
+ 0x90000210, 0x00000000, 0x40000000, 0x00000000,
+ 0x061, 0x000EFD83,
+ 0x062, 0x00093FCC,
+ 0x9000040c, 0x00000000, 0x40000000, 0x00000000,
+ 0x061, 0x000EAD53,
+ 0x062, 0x00093BC4,
+ 0x90000200, 0x00000000, 0x40000000, 0x00000000,
+ 0x061, 0x000EFD83,
+ 0x062, 0x00093FCC,
+ 0x90000410, 0x00000000, 0x40000000, 0x00000000,
0x061, 0x000E8D73,
0x062, 0x00093FC5,
- 0xCDCDCDCD, 0xCDCD,
+ 0xA0000000, 0x00000000,
0x061, 0x000EAD53,
0x062, 0x00093BC4,
- 0xFF0F0104, 0xDEAD,
- 0xFF0F0104, 0xABCD,
+ 0xB0000000, 0x00000000,
+ 0x80000111, 0x00000000, 0x40000000, 0x00000000,
0x063, 0x000110E9,
- 0xFF0F0204, 0xCDEF,
+ 0x90000110, 0x00000000, 0x40000000, 0x00000000,
0x063, 0x000110E9,
- 0xFF0F0404, 0xCDEF,
+ 0x90000210, 0x00000000, 0x40000000, 0x00000000,
+ 0x063, 0x000110EB,
+ 0x9000020c, 0x00000000, 0x40000000, 0x00000000,
0x063, 0x000110E9,
- 0xFF0F0200, 0xCDEF,
- 0x063, 0x000710E9,
- 0xFF0F02C0, 0xCDEF,
+ 0x9000040c, 0x00000000, 0x40000000, 0x00000000,
0x063, 0x000110E9,
- 0xCDCDCDCD, 0xCDCD,
+ 0x90000200, 0x00000000, 0x40000000, 0x00000000,
+ 0x063, 0x000110EB,
+ 0x90000410, 0x00000000, 0x40000000, 0x00000000,
+ 0x063, 0x000110E9,
+ 0xA0000000, 0x00000000,
0x063, 0x000714E9,
- 0xFF0F0104, 0xDEAD,
- 0xFF0F0104, 0xABCD,
+ 0xB0000000, 0x00000000,
+ 0x80000111, 0x00000000, 0x40000000, 0x00000000,
+ 0x064, 0x0001C27C,
+ 0x90000110, 0x00000000, 0x40000000, 0x00000000,
+ 0x064, 0x0001C27C,
+ 0x90000210, 0x00000000, 0x40000000, 0x00000000,
0x064, 0x0001C27C,
- 0xFF0F0204, 0xCDEF,
+ 0x9000040c, 0x00000000, 0x40000000, 0x00000000,
+ 0x064, 0x0001C67C,
+ 0x90000200, 0x00000000, 0x40000000, 0x00000000,
0x064, 0x0001C27C,
- 0xFF0F0404, 0xCDEF,
+ 0x90000410, 0x00000000, 0x40000000, 0x00000000,
0x064, 0x0001C27C,
- 0xCDCDCDCD, 0xCDCD,
+ 0xA0000000, 0x00000000,
0x064, 0x0001C67C,
- 0xFF0F0104, 0xDEAD,
- 0xFF0F0200, 0xABCD,
+ 0xB0000000, 0x00000000,
+ 0x80000111, 0x00000000, 0x40000000, 0x00000000,
+ 0x065, 0x00091016,
+ 0x90000110, 0x00000000, 0x40000000, 0x00000000,
+ 0x065, 0x00091016,
+ 0x90000210, 0x00000000, 0x40000000, 0x00000000,
0x065, 0x00093016,
- 0xFF0F02C0, 0xCDEF,
+ 0x9000020c, 0x00000000, 0x40000000, 0x00000000,
0x065, 0x00093015,
- 0xCDCDCDCD, 0xCDCD,
+ 0x9000040c, 0x00000000, 0x40000000, 0x00000000,
+ 0x065, 0x00093015,
+ 0x90000200, 0x00000000, 0x40000000, 0x00000000,
+ 0x065, 0x00093016,
+ 0xA0000000, 0x00000000,
0x065, 0x00091016,
- 0xFF0F0200, 0xDEAD,
+ 0xB0000000, 0x00000000,
0x018, 0x00000006,
0x0EF, 0x00002000,
0x03B, 0x0003824B,
@@ -1918,9 +2097,10 @@ u32 RTL8821AE_RADIOA_ARRAY[] = {
0x0B4, 0x0001214C,
0x0B7, 0x0003000C,
0x01C, 0x000539D2,
+ 0x0C4, 0x000AFE00,
0x018, 0x0001F12A,
- 0x0FE, 0x00000000,
- 0x0FE, 0x00000000,
+ 0xFFE, 0x00000000,
+ 0xFFE, 0x00000000,
0x018, 0x0001712A,
};
@@ -2040,6 +2220,7 @@ u32 RTL8812AE_MAC_REG_ARRAY[] = {
u32 RTL8812AE_MAC_1T_ARRAYLEN = ARRAY_SIZE(RTL8812AE_MAC_REG_ARRAY);
u32 RTL8821AE_MAC_REG_ARRAY[] = {
+ 0x421, 0x0000000F,
0x428, 0x0000000A,
0x429, 0x00000010,
0x430, 0x00000000,
@@ -2508,7 +2689,7 @@ u32 RTL8821AE_AGC_TAB_ARRAY[] = {
0x81C, 0xA6360001,
0x81C, 0xA5380001,
0x81C, 0xA43A0001,
- 0x81C, 0xA33C0001,
+ 0x81C, 0x683C0001,
0x81C, 0x673E0001,
0x81C, 0x66400001,
0x81C, 0x65420001,
@@ -2542,7 +2723,66 @@ u32 RTL8821AE_AGC_TAB_ARRAY[] = {
0x81C, 0x017A0001,
0x81C, 0x017C0001,
0x81C, 0x017E0001,
- 0xFF0F02C0, 0xABCD,
+ 0x8000020c, 0x00000000, 0x40000000, 0x00000000,
+ 0x81C, 0xFB000101,
+ 0x81C, 0xFA020101,
+ 0x81C, 0xF9040101,
+ 0x81C, 0xF8060101,
+ 0x81C, 0xF7080101,
+ 0x81C, 0xF60A0101,
+ 0x81C, 0xF50C0101,
+ 0x81C, 0xF40E0101,
+ 0x81C, 0xF3100101,
+ 0x81C, 0xF2120101,
+ 0x81C, 0xF1140101,
+ 0x81C, 0xF0160101,
+ 0x81C, 0xEF180101,
+ 0x81C, 0xEE1A0101,
+ 0x81C, 0xED1C0101,
+ 0x81C, 0xEC1E0101,
+ 0x81C, 0xEB200101,
+ 0x81C, 0xEA220101,
+ 0x81C, 0xE9240101,
+ 0x81C, 0xE8260101,
+ 0x81C, 0xE7280101,
+ 0x81C, 0xE62A0101,
+ 0x81C, 0xE52C0101,
+ 0x81C, 0xE42E0101,
+ 0x81C, 0xE3300101,
+ 0x81C, 0xA5320101,
+ 0x81C, 0xA4340101,
+ 0x81C, 0xA3360101,
+ 0x81C, 0x87380101,
+ 0x81C, 0x863A0101,
+ 0x81C, 0x853C0101,
+ 0x81C, 0x843E0101,
+ 0x81C, 0x69400101,
+ 0x81C, 0x68420101,
+ 0x81C, 0x67440101,
+ 0x81C, 0x66460101,
+ 0x81C, 0x49480101,
+ 0x81C, 0x484A0101,
+ 0x81C, 0x474C0101,
+ 0x81C, 0x2A4E0101,
+ 0x81C, 0x29500101,
+ 0x81C, 0x28520101,
+ 0x81C, 0x27540101,
+ 0x81C, 0x26560101,
+ 0x81C, 0x25580101,
+ 0x81C, 0x245A0101,
+ 0x81C, 0x235C0101,
+ 0x81C, 0x055E0101,
+ 0x81C, 0x04600101,
+ 0x81C, 0x03620101,
+ 0x81C, 0x02640101,
+ 0x81C, 0x01660101,
+ 0x81C, 0x01680101,
+ 0x81C, 0x016A0101,
+ 0x81C, 0x016C0101,
+ 0x81C, 0x016E0101,
+ 0x81C, 0x01700101,
+ 0x81C, 0x01720101,
+ 0x9000040c, 0x00000000, 0x40000000, 0x00000000,
0x81C, 0xFB000101,
0x81C, 0xFA020101,
0x81C, 0xF9040101,
@@ -2601,7 +2841,7 @@ u32 RTL8821AE_AGC_TAB_ARRAY[] = {
0x81C, 0x016E0101,
0x81C, 0x01700101,
0x81C, 0x01720101,
- 0xCDCDCDCD, 0xCDCD,
+ 0xA0000000, 0x00000000,
0x81C, 0xFF000101,
0x81C, 0xFF020101,
0x81C, 0xFE040101,
@@ -2660,7 +2900,7 @@ u32 RTL8821AE_AGC_TAB_ARRAY[] = {
0x81C, 0x046E0101,
0x81C, 0x03700101,
0x81C, 0x02720101,
- 0xFF0F02C0, 0xDEAD,
+ 0xB0000000, 0x00000000,
0x81C, 0x01740101,
0x81C, 0x01760101,
0x81C, 0x01780101,
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 276/425] i2c: sh7760: fix IRQ error path
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (274 preceding siblings ...)
2021-05-20 9:20 ` [PATCH 4.19 275/425] rtlwifi: 8821ae: upgrade PHY and RF parameters Greg Kroah-Hartman
@ 2021-05-20 9:20 ` Greg Kroah-Hartman
2021-05-20 9:20 ` [PATCH 4.19 277/425] mwl8k: Fix a double Free in mwl8k_probe_hw Greg Kroah-Hartman
` (155 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:20 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Sergey Shtylyov, Wolfram Sang, Sasha Levin
From: Sergey Shtylyov <s.shtylyov@omprussia.ru>
[ Upstream commit 92dfb27240fea2776f61c5422472cb6defca7767 ]
While adding the invalid IRQ check after calling platform_get_irq(),
I managed to overlook that the driver has a complex error path in its
probe() method, thus a simple *return* couldn't be used. Use a proper
*goto* instead!
Fixes: e5b2e3e74201 ("i2c: sh7760: add IRQ check")
Signed-off-by: Sergey Shtylyov <s.shtylyov@omprussia.ru>
Signed-off-by: Wolfram Sang <wsa@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/i2c/busses/i2c-sh7760.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/i2c/busses/i2c-sh7760.c b/drivers/i2c/busses/i2c-sh7760.c
index c79c9f542c5a..319d1fa617c8 100644
--- a/drivers/i2c/busses/i2c-sh7760.c
+++ b/drivers/i2c/busses/i2c-sh7760.c
@@ -473,7 +473,7 @@ static int sh7760_i2c_probe(struct platform_device *pdev)
ret = platform_get_irq(pdev, 0);
if (ret < 0)
- return ret;
+ goto out3;
id->irq = ret;
id->adap.nr = pdev->id;
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 277/425] mwl8k: Fix a double Free in mwl8k_probe_hw
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (275 preceding siblings ...)
2021-05-20 9:20 ` [PATCH 4.19 276/425] i2c: sh7760: fix IRQ error path Greg Kroah-Hartman
@ 2021-05-20 9:20 ` Greg Kroah-Hartman
2021-05-20 9:20 ` [PATCH 4.19 278/425] vsock/vmci: log once the failed queue pair allocation Greg Kroah-Hartman
` (154 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:20 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Lv Yunlong, Kalle Valo, Sasha Levin
From: Lv Yunlong <lyl2019@mail.ustc.edu.cn>
[ Upstream commit a8e083ee8e2a6c94c29733835adae8bf5b832748 ]
In mwl8k_probe_hw, hw->priv->txq is freed at the first time by
dma_free_coherent() in the call chain:
if(!priv->ap_fw)->mwl8k_init_txqs(hw)->mwl8k_txq_init(hw, i).
Then in err_free_queues of mwl8k_probe_hw, hw->priv->txq is freed
at the second time by mwl8k_txq_deinit(hw, i)->dma_free_coherent().
My patch set txq->txd to NULL after the first free to avoid the
double free.
Fixes: a66098daacee2 ("mwl8k: Marvell TOPDOG wireless driver")
Signed-off-by: Lv Yunlong <lyl2019@mail.ustc.edu.cn>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/20210402182627.4256-1-lyl2019@mail.ustc.edu.cn
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/marvell/mwl8k.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/net/wireless/marvell/mwl8k.c b/drivers/net/wireless/marvell/mwl8k.c
index ffc565ac2192..6769b0c5a5cd 100644
--- a/drivers/net/wireless/marvell/mwl8k.c
+++ b/drivers/net/wireless/marvell/mwl8k.c
@@ -1469,6 +1469,7 @@ static int mwl8k_txq_init(struct ieee80211_hw *hw, int index)
txq->skb = kcalloc(MWL8K_TX_DESCS, sizeof(*txq->skb), GFP_KERNEL);
if (txq->skb == NULL) {
pci_free_consistent(priv->pdev, size, txq->txd, txq->txd_dma);
+ txq->txd = NULL;
return -ENOMEM;
}
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 278/425] vsock/vmci: log once the failed queue pair allocation
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (276 preceding siblings ...)
2021-05-20 9:20 ` [PATCH 4.19 277/425] mwl8k: Fix a double Free in mwl8k_probe_hw Greg Kroah-Hartman
@ 2021-05-20 9:20 ` Greg Kroah-Hartman
2021-05-20 9:20 ` [PATCH 4.19 279/425] RDMA/i40iw: Fix error unwinding when i40iw_hmc_sd_one fails Greg Kroah-Hartman
` (153 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:20 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Stefano Garzarella, Jorgen Hansen,
David S. Miller, Sasha Levin
From: Stefano Garzarella <sgarzare@redhat.com>
[ Upstream commit e16edc99d658cd41c60a44cc14d170697aa3271f ]
VMCI feature is not supported in conjunction with the vSphere Fault
Tolerance (FT) feature.
VMware Tools can repeatedly try to create a vsock connection. If FT is
enabled the kernel logs is flooded with the following messages:
qp_alloc_hypercall result = -20
Could not attach to queue pair with -20
"qp_alloc_hypercall result = -20" was hidden by commit e8266c4c3307
("VMCI: Stop log spew when qp allocation isn't possible"), but "Could
not attach to queue pair with -20" is still there flooding the log.
Since the error message can be useful in some cases, print it only once.
Fixes: d021c344051a ("VSOCK: Introduce VM Sockets")
Signed-off-by: Stefano Garzarella <sgarzare@redhat.com>
Reviewed-by: Jorgen Hansen <jhansen@vmware.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/vmw_vsock/vmci_transport.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/net/vmw_vsock/vmci_transport.c b/net/vmw_vsock/vmci_transport.c
index c3d5ab01fba7..42ab3e2ac060 100644
--- a/net/vmw_vsock/vmci_transport.c
+++ b/net/vmw_vsock/vmci_transport.c
@@ -584,8 +584,7 @@ vmci_transport_queue_pair_alloc(struct vmci_qp **qpair,
peer, flags, VMCI_NO_PRIVILEGE_FLAGS);
out:
if (err < 0) {
- pr_err("Could not attach to queue pair with %d\n",
- err);
+ pr_err_once("Could not attach to queue pair with %d\n", err);
err = vmci_transport_error_to_vsock_error(err);
}
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 279/425] RDMA/i40iw: Fix error unwinding when i40iw_hmc_sd_one fails
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (277 preceding siblings ...)
2021-05-20 9:20 ` [PATCH 4.19 278/425] vsock/vmci: log once the failed queue pair allocation Greg Kroah-Hartman
@ 2021-05-20 9:20 ` Greg Kroah-Hartman
2021-05-20 9:20 ` [PATCH 4.19 280/425] ALSA: usb: midi: dont return -ENOMEM when usb_urb_ep_type_check fails Greg Kroah-Hartman
` (152 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:20 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dan Carpenter, Sindhu Devale,
Shiraz Saleem, Jason Gunthorpe, Sasha Levin
From: Sindhu Devale <sindhu.devale@intel.com>
[ Upstream commit 783a11bf2400e5d5c42a943c3083dc0330751842 ]
When i40iw_hmc_sd_one fails, chunk is freed without the deletion of chunk
entry in the PBLE info list.
Fix it by adding the chunk entry to the PBLE info list only after
successful addition of SD in i40iw_hmc_sd_one.
This fixes a static checker warning reported here:
https://lore.kernel.org/linux-rdma/YHV4CFXzqTm23AOZ@mwanda/
Fixes: 9715830157be ("i40iw: add pble resource files")
Link: https://lore.kernel.org/r/20210416002104.323-1-shiraz.saleem@intel.com
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Sindhu Devale <sindhu.devale@intel.com>
Signed-off-by: Shiraz Saleem <shiraz.saleem@intel.com>
Signed-off-by: Jason Gunthorpe <jgg@nvidia.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/infiniband/hw/i40iw/i40iw_pble.c | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/drivers/infiniband/hw/i40iw/i40iw_pble.c b/drivers/infiniband/hw/i40iw/i40iw_pble.c
index 540aab5e502d..3fafc5424e76 100644
--- a/drivers/infiniband/hw/i40iw/i40iw_pble.c
+++ b/drivers/infiniband/hw/i40iw/i40iw_pble.c
@@ -392,12 +392,9 @@ static enum i40iw_status_code add_pble_pool(struct i40iw_sc_dev *dev,
i40iw_debug(dev, I40IW_DEBUG_PBLE, "next_fpm_addr = %llx chunk_size[%u] = 0x%x\n",
pble_rsrc->next_fpm_addr, chunk->size, chunk->size);
pble_rsrc->unallocated_pble -= (chunk->size >> 3);
- list_add(&chunk->list, &pble_rsrc->pinfo.clist);
sd_reg_val = (sd_entry_type == I40IW_SD_TYPE_PAGED) ?
sd_entry->u.pd_table.pd_page_addr.pa : sd_entry->u.bp.addr.pa;
- if (sd_entry->valid)
- return 0;
- if (dev->is_pf) {
+ if (dev->is_pf && !sd_entry->valid) {
ret_code = i40iw_hmc_sd_one(dev, hmc_info->hmc_fn_id,
sd_reg_val, idx->sd_idx,
sd_entry->entry_type, true);
@@ -408,6 +405,7 @@ static enum i40iw_status_code add_pble_pool(struct i40iw_sc_dev *dev,
}
sd_entry->valid = true;
+ list_add(&chunk->list, &pble_rsrc->pinfo.clist);
return 0;
error:
kfree(chunk);
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 280/425] ALSA: usb: midi: dont return -ENOMEM when usb_urb_ep_type_check fails
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (278 preceding siblings ...)
2021-05-20 9:20 ` [PATCH 4.19 279/425] RDMA/i40iw: Fix error unwinding when i40iw_hmc_sd_one fails Greg Kroah-Hartman
@ 2021-05-20 9:20 ` Greg Kroah-Hartman
2021-05-20 9:20 ` [PATCH 4.19 281/425] net: davinci_emac: Fix incorrect masking of tx and rx error channel Greg Kroah-Hartman
` (151 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:20 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Colin Ian King, Takashi Iwai, Sasha Levin
From: Colin Ian King <colin.king@canonical.com>
[ Upstream commit cfd577acb769301b19c31361d45ae1f145318b7a ]
Currently when the call to usb_urb_ep_type_check fails (returning -EINVAL)
the error return path returns -ENOMEM via the exit label "error". Other
uses of the same error exit label set the err variable to -ENOMEM but this
is not being used. I believe the original intent was for the error exit
path to return the value in err rather than the hard coded -ENOMEM, so
return this rather than the hard coded -ENOMEM.
Addresses-Coverity: ("Unused value")
Fixes: 738d9edcfd44 ("ALSA: usb-audio: Add sanity checks for invalid EPs")
Signed-off-by: Colin Ian King <colin.king@canonical.com>
Link: https://lore.kernel.org/r/20210420134719.381409-1-colin.king@canonical.com
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/usb/midi.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/sound/usb/midi.c b/sound/usb/midi.c
index 26548f760bc1..4553db0ef084 100644
--- a/sound/usb/midi.c
+++ b/sound/usb/midi.c
@@ -1333,7 +1333,7 @@ static int snd_usbmidi_in_endpoint_create(struct snd_usb_midi *umidi,
error:
snd_usbmidi_in_endpoint_delete(ep);
- return -ENOMEM;
+ return err;
}
/*
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 281/425] net: davinci_emac: Fix incorrect masking of tx and rx error channel
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (279 preceding siblings ...)
2021-05-20 9:20 ` [PATCH 4.19 280/425] ALSA: usb: midi: dont return -ENOMEM when usb_urb_ep_type_check fails Greg Kroah-Hartman
@ 2021-05-20 9:20 ` Greg Kroah-Hartman
2021-05-20 9:20 ` [PATCH 4.19 282/425] ath9k: Fix error check in ath9k_hw_read_revisions() for PCI devices Greg Kroah-Hartman
` (150 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:20 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Colin Ian King, David S. Miller, Sasha Levin
From: Colin Ian King <colin.king@canonical.com>
[ Upstream commit d83b8aa5207d81f9f6daec9888390f079cc5db3f ]
The bit-masks used for the TXERRCH and RXERRCH (tx and rx error channels)
are incorrect and always lead to a zero result. The mask values are
currently the incorrect post-right shifted values, fix this by setting
them to the currect values.
(I double checked these against the TMS320TCI6482 data sheet, section
5.30, page 127 to ensure I had the correct mask values for the TXERRCH
and RXERRCH fields in the MACSTATUS register).
Addresses-Coverity: ("Operands don't affect result")
Fixes: a6286ee630f6 ("net: Add TI DaVinci EMAC driver")
Signed-off-by: Colin Ian King <colin.king@canonical.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/ti/davinci_emac.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/net/ethernet/ti/davinci_emac.c b/drivers/net/ethernet/ti/davinci_emac.c
index f270beebb428..9bb84d83afc1 100644
--- a/drivers/net/ethernet/ti/davinci_emac.c
+++ b/drivers/net/ethernet/ti/davinci_emac.c
@@ -183,11 +183,11 @@ static const char emac_version_string[] = "TI DaVinci EMAC Linux v6.1";
/* EMAC mac_status register */
#define EMAC_MACSTATUS_TXERRCODE_MASK (0xF00000)
#define EMAC_MACSTATUS_TXERRCODE_SHIFT (20)
-#define EMAC_MACSTATUS_TXERRCH_MASK (0x7)
+#define EMAC_MACSTATUS_TXERRCH_MASK (0x70000)
#define EMAC_MACSTATUS_TXERRCH_SHIFT (16)
#define EMAC_MACSTATUS_RXERRCODE_MASK (0xF000)
#define EMAC_MACSTATUS_RXERRCODE_SHIFT (12)
-#define EMAC_MACSTATUS_RXERRCH_MASK (0x7)
+#define EMAC_MACSTATUS_RXERRCH_MASK (0x700)
#define EMAC_MACSTATUS_RXERRCH_SHIFT (8)
/* EMAC RX register masks */
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 282/425] ath9k: Fix error check in ath9k_hw_read_revisions() for PCI devices
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (280 preceding siblings ...)
2021-05-20 9:20 ` [PATCH 4.19 281/425] net: davinci_emac: Fix incorrect masking of tx and rx error channel Greg Kroah-Hartman
@ 2021-05-20 9:20 ` Greg Kroah-Hartman
2021-05-20 9:20 ` [PATCH 4.19 283/425] ath10k: Fix ath10k_wmi_tlv_op_pull_peer_stats_info() unlock without lock Greg Kroah-Hartman
` (149 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:20 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Toke Høiland-Jørgensen,
Lorenzo Bianconi, Kalle Valo, Sasha Levin
From: Toke Høiland-Jørgensen <toke@redhat.com>
[ Upstream commit 7dd9a40fd6e0d0f1fd8e1931c007e080801dfdce ]
When the error check in ath9k_hw_read_revisions() was added, it checked for
-EIO which is what ath9k_regread() in the ath9k_htc driver uses. However,
for plain ath9k, the register read function uses ioread32(), which just
returns -1 on error. So if such a read fails, it still gets passed through
and ends up as a weird mac revision in the log output.
Fix this by changing ath9k_regread() to return -1 on error like ioread32()
does, and fix the error check to look for that instead of -EIO.
Fixes: 2f90c7e5d094 ("ath9k: Check for errors when reading SREV register")
Signed-off-by: Toke Høiland-Jørgensen <toke@redhat.com>
Reviewed-by: Lorenzo Bianconi <lorenzo@kernel.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/20210326180819.142480-1-toke@redhat.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/ath/ath9k/htc_drv_init.c | 2 +-
drivers/net/wireless/ath/ath9k/hw.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/net/wireless/ath/ath9k/htc_drv_init.c b/drivers/net/wireless/ath/ath9k/htc_drv_init.c
index 27d9fe6799f5..cb136d9d4621 100644
--- a/drivers/net/wireless/ath/ath9k/htc_drv_init.c
+++ b/drivers/net/wireless/ath/ath9k/htc_drv_init.c
@@ -246,7 +246,7 @@ static unsigned int ath9k_regread(void *hw_priv, u32 reg_offset)
if (unlikely(r)) {
ath_dbg(common, WMI, "REGISTER READ FAILED: (0x%04x, %d)\n",
reg_offset, r);
- return -EIO;
+ return -1;
}
return be32_to_cpu(val);
diff --git a/drivers/net/wireless/ath/ath9k/hw.c b/drivers/net/wireless/ath/ath9k/hw.c
index b4f7ee423d40..9f438d8e59f2 100644
--- a/drivers/net/wireless/ath/ath9k/hw.c
+++ b/drivers/net/wireless/ath/ath9k/hw.c
@@ -287,7 +287,7 @@ static bool ath9k_hw_read_revisions(struct ath_hw *ah)
srev = REG_READ(ah, AR_SREV);
- if (srev == -EIO) {
+ if (srev == -1) {
ath_err(ath9k_hw_common(ah),
"Failed to read SREV register");
return false;
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 283/425] ath10k: Fix ath10k_wmi_tlv_op_pull_peer_stats_info() unlock without lock
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (281 preceding siblings ...)
2021-05-20 9:20 ` [PATCH 4.19 282/425] ath9k: Fix error check in ath9k_hw_read_revisions() for PCI devices Greg Kroah-Hartman
@ 2021-05-20 9:20 ` Greg Kroah-Hartman
2021-05-20 9:20 ` [PATCH 4.19 284/425] powerpc/52xx: Fix an invalid ASM expression (addi used instead of add) Greg Kroah-Hartman
` (148 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:20 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Pavel Machek, Shuah Khan, Kalle Valo,
Sasha Levin
From: Shuah Khan <skhan@linuxfoundation.org>
[ Upstream commit eaaf52e4b866f265eb791897d622961293fd48c1 ]
ath10k_wmi_tlv_op_pull_peer_stats_info() could try to unlock RCU lock
winthout locking it first when peer reason doesn't match the valid
cases for this function.
Add a default case to return without unlocking.
Fixes: 09078368d516 ("ath10k: hold RCU lock when calling ieee80211_find_sta_by_ifaddr()")
Reported-by: Pavel Machek <pavel@ucw.cz>
Signed-off-by: Shuah Khan <skhan@linuxfoundation.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/20210406230228.31301-1-skhan@linuxfoundation.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/ath/ath10k/wmi-tlv.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/net/wireless/ath/ath10k/wmi-tlv.c b/drivers/net/wireless/ath/ath10k/wmi-tlv.c
index 04dc5714aa72..243887fdb343 100644
--- a/drivers/net/wireless/ath/ath10k/wmi-tlv.c
+++ b/drivers/net/wireless/ath/ath10k/wmi-tlv.c
@@ -465,6 +465,9 @@ static void ath10k_wmi_event_tdls_peer(struct ath10k *ar, struct sk_buff *skb)
GFP_ATOMIC
);
break;
+ default:
+ kfree(tb);
+ return;
}
exit:
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 284/425] powerpc/52xx: Fix an invalid ASM expression (addi used instead of add)
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (282 preceding siblings ...)
2021-05-20 9:20 ` [PATCH 4.19 283/425] ath10k: Fix ath10k_wmi_tlv_op_pull_peer_stats_info() unlock without lock Greg Kroah-Hartman
@ 2021-05-20 9:20 ` Greg Kroah-Hartman
2021-05-20 9:20 ` [PATCH 4.19 285/425] bnxt_en: fix ternary sign extension bug in bnxt_show_temp() Greg Kroah-Hartman
` (147 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:20 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Christophe Leroy, Michael Ellerman,
Sasha Levin
From: Christophe Leroy <christophe.leroy@csgroup.eu>
[ Upstream commit 8a87a507714386efc39c3ae6fa24d4f79846b522 ]
AS arch/powerpc/platforms/52xx/lite5200_sleep.o
arch/powerpc/platforms/52xx/lite5200_sleep.S: Assembler messages:
arch/powerpc/platforms/52xx/lite5200_sleep.S:184: Warning: invalid register expression
In the following code, 'addi' is wrong, has to be 'add'
/* local udelay in sram is needed */
udelay: /* r11 - tb_ticks_per_usec, r12 - usecs, overwrites r13 */
mullw r12, r12, r11
mftb r13 /* start */
addi r12, r13, r12 /* end */
Fixes: ee983079ce04 ("[POWERPC] MPC5200 low power mode")
Signed-off-by: Christophe Leroy <christophe.leroy@csgroup.eu>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/cb4cec9131c8577803367f1699209a7e104cec2a.1619025821.git.christophe.leroy@csgroup.eu
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/powerpc/platforms/52xx/lite5200_sleep.S | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/powerpc/platforms/52xx/lite5200_sleep.S b/arch/powerpc/platforms/52xx/lite5200_sleep.S
index 3a9969c429b3..054f927bfef9 100644
--- a/arch/powerpc/platforms/52xx/lite5200_sleep.S
+++ b/arch/powerpc/platforms/52xx/lite5200_sleep.S
@@ -181,7 +181,7 @@ sram_code:
udelay: /* r11 - tb_ticks_per_usec, r12 - usecs, overwrites r13 */
mullw r12, r12, r11
mftb r13 /* start */
- addi r12, r13, r12 /* end */
+ add r12, r13, r12 /* end */
1:
mftb r13 /* current */
cmp cr0, r13, r12
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 285/425] bnxt_en: fix ternary sign extension bug in bnxt_show_temp()
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (283 preceding siblings ...)
2021-05-20 9:20 ` [PATCH 4.19 284/425] powerpc/52xx: Fix an invalid ASM expression (addi used instead of add) Greg Kroah-Hartman
@ 2021-05-20 9:20 ` Greg Kroah-Hartman
2021-05-20 9:20 ` [PATCH 4.19 286/425] ARM: dts: uniphier: Change phy-mode to RGMII-ID to enable delay pins for RTL8211E Greg Kroah-Hartman
` (146 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:20 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dan Carpenter, David S. Miller, Sasha Levin
From: Dan Carpenter <dan.carpenter@oracle.com>
[ Upstream commit 27537929f30d3136a71ef29db56127a33c92dad7 ]
The problem is that bnxt_show_temp() returns long but "rc" is an int
and "len" is a u32. With ternary operations the type promotion is quite
tricky. The negative "rc" is first promoted to u32 and then to long so
it ends up being a high positive value instead of a a negative as we
intended.
Fix this by removing the ternary.
Fixes: d69753fa1ecb ("bnxt_en: return proper error codes in bnxt_show_temp")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/broadcom/bnxt/bnxt.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt.c b/drivers/net/ethernet/broadcom/bnxt/bnxt.c
index 44ed2f6e2d96..6033970fb667 100644
--- a/drivers/net/ethernet/broadcom/bnxt/bnxt.c
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt.c
@@ -6851,7 +6851,9 @@ static ssize_t bnxt_show_temp(struct device *dev,
if (!rc)
len = sprintf(buf, "%u\n", resp->temp * 1000); /* display millidegree */
mutex_unlock(&bp->hwrm_cmd_lock);
- return rc ?: len;
+ if (rc)
+ return rc;
+ return len;
}
static SENSOR_DEVICE_ATTR(temp1_input, 0444, bnxt_show_temp, NULL, 0);
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 286/425] ARM: dts: uniphier: Change phy-mode to RGMII-ID to enable delay pins for RTL8211E
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (284 preceding siblings ...)
2021-05-20 9:20 ` [PATCH 4.19 285/425] bnxt_en: fix ternary sign extension bug in bnxt_show_temp() Greg Kroah-Hartman
@ 2021-05-20 9:20 ` Greg Kroah-Hartman
2021-05-20 9:20 ` [PATCH 4.19 287/425] arm64: " Greg Kroah-Hartman
` (145 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:20 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Kunihiko Hayashi, David S. Miller,
Sasha Levin
From: Kunihiko Hayashi <hayashi.kunihiko@socionext.com>
[ Upstream commit 9ba585cc5b56ea14a453ba6be9bdb984ed33471a ]
UniPhier PXs2 boards have RTL8211E ethernet phy, and the phy have the RX/TX
delays of RGMII interface using pull-ups on the RXDLY and TXDLY pins.
After the commit bbc4d71d6354 ("net: phy: realtek: fix rtl8211e rx/tx
delay config"), the delays are working correctly, however, "rgmii" means
no delay and the phy doesn't work. So need to set the phy-mode to
"rgmii-id" to show that RX/TX delays are enabled.
Fixes: e3cc931921d2 ("ARM: dts: uniphier: add AVE ethernet node")
Signed-off-by: Kunihiko Hayashi <hayashi.kunihiko@socionext.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/boot/dts/uniphier-pxs2.dtsi | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/arm/boot/dts/uniphier-pxs2.dtsi b/arch/arm/boot/dts/uniphier-pxs2.dtsi
index e2d1a22c5950..d8a32104aad0 100644
--- a/arch/arm/boot/dts/uniphier-pxs2.dtsi
+++ b/arch/arm/boot/dts/uniphier-pxs2.dtsi
@@ -513,7 +513,7 @@
clocks = <&sys_clk 6>;
reset-names = "ether";
resets = <&sys_rst 6>;
- phy-mode = "rgmii";
+ phy-mode = "rgmii-id";
local-mac-address = [00 00 00 00 00 00];
socionext,syscon-phy-mode = <&soc_glue 0>;
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 287/425] arm64: dts: uniphier: Change phy-mode to RGMII-ID to enable delay pins for RTL8211E
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (285 preceding siblings ...)
2021-05-20 9:20 ` [PATCH 4.19 286/425] ARM: dts: uniphier: Change phy-mode to RGMII-ID to enable delay pins for RTL8211E Greg Kroah-Hartman
@ 2021-05-20 9:20 ` Greg Kroah-Hartman
2021-05-20 9:20 ` [PATCH 4.19 288/425] net: geneve: modify IP header check in geneve6_xmit_skb and geneve_xmit_skb Greg Kroah-Hartman
` (144 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:20 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Kunihiko Hayashi, David S. Miller,
Sasha Levin
From: Kunihiko Hayashi <hayashi.kunihiko@socionext.com>
[ Upstream commit dcabb06bf127b3e0d3fbc94a2b65dd56c2725851 ]
UniPhier LD20 and PXs3 boards have RTL8211E ethernet phy, and the phy have
the RX/TX delays of RGMII interface using pull-ups on the RXDLY and TXDLY
pins.
After the commit bbc4d71d6354 ("net: phy: realtek: fix rtl8211e rx/tx
delay config"), the delays are working correctly, however, "rgmii" means
no delay and the phy doesn't work. So need to set the phy-mode to
"rgmii-id" to show that RX/TX delays are enabled.
Fixes: c73730ee4c9a ("arm64: dts: uniphier: add AVE ethernet node")
Signed-off-by: Kunihiko Hayashi <hayashi.kunihiko@socionext.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/boot/dts/socionext/uniphier-ld20.dtsi | 2 +-
arch/arm64/boot/dts/socionext/uniphier-pxs3.dtsi | 4 ++--
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/arch/arm64/boot/dts/socionext/uniphier-ld20.dtsi b/arch/arm64/boot/dts/socionext/uniphier-ld20.dtsi
index caf112629caa..62429c412b33 100644
--- a/arch/arm64/boot/dts/socionext/uniphier-ld20.dtsi
+++ b/arch/arm64/boot/dts/socionext/uniphier-ld20.dtsi
@@ -610,7 +610,7 @@
clocks = <&sys_clk 6>;
reset-names = "ether";
resets = <&sys_rst 6>;
- phy-mode = "rgmii";
+ phy-mode = "rgmii-id";
local-mac-address = [00 00 00 00 00 00];
socionext,syscon-phy-mode = <&soc_glue 0>;
diff --git a/arch/arm64/boot/dts/socionext/uniphier-pxs3.dtsi b/arch/arm64/boot/dts/socionext/uniphier-pxs3.dtsi
index 2a4cf427f5d3..8fe9a57b9562 100644
--- a/arch/arm64/boot/dts/socionext/uniphier-pxs3.dtsi
+++ b/arch/arm64/boot/dts/socionext/uniphier-pxs3.dtsi
@@ -416,7 +416,7 @@
clocks = <&sys_clk 6>;
reset-names = "ether";
resets = <&sys_rst 6>;
- phy-mode = "rgmii";
+ phy-mode = "rgmii-id";
local-mac-address = [00 00 00 00 00 00];
socionext,syscon-phy-mode = <&soc_glue 0>;
@@ -437,7 +437,7 @@
clocks = <&sys_clk 7>;
reset-names = "ether";
resets = <&sys_rst 7>;
- phy-mode = "rgmii";
+ phy-mode = "rgmii-id";
local-mac-address = [00 00 00 00 00 00];
socionext,syscon-phy-mode = <&soc_glue 1>;
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 288/425] net: geneve: modify IP header check in geneve6_xmit_skb and geneve_xmit_skb
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (286 preceding siblings ...)
2021-05-20 9:20 ` [PATCH 4.19 287/425] arm64: " Greg Kroah-Hartman
@ 2021-05-20 9:20 ` Greg Kroah-Hartman
2021-05-20 9:20 ` [PATCH 4.19 289/425] net:emac/emac-mac: Fix a use after free in emac_mac_tx_buf_send Greg Kroah-Hartman
` (143 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:20 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, kernel test robot, Sabrina Dubroca,
Phillip Potter, David S. Miller, Sasha Levin
From: Phillip Potter <phil@philpotter.co.uk>
[ Upstream commit d13f048dd40e8577260cd43faea8ec9b77520197 ]
Modify the header size check in geneve6_xmit_skb and geneve_xmit_skb
to use pskb_inet_may_pull rather than pskb_network_may_pull. This fixes
two kernel selftest failures introduced by the commit introducing the
checks:
IPv4 over geneve6: PMTU exceptions
IPv4 over geneve6: PMTU exceptions - nexthop objects
It does this by correctly accounting for the fact that IPv4 packets may
transit over geneve IPv6 tunnels (and vice versa), and still fixes the
uninit-value bug fixed by the original commit.
Reported-by: kernel test robot <oliver.sang@intel.com>
Fixes: 6628ddfec758 ("net: geneve: check skb is large enough for IPv4/IPv6 header")
Suggested-by: Sabrina Dubroca <sd@queasysnail.net>
Signed-off-by: Phillip Potter <phil@philpotter.co.uk>
Acked-by: Sabrina Dubroca <sd@queasysnail.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/geneve.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/net/geneve.c b/drivers/net/geneve.c
index ce6fecf421f8..8c458c8f57a3 100644
--- a/drivers/net/geneve.c
+++ b/drivers/net/geneve.c
@@ -839,7 +839,7 @@ static int geneve_xmit_skb(struct sk_buff *skb, struct net_device *dev,
__be16 df;
int err;
- if (!pskb_network_may_pull(skb, sizeof(struct iphdr)))
+ if (!pskb_inet_may_pull(skb))
return -EINVAL;
sport = udp_flow_src_port(geneve->net, skb, 1, USHRT_MAX, true);
@@ -885,7 +885,7 @@ static int geneve6_xmit_skb(struct sk_buff *skb, struct net_device *dev,
__be16 sport;
int err;
- if (!pskb_network_may_pull(skb, sizeof(struct ipv6hdr)))
+ if (!pskb_inet_may_pull(skb))
return -EINVAL;
sport = udp_flow_src_port(geneve->net, skb, 1, USHRT_MAX, true);
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 289/425] net:emac/emac-mac: Fix a use after free in emac_mac_tx_buf_send
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (287 preceding siblings ...)
2021-05-20 9:20 ` [PATCH 4.19 288/425] net: geneve: modify IP header check in geneve6_xmit_skb and geneve_xmit_skb Greg Kroah-Hartman
@ 2021-05-20 9:20 ` Greg Kroah-Hartman
2021-05-20 9:20 ` [PATCH 4.19 290/425] RDMA/bnxt_re: Fix a double free in bnxt_qplib_alloc_res Greg Kroah-Hartman
` (142 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:20 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Lv Yunlong, David S. Miller, Sasha Levin
From: Lv Yunlong <lyl2019@mail.ustc.edu.cn>
[ Upstream commit 6d72e7c767acbbdd44ebc7d89c6690b405b32b57 ]
In emac_mac_tx_buf_send, it calls emac_tx_fill_tpd(..,skb,..).
If some error happens in emac_tx_fill_tpd(), the skb will be freed via
dev_kfree_skb(skb) in error branch of emac_tx_fill_tpd().
But the freed skb is still used via skb->len by netdev_sent_queue(,skb->len).
As i observed that emac_tx_fill_tpd() haven't modified the value of skb->len,
thus my patch assigns skb->len to 'len' before the possible free and
use 'len' instead of skb->len later.
Fixes: b9b17debc69d2 ("net: emac: emac gigabit ethernet controller driver")
Signed-off-by: Lv Yunlong <lyl2019@mail.ustc.edu.cn>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/qualcomm/emac/emac-mac.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/qualcomm/emac/emac-mac.c b/drivers/net/ethernet/qualcomm/emac/emac-mac.c
index 031f6e6ee9c1..351a90698010 100644
--- a/drivers/net/ethernet/qualcomm/emac/emac-mac.c
+++ b/drivers/net/ethernet/qualcomm/emac/emac-mac.c
@@ -1449,6 +1449,7 @@ int emac_mac_tx_buf_send(struct emac_adapter *adpt, struct emac_tx_queue *tx_q,
{
struct emac_tpd tpd;
u32 prod_idx;
+ int len;
memset(&tpd, 0, sizeof(tpd));
@@ -1468,9 +1469,10 @@ int emac_mac_tx_buf_send(struct emac_adapter *adpt, struct emac_tx_queue *tx_q,
if (skb_network_offset(skb) != ETH_HLEN)
TPD_TYP_SET(&tpd, 1);
+ len = skb->len;
emac_tx_fill_tpd(adpt, tx_q, skb, &tpd);
- netdev_sent_queue(adpt->netdev, skb->len);
+ netdev_sent_queue(adpt->netdev, len);
/* Make sure the are enough free descriptors to hold one
* maximum-sized SKB. We need one desc for each fragment,
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 290/425] RDMA/bnxt_re: Fix a double free in bnxt_qplib_alloc_res
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (288 preceding siblings ...)
2021-05-20 9:20 ` [PATCH 4.19 289/425] net:emac/emac-mac: Fix a use after free in emac_mac_tx_buf_send Greg Kroah-Hartman
@ 2021-05-20 9:20 ` Greg Kroah-Hartman
2021-05-20 9:21 ` [PATCH 4.19 291/425] net:nfc:digital: Fix a double free in digital_tg_recv_dep_req Greg Kroah-Hartman
` (141 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:20 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Lv Yunlong, Leon Romanovsky,
Devesh Sharma, Jason Gunthorpe, Sasha Levin
From: Lv Yunlong <lyl2019@mail.ustc.edu.cn>
[ Upstream commit 34b39efa5ae82fc0ad0acc27653c12a56328dbbe ]
In bnxt_qplib_alloc_res, it calls bnxt_qplib_alloc_dpi_tbl(). Inside
bnxt_qplib_alloc_dpi_tbl, dpit->dbr_bar_reg_iomem is freed via
pci_iounmap() in unmap_io error branch. After the callee returns err code,
bnxt_qplib_alloc_res calls
bnxt_qplib_free_res()->bnxt_qplib_free_dpi_tbl() in the fail branch. Then
dpit->dbr_bar_reg_iomem is freed in the second time by pci_iounmap().
My patch set dpit->dbr_bar_reg_iomem to NULL after it is freed by
pci_iounmap() in the first time, to avoid the double free.
Fixes: 1ac5a4047975 ("RDMA/bnxt_re: Add bnxt_re RoCE driver")
Link: https://lore.kernel.org/r/20210426140614.6722-1-lyl2019@mail.ustc.edu.cn
Signed-off-by: Lv Yunlong <lyl2019@mail.ustc.edu.cn>
Reviewed-by: Leon Romanovsky <leonro@nvidia.com>
Acked-by: Devesh Sharma <devesh.sharma@broadcom.com>
Signed-off-by: Jason Gunthorpe <jgg@nvidia.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/infiniband/hw/bnxt_re/qplib_res.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/infiniband/hw/bnxt_re/qplib_res.c b/drivers/infiniband/hw/bnxt_re/qplib_res.c
index 539a5d44e6db..655952a6c0e6 100644
--- a/drivers/infiniband/hw/bnxt_re/qplib_res.c
+++ b/drivers/infiniband/hw/bnxt_re/qplib_res.c
@@ -725,6 +725,7 @@ static int bnxt_qplib_alloc_dpi_tbl(struct bnxt_qplib_res *res,
unmap_io:
pci_iounmap(res->pdev, dpit->dbr_bar_reg_iomem);
+ dpit->dbr_bar_reg_iomem = NULL;
return -ENOMEM;
}
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 291/425] net:nfc:digital: Fix a double free in digital_tg_recv_dep_req
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (289 preceding siblings ...)
2021-05-20 9:20 ` [PATCH 4.19 290/425] RDMA/bnxt_re: Fix a double free in bnxt_qplib_alloc_res Greg Kroah-Hartman
@ 2021-05-20 9:21 ` Greg Kroah-Hartman
2021-05-20 9:21 ` [PATCH 4.19 292/425] kfifo: fix ternary sign extension bugs Greg Kroah-Hartman
` (140 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:21 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Lv Yunlong, David S. Miller, Sasha Levin
From: Lv Yunlong <lyl2019@mail.ustc.edu.cn>
[ Upstream commit 75258586793efc521e5dd52a5bf6c7a4cf7002be ]
In digital_tg_recv_dep_req, it calls nfc_tm_data_received(..,resp).
If nfc_tm_data_received() failed, the callee will free the resp via
kfree_skb() and return error. But in the exit branch, the resp
will be freed again.
My patch sets resp to NULL if nfc_tm_data_received() failed, to
avoid the double free.
Fixes: 1c7a4c24fbfd9 ("NFC Digital: Add target NFC-DEP support")
Signed-off-by: Lv Yunlong <lyl2019@mail.ustc.edu.cn>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/nfc/digital_dep.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/net/nfc/digital_dep.c b/net/nfc/digital_dep.c
index 4f9a973988b2..1eed0cf59190 100644
--- a/net/nfc/digital_dep.c
+++ b/net/nfc/digital_dep.c
@@ -1285,6 +1285,8 @@ static void digital_tg_recv_dep_req(struct nfc_digital_dev *ddev, void *arg,
}
rc = nfc_tm_data_received(ddev->nfc_dev, resp);
+ if (rc)
+ resp = NULL;
exit:
kfree_skb(ddev->chaining_skb);
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 292/425] kfifo: fix ternary sign extension bugs
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (290 preceding siblings ...)
2021-05-20 9:21 ` [PATCH 4.19 291/425] net:nfc:digital: Fix a double free in digital_tg_recv_dep_req Greg Kroah-Hartman
@ 2021-05-20 9:21 ` Greg Kroah-Hartman
2021-05-20 9:21 ` [PATCH 4.19 293/425] mm/sparse: add the missing sparse_buffer_fini() in error branch Greg Kroah-Hartman
` (139 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:21 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dan Carpenter, Stefani Seibold,
Andrew Morton, Linus Torvalds, Sasha Levin
From: Dan Carpenter <dan.carpenter@oracle.com>
[ Upstream commit 926ee00ea24320052b46745ef4b00d91c05bd03d ]
The intent with this code was to return negative error codes but instead
it returns positives.
The problem is how type promotion works with ternary operations. These
functions return long, "ret" is an int and "copied" is a u32. The
negative error code is first cast to u32 so it becomes a high positive and
then cast to long where it's still a positive.
We could fix this by declaring "ret" as a ssize_t but let's just get rid
of the ternaries instead.
Link: https://lkml.kernel.org/r/YIE+/cK1tBzSuQPU@mwanda
Fixes: 5bf2b19320ec ("kfifo: add example files to the kernel sample directory")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Cc: Stefani Seibold <stefani@seibold.net>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
samples/kfifo/bytestream-example.c | 8 ++++++--
samples/kfifo/inttype-example.c | 8 ++++++--
samples/kfifo/record-example.c | 8 ++++++--
3 files changed, 18 insertions(+), 6 deletions(-)
diff --git a/samples/kfifo/bytestream-example.c b/samples/kfifo/bytestream-example.c
index 2fca916d9edf..a7f5ee8b6edc 100644
--- a/samples/kfifo/bytestream-example.c
+++ b/samples/kfifo/bytestream-example.c
@@ -124,8 +124,10 @@ static ssize_t fifo_write(struct file *file, const char __user *buf,
ret = kfifo_from_user(&test, buf, count, &copied);
mutex_unlock(&write_lock);
+ if (ret)
+ return ret;
- return ret ? ret : copied;
+ return copied;
}
static ssize_t fifo_read(struct file *file, char __user *buf,
@@ -140,8 +142,10 @@ static ssize_t fifo_read(struct file *file, char __user *buf,
ret = kfifo_to_user(&test, buf, count, &copied);
mutex_unlock(&read_lock);
+ if (ret)
+ return ret;
- return ret ? ret : copied;
+ return copied;
}
static const struct file_operations fifo_fops = {
diff --git a/samples/kfifo/inttype-example.c b/samples/kfifo/inttype-example.c
index 8dc3c2e7105a..a326a37e9163 100644
--- a/samples/kfifo/inttype-example.c
+++ b/samples/kfifo/inttype-example.c
@@ -117,8 +117,10 @@ static ssize_t fifo_write(struct file *file, const char __user *buf,
ret = kfifo_from_user(&test, buf, count, &copied);
mutex_unlock(&write_lock);
+ if (ret)
+ return ret;
- return ret ? ret : copied;
+ return copied;
}
static ssize_t fifo_read(struct file *file, char __user *buf,
@@ -133,8 +135,10 @@ static ssize_t fifo_read(struct file *file, char __user *buf,
ret = kfifo_to_user(&test, buf, count, &copied);
mutex_unlock(&read_lock);
+ if (ret)
+ return ret;
- return ret ? ret : copied;
+ return copied;
}
static const struct file_operations fifo_fops = {
diff --git a/samples/kfifo/record-example.c b/samples/kfifo/record-example.c
index 2d7529eeb294..deb87a2e4e6b 100644
--- a/samples/kfifo/record-example.c
+++ b/samples/kfifo/record-example.c
@@ -131,8 +131,10 @@ static ssize_t fifo_write(struct file *file, const char __user *buf,
ret = kfifo_from_user(&test, buf, count, &copied);
mutex_unlock(&write_lock);
+ if (ret)
+ return ret;
- return ret ? ret : copied;
+ return copied;
}
static ssize_t fifo_read(struct file *file, char __user *buf,
@@ -147,8 +149,10 @@ static ssize_t fifo_read(struct file *file, char __user *buf,
ret = kfifo_to_user(&test, buf, count, &copied);
mutex_unlock(&read_lock);
+ if (ret)
+ return ret;
- return ret ? ret : copied;
+ return copied;
}
static const struct file_operations fifo_fops = {
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 293/425] mm/sparse: add the missing sparse_buffer_fini() in error branch
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (291 preceding siblings ...)
2021-05-20 9:21 ` [PATCH 4.19 292/425] kfifo: fix ternary sign extension bugs Greg Kroah-Hartman
@ 2021-05-20 9:21 ` Greg Kroah-Hartman
2021-05-20 9:21 ` [PATCH 4.19 294/425] mm/memory-failure: unnecessary amount of unmapping Greg Kroah-Hartman
` (138 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:21 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Wang Wensheng, David Hildenbrand,
Oscar Salvador, Pavel Tatashin, Andrew Morton, Linus Torvalds,
Sasha Levin
From: Wang Wensheng <wangwensheng4@huawei.com>
[ Upstream commit 2284f47fe9fe2ed2ef619e5474e155cfeeebd569 ]
sparse_buffer_init() and sparse_buffer_fini() should appear in pair, or a
WARN issue would be through the next time sparse_buffer_init() runs.
Add the missing sparse_buffer_fini() in error branch.
Link: https://lkml.kernel.org/r/20210325113155.118574-1-wangwensheng4@huawei.com
Fixes: 85c77f791390 ("mm/sparse: add new sparse_init_nid() and sparse_init()")
Signed-off-by: Wang Wensheng <wangwensheng4@huawei.com>
Reviewed-by: David Hildenbrand <david@redhat.com>
Reviewed-by: Oscar Salvador <osalvador@suse.de>
Cc: Pavel Tatashin <pasha.tatashin@oracle.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
mm/sparse.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/mm/sparse.c b/mm/sparse.c
index 3b24ba903d9e..ed60f0a375fe 100644
--- a/mm/sparse.c
+++ b/mm/sparse.c
@@ -467,6 +467,7 @@ static void __init sparse_init_nid(int nid, unsigned long pnum_begin,
pr_err("%s: node[%d] memory map backing failed. Some memory will not be available.",
__func__, nid);
pnum_begin = pnum;
+ sparse_buffer_fini();
goto failed;
}
check_usemap_section_nr(nid, usemap);
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 294/425] mm/memory-failure: unnecessary amount of unmapping
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (292 preceding siblings ...)
2021-05-20 9:21 ` [PATCH 4.19 293/425] mm/sparse: add the missing sparse_buffer_fini() in error branch Greg Kroah-Hartman
@ 2021-05-20 9:21 ` Greg Kroah-Hartman
2021-05-20 9:21 ` [PATCH 4.19 295/425] net: Only allow init netns to set default tcp cong to a restricted algo Greg Kroah-Hartman
` (137 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:21 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jane Chu, Dan Williams,
Naoya Horiguchi, Dave Jiang, Andrew Morton, Linus Torvalds,
Sasha Levin
From: Jane Chu <jane.chu@oracle.com>
[ Upstream commit 4d75136be8bf3ae01b0bc3e725b2cdc921e103bd ]
It appears that unmap_mapping_range() actually takes a 'size' as its third
argument rather than a location, the current calling fashion causes
unnecessary amount of unmapping to occur.
Link: https://lkml.kernel.org/r/20210420002821.2749748-1-jane.chu@oracle.com
Fixes: 6100e34b2526e ("mm, memory_failure: Teach memory_failure() about dev_pagemap pages")
Signed-off-by: Jane Chu <jane.chu@oracle.com>
Reviewed-by: Dan Williams <dan.j.williams@intel.com>
Reviewed-by: Naoya Horiguchi <naoya.horiguchi@nec.com>
Cc: Dave Jiang <dave.jiang@intel.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
mm/memory-failure.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/mm/memory-failure.c b/mm/memory-failure.c
index 148fdd929a19..034607a68ccb 100644
--- a/mm/memory-failure.c
+++ b/mm/memory-failure.c
@@ -1220,7 +1220,7 @@ static int memory_failure_dev_pagemap(unsigned long pfn, int flags,
* communicated in siginfo, see kill_proc()
*/
start = (page->index << PAGE_SHIFT) & ~(size - 1);
- unmap_mapping_range(page->mapping, start, start + size, 0);
+ unmap_mapping_range(page->mapping, start, size, 0);
}
kill_procs(&tokill, flags & MF_MUST_KILL, !unmap_success, pfn, flags);
rc = 0;
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 295/425] net: Only allow init netns to set default tcp cong to a restricted algo
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (293 preceding siblings ...)
2021-05-20 9:21 ` [PATCH 4.19 294/425] mm/memory-failure: unnecessary amount of unmapping Greg Kroah-Hartman
@ 2021-05-20 9:21 ` Greg Kroah-Hartman
2021-05-20 9:21 ` [PATCH 4.19 296/425] smp: Fix smp_call_function_single_async prototype Greg Kroah-Hartman
` (136 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:21 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jonathon Reinhart, David S. Miller
From: Jonathon Reinhart <jonathon.reinhart@gmail.com>
commit 8d432592f30fcc34ef5a10aac4887b4897884493 upstream.
tcp_set_default_congestion_control() is netns-safe in that it writes
to &net->ipv4.tcp_congestion_control, but it also sets
ca->flags |= TCP_CONG_NON_RESTRICTED which is not namespaced.
This has the unintended side-effect of changing the global
net.ipv4.tcp_allowed_congestion_control sysctl, despite the fact that it
is read-only: 97684f0970f6 ("net: Make tcp_allowed_congestion_control
readonly in non-init netns")
Resolve this netns "leak" by only allowing the init netns to set the
default algorithm to one that is restricted. This restriction could be
removed if tcp_allowed_congestion_control were namespace-ified in the
future.
This bug was uncovered with
https://github.com/JonathonReinhart/linux-netns-sysctl-verify
Fixes: 6670e1524477 ("tcp: Namespace-ify sysctl_tcp_default_congestion_control")
Signed-off-by: Jonathon Reinhart <jonathon.reinhart@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/ipv4/tcp_cong.c | 4 ++++
1 file changed, 4 insertions(+)
--- a/net/ipv4/tcp_cong.c
+++ b/net/ipv4/tcp_cong.c
@@ -228,6 +228,10 @@ int tcp_set_default_congestion_control(s
ret = -ENOENT;
} else if (!try_module_get(ca->owner)) {
ret = -EBUSY;
+ } else if (!net_eq(net, &init_net) &&
+ !(ca->flags & TCP_CONG_NON_RESTRICTED)) {
+ /* Only init netns can set default to a restricted algorithm */
+ ret = -EPERM;
} else {
prev = xchg(&net->ipv4.tcp_congestion_control, ca);
if (prev)
^ permalink raw reply [flat|nested] 440+ messages in thread
* [PATCH 4.19 296/425] smp: Fix smp_call_function_single_async prototype
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (294 preceding siblings ...)
2021-05-20 9:21 ` [PATCH 4.19 295/425] net: Only allow init netns to set default tcp cong to a restricted algo Greg Kroah-Hartman
@ 2021-05-20 9:21 ` Greg Kroah-Hartman
2021-05-20 9:21 ` [PATCH 4.19 297/425] Revert "net/sctp: fix race condition in sctp_destroy_sock" Greg Kroah-Hartman
` (135 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:21 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Arnd Bergmann, Peter Zijlstra (Intel),
Jens Axboe, Nathan Chancellor
From: Arnd Bergmann <arnd@arndb.de>
commit 1139aeb1c521eb4a050920ce6c64c36c4f2a3ab7 upstream.
As of commit 966a967116e6 ("smp: Avoid using two cache lines for struct
call_single_data"), the smp code prefers 32-byte aligned call_single_data
objects for performance reasons, but the block layer includes an instance
of this structure in the main 'struct request' that is more senstive
to size than to performance here, see 4ccafe032005 ("block: unalign
call_single_data in struct request").
The result is a violation of the calling conventions that clang correctly
points out:
block/blk-mq.c:630:39: warning: passing 8-byte aligned argument to 32-byte aligned parameter 2 of 'smp_call_function_single_async' may result in an unaligned pointer access [-Walign-mismatch]
smp_call_function_single_async(cpu, &rq->csd);
It does seem that the usage of the call_single_data without cache line
alignment should still be allowed by the smp code, so just change the
function prototype so it accepts both, but leave the default alignment
unchanged for the other users. This seems better to me than adding
a local hack to shut up an otherwise correct warning in the caller.
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Acked-by: Jens Axboe <axboe@kernel.dk>
Link: https://lkml.kernel.org/r/20210505211300.3174456-1-arnd@kernel.org
[nc: Fix conflicts]
Signed-off-by: Nathan Chancellor <nathan@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
include/linux/smp.h | 2 +-
kernel/smp.c | 10 +++++-----
kernel/up.c | 2 +-
3 files changed, 7 insertions(+), 7 deletions(-)
--- a/include/linux/smp.h
+++ b/include/linux/smp.h
@@ -53,7 +53,7 @@ void on_each_cpu_cond(bool (*cond_func)(
smp_call_func_t func, void *info, bool wait,
gfp_t gfp_flags);
-int smp_call_function_single_async(int cpu, call_single_data_t *csd);
+int smp_call_function_single_async(int cpu, struct __call_single_data *csd);
#ifdef CONFIG_SMP
--- a/kernel/smp.c
+++ b/kernel/smp.c
@@ -103,12 +103,12 @@ void __init call_function_init(void)
* previous function call. For multi-cpu calls its even more interesting
* as we'll have to ensure no other cpu is observing our csd.
*/
-static __always_inline void csd_lock_wait(call_single_data_t *csd)
+static __always_inline void csd_lock_wait(struct __call_single_data *csd)
{
smp_cond_load_acquire(&csd->flags, !(VAL & CSD_FLAG_LOCK));
}
-static __always_inline void csd_lock(call_single_data_t *csd)
+static __always_inline void csd_lock(struct __call_single_data *csd)
{
csd_lock_wait(csd);
csd->flags |= CSD_FLAG_LOCK;
@@ -121,7 +121,7 @@ static __always_inline void csd_lock(cal
smp_wmb();
}
-static __always_inline void csd_unlock(call_single_data_t *csd)
+static __always_inline void csd_unlock(struct __call_single_data *csd)
{
WARN_ON(!(csd->flags & CSD_FLAG_LOCK));
@@ -138,7 +138,7 @@ static DEFINE_PER_CPU_SHARED_ALIGNED(cal
* for execution on the given CPU. data must already have
* ->func, ->info, and ->flags set.
*/
-static int generic_exec_single(int cpu, call_single_data_t *csd,
+static int generic_exec_single(int cpu, struct __call_single_data *csd,
smp_call_func_t func, void *info)
{
if (cpu == smp_processor_id()) {
@@ -323,7 +323,7 @@ EXPORT_SYMBOL(smp_call_function_single);
* NOTE: Be careful, there is unfortunately no current debugging facility to
* validate the correctness of this serialization.
*/
-int smp_call_function_single_async(int cpu, call_single_data_t *csd)
+int smp_call_function_single_async(int cpu, struct __call_single_data *csd)
{
int err = 0;
--- a/kernel/up.c
+++ b/kernel/up.c
@@ -23,7 +23,7 @@ int smp_call_function_single(int cpu, vo
}
EXPORT_SYMBOL(smp_call_function_single);
-int smp_call_function_single_async(int cpu, call_single_data_t *csd)
+int smp_call_function_single_async(int cpu, struct __call_single_data *csd)
{
unsigned long flags;
^ permalink raw reply [flat|nested] 440+ messages in thread
* [PATCH 4.19 297/425] Revert "net/sctp: fix race condition in sctp_destroy_sock"
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (295 preceding siblings ...)
2021-05-20 9:21 ` [PATCH 4.19 296/425] smp: Fix smp_call_function_single_async prototype Greg Kroah-Hartman
@ 2021-05-20 9:21 ` Greg Kroah-Hartman
2021-05-20 9:21 ` [PATCH 4.19 298/425] sctp: delay auto_asconf init until binding the first addr Greg Kroah-Hartman
` (134 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:21 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, syzbot+959223586843e69a2674,
Xin Long, David S. Miller
From: Xin Long <lucien.xin@gmail.com>
commit 01bfe5e8e428b475982a98a46cca5755726f3f7f upstream.
This reverts commit b166a20b07382b8bc1dcee2a448715c9c2c81b5b.
This one has to be reverted as it introduced a dead lock, as
syzbot reported:
CPU0 CPU1
---- ----
lock(&net->sctp.addr_wq_lock);
lock(slock-AF_INET6);
lock(&net->sctp.addr_wq_lock);
lock(slock-AF_INET6);
CPU0 is the thread of sctp_addr_wq_timeout_handler(), and CPU1
is that of sctp_close().
The original issue this commit fixed will be fixed in the next
patch.
Reported-by: syzbot+959223586843e69a2674@syzkaller.appspotmail.com
Signed-off-by: Xin Long <lucien.xin@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/sctp/socket.c | 13 ++++++++-----
1 file changed, 8 insertions(+), 5 deletions(-)
--- a/net/sctp/socket.c
+++ b/net/sctp/socket.c
@@ -1569,9 +1569,11 @@ static void sctp_close(struct sock *sk,
/* Supposedly, no process has access to the socket, but
* the net layers still may.
+ * Also, sctp_destroy_sock() needs to be called with addr_wq_lock
+ * held and that should be grabbed before socket lock.
*/
- local_bh_disable();
- bh_lock_sock(sk);
+ spin_lock_bh(&net->sctp.addr_wq_lock);
+ bh_lock_sock_nested(sk);
/* Hold the sock, since sk_common_release() will put sock_put()
* and we have just a little more cleanup.
@@ -1580,7 +1582,7 @@ static void sctp_close(struct sock *sk,
sk_common_release(sk);
bh_unlock_sock(sk);
- local_bh_enable();
+ spin_unlock_bh(&net->sctp.addr_wq_lock);
sock_put(sk);
@@ -4774,6 +4776,9 @@ static int sctp_init_sock(struct sock *s
sk_sockets_allocated_inc(sk);
sock_prot_inuse_add(net, sk->sk_prot, 1);
+ /* Nothing can fail after this block, otherwise
+ * sctp_destroy_sock() will be called without addr_wq_lock held
+ */
if (net->sctp.default_auto_asconf) {
spin_lock(&sock_net(sk)->sctp.addr_wq_lock);
list_add_tail(&sp->auto_asconf_list,
@@ -4808,9 +4813,7 @@ static void sctp_destroy_sock(struct soc
if (sp->do_auto_asconf) {
sp->do_auto_asconf = 0;
- spin_lock_bh(&sock_net(sk)->sctp.addr_wq_lock);
list_del(&sp->auto_asconf_list);
- spin_unlock_bh(&sock_net(sk)->sctp.addr_wq_lock);
}
sctp_endpoint_free(sp->ep);
local_bh_disable();
^ permalink raw reply [flat|nested] 440+ messages in thread
* [PATCH 4.19 298/425] sctp: delay auto_asconf init until binding the first addr
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (296 preceding siblings ...)
2021-05-20 9:21 ` [PATCH 4.19 297/425] Revert "net/sctp: fix race condition in sctp_destroy_sock" Greg Kroah-Hartman
@ 2021-05-20 9:21 ` Greg Kroah-Hartman
2021-05-20 9:21 ` [PATCH 4.19 299/425] Revert "of/fdt: Make sure no-map does not remove already reserved regions" Greg Kroah-Hartman
` (133 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:21 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Or Cohen, Xin Long, David S. Miller
From: Xin Long <lucien.xin@gmail.com>
commit 34e5b01186858b36c4d7c87e1a025071e8e2401f upstream.
As Or Cohen described:
If sctp_destroy_sock is called without sock_net(sk)->sctp.addr_wq_lock
held and sp->do_auto_asconf is true, then an element is removed
from the auto_asconf_splist without any proper locking.
This can happen in the following functions:
1. In sctp_accept, if sctp_sock_migrate fails.
2. In inet_create or inet6_create, if there is a bpf program
attached to BPF_CGROUP_INET_SOCK_CREATE which denies
creation of the sctp socket.
This patch is to fix it by moving the auto_asconf init out of
sctp_init_sock(), by which inet_create()/inet6_create() won't
need to operate it in sctp_destroy_sock() when calling
sk_common_release().
It also makes more sense to do auto_asconf init while binding the
first addr, as auto_asconf actually requires an ANY addr bind,
see it in sctp_addr_wq_timeout_handler().
This addresses CVE-2021-23133.
Fixes: 610236587600 ("bpf: Add new cgroup attach type to enable sock modifications")
Reported-by: Or Cohen <orcohen@paloaltonetworks.com>
Signed-off-by: Xin Long <lucien.xin@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/sctp/socket.c | 31 +++++++++++++++++--------------
1 file changed, 17 insertions(+), 14 deletions(-)
--- a/net/sctp/socket.c
+++ b/net/sctp/socket.c
@@ -375,6 +375,18 @@ static struct sctp_af *sctp_sockaddr_af(
return af;
}
+static void sctp_auto_asconf_init(struct sctp_sock *sp)
+{
+ struct net *net = sock_net(&sp->inet.sk);
+
+ if (net->sctp.default_auto_asconf) {
+ spin_lock(&net->sctp.addr_wq_lock);
+ list_add_tail(&sp->auto_asconf_list, &net->sctp.auto_asconf_splist);
+ spin_unlock(&net->sctp.addr_wq_lock);
+ sp->do_auto_asconf = 1;
+ }
+}
+
/* Bind a local address either to an endpoint or to an association. */
static int sctp_do_bind(struct sock *sk, union sctp_addr *addr, int len)
{
@@ -437,8 +449,10 @@ static int sctp_do_bind(struct sock *sk,
}
/* Refresh ephemeral port. */
- if (!bp->port)
+ if (!bp->port) {
bp->port = inet_sk(sk)->inet_num;
+ sctp_auto_asconf_init(sp);
+ }
/* Add the address to the bind address list.
* Use GFP_ATOMIC since BHs will be disabled.
@@ -4776,19 +4790,6 @@ static int sctp_init_sock(struct sock *s
sk_sockets_allocated_inc(sk);
sock_prot_inuse_add(net, sk->sk_prot, 1);
- /* Nothing can fail after this block, otherwise
- * sctp_destroy_sock() will be called without addr_wq_lock held
- */
- if (net->sctp.default_auto_asconf) {
- spin_lock(&sock_net(sk)->sctp.addr_wq_lock);
- list_add_tail(&sp->auto_asconf_list,
- &net->sctp.auto_asconf_splist);
- sp->do_auto_asconf = 1;
- spin_unlock(&sock_net(sk)->sctp.addr_wq_lock);
- } else {
- sp->do_auto_asconf = 0;
- }
-
local_bh_enable();
return 0;
@@ -8848,6 +8849,8 @@ static void sctp_sock_migrate(struct soc
sctp_bind_addr_dup(&newsp->ep->base.bind_addr,
&oldsp->ep->base.bind_addr, GFP_KERNEL);
+ sctp_auto_asconf_init(newsp);
+
/* Move any messages in the old socket's receive queue that are for the
* peeled off association to the new socket's receive queue.
*/
^ permalink raw reply [flat|nested] 440+ messages in thread
* [PATCH 4.19 299/425] Revert "of/fdt: Make sure no-map does not remove already reserved regions"
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (297 preceding siblings ...)
2021-05-20 9:21 ` [PATCH 4.19 298/425] sctp: delay auto_asconf init until binding the first addr Greg Kroah-Hartman
@ 2021-05-20 9:21 ` Greg Kroah-Hartman
2021-05-20 9:21 ` [PATCH 4.19 300/425] Revert "fdt: Properly handle "no-map" field in the memory region" Greg Kroah-Hartman
` (132 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:21 UTC (permalink / raw)
To: linux-kernel, stable; +Cc: Greg Kroah-Hartman, Alexandre TORGUE, Quentin Perret
From: Quentin Perret <qperret@google.com>
This reverts commit 74f2678aab60c9915daa83e6e23d31a896932d9d.
It is not really a fix, and the backport misses dependencies, which
breaks existing platforms.
Reported-by: Alexandre TORGUE <alexandre.torgue@foss.st.com>
Signed-off-by: Quentin Perret <qperret@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/of/fdt.c | 10 +---------
1 file changed, 1 insertion(+), 9 deletions(-)
--- a/drivers/of/fdt.c
+++ b/drivers/of/fdt.c
@@ -1172,16 +1172,8 @@ int __init __weak early_init_dt_mark_hot
int __init __weak early_init_dt_reserve_memory_arch(phys_addr_t base,
phys_addr_t size, bool nomap)
{
- if (nomap) {
- /*
- * If the memory is already reserved (by another region), we
- * should not allow it to be marked nomap.
- */
- if (memblock_is_region_reserved(base, size))
- return -EBUSY;
-
+ if (nomap)
return memblock_mark_nomap(base, size);
- }
return memblock_reserve(base, size);
}
^ permalink raw reply [flat|nested] 440+ messages in thread
* [PATCH 4.19 300/425] Revert "fdt: Properly handle "no-map" field in the memory region"
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (298 preceding siblings ...)
2021-05-20 9:21 ` [PATCH 4.19 299/425] Revert "of/fdt: Make sure no-map does not remove already reserved regions" Greg Kroah-Hartman
@ 2021-05-20 9:21 ` Greg Kroah-Hartman
2021-05-20 9:21 ` [PATCH 4.19 301/425] tpm: fix error return code in tpm2_get_cc_attrs_tbl() Greg Kroah-Hartman
` (131 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:21 UTC (permalink / raw)
To: linux-kernel, stable; +Cc: Greg Kroah-Hartman, Alexandre TORGUE, Quentin Perret
From: Quentin Perret <qperret@google.com>
This reverts commit 03972d6b1bbac1620455589e0367f6f69ff7b2df.
It is not really a fix, and the backport misses dependencies, which
breaks existing platforms.
Reported-by: Alexandre TORGUE <alexandre.torgue@foss.st.com>
Signed-off-by: Quentin Perret <qperret@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/of/fdt.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/of/fdt.c
+++ b/drivers/of/fdt.c
@@ -1173,7 +1173,7 @@ int __init __weak early_init_dt_reserve_
phys_addr_t size, bool nomap)
{
if (nomap)
- return memblock_mark_nomap(base, size);
+ return memblock_remove(base, size);
return memblock_reserve(base, size);
}
^ permalink raw reply [flat|nested] 440+ messages in thread
* [PATCH 4.19 301/425] tpm: fix error return code in tpm2_get_cc_attrs_tbl()
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (299 preceding siblings ...)
2021-05-20 9:21 ` [PATCH 4.19 300/425] Revert "fdt: Properly handle "no-map" field in the memory region" Greg Kroah-Hartman
@ 2021-05-20 9:21 ` Greg Kroah-Hartman
2021-05-20 9:21 ` [PATCH 4.19 302/425] fs: dlm: fix debugfs dump Greg Kroah-Hartman
` (130 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:21 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hulk Robot, Zhen Lei, Jarkko Sakkinen
From: Zhen Lei <thunder.leizhen@huawei.com>
commit 1df83992d977355177810c2b711afc30546c81ce upstream.
If the total number of commands queried through TPM2_CAP_COMMANDS is
different from that queried through TPM2_CC_GET_CAPABILITY, it indicates
an unknown error. In this case, an appropriate error code -EFAULT should
be returned. However, we currently do not explicitly assign this error
code to 'rc'. As a result, 0 was incorrectly returned.
Cc: stable@vger.kernel.org
Fixes: 58472f5cd4f6("tpm: validate TPM 2.0 commands")
Reported-by: Hulk Robot <hulkci@huawei.com>
Signed-off-by: Zhen Lei <thunder.leizhen@huawei.com>
Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/char/tpm/tpm2-cmd.c | 1 +
1 file changed, 1 insertion(+)
--- a/drivers/char/tpm/tpm2-cmd.c
+++ b/drivers/char/tpm/tpm2-cmd.c
@@ -960,6 +960,7 @@ static int tpm2_get_cc_attrs_tbl(struct
if (nr_commands !=
be32_to_cpup((__be32 *)&buf.data[TPM_HEADER_SIZE + 5])) {
+ rc = -EFAULT;
tpm_buf_destroy(&buf);
goto out;
}
^ permalink raw reply [flat|nested] 440+ messages in thread
* [PATCH 4.19 302/425] fs: dlm: fix debugfs dump
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (300 preceding siblings ...)
2021-05-20 9:21 ` [PATCH 4.19 301/425] tpm: fix error return code in tpm2_get_cc_attrs_tbl() Greg Kroah-Hartman
@ 2021-05-20 9:21 ` Greg Kroah-Hartman
2021-05-20 9:21 ` [PATCH 4.19 303/425] tipc: convert dest nodes address to network order Greg Kroah-Hartman
` (129 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:21 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Alexander Aring, David Teigland, Sasha Levin
From: Alexander Aring <aahringo@redhat.com>
[ Upstream commit 92c48950b43f4a767388cf87709d8687151a641f ]
This patch fixes the following message which randomly pops up during
glocktop call:
seq_file: buggy .next function table_seq_next did not update position index
The issue is that seq_read_iter() in fs/seq_file.c also needs an
increment of the index in an non next record case as well which this
patch fixes otherwise seq_read_iter() will print out the above message.
Signed-off-by: Alexander Aring <aahringo@redhat.com>
Signed-off-by: David Teigland <teigland@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/dlm/debug_fs.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/fs/dlm/debug_fs.c b/fs/dlm/debug_fs.c
index fa08448e35dd..bb87dad03cd4 100644
--- a/fs/dlm/debug_fs.c
+++ b/fs/dlm/debug_fs.c
@@ -544,6 +544,7 @@ static void *table_seq_next(struct seq_file *seq, void *iter_ptr, loff_t *pos)
if (bucket >= ls->ls_rsbtbl_size) {
kfree(ri);
+ ++*pos;
return NULL;
}
tree = toss ? &ls->ls_rsbtbl[bucket].toss : &ls->ls_rsbtbl[bucket].keep;
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 303/425] tipc: convert dest nodes address to network order
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (301 preceding siblings ...)
2021-05-20 9:21 ` [PATCH 4.19 302/425] fs: dlm: fix debugfs dump Greg Kroah-Hartman
@ 2021-05-20 9:21 ` Greg Kroah-Hartman
2021-05-20 9:21 ` [PATCH 4.19 304/425] ASoC: Intel: bytcr_rt5640: Enable jack-detect support on Asus T100TAF Greg Kroah-Hartman
` (128 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:21 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jon Maloy, Hoang Le, David S. Miller,
Sasha Levin
From: Hoang Le <hoang.h.le@dektech.com.au>
[ Upstream commit 1980d37565061ab44bdc2f9e4da477d3b9752e81 ]
(struct tipc_link_info)->dest is in network order (__be32), so we must
convert the value to network order before assigning. The problem detected
by sparse:
net/tipc/netlink_compat.c:699:24: warning: incorrect type in assignment (different base types)
net/tipc/netlink_compat.c:699:24: expected restricted __be32 [usertype] dest
net/tipc/netlink_compat.c:699:24: got int
Acked-by: Jon Maloy <jmaloy@redhat.com>
Signed-off-by: Hoang Le <hoang.h.le@dektech.com.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/tipc/netlink_compat.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/tipc/netlink_compat.c b/net/tipc/netlink_compat.c
index f8e111218a0e..5086e27d3011 100644
--- a/net/tipc/netlink_compat.c
+++ b/net/tipc/netlink_compat.c
@@ -671,7 +671,7 @@ static int tipc_nl_compat_link_dump(struct tipc_nl_compat_msg *msg,
if (err)
return err;
- link_info.dest = nla_get_flag(link[TIPC_NLA_LINK_DEST]);
+ link_info.dest = htonl(nla_get_flag(link[TIPC_NLA_LINK_DEST]));
link_info.up = htonl(nla_get_flag(link[TIPC_NLA_LINK_UP]));
nla_strlcpy(link_info.str, link[TIPC_NLA_LINK_NAME],
TIPC_MAX_LINK_NAME);
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 304/425] ASoC: Intel: bytcr_rt5640: Enable jack-detect support on Asus T100TAF
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (302 preceding siblings ...)
2021-05-20 9:21 ` [PATCH 4.19 303/425] tipc: convert dest nodes address to network order Greg Kroah-Hartman
@ 2021-05-20 9:21 ` Greg Kroah-Hartman
2021-05-20 9:21 ` [PATCH 4.19 305/425] net: stmmac: Set FIFO sizes for ipq806x Greg Kroah-Hartman
` (127 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:21 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hans de Goede, Pierre-Louis Bossart,
Mark Brown, Sasha Levin
From: Hans de Goede <hdegoede@redhat.com>
[ Upstream commit b7c7203a1f751348f35fc4bcb157572d303f7573 ]
The Asus T100TAF uses the same jack-detect settings as the T100TA,
this has been confirmed on actual hardware.
Add these settings to the T100TAF quirks to enable jack-detect support
on the T100TAF.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Acked-by: Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
Link: https://lore.kernel.org/r/20210312114850.13832-1-hdegoede@redhat.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/intel/boards/bytcr_rt5640.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/sound/soc/intel/boards/bytcr_rt5640.c b/sound/soc/intel/boards/bytcr_rt5640.c
index d63d99776384..62b4187e9f44 100644
--- a/sound/soc/intel/boards/bytcr_rt5640.c
+++ b/sound/soc/intel/boards/bytcr_rt5640.c
@@ -473,6 +473,9 @@ static const struct dmi_system_id byt_rt5640_quirk_table[] = {
DMI_EXACT_MATCH(DMI_PRODUCT_NAME, "T100TAF"),
},
.driver_data = (void *)(BYT_RT5640_IN1_MAP |
+ BYT_RT5640_JD_SRC_JD2_IN4N |
+ BYT_RT5640_OVCD_TH_2000UA |
+ BYT_RT5640_OVCD_SF_0P75 |
BYT_RT5640_MONO_SPEAKER |
BYT_RT5640_DIFF_MIC |
BYT_RT5640_SSP0_AIF2 |
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 305/425] net: stmmac: Set FIFO sizes for ipq806x
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (303 preceding siblings ...)
2021-05-20 9:21 ` [PATCH 4.19 304/425] ASoC: Intel: bytcr_rt5640: Enable jack-detect support on Asus T100TAF Greg Kroah-Hartman
@ 2021-05-20 9:21 ` Greg Kroah-Hartman
2021-05-20 9:21 ` [PATCH 4.19 306/425] i2c: bail out early when RDWR parameters are wrong Greg Kroah-Hartman
` (126 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:21 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jonathan McDowell, David S. Miller,
Sasha Levin
From: Jonathan McDowell <noodles@earth.li>
[ Upstream commit e127906b68b49ddb3ecba39ffa36a329c48197d3 ]
Commit eaf4fac47807 ("net: stmmac: Do not accept invalid MTU values")
started using the TX FIFO size to verify what counts as a valid MTU
request for the stmmac driver. This is unset for the ipq806x variant.
Looking at older patches for this it seems the RX + TXs buffers can be
up to 8k, so set appropriately.
(I sent this as an RFC patch in June last year, but received no replies.
I've been running with this on my hardware (a MikroTik RB3011) since
then with larger MTUs to support both the internal qca8k switch and
VLANs with no problems. Without the patch it's impossible to set the
larger MTU required to support this.)
Signed-off-by: Jonathan McDowell <noodles@earth.li>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/stmicro/stmmac/dwmac-ipq806x.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/net/ethernet/stmicro/stmmac/dwmac-ipq806x.c b/drivers/net/ethernet/stmicro/stmmac/dwmac-ipq806x.c
index 826626e870d5..0f56f8e33691 100644
--- a/drivers/net/ethernet/stmicro/stmmac/dwmac-ipq806x.c
+++ b/drivers/net/ethernet/stmicro/stmmac/dwmac-ipq806x.c
@@ -351,6 +351,8 @@ static int ipq806x_gmac_probe(struct platform_device *pdev)
plat_dat->bsp_priv = gmac;
plat_dat->fix_mac_speed = ipq806x_gmac_fix_mac_speed;
plat_dat->multicast_filter_bins = 0;
+ plat_dat->tx_fifo_size = 8192;
+ plat_dat->rx_fifo_size = 8192;
err = stmmac_dvr_probe(&pdev->dev, plat_dat, &stmmac_res);
if (err)
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 306/425] i2c: bail out early when RDWR parameters are wrong
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (304 preceding siblings ...)
2021-05-20 9:21 ` [PATCH 4.19 305/425] net: stmmac: Set FIFO sizes for ipq806x Greg Kroah-Hartman
@ 2021-05-20 9:21 ` Greg Kroah-Hartman
2021-05-20 9:21 ` [PATCH 4.19 307/425] ALSA: hdsp: dont disable if not enabled Greg Kroah-Hartman
` (125 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:21 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, syzbot+ffb0b3ffa6cfbc7d7b3f,
Wolfram Sang, Wolfram Sang, Sasha Levin
From: Wolfram Sang <wsa+renesas@sang-engineering.com>
[ Upstream commit 71581562ee36032d2d574a9b23ad4af6d6a64cf7 ]
The buggy parameters currently get caught later, but emit a noisy WARN.
Userspace should not be able to trigger this, so add similar checks much
earlier. Also avoids some unneeded code paths, of course. Apply kernel
coding stlye to a comment while here.
Reported-by: syzbot+ffb0b3ffa6cfbc7d7b3f@syzkaller.appspotmail.com
Tested-by: syzbot+ffb0b3ffa6cfbc7d7b3f@syzkaller.appspotmail.com
Signed-off-by: Wolfram Sang <wsa+renesas@sang-engineering.com>
Signed-off-by: Wolfram Sang <wsa@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/i2c/i2c-dev.c | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/drivers/i2c/i2c-dev.c b/drivers/i2c/i2c-dev.c
index cbda91a0cb5f..1d10ee86299d 100644
--- a/drivers/i2c/i2c-dev.c
+++ b/drivers/i2c/i2c-dev.c
@@ -448,8 +448,13 @@ static long i2cdev_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
sizeof(rdwr_arg)))
return -EFAULT;
- /* Put an arbitrary limit on the number of messages that can
- * be sent at once */
+ if (!rdwr_arg.msgs || rdwr_arg.nmsgs == 0)
+ return -EINVAL;
+
+ /*
+ * Put an arbitrary limit on the number of messages that can
+ * be sent at once
+ */
if (rdwr_arg.nmsgs > I2C_RDWR_IOCTL_MAX_MSGS)
return -EINVAL;
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 307/425] ALSA: hdsp: dont disable if not enabled
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (305 preceding siblings ...)
2021-05-20 9:21 ` [PATCH 4.19 306/425] i2c: bail out early when RDWR parameters are wrong Greg Kroah-Hartman
@ 2021-05-20 9:21 ` Greg Kroah-Hartman
2021-05-20 9:21 ` [PATCH 4.19 308/425] ALSA: hdspm: " Greg Kroah-Hartman
` (124 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:21 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Takashi Iwai, Tong Zhang, Sasha Levin
From: Tong Zhang <ztong0001@gmail.com>
[ Upstream commit 507cdb9adba006a7798c358456426e1aea3d9c4f ]
hdsp wants to disable a not enabled pci device, which makes kernel
throw a warning. Make sure the device is enabled before calling disable.
[ 1.758292] snd_hdsp 0000:00:03.0: disabling already-disabled device
[ 1.758327] WARNING: CPU: 0 PID: 180 at drivers/pci/pci.c:2146 pci_disable_device+0x91/0xb0
[ 1.766985] Call Trace:
[ 1.767121] snd_hdsp_card_free+0x94/0xf0 [snd_hdsp]
[ 1.767388] release_card_device+0x4b/0x80 [snd]
[ 1.767639] device_release+0x3b/0xa0
[ 1.767838] kobject_put+0x94/0x1b0
[ 1.768027] put_device+0x13/0x20
[ 1.768207] snd_card_free+0x61/0x90 [snd]
[ 1.768430] snd_hdsp_probe+0x524/0x5e0 [snd_hdsp]
Suggested-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Tong Zhang <ztong0001@gmail.com>
Link: https://lore.kernel.org/r/20210321153840.378226-2-ztong0001@gmail.com
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/pci/rme9652/hdsp.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/sound/pci/rme9652/hdsp.c b/sound/pci/rme9652/hdsp.c
index ba99ff0e93e0..a0797fc17d95 100644
--- a/sound/pci/rme9652/hdsp.c
+++ b/sound/pci/rme9652/hdsp.c
@@ -5343,7 +5343,8 @@ static int snd_hdsp_free(struct hdsp *hdsp)
if (hdsp->port)
pci_release_regions(hdsp->pci);
- pci_disable_device(hdsp->pci);
+ if (pci_is_enabled(hdsp->pci))
+ pci_disable_device(hdsp->pci);
return 0;
}
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 308/425] ALSA: hdspm: dont disable if not enabled
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (306 preceding siblings ...)
2021-05-20 9:21 ` [PATCH 4.19 307/425] ALSA: hdsp: dont disable if not enabled Greg Kroah-Hartman
@ 2021-05-20 9:21 ` Greg Kroah-Hartman
2021-05-20 9:21 ` [PATCH 4.19 309/425] ALSA: rme9652: " Greg Kroah-Hartman
` (123 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:21 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Takashi Iwai, Tong Zhang, Sasha Levin
From: Tong Zhang <ztong0001@gmail.com>
[ Upstream commit 790f5719b85e12e10c41753b864e74249585ed08 ]
hdspm wants to disable a not enabled pci device, which makes kernel
throw a warning. Make sure the device is enabled before calling disable.
[ 1.786391] snd_hdspm 0000:00:03.0: disabling already-disabled device
[ 1.786400] WARNING: CPU: 0 PID: 182 at drivers/pci/pci.c:2146 pci_disable_device+0x91/0xb0
[ 1.795181] Call Trace:
[ 1.795320] snd_hdspm_card_free+0x58/0xa0 [snd_hdspm]
[ 1.795595] release_card_device+0x4b/0x80 [snd]
[ 1.795860] device_release+0x3b/0xa0
[ 1.796072] kobject_put+0x94/0x1b0
[ 1.796260] put_device+0x13/0x20
[ 1.796438] snd_card_free+0x61/0x90 [snd]
[ 1.796659] snd_hdspm_probe+0x97b/0x1440 [snd_hdspm]
Suggested-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Tong Zhang <ztong0001@gmail.com>
Link: https://lore.kernel.org/r/20210321153840.378226-3-ztong0001@gmail.com
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/pci/rme9652/hdspm.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/sound/pci/rme9652/hdspm.c b/sound/pci/rme9652/hdspm.c
index 11b5b5e0e058..5dfddade1bae 100644
--- a/sound/pci/rme9652/hdspm.c
+++ b/sound/pci/rme9652/hdspm.c
@@ -6913,7 +6913,8 @@ static int snd_hdspm_free(struct hdspm * hdspm)
if (hdspm->port)
pci_release_regions(hdspm->pci);
- pci_disable_device(hdspm->pci);
+ if (pci_is_enabled(hdspm->pci))
+ pci_disable_device(hdspm->pci);
return 0;
}
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 309/425] ALSA: rme9652: dont disable if not enabled
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (307 preceding siblings ...)
2021-05-20 9:21 ` [PATCH 4.19 308/425] ALSA: hdspm: " Greg Kroah-Hartman
@ 2021-05-20 9:21 ` Greg Kroah-Hartman
2021-05-20 9:21 ` [PATCH 4.19 310/425] Bluetooth: Set CONF_NOT_COMPLETE as l2cap_chan default Greg Kroah-Hartman
` (122 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:21 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Takashi Iwai, Tong Zhang, Sasha Levin
From: Tong Zhang <ztong0001@gmail.com>
[ Upstream commit f57a741874bb6995089020e97a1dcdf9b165dcbe ]
rme9652 wants to disable a not enabled pci device, which makes kernel
throw a warning. Make sure the device is enabled before calling disable.
[ 1.751595] snd_rme9652 0000:00:03.0: disabling already-disabled device
[ 1.751605] WARNING: CPU: 0 PID: 174 at drivers/pci/pci.c:2146 pci_disable_device+0x91/0xb0
[ 1.759968] Call Trace:
[ 1.760145] snd_rme9652_card_free+0x76/0xa0 [snd_rme9652]
[ 1.760434] release_card_device+0x4b/0x80 [snd]
[ 1.760679] device_release+0x3b/0xa0
[ 1.760874] kobject_put+0x94/0x1b0
[ 1.761059] put_device+0x13/0x20
[ 1.761235] snd_card_free+0x61/0x90 [snd]
[ 1.761454] snd_rme9652_probe+0x3be/0x700 [snd_rme9652]
Suggested-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Tong Zhang <ztong0001@gmail.com>
Link: https://lore.kernel.org/r/20210321153840.378226-4-ztong0001@gmail.com
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/pci/rme9652/rme9652.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/sound/pci/rme9652/rme9652.c b/sound/pci/rme9652/rme9652.c
index edd765e22377..f82fa5be7d33 100644
--- a/sound/pci/rme9652/rme9652.c
+++ b/sound/pci/rme9652/rme9652.c
@@ -1761,7 +1761,8 @@ static int snd_rme9652_free(struct snd_rme9652 *rme9652)
if (rme9652->port)
pci_release_regions(rme9652->pci);
- pci_disable_device(rme9652->pci);
+ if (pci_is_enabled(rme9652->pci))
+ pci_disable_device(rme9652->pci);
return 0;
}
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 310/425] Bluetooth: Set CONF_NOT_COMPLETE as l2cap_chan default
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (308 preceding siblings ...)
2021-05-20 9:21 ` [PATCH 4.19 309/425] ALSA: rme9652: " Greg Kroah-Hartman
@ 2021-05-20 9:21 ` Greg Kroah-Hartman
2021-05-20 9:21 ` [PATCH 4.19 311/425] Bluetooth: initialize skb_queue_head at l2cap_chan_create() Greg Kroah-Hartman
` (121 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:21 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Archie Pusaka,
syzbot+338f014a98367a08a114, Alain Michaud,
Abhishek Pandit-Subedi, Guenter Roeck, Marcel Holtmann,
Sasha Levin
From: Archie Pusaka <apusaka@chromium.org>
[ Upstream commit 3a9d54b1947ecea8eea9a902c0b7eb58a98add8a ]
Currently l2cap_chan_set_defaults() reset chan->conf_state to zero.
However, there is a flag CONF_NOT_COMPLETE which is set when
creating the l2cap_chan. It is suggested that the flag should be
cleared when l2cap_chan is ready, but when l2cap_chan_set_defaults()
is called, l2cap_chan is not yet ready. Therefore, we must set this
flag as the default.
Example crash call trace:
__dump_stack lib/dump_stack.c:15 [inline]
dump_stack+0xc4/0x118 lib/dump_stack.c:56
panic+0x1c6/0x38b kernel/panic.c:117
__warn+0x170/0x1b9 kernel/panic.c:471
warn_slowpath_fmt+0xc7/0xf8 kernel/panic.c:494
debug_print_object+0x175/0x193 lib/debugobjects.c:260
debug_object_assert_init+0x171/0x1bf lib/debugobjects.c:614
debug_timer_assert_init kernel/time/timer.c:629 [inline]
debug_assert_init kernel/time/timer.c:677 [inline]
del_timer+0x7c/0x179 kernel/time/timer.c:1034
try_to_grab_pending+0x81/0x2e5 kernel/workqueue.c:1230
cancel_delayed_work+0x7c/0x1c4 kernel/workqueue.c:2929
l2cap_clear_timer+0x1e/0x41 include/net/bluetooth/l2cap.h:834
l2cap_chan_del+0x2d8/0x37e net/bluetooth/l2cap_core.c:640
l2cap_chan_close+0x532/0x5d8 net/bluetooth/l2cap_core.c:756
l2cap_sock_shutdown+0x806/0x969 net/bluetooth/l2cap_sock.c:1174
l2cap_sock_release+0x64/0x14d net/bluetooth/l2cap_sock.c:1217
__sock_release+0xda/0x217 net/socket.c:580
sock_close+0x1b/0x1f net/socket.c:1039
__fput+0x322/0x55c fs/file_table.c:208
____fput+0x17/0x19 fs/file_table.c:244
task_work_run+0x19b/0x1d3 kernel/task_work.c:115
exit_task_work include/linux/task_work.h:21 [inline]
do_exit+0xe4c/0x204a kernel/exit.c:766
do_group_exit+0x291/0x291 kernel/exit.c:891
get_signal+0x749/0x1093 kernel/signal.c:2396
do_signal+0xa5/0xcdb arch/x86/kernel/signal.c:737
exit_to_usermode_loop arch/x86/entry/common.c:243 [inline]
prepare_exit_to_usermode+0xed/0x235 arch/x86/entry/common.c:277
syscall_return_slowpath+0x3a7/0x3b3 arch/x86/entry/common.c:348
int_ret_from_sys_call+0x25/0xa3
Signed-off-by: Archie Pusaka <apusaka@chromium.org>
Reported-by: syzbot+338f014a98367a08a114@syzkaller.appspotmail.com
Reviewed-by: Alain Michaud <alainm@chromium.org>
Reviewed-by: Abhishek Pandit-Subedi <abhishekpandit@chromium.org>
Reviewed-by: Guenter Roeck <groeck@chromium.org>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/bluetooth/l2cap_core.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c
index f1ff83321023..30373d00ab04 100644
--- a/net/bluetooth/l2cap_core.c
+++ b/net/bluetooth/l2cap_core.c
@@ -510,7 +510,9 @@ void l2cap_chan_set_defaults(struct l2cap_chan *chan)
chan->flush_to = L2CAP_DEFAULT_FLUSH_TO;
chan->retrans_timeout = L2CAP_DEFAULT_RETRANS_TO;
chan->monitor_timeout = L2CAP_DEFAULT_MONITOR_TO;
+
chan->conf_state = 0;
+ set_bit(CONF_NOT_COMPLETE, &chan->conf_state);
set_bit(FLAG_FORCE_ACTIVE, &chan->flags);
}
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 311/425] Bluetooth: initialize skb_queue_head at l2cap_chan_create()
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (309 preceding siblings ...)
2021-05-20 9:21 ` [PATCH 4.19 310/425] Bluetooth: Set CONF_NOT_COMPLETE as l2cap_chan default Greg Kroah-Hartman
@ 2021-05-20 9:21 ` Greg Kroah-Hartman
2021-05-20 9:21 ` [PATCH 4.19 312/425] net: bridge: when suppression is enabled exclude RARP packets Greg Kroah-Hartman
` (120 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:21 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Tetsuo Handa, Marcel Holtmann,
Sasha Levin, syzbot
From: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
[ Upstream commit be8597239379f0f53c9710dd6ab551bbf535bec6 ]
syzbot is hitting "INFO: trying to register non-static key." message [1],
for "struct l2cap_chan"->tx_q.lock spinlock is not yet initialized when
l2cap_chan_del() is called due to e.g. timeout.
Since "struct l2cap_chan"->lock mutex is initialized at l2cap_chan_create()
immediately after "struct l2cap_chan" is allocated using kzalloc(), let's
as well initialize "struct l2cap_chan"->{tx_q,srej_q}.lock spinlocks there.
[1] https://syzkaller.appspot.com/bug?extid=fadfba6a911f6bf71842
Reported-and-tested-by: syzbot <syzbot+fadfba6a911f6bf71842@syzkaller.appspotmail.com>
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/bluetooth/l2cap_core.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c
index 30373d00ab04..c0d64b4144d4 100644
--- a/net/bluetooth/l2cap_core.c
+++ b/net/bluetooth/l2cap_core.c
@@ -445,6 +445,8 @@ struct l2cap_chan *l2cap_chan_create(void)
if (!chan)
return NULL;
+ skb_queue_head_init(&chan->tx_q);
+ skb_queue_head_init(&chan->srej_q);
mutex_init(&chan->lock);
/* Set default lock nesting level */
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 312/425] net: bridge: when suppression is enabled exclude RARP packets
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (310 preceding siblings ...)
2021-05-20 9:21 ` [PATCH 4.19 311/425] Bluetooth: initialize skb_queue_head at l2cap_chan_create() Greg Kroah-Hartman
@ 2021-05-20 9:21 ` Greg Kroah-Hartman
2021-05-20 9:21 ` [PATCH 4.19 313/425] Bluetooth: check for zapped sk before connecting Greg Kroah-Hartman
` (119 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:21 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Amer Abdalamer, Nikolay Aleksandrov,
David S. Miller, Sasha Levin
From: Nikolay Aleksandrov <nikolay@nvidia.com>
[ Upstream commit 0353b4a96b7a9f60fe20d1b3ebd4931a4085f91c ]
Recently we had an interop issue where RARP packets got suppressed with
bridge neigh suppression enabled, but the check in the code was meant to
suppress GARP. Exclude RARP packets from it which would allow some VMWare
setups to work, to quote the report:
"Those RARP packets usually get generated by vMware to notify physical
switches when vMotion occurs. vMware may use random sip/tip or just use
sip=tip=0. So the RARP packet sometimes get properly flooded by the vtep
and other times get dropped by the logic"
Reported-by: Amer Abdalamer <amer@nvidia.com>
Signed-off-by: Nikolay Aleksandrov <nikolay@nvidia.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/bridge/br_arp_nd_proxy.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/net/bridge/br_arp_nd_proxy.c b/net/bridge/br_arp_nd_proxy.c
index eb44ae05abaa..b52e70362268 100644
--- a/net/bridge/br_arp_nd_proxy.c
+++ b/net/bridge/br_arp_nd_proxy.c
@@ -158,7 +158,9 @@ void br_do_proxy_suppress_arp(struct sk_buff *skb, struct net_bridge *br,
if (br->neigh_suppress_enabled) {
if (p && (p->flags & BR_NEIGH_SUPPRESS))
return;
- if (ipv4_is_zeronet(sip) || sip == tip) {
+ if (parp->ar_op != htons(ARPOP_RREQUEST) &&
+ parp->ar_op != htons(ARPOP_RREPLY) &&
+ (ipv4_is_zeronet(sip) || sip == tip)) {
/* prevent flooding to neigh suppress ports */
BR_INPUT_SKB_CB(skb)->proxyarp_replied = true;
return;
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 313/425] Bluetooth: check for zapped sk before connecting
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (311 preceding siblings ...)
2021-05-20 9:21 ` [PATCH 4.19 312/425] net: bridge: when suppression is enabled exclude RARP packets Greg Kroah-Hartman
@ 2021-05-20 9:21 ` Greg Kroah-Hartman
2021-05-20 9:21 ` [PATCH 4.19 314/425] ip6_vti: proper dev_{hold|put} in ndo_[un]init methods Greg Kroah-Hartman
` (118 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:21 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Archie Pusaka,
syzbot+abfc0f5e668d4099af73, Alain Michaud,
Abhishek Pandit-Subedi, Guenter Roeck, Marcel Holtmann,
Sasha Levin
From: Archie Pusaka <apusaka@chromium.org>
[ Upstream commit 3af70b39fa2d415dc86c370e5b24ddb9fdacbd6f ]
There is a possibility of receiving a zapped sock on
l2cap_sock_connect(). This could lead to interesting crashes, one
such case is tearing down an already tore l2cap_sock as is happened
with this call trace:
__dump_stack lib/dump_stack.c:15 [inline]
dump_stack+0xc4/0x118 lib/dump_stack.c:56
register_lock_class kernel/locking/lockdep.c:792 [inline]
register_lock_class+0x239/0x6f6 kernel/locking/lockdep.c:742
__lock_acquire+0x209/0x1e27 kernel/locking/lockdep.c:3105
lock_acquire+0x29c/0x2fb kernel/locking/lockdep.c:3599
__raw_spin_lock_bh include/linux/spinlock_api_smp.h:137 [inline]
_raw_spin_lock_bh+0x38/0x47 kernel/locking/spinlock.c:175
spin_lock_bh include/linux/spinlock.h:307 [inline]
lock_sock_nested+0x44/0xfa net/core/sock.c:2518
l2cap_sock_teardown_cb+0x88/0x2fb net/bluetooth/l2cap_sock.c:1345
l2cap_chan_del+0xa3/0x383 net/bluetooth/l2cap_core.c:598
l2cap_chan_close+0x537/0x5dd net/bluetooth/l2cap_core.c:756
l2cap_chan_timeout+0x104/0x17e net/bluetooth/l2cap_core.c:429
process_one_work+0x7e3/0xcb0 kernel/workqueue.c:2064
worker_thread+0x5a5/0x773 kernel/workqueue.c:2196
kthread+0x291/0x2a6 kernel/kthread.c:211
ret_from_fork+0x4e/0x80 arch/x86/entry/entry_64.S:604
Signed-off-by: Archie Pusaka <apusaka@chromium.org>
Reported-by: syzbot+abfc0f5e668d4099af73@syzkaller.appspotmail.com
Reviewed-by: Alain Michaud <alainm@chromium.org>
Reviewed-by: Abhishek Pandit-Subedi <abhishekpandit@chromium.org>
Reviewed-by: Guenter Roeck <groeck@chromium.org>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/bluetooth/l2cap_sock.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/net/bluetooth/l2cap_sock.c b/net/bluetooth/l2cap_sock.c
index 198a1fdd6709..967a9bb14415 100644
--- a/net/bluetooth/l2cap_sock.c
+++ b/net/bluetooth/l2cap_sock.c
@@ -179,9 +179,17 @@ static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr,
struct l2cap_chan *chan = l2cap_pi(sk)->chan;
struct sockaddr_l2 la;
int len, err = 0;
+ bool zapped;
BT_DBG("sk %p", sk);
+ lock_sock(sk);
+ zapped = sock_flag(sk, SOCK_ZAPPED);
+ release_sock(sk);
+
+ if (zapped)
+ return -EINVAL;
+
if (!addr || alen < offsetofend(struct sockaddr, sa_family) ||
addr->sa_family != AF_BLUETOOTH)
return -EINVAL;
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 314/425] ip6_vti: proper dev_{hold|put} in ndo_[un]init methods
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (312 preceding siblings ...)
2021-05-20 9:21 ` [PATCH 4.19 313/425] Bluetooth: check for zapped sk before connecting Greg Kroah-Hartman
@ 2021-05-20 9:21 ` Greg Kroah-Hartman
2021-05-20 9:21 ` [PATCH 4.19 315/425] ASoC: Intel: bytcr_rt5640: Add quirk for the Chuwi Hi8 tablet Greg Kroah-Hartman
` (117 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:21 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Eric Dumazet, David S. Miller, Sasha Levin
From: Eric Dumazet <edumazet@google.com>
[ Upstream commit 40cb881b5aaa0b69a7d93dec8440d5c62dae299f ]
After adopting CONFIG_PCPU_DEV_REFCNT=n option, syzbot was able to trigger
a warning [1]
Issue here is that:
- all dev_put() should be paired with a corresponding prior dev_hold().
- A driver doing a dev_put() in its ndo_uninit() MUST also
do a dev_hold() in its ndo_init(), only when ndo_init()
is returning 0.
Otherwise, register_netdevice() would call ndo_uninit()
in its error path and release a refcount too soon.
Therefore, we need to move dev_hold() call from
vti6_tnl_create2() to vti6_dev_init_gen()
[1]
WARNING: CPU: 0 PID: 15951 at lib/refcount.c:31 refcount_warn_saturate+0xbf/0x1e0 lib/refcount.c:31
Modules linked in:
CPU: 0 PID: 15951 Comm: syz-executor.3 Not tainted 5.12.0-rc4-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:refcount_warn_saturate+0xbf/0x1e0 lib/refcount.c:31
Code: 1d 6a 5a e8 09 31 ff 89 de e8 8d 1a ab fd 84 db 75 e0 e8 d4 13 ab fd 48 c7 c7 a0 e1 c1 89 c6 05 4a 5a e8 09 01 e8 2e 36 fb 04 <0f> 0b eb c4 e8 b8 13 ab fd 0f b6 1d 39 5a e8 09 31 ff 89 de e8 58
RSP: 0018:ffffc90001eaef28 EFLAGS: 00010282
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
RDX: 0000000000040000 RSI: ffffffff815c51f5 RDI: fffff520003d5dd7
RBP: 0000000000000004 R08: 0000000000000000 R09: 0000000000000000
R10: ffffffff815bdf8e R11: 0000000000000000 R12: ffff88801bb1c568
R13: ffff88801f69e800 R14: 00000000ffffffff R15: ffff888050889d40
FS: 00007fc79314e700(0000) GS:ffff8880b9c00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f1c1ff47108 CR3: 0000000020fd5000 CR4: 00000000001506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
__refcount_dec include/linux/refcount.h:344 [inline]
refcount_dec include/linux/refcount.h:359 [inline]
dev_put include/linux/netdevice.h:4135 [inline]
vti6_dev_uninit+0x31a/0x360 net/ipv6/ip6_vti.c:297
register_netdevice+0xadf/0x1500 net/core/dev.c:10308
vti6_tnl_create2+0x1b5/0x400 net/ipv6/ip6_vti.c:190
vti6_newlink+0x9d/0xd0 net/ipv6/ip6_vti.c:1020
__rtnl_newlink+0x1062/0x1710 net/core/rtnetlink.c:3443
rtnl_newlink+0x64/0xa0 net/core/rtnetlink.c:3491
rtnetlink_rcv_msg+0x44e/0xad0 net/core/rtnetlink.c:5553
netlink_rcv_skb+0x153/0x420 net/netlink/af_netlink.c:2502
netlink_unicast_kernel net/netlink/af_netlink.c:1312 [inline]
netlink_unicast+0x533/0x7d0 net/netlink/af_netlink.c:1338
netlink_sendmsg+0x856/0xd90 net/netlink/af_netlink.c:1927
sock_sendmsg_nosec net/socket.c:654 [inline]
sock_sendmsg+0xcf/0x120 net/socket.c:674
____sys_sendmsg+0x331/0x810 net/socket.c:2350
___sys_sendmsg+0xf3/0x170 net/socket.c:2404
__sys_sendmmsg+0x195/0x470 net/socket.c:2490
__do_sys_sendmmsg net/socket.c:2519 [inline]
__se_sys_sendmmsg net/socket.c:2516 [inline]
__x64_sys_sendmmsg+0x99/0x100 net/socket.c:2516
Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/ipv6/ip6_vti.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/ipv6/ip6_vti.c b/net/ipv6/ip6_vti.c
index 94f16e82a458..defa04b38ee8 100644
--- a/net/ipv6/ip6_vti.c
+++ b/net/ipv6/ip6_vti.c
@@ -196,7 +196,6 @@ static int vti6_tnl_create2(struct net_device *dev)
strcpy(t->parms.name, dev->name);
- dev_hold(dev);
vti6_tnl_link(ip6n, t);
return 0;
@@ -925,6 +924,7 @@ static inline int vti6_dev_init_gen(struct net_device *dev)
dev->tstats = netdev_alloc_pcpu_stats(struct pcpu_sw_netstats);
if (!dev->tstats)
return -ENOMEM;
+ dev_hold(dev);
return 0;
}
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 315/425] ASoC: Intel: bytcr_rt5640: Add quirk for the Chuwi Hi8 tablet
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (313 preceding siblings ...)
2021-05-20 9:21 ` [PATCH 4.19 314/425] ip6_vti: proper dev_{hold|put} in ndo_[un]init methods Greg Kroah-Hartman
@ 2021-05-20 9:21 ` Greg Kroah-Hartman
2021-05-20 9:21 ` [PATCH 4.19 316/425] i2c: Add I2C_AQ_NO_REP_START adapter quirk Greg Kroah-Hartman
` (116 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:21 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hans de Goede, Mark Brown, Sasha Levin
From: Hans de Goede <hdegoede@redhat.com>
[ Upstream commit 875c40eadf6ac6644c0f71842a4f30dd9968d281 ]
The Chuwi Hi8 tablet is using an analog mic on IN1 and has its
jack-detect connected to JD2_IN4N, instead of using the default
IN3 for its internal mic and JD1_IN4P for jack-detect.
It also only has 1 speaker.
Add a quirk applying the correct settings for this configuration.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Link: https://lore.kernel.org/r/20210325221054.22714-1-hdegoede@redhat.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/intel/boards/bytcr_rt5640.c | 17 +++++++++++++++++
1 file changed, 17 insertions(+)
diff --git a/sound/soc/intel/boards/bytcr_rt5640.c b/sound/soc/intel/boards/bytcr_rt5640.c
index 62b4187e9f44..4ebc023f1507 100644
--- a/sound/soc/intel/boards/bytcr_rt5640.c
+++ b/sound/soc/intel/boards/bytcr_rt5640.c
@@ -509,6 +509,23 @@ static const struct dmi_system_id byt_rt5640_quirk_table[] = {
BYT_RT5640_SSP0_AIF1 |
BYT_RT5640_MCLK_EN),
},
+ {
+ /* Chuwi Hi8 (CWI509) */
+ .matches = {
+ DMI_MATCH(DMI_BOARD_VENDOR, "Hampoo"),
+ DMI_MATCH(DMI_BOARD_NAME, "BYT-PA03C"),
+ DMI_MATCH(DMI_SYS_VENDOR, "ilife"),
+ DMI_MATCH(DMI_PRODUCT_NAME, "S806"),
+ },
+ .driver_data = (void *)(BYT_RT5640_IN1_MAP |
+ BYT_RT5640_JD_SRC_JD2_IN4N |
+ BYT_RT5640_OVCD_TH_2000UA |
+ BYT_RT5640_OVCD_SF_0P75 |
+ BYT_RT5640_MONO_SPEAKER |
+ BYT_RT5640_DIFF_MIC |
+ BYT_RT5640_SSP0_AIF1 |
+ BYT_RT5640_MCLK_EN),
+ },
{
.matches = {
DMI_MATCH(DMI_SYS_VENDOR, "Circuitco"),
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 316/425] i2c: Add I2C_AQ_NO_REP_START adapter quirk
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (314 preceding siblings ...)
2021-05-20 9:21 ` [PATCH 4.19 315/425] ASoC: Intel: bytcr_rt5640: Add quirk for the Chuwi Hi8 tablet Greg Kroah-Hartman
@ 2021-05-20 9:21 ` Greg Kroah-Hartman
2021-05-20 9:21 ` [PATCH 4.19 317/425] mac80211: clear the beacons CRC after channel switch Greg Kroah-Hartman
` (115 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:21 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Wolfram Sang, Bence Csókás,
Sasha Levin
From: Bence Csókás <bence98@sch.bme.hu>
[ Upstream commit aca01415e076aa96cca0f801f4420ee5c10c660d ]
This quirk signifies that the adapter cannot do a repeated
START, it always issues a STOP condition after transfers.
Suggested-by: Wolfram Sang <wsa@kernel.org>
Signed-off-by: Bence Csókás <bence98@sch.bme.hu>
Signed-off-by: Wolfram Sang <wsa@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/linux/i2c.h | 2 ++
1 file changed, 2 insertions(+)
diff --git a/include/linux/i2c.h b/include/linux/i2c.h
index 7e748648c7d3..6fda0458745d 100644
--- a/include/linux/i2c.h
+++ b/include/linux/i2c.h
@@ -662,6 +662,8 @@ struct i2c_adapter_quirks {
#define I2C_AQ_NO_ZERO_LEN_READ BIT(5)
#define I2C_AQ_NO_ZERO_LEN_WRITE BIT(6)
#define I2C_AQ_NO_ZERO_LEN (I2C_AQ_NO_ZERO_LEN_READ | I2C_AQ_NO_ZERO_LEN_WRITE)
+/* adapter cannot do repeated START */
+#define I2C_AQ_NO_REP_START BIT(7)
/*
* i2c_adapter is the structure used to identify a physical i2c bus along
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 317/425] mac80211: clear the beacons CRC after channel switch
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (315 preceding siblings ...)
2021-05-20 9:21 ` [PATCH 4.19 316/425] i2c: Add I2C_AQ_NO_REP_START adapter quirk Greg Kroah-Hartman
@ 2021-05-20 9:21 ` Greg Kroah-Hartman
2021-05-20 9:21 ` [PATCH 4.19 318/425] pinctrl: samsung: use int for register masks in Exynos Greg Kroah-Hartman
` (114 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:21 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Emmanuel Grumbach, Johannes Berg,
Sasha Levin
From: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
[ Upstream commit d6843d1ee283137723b4a8c76244607ce6db1951 ]
After channel switch, we should consider any beacon with a
CSA IE as a new switch. If the CSA IE is a leftover from
before the switch that the AP forgot to remove, we'll get
a CSA-to-Self.
This caused issues in iwlwifi where the firmware saw a beacon
with a CSA-to-Self with mode = 1 on the new channel after a
switch. The firmware considered this a new switch and closed
its queues. Since the beacon didn't change between before and
after the switch, we wouldn't handle it (the CRC is the same)
and we wouldn't let the firmware open its queues again or
disconnect if the CSA IE stays for too long.
Clear the CRC valid state after we switch to make sure that
we handle the beacon and handle the CSA IE as required.
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Link: https://lore.kernel.org/r/20210408143124.b9e68aa98304.I465afb55ca2c7d59f7bf610c6046a1fd732b4c28@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/mac80211/mlme.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/net/mac80211/mlme.c b/net/mac80211/mlme.c
index c53a332f7d65..cbcb60face2c 100644
--- a/net/mac80211/mlme.c
+++ b/net/mac80211/mlme.c
@@ -1185,6 +1185,11 @@ static void ieee80211_chswitch_post_beacon(struct ieee80211_sub_if_data *sdata)
sdata->vif.csa_active = false;
ifmgd->csa_waiting_bcn = false;
+ /*
+ * If the CSA IE is still present on the beacon after the switch,
+ * we need to consider it as a new CSA (possibly to self).
+ */
+ ifmgd->beacon_crc_valid = false;
ret = drv_post_channel_switch(sdata);
if (ret) {
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 318/425] pinctrl: samsung: use int for register masks in Exynos
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (316 preceding siblings ...)
2021-05-20 9:21 ` [PATCH 4.19 317/425] mac80211: clear the beacons CRC after channel switch Greg Kroah-Hartman
@ 2021-05-20 9:21 ` Greg Kroah-Hartman
2021-05-20 9:21 ` [PATCH 4.19 319/425] cuse: prevent clone Greg Kroah-Hartman
` (113 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:21 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Krzysztof Kozlowski,
Sylwester Nawrocki, Linus Walleij, Sasha Levin
From: Krzysztof Kozlowski <krzysztof.kozlowski@canonical.com>
[ Upstream commit fa0c10a5f3a49130dd11281aa27e7e1c8654abc7 ]
The Special Function Registers on all Exynos SoC, including ARM64, are
32-bit wide, so entire driver uses matching functions like readl() or
writel(). On 64-bit ARM using unsigned long for register masks:
1. makes little sense as immediately after bitwise operation it will be
cast to 32-bit value when calling writel(),
2. is actually error-prone because it might promote other operands to
64-bit.
Addresses-Coverity: Unintentional integer overflow
Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski@canonical.com>
Reviewed-by: Sylwester Nawrocki <s.nawrocki@samsung.com>
Link: https://lore.kernel.org/r/20210408195029.69974-1-krzysztof.kozlowski@canonical.com
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/pinctrl/samsung/pinctrl-exynos.c | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/drivers/pinctrl/samsung/pinctrl-exynos.c b/drivers/pinctrl/samsung/pinctrl-exynos.c
index 24956f6c6324..7f764f751c4f 100644
--- a/drivers/pinctrl/samsung/pinctrl-exynos.c
+++ b/drivers/pinctrl/samsung/pinctrl-exynos.c
@@ -55,7 +55,7 @@ static void exynos_irq_mask(struct irq_data *irqd)
struct exynos_irq_chip *our_chip = to_exynos_irq_chip(chip);
struct samsung_pin_bank *bank = irq_data_get_irq_chip_data(irqd);
unsigned long reg_mask = our_chip->eint_mask + bank->eint_offset;
- unsigned long mask;
+ unsigned int mask;
unsigned long flags;
spin_lock_irqsave(&bank->slock, flags);
@@ -83,7 +83,7 @@ static void exynos_irq_unmask(struct irq_data *irqd)
struct exynos_irq_chip *our_chip = to_exynos_irq_chip(chip);
struct samsung_pin_bank *bank = irq_data_get_irq_chip_data(irqd);
unsigned long reg_mask = our_chip->eint_mask + bank->eint_offset;
- unsigned long mask;
+ unsigned int mask;
unsigned long flags;
/*
@@ -482,7 +482,7 @@ static void exynos_irq_eint0_15(struct irq_desc *desc)
chained_irq_exit(chip, desc);
}
-static inline void exynos_irq_demux_eint(unsigned long pend,
+static inline void exynos_irq_demux_eint(unsigned int pend,
struct irq_domain *domain)
{
unsigned int irq;
@@ -499,8 +499,8 @@ static void exynos_irq_demux_eint16_31(struct irq_desc *desc)
{
struct irq_chip *chip = irq_desc_get_chip(desc);
struct exynos_muxed_weint_data *eintd = irq_desc_get_handler_data(desc);
- unsigned long pend;
- unsigned long mask;
+ unsigned int pend;
+ unsigned int mask;
int i;
chained_irq_enter(chip, desc);
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 319/425] cuse: prevent clone
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (317 preceding siblings ...)
2021-05-20 9:21 ` [PATCH 4.19 318/425] pinctrl: samsung: use int for register masks in Exynos Greg Kroah-Hartman
@ 2021-05-20 9:21 ` Greg Kroah-Hartman
2021-05-20 9:21 ` [PATCH 4.19 320/425] selftests: Set CC to clang in lib.mk if LLVM is set Greg Kroah-Hartman
` (112 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:21 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Miklos Szeredi, Sasha Levin
From: Miklos Szeredi <mszeredi@redhat.com>
[ Upstream commit 8217673d07256b22881127bf50dce874d0e51653 ]
For cloned connections cuse_channel_release() will be called more than
once, resulting in use after free.
Prevent device cloning for CUSE, which does not make sense at this point,
and highly unlikely to be used in real life.
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/fuse/cuse.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/fs/fuse/cuse.c b/fs/fuse/cuse.c
index f057c213c453..e10e2b62ccf4 100644
--- a/fs/fuse/cuse.c
+++ b/fs/fuse/cuse.c
@@ -621,6 +621,8 @@ static int __init cuse_init(void)
cuse_channel_fops.owner = THIS_MODULE;
cuse_channel_fops.open = cuse_channel_open;
cuse_channel_fops.release = cuse_channel_release;
+ /* CUSE is not prepared for FUSE_DEV_IOC_CLONE */
+ cuse_channel_fops.unlocked_ioctl = NULL;
cuse_class = class_create(THIS_MODULE, "cuse");
if (IS_ERR(cuse_class))
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 320/425] selftests: Set CC to clang in lib.mk if LLVM is set
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (318 preceding siblings ...)
2021-05-20 9:21 ` [PATCH 4.19 319/425] cuse: prevent clone Greg Kroah-Hartman
@ 2021-05-20 9:21 ` Greg Kroah-Hartman
2021-05-20 9:21 ` [PATCH 4.19 321/425] kconfig: nconf: stop endless search loops Greg Kroah-Hartman
` (111 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:21 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Yonghong Song, Alexei Starovoitov,
Andrii Nakryiko, Sasha Levin
From: Yonghong Song <yhs@fb.com>
[ Upstream commit 26e6dd1072763cd5696b75994c03982dde952ad9 ]
selftests/bpf/Makefile includes lib.mk. With the following command
make -j60 LLVM=1 LLVM_IAS=1 <=== compile kernel
make -j60 -C tools/testing/selftests/bpf LLVM=1 LLVM_IAS=1 V=1
some files are still compiled with gcc. This patch
fixed lib.mk issue which sets CC to gcc in all cases.
Signed-off-by: Yonghong Song <yhs@fb.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Acked-by: Andrii Nakryiko <andrii@kernel.org>
Link: https://lore.kernel.org/bpf/20210413153413.3027426-1-yhs@fb.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/testing/selftests/lib.mk | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/tools/testing/selftests/lib.mk b/tools/testing/selftests/lib.mk
index 0ef203ec59fd..a5d40653a921 100644
--- a/tools/testing/selftests/lib.mk
+++ b/tools/testing/selftests/lib.mk
@@ -1,6 +1,10 @@
# This mimics the top-level Makefile. We do it explicitly here so that this
# Makefile can operate with or without the kbuild infrastructure.
+ifneq ($(LLVM),)
+CC := clang
+else
CC := $(CROSS_COMPILE)gcc
+endif
ifeq (0,$(MAKELEVEL))
OUTPUT := $(shell pwd)
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 321/425] kconfig: nconf: stop endless search loops
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (319 preceding siblings ...)
2021-05-20 9:21 ` [PATCH 4.19 320/425] selftests: Set CC to clang in lib.mk if LLVM is set Greg Kroah-Hartman
@ 2021-05-20 9:21 ` Greg Kroah-Hartman
2021-05-20 9:21 ` [PATCH 4.19 322/425] sctp: Fix out-of-bounds warning in sctp_process_asconf_param() Greg Kroah-Hartman
` (110 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:21 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Mihai Moldovan, Masahiro Yamada, Sasha Levin
From: Mihai Moldovan <ionic@ionic.de>
[ Upstream commit 8c94b430b9f6213dec84e309bb480a71778c4213 ]
If the user selects the very first entry in a page and performs a
search-up operation, or selects the very last entry in a page and
performs a search-down operation that will not succeed (e.g., via
[/]asdfzzz[Up Arrow]), nconf will never terminate searching the page.
The reason is that in this case, the starting point will be set to -1
or n, which is then translated into (n - 1) (i.e., the last entry of
the page) or 0 (i.e., the first entry of the page) and finally the
search begins. This continues to work fine until the index reaches 0 or
(n - 1), at which point it will be decremented to -1 or incremented to
n, but not checked against the starting point right away. Instead, it's
wrapped around to the bottom or top again, after which the starting
point check occurs... and naturally fails.
My original implementation added another check for -1 before wrapping
the running index variable around, but Masahiro Yamada pointed out that
the actual issue is that the comparison point (starting point) exceeds
bounds (i.e., the [0,n-1] interval) in the first place and that,
instead, the starting point should be fixed.
This has the welcome side-effect of also fixing the case where the
starting point was n while searching down, which also lead to an
infinite loop.
OTOH, this code is now essentially all his work.
Amazingly, nobody seems to have been hit by this for 11 years - or at
the very least nobody bothered to debug and fix this.
Signed-off-by: Mihai Moldovan <ionic@ionic.de>
Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
scripts/kconfig/nconf.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/scripts/kconfig/nconf.c b/scripts/kconfig/nconf.c
index c8ff1c99dd5c..552cf7557c7a 100644
--- a/scripts/kconfig/nconf.c
+++ b/scripts/kconfig/nconf.c
@@ -504,8 +504,8 @@ static int get_mext_match(const char *match_str, match_f flag)
else if (flag == FIND_NEXT_MATCH_UP)
--match_start;
+ match_start = (match_start + items_num) % items_num;
index = match_start;
- index = (index + items_num) % items_num;
while (true) {
char *str = k_menu_items[index].str;
if (strcasestr(str, match_str) != NULL)
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 322/425] sctp: Fix out-of-bounds warning in sctp_process_asconf_param()
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (320 preceding siblings ...)
2021-05-20 9:21 ` [PATCH 4.19 321/425] kconfig: nconf: stop endless search loops Greg Kroah-Hartman
@ 2021-05-20 9:21 ` Greg Kroah-Hartman
2021-05-20 9:21 ` [PATCH 4.19 323/425] powerpc/smp: Set numa node before updating mask Greg Kroah-Hartman
` (109 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:21 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, kernel test robot,
Gustavo A. R. Silva, Kees Cook, Marcelo Ricardo Leitner,
David S. Miller, Sasha Levin
From: Gustavo A. R. Silva <gustavoars@kernel.org>
[ Upstream commit e5272ad4aab347dde5610c0aedb786219e3ff793 ]
Fix the following out-of-bounds warning:
net/sctp/sm_make_chunk.c:3150:4: warning: 'memcpy' offset [17, 28] from the object at 'addr' is out of the bounds of referenced subobject 'v4' with type 'struct sockaddr_in' at offset 0 [-Warray-bounds]
This helps with the ongoing efforts to globally enable -Warray-bounds
and get us closer to being able to tighten the FORTIFY_SOURCE routines
on memcpy().
Link: https://github.com/KSPP/linux/issues/109
Reported-by: kernel test robot <lkp@intel.com>
Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org>
Reviewed-by: Kees Cook <keescook@chromium.org>
Acked-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/sctp/sm_make_chunk.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/sctp/sm_make_chunk.c b/net/sctp/sm_make_chunk.c
index ce6053be60bc..dc51e14f568e 100644
--- a/net/sctp/sm_make_chunk.c
+++ b/net/sctp/sm_make_chunk.c
@@ -3148,7 +3148,7 @@ static __be16 sctp_process_asconf_param(struct sctp_association *asoc,
* primary.
*/
if (af->is_any(&addr))
- memcpy(&addr.v4, sctp_source(asconf), sizeof(addr));
+ memcpy(&addr, sctp_source(asconf), sizeof(addr));
if (security_sctp_bind_connect(asoc->ep->base.sk,
SCTP_PARAM_SET_PRIMARY,
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 323/425] powerpc/smp: Set numa node before updating mask
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (321 preceding siblings ...)
2021-05-20 9:21 ` [PATCH 4.19 322/425] sctp: Fix out-of-bounds warning in sctp_process_asconf_param() Greg Kroah-Hartman
@ 2021-05-20 9:21 ` Greg Kroah-Hartman
2021-05-20 9:21 ` [PATCH 4.19 324/425] ASoC: rt286: Generalize support for ALC3263 codec Greg Kroah-Hartman
` (108 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:21 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Geetika Moolchandani,
Srikar Dronamraju, Nathan Lynch, Michael Ellerman, Sasha Levin
From: Srikar Dronamraju <srikar@linux.vnet.ibm.com>
[ Upstream commit 6980d13f0dd189846887bbbfa43793d9a41768d3 ]
Geethika reported a trace when doing a dlpar CPU add.
------------[ cut here ]------------
WARNING: CPU: 152 PID: 1134 at kernel/sched/topology.c:2057
CPU: 152 PID: 1134 Comm: kworker/152:1 Not tainted 5.12.0-rc5-master #5
Workqueue: events cpuset_hotplug_workfn
NIP: c0000000001cfc14 LR: c0000000001cfc10 CTR: c0000000007e3420
REGS: c0000034a08eb260 TRAP: 0700 Not tainted (5.12.0-rc5-master+)
MSR: 8000000000029033 <SF,EE,ME,IR,DR,RI,LE> CR: 28828422 XER: 00000020
CFAR: c0000000001fd888 IRQMASK: 0 #012GPR00: c0000000001cfc10
c0000034a08eb500 c000000001f35400 0000000000000027 #012GPR04:
c0000035abaa8010 c0000035abb30a00 0000000000000027 c0000035abaa8018
#012GPR08: 0000000000000023 c0000035abaaef48 00000035aa540000
c0000035a49dffe8 #012GPR12: 0000000028828424 c0000035bf1a1c80
0000000000000497 0000000000000004 #012GPR16: c00000000347a258
0000000000000140 c00000000203d468 c000000001a1a490 #012GPR20:
c000000001f9c160 c0000034adf70920 c0000034aec9fd20 0000000100087bd3
#012GPR24: 0000000100087bd3 c0000035b3de09f8 0000000000000030
c0000035b3de09f8 #012GPR28: 0000000000000028 c00000000347a280
c0000034aefe0b00 c0000000010a2a68
NIP [c0000000001cfc14] build_sched_domains+0x6a4/0x1500
LR [c0000000001cfc10] build_sched_domains+0x6a0/0x1500
Call Trace:
[c0000034a08eb500] [c0000000001cfc10] build_sched_domains+0x6a0/0x1500 (unreliable)
[c0000034a08eb640] [c0000000001d1e6c] partition_sched_domains_locked+0x3ec/0x530
[c0000034a08eb6e0] [c0000000002936d4] rebuild_sched_domains_locked+0x524/0xbf0
[c0000034a08eb7e0] [c000000000296bb0] rebuild_sched_domains+0x40/0x70
[c0000034a08eb810] [c000000000296e74] cpuset_hotplug_workfn+0x294/0xe20
[c0000034a08ebc30] [c000000000178dd0] process_one_work+0x300/0x670
[c0000034a08ebd10] [c0000000001791b8] worker_thread+0x78/0x520
[c0000034a08ebda0] [c000000000185090] kthread+0x1a0/0x1b0
[c0000034a08ebe10] [c00000000000ccec] ret_from_kernel_thread+0x5c/0x70
Instruction dump:
7d2903a6 4e800421 e8410018 7f67db78 7fe6fb78 7f45d378 7f84e378 7c681b78
3c62ff1a 3863c6f8 4802dc35 60000000 <0fe00000> 3920fff4 f9210070 e86100a0
---[ end trace 532d9066d3d4d7ec ]---
Some of the per-CPU masks use cpu_cpu_mask as a filter to limit the search
for related CPUs. On a dlpar add of a CPU, update cpu_cpu_mask before
updating the per-CPU masks. This will ensure the cpu_cpu_mask is updated
correctly before its used in setting the masks. Setting the numa_node will
ensure that when cpu_cpu_mask() gets called, the correct node number is
used. This code movement helped fix the above call trace.
Reported-by: Geetika Moolchandani <Geetika.Moolchandani1@ibm.com>
Signed-off-by: Srikar Dronamraju <srikar@linux.vnet.ibm.com>
Reviewed-by: Nathan Lynch <nathanl@linux.ibm.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20210401154200.150077-1-srikar@linux.vnet.ibm.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/powerpc/kernel/smp.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/arch/powerpc/kernel/smp.c b/arch/powerpc/kernel/smp.c
index 6dc43205382b..a9ec4467705c 100644
--- a/arch/powerpc/kernel/smp.c
+++ b/arch/powerpc/kernel/smp.c
@@ -1032,6 +1032,9 @@ void start_secondary(void *unused)
vdso_getcpu_init();
#endif
+ set_numa_node(numa_cpu_lookup_table[cpu]);
+ set_numa_mem(local_memory_node(numa_cpu_lookup_table[cpu]));
+
/* Update topology CPU masks */
add_cpu_to_masks(cpu);
@@ -1042,9 +1045,6 @@ void start_secondary(void *unused)
if (!cpumask_equal(cpu_l2_cache_mask(cpu), cpu_sibling_mask(cpu)))
shared_caches = true;
- set_numa_node(numa_cpu_lookup_table[cpu]);
- set_numa_mem(local_memory_node(numa_cpu_lookup_table[cpu]));
-
smp_wmb();
notify_cpu_starting(cpu);
set_cpu_online(cpu, true);
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 324/425] ASoC: rt286: Generalize support for ALC3263 codec
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (322 preceding siblings ...)
2021-05-20 9:21 ` [PATCH 4.19 323/425] powerpc/smp: Set numa node before updating mask Greg Kroah-Hartman
@ 2021-05-20 9:21 ` Greg Kroah-Hartman
2021-05-20 9:21 ` [PATCH 4.19 325/425] ethtool: ioctl: Fix out-of-bounds warning in store_link_ksettings_for_user() Greg Kroah-Hartman
` (107 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:21 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, David Ward, Pierre-Louis Bossart,
Mark Brown, Sasha Levin
From: David Ward <david.ward@gatech.edu>
[ Upstream commit aa2f9c12821e6a4ba1df4fb34a3dbc6a2a1ee7fe ]
The ALC3263 codec on the XPS 13 9343 is also found on the Latitude 13 7350
and Venue 11 Pro 7140. They require the same handling for the combo jack to
work with a headset: GPIO pin 6 must be set.
The HDA driver always sets this pin on the ALC3263, which it distinguishes
by the codec vendor/device ID 0x10ec0288 and PCI subsystem vendor ID 0x1028
(Dell). The ASoC driver does not use PCI, so adapt this check to use DMI to
determine if Dell is the system vendor.
BugLink: https://bugzilla.kernel.org/show_bug.cgi?id=150601
BugLink: https://bugzilla.kernel.org/show_bug.cgi?id=205961
Signed-off-by: David Ward <david.ward@gatech.edu>
Reviewed-by: Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
Link: https://lore.kernel.org/r/20210418134658.4333-6-david.ward@gatech.edu
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/codecs/rt286.c | 20 ++++++++++----------
1 file changed, 10 insertions(+), 10 deletions(-)
diff --git a/sound/soc/codecs/rt286.c b/sound/soc/codecs/rt286.c
index 0b0f748bffbe..7e44ccae3bc8 100644
--- a/sound/soc/codecs/rt286.c
+++ b/sound/soc/codecs/rt286.c
@@ -1118,12 +1118,11 @@ static const struct dmi_system_id force_combo_jack_table[] = {
{ }
};
-static const struct dmi_system_id dmi_dell_dino[] = {
+static const struct dmi_system_id dmi_dell[] = {
{
- .ident = "Dell Dino",
+ .ident = "Dell",
.matches = {
DMI_MATCH(DMI_SYS_VENDOR, "Dell Inc."),
- DMI_MATCH(DMI_PRODUCT_NAME, "XPS 13 9343")
}
},
{ }
@@ -1134,7 +1133,7 @@ static int rt286_i2c_probe(struct i2c_client *i2c,
{
struct rt286_platform_data *pdata = dev_get_platdata(&i2c->dev);
struct rt286_priv *rt286;
- int i, ret, val;
+ int i, ret, vendor_id;
rt286 = devm_kzalloc(&i2c->dev, sizeof(*rt286),
GFP_KERNEL);
@@ -1150,14 +1149,15 @@ static int rt286_i2c_probe(struct i2c_client *i2c,
}
ret = regmap_read(rt286->regmap,
- RT286_GET_PARAM(AC_NODE_ROOT, AC_PAR_VENDOR_ID), &val);
+ RT286_GET_PARAM(AC_NODE_ROOT, AC_PAR_VENDOR_ID), &vendor_id);
if (ret != 0) {
dev_err(&i2c->dev, "I2C error %d\n", ret);
return ret;
}
- if (val != RT286_VENDOR_ID && val != RT288_VENDOR_ID) {
+ if (vendor_id != RT286_VENDOR_ID && vendor_id != RT288_VENDOR_ID) {
dev_err(&i2c->dev,
- "Device with ID register %#x is not rt286\n", val);
+ "Device with ID register %#x is not rt286\n",
+ vendor_id);
return -ENODEV;
}
@@ -1181,8 +1181,8 @@ static int rt286_i2c_probe(struct i2c_client *i2c,
if (pdata)
rt286->pdata = *pdata;
- if (dmi_check_system(force_combo_jack_table) ||
- dmi_check_system(dmi_dell_dino))
+ if ((vendor_id == RT288_VENDOR_ID && dmi_check_system(dmi_dell)) ||
+ dmi_check_system(force_combo_jack_table))
rt286->pdata.cbj_en = true;
regmap_write(rt286->regmap, RT286_SET_AUDIO_POWER, AC_PWRST_D3);
@@ -1221,7 +1221,7 @@ static int rt286_i2c_probe(struct i2c_client *i2c,
regmap_update_bits(rt286->regmap, RT286_DEPOP_CTRL3, 0xf777, 0x4737);
regmap_update_bits(rt286->regmap, RT286_DEPOP_CTRL4, 0x00ff, 0x003f);
- if (dmi_check_system(dmi_dell_dino)) {
+ if (vendor_id == RT288_VENDOR_ID && dmi_check_system(dmi_dell)) {
regmap_update_bits(rt286->regmap,
RT286_SET_GPIO_MASK, 0x40, 0x40);
regmap_update_bits(rt286->regmap,
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 325/425] ethtool: ioctl: Fix out-of-bounds warning in store_link_ksettings_for_user()
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (323 preceding siblings ...)
2021-05-20 9:21 ` [PATCH 4.19 324/425] ASoC: rt286: Generalize support for ALC3263 codec Greg Kroah-Hartman
@ 2021-05-20 9:21 ` Greg Kroah-Hartman
2021-05-20 9:21 ` [PATCH 4.19 326/425] samples/bpf: Fix broken tracex1 due to kprobe argument change Greg Kroah-Hartman
` (106 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:21 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, kernel test robot,
Gustavo A. R. Silva, David S. Miller, Sasha Levin
From: Gustavo A. R. Silva <gustavoars@kernel.org>
[ Upstream commit c1d9e34e11281a8ba1a1c54e4db554232a461488 ]
Fix the following out-of-bounds warning:
net/ethtool/ioctl.c:492:2: warning: 'memcpy' offset [49, 84] from the object at 'link_usettings' is out of the bounds of referenced subobject 'base' with type 'struct ethtool_link_settings' at offset 0 [-Warray-bounds]
The problem is that the original code is trying to copy data into a
some struct members adjacent to each other in a single call to
memcpy(). This causes a legitimate compiler warning because memcpy()
overruns the length of &link_usettings.base. Fix this by directly
using &link_usettings and _from_ as destination and source addresses,
instead.
This helps with the ongoing efforts to globally enable -Warray-bounds
and get us closer to being able to tighten the FORTIFY_SOURCE routines
on memcpy().
Link: https://github.com/KSPP/linux/issues/109
Reported-by: kernel test robot <lkp@intel.com>
Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/core/ethtool.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/core/ethtool.c b/net/core/ethtool.c
index 1011625a0ca4..83028017c26d 100644
--- a/net/core/ethtool.c
+++ b/net/core/ethtool.c
@@ -618,7 +618,7 @@ store_link_ksettings_for_user(void __user *to,
{
struct ethtool_link_usettings link_usettings;
- memcpy(&link_usettings.base, &from->base, sizeof(link_usettings));
+ memcpy(&link_usettings, from, sizeof(link_usettings));
bitmap_to_arr32(link_usettings.link_modes.supported,
from->link_modes.supported,
__ETHTOOL_LINK_MODE_MASK_NBITS);
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 326/425] samples/bpf: Fix broken tracex1 due to kprobe argument change
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (324 preceding siblings ...)
2021-05-20 9:21 ` [PATCH 4.19 325/425] ethtool: ioctl: Fix out-of-bounds warning in store_link_ksettings_for_user() Greg Kroah-Hartman
@ 2021-05-20 9:21 ` Greg Kroah-Hartman
2021-05-20 9:21 ` [PATCH 4.19 327/425] powerpc/pseries: Stop calling printk in rtas_stop_self() Greg Kroah-Hartman
` (105 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:21 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Yaqi Chen, Alexei Starovoitov,
Yonghong Song, Sasha Levin
From: Yaqi Chen <chendotjs@gmail.com>
[ Upstream commit 137733d08f4ab14a354dacaa9a8fc35217747605 ]
>From commit c0bbbdc32feb ("__netif_receive_skb_core: pass skb by
reference"), the first argument passed into __netif_receive_skb_core
has changed to reference of a skb pointer.
This commit fixes by using bpf_probe_read_kernel.
Signed-off-by: Yaqi Chen <chendotjs@gmail.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Acked-by: Yonghong Song <yhs@fb.com>
Link: https://lore.kernel.org/bpf/20210416154803.37157-1-chendotjs@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
samples/bpf/tracex1_kern.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/samples/bpf/tracex1_kern.c b/samples/bpf/tracex1_kern.c
index 107da148820f..9c74b45c5720 100644
--- a/samples/bpf/tracex1_kern.c
+++ b/samples/bpf/tracex1_kern.c
@@ -20,7 +20,7 @@
SEC("kprobe/__netif_receive_skb_core")
int bpf_prog1(struct pt_regs *ctx)
{
- /* attaches to kprobe netif_receive_skb,
+ /* attaches to kprobe __netif_receive_skb_core,
* looks for packets on loobpack device and prints them
*/
char devname[IFNAMSIZ];
@@ -29,7 +29,7 @@ int bpf_prog1(struct pt_regs *ctx)
int len;
/* non-portable! works for the given kernel only */
- skb = (struct sk_buff *) PT_REGS_PARM1(ctx);
+ bpf_probe_read_kernel(&skb, sizeof(skb), (void *)PT_REGS_PARM1(ctx));
dev = _(skb->dev);
len = _(skb->len);
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 327/425] powerpc/pseries: Stop calling printk in rtas_stop_self()
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (325 preceding siblings ...)
2021-05-20 9:21 ` [PATCH 4.19 326/425] samples/bpf: Fix broken tracex1 due to kprobe argument change Greg Kroah-Hartman
@ 2021-05-20 9:21 ` Greg Kroah-Hartman
2021-05-20 9:21 ` [PATCH 4.19 328/425] wl3501_cs: Fix out-of-bounds warnings in wl3501_send_pkt Greg Kroah-Hartman
` (104 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:21 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Michael Ellerman, Sasha Levin
From: Michael Ellerman <mpe@ellerman.id.au>
[ Upstream commit ed8029d7b472369a010a1901358567ca3b6dbb0d ]
RCU complains about us calling printk() from an offline CPU:
=============================
WARNING: suspicious RCU usage
5.12.0-rc7-02874-g7cf90e481cb8 #1 Not tainted
-----------------------------
kernel/locking/lockdep.c:3568 RCU-list traversed in non-reader section!!
other info that might help us debug this:
RCU used illegally from offline CPU!
rcu_scheduler_active = 2, debug_locks = 1
no locks held by swapper/0/0.
stack backtrace:
CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.12.0-rc7-02874-g7cf90e481cb8 #1
Call Trace:
dump_stack+0xec/0x144 (unreliable)
lockdep_rcu_suspicious+0x124/0x144
__lock_acquire+0x1098/0x28b0
lock_acquire+0x128/0x600
_raw_spin_lock_irqsave+0x6c/0xc0
down_trylock+0x2c/0x70
__down_trylock_console_sem+0x60/0x140
vprintk_emit+0x1a8/0x4b0
vprintk_func+0xcc/0x200
printk+0x40/0x54
pseries_cpu_offline_self+0xc0/0x120
arch_cpu_idle_dead+0x54/0x70
do_idle+0x174/0x4a0
cpu_startup_entry+0x38/0x40
rest_init+0x268/0x388
start_kernel+0x748/0x790
start_here_common+0x1c/0x614
Which happens because by the time we get to rtas_stop_self() we are
already offline. In addition the message can be spammy, and is not that
helpful for users, so remove it.
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20210418135413.1204031-1-mpe@ellerman.id.au
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/powerpc/platforms/pseries/hotplug-cpu.c | 3 ---
1 file changed, 3 deletions(-)
diff --git a/arch/powerpc/platforms/pseries/hotplug-cpu.c b/arch/powerpc/platforms/pseries/hotplug-cpu.c
index 1d3f9313c02f..8bfb97d07d10 100644
--- a/arch/powerpc/platforms/pseries/hotplug-cpu.c
+++ b/arch/powerpc/platforms/pseries/hotplug-cpu.c
@@ -95,9 +95,6 @@ static void rtas_stop_self(void)
BUG_ON(rtas_stop_self_token == RTAS_UNKNOWN_SERVICE);
- printk("cpu %u (hwid %u) Ready to die...\n",
- smp_processor_id(), hard_smp_processor_id());
-
rtas_call_unlocked(&args, rtas_stop_self_token, 0, 1, NULL);
panic("Alas, I survived.\n");
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 328/425] wl3501_cs: Fix out-of-bounds warnings in wl3501_send_pkt
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (326 preceding siblings ...)
2021-05-20 9:21 ` [PATCH 4.19 327/425] powerpc/pseries: Stop calling printk in rtas_stop_self() Greg Kroah-Hartman
@ 2021-05-20 9:21 ` Greg Kroah-Hartman
2021-05-20 9:21 ` [PATCH 4.19 329/425] wl3501_cs: Fix out-of-bounds warnings in wl3501_mgmt_join Greg Kroah-Hartman
` (103 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:21 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, kernel test robot, Kees Cook,
Gustavo A. R. Silva, Kalle Valo, Sasha Levin
From: Gustavo A. R. Silva <gustavoars@kernel.org>
[ Upstream commit 820aa37638a252b57967bdf4038a514b1ab85d45 ]
Fix the following out-of-bounds warnings by enclosing structure members
daddr and saddr into new struct addr, in structures wl3501_md_req and
wl3501_md_ind:
arch/x86/include/asm/string_32.h:182:25: warning: '__builtin_memcpy' offset [18, 23] from the object at 'sig' is out of the bounds of referenced subobject 'daddr' with type 'u8[6]' {aka 'unsigned char[6]'} at offset 11 [-Warray-bounds]
arch/x86/include/asm/string_32.h:182:25: warning: '__builtin_memcpy' offset [18, 23] from the object at 'sig' is out of the bounds of referenced subobject 'daddr' with type 'u8[6]' {aka 'unsigned char[6]'} at offset 11 [-Warray-bounds]
Refactor the code, accordingly:
$ pahole -C wl3501_md_req drivers/net/wireless/wl3501_cs.o
struct wl3501_md_req {
u16 next_blk; /* 0 2 */
u8 sig_id; /* 2 1 */
u8 routing; /* 3 1 */
u16 data; /* 4 2 */
u16 size; /* 6 2 */
u8 pri; /* 8 1 */
u8 service_class; /* 9 1 */
struct {
u8 daddr[6]; /* 10 6 */
u8 saddr[6]; /* 16 6 */
} addr; /* 10 12 */
/* size: 22, cachelines: 1, members: 8 */
/* last cacheline: 22 bytes */
};
$ pahole -C wl3501_md_ind drivers/net/wireless/wl3501_cs.o
struct wl3501_md_ind {
u16 next_blk; /* 0 2 */
u8 sig_id; /* 2 1 */
u8 routing; /* 3 1 */
u16 data; /* 4 2 */
u16 size; /* 6 2 */
u8 reception; /* 8 1 */
u8 pri; /* 9 1 */
u8 service_class; /* 10 1 */
struct {
u8 daddr[6]; /* 11 6 */
u8 saddr[6]; /* 17 6 */
} addr; /* 11 12 */
/* size: 24, cachelines: 1, members: 9 */
/* padding: 1 */
/* last cacheline: 24 bytes */
};
The problem is that the original code is trying to copy data into a
couple of arrays adjacent to each other in a single call to memcpy().
Now that a new struct _addr_ enclosing those two adjacent arrays
is introduced, memcpy() doesn't overrun the length of &sig.daddr[0]
and &sig.daddr, because the address of the new struct object _addr_
is used, instead.
This helps with the ongoing efforts to globally enable -Warray-bounds
and get us closer to being able to tighten the FORTIFY_SOURCE routines
on memcpy().
Link: https://github.com/KSPP/linux/issues/109
Reported-by: kernel test robot <lkp@intel.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/d260fe56aed7112bff2be5b4d152d03ad7b78e78.1618442265.git.gustavoars@kernel.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/wl3501.h | 12 ++++++++----
drivers/net/wireless/wl3501_cs.c | 10 ++++++----
2 files changed, 14 insertions(+), 8 deletions(-)
diff --git a/drivers/net/wireless/wl3501.h b/drivers/net/wireless/wl3501.h
index efdce9ae36ea..077a934ae3b5 100644
--- a/drivers/net/wireless/wl3501.h
+++ b/drivers/net/wireless/wl3501.h
@@ -471,8 +471,10 @@ struct wl3501_md_req {
u16 size;
u8 pri;
u8 service_class;
- u8 daddr[ETH_ALEN];
- u8 saddr[ETH_ALEN];
+ struct {
+ u8 daddr[ETH_ALEN];
+ u8 saddr[ETH_ALEN];
+ } addr;
};
struct wl3501_md_ind {
@@ -484,8 +486,10 @@ struct wl3501_md_ind {
u8 reception;
u8 pri;
u8 service_class;
- u8 daddr[ETH_ALEN];
- u8 saddr[ETH_ALEN];
+ struct {
+ u8 daddr[ETH_ALEN];
+ u8 saddr[ETH_ALEN];
+ } addr;
};
struct wl3501_md_confirm {
diff --git a/drivers/net/wireless/wl3501_cs.c b/drivers/net/wireless/wl3501_cs.c
index da62220b9c01..0019b01145ba 100644
--- a/drivers/net/wireless/wl3501_cs.c
+++ b/drivers/net/wireless/wl3501_cs.c
@@ -468,6 +468,7 @@ static int wl3501_send_pkt(struct wl3501_card *this, u8 *data, u16 len)
struct wl3501_md_req sig = {
.sig_id = WL3501_SIG_MD_REQ,
};
+ size_t sig_addr_len = sizeof(sig.addr);
u8 *pdata = (char *)data;
int rc = -EIO;
@@ -483,9 +484,9 @@ static int wl3501_send_pkt(struct wl3501_card *this, u8 *data, u16 len)
goto out;
}
rc = 0;
- memcpy(&sig.daddr[0], pdata, 12);
- pktlen = len - 12;
- pdata += 12;
+ memcpy(&sig.addr, pdata, sig_addr_len);
+ pktlen = len - sig_addr_len;
+ pdata += sig_addr_len;
sig.data = bf;
if (((*pdata) * 256 + (*(pdata + 1))) > 1500) {
u8 addr4[ETH_ALEN] = {
@@ -979,7 +980,8 @@ static inline void wl3501_md_ind_interrupt(struct net_device *dev,
} else {
skb->dev = dev;
skb_reserve(skb, 2); /* IP headers on 16 bytes boundaries */
- skb_copy_to_linear_data(skb, (unsigned char *)&sig.daddr, 12);
+ skb_copy_to_linear_data(skb, (unsigned char *)&sig.addr,
+ sizeof(sig.addr));
wl3501_receive(this, skb->data, pkt_len);
skb_put(skb, pkt_len);
skb->protocol = eth_type_trans(skb, dev);
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 329/425] wl3501_cs: Fix out-of-bounds warnings in wl3501_mgmt_join
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (327 preceding siblings ...)
2021-05-20 9:21 ` [PATCH 4.19 328/425] wl3501_cs: Fix out-of-bounds warnings in wl3501_send_pkt Greg Kroah-Hartman
@ 2021-05-20 9:21 ` Greg Kroah-Hartman
2021-05-20 9:21 ` [PATCH 4.19 330/425] powerpc/iommu: Annotate nested lock for lockdep Greg Kroah-Hartman
` (102 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:21 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, kernel test robot,
Gustavo A. R. Silva, Kees Cook, Kalle Valo, Sasha Levin
From: Gustavo A. R. Silva <gustavoars@kernel.org>
[ Upstream commit bb43e5718d8f1b46e7a77e7b39be3c691f293050 ]
Fix the following out-of-bounds warnings by adding a new structure
wl3501_req instead of duplicating the same members in structure
wl3501_join_req and wl3501_scan_confirm:
arch/x86/include/asm/string_32.h:182:25: warning: '__builtin_memcpy' offset [39, 108] from the object at 'sig' is out of the bounds of referenced subobject 'beacon_period' with type 'short unsigned int' at offset 36 [-Warray-bounds]
arch/x86/include/asm/string_32.h:182:25: warning: '__builtin_memcpy' offset [25, 95] from the object at 'sig' is out of the bounds of referenced subobject 'beacon_period' with type 'short unsigned int' at offset 22 [-Warray-bounds]
Refactor the code, accordingly:
$ pahole -C wl3501_req drivers/net/wireless/wl3501_cs.o
struct wl3501_req {
u16 beacon_period; /* 0 2 */
u16 dtim_period; /* 2 2 */
u16 cap_info; /* 4 2 */
u8 bss_type; /* 6 1 */
u8 bssid[6]; /* 7 6 */
struct iw_mgmt_essid_pset ssid; /* 13 34 */
struct iw_mgmt_ds_pset ds_pset; /* 47 3 */
struct iw_mgmt_cf_pset cf_pset; /* 50 8 */
struct iw_mgmt_ibss_pset ibss_pset; /* 58 4 */
struct iw_mgmt_data_rset bss_basic_rset; /* 62 10 */
/* size: 72, cachelines: 2, members: 10 */
/* last cacheline: 8 bytes */
};
$ pahole -C wl3501_join_req drivers/net/wireless/wl3501_cs.o
struct wl3501_join_req {
u16 next_blk; /* 0 2 */
u8 sig_id; /* 2 1 */
u8 reserved; /* 3 1 */
struct iw_mgmt_data_rset operational_rset; /* 4 10 */
u16 reserved2; /* 14 2 */
u16 timeout; /* 16 2 */
u16 probe_delay; /* 18 2 */
u8 timestamp[8]; /* 20 8 */
u8 local_time[8]; /* 28 8 */
struct wl3501_req req; /* 36 72 */
/* size: 108, cachelines: 2, members: 10 */
/* last cacheline: 44 bytes */
};
$ pahole -C wl3501_scan_confirm drivers/net/wireless/wl3501_cs.o
struct wl3501_scan_confirm {
u16 next_blk; /* 0 2 */
u8 sig_id; /* 2 1 */
u8 reserved; /* 3 1 */
u16 status; /* 4 2 */
char timestamp[8]; /* 6 8 */
char localtime[8]; /* 14 8 */
struct wl3501_req req; /* 22 72 */
/* --- cacheline 1 boundary (64 bytes) was 30 bytes ago --- */
u8 rssi; /* 94 1 */
/* size: 96, cachelines: 2, members: 8 */
/* padding: 1 */
/* last cacheline: 32 bytes */
};
The problem is that the original code is trying to copy data into a
bunch of struct members adjacent to each other in a single call to
memcpy(). Now that a new struct wl3501_req enclosing all those adjacent
members is introduced, memcpy() doesn't overrun the length of
&sig.beacon_period and &this->bss_set[i].beacon_period, because the
address of the new struct object _req_ is used as the destination,
instead.
This helps with the ongoing efforts to globally enable -Warray-bounds
and get us closer to being able to tighten the FORTIFY_SOURCE routines
on memcpy().
Link: https://github.com/KSPP/linux/issues/109
Reported-by: kernel test robot <lkp@intel.com>
Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org>
Reviewed-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/1fbaf516da763b50edac47d792a9145aa4482e29.1618442265.git.gustavoars@kernel.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/wl3501.h | 35 +++++++++++--------------
drivers/net/wireless/wl3501_cs.c | 44 +++++++++++++++++---------------
2 files changed, 38 insertions(+), 41 deletions(-)
diff --git a/drivers/net/wireless/wl3501.h b/drivers/net/wireless/wl3501.h
index 077a934ae3b5..a10ee5a68012 100644
--- a/drivers/net/wireless/wl3501.h
+++ b/drivers/net/wireless/wl3501.h
@@ -379,16 +379,7 @@ struct wl3501_get_confirm {
u8 mib_value[100];
};
-struct wl3501_join_req {
- u16 next_blk;
- u8 sig_id;
- u8 reserved;
- struct iw_mgmt_data_rset operational_rset;
- u16 reserved2;
- u16 timeout;
- u16 probe_delay;
- u8 timestamp[8];
- u8 local_time[8];
+struct wl3501_req {
u16 beacon_period;
u16 dtim_period;
u16 cap_info;
@@ -401,6 +392,19 @@ struct wl3501_join_req {
struct iw_mgmt_data_rset bss_basic_rset;
};
+struct wl3501_join_req {
+ u16 next_blk;
+ u8 sig_id;
+ u8 reserved;
+ struct iw_mgmt_data_rset operational_rset;
+ u16 reserved2;
+ u16 timeout;
+ u16 probe_delay;
+ u8 timestamp[8];
+ u8 local_time[8];
+ struct wl3501_req req;
+};
+
struct wl3501_join_confirm {
u16 next_blk;
u8 sig_id;
@@ -443,16 +447,7 @@ struct wl3501_scan_confirm {
u16 status;
char timestamp[8];
char localtime[8];
- u16 beacon_period;
- u16 dtim_period;
- u16 cap_info;
- u8 bss_type;
- u8 bssid[ETH_ALEN];
- struct iw_mgmt_essid_pset ssid;
- struct iw_mgmt_ds_pset ds_pset;
- struct iw_mgmt_cf_pset cf_pset;
- struct iw_mgmt_ibss_pset ibss_pset;
- struct iw_mgmt_data_rset bss_basic_rset;
+ struct wl3501_req req;
u8 rssi;
};
diff --git a/drivers/net/wireless/wl3501_cs.c b/drivers/net/wireless/wl3501_cs.c
index 0019b01145ba..f33ece937047 100644
--- a/drivers/net/wireless/wl3501_cs.c
+++ b/drivers/net/wireless/wl3501_cs.c
@@ -589,7 +589,7 @@ static int wl3501_mgmt_join(struct wl3501_card *this, u16 stas)
struct wl3501_join_req sig = {
.sig_id = WL3501_SIG_JOIN_REQ,
.timeout = 10,
- .ds_pset = {
+ .req.ds_pset = {
.el = {
.id = IW_MGMT_INFO_ELEMENT_DS_PARAMETER_SET,
.len = 1,
@@ -598,7 +598,7 @@ static int wl3501_mgmt_join(struct wl3501_card *this, u16 stas)
},
};
- memcpy(&sig.beacon_period, &this->bss_set[stas].beacon_period, 72);
+ memcpy(&sig.req, &this->bss_set[stas].req, sizeof(sig.req));
return wl3501_esbq_exec(this, &sig, sizeof(sig));
}
@@ -666,35 +666,37 @@ static void wl3501_mgmt_scan_confirm(struct wl3501_card *this, u16 addr)
if (sig.status == WL3501_STATUS_SUCCESS) {
pr_debug("success");
if ((this->net_type == IW_MODE_INFRA &&
- (sig.cap_info & WL3501_MGMT_CAPABILITY_ESS)) ||
+ (sig.req.cap_info & WL3501_MGMT_CAPABILITY_ESS)) ||
(this->net_type == IW_MODE_ADHOC &&
- (sig.cap_info & WL3501_MGMT_CAPABILITY_IBSS)) ||
+ (sig.req.cap_info & WL3501_MGMT_CAPABILITY_IBSS)) ||
this->net_type == IW_MODE_AUTO) {
if (!this->essid.el.len)
matchflag = 1;
else if (this->essid.el.len == 3 &&
!memcmp(this->essid.essid, "ANY", 3))
matchflag = 1;
- else if (this->essid.el.len != sig.ssid.el.len)
+ else if (this->essid.el.len != sig.req.ssid.el.len)
matchflag = 0;
- else if (memcmp(this->essid.essid, sig.ssid.essid,
+ else if (memcmp(this->essid.essid, sig.req.ssid.essid,
this->essid.el.len))
matchflag = 0;
else
matchflag = 1;
if (matchflag) {
for (i = 0; i < this->bss_cnt; i++) {
- if (ether_addr_equal_unaligned(this->bss_set[i].bssid, sig.bssid)) {
+ if (ether_addr_equal_unaligned(this->bss_set[i].req.bssid,
+ sig.req.bssid)) {
matchflag = 0;
break;
}
}
}
if (matchflag && (i < 20)) {
- memcpy(&this->bss_set[i].beacon_period,
- &sig.beacon_period, 73);
+ memcpy(&this->bss_set[i].req,
+ &sig.req, sizeof(sig.req));
this->bss_cnt++;
this->rssi = sig.rssi;
+ this->bss_set[i].rssi = sig.rssi;
}
}
} else if (sig.status == WL3501_STATUS_TIMEOUT) {
@@ -886,19 +888,19 @@ static void wl3501_mgmt_join_confirm(struct net_device *dev, u16 addr)
if (this->join_sta_bss < this->bss_cnt) {
const int i = this->join_sta_bss;
memcpy(this->bssid,
- this->bss_set[i].bssid, ETH_ALEN);
- this->chan = this->bss_set[i].ds_pset.chan;
+ this->bss_set[i].req.bssid, ETH_ALEN);
+ this->chan = this->bss_set[i].req.ds_pset.chan;
iw_copy_mgmt_info_element(&this->keep_essid.el,
- &this->bss_set[i].ssid.el);
+ &this->bss_set[i].req.ssid.el);
wl3501_mgmt_auth(this);
}
} else {
const int i = this->join_sta_bss;
- memcpy(&this->bssid, &this->bss_set[i].bssid, ETH_ALEN);
- this->chan = this->bss_set[i].ds_pset.chan;
+ memcpy(&this->bssid, &this->bss_set[i].req.bssid, ETH_ALEN);
+ this->chan = this->bss_set[i].req.ds_pset.chan;
iw_copy_mgmt_info_element(&this->keep_essid.el,
- &this->bss_set[i].ssid.el);
+ &this->bss_set[i].req.ssid.el);
wl3501_online(dev);
}
} else {
@@ -1576,30 +1578,30 @@ static int wl3501_get_scan(struct net_device *dev, struct iw_request_info *info,
for (i = 0; i < this->bss_cnt; ++i) {
iwe.cmd = SIOCGIWAP;
iwe.u.ap_addr.sa_family = ARPHRD_ETHER;
- memcpy(iwe.u.ap_addr.sa_data, this->bss_set[i].bssid, ETH_ALEN);
+ memcpy(iwe.u.ap_addr.sa_data, this->bss_set[i].req.bssid, ETH_ALEN);
current_ev = iwe_stream_add_event(info, current_ev,
extra + IW_SCAN_MAX_DATA,
&iwe, IW_EV_ADDR_LEN);
iwe.cmd = SIOCGIWESSID;
iwe.u.data.flags = 1;
- iwe.u.data.length = this->bss_set[i].ssid.el.len;
+ iwe.u.data.length = this->bss_set[i].req.ssid.el.len;
current_ev = iwe_stream_add_point(info, current_ev,
extra + IW_SCAN_MAX_DATA,
&iwe,
- this->bss_set[i].ssid.essid);
+ this->bss_set[i].req.ssid.essid);
iwe.cmd = SIOCGIWMODE;
- iwe.u.mode = this->bss_set[i].bss_type;
+ iwe.u.mode = this->bss_set[i].req.bss_type;
current_ev = iwe_stream_add_event(info, current_ev,
extra + IW_SCAN_MAX_DATA,
&iwe, IW_EV_UINT_LEN);
iwe.cmd = SIOCGIWFREQ;
- iwe.u.freq.m = this->bss_set[i].ds_pset.chan;
+ iwe.u.freq.m = this->bss_set[i].req.ds_pset.chan;
iwe.u.freq.e = 0;
current_ev = iwe_stream_add_event(info, current_ev,
extra + IW_SCAN_MAX_DATA,
&iwe, IW_EV_FREQ_LEN);
iwe.cmd = SIOCGIWENCODE;
- if (this->bss_set[i].cap_info & WL3501_MGMT_CAPABILITY_PRIVACY)
+ if (this->bss_set[i].req.cap_info & WL3501_MGMT_CAPABILITY_PRIVACY)
iwe.u.data.flags = IW_ENCODE_ENABLED | IW_ENCODE_NOKEY;
else
iwe.u.data.flags = IW_ENCODE_DISABLED;
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 330/425] powerpc/iommu: Annotate nested lock for lockdep
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (328 preceding siblings ...)
2021-05-20 9:21 ` [PATCH 4.19 329/425] wl3501_cs: Fix out-of-bounds warnings in wl3501_mgmt_join Greg Kroah-Hartman
@ 2021-05-20 9:21 ` Greg Kroah-Hartman
2021-05-20 9:21 ` [PATCH 4.19 331/425] net: ethernet: mtk_eth_soc: fix RX VLAN offload Greg Kroah-Hartman
` (101 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:21 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Alexey Kardashevskiy,
Michael Ellerman, Sasha Levin
From: Alexey Kardashevskiy <aik@ozlabs.ru>
[ Upstream commit cc7130bf119add37f36238343a593b71ef6ecc1e ]
The IOMMU table is divided into pools for concurrent mappings and each
pool has a separate spinlock. When taking the ownership of an IOMMU group
to pass through a device to a VM, we lock these spinlocks which triggers
a false negative warning in lockdep (below).
This fixes it by annotating the large pool's spinlock as a nest lock
which makes lockdep not complaining when locking nested locks if
the nest lock is locked already.
===
WARNING: possible recursive locking detected
5.11.0-le_syzkaller_a+fstn1 #100 Not tainted
--------------------------------------------
qemu-system-ppc/4129 is trying to acquire lock:
c0000000119bddb0 (&(p->lock)/1){....}-{2:2}, at: iommu_take_ownership+0xac/0x1e0
but task is already holding lock:
c0000000119bdd30 (&(p->lock)/1){....}-{2:2}, at: iommu_take_ownership+0xac/0x1e0
other info that might help us debug this:
Possible unsafe locking scenario:
CPU0
----
lock(&(p->lock)/1);
lock(&(p->lock)/1);
===
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20210301063653.51003-1-aik@ozlabs.ru
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/powerpc/kernel/iommu.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/arch/powerpc/kernel/iommu.c b/arch/powerpc/kernel/iommu.c
index f0dc680e659a..c3d2d5cd7c10 100644
--- a/arch/powerpc/kernel/iommu.c
+++ b/arch/powerpc/kernel/iommu.c
@@ -1030,7 +1030,7 @@ int iommu_take_ownership(struct iommu_table *tbl)
spin_lock_irqsave(&tbl->large_pool.lock, flags);
for (i = 0; i < tbl->nr_pools; i++)
- spin_lock(&tbl->pools[i].lock);
+ spin_lock_nest_lock(&tbl->pools[i].lock, &tbl->large_pool.lock);
if (tbl->it_offset == 0)
clear_bit(0, tbl->it_map);
@@ -1059,7 +1059,7 @@ void iommu_release_ownership(struct iommu_table *tbl)
spin_lock_irqsave(&tbl->large_pool.lock, flags);
for (i = 0; i < tbl->nr_pools; i++)
- spin_lock(&tbl->pools[i].lock);
+ spin_lock_nest_lock(&tbl->pools[i].lock, &tbl->large_pool.lock);
memset(tbl->it_map, 0, sz);
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 331/425] net: ethernet: mtk_eth_soc: fix RX VLAN offload
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (329 preceding siblings ...)
2021-05-20 9:21 ` [PATCH 4.19 330/425] powerpc/iommu: Annotate nested lock for lockdep Greg Kroah-Hartman
@ 2021-05-20 9:21 ` Greg Kroah-Hartman
2021-05-20 9:21 ` [PATCH 4.19 332/425] ia64: module: fix symbolizer crash on fdescr Greg Kroah-Hartman
` (100 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:21 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Felix Fietkau, Ilya Lipnitskiy,
David S. Miller, Sasha Levin
From: Felix Fietkau <nbd@nbd.name>
[ Upstream commit 3f57d8c40fea9b20543cab4da12f4680d2ef182c ]
The VLAN ID in the rx descriptor is only valid if the RX_DMA_VTAG bit is
set. Fixes frames wrongly marked with VLAN tags.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
[Ilya: fix commit message]
Signed-off-by: Ilya Lipnitskiy <ilya.lipnitskiy@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/mediatek/mtk_eth_soc.c | 2 +-
drivers/net/ethernet/mediatek/mtk_eth_soc.h | 1 +
2 files changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/mediatek/mtk_eth_soc.c b/drivers/net/ethernet/mediatek/mtk_eth_soc.c
index b72a4fad7bc8..59f3dce3ab1d 100644
--- a/drivers/net/ethernet/mediatek/mtk_eth_soc.c
+++ b/drivers/net/ethernet/mediatek/mtk_eth_soc.c
@@ -1041,7 +1041,7 @@ static int mtk_poll_rx(struct napi_struct *napi, int budget,
skb->protocol = eth_type_trans(skb, netdev);
if (netdev->features & NETIF_F_HW_VLAN_CTAG_RX &&
- RX_DMA_VID(trxd.rxd3))
+ (trxd.rxd2 & RX_DMA_VTAG))
__vlan_hwaccel_put_tag(skb, htons(ETH_P_8021Q),
RX_DMA_VID(trxd.rxd3));
skb_record_rx_queue(skb, 0);
diff --git a/drivers/net/ethernet/mediatek/mtk_eth_soc.h b/drivers/net/ethernet/mediatek/mtk_eth_soc.h
index 46819297fc3e..cb6b27861afa 100644
--- a/drivers/net/ethernet/mediatek/mtk_eth_soc.h
+++ b/drivers/net/ethernet/mediatek/mtk_eth_soc.h
@@ -285,6 +285,7 @@
#define RX_DMA_DONE BIT(31)
#define RX_DMA_PLEN0(_x) (((_x) & 0x3fff) << 16)
#define RX_DMA_GET_PLEN0(_x) (((_x) >> 16) & 0x3fff)
+#define RX_DMA_VTAG BIT(15)
/* QDMA descriptor rxd3 */
#define RX_DMA_VID(_x) ((_x) & 0xfff)
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 332/425] ia64: module: fix symbolizer crash on fdescr
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (330 preceding siblings ...)
2021-05-20 9:21 ` [PATCH 4.19 331/425] net: ethernet: mtk_eth_soc: fix RX VLAN offload Greg Kroah-Hartman
@ 2021-05-20 9:21 ` Greg Kroah-Hartman
2021-05-20 9:21 ` [PATCH 4.19 333/425] ASoC: rt286: Make RT286_SET_GPIO_* readable and writable Greg Kroah-Hartman
` (99 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:21 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Sergei Trofimovich, Andrew Morton,
Linus Torvalds, Sasha Levin
From: Sergei Trofimovich <slyfox@gentoo.org>
[ Upstream commit 99e729bd40fb3272fa4b0140839d5e957b58588a ]
Noticed failure as a crash on ia64 when tried to symbolize all backtraces
collected by page_owner=on:
$ cat /sys/kernel/debug/page_owner
<oops>
CPU: 1 PID: 2074 Comm: cat Not tainted 5.12.0-rc4 #226
Hardware name: hp server rx3600, BIOS 04.03 04/08/2008
ip is at dereference_module_function_descriptor+0x41/0x100
Crash happens at dereference_module_function_descriptor() due to
use-after-free when dereferencing ".opd" section header.
All section headers are already freed after module is laoded successfully.
To keep symbolizer working the change stores ".opd" address and size after
module is relocated to a new place and before section headers are
discarded.
To make similar errors less obscure module_finalize() now zeroes out all
variables relevant to module loading only.
Link: https://lkml.kernel.org/r/20210403074803.3309096-1-slyfox@gentoo.org
Signed-off-by: Sergei Trofimovich <slyfox@gentoo.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/ia64/include/asm/module.h | 6 +++++-
arch/ia64/kernel/module.c | 29 +++++++++++++++++++++++++----
2 files changed, 30 insertions(+), 5 deletions(-)
diff --git a/arch/ia64/include/asm/module.h b/arch/ia64/include/asm/module.h
index f319144260ce..9fbf32e6e881 100644
--- a/arch/ia64/include/asm/module.h
+++ b/arch/ia64/include/asm/module.h
@@ -14,16 +14,20 @@
struct elf64_shdr; /* forward declration */
struct mod_arch_specific {
+ /* Used only at module load time. */
struct elf64_shdr *core_plt; /* core PLT section */
struct elf64_shdr *init_plt; /* init PLT section */
struct elf64_shdr *got; /* global offset table */
struct elf64_shdr *opd; /* official procedure descriptors */
struct elf64_shdr *unwind; /* unwind-table section */
unsigned long gp; /* global-pointer for module */
+ unsigned int next_got_entry; /* index of next available got entry */
+ /* Used at module run and cleanup time. */
void *core_unw_table; /* core unwind-table cookie returned by unwinder */
void *init_unw_table; /* init unwind-table cookie returned by unwinder */
- unsigned int next_got_entry; /* index of next available got entry */
+ void *opd_addr; /* symbolize uses .opd to get to actual function */
+ unsigned long opd_size;
};
#define MODULE_PROC_FAMILY "ia64"
diff --git a/arch/ia64/kernel/module.c b/arch/ia64/kernel/module.c
index 1a42ba885188..ee693c8cec49 100644
--- a/arch/ia64/kernel/module.c
+++ b/arch/ia64/kernel/module.c
@@ -905,9 +905,31 @@ register_unwind_table (struct module *mod)
int
module_finalize (const Elf_Ehdr *hdr, const Elf_Shdr *sechdrs, struct module *mod)
{
+ struct mod_arch_specific *mas = &mod->arch;
+
DEBUGP("%s: init: entry=%p\n", __func__, mod->init);
- if (mod->arch.unwind)
+ if (mas->unwind)
register_unwind_table(mod);
+
+ /*
+ * ".opd" was already relocated to the final destination. Store
+ * it's address for use in symbolizer.
+ */
+ mas->opd_addr = (void *)mas->opd->sh_addr;
+ mas->opd_size = mas->opd->sh_size;
+
+ /*
+ * Module relocation was already done at this point. Section
+ * headers are about to be deleted. Wipe out load-time context.
+ */
+ mas->core_plt = NULL;
+ mas->init_plt = NULL;
+ mas->got = NULL;
+ mas->opd = NULL;
+ mas->unwind = NULL;
+ mas->gp = 0;
+ mas->next_got_entry = 0;
+
return 0;
}
@@ -926,10 +948,9 @@ module_arch_cleanup (struct module *mod)
void *dereference_module_function_descriptor(struct module *mod, void *ptr)
{
- Elf64_Shdr *opd = mod->arch.opd;
+ struct mod_arch_specific *mas = &mod->arch;
- if (ptr < (void *)opd->sh_addr ||
- ptr >= (void *)(opd->sh_addr + opd->sh_size))
+ if (ptr < mas->opd_addr || ptr >= mas->opd_addr + mas->opd_size)
return ptr;
return dereference_function_descriptor(ptr);
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 333/425] ASoC: rt286: Make RT286_SET_GPIO_* readable and writable
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (331 preceding siblings ...)
2021-05-20 9:21 ` [PATCH 4.19 332/425] ia64: module: fix symbolizer crash on fdescr Greg Kroah-Hartman
@ 2021-05-20 9:21 ` Greg Kroah-Hartman
2021-05-20 9:21 ` [PATCH 4.19 334/425] f2fs: fix a redundant call to f2fs_balance_fs if an error occurs Greg Kroah-Hartman
` (98 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:21 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, David Ward, Pierre-Louis Bossart,
Mark Brown, Sasha Levin
From: David Ward <david.ward@gatech.edu>
[ Upstream commit cd8499d5c03ba260e3191e90236d0e5f6b147563 ]
The GPIO configuration cannot be applied if the registers are inaccessible.
This prevented the headset mic from working on the Dell XPS 13 9343.
BugLink: https://bugzilla.kernel.org/show_bug.cgi?id=114171
Signed-off-by: David Ward <david.ward@gatech.edu>
Link: https://lore.kernel.org/r/20210418134658.4333-5-david.ward@gatech.edu
Reviewed-by: Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/codecs/rt286.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/sound/soc/codecs/rt286.c b/sound/soc/codecs/rt286.c
index 7e44ccae3bc8..c29c6cf41ece 100644
--- a/sound/soc/codecs/rt286.c
+++ b/sound/soc/codecs/rt286.c
@@ -174,6 +174,9 @@ static bool rt286_readable_register(struct device *dev, unsigned int reg)
case RT286_PROC_COEF:
case RT286_SET_AMP_GAIN_ADC_IN1:
case RT286_SET_AMP_GAIN_ADC_IN2:
+ case RT286_SET_GPIO_MASK:
+ case RT286_SET_GPIO_DIRECTION:
+ case RT286_SET_GPIO_DATA:
case RT286_SET_POWER(RT286_DAC_OUT1):
case RT286_SET_POWER(RT286_DAC_OUT2):
case RT286_SET_POWER(RT286_ADC_IN1):
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 334/425] f2fs: fix a redundant call to f2fs_balance_fs if an error occurs
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (332 preceding siblings ...)
2021-05-20 9:21 ` [PATCH 4.19 333/425] ASoC: rt286: Make RT286_SET_GPIO_* readable and writable Greg Kroah-Hartman
@ 2021-05-20 9:21 ` Greg Kroah-Hartman
2021-05-20 9:21 ` [PATCH 4.19 335/425] PCI: iproc: Fix return value of iproc_msi_irq_domain_alloc() Greg Kroah-Hartman
` (97 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:21 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Colin Ian King, Chao Yu, Jaegeuk Kim,
Sasha Levin
From: Colin Ian King <colin.king@canonical.com>
[ Upstream commit 28e18ee636ba28532dbe425540af06245a0bbecb ]
The uninitialized variable dn.node_changed does not get set when a
call to f2fs_get_node_page fails. This uninitialized value gets used
in the call to f2fs_balance_fs() that may or not may not balances
dirty node and dentry pages depending on the uninitialized state of
the variable. Fix this by only calling f2fs_balance_fs if err is
not set.
Thanks to Jaegeuk Kim for suggesting an appropriate fix.
Addresses-Coverity: ("Uninitialized scalar variable")
Fixes: 2a3407607028 ("f2fs: call f2fs_balance_fs only when node was changed")
Signed-off-by: Colin Ian King <colin.king@canonical.com>
Reviewed-by: Chao Yu <yuchao0@huawei.com>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/f2fs/inline.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/fs/f2fs/inline.c b/fs/f2fs/inline.c
index 299f295fcb6c..6bf78cf63ea2 100644
--- a/fs/f2fs/inline.c
+++ b/fs/f2fs/inline.c
@@ -220,7 +220,8 @@ out:
f2fs_put_page(page, 1);
- f2fs_balance_fs(sbi, dn.node_changed);
+ if (!err)
+ f2fs_balance_fs(sbi, dn.node_changed);
return err;
}
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 335/425] PCI: iproc: Fix return value of iproc_msi_irq_domain_alloc()
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (333 preceding siblings ...)
2021-05-20 9:21 ` [PATCH 4.19 334/425] f2fs: fix a redundant call to f2fs_balance_fs if an error occurs Greg Kroah-Hartman
@ 2021-05-20 9:21 ` Greg Kroah-Hartman
2021-05-20 9:21 ` [PATCH 4.19 336/425] PCI: Release OF node in pci_scan_device()s error path Greg Kroah-Hartman
` (96 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:21 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Pali Rohár, Lorenzo Pieralisi,
Krzysztof Wilczyński, Ray Jui, Marc Zyngier, Sasha Levin
From: Pali Rohár <pali@kernel.org>
[ Upstream commit 1e83130f01b04c16579ed5a5e03d729bcffc4c5d ]
IRQ domain alloc function should return zero on success. Non-zero value
indicates failure.
Link: https://lore.kernel.org/r/20210303142202.25780-1-pali@kernel.org
Fixes: fc54bae28818 ("PCI: iproc: Allow allocation of multiple MSIs")
Signed-off-by: Pali Rohár <pali@kernel.org>
Signed-off-by: Lorenzo Pieralisi <lorenzo.pieralisi@arm.com>
Reviewed-by: Krzysztof Wilczyński <kw@linux.com>
Acked-by: Ray Jui <ray.jui@broadcom.com>
Acked-by: Marc Zyngier <maz@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/pci/controller/pcie-iproc-msi.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/pci/controller/pcie-iproc-msi.c b/drivers/pci/controller/pcie-iproc-msi.c
index ea612382599c..dc953c73cb56 100644
--- a/drivers/pci/controller/pcie-iproc-msi.c
+++ b/drivers/pci/controller/pcie-iproc-msi.c
@@ -271,7 +271,7 @@ static int iproc_msi_irq_domain_alloc(struct irq_domain *domain,
NULL, NULL);
}
- return hwirq;
+ return 0;
}
static void iproc_msi_irq_domain_free(struct irq_domain *domain,
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 336/425] PCI: Release OF node in pci_scan_device()s error path
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (334 preceding siblings ...)
2021-05-20 9:21 ` [PATCH 4.19 335/425] PCI: iproc: Fix return value of iproc_msi_irq_domain_alloc() Greg Kroah-Hartman
@ 2021-05-20 9:21 ` Greg Kroah-Hartman
2021-05-20 9:21 ` [PATCH 4.19 337/425] ARM: 9064/1: hw_breakpoint: Do not directly check the events overflow_handler hook Greg Kroah-Hartman
` (95 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:21 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dmitry Baryshkov, Bjorn Helgaas,
Leon Romanovsky, Sasha Levin
From: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
[ Upstream commit c99e755a4a4c165cad6effb39faffd0f3377c02d ]
In pci_scan_device(), if pci_setup_device() fails for any reason, the code
will not release device's of_node by calling pci_release_of_node(). Fix
that by calling the release function.
Fixes: 98d9f30c820d ("pci/of: Match PCI devices to OF nodes dynamically")
Link: https://lore.kernel.org/r/20210124232826.1879-1-dmitry.baryshkov@linaro.org
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Reviewed-by: Leon Romanovsky <leonro@nvidia.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/pci/probe.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/pci/probe.c b/drivers/pci/probe.c
index 9a5b6a8e2502..113b7bdf86dd 100644
--- a/drivers/pci/probe.c
+++ b/drivers/pci/probe.c
@@ -2359,6 +2359,7 @@ static struct pci_dev *pci_scan_device(struct pci_bus *bus, int devfn)
pci_set_of_node(dev);
if (pci_setup_device(dev)) {
+ pci_release_of_node(dev);
pci_bus_put(dev->bus);
kfree(dev);
return NULL;
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 337/425] ARM: 9064/1: hw_breakpoint: Do not directly check the events overflow_handler hook
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (335 preceding siblings ...)
2021-05-20 9:21 ` [PATCH 4.19 336/425] PCI: Release OF node in pci_scan_device()s error path Greg Kroah-Hartman
@ 2021-05-20 9:21 ` Greg Kroah-Hartman
2021-05-20 9:21 ` [PATCH 4.19 338/425] rpmsg: qcom_glink_native: fix error return code of qcom_glink_rx_data() Greg Kroah-Hartman
` (94 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:21 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Zhen Lei, Wang Nan, Will Deacon,
Russell King, Sasha Levin
From: Zhen Lei <thunder.leizhen@huawei.com>
[ Upstream commit a506bd5756290821a4314f502b4bafc2afcf5260 ]
The commit 1879445dfa7b ("perf/core: Set event's default
::overflow_handler()") set a default event->overflow_handler in
perf_event_alloc(), and replace the check event->overflow_handler with
is_default_overflow_handler(), but one is missing.
Currently, the bp->overflow_handler can not be NULL. As a result,
enable_single_step() is always not invoked.
Comments from Zhen Lei:
https://patchwork.kernel.org/project/linux-arm-kernel/patch/20210207105934.2001-1-thunder.leizhen@huawei.com/
Fixes: 1879445dfa7b ("perf/core: Set event's default ::overflow_handler()")
Signed-off-by: Zhen Lei <thunder.leizhen@huawei.com>
Cc: Wang Nan <wangnan0@huawei.com>
Acked-by: Will Deacon <will@kernel.org>
Signed-off-by: Russell King <rmk+kernel@armlinux.org.uk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/kernel/hw_breakpoint.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/arm/kernel/hw_breakpoint.c b/arch/arm/kernel/hw_breakpoint.c
index 97fa9c167757..2ee5b7f5e7ad 100644
--- a/arch/arm/kernel/hw_breakpoint.c
+++ b/arch/arm/kernel/hw_breakpoint.c
@@ -891,7 +891,7 @@ static void breakpoint_handler(unsigned long unknown, struct pt_regs *regs)
info->trigger = addr;
pr_debug("breakpoint fired: address = 0x%x\n", addr);
perf_bp_event(bp, regs);
- if (!bp->overflow_handler)
+ if (is_default_overflow_handler(bp))
enable_single_step(bp, addr);
goto unlock;
}
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 338/425] rpmsg: qcom_glink_native: fix error return code of qcom_glink_rx_data()
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (336 preceding siblings ...)
2021-05-20 9:21 ` [PATCH 4.19 337/425] ARM: 9064/1: hw_breakpoint: Do not directly check the events overflow_handler hook Greg Kroah-Hartman
@ 2021-05-20 9:21 ` Greg Kroah-Hartman
2021-05-20 9:21 ` [PATCH 4.19 339/425] NFSv4.2: Always flush out writes in nfs42_proc_fallocate() Greg Kroah-Hartman
` (93 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:21 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, TOTE Robot, Jia-Ju Bai,
Bjorn Andersson, Sasha Levin
From: Jia-Ju Bai <baijiaju1990@gmail.com>
[ Upstream commit 26594c6bbb60c6bc87e3762a86ceece57d164c66 ]
When idr_find() returns NULL to intent, no error return code of
qcom_glink_rx_data() is assigned.
To fix this bug, ret is assigned with -ENOENT in this case.
Fixes: 64f95f87920d ("rpmsg: glink: Use the local intents when receiving data")
Reported-by: TOTE Robot <oslab@tsinghua.edu.cn>
Signed-off-by: Jia-Ju Bai <baijiaju1990@gmail.com>
Link: https://lore.kernel.org/r/20210306133624.17237-1-baijiaju1990@gmail.com
Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/rpmsg/qcom_glink_native.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/rpmsg/qcom_glink_native.c b/drivers/rpmsg/qcom_glink_native.c
index a755f85686e5..8fa0f0eaaf43 100644
--- a/drivers/rpmsg/qcom_glink_native.c
+++ b/drivers/rpmsg/qcom_glink_native.c
@@ -857,6 +857,7 @@ static int qcom_glink_rx_data(struct qcom_glink *glink, size_t avail)
dev_err(glink->dev,
"no intent found for channel %s intent %d",
channel->name, liid);
+ ret = -ENOENT;
goto advance_rx;
}
}
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 339/425] NFSv4.2: Always flush out writes in nfs42_proc_fallocate()
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (337 preceding siblings ...)
2021-05-20 9:21 ` [PATCH 4.19 338/425] rpmsg: qcom_glink_native: fix error return code of qcom_glink_rx_data() Greg Kroah-Hartman
@ 2021-05-20 9:21 ` Greg Kroah-Hartman
2021-05-20 9:21 ` [PATCH 4.19 340/425] NFS: Deal correctly with attribute generation counter overflow Greg Kroah-Hartman
` (92 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:21 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Trond Myklebust, Sasha Levin
From: Trond Myklebust <trond.myklebust@hammerspace.com>
[ Upstream commit 99f23783224355e7022ceea9b8d9f62c0fd01bd8 ]
Whether we're allocating or delallocating space, we should flush out the
pending writes in order to avoid races with attribute updates.
Fixes: 1e564d3dbd68 ("NFSv4.2: Fix a race in nfs42_proc_deallocate()")
Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/nfs/nfs42proc.c | 16 +++++++++-------
1 file changed, 9 insertions(+), 7 deletions(-)
diff --git a/fs/nfs/nfs42proc.c b/fs/nfs/nfs42proc.c
index 526441de89c1..da7b73ad811f 100644
--- a/fs/nfs/nfs42proc.c
+++ b/fs/nfs/nfs42proc.c
@@ -59,7 +59,8 @@ static int _nfs42_proc_fallocate(struct rpc_message *msg, struct file *filep,
static int nfs42_proc_fallocate(struct rpc_message *msg, struct file *filep,
loff_t offset, loff_t len)
{
- struct nfs_server *server = NFS_SERVER(file_inode(filep));
+ struct inode *inode = file_inode(filep);
+ struct nfs_server *server = NFS_SERVER(inode);
struct nfs4_exception exception = { };
struct nfs_lock_context *lock;
int err;
@@ -68,9 +69,13 @@ static int nfs42_proc_fallocate(struct rpc_message *msg, struct file *filep,
if (IS_ERR(lock))
return PTR_ERR(lock);
- exception.inode = file_inode(filep);
+ exception.inode = inode;
exception.state = lock->open_context->state;
+ err = nfs_sync_inode(inode);
+ if (err)
+ goto out;
+
do {
err = _nfs42_proc_fallocate(msg, filep, lock, offset, len);
if (err == -ENOTSUPP) {
@@ -79,7 +84,7 @@ static int nfs42_proc_fallocate(struct rpc_message *msg, struct file *filep,
}
err = nfs4_handle_exception(server, err, &exception);
} while (exception.retry);
-
+out:
nfs_put_lock_context(lock);
return err;
}
@@ -117,16 +122,13 @@ int nfs42_proc_deallocate(struct file *filep, loff_t offset, loff_t len)
return -EOPNOTSUPP;
inode_lock(inode);
- err = nfs_sync_inode(inode);
- if (err)
- goto out_unlock;
err = nfs42_proc_fallocate(&msg, filep, offset, len);
if (err == 0)
truncate_pagecache_range(inode, offset, (offset + len) -1);
if (err == -EOPNOTSUPP)
NFS_SERVER(inode)->caps &= ~NFS_CAP_DEALLOCATE;
-out_unlock:
+
inode_unlock(inode);
return err;
}
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 340/425] NFS: Deal correctly with attribute generation counter overflow
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (338 preceding siblings ...)
2021-05-20 9:21 ` [PATCH 4.19 339/425] NFSv4.2: Always flush out writes in nfs42_proc_fallocate() Greg Kroah-Hartman
@ 2021-05-20 9:21 ` Greg Kroah-Hartman
2021-05-20 9:21 ` [PATCH 4.19 341/425] PCI: endpoint: Fix missing destroy_workqueue() Greg Kroah-Hartman
` (91 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:21 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Trond Myklebust, Sasha Levin
From: Trond Myklebust <trond.myklebust@hammerspace.com>
[ Upstream commit 9fdbfad1777cb4638f489eeb62d85432010c0031 ]
We need to use unsigned long subtraction and then convert to signed in
order to deal correcly with C overflow rules.
Fixes: f5062003465c ("NFS: Set an attribute barrier on all updates")
Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/nfs/inode.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/fs/nfs/inode.c b/fs/nfs/inode.c
index aee66d8f1330..dc55ecc3bec4 100644
--- a/fs/nfs/inode.c
+++ b/fs/nfs/inode.c
@@ -1607,10 +1607,10 @@ EXPORT_SYMBOL_GPL(_nfs_display_fhandle);
*/
static int nfs_inode_attrs_need_update(const struct inode *inode, const struct nfs_fattr *fattr)
{
- const struct nfs_inode *nfsi = NFS_I(inode);
+ unsigned long attr_gencount = NFS_I(inode)->attr_gencount;
- return ((long)fattr->gencount - (long)nfsi->attr_gencount) > 0 ||
- ((long)nfsi->attr_gencount - (long)nfs_read_attr_generation_counter() > 0);
+ return (long)(fattr->gencount - attr_gencount) > 0 ||
+ (long)(attr_gencount - nfs_read_attr_generation_counter()) > 0;
}
static int nfs_refresh_inode_locked(struct inode *inode, struct nfs_fattr *fattr)
@@ -2034,7 +2034,7 @@ static int nfs_update_inode(struct inode *inode, struct nfs_fattr *fattr)
nfsi->attrtimeo_timestamp = now;
}
/* Set the barrier to be more recent than this fattr */
- if ((long)fattr->gencount - (long)nfsi->attr_gencount > 0)
+ if ((long)(fattr->gencount - nfsi->attr_gencount) > 0)
nfsi->attr_gencount = fattr->gencount;
}
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 341/425] PCI: endpoint: Fix missing destroy_workqueue()
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (339 preceding siblings ...)
2021-05-20 9:21 ` [PATCH 4.19 340/425] NFS: Deal correctly with attribute generation counter overflow Greg Kroah-Hartman
@ 2021-05-20 9:21 ` Greg Kroah-Hartman
2021-05-20 9:21 ` [PATCH 4.19 342/425] pNFS/flexfiles: fix incorrect size check in decode_nfs_fh() Greg Kroah-Hartman
` (90 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:21 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hulk Robot, Yang Yingliang,
Lorenzo Pieralisi, Sasha Levin
From: Yang Yingliang <yangyingliang@huawei.com>
[ Upstream commit acaef7981a218813e3617edb9c01837808de063c ]
Add the missing destroy_workqueue() before return from
pci_epf_test_init() in the error handling case and add
destroy_workqueue() in pci_epf_test_exit().
Link: https://lore.kernel.org/r/20210331084012.2091010-1-yangyingliang@huawei.com
Fixes: 349e7a85b25fa ("PCI: endpoint: functions: Add an EP function to test PCI")
Reported-by: Hulk Robot <hulkci@huawei.com>
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
Signed-off-by: Lorenzo Pieralisi <lorenzo.pieralisi@arm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/pci/endpoint/functions/pci-epf-test.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/pci/endpoint/functions/pci-epf-test.c b/drivers/pci/endpoint/functions/pci-epf-test.c
index 4bbd26e8a9e2..09a1e449cd1c 100644
--- a/drivers/pci/endpoint/functions/pci-epf-test.c
+++ b/drivers/pci/endpoint/functions/pci-epf-test.c
@@ -572,6 +572,7 @@ static int __init pci_epf_test_init(void)
WQ_MEM_RECLAIM | WQ_HIGHPRI, 0);
ret = pci_epf_register_driver(&test_driver);
if (ret) {
+ destroy_workqueue(kpcitest_workqueue);
pr_err("Failed to register pci epf test driver --> %d\n", ret);
return ret;
}
@@ -582,6 +583,8 @@ module_init(pci_epf_test_init);
static void __exit pci_epf_test_exit(void)
{
+ if (kpcitest_workqueue)
+ destroy_workqueue(kpcitest_workqueue);
pci_epf_unregister_driver(&test_driver);
}
module_exit(pci_epf_test_exit);
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 342/425] pNFS/flexfiles: fix incorrect size check in decode_nfs_fh()
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (340 preceding siblings ...)
2021-05-20 9:21 ` [PATCH 4.19 341/425] PCI: endpoint: Fix missing destroy_workqueue() Greg Kroah-Hartman
@ 2021-05-20 9:21 ` Greg Kroah-Hartman
2021-05-20 9:21 ` [PATCH 4.19 343/425] NFSv4.2 fix handling of sr_eof in SEEKs reply Greg Kroah-Hartman
` (89 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:21 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Nikola Livic, Dan Carpenter,
Trond Myklebust, Sasha Levin
From: Nikola Livic <nlivic@gmail.com>
[ Upstream commit ed34695e15aba74f45247f1ee2cf7e09d449f925 ]
We (adam zabrocki, alexander matrosov, alexander tereshkin, maksym
bazalii) observed the check:
if (fh->size > sizeof(struct nfs_fh))
should not use the size of the nfs_fh struct which includes an extra two
bytes from the size field.
struct nfs_fh {
unsigned short size;
unsigned char data[NFS_MAXFHSIZE];
}
but should determine the size from data[NFS_MAXFHSIZE] so the memcpy
will not write 2 bytes beyond destination. The proposed fix is to
compare against the NFS_MAXFHSIZE directly, as is done elsewhere in fs
code base.
Fixes: d67ae825a59d ("pnfs/flexfiles: Add the FlexFile Layout Driver")
Signed-off-by: Nikola Livic <nlivic@gmail.com>
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/nfs/flexfilelayout/flexfilelayout.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/nfs/flexfilelayout/flexfilelayout.c b/fs/nfs/flexfilelayout/flexfilelayout.c
index d8cba46a9395..fee421da2197 100644
--- a/fs/nfs/flexfilelayout/flexfilelayout.c
+++ b/fs/nfs/flexfilelayout/flexfilelayout.c
@@ -101,7 +101,7 @@ static int decode_nfs_fh(struct xdr_stream *xdr, struct nfs_fh *fh)
if (unlikely(!p))
return -ENOBUFS;
fh->size = be32_to_cpup(p++);
- if (fh->size > sizeof(struct nfs_fh)) {
+ if (fh->size > NFS_MAXFHSIZE) {
printk(KERN_ERR "NFS flexfiles: Too big fh received %d\n",
fh->size);
return -EOVERFLOW;
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 343/425] NFSv4.2 fix handling of sr_eof in SEEKs reply
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (341 preceding siblings ...)
2021-05-20 9:21 ` [PATCH 4.19 342/425] pNFS/flexfiles: fix incorrect size check in decode_nfs_fh() Greg Kroah-Hartman
@ 2021-05-20 9:21 ` Greg Kroah-Hartman
2021-05-20 9:21 ` [PATCH 4.19 344/425] rtc: ds1307: Fix wday settings for rx8130 Greg Kroah-Hartman
` (88 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:21 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Olga Kornievskaia, Trond Myklebust,
Sasha Levin
From: Olga Kornievskaia <kolga@netapp.com>
[ Upstream commit 73f5c88f521a630ea1628beb9c2d48a2e777a419 ]
Currently the client ignores the value of the sr_eof of the SEEK
operation. According to the spec, if the server didn't find the
requested extent and reached the end of the file, the server
would return sr_eof=true. In case the request for DATA and no
data was found (ie in the middle of the hole), then the lseek
expects that ENXIO would be returned.
Fixes: 1c6dcbe5ceff8 ("NFS: Implement SEEK")
Signed-off-by: Olga Kornievskaia <kolga@netapp.com>
Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/nfs/nfs42proc.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/fs/nfs/nfs42proc.c b/fs/nfs/nfs42proc.c
index da7b73ad811f..be252795a6f7 100644
--- a/fs/nfs/nfs42proc.c
+++ b/fs/nfs/nfs42proc.c
@@ -500,7 +500,10 @@ static loff_t _nfs42_proc_llseek(struct file *filep,
if (status)
return status;
- return vfs_setpos(filep, res.sr_offset, inode->i_sb->s_maxbytes);
+ if (whence == SEEK_DATA && res.sr_eof)
+ return -NFS4ERR_NXIO;
+ else
+ return vfs_setpos(filep, res.sr_offset, inode->i_sb->s_maxbytes);
}
loff_t nfs42_proc_llseek(struct file *filep, loff_t offset, int whence)
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 344/425] rtc: ds1307: Fix wday settings for rx8130
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (342 preceding siblings ...)
2021-05-20 9:21 ` [PATCH 4.19 343/425] NFSv4.2 fix handling of sr_eof in SEEKs reply Greg Kroah-Hartman
@ 2021-05-20 9:21 ` Greg Kroah-Hartman
2021-05-20 9:21 ` [PATCH 4.19 345/425] net: hns3: disable phy loopback setting in hclge_mac_start_phy Greg Kroah-Hartman
` (87 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:21 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Nobuhiro Iwamatsu, Alexandre Belloni,
Sasha Levin
From: Nobuhiro Iwamatsu <nobuhiro1.iwamatsu@toshiba.co.jp>
[ Upstream commit 204756f016726a380bafe619438ed979088bd04a ]
rx8130 wday specifies the bit position, not BCD.
Fixes: ee0981be7704 ("rtc: ds1307: Add support for Epson RX8130CE")
Signed-off-by: Nobuhiro Iwamatsu <nobuhiro1.iwamatsu@toshiba.co.jp>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Link: https://lore.kernel.org/r/20210420023917.1949066-1-nobuhiro1.iwamatsu@toshiba.co.jp
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/rtc/rtc-ds1307.c | 12 ++++++++++--
1 file changed, 10 insertions(+), 2 deletions(-)
diff --git a/drivers/rtc/rtc-ds1307.c b/drivers/rtc/rtc-ds1307.c
index ebd59e86a567..94d31779933f 100644
--- a/drivers/rtc/rtc-ds1307.c
+++ b/drivers/rtc/rtc-ds1307.c
@@ -434,7 +434,11 @@ static int ds1307_get_time(struct device *dev, struct rtc_time *t)
t->tm_min = bcd2bin(regs[DS1307_REG_MIN] & 0x7f);
tmp = regs[DS1307_REG_HOUR] & 0x3f;
t->tm_hour = bcd2bin(tmp);
- t->tm_wday = bcd2bin(regs[DS1307_REG_WDAY] & 0x07) - 1;
+ /* rx8130 is bit position, not BCD */
+ if (ds1307->type == rx_8130)
+ t->tm_wday = fls(regs[DS1307_REG_WDAY] & 0x7f);
+ else
+ t->tm_wday = bcd2bin(regs[DS1307_REG_WDAY] & 0x07) - 1;
t->tm_mday = bcd2bin(regs[DS1307_REG_MDAY] & 0x3f);
tmp = regs[DS1307_REG_MONTH] & 0x1f;
t->tm_mon = bcd2bin(tmp) - 1;
@@ -481,7 +485,11 @@ static int ds1307_set_time(struct device *dev, struct rtc_time *t)
regs[DS1307_REG_SECS] = bin2bcd(t->tm_sec);
regs[DS1307_REG_MIN] = bin2bcd(t->tm_min);
regs[DS1307_REG_HOUR] = bin2bcd(t->tm_hour);
- regs[DS1307_REG_WDAY] = bin2bcd(t->tm_wday + 1);
+ /* rx8130 is bit position, not BCD */
+ if (ds1307->type == rx_8130)
+ regs[DS1307_REG_WDAY] = 1 << t->tm_wday;
+ else
+ regs[DS1307_REG_WDAY] = bin2bcd(t->tm_wday + 1);
regs[DS1307_REG_MDAY] = bin2bcd(t->tm_mday);
regs[DS1307_REG_MONTH] = bin2bcd(t->tm_mon + 1);
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 345/425] net: hns3: disable phy loopback setting in hclge_mac_start_phy
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (343 preceding siblings ...)
2021-05-20 9:21 ` [PATCH 4.19 344/425] rtc: ds1307: Fix wday settings for rx8130 Greg Kroah-Hartman
@ 2021-05-20 9:21 ` Greg Kroah-Hartman
2021-05-20 9:21 ` [PATCH 4.19 346/425] sctp: do asoc update earlier in sctp_sf_do_dupcook_a Greg Kroah-Hartman
` (86 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:21 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Yufeng Mo, Huazhong Tan,
David S. Miller, Sasha Levin
From: Yufeng Mo <moyufeng@huawei.com>
[ Upstream commit 472497d0bdae890a896013332a0b673f9acdf2bf ]
If selftest and reset are performed at the same time, the phy
loopback setting may be still in enable state after the reset,
and device cannot link up. So fix this issue by disabling phy
loopback before phy_start().
Fixes: 256727da7395 ("net: hns3: Add MDIO support to HNS3 Ethernet driver for hip08 SoC")
Signed-off-by: Yufeng Mo <moyufeng@huawei.com>
Signed-off-by: Huazhong Tan <tanhuazhong@huawei.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_mdio.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_mdio.c b/drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_mdio.c
index 03491e8ebb73..d0fa344f0a84 100644
--- a/drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_mdio.c
+++ b/drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_mdio.c
@@ -235,6 +235,8 @@ void hclge_mac_start_phy(struct hclge_dev *hdev)
if (!phydev)
return;
+ phy_loopback(phydev, false);
+
phy_start(phydev);
}
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 346/425] sctp: do asoc update earlier in sctp_sf_do_dupcook_a
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (344 preceding siblings ...)
2021-05-20 9:21 ` [PATCH 4.19 345/425] net: hns3: disable phy loopback setting in hclge_mac_start_phy Greg Kroah-Hartman
@ 2021-05-20 9:21 ` Greg Kroah-Hartman
2021-05-20 9:21 ` [PATCH 4.19 347/425] ethernet:enic: Fix a use after free bug in enic_hard_start_xmit Greg Kroah-Hartman
` (85 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:21 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Alexander Sverdlin,
syzbot+bbe538efd1046586f587, Michal Tesar, Xin Long,
Marcelo Ricardo Leitner, David S. Miller, Sasha Levin
From: Xin Long <lucien.xin@gmail.com>
[ Upstream commit 35b4f24415c854cd718ccdf38dbea6297f010aae ]
There's a panic that occurs in a few of envs, the call trace is as below:
[] general protection fault, ... 0x29acd70f1000a: 0000 [#1] SMP PTI
[] RIP: 0010:sctp_ulpevent_notify_peer_addr_change+0x4b/0x1fa [sctp]
[] sctp_assoc_control_transport+0x1b9/0x210 [sctp]
[] sctp_do_8_2_transport_strike.isra.16+0x15c/0x220 [sctp]
[] sctp_cmd_interpreter.isra.21+0x1231/0x1a10 [sctp]
[] sctp_do_sm+0xc3/0x2a0 [sctp]
[] sctp_generate_timeout_event+0x81/0xf0 [sctp]
This is caused by a transport use-after-free issue. When processing a
duplicate COOKIE-ECHO chunk in sctp_sf_do_dupcook_a(), both COOKIE-ACK
and SHUTDOWN chunks are allocated with the transort from the new asoc.
However, later in the sideeffect machine, the old asoc is used to send
them out and old asoc's shutdown_last_sent_to is set to the transport
that SHUTDOWN chunk attached to in sctp_cmd_setup_t2(), which actually
belongs to the new asoc. After the new_asoc is freed and the old asoc
T2 timeout, the old asoc's shutdown_last_sent_to that is already freed
would be accessed in sctp_sf_t2_timer_expire().
Thanks Alexander and Jere for helping dig into this issue.
To fix it, this patch is to do the asoc update first, then allocate
the COOKIE-ACK and SHUTDOWN chunks with the 'updated' old asoc. This
would make more sense, as a chunk from an asoc shouldn't be sent out
with another asoc. We had fixed quite a few issues caused by this.
Fixes: 145cb2f7177d ("sctp: Fix bundling of SHUTDOWN with COOKIE-ACK")
Reported-by: Alexander Sverdlin <alexander.sverdlin@nokia.com>
Reported-by: syzbot+bbe538efd1046586f587@syzkaller.appspotmail.com
Reported-by: Michal Tesar <mtesar@redhat.com>
Signed-off-by: Xin Long <lucien.xin@gmail.com>
Acked-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/sctp/sm_statefuns.c | 25 ++++++++++++++++++++-----
1 file changed, 20 insertions(+), 5 deletions(-)
diff --git a/net/sctp/sm_statefuns.c b/net/sctp/sm_statefuns.c
index a3033b74df54..882cd5f40a0a 100644
--- a/net/sctp/sm_statefuns.c
+++ b/net/sctp/sm_statefuns.c
@@ -1856,20 +1856,35 @@ static enum sctp_disposition sctp_sf_do_dupcook_a(
SCTP_TO(SCTP_EVENT_TIMEOUT_T4_RTO));
sctp_add_cmd_sf(commands, SCTP_CMD_PURGE_ASCONF_QUEUE, SCTP_NULL());
- repl = sctp_make_cookie_ack(new_asoc, chunk);
+ /* Update the content of current association. */
+ if (sctp_assoc_update((struct sctp_association *)asoc, new_asoc)) {
+ struct sctp_chunk *abort;
+
+ abort = sctp_make_abort(asoc, NULL, sizeof(struct sctp_errhdr));
+ if (abort) {
+ sctp_init_cause(abort, SCTP_ERROR_RSRC_LOW, 0);
+ sctp_add_cmd_sf(commands, SCTP_CMD_REPLY, SCTP_CHUNK(abort));
+ }
+ sctp_add_cmd_sf(commands, SCTP_CMD_SET_SK_ERR, SCTP_ERROR(ECONNABORTED));
+ sctp_add_cmd_sf(commands, SCTP_CMD_ASSOC_FAILED,
+ SCTP_PERR(SCTP_ERROR_RSRC_LOW));
+ SCTP_INC_STATS(net, SCTP_MIB_ABORTEDS);
+ SCTP_DEC_STATS(net, SCTP_MIB_CURRESTAB);
+ goto nomem;
+ }
+
+ repl = sctp_make_cookie_ack(asoc, chunk);
if (!repl)
goto nomem;
/* Report association restart to upper layer. */
ev = sctp_ulpevent_make_assoc_change(asoc, 0, SCTP_RESTART, 0,
- new_asoc->c.sinit_num_ostreams,
- new_asoc->c.sinit_max_instreams,
+ asoc->c.sinit_num_ostreams,
+ asoc->c.sinit_max_instreams,
NULL, GFP_ATOMIC);
if (!ev)
goto nomem_ev;
- /* Update the content of current association. */
- sctp_add_cmd_sf(commands, SCTP_CMD_UPDATE_ASSOC, SCTP_ASOC(new_asoc));
sctp_add_cmd_sf(commands, SCTP_CMD_EVENT_ULP, SCTP_ULPEVENT(ev));
if ((sctp_state(asoc, SHUTDOWN_PENDING) ||
sctp_state(asoc, SHUTDOWN_SENT)) &&
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 347/425] ethernet:enic: Fix a use after free bug in enic_hard_start_xmit
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (345 preceding siblings ...)
2021-05-20 9:21 ` [PATCH 4.19 346/425] sctp: do asoc update earlier in sctp_sf_do_dupcook_a Greg Kroah-Hartman
@ 2021-05-20 9:21 ` Greg Kroah-Hartman
2021-05-20 9:21 ` [PATCH 4.19 348/425] sctp: fix a SCTP_MIB_CURRESTAB leak in sctp_sf_do_dupcook_b Greg Kroah-Hartman
` (84 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:21 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Lv Yunlong,
Govindarajulu Varadarajan, David S. Miller, Sasha Levin
From: Lv Yunlong <lyl2019@mail.ustc.edu.cn>
[ Upstream commit 643001b47adc844ae33510c4bb93c236667008a3 ]
In enic_hard_start_xmit, it calls enic_queue_wq_skb(). Inside
enic_queue_wq_skb, if some error happens, the skb will be freed
by dev_kfree_skb(skb). But the freed skb is still used in
skb_tx_timestamp(skb).
My patch makes enic_queue_wq_skb() return error and goto spin_unlock()
incase of error. The solution is provided by Govind.
See https://lkml.org/lkml/2021/4/30/961.
Fixes: fb7516d42478e ("enic: add sw timestamp support")
Signed-off-by: Lv Yunlong <lyl2019@mail.ustc.edu.cn>
Acked-by: Govindarajulu Varadarajan <gvaradar@cisco.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/cisco/enic/enic_main.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/drivers/net/ethernet/cisco/enic/enic_main.c b/drivers/net/ethernet/cisco/enic/enic_main.c
index 810cbe221046..bfe0e820956c 100644
--- a/drivers/net/ethernet/cisco/enic/enic_main.c
+++ b/drivers/net/ethernet/cisco/enic/enic_main.c
@@ -803,7 +803,7 @@ static inline int enic_queue_wq_skb_encap(struct enic *enic, struct vnic_wq *wq,
return err;
}
-static inline void enic_queue_wq_skb(struct enic *enic,
+static inline int enic_queue_wq_skb(struct enic *enic,
struct vnic_wq *wq, struct sk_buff *skb)
{
unsigned int mss = skb_shinfo(skb)->gso_size;
@@ -849,6 +849,7 @@ static inline void enic_queue_wq_skb(struct enic *enic,
wq->to_use = buf->next;
dev_kfree_skb(skb);
}
+ return err;
}
/* netif_tx_lock held, process context with BHs disabled, or BH */
@@ -892,7 +893,8 @@ static netdev_tx_t enic_hard_start_xmit(struct sk_buff *skb,
return NETDEV_TX_BUSY;
}
- enic_queue_wq_skb(enic, wq, skb);
+ if (enic_queue_wq_skb(enic, wq, skb))
+ goto error;
if (vnic_wq_desc_avail(wq) < MAX_SKB_FRAGS + ENIC_DESC_MAX_SPLITS)
netif_tx_stop_queue(txq);
@@ -900,6 +902,7 @@ static netdev_tx_t enic_hard_start_xmit(struct sk_buff *skb,
if (!skb->xmit_more || netif_xmit_stopped(txq))
vnic_wq_doorbell(wq);
+error:
spin_unlock(&enic->wq_lock[txq_map]);
return NETDEV_TX_OK;
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 348/425] sctp: fix a SCTP_MIB_CURRESTAB leak in sctp_sf_do_dupcook_b
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (346 preceding siblings ...)
2021-05-20 9:21 ` [PATCH 4.19 347/425] ethernet:enic: Fix a use after free bug in enic_hard_start_xmit Greg Kroah-Hartman
@ 2021-05-20 9:21 ` Greg Kroah-Hartman
2021-05-20 9:21 ` [PATCH 4.19 349/425] netfilter: xt_SECMARK: add new revision to fix structure layout Greg Kroah-Hartman
` (83 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:21 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Marcelo Ricardo Leitner, Xin Long,
David S. Miller, Sasha Levin
From: Xin Long <lucien.xin@gmail.com>
[ Upstream commit f282df0391267fb2b263da1cc3233aa6fb81defc ]
Normally SCTP_MIB_CURRESTAB is always incremented once asoc enter into
ESTABLISHED from the state < ESTABLISHED and decremented when the asoc
is being deleted.
However, in sctp_sf_do_dupcook_b(), the asoc's state can be changed to
ESTABLISHED from the state >= ESTABLISHED where it shouldn't increment
SCTP_MIB_CURRESTAB. Otherwise, one asoc may increment MIB_CURRESTAB
multiple times but only decrement once at the end.
I was able to reproduce it by using scapy to do the 4-way shakehands,
after that I replayed the COOKIE-ECHO chunk with 'peer_vtag' field
changed to different values, and SCTP_MIB_CURRESTAB was incremented
multiple times and never went back to 0 even when the asoc was freed.
This patch is to fix it by only incrementing SCTP_MIB_CURRESTAB when
the state < ESTABLISHED in sctp_sf_do_dupcook_b().
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Reported-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
Signed-off-by: Xin Long <lucien.xin@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/sctp/sm_statefuns.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/net/sctp/sm_statefuns.c b/net/sctp/sm_statefuns.c
index 882cd5f40a0a..be5ea5e8b19e 100644
--- a/net/sctp/sm_statefuns.c
+++ b/net/sctp/sm_statefuns.c
@@ -1948,7 +1948,8 @@ static enum sctp_disposition sctp_sf_do_dupcook_b(
sctp_add_cmd_sf(commands, SCTP_CMD_UPDATE_ASSOC, SCTP_ASOC(new_asoc));
sctp_add_cmd_sf(commands, SCTP_CMD_NEW_STATE,
SCTP_STATE(SCTP_STATE_ESTABLISHED));
- SCTP_INC_STATS(net, SCTP_MIB_CURRESTAB);
+ if (asoc->state < SCTP_STATE_ESTABLISHED)
+ SCTP_INC_STATS(net, SCTP_MIB_CURRESTAB);
sctp_add_cmd_sf(commands, SCTP_CMD_HB_TIMERS_START, SCTP_NULL());
repl = sctp_make_cookie_ack(new_asoc, chunk);
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 349/425] netfilter: xt_SECMARK: add new revision to fix structure layout
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (347 preceding siblings ...)
2021-05-20 9:21 ` [PATCH 4.19 348/425] sctp: fix a SCTP_MIB_CURRESTAB leak in sctp_sf_do_dupcook_b Greg Kroah-Hartman
@ 2021-05-20 9:21 ` Greg Kroah-Hartman
2021-05-20 9:21 ` [PATCH 4.19 350/425] drm/radeon: Fix off-by-one power_state index heap overwrite Greg Kroah-Hartman
` (82 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:21 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Phil Sutter, Pablo Neira Ayuso, Sasha Levin
From: Pablo Neira Ayuso <pablo@netfilter.org>
[ Upstream commit c7d13358b6a2f49f81a34aa323a2d0878a0532a2 ]
This extension breaks when trying to delete rules, add a new revision to
fix this.
Fixes: 5e6874cdb8de ("[SECMARK]: Add xtables SECMARK target")
Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/uapi/linux/netfilter/xt_SECMARK.h | 6 ++
net/netfilter/xt_SECMARK.c | 88 ++++++++++++++++++-----
2 files changed, 75 insertions(+), 19 deletions(-)
diff --git a/include/uapi/linux/netfilter/xt_SECMARK.h b/include/uapi/linux/netfilter/xt_SECMARK.h
index 1f2a708413f5..beb2cadba8a9 100644
--- a/include/uapi/linux/netfilter/xt_SECMARK.h
+++ b/include/uapi/linux/netfilter/xt_SECMARK.h
@@ -20,4 +20,10 @@ struct xt_secmark_target_info {
char secctx[SECMARK_SECCTX_MAX];
};
+struct xt_secmark_target_info_v1 {
+ __u8 mode;
+ char secctx[SECMARK_SECCTX_MAX];
+ __u32 secid;
+};
+
#endif /*_XT_SECMARK_H_target */
diff --git a/net/netfilter/xt_SECMARK.c b/net/netfilter/xt_SECMARK.c
index 4ad5fe27e08b..097534dbc622 100644
--- a/net/netfilter/xt_SECMARK.c
+++ b/net/netfilter/xt_SECMARK.c
@@ -30,10 +30,9 @@ MODULE_ALIAS("ip6t_SECMARK");
static u8 mode;
static unsigned int
-secmark_tg(struct sk_buff *skb, const struct xt_action_param *par)
+secmark_tg(struct sk_buff *skb, const struct xt_secmark_target_info_v1 *info)
{
u32 secmark = 0;
- const struct xt_secmark_target_info *info = par->targinfo;
BUG_ON(info->mode != mode);
@@ -49,7 +48,7 @@ secmark_tg(struct sk_buff *skb, const struct xt_action_param *par)
return XT_CONTINUE;
}
-static int checkentry_lsm(struct xt_secmark_target_info *info)
+static int checkentry_lsm(struct xt_secmark_target_info_v1 *info)
{
int err;
@@ -81,15 +80,15 @@ static int checkentry_lsm(struct xt_secmark_target_info *info)
return 0;
}
-static int secmark_tg_check(const struct xt_tgchk_param *par)
+static int
+secmark_tg_check(const char *table, struct xt_secmark_target_info_v1 *info)
{
- struct xt_secmark_target_info *info = par->targinfo;
int err;
- if (strcmp(par->table, "mangle") != 0 &&
- strcmp(par->table, "security") != 0) {
+ if (strcmp(table, "mangle") != 0 &&
+ strcmp(table, "security") != 0) {
pr_info_ratelimited("only valid in \'mangle\' or \'security\' table, not \'%s\'\n",
- par->table);
+ table);
return -EINVAL;
}
@@ -124,25 +123,76 @@ static void secmark_tg_destroy(const struct xt_tgdtor_param *par)
}
}
-static struct xt_target secmark_tg_reg __read_mostly = {
- .name = "SECMARK",
- .revision = 0,
- .family = NFPROTO_UNSPEC,
- .checkentry = secmark_tg_check,
- .destroy = secmark_tg_destroy,
- .target = secmark_tg,
- .targetsize = sizeof(struct xt_secmark_target_info),
- .me = THIS_MODULE,
+static int secmark_tg_check_v0(const struct xt_tgchk_param *par)
+{
+ struct xt_secmark_target_info *info = par->targinfo;
+ struct xt_secmark_target_info_v1 newinfo = {
+ .mode = info->mode,
+ };
+ int ret;
+
+ memcpy(newinfo.secctx, info->secctx, SECMARK_SECCTX_MAX);
+
+ ret = secmark_tg_check(par->table, &newinfo);
+ info->secid = newinfo.secid;
+
+ return ret;
+}
+
+static unsigned int
+secmark_tg_v0(struct sk_buff *skb, const struct xt_action_param *par)
+{
+ const struct xt_secmark_target_info *info = par->targinfo;
+ struct xt_secmark_target_info_v1 newinfo = {
+ .secid = info->secid,
+ };
+
+ return secmark_tg(skb, &newinfo);
+}
+
+static int secmark_tg_check_v1(const struct xt_tgchk_param *par)
+{
+ return secmark_tg_check(par->table, par->targinfo);
+}
+
+static unsigned int
+secmark_tg_v1(struct sk_buff *skb, const struct xt_action_param *par)
+{
+ return secmark_tg(skb, par->targinfo);
+}
+
+static struct xt_target secmark_tg_reg[] __read_mostly = {
+ {
+ .name = "SECMARK",
+ .revision = 0,
+ .family = NFPROTO_UNSPEC,
+ .checkentry = secmark_tg_check_v0,
+ .destroy = secmark_tg_destroy,
+ .target = secmark_tg_v0,
+ .targetsize = sizeof(struct xt_secmark_target_info),
+ .me = THIS_MODULE,
+ },
+ {
+ .name = "SECMARK",
+ .revision = 1,
+ .family = NFPROTO_UNSPEC,
+ .checkentry = secmark_tg_check_v1,
+ .destroy = secmark_tg_destroy,
+ .target = secmark_tg_v1,
+ .targetsize = sizeof(struct xt_secmark_target_info_v1),
+ .usersize = offsetof(struct xt_secmark_target_info_v1, secid),
+ .me = THIS_MODULE,
+ },
};
static int __init secmark_tg_init(void)
{
- return xt_register_target(&secmark_tg_reg);
+ return xt_register_targets(secmark_tg_reg, ARRAY_SIZE(secmark_tg_reg));
}
static void __exit secmark_tg_exit(void)
{
- xt_unregister_target(&secmark_tg_reg);
+ xt_unregister_targets(secmark_tg_reg, ARRAY_SIZE(secmark_tg_reg));
}
module_init(secmark_tg_init);
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 350/425] drm/radeon: Fix off-by-one power_state index heap overwrite
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (348 preceding siblings ...)
2021-05-20 9:21 ` [PATCH 4.19 349/425] netfilter: xt_SECMARK: add new revision to fix structure layout Greg Kroah-Hartman
@ 2021-05-20 9:21 ` Greg Kroah-Hartman
2021-05-20 9:22 ` [PATCH 4.19 351/425] drm/radeon: Avoid power table parsing memory leaks Greg Kroah-Hartman
` (81 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:21 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Erhard F.,
Kees Cook, Alex Deucher, Sasha Levin
From: Kees Cook <keescook@chromium.org>
[ Upstream commit 5bbf219328849e83878bddb7c226d8d42e84affc ]
An out of bounds write happens when setting the default power state.
KASAN sees this as:
[drm] radeon: 512M of GTT memory ready.
[drm] GART: num cpu pages 131072, num gpu pages 131072
==================================================================
BUG: KASAN: slab-out-of-bounds in
radeon_atombios_parse_power_table_1_3+0x1837/0x1998 [radeon]
Write of size 4 at addr ffff88810178d858 by task systemd-udevd/157
CPU: 0 PID: 157 Comm: systemd-udevd Not tainted 5.12.0-E620 #50
Hardware name: eMachines eMachines E620 /Nile , BIOS V1.03 09/30/2008
Call Trace:
dump_stack+0xa5/0xe6
print_address_description.constprop.0+0x18/0x239
kasan_report+0x170/0x1a8
radeon_atombios_parse_power_table_1_3+0x1837/0x1998 [radeon]
radeon_atombios_get_power_modes+0x144/0x1888 [radeon]
radeon_pm_init+0x1019/0x1904 [radeon]
rs690_init+0x76e/0x84a [radeon]
radeon_device_init+0x1c1a/0x21e5 [radeon]
radeon_driver_load_kms+0xf5/0x30b [radeon]
drm_dev_register+0x255/0x4a0 [drm]
radeon_pci_probe+0x246/0x2f6 [radeon]
pci_device_probe+0x1aa/0x294
really_probe+0x30e/0x850
driver_probe_device+0xe6/0x135
device_driver_attach+0xc1/0xf8
__driver_attach+0x13f/0x146
bus_for_each_dev+0xfa/0x146
bus_add_driver+0x2b3/0x447
driver_register+0x242/0x2c1
do_one_initcall+0x149/0x2fd
do_init_module+0x1ae/0x573
load_module+0x4dee/0x5cca
__do_sys_finit_module+0xf1/0x140
do_syscall_64+0x33/0x40
entry_SYSCALL_64_after_hwframe+0x44/0xae
Without KASAN, this will manifest later when the kernel attempts to
allocate memory that was stomped, since it collides with the inline slab
freelist pointer:
invalid opcode: 0000 [#1] SMP NOPTI
CPU: 0 PID: 781 Comm: openrc-run.sh Tainted: G W 5.10.12-gentoo-E620 #2
Hardware name: eMachines eMachines E620 /Nile , BIOS V1.03 09/30/2008
RIP: 0010:kfree+0x115/0x230
Code: 89 c5 e8 75 ea ff ff 48 8b 00 0f ba e0 09 72 63 e8 1f f4 ff ff 41 89 c4 48 8b 45 00 0f ba e0 10 72 0a 48 8b 45 08 a8 01 75 02 <0f> 0b 44 89 e1 48 c7 c2 00 f0 ff ff be 06 00 00 00 48 d3 e2 48 c7
RSP: 0018:ffffb42f40267e10 EFLAGS: 00010246
RAX: ffffd61280ee8d88 RBX: 0000000000000004 RCX: 000000008010000d
RDX: 4000000000000000 RSI: ffffffffba1360b0 RDI: ffffd61280ee8d80
RBP: ffffd61280ee8d80 R08: ffffffffb91bebdf R09: 0000000000000000
R10: ffff8fe2c1047ac8 R11: 0000000000000000 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000100
FS: 00007fe80eff6b68(0000) GS:ffff8fe339c00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fe80eec7bc0 CR3: 0000000038012000 CR4: 00000000000006f0
Call Trace:
__free_fdtable+0x16/0x1f
put_files_struct+0x81/0x9b
do_exit+0x433/0x94d
do_group_exit+0xa6/0xa6
__x64_sys_exit_group+0xf/0xf
do_syscall_64+0x33/0x40
entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x7fe80ef64bea
Code: Unable to access opcode bytes at RIP 0x7fe80ef64bc0.
RSP: 002b:00007ffdb1c47528 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fe80ef64bea
RDX: 00007fe80ef64f60 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000
R10: 00007fe80ee2c620 R11: 0000000000000246 R12: 00007fe80eff41e0
R13: 00000000ffffffff R14: 0000000000000024 R15: 00007fe80edf9cd0
Modules linked in: radeon(+) ath5k(+) snd_hda_codec_realtek ...
Use a valid power_state index when initializing the "flags" and "misc"
and "misc2" fields.
Bug: https://bugzilla.kernel.org/show_bug.cgi?id=211537
Reported-by: Erhard F. <erhard_f@mailbox.org>
Fixes: a48b9b4edb8b ("drm/radeon/kms/pm: add asic specific callbacks for getting power state (v2)")
Fixes: 79daedc94281 ("drm/radeon/kms: minor pm cleanups")
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/radeon/radeon_atombios.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/drivers/gpu/drm/radeon/radeon_atombios.c b/drivers/gpu/drm/radeon/radeon_atombios.c
index f422a8d6aec4..ffeacaa269e8 100644
--- a/drivers/gpu/drm/radeon/radeon_atombios.c
+++ b/drivers/gpu/drm/radeon/radeon_atombios.c
@@ -2263,10 +2263,10 @@ static int radeon_atombios_parse_power_table_1_3(struct radeon_device *rdev)
rdev->pm.default_power_state_index = state_index - 1;
rdev->pm.power_state[state_index - 1].default_clock_mode =
&rdev->pm.power_state[state_index - 1].clock_info[0];
- rdev->pm.power_state[state_index].flags &=
+ rdev->pm.power_state[state_index - 1].flags &=
~RADEON_PM_STATE_SINGLE_DISPLAY_ONLY;
- rdev->pm.power_state[state_index].misc = 0;
- rdev->pm.power_state[state_index].misc2 = 0;
+ rdev->pm.power_state[state_index - 1].misc = 0;
+ rdev->pm.power_state[state_index - 1].misc2 = 0;
}
return state_index;
}
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 351/425] drm/radeon: Avoid power table parsing memory leaks
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (349 preceding siblings ...)
2021-05-20 9:21 ` [PATCH 4.19 350/425] drm/radeon: Fix off-by-one power_state index heap overwrite Greg Kroah-Hartman
@ 2021-05-20 9:22 ` Greg Kroah-Hartman
2021-05-20 9:22 ` [PATCH 4.19 352/425] khugepaged: fix wrong result value for trace_mm_collapse_huge_page_isolate() Greg Kroah-Hartman
` (80 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:22 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Kees Cook, Alex Deucher, Sasha Levin
From: Kees Cook <keescook@chromium.org>
[ Upstream commit c69f27137a38d24301a6b659454a91ad85dff4aa ]
Avoid leaving a hanging pre-allocated clock_info if last mode is
invalid, and avoid heap corruption if no valid modes are found.
Bug: https://bugzilla.kernel.org/show_bug.cgi?id=211537
Fixes: 6991b8f2a319 ("drm/radeon/kms: fix segfault in pm rework")
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/radeon/radeon_atombios.c | 20 +++++++++++++++-----
1 file changed, 15 insertions(+), 5 deletions(-)
diff --git a/drivers/gpu/drm/radeon/radeon_atombios.c b/drivers/gpu/drm/radeon/radeon_atombios.c
index ffeacaa269e8..821b03d6142b 100644
--- a/drivers/gpu/drm/radeon/radeon_atombios.c
+++ b/drivers/gpu/drm/radeon/radeon_atombios.c
@@ -2133,11 +2133,14 @@ static int radeon_atombios_parse_power_table_1_3(struct radeon_device *rdev)
return state_index;
/* last mode is usually default, array is low to high */
for (i = 0; i < num_modes; i++) {
- rdev->pm.power_state[state_index].clock_info =
- kcalloc(1, sizeof(struct radeon_pm_clock_info),
- GFP_KERNEL);
+ /* avoid memory leaks from invalid modes or unknown frev. */
+ if (!rdev->pm.power_state[state_index].clock_info) {
+ rdev->pm.power_state[state_index].clock_info =
+ kzalloc(sizeof(struct radeon_pm_clock_info),
+ GFP_KERNEL);
+ }
if (!rdev->pm.power_state[state_index].clock_info)
- return state_index;
+ goto out;
rdev->pm.power_state[state_index].num_clock_modes = 1;
rdev->pm.power_state[state_index].clock_info[0].voltage.type = VOLTAGE_NONE;
switch (frev) {
@@ -2256,8 +2259,15 @@ static int radeon_atombios_parse_power_table_1_3(struct radeon_device *rdev)
break;
}
}
+out:
+ /* free any unused clock_info allocation. */
+ if (state_index && state_index < num_modes) {
+ kfree(rdev->pm.power_state[state_index].clock_info);
+ rdev->pm.power_state[state_index].clock_info = NULL;
+ }
+
/* last mode is usually default */
- if (rdev->pm.default_power_state_index == -1) {
+ if (state_index && rdev->pm.default_power_state_index == -1) {
rdev->pm.power_state[state_index - 1].type =
POWER_STATE_TYPE_DEFAULT;
rdev->pm.default_power_state_index = state_index - 1;
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 352/425] khugepaged: fix wrong result value for trace_mm_collapse_huge_page_isolate()
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (350 preceding siblings ...)
2021-05-20 9:22 ` [PATCH 4.19 351/425] drm/radeon: Avoid power table parsing memory leaks Greg Kroah-Hartman
@ 2021-05-20 9:22 ` Greg Kroah-Hartman
2021-05-20 9:22 ` [PATCH 4.19 353/425] mm/hugeltb: handle the error case in hugetlb_fix_reserve_counts() Greg Kroah-Hartman
` (79 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:22 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Miaohe Lin, Kirill A. Shutemov,
Dan Carpenter, Ebru Akagunduz, Mike Kravetz, Rik van Riel,
Andrew Morton, Linus Torvalds, Sasha Levin
From: Miaohe Lin <linmiaohe@huawei.com>
[ Upstream commit 74e579bf231a337ab3786d59e64bc94f45ca7b3f ]
In writable and !referenced case, the result value should be
SCAN_LACK_REFERENCED_PAGE for trace_mm_collapse_huge_page_isolate()
instead of default 0 (SCAN_FAIL) here.
Link: https://lkml.kernel.org/r/20210306032947.35921-5-linmiaohe@huawei.com
Fixes: 7d2eba0557c1 ("mm: add tracepoint for scanning pages")
Signed-off-by: Miaohe Lin <linmiaohe@huawei.com>
Acked-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
Cc: Dan Carpenter <dan.carpenter@oracle.com>
Cc: Ebru Akagunduz <ebru.akagunduz@gmail.com>
Cc: Mike Kravetz <mike.kravetz@oracle.com>
Cc: Rik van Riel <riel@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
mm/khugepaged.c | 18 +++++++++---------
1 file changed, 9 insertions(+), 9 deletions(-)
diff --git a/mm/khugepaged.c b/mm/khugepaged.c
index 9c7dc2276156..5dd14ef2e1de 100644
--- a/mm/khugepaged.c
+++ b/mm/khugepaged.c
@@ -616,17 +616,17 @@ static int __collapse_huge_page_isolate(struct vm_area_struct *vma,
mmu_notifier_test_young(vma->vm_mm, address))
referenced++;
}
- if (likely(writable)) {
- if (likely(referenced)) {
- result = SCAN_SUCCEED;
- trace_mm_collapse_huge_page_isolate(page, none_or_zero,
- referenced, writable, result);
- return 1;
- }
- } else {
+
+ if (unlikely(!writable)) {
result = SCAN_PAGE_RO;
+ } else if (unlikely(!referenced)) {
+ result = SCAN_LACK_REFERENCED_PAGE;
+ } else {
+ result = SCAN_SUCCEED;
+ trace_mm_collapse_huge_page_isolate(page, none_or_zero,
+ referenced, writable, result);
+ return 1;
}
-
out:
release_pte_pages(pte, _pte);
trace_mm_collapse_huge_page_isolate(page, none_or_zero,
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 353/425] mm/hugeltb: handle the error case in hugetlb_fix_reserve_counts()
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (351 preceding siblings ...)
2021-05-20 9:22 ` [PATCH 4.19 352/425] khugepaged: fix wrong result value for trace_mm_collapse_huge_page_isolate() Greg Kroah-Hartman
@ 2021-05-20 9:22 ` Greg Kroah-Hartman
2021-05-20 9:22 ` [PATCH 4.19 354/425] ksm: fix potential missing rmap_item for stable_node Greg Kroah-Hartman
` (78 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:22 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Miaohe Lin, Feilong Lin,
Mike Kravetz, Andrew Morton, Linus Torvalds, Sasha Levin
From: Miaohe Lin <linmiaohe@huawei.com>
[ Upstream commit da56388c4397878a65b74f7fe97760f5aa7d316b ]
A rare out of memory error would prevent removal of the reserve map region
for a page. hugetlb_fix_reserve_counts() handles this rare case to avoid
dangling with incorrect counts. Unfortunately, hugepage_subpool_get_pages
and hugetlb_acct_memory could possibly fail too. We should correctly
handle these cases.
Link: https://lkml.kernel.org/r/20210410072348.20437-5-linmiaohe@huawei.com
Fixes: b5cec28d36f5 ("hugetlbfs: truncate_hugepages() takes a range of pages")
Signed-off-by: Miaohe Lin <linmiaohe@huawei.com>
Cc: Feilong Lin <linfeilong@huawei.com>
Cc: Mike Kravetz <mike.kravetz@oracle.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
mm/hugetlb.c | 11 +++++++++--
1 file changed, 9 insertions(+), 2 deletions(-)
diff --git a/mm/hugetlb.c b/mm/hugetlb.c
index f37a821dc5ce..1dfaec50ff93 100644
--- a/mm/hugetlb.c
+++ b/mm/hugetlb.c
@@ -588,13 +588,20 @@ void hugetlb_fix_reserve_counts(struct inode *inode)
{
struct hugepage_subpool *spool = subpool_inode(inode);
long rsv_adjust;
+ bool reserved = false;
rsv_adjust = hugepage_subpool_get_pages(spool, 1);
- if (rsv_adjust) {
+ if (rsv_adjust > 0) {
struct hstate *h = hstate_inode(inode);
- hugetlb_acct_memory(h, 1);
+ if (!hugetlb_acct_memory(h, 1))
+ reserved = true;
+ } else if (!rsv_adjust) {
+ reserved = true;
}
+
+ if (!reserved)
+ pr_warn("hugetlb: Huge Page Reserved count may go negative.\n");
}
/*
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 354/425] ksm: fix potential missing rmap_item for stable_node
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (352 preceding siblings ...)
2021-05-20 9:22 ` [PATCH 4.19 353/425] mm/hugeltb: handle the error case in hugetlb_fix_reserve_counts() Greg Kroah-Hartman
@ 2021-05-20 9:22 ` Greg Kroah-Hartman
2021-05-20 9:22 ` [PATCH 4.19 355/425] net: fix nla_strcmp to handle more then one trailing null character Greg Kroah-Hartman
` (77 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:22 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Miaohe Lin, Hugh Dickins,
Andrew Morton, Linus Torvalds, Sasha Levin
From: Miaohe Lin <linmiaohe@huawei.com>
[ Upstream commit c89a384e2551c692a9fe60d093fd7080f50afc51 ]
When removing rmap_item from stable tree, STABLE_FLAG of rmap_item is
cleared with head reserved. So the following scenario might happen: For
ksm page with rmap_item1:
cmp_and_merge_page
stable_node->head = &migrate_nodes;
remove_rmap_item_from_tree, but head still equal to stable_node;
try_to_merge_with_ksm_page failed;
return;
For the same ksm page with rmap_item2, stable node migration succeed this
time. The stable_node->head does not equal to migrate_nodes now. For ksm
page with rmap_item1 again:
cmp_and_merge_page
stable_node->head != &migrate_nodes && rmap_item->head == stable_node
return;
We would miss the rmap_item for stable_node and might result in failed
rmap_walk_ksm(). Fix this by set rmap_item->head to NULL when rmap_item
is removed from stable tree.
Link: https://lkml.kernel.org/r/20210330140228.45635-5-linmiaohe@huawei.com
Fixes: 4146d2d673e8 ("ksm: make !merge_across_nodes migration safe")
Signed-off-by: Miaohe Lin <linmiaohe@huawei.com>
Cc: Hugh Dickins <hughd@google.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
mm/ksm.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/mm/ksm.c b/mm/ksm.c
index d021bcf94c41..87a541ab1474 100644
--- a/mm/ksm.c
+++ b/mm/ksm.c
@@ -778,6 +778,7 @@ static void remove_rmap_item_from_tree(struct rmap_item *rmap_item)
stable_node->rmap_hlist_len--;
put_anon_vma(rmap_item->anon_vma);
+ rmap_item->head = NULL;
rmap_item->address &= PAGE_MASK;
} else if (rmap_item->address & UNSTABLE_FLAG) {
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 355/425] net: fix nla_strcmp to handle more then one trailing null character
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (353 preceding siblings ...)
2021-05-20 9:22 ` [PATCH 4.19 354/425] ksm: fix potential missing rmap_item for stable_node Greg Kroah-Hartman
@ 2021-05-20 9:22 ` Greg Kroah-Hartman
2021-05-20 9:22 ` [PATCH 4.19 356/425] smc: disallow TCP_ULP in smc_setsockopt() Greg Kroah-Hartman
` (76 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:22 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Nucca Chen, Cong Wang, David Ahern,
David S. Miller, Jakub Kicinski, Jamal Hadi Salim, Jiri Pirko,
Jiri Pirko, Sasha Levin
From: Maciej Żenczykowski <maze@google.com>
[ Upstream commit 2c16db6c92b0ee4aa61e88366df82169e83c3f7e ]
Android userspace has been using TCA_KIND with a char[IFNAMESIZ]
many-null-terminated buffer containing the string 'bpf'.
This works on 4.19 and ceases to work on 5.10.
I'm not entirely sure what fixes tag to use, but I think the issue
was likely introduced in the below mentioned 5.4 commit.
Reported-by: Nucca Chen <nuccachen@google.com>
Cc: Cong Wang <xiyou.wangcong@gmail.com>
Cc: David Ahern <dsahern@gmail.com>
Cc: David S. Miller <davem@davemloft.net>
Cc: Jakub Kicinski <jakub.kicinski@netronome.com>
Cc: Jamal Hadi Salim <jhs@mojatatu.com>
Cc: Jiri Pirko <jiri@mellanox.com>
Cc: Jiri Pirko <jiri@resnulli.us>
Fixes: 62794fc4fbf5 ("net_sched: add max len check for TCA_KIND")
Change-Id: I66dc281f165a2858fc29a44869a270a2d698a82b
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
lib/nlattr.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/nlattr.c b/lib/nlattr.c
index e335bcafa9e4..00bfc6aece05 100644
--- a/lib/nlattr.c
+++ b/lib/nlattr.c
@@ -402,7 +402,7 @@ int nla_strcmp(const struct nlattr *nla, const char *str)
int attrlen = nla_len(nla);
int d;
- if (attrlen > 0 && buf[attrlen - 1] == '\0')
+ while (attrlen > 0 && buf[attrlen - 1] == '\0')
attrlen--;
d = attrlen - len;
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 356/425] smc: disallow TCP_ULP in smc_setsockopt()
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (354 preceding siblings ...)
2021-05-20 9:22 ` [PATCH 4.19 355/425] net: fix nla_strcmp to handle more then one trailing null character Greg Kroah-Hartman
@ 2021-05-20 9:22 ` Greg Kroah-Hartman
2021-05-20 9:22 ` [PATCH 4.19 357/425] netfilter: nfnetlink_osf: Fix a missing skb_header_pointer() NULL check Greg Kroah-Hartman
` (75 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:22 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, John Fastabend, Karsten Graul,
Cong Wang, David S. Miller, Sasha Levin,
syzbot+b54a1ce86ba4a623b7f0
From: Cong Wang <cong.wang@bytedance.com>
[ Upstream commit 8621436671f3a4bba5db57482e1ee604708bf1eb ]
syzbot is able to setup kTLS on an SMC socket which coincidentally
uses sk_user_data too. Later, kTLS treats it as psock so triggers a
refcnt warning. The root cause is that smc_setsockopt() simply calls
TCP setsockopt() which includes TCP_ULP. I do not think it makes
sense to setup kTLS on top of SMC sockets, so we should just disallow
this setup.
It is hard to find a commit to blame, but we can apply this patch
since the beginning of TCP_ULP.
Reported-and-tested-by: syzbot+b54a1ce86ba4a623b7f0@syzkaller.appspotmail.com
Fixes: 734942cc4ea6 ("tcp: ULP infrastructure")
Cc: John Fastabend <john.fastabend@gmail.com>
Signed-off-by: Karsten Graul <kgraul@linux.ibm.com>
Signed-off-by: Cong Wang <cong.wang@bytedance.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/smc/af_smc.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/net/smc/af_smc.c b/net/smc/af_smc.c
index 26dcd02b2d0c..9aab4ab8161b 100644
--- a/net/smc/af_smc.c
+++ b/net/smc/af_smc.c
@@ -1644,6 +1644,9 @@ static int smc_setsockopt(struct socket *sock, int level, int optname,
struct smc_sock *smc;
int val, rc;
+ if (level == SOL_TCP && optname == TCP_ULP)
+ return -EOPNOTSUPP;
+
smc = smc_sk(sk);
/* generic setsockopts reaching us here always apply to the
@@ -1665,7 +1668,6 @@ static int smc_setsockopt(struct socket *sock, int level, int optname,
lock_sock(sk);
switch (optname) {
- case TCP_ULP:
case TCP_FASTOPEN:
case TCP_FASTOPEN_CONNECT:
case TCP_FASTOPEN_KEY:
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 357/425] netfilter: nfnetlink_osf: Fix a missing skb_header_pointer() NULL check
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (355 preceding siblings ...)
2021-05-20 9:22 ` [PATCH 4.19 356/425] smc: disallow TCP_ULP in smc_setsockopt() Greg Kroah-Hartman
@ 2021-05-20 9:22 ` Greg Kroah-Hartman
2021-05-20 9:22 ` [PATCH 4.19 358/425] sched/fair: Fix unfairness caused by missing load decay Greg Kroah-Hartman
` (74 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:22 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Pablo Neira Ayuso, Sasha Levin
From: Pablo Neira Ayuso <pablo@netfilter.org>
[ Upstream commit 5e024c325406470d1165a09c6feaf8ec897936be ]
Do not assume that the tcph->doff field is correct when parsing for TCP
options, skb_header_pointer() might fail to fetch these bits.
Fixes: 11eeef41d5f6 ("netfilter: passive OS fingerprint xtables match")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/netfilter/nfnetlink_osf.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/net/netfilter/nfnetlink_osf.c b/net/netfilter/nfnetlink_osf.c
index 131f9f8c0b09..917f06110c82 100644
--- a/net/netfilter/nfnetlink_osf.c
+++ b/net/netfilter/nfnetlink_osf.c
@@ -191,6 +191,8 @@ static const struct tcphdr *nf_osf_hdr_ctx_init(struct nf_osf_hdr_ctx *ctx,
ctx->optp = skb_header_pointer(skb, ip_hdrlen(skb) +
sizeof(struct tcphdr), ctx->optsize, opts);
+ if (!ctx->optp)
+ return NULL;
}
return tcp;
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 358/425] sched/fair: Fix unfairness caused by missing load decay
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (356 preceding siblings ...)
2021-05-20 9:22 ` [PATCH 4.19 357/425] netfilter: nfnetlink_osf: Fix a missing skb_header_pointer() NULL check Greg Kroah-Hartman
@ 2021-05-20 9:22 ` Greg Kroah-Hartman
2021-05-20 9:22 ` [PATCH 4.19 359/425] kernel: kexec_file: fix error return code of kexec_calculate_store_digests() Greg Kroah-Hartman
` (73 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:22 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Odin Ugedal, Peter Zijlstra (Intel),
Vincent Guittot, Sasha Levin
From: Odin Ugedal <odin@uged.al>
[ Upstream commit 0258bdfaff5bd13c4d2383150b7097aecd6b6d82 ]
This fixes an issue where old load on a cfs_rq is not properly decayed,
resulting in strange behavior where fairness can decrease drastically.
Real workloads with equally weighted control groups have ended up
getting a respective 99% and 1%(!!) of cpu time.
When an idle task is attached to a cfs_rq by attaching a pid to a cgroup,
the old load of the task is attached to the new cfs_rq and sched_entity by
attach_entity_cfs_rq. If the task is then moved to another cpu (and
therefore cfs_rq) before being enqueued/woken up, the load will be moved
to cfs_rq->removed from the sched_entity. Such a move will happen when
enforcing a cpuset on the task (eg. via a cgroup) that force it to move.
The load will however not be removed from the task_group itself, making
it look like there is a constant load on that cfs_rq. This causes the
vruntime of tasks on other sibling cfs_rq's to increase faster than they
are supposed to; causing severe fairness issues. If no other task is
started on the given cfs_rq, and due to the cpuset it would not happen,
this load would never be properly unloaded. With this patch the load
will be properly removed inside update_blocked_averages. This also
applies to tasks moved to the fair scheduling class and moved to another
cpu, and this path will also fix that. For fork, the entity is queued
right away, so this problem does not affect that.
This applies to cases where the new process is the first in the cfs_rq,
issue introduced 3d30544f0212 ("sched/fair: Apply more PELT fixes"), and
when there has previously been load on the cgroup but the cgroup was
removed from the leaflist due to having null PELT load, indroduced
in 039ae8bcf7a5 ("sched/fair: Fix O(nr_cgroups) in the load balancing
path").
For a simple cgroup hierarchy (as seen below) with two equally weighted
groups, that in theory should get 50/50 of cpu time each, it often leads
to a load of 60/40 or 70/30.
parent/
cg-1/
cpu.weight: 100
cpuset.cpus: 1
cg-2/
cpu.weight: 100
cpuset.cpus: 1
If the hierarchy is deeper (as seen below), while keeping cg-1 and cg-2
equally weighted, they should still get a 50/50 balance of cpu time.
This however sometimes results in a balance of 10/90 or 1/99(!!) between
the task groups.
$ ps u -C stress
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 18568 1.1 0.0 3684 100 pts/12 R+ 13:36 0:00 stress --cpu 1
root 18580 99.3 0.0 3684 100 pts/12 R+ 13:36 0:09 stress --cpu 1
parent/
cg-1/
cpu.weight: 100
sub-group/
cpu.weight: 1
cpuset.cpus: 1
cg-2/
cpu.weight: 100
sub-group/
cpu.weight: 10000
cpuset.cpus: 1
This can be reproduced by attaching an idle process to a cgroup and
moving it to a given cpuset before it wakes up. The issue is evident in
many (if not most) container runtimes, and has been reproduced
with both crun and runc (and therefore docker and all its "derivatives"),
and with both cgroup v1 and v2.
Fixes: 3d30544f0212 ("sched/fair: Apply more PELT fixes")
Fixes: 039ae8bcf7a5 ("sched/fair: Fix O(nr_cgroups) in the load balancing path")
Signed-off-by: Odin Ugedal <odin@uged.al>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Reviewed-by: Vincent Guittot <vincent.guittot@linaro.org>
Link: https://lkml.kernel.org/r/20210501141950.23622-2-odin@uged.al
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/sched/fair.c | 12 +++++++++---
1 file changed, 9 insertions(+), 3 deletions(-)
diff --git a/kernel/sched/fair.c b/kernel/sched/fair.c
index 696d08a4593e..80392cdd5f3b 100644
--- a/kernel/sched/fair.c
+++ b/kernel/sched/fair.c
@@ -9903,16 +9903,22 @@ static void propagate_entity_cfs_rq(struct sched_entity *se)
{
struct cfs_rq *cfs_rq;
+ list_add_leaf_cfs_rq(cfs_rq_of(se));
+
/* Start to propagate at parent */
se = se->parent;
for_each_sched_entity(se) {
cfs_rq = cfs_rq_of(se);
- if (cfs_rq_throttled(cfs_rq))
- break;
+ if (!cfs_rq_throttled(cfs_rq)){
+ update_load_avg(cfs_rq, se, UPDATE_TG);
+ list_add_leaf_cfs_rq(cfs_rq);
+ continue;
+ }
- update_load_avg(cfs_rq, se, UPDATE_TG);
+ if (list_add_leaf_cfs_rq(cfs_rq))
+ break;
}
}
#else
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 359/425] kernel: kexec_file: fix error return code of kexec_calculate_store_digests()
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (357 preceding siblings ...)
2021-05-20 9:22 ` [PATCH 4.19 358/425] sched/fair: Fix unfairness caused by missing load decay Greg Kroah-Hartman
@ 2021-05-20 9:22 ` Greg Kroah-Hartman
2021-05-20 9:22 ` [PATCH 4.19 360/425] netfilter: nftables: avoid overflows in nft_hash_buckets() Greg Kroah-Hartman
` (72 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:22 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jia-Ju Bai, TOTE Robot, Baoquan He,
Andrew Morton, Linus Torvalds, Sasha Levin
From: Jia-Ju Bai <baijiaju1990@gmail.com>
[ Upstream commit 31d82c2c787d5cf65fedd35ebbc0c1bd95c1a679 ]
When vzalloc() returns NULL to sha_regions, no error return code of
kexec_calculate_store_digests() is assigned. To fix this bug, ret is
assigned with -ENOMEM in this case.
Link: https://lkml.kernel.org/r/20210309083904.24321-1-baijiaju1990@gmail.com
Fixes: a43cac0d9dc2 ("kexec: split kexec_file syscall code to kexec_file.c")
Signed-off-by: Jia-Ju Bai <baijiaju1990@gmail.com>
Reported-by: TOTE Robot <oslab@tsinghua.edu.cn>
Acked-by: Baoquan He <bhe@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/kexec_file.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/kernel/kexec_file.c b/kernel/kexec_file.c
index 2fbdb78d66c8..89d41c0a10f1 100644
--- a/kernel/kexec_file.c
+++ b/kernel/kexec_file.c
@@ -631,8 +631,10 @@ static int kexec_calculate_store_digests(struct kimage *image)
sha_region_sz = KEXEC_SEGMENT_MAX * sizeof(struct kexec_sha_region);
sha_regions = vzalloc(sha_region_sz);
- if (!sha_regions)
+ if (!sha_regions) {
+ ret = -ENOMEM;
goto out_free_desc;
+ }
desc->tfm = tfm;
desc->flags = 0;
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 360/425] netfilter: nftables: avoid overflows in nft_hash_buckets()
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (358 preceding siblings ...)
2021-05-20 9:22 ` [PATCH 4.19 359/425] kernel: kexec_file: fix error return code of kexec_calculate_store_digests() Greg Kroah-Hartman
@ 2021-05-20 9:22 ` Greg Kroah-Hartman
2021-05-20 9:22 ` [PATCH 4.19 361/425] i40e: Fix use-after-free in i40e_client_subtask() Greg Kroah-Hartman
` (71 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:22 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Eric Dumazet, syzbot,
Pablo Neira Ayuso, Sasha Levin
From: Eric Dumazet <edumazet@google.com>
[ Upstream commit a54754ec9891830ba548e2010c889e3c8146e449 ]
Number of buckets being stored in 32bit variables, we have to
ensure that no overflows occur in nft_hash_buckets()
syzbot injected a size == 0x40000000 and reported:
UBSAN: shift-out-of-bounds in ./include/linux/log2.h:57:13
shift exponent 64 is too large for 64-bit type 'long unsigned int'
CPU: 1 PID: 29539 Comm: syz-executor.4 Not tainted 5.12.0-rc7-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:79 [inline]
dump_stack+0x141/0x1d7 lib/dump_stack.c:120
ubsan_epilogue+0xb/0x5a lib/ubsan.c:148
__ubsan_handle_shift_out_of_bounds.cold+0xb1/0x181 lib/ubsan.c:327
__roundup_pow_of_two include/linux/log2.h:57 [inline]
nft_hash_buckets net/netfilter/nft_set_hash.c:411 [inline]
nft_hash_estimate.cold+0x19/0x1e net/netfilter/nft_set_hash.c:652
nft_select_set_ops net/netfilter/nf_tables_api.c:3586 [inline]
nf_tables_newset+0xe62/0x3110 net/netfilter/nf_tables_api.c:4322
nfnetlink_rcv_batch+0xa09/0x24b0 net/netfilter/nfnetlink.c:488
nfnetlink_rcv_skb_batch net/netfilter/nfnetlink.c:612 [inline]
nfnetlink_rcv+0x3af/0x420 net/netfilter/nfnetlink.c:630
netlink_unicast_kernel net/netlink/af_netlink.c:1312 [inline]
netlink_unicast+0x533/0x7d0 net/netlink/af_netlink.c:1338
netlink_sendmsg+0x856/0xd90 net/netlink/af_netlink.c:1927
sock_sendmsg_nosec net/socket.c:654 [inline]
sock_sendmsg+0xcf/0x120 net/socket.c:674
____sys_sendmsg+0x6e8/0x810 net/socket.c:2350
___sys_sendmsg+0xf3/0x170 net/socket.c:2404
__sys_sendmsg+0xe5/0x1b0 net/socket.c:2433
do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
Fixes: 0ed6389c483d ("netfilter: nf_tables: rename set implementations")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: syzbot <syzkaller@googlegroups.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/netfilter/nft_set_hash.c | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/net/netfilter/nft_set_hash.c b/net/netfilter/nft_set_hash.c
index 05118e03c3e4..dbc4ed643b4b 100644
--- a/net/netfilter/nft_set_hash.c
+++ b/net/netfilter/nft_set_hash.c
@@ -392,9 +392,17 @@ static void nft_rhash_destroy(const struct nft_set *set)
(void *)set);
}
+/* Number of buckets is stored in u32, so cap our result to 1U<<31 */
+#define NFT_MAX_BUCKETS (1U << 31)
+
static u32 nft_hash_buckets(u32 size)
{
- return roundup_pow_of_two(size * 4 / 3);
+ u64 val = div_u64((u64)size * 4, 3);
+
+ if (val >= NFT_MAX_BUCKETS)
+ return NFT_MAX_BUCKETS;
+
+ return roundup_pow_of_two(val);
}
static bool nft_rhash_estimate(const struct nft_set_desc *desc, u32 features,
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 361/425] i40e: Fix use-after-free in i40e_client_subtask()
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (359 preceding siblings ...)
2021-05-20 9:22 ` [PATCH 4.19 360/425] netfilter: nftables: avoid overflows in nft_hash_buckets() Greg Kroah-Hartman
@ 2021-05-20 9:22 ` Greg Kroah-Hartman
2021-05-20 9:22 ` [PATCH 4.19 362/425] ARC: entry: fix off-by-one error in syscall number validation Greg Kroah-Hartman
` (70 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:22 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Yunjian Wang, Tony Nguyen, Sasha Levin
From: Yunjian Wang <wangyunjian@huawei.com>
[ Upstream commit 38318f23a7ef86a8b1862e5e8078c4de121960c3 ]
Currently the call to i40e_client_del_instance frees the object
pf->cinst, however pf->cinst->lan_info is being accessed after
the free. Fix this by adding the missing return.
Addresses-Coverity: ("Read from pointer after free")
Fixes: 7b0b1a6d0ac9 ("i40e: Disable iWARP VSI PETCP_ENA flag on netdev down events")
Signed-off-by: Yunjian Wang <wangyunjian@huawei.com>
Signed-off-by: Tony Nguyen <anthony.l.nguyen@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/intel/i40e/i40e_client.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/net/ethernet/intel/i40e/i40e_client.c b/drivers/net/ethernet/intel/i40e/i40e_client.c
index 5f3b8b9ff511..c1832a848714 100644
--- a/drivers/net/ethernet/intel/i40e/i40e_client.c
+++ b/drivers/net/ethernet/intel/i40e/i40e_client.c
@@ -377,6 +377,7 @@ void i40e_client_subtask(struct i40e_pf *pf)
clear_bit(__I40E_CLIENT_INSTANCE_OPENED,
&cdev->state);
i40e_client_del_instance(pf);
+ return;
}
}
}
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 362/425] ARC: entry: fix off-by-one error in syscall number validation
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (360 preceding siblings ...)
2021-05-20 9:22 ` [PATCH 4.19 361/425] i40e: Fix use-after-free in i40e_client_subtask() Greg Kroah-Hartman
@ 2021-05-20 9:22 ` Greg Kroah-Hartman
2021-05-20 9:22 ` [PATCH 4.19 363/425] powerpc/64s: Fix crashes when toggling stf barrier Greg Kroah-Hartman
` (69 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:22 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Shahab Vahedi, Vineet Gupta
From: Vineet Gupta <vgupta@synopsys.com>
commit 3433adc8bd09fc9f29b8baddf33b4ecd1ecd2cdc upstream.
We have NR_syscall syscalls from [0 .. NR_syscall-1].
However the check for invalid syscall number is "> NR_syscall" as
opposed to >=. This off-by-one error erronesously allows "NR_syscall"
to be treated as valid syscall causeing out-of-bounds access into
syscall-call table ensuing a crash (holes within syscall table have a
invalid-entry handler but this is beyond the array implementing the
table).
This problem showed up on v5.6 kernel when testing glibc 2.33 (v5.10
kernel capable, includng faccessat2 syscall 439). The v5.6 kernel has
NR_syscalls=439 (0 to 438). Due to the bug, 439 passed by glibc was
not handled as -ENOSYS but processed leading to a crash.
Link: https://github.com/foss-for-synopsys-dwc-arc-processors/linux/issues/48
Reported-by: Shahab Vahedi <shahab@synopsys.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Vineet Gupta <vgupta@synopsys.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arc/kernel/entry.S | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/arch/arc/kernel/entry.S
+++ b/arch/arc/kernel/entry.S
@@ -169,7 +169,7 @@ tracesys:
; Do the Sys Call as we normally would.
; Validate the Sys Call number
- cmp r8, NR_syscalls
+ cmp r8, NR_syscalls - 1
mov.hi r0, -ENOSYS
bhi tracesys_exit
@@ -252,7 +252,7 @@ ENTRY(EV_Trap)
;============ Normal syscall case
; syscall num shd not exceed the total system calls avail
- cmp r8, NR_syscalls
+ cmp r8, NR_syscalls - 1
mov.hi r0, -ENOSYS
bhi .Lret_from_system_call
^ permalink raw reply [flat|nested] 440+ messages in thread
* [PATCH 4.19 363/425] powerpc/64s: Fix crashes when toggling stf barrier
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (361 preceding siblings ...)
2021-05-20 9:22 ` [PATCH 4.19 362/425] ARC: entry: fix off-by-one error in syscall number validation Greg Kroah-Hartman
@ 2021-05-20 9:22 ` Greg Kroah-Hartman
2021-05-20 9:22 ` [PATCH 4.19 364/425] powerpc/64s: Fix crashes when toggling entry flush barrier Greg Kroah-Hartman
` (68 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:22 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Michael Ellerman
From: Michael Ellerman <mpe@ellerman.id.au>
commit 8ec7791bae1327b1c279c5cd6e929c3b12daaf0a upstream.
The STF (store-to-load forwarding) barrier mitigation can be
enabled/disabled at runtime via a debugfs file (stf_barrier), which
causes the kernel to patch itself to enable/disable the relevant
mitigations.
However depending on which mitigation we're using, it may not be safe to
do that patching while other CPUs are active. For example the following
crash:
User access of kernel address (c00000003fff5af0) - exploit attempt? (uid: 0)
segfault (11) at c00000003fff5af0 nip 7fff8ad12198 lr 7fff8ad121f8 code 1
code: 40820128 e93c00d0 e9290058 7c292840 40810058 38600000 4bfd9a81 e8410018
code: 2c030006 41810154 3860ffb6 e9210098 <e94d8ff0> 7d295279 39400000 40820a3c
Shows that we returned to userspace without restoring the user r13
value, due to executing the partially patched STF exit code.
Fix it by doing the patching under stop machine. The CPUs that aren't
doing the patching will be spinning in the core of the stop machine
logic. That is currently sufficient for our purposes, because none of
the patching we do is to that code or anywhere in the vicinity.
Fixes: a048a07d7f45 ("powerpc/64s: Add support for a store forwarding barrier at kernel entry/exit")
Cc: stable@vger.kernel.org # v4.17+
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20210506044959.1298123-1-mpe@ellerman.id.au
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/powerpc/lib/feature-fixups.c | 19 +++++++++++++++++--
1 file changed, 17 insertions(+), 2 deletions(-)
--- a/arch/powerpc/lib/feature-fixups.c
+++ b/arch/powerpc/lib/feature-fixups.c
@@ -18,6 +18,7 @@
#include <linux/string.h>
#include <linux/init.h>
#include <linux/sched/mm.h>
+#include <linux/stop_machine.h>
#include <asm/cputable.h>
#include <asm/code-patching.h>
#include <asm/page.h>
@@ -225,11 +226,25 @@ void do_stf_exit_barrier_fixups(enum stf
: "unknown");
}
+static int __do_stf_barrier_fixups(void *data)
+{
+ enum stf_barrier_type *types = data;
+
+ do_stf_entry_barrier_fixups(*types);
+ do_stf_exit_barrier_fixups(*types);
+
+ return 0;
+}
void do_stf_barrier_fixups(enum stf_barrier_type types)
{
- do_stf_entry_barrier_fixups(types);
- do_stf_exit_barrier_fixups(types);
+ /*
+ * The call to the fallback entry flush, and the fallback/sync-ori exit
+ * flush can not be safely patched in/out while other CPUs are executing
+ * them. So call __do_stf_barrier_fixups() on one CPU while all other CPUs
+ * spin in the stop machine core with interrupts hard disabled.
+ */
+ stop_machine(__do_stf_barrier_fixups, &types, NULL);
}
void do_uaccess_flush_fixups(enum l1d_flush_type types)
^ permalink raw reply [flat|nested] 440+ messages in thread
* [PATCH 4.19 364/425] powerpc/64s: Fix crashes when toggling entry flush barrier
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (362 preceding siblings ...)
2021-05-20 9:22 ` [PATCH 4.19 363/425] powerpc/64s: Fix crashes when toggling stf barrier Greg Kroah-Hartman
@ 2021-05-20 9:22 ` Greg Kroah-Hartman
2021-05-20 9:22 ` [PATCH 4.19 365/425] hfsplus: prevent corruption in shrinking truncate Greg Kroah-Hartman
` (67 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:22 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Michael Ellerman
From: Michael Ellerman <mpe@ellerman.id.au>
commit aec86b052df6541cc97c5fca44e5934cbea4963b upstream.
The entry flush mitigation can be enabled/disabled at runtime via a
debugfs file (entry_flush), which causes the kernel to patch itself to
enable/disable the relevant mitigations.
However depending on which mitigation we're using, it may not be safe to
do that patching while other CPUs are active. For example the following
crash:
sleeper[15639]: segfault (11) at c000000000004c20 nip c000000000004c20 lr c000000000004c20
Shows that we returned to userspace with a corrupted LR that points into
the kernel, due to executing the partially patched call to the fallback
entry flush (ie. we missed the LR restore).
Fix it by doing the patching under stop machine. The CPUs that aren't
doing the patching will be spinning in the core of the stop machine
logic. That is currently sufficient for our purposes, because none of
the patching we do is to that code or anywhere in the vicinity.
Fixes: f79643787e0a ("powerpc/64s: flush L1D on kernel entry")
Cc: stable@vger.kernel.org # v5.10+
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20210506044959.1298123-2-mpe@ellerman.id.au
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/powerpc/lib/feature-fixups.c | 16 +++++++++++++++-
1 file changed, 15 insertions(+), 1 deletion(-)
--- a/arch/powerpc/lib/feature-fixups.c
+++ b/arch/powerpc/lib/feature-fixups.c
@@ -297,8 +297,9 @@ void do_uaccess_flush_fixups(enum l1d_fl
: "unknown");
}
-void do_entry_flush_fixups(enum l1d_flush_type types)
+static int __do_entry_flush_fixups(void *data)
{
+ enum l1d_flush_type types = *(enum l1d_flush_type *)data;
unsigned int instrs[3], *dest;
long *start, *end;
int i;
@@ -349,6 +350,19 @@ void do_entry_flush_fixups(enum l1d_flus
: "ori type" :
(types & L1D_FLUSH_MTTRIG) ? "mttrig type"
: "unknown");
+
+ return 0;
+}
+
+void do_entry_flush_fixups(enum l1d_flush_type types)
+{
+ /*
+ * The call to the fallback flush can not be safely patched in/out while
+ * other CPUs are executing it. So call __do_entry_flush_fixups() on one
+ * CPU while all other CPUs spin in the stop machine core with interrupts
+ * hard disabled.
+ */
+ stop_machine(__do_entry_flush_fixups, &types, NULL);
}
void do_rfi_flush_fixups(enum l1d_flush_type types)
^ permalink raw reply [flat|nested] 440+ messages in thread
* [PATCH 4.19 365/425] hfsplus: prevent corruption in shrinking truncate
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (363 preceding siblings ...)
2021-05-20 9:22 ` [PATCH 4.19 364/425] powerpc/64s: Fix crashes when toggling entry flush barrier Greg Kroah-Hartman
@ 2021-05-20 9:22 ` Greg Kroah-Hartman
2021-05-20 9:22 ` [PATCH 4.19 366/425] squashfs: fix divide error in calculate_skip() Greg Kroah-Hartman
` (66 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:22 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jouni Roivas, Anton Altaparmakov,
Anatoly Trosinenko, Viacheslav Dubeyko, Andrew Morton,
Linus Torvalds
From: Jouni Roivas <jouni.roivas@tuxera.com>
commit c3187cf32216313fb316084efac4dab3a8459b1d upstream.
I believe there are some issues introduced by commit 31651c607151
("hfsplus: avoid deadlock on file truncation")
HFS+ has extent records which always contains 8 extents. In case the
first extent record in catalog file gets full, new ones are allocated from
extents overflow file.
In case shrinking truncate happens to middle of an extent record which
locates in extents overflow file, the logic in hfsplus_file_truncate() was
changed so that call to hfs_brec_remove() is not guarded any more.
Right action would be just freeing the extents that exceed the new size
inside extent record by calling hfsplus_free_extents(), and then check if
the whole extent record should be removed. However since the guard
(blk_cnt > start) is now after the call to hfs_brec_remove(), this has
unfortunate effect that the last matching extent record is removed
unconditionally.
To reproduce this issue, create a file which has at least 10 extents, and
then perform shrinking truncate into middle of the last extent record, so
that the number of remaining extents is not under or divisible by 8. This
causes the last extent record (8 extents) to be removed totally instead of
truncating into middle of it. Thus this causes corruption, and lost data.
Fix for this is simply checking if the new truncated end is below the
start of this extent record, making it safe to remove the full extent
record. However call to hfs_brec_remove() can't be moved to it's previous
place since we're dropping ->tree_lock and it can cause a race condition
and the cached info being invalidated possibly corrupting the node data.
Another issue is related to this one. When entering into the block
(blk_cnt > start) we are not holding the ->tree_lock. We break out from
the loop not holding the lock, but hfs_find_exit() does unlock it. Not
sure if it's possible for someone else to take the lock under our feet,
but it can cause hard to debug errors and premature unlocking. Even if
there's no real risk of it, the locking should still always be kept in
balance. Thus taking the lock now just before the check.
Link: https://lkml.kernel.org/r/20210429165139.3082828-1-jouni.roivas@tuxera.com
Fixes: 31651c607151f ("hfsplus: avoid deadlock on file truncation")
Signed-off-by: Jouni Roivas <jouni.roivas@tuxera.com>
Reviewed-by: Anton Altaparmakov <anton@tuxera.com>
Cc: Anatoly Trosinenko <anatoly.trosinenko@gmail.com>
Cc: Viacheslav Dubeyko <slava@dubeyko.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/hfsplus/extents.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
--- a/fs/hfsplus/extents.c
+++ b/fs/hfsplus/extents.c
@@ -598,13 +598,15 @@ void hfsplus_file_truncate(struct inode
res = __hfsplus_ext_cache_extent(&fd, inode, alloc_cnt);
if (res)
break;
- hfs_brec_remove(&fd);
- mutex_unlock(&fd.tree->tree_lock);
start = hip->cached_start;
+ if (blk_cnt <= start)
+ hfs_brec_remove(&fd);
+ mutex_unlock(&fd.tree->tree_lock);
hfsplus_free_extents(sb, hip->cached_extents,
alloc_cnt - start, alloc_cnt - blk_cnt);
hfsplus_dump_extent(hip->cached_extents);
+ mutex_lock(&fd.tree->tree_lock);
if (blk_cnt > start) {
hip->extent_state |= HFSPLUS_EXT_DIRTY;
break;
@@ -612,7 +614,6 @@ void hfsplus_file_truncate(struct inode
alloc_cnt = start;
hip->cached_start = hip->cached_blocks = 0;
hip->extent_state &= ~(HFSPLUS_EXT_DIRTY | HFSPLUS_EXT_NEW);
- mutex_lock(&fd.tree->tree_lock);
}
hfs_find_exit(&fd);
^ permalink raw reply [flat|nested] 440+ messages in thread
* [PATCH 4.19 366/425] squashfs: fix divide error in calculate_skip()
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (364 preceding siblings ...)
2021-05-20 9:22 ` [PATCH 4.19 365/425] hfsplus: prevent corruption in shrinking truncate Greg Kroah-Hartman
@ 2021-05-20 9:22 ` Greg Kroah-Hartman
2021-05-20 9:22 ` [PATCH 4.19 367/425] userfaultfd: release page in error path to avoid BUG_ON Greg Kroah-Hartman
` (65 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:22 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Phillip Lougher,
syzbot+e8f781243ce16ac2f962, syzbot+7b98870d4fec9447b951,
Andrew Morton, Linus Torvalds
From: Phillip Lougher <phillip@squashfs.org.uk>
commit d6e621de1fceb3b098ebf435ef7ea91ec4838a1a upstream.
Sysbot has reported a "divide error" which has been identified as being
caused by a corrupted file_size value within the file inode. This value
has been corrupted to a much larger value than expected.
Calculate_skip() is passed i_size_read(inode) >> msblk->block_log. Due to
the file_size value corruption this overflows the int argument/variable in
that function, leading to the divide error.
This patch changes the function to use u64. This will accommodate any
unexpectedly large values due to corruption.
The value returned from calculate_skip() is clamped to be never more than
SQUASHFS_CACHED_BLKS - 1, or 7. So file_size corruption does not lead to
an unexpectedly large return result here.
Link: https://lkml.kernel.org/r/20210507152618.9447-1-phillip@squashfs.org.uk
Signed-off-by: Phillip Lougher <phillip@squashfs.org.uk>
Reported-by: <syzbot+e8f781243ce16ac2f962@syzkaller.appspotmail.com>
Reported-by: <syzbot+7b98870d4fec9447b951@syzkaller.appspotmail.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/squashfs/file.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
--- a/fs/squashfs/file.c
+++ b/fs/squashfs/file.c
@@ -224,11 +224,11 @@ failure:
* If the skip factor is limited in this way then the file will use multiple
* slots.
*/
-static inline int calculate_skip(int blocks)
+static inline int calculate_skip(u64 blocks)
{
- int skip = blocks / ((SQUASHFS_META_ENTRIES + 1)
+ u64 skip = blocks / ((SQUASHFS_META_ENTRIES + 1)
* SQUASHFS_META_INDEXES);
- return min(SQUASHFS_CACHED_BLKS - 1, skip + 1);
+ return min((u64) SQUASHFS_CACHED_BLKS - 1, skip + 1);
}
^ permalink raw reply [flat|nested] 440+ messages in thread
* [PATCH 4.19 367/425] userfaultfd: release page in error path to avoid BUG_ON
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (365 preceding siblings ...)
2021-05-20 9:22 ` [PATCH 4.19 366/425] squashfs: fix divide error in calculate_skip() Greg Kroah-Hartman
@ 2021-05-20 9:22 ` Greg Kroah-Hartman
2021-05-20 9:22 ` [PATCH 4.19 368/425] drm/radeon/dpm: Disable sclk switching on Oland when two 4K 60Hz monitors are connected Greg Kroah-Hartman
` (64 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:22 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Axel Rasmussen, Hugh Dickins,
Peter Xu, Andrew Morton, Linus Torvalds
From: Axel Rasmussen <axelrasmussen@google.com>
commit 7ed9d238c7dbb1fdb63ad96a6184985151b0171c upstream.
Consider the following sequence of events:
1. Userspace issues a UFFD ioctl, which ends up calling into
shmem_mfill_atomic_pte(). We successfully account the blocks, we
shmem_alloc_page(), but then the copy_from_user() fails. We return
-ENOENT. We don't release the page we allocated.
2. Our caller detects this error code, tries the copy_from_user() after
dropping the mmap_lock, and retries, calling back into
shmem_mfill_atomic_pte().
3. Meanwhile, let's say another process filled up the tmpfs being used.
4. So shmem_mfill_atomic_pte() fails to account blocks this time, and
immediately returns - without releasing the page.
This triggers a BUG_ON in our caller, which asserts that the page
should always be consumed, unless -ENOENT is returned.
To fix this, detect if we have such a "dangling" page when accounting
fails, and if so, release it before returning.
Link: https://lkml.kernel.org/r/20210428230858.348400-1-axelrasmussen@google.com
Fixes: cb658a453b93 ("userfaultfd: shmem: avoid leaking blocks and used blocks in UFFDIO_COPY")
Signed-off-by: Axel Rasmussen <axelrasmussen@google.com>
Reported-by: Hugh Dickins <hughd@google.com>
Acked-by: Hugh Dickins <hughd@google.com>
Reviewed-by: Peter Xu <peterx@redhat.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
mm/shmem.c | 12 +++++++++++-
1 file changed, 11 insertions(+), 1 deletion(-)
--- a/mm/shmem.c
+++ b/mm/shmem.c
@@ -2271,8 +2271,18 @@ static int shmem_mfill_atomic_pte(struct
pgoff_t offset, max_off;
ret = -ENOMEM;
- if (!shmem_inode_acct_block(inode, 1))
+ if (!shmem_inode_acct_block(inode, 1)) {
+ /*
+ * We may have got a page, returned -ENOENT triggering a retry,
+ * and now we find ourselves with -ENOMEM. Release the page, to
+ * avoid a BUG_ON in our caller.
+ */
+ if (unlikely(*pagep)) {
+ put_page(*pagep);
+ *pagep = NULL;
+ }
goto out;
+ }
if (!*pagep) {
page = shmem_alloc_page(gfp, info, pgoff);
^ permalink raw reply [flat|nested] 440+ messages in thread
* [PATCH 4.19 368/425] drm/radeon/dpm: Disable sclk switching on Oland when two 4K 60Hz monitors are connected
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (366 preceding siblings ...)
2021-05-20 9:22 ` [PATCH 4.19 367/425] userfaultfd: release page in error path to avoid BUG_ON Greg Kroah-Hartman
@ 2021-05-20 9:22 ` Greg Kroah-Hartman
2021-05-20 9:22 ` [PATCH 4.19 369/425] iio: proximity: pulsedlight: Fix rumtime PM imbalance on error Greg Kroah-Hartman
` (63 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:22 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Kai-Heng Feng, Alex Deucher
From: Kai-Heng Feng <kai.heng.feng@canonical.com>
commit 227545b9a08c68778ddd89428f99c351fc9315ac upstream.
Screen flickers rapidly when two 4K 60Hz monitors are in use. This issue
doesn't happen when one monitor is 4K 60Hz (pixelclock 594MHz) and
another one is 4K 30Hz (pixelclock 297MHz).
The issue is gone after setting "power_dpm_force_performance_level" to
"high". Following the indication, we found that the issue occurs when
sclk is too low.
So resolve the issue by disabling sclk switching when there are two
monitors requires high pixelclock (> 297MHz).
v2:
- Only apply the fix to Oland.
Signed-off-by: Kai-Heng Feng <kai.heng.feng@canonical.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Cc: stable@vger.kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/radeon/radeon.h | 1 +
drivers/gpu/drm/radeon/radeon_pm.c | 8 ++++++++
drivers/gpu/drm/radeon/si_dpm.c | 3 +++
3 files changed, 12 insertions(+)
--- a/drivers/gpu/drm/radeon/radeon.h
+++ b/drivers/gpu/drm/radeon/radeon.h
@@ -1558,6 +1558,7 @@ struct radeon_dpm {
void *priv;
u32 new_active_crtcs;
int new_active_crtc_count;
+ int high_pixelclock_count;
u32 current_active_crtcs;
int current_active_crtc_count;
bool single_display;
--- a/drivers/gpu/drm/radeon/radeon_pm.c
+++ b/drivers/gpu/drm/radeon/radeon_pm.c
@@ -1715,6 +1715,7 @@ static void radeon_pm_compute_clocks_dpm
struct drm_device *ddev = rdev->ddev;
struct drm_crtc *crtc;
struct radeon_crtc *radeon_crtc;
+ struct radeon_connector *radeon_connector;
if (!rdev->pm.dpm_enabled)
return;
@@ -1724,6 +1725,7 @@ static void radeon_pm_compute_clocks_dpm
/* update active crtc counts */
rdev->pm.dpm.new_active_crtcs = 0;
rdev->pm.dpm.new_active_crtc_count = 0;
+ rdev->pm.dpm.high_pixelclock_count = 0;
if (rdev->num_crtc && rdev->mode_info.mode_config_initialized) {
list_for_each_entry(crtc,
&ddev->mode_config.crtc_list, head) {
@@ -1731,6 +1733,12 @@ static void radeon_pm_compute_clocks_dpm
if (crtc->enabled) {
rdev->pm.dpm.new_active_crtcs |= (1 << radeon_crtc->crtc_id);
rdev->pm.dpm.new_active_crtc_count++;
+ if (!radeon_crtc->connector)
+ continue;
+
+ radeon_connector = to_radeon_connector(radeon_crtc->connector);
+ if (radeon_connector->pixelclock_for_modeset > 297000)
+ rdev->pm.dpm.high_pixelclock_count++;
}
}
}
--- a/drivers/gpu/drm/radeon/si_dpm.c
+++ b/drivers/gpu/drm/radeon/si_dpm.c
@@ -3000,6 +3000,9 @@ static void si_apply_state_adjust_rules(
(rdev->pdev->device == 0x6605)) {
max_sclk = 75000;
}
+
+ if (rdev->pm.dpm.high_pixelclock_count > 1)
+ disable_sclk_switching = true;
}
if (rps->vce_active) {
^ permalink raw reply [flat|nested] 440+ messages in thread
* [PATCH 4.19 369/425] iio: proximity: pulsedlight: Fix rumtime PM imbalance on error
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (367 preceding siblings ...)
2021-05-20 9:22 ` [PATCH 4.19 368/425] drm/radeon/dpm: Disable sclk switching on Oland when two 4K 60Hz monitors are connected Greg Kroah-Hartman
@ 2021-05-20 9:22 ` Greg Kroah-Hartman
2021-05-20 9:22 ` [PATCH 4.19 370/425] usb: fotg210-hcd: Fix an error message Greg Kroah-Hartman
` (62 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:22 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dinghao Liu, Andy Shevchenko,
Jonathan Cameron, Sasha Levin
From: Dinghao Liu <dinghao.liu@zju.edu.cn>
[ Upstream commit a2fa9242e89f27696515699fe0f0296bf1ac1815 ]
When lidar_write_control() fails, a pairing PM usage counter
decrement is needed to keep the counter balanced.
Fixes: 4ac4e086fd8c5 ("iio: pulsedlight-lidar-lite: add runtime PM")
Signed-off-by: Dinghao Liu <dinghao.liu@zju.edu.cn>
Reviewed-by: Andy Shevchenko <andy.shevchenko@gmail.com>
Link: https://lore.kernel.org/r/20210412053204.4889-1-dinghao.liu@zju.edu.cn
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/iio/proximity/pulsedlight-lidar-lite-v2.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/iio/proximity/pulsedlight-lidar-lite-v2.c b/drivers/iio/proximity/pulsedlight-lidar-lite-v2.c
index 47af54f14756..67f85268b63d 100644
--- a/drivers/iio/proximity/pulsedlight-lidar-lite-v2.c
+++ b/drivers/iio/proximity/pulsedlight-lidar-lite-v2.c
@@ -158,6 +158,7 @@ static int lidar_get_measurement(struct lidar_data *data, u16 *reg)
ret = lidar_write_control(data, LIDAR_REG_CONTROL_ACQUIRE);
if (ret < 0) {
dev_err(&client->dev, "cannot send start measurement command");
+ pm_runtime_put_noidle(&client->dev);
return ret;
}
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 370/425] usb: fotg210-hcd: Fix an error message
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (368 preceding siblings ...)
2021-05-20 9:22 ` [PATCH 4.19 369/425] iio: proximity: pulsedlight: Fix rumtime PM imbalance on error Greg Kroah-Hartman
@ 2021-05-20 9:22 ` Greg Kroah-Hartman
2021-05-20 9:22 ` [PATCH 4.19 371/425] ACPI: scan: Fix a memory leak in an error handling path Greg Kroah-Hartman
` (61 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:22 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Christophe JAILLET, Sasha Levin
From: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
[ Upstream commit a60a34366e0d09ca002c966dd7c43a68c28b1f82 ]
'retval' is known to be -ENODEV here.
This is a hard-coded default error code which is not useful in the error
message. Moreover, another error message is printed at the end of the
error handling path. The corresponding error code (-ENOMEM) is more
informative.
So remove simplify the first error message.
While at it, also remove the useless initialization of 'retval'.
Fixes: 7d50195f6c50 ("usb: host: Faraday fotg210-hcd driver")
Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Link: https://lore.kernel.org/r/94531bcff98e46d4f9c20183a90b7f47f699126c.1620333419.git.christophe.jaillet@wanadoo.fr
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/usb/host/fotg210-hcd.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/usb/host/fotg210-hcd.c b/drivers/usb/host/fotg210-hcd.c
index 2d5a72c15069..226b38274a6e 100644
--- a/drivers/usb/host/fotg210-hcd.c
+++ b/drivers/usb/host/fotg210-hcd.c
@@ -5569,7 +5569,7 @@ static int fotg210_hcd_probe(struct platform_device *pdev)
struct usb_hcd *hcd;
struct resource *res;
int irq;
- int retval = -ENODEV;
+ int retval;
struct fotg210_hcd *fotg210;
if (usb_disabled())
@@ -5589,7 +5589,7 @@ static int fotg210_hcd_probe(struct platform_device *pdev)
hcd = usb_create_hcd(&fotg210_fotg210_hc_driver, dev,
dev_name(dev));
if (!hcd) {
- dev_err(dev, "failed to create hcd with err %d\n", retval);
+ dev_err(dev, "failed to create hcd\n");
retval = -ENOMEM;
goto fail_create_hcd;
}
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 371/425] ACPI: scan: Fix a memory leak in an error handling path
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (369 preceding siblings ...)
2021-05-20 9:22 ` [PATCH 4.19 370/425] usb: fotg210-hcd: Fix an error message Greg Kroah-Hartman
@ 2021-05-20 9:22 ` Greg Kroah-Hartman
2021-05-20 9:22 ` [PATCH 4.19 372/425] blk-mq: Swap two calls in blk_mq_exit_queue() Greg Kroah-Hartman
` (60 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:22 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Christophe JAILLET, Andy Shevchenko,
Rafael J. Wysocki, Sasha Levin
From: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
[ Upstream commit 0c8bd174f0fc131bc9dfab35cd8784f59045da87 ]
If 'acpi_device_set_name()' fails, we must free
'acpi_device_bus_id->bus_id' or there is a (potential) memory leak.
Fixes: eb50aaf960e3 ("ACPI: scan: Use unique number for instance_no")
Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Reviewed-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/acpi/scan.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/acpi/scan.c b/drivers/acpi/scan.c
index d3c551bdc2da..1e7e2c438acf 100644
--- a/drivers/acpi/scan.c
+++ b/drivers/acpi/scan.c
@@ -705,6 +705,7 @@ int acpi_device_add(struct acpi_device *device,
result = acpi_device_set_name(device, acpi_device_bus_id);
if (result) {
+ kfree_const(acpi_device_bus_id->bus_id);
kfree(acpi_device_bus_id);
goto err_unlock;
}
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 372/425] blk-mq: Swap two calls in blk_mq_exit_queue()
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (370 preceding siblings ...)
2021-05-20 9:22 ` [PATCH 4.19 371/425] ACPI: scan: Fix a memory leak in an error handling path Greg Kroah-Hartman
@ 2021-05-20 9:22 ` Greg Kroah-Hartman
2021-05-20 9:22 ` [PATCH 4.19 373/425] usb: dwc3: omap: improve extcon initialization Greg Kroah-Hartman
` (59 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:22 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Christoph Hellwig, Ming Lei,
Hannes Reinecke, Bart Van Assche, Jens Axboe, Sasha Levin
From: Bart Van Assche <bvanassche@acm.org>
[ Upstream commit 630ef623ed26c18a457cdc070cf24014e50129c2 ]
If a tag set is shared across request queues (e.g. SCSI LUNs) then the
block layer core keeps track of the number of active request queues in
tags->active_queues. blk_mq_tag_busy() and blk_mq_tag_idle() update that
atomic counter if the hctx flag BLK_MQ_F_TAG_QUEUE_SHARED is set. Make
sure that blk_mq_exit_queue() calls blk_mq_tag_idle() before that flag is
cleared by blk_mq_del_queue_tag_set().
Cc: Christoph Hellwig <hch@infradead.org>
Cc: Ming Lei <ming.lei@redhat.com>
Cc: Hannes Reinecke <hare@suse.com>
Fixes: 0d2602ca30e4 ("blk-mq: improve support for shared tags maps")
Signed-off-by: Bart Van Assche <bvanassche@acm.org>
Reviewed-by: Ming Lei <ming.lei@redhat.com>
Link: https://lore.kernel.org/r/20210513171529.7977-1-bvanassche@acm.org
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
block/blk-mq.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
--- a/block/blk-mq.c
+++ b/block/blk-mq.c
@@ -2673,10 +2673,12 @@ EXPORT_SYMBOL(blk_mq_init_allocated_queu
/* tags can _not_ be used after returning from blk_mq_exit_queue */
void blk_mq_exit_queue(struct request_queue *q)
{
- struct blk_mq_tag_set *set = q->tag_set;
+ struct blk_mq_tag_set *set = q->tag_set;
- blk_mq_del_queue_tag_set(q);
+ /* Checks hctx->flags & BLK_MQ_F_TAG_QUEUE_SHARED. */
blk_mq_exit_hw_queues(q, set, set->nr_hw_queues);
+ /* May clear BLK_MQ_F_TAG_QUEUE_SHARED in hctx->flags. */
+ blk_mq_del_queue_tag_set(q);
}
/* Basically redo blk_mq_init_queue with queue frozen */
^ permalink raw reply [flat|nested] 440+ messages in thread
* [PATCH 4.19 373/425] usb: dwc3: omap: improve extcon initialization
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (371 preceding siblings ...)
2021-05-20 9:22 ` [PATCH 4.19 372/425] blk-mq: Swap two calls in blk_mq_exit_queue() Greg Kroah-Hartman
@ 2021-05-20 9:22 ` Greg Kroah-Hartman
2021-05-20 9:22 ` [PATCH 4.19 374/425] usb: dwc3: pci: Enable usb2-gadget-lpm-disable for Intel Merrifield Greg Kroah-Hartman
` (58 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:22 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Marcel Hamer
From: Marcel Hamer <marcel@solidxs.se>
commit e17b02d4970913233d543c79c9c66e72cac05bdd upstream.
When extcon is used in combination with dwc3, it is assumed that the dwc3
registers are untouched and as such are only configured if VBUS is valid
or ID is tied to ground.
In case VBUS is not valid or ID is floating, the registers are not
configured as such during driver initialization, causing a wrong
default state during boot.
If the registers are not in a default state, because they are for
instance touched by a boot loader, this can cause for a kernel error.
Signed-off-by: Marcel Hamer <marcel@solidxs.se>
Link: https://lore.kernel.org/r/20210427122118.1948340-1-marcel@solidxs.se
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/dwc3/dwc3-omap.c | 5 +++++
1 file changed, 5 insertions(+)
--- a/drivers/usb/dwc3/dwc3-omap.c
+++ b/drivers/usb/dwc3/dwc3-omap.c
@@ -432,8 +432,13 @@ static int dwc3_omap_extcon_register(str
if (extcon_get_state(edev, EXTCON_USB) == true)
dwc3_omap_set_mailbox(omap, OMAP_DWC3_VBUS_VALID);
+ else
+ dwc3_omap_set_mailbox(omap, OMAP_DWC3_VBUS_OFF);
+
if (extcon_get_state(edev, EXTCON_USB_HOST) == true)
dwc3_omap_set_mailbox(omap, OMAP_DWC3_ID_GROUND);
+ else
+ dwc3_omap_set_mailbox(omap, OMAP_DWC3_ID_FLOAT);
omap->edev = edev;
}
^ permalink raw reply [flat|nested] 440+ messages in thread
* [PATCH 4.19 374/425] usb: dwc3: pci: Enable usb2-gadget-lpm-disable for Intel Merrifield
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (372 preceding siblings ...)
2021-05-20 9:22 ` [PATCH 4.19 373/425] usb: dwc3: omap: improve extcon initialization Greg Kroah-Hartman
@ 2021-05-20 9:22 ` Greg Kroah-Hartman
2021-05-20 9:22 ` [PATCH 4.19 375/425] usb: xhci: Increase timeout for HC halt Greg Kroah-Hartman
` (57 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:22 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Andy Shevchenko, Ferry Toth
From: Ferry Toth <ftoth@exalondelft.nl>
commit 04357fafea9c7ed34525eb9680c760245c3bb958 upstream.
On Intel Merrifield LPM is causing host to reset port after a timeout.
By disabling LPM entirely this is prevented.
Fixes: 066c09593454 ("usb: dwc3: pci: Enable extcon driver for Intel Merrifield")
Reviewed-by: Andy Shevchenko <andy.shevchenko@gmail.com>
Signed-off-by: Ferry Toth <ftoth@exalondelft.nl>
Cc: stable <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20210425150947.5862-1-ftoth@exalondelft.nl
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/dwc3/dwc3-pci.c | 1 +
1 file changed, 1 insertion(+)
--- a/drivers/usb/dwc3/dwc3-pci.c
+++ b/drivers/usb/dwc3/dwc3-pci.c
@@ -133,6 +133,7 @@ static const struct property_entry dwc3_
PROPERTY_ENTRY_BOOL("snps,disable_scramble_quirk"),
PROPERTY_ENTRY_BOOL("snps,dis_u3_susphy_quirk"),
PROPERTY_ENTRY_BOOL("snps,dis_u2_susphy_quirk"),
+ PROPERTY_ENTRY_BOOL("snps,usb2-gadget-lpm-disable"),
PROPERTY_ENTRY_BOOL("linux,sysdev_is_parent"),
{}
};
^ permalink raw reply [flat|nested] 440+ messages in thread
* [PATCH 4.19 375/425] usb: xhci: Increase timeout for HC halt
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (373 preceding siblings ...)
2021-05-20 9:22 ` [PATCH 4.19 374/425] usb: dwc3: pci: Enable usb2-gadget-lpm-disable for Intel Merrifield Greg Kroah-Hartman
@ 2021-05-20 9:22 ` Greg Kroah-Hartman
2021-05-20 9:22 ` [PATCH 4.19 376/425] usb: dwc2: Fix gadget DMA unmap direction Greg Kroah-Hartman
` (56 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:22 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Maximilian Luz, Mathias Nyman
From: Maximilian Luz <luzmaximilian@gmail.com>
commit ca09b1bea63ab83f4cca3a2ae8bc4f597ec28851 upstream.
On some devices (specifically the SC8180x based Surface Pro X with
QCOM04A6) HC halt / xhci_halt() times out during boot. Manually binding
the xhci-hcd driver at some point later does not exhibit this behavior.
To work around this, double XHCI_MAX_HALT_USEC, which also resolves this
issue.
Cc: <stable@vger.kernel.org>
Signed-off-by: Maximilian Luz <luzmaximilian@gmail.com>
Signed-off-by: Mathias Nyman <mathias.nyman@linux.intel.com>
Link: https://lore.kernel.org/r/20210512080816.866037-5-mathias.nyman@linux.intel.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/host/xhci-ext-caps.h | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
--- a/drivers/usb/host/xhci-ext-caps.h
+++ b/drivers/usb/host/xhci-ext-caps.h
@@ -7,8 +7,9 @@
* Author: Sarah Sharp
* Some code borrowed from the Linux EHCI driver.
*/
-/* Up to 16 ms to halt an HC */
-#define XHCI_MAX_HALT_USEC (16*1000)
+
+/* HC should halt within 16 ms, but use 32 ms as some hosts take longer */
+#define XHCI_MAX_HALT_USEC (32 * 1000)
/* HC not running - set to 1 when run/stop bit is cleared. */
#define XHCI_STS_HALT (1<<0)
^ permalink raw reply [flat|nested] 440+ messages in thread
* [PATCH 4.19 376/425] usb: dwc2: Fix gadget DMA unmap direction
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (374 preceding siblings ...)
2021-05-20 9:22 ` [PATCH 4.19 375/425] usb: xhci: Increase timeout for HC halt Greg Kroah-Hartman
@ 2021-05-20 9:22 ` Greg Kroah-Hartman
2021-05-20 9:22 ` [PATCH 4.19 377/425] usb: core: hub: fix race condition about TRSMRCY of resume Greg Kroah-Hartman
` (55 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:22 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Minas Harutyunyan, Phil Elwell
From: Phil Elwell <phil@raspberrypi.com>
commit 75a41ce46bae6cbe7d3bb2584eb844291d642874 upstream.
The dwc2 gadget support maps and unmaps DMA buffers as necessary. When
mapping and unmapping it uses the direction of the endpoint to select
the direction of the DMA transfer, but this fails for Control OUT
transfers because the unmap occurs after the endpoint direction has
been reversed for the status phase.
A possible solution would be to unmap the buffer before the direction
is changed, but a safer, less invasive fix is to remember the buffer
direction independently of the endpoint direction.
Fixes: fe0b94abcdf6 ("usb: dwc2: gadget: manage ep0 state in software")
Acked-by: Minas Harutyunyan <Minas.Harutyunyan@synopsys.com>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Phil Elwell <phil@raspberrypi.com>
Link: https://lore.kernel.org/r/20210506112200.2893922-1-phil@raspberrypi.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/dwc2/core.h | 2 ++
drivers/usb/dwc2/gadget.c | 3 ++-
2 files changed, 4 insertions(+), 1 deletion(-)
--- a/drivers/usb/dwc2/core.h
+++ b/drivers/usb/dwc2/core.h
@@ -112,6 +112,7 @@ struct dwc2_hsotg_req;
* @debugfs: File entry for debugfs file for this endpoint.
* @dir_in: Set to true if this endpoint is of the IN direction, which
* means that it is sending data to the Host.
+ * @map_dir: Set to the value of dir_in when the DMA buffer is mapped.
* @index: The index for the endpoint registers.
* @mc: Multi Count - number of transactions per microframe
* @interval: Interval for periodic endpoints, in frames or microframes.
@@ -161,6 +162,7 @@ struct dwc2_hsotg_ep {
unsigned short fifo_index;
unsigned char dir_in;
+ unsigned char map_dir;
unsigned char index;
unsigned char mc;
u16 interval;
--- a/drivers/usb/dwc2/gadget.c
+++ b/drivers/usb/dwc2/gadget.c
@@ -380,7 +380,7 @@ static void dwc2_hsotg_unmap_dma(struct
{
struct usb_request *req = &hs_req->req;
- usb_gadget_unmap_request(&hsotg->gadget, req, hs_ep->dir_in);
+ usb_gadget_unmap_request(&hsotg->gadget, req, hs_ep->map_dir);
}
/*
@@ -1163,6 +1163,7 @@ static int dwc2_hsotg_map_dma(struct dwc
{
int ret;
+ hs_ep->map_dir = hs_ep->dir_in;
ret = usb_gadget_map_request(&hsotg->gadget, req, hs_ep->dir_in);
if (ret)
goto dma_error;
^ permalink raw reply [flat|nested] 440+ messages in thread
* [PATCH 4.19 377/425] usb: core: hub: fix race condition about TRSMRCY of resume
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (375 preceding siblings ...)
2021-05-20 9:22 ` [PATCH 4.19 376/425] usb: dwc2: Fix gadget DMA unmap direction Greg Kroah-Hartman
@ 2021-05-20 9:22 ` Greg Kroah-Hartman
2021-05-20 9:22 ` [PATCH 4.19 378/425] usb: dwc3: gadget: Return success always for kick transfer in ep queue Greg Kroah-Hartman
` (54 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:22 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Tianping Fang, Alan Stern, Chunfeng Yun
From: Chunfeng Yun <chunfeng.yun@mediatek.com>
commit 975f94c7d6c306b833628baa9aec3f79db1eb3a1 upstream.
This may happen if the port becomes resume status exactly
when usb_port_resume() gets port status, it still need provide
a TRSMCRY time before access the device.
CC: <stable@vger.kernel.org>
Reported-by: Tianping Fang <tianping.fang@mediatek.com>
Acked-by: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Chunfeng Yun <chunfeng.yun@mediatek.com>
Link: https://lore.kernel.org/r/20210512020738.52961-1-chunfeng.yun@mediatek.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/core/hub.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
--- a/drivers/usb/core/hub.c
+++ b/drivers/usb/core/hub.c
@@ -3539,9 +3539,6 @@ int usb_port_resume(struct usb_device *u
* sequence.
*/
status = hub_port_status(hub, port1, &portstatus, &portchange);
-
- /* TRSMRCY = 10 msec */
- msleep(10);
}
SuspendCleared:
@@ -3556,6 +3553,9 @@ int usb_port_resume(struct usb_device *u
usb_clear_port_feature(hub->hdev, port1,
USB_PORT_FEAT_C_SUSPEND);
}
+
+ /* TRSMRCY = 10 msec */
+ msleep(10);
}
if (udev->persist_enabled)
^ permalink raw reply [flat|nested] 440+ messages in thread
* [PATCH 4.19 378/425] usb: dwc3: gadget: Return success always for kick transfer in ep queue
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (376 preceding siblings ...)
2021-05-20 9:22 ` [PATCH 4.19 377/425] usb: core: hub: fix race condition about TRSMRCY of resume Greg Kroah-Hartman
@ 2021-05-20 9:22 ` Greg Kroah-Hartman
2021-05-20 9:22 ` [PATCH 4.19 379/425] xhci: Do not use GFP_KERNEL in (potentially) atomic context Greg Kroah-Hartman
` (53 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:22 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Wesley Cheng
From: Wesley Cheng <wcheng@codeaurora.org>
commit 18ffa988dbae69cc6e9949cddd9606f6fe533894 upstream.
If an error is received when issuing a start or update transfer
command, the error handler will stop all active requests (including
the current USB request), and call dwc3_gadget_giveback() to notify
function drivers of the requests which have been stopped. Avoid
returning an error for kick transfer during EP queue, to remove
duplicate cleanup operations on the request being queued.
Fixes: 8d99087c2db8 ("usb: dwc3: gadget: Properly handle failed kick_transfer")
cc: stable@vger.kernel.org
Signed-off-by: Wesley Cheng <wcheng@codeaurora.org>
Link: https://lore.kernel.org/r/1620410119-24971-1-git-send-email-wcheng@codeaurora.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/dwc3/gadget.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
--- a/drivers/usb/dwc3/gadget.c
+++ b/drivers/usb/dwc3/gadget.c
@@ -1413,7 +1413,9 @@ static int __dwc3_gadget_ep_queue(struct
}
}
- return __dwc3_gadget_kick_transfer(dep);
+ __dwc3_gadget_kick_transfer(dep);
+
+ return 0;
}
static int dwc3_gadget_ep_queue(struct usb_ep *ep, struct usb_request *request,
^ permalink raw reply [flat|nested] 440+ messages in thread
* [PATCH 4.19 379/425] xhci: Do not use GFP_KERNEL in (potentially) atomic context
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (377 preceding siblings ...)
2021-05-20 9:22 ` [PATCH 4.19 378/425] usb: dwc3: gadget: Return success always for kick transfer in ep queue Greg Kroah-Hartman
@ 2021-05-20 9:22 ` Greg Kroah-Hartman
2021-05-20 9:22 ` [PATCH 4.19 380/425] xhci: Add reset resume quirk for AMD xhci controller Greg Kroah-Hartman
` (52 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:22 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Christophe JAILLET, Mathias Nyman
From: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
commit dda32c00c9a0fa103b5d54ef72c477b7aa993679 upstream.
'xhci_urb_enqueue()' is passed a 'mem_flags' argument, because "URBs may be
submitted in interrupt context" (see comment related to 'usb_submit_urb()'
in 'drivers/usb/core/urb.c')
So this flag should be used in all the calling chain.
Up to now, 'xhci_check_maxpacket()' which is only called from
'xhci_urb_enqueue()', uses GFP_KERNEL.
Be safe and pass the mem_flags to this function as well.
Fixes: ddba5cd0aeff ("xhci: Use command structures when queuing commands on the command ring")
Cc: <stable@vger.kernel.org>
Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Signed-off-by: Mathias Nyman <mathias.nyman@linux.intel.com>
Link: https://lore.kernel.org/r/20210512080816.866037-4-mathias.nyman@linux.intel.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/host/xhci.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
--- a/drivers/usb/host/xhci.c
+++ b/drivers/usb/host/xhci.c
@@ -1374,7 +1374,7 @@ static int xhci_configure_endpoint(struc
* we need to issue an evaluate context command and wait on it.
*/
static int xhci_check_maxpacket(struct xhci_hcd *xhci, unsigned int slot_id,
- unsigned int ep_index, struct urb *urb)
+ unsigned int ep_index, struct urb *urb, gfp_t mem_flags)
{
struct xhci_container_ctx *out_ctx;
struct xhci_input_control_ctx *ctrl_ctx;
@@ -1405,7 +1405,7 @@ static int xhci_check_maxpacket(struct x
* changes max packet sizes.
*/
- command = xhci_alloc_command(xhci, true, GFP_KERNEL);
+ command = xhci_alloc_command(xhci, true, mem_flags);
if (!command)
return -ENOMEM;
@@ -1502,7 +1502,7 @@ static int xhci_urb_enqueue(struct usb_h
*/
if (urb->dev->speed == USB_SPEED_FULL) {
ret = xhci_check_maxpacket(xhci, slot_id,
- ep_index, urb);
+ ep_index, urb, mem_flags);
if (ret < 0) {
xhci_urb_free_priv(urb_priv);
urb->hcpriv = NULL;
^ permalink raw reply [flat|nested] 440+ messages in thread
* [PATCH 4.19 380/425] xhci: Add reset resume quirk for AMD xhci controller.
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (378 preceding siblings ...)
2021-05-20 9:22 ` [PATCH 4.19 379/425] xhci: Do not use GFP_KERNEL in (potentially) atomic context Greg Kroah-Hartman
@ 2021-05-20 9:22 ` Greg Kroah-Hartman
2021-05-20 9:22 ` [PATCH 4.19 381/425] iio: gyro: mpu3050: Fix reported temperature value Greg Kroah-Hartman
` (51 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:22 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Sandeep Singh, Mathias Nyman
From: Sandeep Singh <sandeep.singh@amd.com>
commit 3c128781d8da463761495aaf8898c9ecb4e71528 upstream.
One of AMD xhci controller require reset on resume.
Occasionally AMD xhci controller does not respond to
Stop endpoint command.
Once the issue happens controller goes into bad state
and in that case controller needs to be reset.
Cc: <stable@vger.kernel.org>
Signed-off-by: Sandeep Singh <sandeep.singh@amd.com>
Signed-off-by: Mathias Nyman <mathias.nyman@linux.intel.com>
Link: https://lore.kernel.org/r/20210512080816.866037-6-mathias.nyman@linux.intel.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/host/xhci-pci.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
--- a/drivers/usb/host/xhci-pci.c
+++ b/drivers/usb/host/xhci-pci.c
@@ -144,8 +144,10 @@ static void xhci_pci_quirks(struct devic
(pdev->device == 0x15e0 || pdev->device == 0x15e1))
xhci->quirks |= XHCI_SNPS_BROKEN_SUSPEND;
- if (pdev->vendor == PCI_VENDOR_ID_AMD && pdev->device == 0x15e5)
+ if (pdev->vendor == PCI_VENDOR_ID_AMD && pdev->device == 0x15e5) {
xhci->quirks |= XHCI_DISABLE_SPARSE;
+ xhci->quirks |= XHCI_RESET_ON_RESUME;
+ }
if (pdev->vendor == PCI_VENDOR_ID_AMD)
xhci->quirks |= XHCI_TRUST_TX_LENGTH;
^ permalink raw reply [flat|nested] 440+ messages in thread
* [PATCH 4.19 381/425] iio: gyro: mpu3050: Fix reported temperature value
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (379 preceding siblings ...)
2021-05-20 9:22 ` [PATCH 4.19 380/425] xhci: Add reset resume quirk for AMD xhci controller Greg Kroah-Hartman
@ 2021-05-20 9:22 ` Greg Kroah-Hartman
2021-05-20 9:22 ` [PATCH 4.19 382/425] iio: tsl2583: Fix division by a zero lux_val Greg Kroah-Hartman
` (50 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:22 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Svyatoslav Ryhel, Andy Shevchenko,
Linus Walleij, Dmitry Osipenko, Jean-Baptiste Maneyrol,
Jonathan Cameron, Maxim Schwalm
From: Dmitry Osipenko <digetx@gmail.com>
commit f73c730774d88a14d7b60feee6d0e13570f99499 upstream.
The raw temperature value is a 16-bit signed integer. The sign casting
is missing in the code, which results in a wrong temperature reported
by userspace tools, fix it.
Cc: stable@vger.kernel.org
Fixes: 3904b28efb2c ("iio: gyro: Add driver for the MPU-3050 gyroscope")
Datasheet: https://www.cdiweb.com/datasheets/invensense/mpu-3000a.pdf
Tested-by: Maxim Schwalm <maxim.schwalm@gmail.com> # Asus TF700T
Tested-by: Svyatoslav Ryhel <clamor95@gmail.com> # Asus TF201
Reported-by: Svyatoslav Ryhel <clamor95@gmail.com>
Reviewed-by: Andy Shevchenko <Andy.Shevchenko@gmail.com>
Reviewed-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Dmitry Osipenko <digetx@gmail.com>
Acked-by: Jean-Baptiste Maneyrol <jmaneyrol@invensense.com>
Link: https://lore.kernel.org/r/20210423020959.5023-1-digetx@gmail.com
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/iio/gyro/mpu3050-core.c | 13 +++++++++++--
1 file changed, 11 insertions(+), 2 deletions(-)
--- a/drivers/iio/gyro/mpu3050-core.c
+++ b/drivers/iio/gyro/mpu3050-core.c
@@ -270,7 +270,16 @@ static int mpu3050_read_raw(struct iio_d
case IIO_CHAN_INFO_OFFSET:
switch (chan->type) {
case IIO_TEMP:
- /* The temperature scaling is (x+23000)/280 Celsius */
+ /*
+ * The temperature scaling is (x+23000)/280 Celsius
+ * for the "best fit straight line" temperature range
+ * of -30C..85C. The 23000 includes room temperature
+ * offset of +35C, 280 is the precision scale and x is
+ * the 16-bit signed integer reported by hardware.
+ *
+ * Temperature value itself represents temperature of
+ * the sensor die.
+ */
*val = 23000;
return IIO_VAL_INT;
default:
@@ -327,7 +336,7 @@ static int mpu3050_read_raw(struct iio_d
goto out_read_raw_unlock;
}
- *val = be16_to_cpu(raw_val);
+ *val = (s16)be16_to_cpu(raw_val);
ret = IIO_VAL_INT;
goto out_read_raw_unlock;
^ permalink raw reply [flat|nested] 440+ messages in thread
* [PATCH 4.19 382/425] iio: tsl2583: Fix division by a zero lux_val
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (380 preceding siblings ...)
2021-05-20 9:22 ` [PATCH 4.19 381/425] iio: gyro: mpu3050: Fix reported temperature value Greg Kroah-Hartman
@ 2021-05-20 9:22 ` Greg Kroah-Hartman
2021-05-20 9:22 ` [PATCH 4.19 383/425] cdc-wdm: untangle a circular dependency between callback and softint Greg Kroah-Hartman
` (49 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:22 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Colin Ian King, Stable, Jonathan Cameron
From: Colin Ian King <colin.king@canonical.com>
commit af0e1871d79cfbb91f732d2c6fa7558e45c31038 upstream.
The lux_val returned from tsl2583_get_lux can potentially be zero,
so check for this to avoid a division by zero and an overflowed
gain_trim_val.
Fixes clang scan-build warning:
drivers/iio/light/tsl2583.c:345:40: warning: Either the
condition 'lux_val<0' is redundant or there is division
by zero at line 345. [zerodivcond]
Fixes: ac4f6eee8fe8 ("staging: iio: TAOS tsl258x: Device driver")
Signed-off-by: Colin Ian King <colin.king@canonical.com>
Cc: <Stable@vger.kernel.org>
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/iio/light/tsl2583.c | 8 ++++++++
1 file changed, 8 insertions(+)
--- a/drivers/iio/light/tsl2583.c
+++ b/drivers/iio/light/tsl2583.c
@@ -350,6 +350,14 @@ static int tsl2583_als_calibrate(struct
return lux_val;
}
+ /* Avoid division by zero of lux_value later on */
+ if (lux_val == 0) {
+ dev_err(&chip->client->dev,
+ "%s: lux_val of 0 will produce out of range trim_value\n",
+ __func__);
+ return -ENODATA;
+ }
+
gain_trim_val = (unsigned int)(((chip->als_settings.als_cal_target)
* chip->als_settings.als_gain_trim) / lux_val);
if ((gain_trim_val < 250) || (gain_trim_val > 4000)) {
^ permalink raw reply [flat|nested] 440+ messages in thread
* [PATCH 4.19 383/425] cdc-wdm: untangle a circular dependency between callback and softint
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (381 preceding siblings ...)
2021-05-20 9:22 ` [PATCH 4.19 382/425] iio: tsl2583: Fix division by a zero lux_val Greg Kroah-Hartman
@ 2021-05-20 9:22 ` Greg Kroah-Hartman
2021-05-20 9:22 ` [PATCH 4.19 384/425] KVM: x86: Cancel pvclock_gtod_work on module removal Greg Kroah-Hartman
` (48 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:22 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Oliver Neukum
From: Oliver Neukum <oneukum@suse.com>
commit 18abf874367456540846319574864e6ff32752e2 upstream.
We have a cycle of callbacks scheduling works which submit
URBs with those callbacks. This needs to be blocked, stopped
and unblocked to untangle the circle.
Signed-off-by: Oliver Neukum <oneukum@suse.com>
Link: https://lore.kernel.org/r/20210426092622.20433-1-oneukum@suse.com
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/class/cdc-wdm.c | 30 ++++++++++++++++++++++--------
1 file changed, 22 insertions(+), 8 deletions(-)
--- a/drivers/usb/class/cdc-wdm.c
+++ b/drivers/usb/class/cdc-wdm.c
@@ -321,12 +321,23 @@ exit:
}
-static void kill_urbs(struct wdm_device *desc)
+static void poison_urbs(struct wdm_device *desc)
{
/* the order here is essential */
- usb_kill_urb(desc->command);
- usb_kill_urb(desc->validity);
- usb_kill_urb(desc->response);
+ usb_poison_urb(desc->command);
+ usb_poison_urb(desc->validity);
+ usb_poison_urb(desc->response);
+}
+
+static void unpoison_urbs(struct wdm_device *desc)
+{
+ /*
+ * the order here is not essential
+ * it is symmetrical just to be nice
+ */
+ usb_unpoison_urb(desc->response);
+ usb_unpoison_urb(desc->validity);
+ usb_unpoison_urb(desc->command);
}
static void free_urbs(struct wdm_device *desc)
@@ -741,11 +752,12 @@ static int wdm_release(struct inode *ino
if (!desc->count) {
if (!test_bit(WDM_DISCONNECTING, &desc->flags)) {
dev_dbg(&desc->intf->dev, "wdm_release: cleanup\n");
- kill_urbs(desc);
+ poison_urbs(desc);
spin_lock_irq(&desc->iuspin);
desc->resp_count = 0;
spin_unlock_irq(&desc->iuspin);
desc->manage_power(desc->intf, 0);
+ unpoison_urbs(desc);
} else {
/* must avoid dev_printk here as desc->intf is invalid */
pr_debug(KBUILD_MODNAME " %s: device gone - cleaning up\n", __func__);
@@ -1036,9 +1048,9 @@ static void wdm_disconnect(struct usb_in
wake_up_all(&desc->wait);
mutex_lock(&desc->rlock);
mutex_lock(&desc->wlock);
+ poison_urbs(desc);
cancel_work_sync(&desc->rxwork);
cancel_work_sync(&desc->service_outs_intr);
- kill_urbs(desc);
mutex_unlock(&desc->wlock);
mutex_unlock(&desc->rlock);
@@ -1079,9 +1091,10 @@ static int wdm_suspend(struct usb_interf
set_bit(WDM_SUSPENDING, &desc->flags);
spin_unlock_irq(&desc->iuspin);
/* callback submits work - order is essential */
- kill_urbs(desc);
+ poison_urbs(desc);
cancel_work_sync(&desc->rxwork);
cancel_work_sync(&desc->service_outs_intr);
+ unpoison_urbs(desc);
}
if (!PMSG_IS_AUTO(message)) {
mutex_unlock(&desc->wlock);
@@ -1139,7 +1152,7 @@ static int wdm_pre_reset(struct usb_inte
wake_up_all(&desc->wait);
mutex_lock(&desc->rlock);
mutex_lock(&desc->wlock);
- kill_urbs(desc);
+ poison_urbs(desc);
cancel_work_sync(&desc->rxwork);
cancel_work_sync(&desc->service_outs_intr);
return 0;
@@ -1150,6 +1163,7 @@ static int wdm_post_reset(struct usb_int
struct wdm_device *desc = wdm_find_device(intf);
int rv;
+ unpoison_urbs(desc);
clear_bit(WDM_OVERFLOW, &desc->flags);
clear_bit(WDM_RESETTING, &desc->flags);
rv = recover_from_urb_loss(desc);
^ permalink raw reply [flat|nested] 440+ messages in thread
* [PATCH 4.19 384/425] KVM: x86: Cancel pvclock_gtod_work on module removal
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (382 preceding siblings ...)
2021-05-20 9:22 ` [PATCH 4.19 383/425] cdc-wdm: untangle a circular dependency between callback and softint Greg Kroah-Hartman
@ 2021-05-20 9:22 ` Greg Kroah-Hartman
2021-05-20 9:22 ` [PATCH 4.19 385/425] FDDI: defxx: Make MMIO the configuration default except for EISA Greg Kroah-Hartman
` (47 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:22 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Thomas Gleixner, Paolo Bonzini
From: Thomas Gleixner <tglx@linutronix.de>
commit 594b27e677b35f9734b1969d175ebc6146741109 upstream.
Nothing prevents the following:
pvclock_gtod_notify()
queue_work(system_long_wq, &pvclock_gtod_work);
...
remove_module(kvm);
...
work_queue_run()
pvclock_gtod_work() <- UAF
Ditto for any other operation on that workqueue list head which touches
pvclock_gtod_work after module removal.
Cancel the work in kvm_arch_exit() to prevent that.
Fixes: 16e8d74d2da9 ("KVM: x86: notifier for clocksource changes")
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Message-Id: <87czu4onry.ffs@nanos.tec.linutronix.de>
Cc: stable@vger.kernel.org
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/kvm/x86.c | 1 +
1 file changed, 1 insertion(+)
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -6911,6 +6911,7 @@ void kvm_arch_exit(void)
cpuhp_remove_state_nocalls(CPUHP_AP_X86_KVM_CLK_ONLINE);
#ifdef CONFIG_X86_64
pvclock_gtod_unregister_notifier(&pvclock_gtod_notifier);
+ cancel_work_sync(&pvclock_gtod_work);
#endif
kvm_x86_ops = NULL;
kvm_mmu_module_exit();
^ permalink raw reply [flat|nested] 440+ messages in thread
* [PATCH 4.19 385/425] FDDI: defxx: Make MMIO the configuration default except for EISA
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (383 preceding siblings ...)
2021-05-20 9:22 ` [PATCH 4.19 384/425] KVM: x86: Cancel pvclock_gtod_work on module removal Greg Kroah-Hartman
@ 2021-05-20 9:22 ` Greg Kroah-Hartman
2021-05-20 9:22 ` [PATCH 4.19 386/425] MIPS: Reinstate platform `__div64_32 handler Greg Kroah-Hartman
` (46 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:22 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Maciej W. Rozycki, David S. Miller
From: Maciej W. Rozycki <macro@orcam.me.uk>
commit 193ced4a79599352d63cb8c9e2f0c6043106eb6a upstream.
Recent versions of the PCI Express specification have deprecated support
for I/O transactions and actually some PCIe host bridges, such as Power
Systems Host Bridge 4 (PHB4), do not implement them.
The default kernel configuration choice for the defxx driver is the use
of I/O ports rather than MMIO for PCI and EISA systems. It may have
made sense as a conservative backwards compatible choice back when MMIO
operation support was added to the driver as a part of TURBOchannel bus
support. However nowadays this configuration choice makes the driver
unusable with systems that do not implement I/O transactions for PCIe.
Make DEFXX_MMIO the configuration default then, except where configured
for EISA. This exception is because an EISA adapter can have its MMIO
decoding disabled with ECU (EISA Configuration Utility) and therefore
not available with the resource allocation infrastructure we implement,
while port I/O is always readily available as it uses slot-specific
addressing, directly mapped to the slot an option card has been placed
in and handled with our EISA bus support core. Conversely a kernel that
supports modern systems which may not have I/O transactions implemented
for PCIe will usually not be expected to handle legacy EISA systems.
The change of the default will make it easier for people, including but
not limited to distribution packagers, to make a working choice for the
driver.
Update the option description accordingly and while at it replace the
potentially ambiguous PIO acronym with IOP for "port I/O" vs "I/O ports"
according to our nomenclature used elsewhere.
Signed-off-by: Maciej W. Rozycki <macro@orcam.me.uk>
Fixes: e89a2cfb7d7b ("[TC] defxx: TURBOchannel support")
Cc: stable@vger.kernel.org # v2.6.21+
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/fddi/Kconfig | 15 +++++++++------
1 file changed, 9 insertions(+), 6 deletions(-)
--- a/drivers/net/fddi/Kconfig
+++ b/drivers/net/fddi/Kconfig
@@ -28,17 +28,20 @@ config DEFXX
config DEFXX_MMIO
bool
- prompt "Use MMIO instead of PIO" if PCI || EISA
+ prompt "Use MMIO instead of IOP" if PCI || EISA
depends on DEFXX
- default n if PCI || EISA
+ default n if EISA
default y
---help---
This instructs the driver to use EISA or PCI memory-mapped I/O
- (MMIO) as appropriate instead of programmed I/O ports (PIO).
+ (MMIO) as appropriate instead of programmed I/O ports (IOP).
Enabling this gives an improvement in processing time in parts
- of the driver, but it may cause problems with EISA (DEFEA)
- adapters. TURBOchannel does not have the concept of I/O ports,
- so MMIO is always used for these (DEFTA) adapters.
+ of the driver, but it requires a memory window to be configured
+ for EISA (DEFEA) adapters that may not always be available.
+ Conversely some PCIe host bridges do not support IOP, so MMIO
+ may be required to access PCI (DEFPA) adapters on downstream PCI
+ buses with some systems. TURBOchannel does not have the concept
+ of I/O ports, so MMIO is always used for these (DEFTA) adapters.
If unsure, say N.
^ permalink raw reply [flat|nested] 440+ messages in thread
* [PATCH 4.19 386/425] MIPS: Reinstate platform `__div64_32 handler
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (384 preceding siblings ...)
2021-05-20 9:22 ` [PATCH 4.19 385/425] FDDI: defxx: Make MMIO the configuration default except for EISA Greg Kroah-Hartman
@ 2021-05-20 9:22 ` Greg Kroah-Hartman
2021-05-20 9:22 ` [PATCH 4.19 387/425] MIPS: Avoid DIVU in `__div64_32 is result would be zero Greg Kroah-Hartman
` (45 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:22 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Huacai Chen, Maciej W. Rozycki,
Thomas Bogendoerfer
From: Maciej W. Rozycki <macro@orcam.me.uk>
commit c49f71f60754acbff37505e1d16ca796bf8a8140 upstream.
Our current MIPS platform `__div64_32' handler is inactive, because it
is incorrectly only enabled for 64-bit configurations, for which generic
`do_div' code does not call it anyway.
The handler is not suitable for being called from there though as it
only calculates 32 bits of the quotient under the assumption the 64-bit
divident has been suitably reduced. Code for such reduction used to be
there, however it has been incorrectly removed with commit c21004cd5b4c
("MIPS: Rewrite <asm/div64.h> to work with gcc 4.4.0."), which should
have only updated an obsoleted constraint for an inline asm involving
$hi and $lo register outputs, while possibly wiring the original MIPS
variant of the `do_div' macro as `__div64_32' handler for the generic
`do_div' implementation
Correct the handler as follows then:
- Revert most of the commit referred, however retaining the current
formatting, except for the final two instructions of the inline asm
sequence, which the original commit missed. Omit the original 64-bit
parts though.
- Rename the original `do_div' macro to `__div64_32'. Use the combined
`x' constraint referring to the MD accumulator as a whole, replacing
the original individual `h' and `l' constraints used for $hi and $lo
registers respectively, of which `h' has been obsoleted with GCC 4.4.
Update surrounding code accordingly.
We have since removed support for GCC versions before 4.9, so no need
for a special arrangement here; GCC has supported the `x' constraint
since forever anyway, or at least going back to 1991.
- Rename the `__base' local variable in `__div64_32' to `__radix' to
avoid a conflict with a local variable in `do_div'.
- Actually enable this code for 32-bit rather than 64-bit configurations
by qualifying it with BITS_PER_LONG being 32 instead of 64. Include
<asm/bitsperlong.h> for this macro rather than <linux/types.h> as we
don't need anything else.
- Finally include <asm-generic/div64.h> last rather than first.
This has passed correctness verification with test_div64 and reduced the
module's average execution time down to 1.0668s and 0.2629s from 2.1529s
and 0.5647s respectively for an R3400 CPU @40MHz and a 5Kc CPU @160MHz.
For a reference 64-bit `do_div' code where we have the DDIVU instruction
available to do the whole calculation right away averages at 0.0660s for
the latter CPU.
Fixes: c21004cd5b4c ("MIPS: Rewrite <asm/div64.h> to work with gcc 4.4.0.")
Reported-by: Huacai Chen <chenhuacai@kernel.org>
Signed-off-by: Maciej W. Rozycki <macro@orcam.me.uk>
Cc: stable@vger.kernel.org # v2.6.30+
Signed-off-by: Thomas Bogendoerfer <tsbogend@alpha.franken.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/mips/include/asm/div64.h | 57 ++++++++++++++++++++++++++++++------------
1 file changed, 41 insertions(+), 16 deletions(-)
--- a/arch/mips/include/asm/div64.h
+++ b/arch/mips/include/asm/div64.h
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2000, 2004 Maciej W. Rozycki
+ * Copyright (C) 2000, 2004, 2021 Maciej W. Rozycki
* Copyright (C) 2003, 07 Ralf Baechle (ralf@linux-mips.org)
*
* This file is subject to the terms and conditions of the GNU General Public
@@ -9,25 +9,18 @@
#ifndef __ASM_DIV64_H
#define __ASM_DIV64_H
-#include <asm-generic/div64.h>
-
-#if BITS_PER_LONG == 64
+#include <asm/bitsperlong.h>
-#include <linux/types.h>
+#if BITS_PER_LONG == 32
/*
* No traps on overflows for any of these...
*/
-#define __div64_32(n, base) \
-({ \
+#define do_div64_32(res, high, low, base) ({ \
unsigned long __cf, __tmp, __tmp2, __i; \
unsigned long __quot32, __mod32; \
- unsigned long __high, __low; \
- unsigned long long __n; \
\
- __high = *__n >> 32; \
- __low = __n; \
__asm__( \
" .set push \n" \
" .set noat \n" \
@@ -51,18 +44,50 @@
" subu %0, %0, %z6 \n" \
" addiu %2, %2, 1 \n" \
"3: \n" \
- " bnez %4, 0b\n\t" \
- " srl %5, %1, 0x1f\n\t" \
+ " bnez %4, 0b \n" \
+ " srl %5, %1, 0x1f \n" \
" .set pop" \
: "=&r" (__mod32), "=&r" (__tmp), \
"=&r" (__quot32), "=&r" (__cf), \
"=&r" (__i), "=&r" (__tmp2) \
- : "Jr" (base), "0" (__high), "1" (__low)); \
+ : "Jr" (base), "0" (high), "1" (low)); \
\
- (__n) = __quot32; \
+ (res) = __quot32; \
__mod32; \
})
-#endif /* BITS_PER_LONG == 64 */
+#define __div64_32(n, base) ({ \
+ unsigned long __upper, __low, __high, __radix; \
+ unsigned long long __modquot; \
+ unsigned long long __quot; \
+ unsigned long long __div; \
+ unsigned long __mod; \
+ \
+ __div = (*n); \
+ __radix = (base); \
+ \
+ __high = __div >> 32; \
+ __low = __div; \
+ __upper = __high; \
+ \
+ if (__high) { \
+ __asm__("divu $0, %z1, %z2" \
+ : "=x" (__modquot) \
+ : "Jr" (__high), "Jr" (__radix)); \
+ __upper = __modquot >> 32; \
+ __high = __modquot; \
+ } \
+ \
+ __mod = do_div64_32(__low, __upper, __low, __radix); \
+ \
+ __quot = __high; \
+ __quot = __quot << 32 | __low; \
+ (*n) = __quot; \
+ __mod; \
+})
+
+#endif /* BITS_PER_LONG == 32 */
+
+#include <asm-generic/div64.h>
#endif /* __ASM_DIV64_H */
^ permalink raw reply [flat|nested] 440+ messages in thread
* [PATCH 4.19 387/425] MIPS: Avoid DIVU in `__div64_32 is result would be zero
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (385 preceding siblings ...)
2021-05-20 9:22 ` [PATCH 4.19 386/425] MIPS: Reinstate platform `__div64_32 handler Greg Kroah-Hartman
@ 2021-05-20 9:22 ` Greg Kroah-Hartman
2021-05-20 9:22 ` [PATCH 4.19 388/425] MIPS: Avoid handcoded DIVU in `__div64_32 altogether Greg Kroah-Hartman
` (44 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:22 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Maciej W. Rozycki, Thomas Bogendoerfer
From: Maciej W. Rozycki <macro@orcam.me.uk>
commit c1d337d45ec0a802299688e17d568c4e3a585895 upstream.
We already check the high part of the divident against zero to avoid the
costly DIVU instruction in that case, needed to reduce the high part of
the divident, so we may well check against the divisor instead and set
the high part of the quotient to zero right away. We need to treat the
high part the divident in that case though as the remainder that would
be calculated by the DIVU instruction we avoided.
This has passed correctness verification with test_div64 and reduced the
module's average execution time down to 1.0445s and 0.2619s from 1.0668s
and 0.2629s respectively for an R3400 CPU @40MHz and a 5Kc CPU @160MHz.
Signed-off-by: Maciej W. Rozycki <macro@orcam.me.uk>
Signed-off-by: Thomas Bogendoerfer <tsbogend@alpha.franken.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/mips/include/asm/div64.h | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
--- a/arch/mips/include/asm/div64.h
+++ b/arch/mips/include/asm/div64.h
@@ -68,9 +68,11 @@
\
__high = __div >> 32; \
__low = __div; \
- __upper = __high; \
\
- if (__high) { \
+ if (__high < __radix) { \
+ __upper = __high; \
+ __high = 0; \
+ } else { \
__asm__("divu $0, %z1, %z2" \
: "=x" (__modquot) \
: "Jr" (__high), "Jr" (__radix)); \
^ permalink raw reply [flat|nested] 440+ messages in thread
* [PATCH 4.19 388/425] MIPS: Avoid handcoded DIVU in `__div64_32 altogether
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (386 preceding siblings ...)
2021-05-20 9:22 ` [PATCH 4.19 387/425] MIPS: Avoid DIVU in `__div64_32 is result would be zero Greg Kroah-Hartman
@ 2021-05-20 9:22 ` Greg Kroah-Hartman
2021-05-20 9:22 ` [PATCH 4.19 389/425] thermal/core/fair share: Lock the thermal zone while looping over instances Greg Kroah-Hartman
` (43 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:22 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Maciej W. Rozycki, Thomas Bogendoerfer
From: Maciej W. Rozycki <macro@orcam.me.uk>
commit 25ab14cbe9d1b66fda44c71a2db7582a31b6f5cd upstream.
Remove the inline asm with a DIVU instruction from `__div64_32' and use
plain C code for the intended DIVMOD calculation instead. GCC is smart
enough to know that both the quotient and the remainder are calculated
with single DIVU, so with ISAs up to R5 the same instruction is actually
produced with overall similar code.
For R6 compiled code will work, but separate DIVU and MODU instructions
will be produced, which are also interlocked, so scalar implementations
will likely not perform as well as older ISAs with their asynchronous MD
unit. Likely still faster then the generic algorithm though.
This removes a compilation error for R6 however where the original DIVU
instruction is not supported anymore and the MDU accumulator registers
have been removed and consequently GCC complains as to a constraint it
cannot find a register for:
In file included from ./include/linux/math.h:5,
from ./include/linux/kernel.h:13,
from mm/page-writeback.c:15:
./include/linux/math64.h: In function 'div_u64_rem':
./arch/mips/include/asm/div64.h:76:17: error: inconsistent operand constraints in an 'asm'
76 | __asm__("divu $0, %z1, %z2" \
| ^~~~~~~
./include/asm-generic/div64.h:245:25: note: in expansion of macro '__div64_32'
245 | __rem = __div64_32(&(n), __base); \
| ^~~~~~~~~~
./include/linux/math64.h:91:22: note: in expansion of macro 'do_div'
91 | *remainder = do_div(dividend, divisor);
| ^~~~~~
This has passed correctness verification with test_div64 and reduced the
module's average execution time down to 1.0404s from 1.0445s with R3400
@40MHz. The module's MIPS I machine code has also shrunk by 12 bytes or
3 instructions.
Signed-off-by: Maciej W. Rozycki <macro@orcam.me.uk>
Signed-off-by: Thomas Bogendoerfer <tsbogend@alpha.franken.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/mips/include/asm/div64.h | 8 ++------
1 file changed, 2 insertions(+), 6 deletions(-)
--- a/arch/mips/include/asm/div64.h
+++ b/arch/mips/include/asm/div64.h
@@ -58,7 +58,6 @@
#define __div64_32(n, base) ({ \
unsigned long __upper, __low, __high, __radix; \
- unsigned long long __modquot; \
unsigned long long __quot; \
unsigned long long __div; \
unsigned long __mod; \
@@ -73,11 +72,8 @@
__upper = __high; \
__high = 0; \
} else { \
- __asm__("divu $0, %z1, %z2" \
- : "=x" (__modquot) \
- : "Jr" (__high), "Jr" (__radix)); \
- __upper = __modquot >> 32; \
- __high = __modquot; \
+ __upper = __high % __radix; \
+ __high /= __radix; \
} \
\
__mod = do_div64_32(__low, __upper, __low, __radix); \
^ permalink raw reply [flat|nested] 440+ messages in thread
* [PATCH 4.19 389/425] thermal/core/fair share: Lock the thermal zone while looping over instances
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (387 preceding siblings ...)
2021-05-20 9:22 ` [PATCH 4.19 388/425] MIPS: Avoid handcoded DIVU in `__div64_32 altogether Greg Kroah-Hartman
@ 2021-05-20 9:22 ` Greg Kroah-Hartman
2021-05-20 9:22 ` [PATCH 4.19 390/425] kobject_uevent: remove warning in init_uevent_argv() Greg Kroah-Hartman
` (42 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:22 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Lukasz Luba, Daniel Lezcano
From: Lukasz Luba <lukasz.luba@arm.com>
commit fef05776eb02238dcad8d5514e666a42572c3f32 upstream.
The tz->lock must be hold during the looping over the instances in that
thermal zone. This lock was missing in the governor code since the
beginning, so it's hard to point into a particular commit.
CC: stable@vger.kernel.org # 4.4+
Signed-off-by: Lukasz Luba <lukasz.luba@arm.com>
Signed-off-by: Daniel Lezcano <daniel.lezcano@linaro.org>
Link: https://lore.kernel.org/r/20210422153624.6074-2-lukasz.luba@arm.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/thermal/fair_share.c | 4 ++++
1 file changed, 4 insertions(+)
--- a/drivers/thermal/fair_share.c
+++ b/drivers/thermal/fair_share.c
@@ -94,6 +94,8 @@ static int fair_share_throttle(struct th
int total_instance = 0;
int cur_trip_level = get_trip_level(tz);
+ mutex_lock(&tz->lock);
+
list_for_each_entry(instance, &tz->thermal_instances, tz_node) {
if (instance->trip != trip)
continue;
@@ -122,6 +124,8 @@ static int fair_share_throttle(struct th
mutex_unlock(&instance->cdev->lock);
thermal_cdev_update(cdev);
}
+
+ mutex_unlock(&tz->lock);
return 0;
}
^ permalink raw reply [flat|nested] 440+ messages in thread
* [PATCH 4.19 390/425] kobject_uevent: remove warning in init_uevent_argv()
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (388 preceding siblings ...)
2021-05-20 9:22 ` [PATCH 4.19 389/425] thermal/core/fair share: Lock the thermal zone while looping over instances Greg Kroah-Hartman
@ 2021-05-20 9:22 ` Greg Kroah-Hartman
2021-05-20 9:22 ` [PATCH 4.19 391/425] netfilter: conntrack: Make global sysctls readonly in non-init netns Greg Kroah-Hartman
` (41 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:22 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Rafael J. Wysocki,
syzbot+92340f7b2b4789907fdb
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit b4104180a2efb85f55e1ba1407885c9421970338 upstream.
syzbot can trigger the WARN() in init_uevent_argv() which isn't the
nicest as the code does properly recover and handle the error. So
change the WARN() call to pr_warn() and provide some more information on
what the buffer size that was needed.
Link: https://lore.kernel.org/r/20201107082206.GA19079@kroah.com
Cc: "Rafael J. Wysocki" <rafael@kernel.org>
Cc: linux-kernel@vger.kernel.org
Reported-by: syzbot+92340f7b2b4789907fdb@syzkaller.appspotmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Link: https://lore.kernel.org/r/20210405094852.1348499-1-gregkh@linuxfoundation.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
lib/kobject_uevent.c | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)
--- a/lib/kobject_uevent.c
+++ b/lib/kobject_uevent.c
@@ -250,12 +250,13 @@ static int kobj_usermode_filter(struct k
static int init_uevent_argv(struct kobj_uevent_env *env, const char *subsystem)
{
+ int buffer_size = sizeof(env->buf) - env->buflen;
int len;
- len = strlcpy(&env->buf[env->buflen], subsystem,
- sizeof(env->buf) - env->buflen);
- if (len >= (sizeof(env->buf) - env->buflen)) {
- WARN(1, KERN_ERR "init_uevent_argv: buffer size too small\n");
+ len = strlcpy(&env->buf[env->buflen], subsystem, buffer_size);
+ if (len >= buffer_size) {
+ pr_warn("init_uevent_argv: buffer size of %d too small, needed %d\n",
+ buffer_size, len);
return -ENOMEM;
}
^ permalink raw reply [flat|nested] 440+ messages in thread
* [PATCH 4.19 391/425] netfilter: conntrack: Make global sysctls readonly in non-init netns
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (389 preceding siblings ...)
2021-05-20 9:22 ` [PATCH 4.19 390/425] kobject_uevent: remove warning in init_uevent_argv() Greg Kroah-Hartman
@ 2021-05-20 9:22 ` Greg Kroah-Hartman
2021-05-20 9:22 ` [PATCH 4.19 392/425] clk: exynos7: Mark aclk_fsys1_200 as critical Greg Kroah-Hartman
` (40 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:22 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jonathon Reinhart, David S. Miller
From: Jonathon Reinhart <jonathon.reinhart@gmail.com>
commit 2671fa4dc0109d3fb581bc3078fdf17b5d9080f6 upstream.
These sysctls point to global variables:
- NF_SYSCTL_CT_MAX (&nf_conntrack_max)
- NF_SYSCTL_CT_EXPECT_MAX (&nf_ct_expect_max)
- NF_SYSCTL_CT_BUCKETS (&nf_conntrack_htable_size_user)
Because their data pointers are not updated to point to per-netns
structures, they must be marked read-only in a non-init_net ns.
Otherwise, changes in any net namespace are reflected in (leaked into)
all other net namespaces. This problem has existed since the
introduction of net namespaces.
The current logic marks them read-only only if the net namespace is
owned by an unprivileged user (other than init_user_ns).
Commit d0febd81ae77 ("netfilter: conntrack: re-visit sysctls in
unprivileged namespaces") "exposes all sysctls even if the namespace is
unpriviliged." Since we need to mark them readonly in any case, we can
forego the unprivileged user check altogether.
Fixes: d0febd81ae77 ("netfilter: conntrack: re-visit sysctls in unprivileged namespaces")
Signed-off-by: Jonathon Reinhart <Jonathon.Reinhart@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/netfilter/nf_conntrack_standalone.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
--- a/net/netfilter/nf_conntrack_standalone.c
+++ b/net/netfilter/nf_conntrack_standalone.c
@@ -594,8 +594,11 @@ static int nf_conntrack_standalone_init_
if (net->user_ns != &init_user_ns)
table[0].procname = NULL;
- if (!net_eq(&init_net, net))
+ if (!net_eq(&init_net, net)) {
+ table[0].mode = 0444;
table[2].mode = 0444;
+ table[5].mode = 0444;
+ }
net->ct.sysctl_header = register_net_sysctl(net, "net/netfilter", table);
if (!net->ct.sysctl_header)
^ permalink raw reply [flat|nested] 440+ messages in thread
* [PATCH 4.19 392/425] clk: exynos7: Mark aclk_fsys1_200 as critical
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (390 preceding siblings ...)
2021-05-20 9:22 ` [PATCH 4.19 391/425] netfilter: conntrack: Make global sysctls readonly in non-init netns Greg Kroah-Hartman
@ 2021-05-20 9:22 ` Greg Kroah-Hartman
2021-05-20 9:22 ` [PATCH 4.19 393/425] nvme: do not try to reconfigure APST when the controller is not live Greg Kroah-Hartman
` (39 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:22 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Paweł Chmiel,
Krzysztof Kozlowski, Sylwester Nawrocki
From: Paweł Chmiel <pawel.mikolaj.chmiel@gmail.com>
commit 34138a59b92c1a30649a18ec442d2e61f3bc34dd upstream.
This clock must be always enabled to allow access to any registers in
fsys1 CMU. Until proper solution based on runtime PM is applied
(similar to what was done for Exynos5433), mark that clock as critical
so it won't be disabled.
It was observed on Samsung Galaxy S6 device (based on Exynos7420), where
UFS module is probed before pmic used to power that device.
In this case defer probe was happening and that clock was disabled by
UFS driver, causing whole boot to hang on next CMU access.
Fixes: 753195a749a6 ("clk: samsung: exynos7: Correct CMU_FSYS1 clocks names")
Signed-off-by: Paweł Chmiel <pawel.mikolaj.chmiel@gmail.com>
Acked-by: Krzysztof Kozlowski <krzk@kernel.org>
Link: https://lore.kernel.org/linux-clk/20201024154346.9589-1-pawel.mikolaj.chmiel@gmail.com
[s.nawrocki: Added comment in the code]
Signed-off-by: Sylwester Nawrocki <s.nawrocki@samsung.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/clk/samsung/clk-exynos7.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
--- a/drivers/clk/samsung/clk-exynos7.c
+++ b/drivers/clk/samsung/clk-exynos7.c
@@ -541,8 +541,13 @@ static const struct samsung_gate_clock t
GATE(CLK_ACLK_FSYS0_200, "aclk_fsys0_200", "dout_aclk_fsys0_200",
ENABLE_ACLK_TOP13, 28, CLK_SET_RATE_PARENT |
CLK_IS_CRITICAL, 0),
+ /*
+ * This clock is required for the CMU_FSYS1 registers access, keep it
+ * enabled permanently until proper runtime PM support is added.
+ */
GATE(CLK_ACLK_FSYS1_200, "aclk_fsys1_200", "dout_aclk_fsys1_200",
- ENABLE_ACLK_TOP13, 24, CLK_SET_RATE_PARENT, 0),
+ ENABLE_ACLK_TOP13, 24, CLK_SET_RATE_PARENT |
+ CLK_IS_CRITICAL, 0),
GATE(CLK_SCLK_PHY_FSYS1_26M, "sclk_phy_fsys1_26m",
"dout_sclk_phy_fsys1_26m", ENABLE_SCLK_TOP1_FSYS11,
^ permalink raw reply [flat|nested] 440+ messages in thread
* [PATCH 4.19 393/425] nvme: do not try to reconfigure APST when the controller is not live
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (391 preceding siblings ...)
2021-05-20 9:22 ` [PATCH 4.19 392/425] clk: exynos7: Mark aclk_fsys1_200 as critical Greg Kroah-Hartman
@ 2021-05-20 9:22 ` Greg Kroah-Hartman
2021-05-20 9:22 ` [PATCH 4.19 394/425] x86/msr: Fix wr/rdmsr_safe_regs_on_cpu() prototypes Greg Kroah-Hartman
` (38 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:22 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Peng Liu, Christoph Hellwig, Keith Busch
From: Christoph Hellwig <hch@lst.de>
commit 53fe2a30bc168db9700e00206d991ff934973cf1 upstream.
Do not call nvme_configure_apst when the controller is not live, given
that nvme_configure_apst will fail due the lack of an admin queue when
the controller is being torn down and nvme_set_latency_tolerance is
called from dev_pm_qos_hide_latency_tolerance.
Fixes: 510a405d945b("nvme: fix memory leak for power latency tolerance")
Reported-by: Peng Liu <liupeng17@lenovo.com>
Signed-off-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Keith Busch <kbusch@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/nvme/host/core.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/drivers/nvme/host/core.c
+++ b/drivers/nvme/host/core.c
@@ -2091,7 +2091,8 @@ static void nvme_set_latency_tolerance(s
if (ctrl->ps_max_latency_us != latency) {
ctrl->ps_max_latency_us = latency;
- nvme_configure_apst(ctrl);
+ if (ctrl->state == NVME_CTRL_LIVE)
+ nvme_configure_apst(ctrl);
}
}
^ permalink raw reply [flat|nested] 440+ messages in thread
* [PATCH 4.19 394/425] x86/msr: Fix wr/rdmsr_safe_regs_on_cpu() prototypes
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (392 preceding siblings ...)
2021-05-20 9:22 ` [PATCH 4.19 393/425] nvme: do not try to reconfigure APST when the controller is not live Greg Kroah-Hartman
@ 2021-05-20 9:22 ` Greg Kroah-Hartman
2021-05-20 9:22 ` [PATCH 4.19 395/425] kgdb: fix gcc-11 warning on indentation Greg Kroah-Hartman
` (37 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:22 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Arnd Bergmann, Ingo Molnar
From: Arnd Bergmann <arnd@arndb.de>
commit 396a66aa1172ef2b78c21651f59b40b87b2e5e1e upstream.
gcc-11 warns about mismatched prototypes here:
arch/x86/lib/msr-smp.c:255:51: error: argument 2 of type ‘u32 *’ {aka ‘unsigned int *’} declared as a pointer [-Werror=array-parameter=]
255 | int rdmsr_safe_regs_on_cpu(unsigned int cpu, u32 *regs)
| ~~~~~^~~~
arch/x86/include/asm/msr.h:347:50: note: previously declared as an array ‘u32[8]’ {aka ‘unsigned int[8]’}
GCC is right here - fix up the types.
[ mingo: Twiddled the changelog. ]
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Link: https://lore.kernel.org/r/20210322164541.912261-1-arnd@kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/lib/msr-smp.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/arch/x86/lib/msr-smp.c
+++ b/arch/x86/lib/msr-smp.c
@@ -253,7 +253,7 @@ static void __wrmsr_safe_regs_on_cpu(voi
rv->err = wrmsr_safe_regs(rv->regs);
}
-int rdmsr_safe_regs_on_cpu(unsigned int cpu, u32 *regs)
+int rdmsr_safe_regs_on_cpu(unsigned int cpu, u32 regs[8])
{
int err;
struct msr_regs_info rv;
@@ -266,7 +266,7 @@ int rdmsr_safe_regs_on_cpu(unsigned int
}
EXPORT_SYMBOL(rdmsr_safe_regs_on_cpu);
-int wrmsr_safe_regs_on_cpu(unsigned int cpu, u32 *regs)
+int wrmsr_safe_regs_on_cpu(unsigned int cpu, u32 regs[8])
{
int err;
struct msr_regs_info rv;
^ permalink raw reply [flat|nested] 440+ messages in thread
* [PATCH 4.19 395/425] kgdb: fix gcc-11 warning on indentation
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (393 preceding siblings ...)
2021-05-20 9:22 ` [PATCH 4.19 394/425] x86/msr: Fix wr/rdmsr_safe_regs_on_cpu() prototypes Greg Kroah-Hartman
@ 2021-05-20 9:22 ` Greg Kroah-Hartman
2021-05-20 9:22 ` [PATCH 4.19 396/425] usb: sl811-hcd: improve misleading indentation Greg Kroah-Hartman
` (36 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:22 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Daniel Thompson, Arnd Bergmann
From: Arnd Bergmann <arnd@arndb.de>
commit 40cc3a80bb42587db1e6ae21d6f3090582d33e89 upstream.
gcc-11 starts warning about misleading indentation inside of macros:
drivers/misc/kgdbts.c: In function ‘kgdbts_break_test’:
drivers/misc/kgdbts.c:103:9: error: this ‘if’ clause does not guard... [-Werror=misleading-indentation]
103 | if (verbose > 1) \
| ^~
drivers/misc/kgdbts.c:200:9: note: in expansion of macro ‘v2printk’
200 | v2printk("kgdbts: breakpoint complete\n");
| ^~~~~~~~
drivers/misc/kgdbts.c:105:17: note: ...this statement, but the latter is misleadingly indented as if it were guarded by the ‘if’
105 | touch_nmi_watchdog(); \
| ^~~~~~~~~~~~~~~~~~
The code looks correct to me, so just reindent it for readability.
Fixes: e8d31c204e36 ("kgdb: add kgdb internal test suite")
Acked-by: Daniel Thompson <daniel.thompson@linaro.org>
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Link: https://lore.kernel.org/r/20210322164308.827846-1-arnd@kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/misc/kgdbts.c | 26 +++++++++++++-------------
1 file changed, 13 insertions(+), 13 deletions(-)
--- a/drivers/misc/kgdbts.c
+++ b/drivers/misc/kgdbts.c
@@ -107,19 +107,19 @@
#include <asm/sections.h>
-#define v1printk(a...) do { \
- if (verbose) \
- printk(KERN_INFO a); \
- } while (0)
-#define v2printk(a...) do { \
- if (verbose > 1) \
- printk(KERN_INFO a); \
- touch_nmi_watchdog(); \
- } while (0)
-#define eprintk(a...) do { \
- printk(KERN_ERR a); \
- WARN_ON(1); \
- } while (0)
+#define v1printk(a...) do { \
+ if (verbose) \
+ printk(KERN_INFO a); \
+} while (0)
+#define v2printk(a...) do { \
+ if (verbose > 1) \
+ printk(KERN_INFO a); \
+ touch_nmi_watchdog(); \
+} while (0)
+#define eprintk(a...) do { \
+ printk(KERN_ERR a); \
+ WARN_ON(1); \
+} while (0)
#define MAX_CONFIG_LEN 40
static struct kgdb_io kgdbts_io_ops;
^ permalink raw reply [flat|nested] 440+ messages in thread
* [PATCH 4.19 396/425] usb: sl811-hcd: improve misleading indentation
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (394 preceding siblings ...)
2021-05-20 9:22 ` [PATCH 4.19 395/425] kgdb: fix gcc-11 warning on indentation Greg Kroah-Hartman
@ 2021-05-20 9:22 ` Greg Kroah-Hartman
2021-05-20 9:22 ` [PATCH 4.19 397/425] cxgb4: Fix the -Wmisleading-indentation warning Greg Kroah-Hartman
` (35 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:22 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Arnd Bergmann
From: Arnd Bergmann <arnd@arndb.de>
commit 8460f6003a1d2633737b89c4f69d6f4c0c7c65a3 upstream.
gcc-11 now warns about a confusingly indented code block:
drivers/usb/host/sl811-hcd.c: In function ‘sl811h_hub_control’:
drivers/usb/host/sl811-hcd.c:1291:9: error: this ‘if’ clause does not guard... [-Werror=misleading-indentation]
1291 | if (*(u16*)(buf+2)) /* only if wPortChange is interesting */
| ^~
drivers/usb/host/sl811-hcd.c:1295:17: note: ...this statement, but the latter is misleadingly indented as if it were guarded by the ‘if’
1295 | break;
Rewrite this to use a single if() block with the __is_defined() macro.
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Link: https://lore.kernel.org/r/20210322164244.827589-1-arnd@kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/host/sl811-hcd.c | 9 ++++-----
1 file changed, 4 insertions(+), 5 deletions(-)
--- a/drivers/usb/host/sl811-hcd.c
+++ b/drivers/usb/host/sl811-hcd.c
@@ -1287,11 +1287,10 @@ sl811h_hub_control(
goto error;
put_unaligned_le32(sl811->port1, buf);
-#ifndef VERBOSE
- if (*(u16*)(buf+2)) /* only if wPortChange is interesting */
-#endif
- dev_dbg(hcd->self.controller, "GetPortStatus %08x\n",
- sl811->port1);
+ if (__is_defined(VERBOSE) ||
+ *(u16*)(buf+2)) /* only if wPortChange is interesting */
+ dev_dbg(hcd->self.controller, "GetPortStatus %08x\n",
+ sl811->port1);
break;
case SetPortFeature:
if (wIndex != 1 || wLength != 0)
^ permalink raw reply [flat|nested] 440+ messages in thread
* [PATCH 4.19 397/425] cxgb4: Fix the -Wmisleading-indentation warning
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (395 preceding siblings ...)
2021-05-20 9:22 ` [PATCH 4.19 396/425] usb: sl811-hcd: improve misleading indentation Greg Kroah-Hartman
@ 2021-05-20 9:22 ` Greg Kroah-Hartman
2021-05-20 9:22 ` [PATCH 4.19 398/425] isdn: capi: fix mismatched prototypes Greg Kroah-Hartman
` (34 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:22 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Tosk Robot, Kaixu Xia, Jakub Kicinski
From: Kaixu Xia <kaixuxia@tencent.com>
commit ea8146c6845799142aa4ee2660741c215e340cdf upstream.
Fix the gcc warning:
drivers/net/ethernet/chelsio/cxgb4/cxgb4_debugfs.c:2673:9: warning: this 'for' clause does not guard... [-Wmisleading-indentation]
2673 | for (i = 0; i < n; ++i) \
Reported-by: Tosk Robot <tencent_os_robot@tencent.com>
Signed-off-by: Kaixu Xia <kaixuxia@tencent.com>
Link: https://lore.kernel.org/r/1604467444-23043-1-git-send-email-kaixuxia@tencent.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/ethernet/chelsio/cxgb4/cxgb4_debugfs.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/net/ethernet/chelsio/cxgb4/cxgb4_debugfs.c
+++ b/drivers/net/ethernet/chelsio/cxgb4/cxgb4_debugfs.c
@@ -2730,7 +2730,7 @@ do { \
seq_printf(seq, "%-12s", s); \
for (i = 0; i < n; ++i) \
seq_printf(seq, " %16" fmt_spec, v); \
- seq_putc(seq, '\n'); \
+ seq_putc(seq, '\n'); \
} while (0)
#define S(s, v) S3("s", s, v)
#define T3(fmt_spec, s, v) S3(fmt_spec, s, tx[i].v)
^ permalink raw reply [flat|nested] 440+ messages in thread
* [PATCH 4.19 398/425] isdn: capi: fix mismatched prototypes
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (396 preceding siblings ...)
2021-05-20 9:22 ` [PATCH 4.19 397/425] cxgb4: Fix the -Wmisleading-indentation warning Greg Kroah-Hartman
@ 2021-05-20 9:22 ` Greg Kroah-Hartman
2021-05-20 9:22 ` [PATCH 4.19 399/425] pinctrl: ingenic: Improve unreachable code generation Greg Kroah-Hartman
` (33 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:22 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Arnd Bergmann, David S. Miller
From: Arnd Bergmann <arnd@arndb.de>
commit 5ee7d4c7fbc9d3119a20b1c77d34003d1f82ac26 upstream.
gcc-11 complains about a prototype declaration that is different
from the function definition:
drivers/isdn/capi/kcapi.c:724:44: error: argument 2 of type ‘u8 *’ {aka ‘unsigned char *’} declared as a pointer [-Werror=array-parameter=]
724 | u16 capi20_get_manufacturer(u32 contr, u8 *buf)
| ~~~~^~~
In file included from drivers/isdn/capi/kcapi.c:13:
drivers/isdn/capi/kcapi.h:62:43: note: previously declared as an array ‘u8[64]’ {aka ‘unsigned char[64]’}
62 | u16 capi20_get_manufacturer(u32 contr, u8 buf[CAPI_MANUFACTURER_LEN]);
| ~~~^~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/isdn/capi/kcapi.c:790:38: error: argument 2 of type ‘u8 *’ {aka ‘unsigned char *’} declared as a pointer [-Werror=array-parameter=]
790 | u16 capi20_get_serial(u32 contr, u8 *serial)
| ~~~~^~~~~~
In file included from drivers/isdn/capi/kcapi.c:13:
drivers/isdn/capi/kcapi.h:64:37: note: previously declared as an array ‘u8[8]’ {aka ‘unsigned char[8]’}
64 | u16 capi20_get_serial(u32 contr, u8 serial[CAPI_SERIAL_LEN]);
| ~~~^~~~~~~~~~~~~~~~~~~~~~~
Change the definition to make them match.
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/isdn/capi/kcapi.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/drivers/isdn/capi/kcapi.c
+++ b/drivers/isdn/capi/kcapi.c
@@ -846,7 +846,7 @@ EXPORT_SYMBOL(capi20_put_message);
* Return value: CAPI result code
*/
-u16 capi20_get_manufacturer(u32 contr, u8 *buf)
+u16 capi20_get_manufacturer(u32 contr, u8 buf[CAPI_MANUFACTURER_LEN])
{
struct capi_ctr *ctr;
u16 ret;
@@ -916,7 +916,7 @@ EXPORT_SYMBOL(capi20_get_version);
* Return value: CAPI result code
*/
-u16 capi20_get_serial(u32 contr, u8 *serial)
+u16 capi20_get_serial(u32 contr, u8 serial[CAPI_SERIAL_LEN])
{
struct capi_ctr *ctr;
u16 ret;
^ permalink raw reply [flat|nested] 440+ messages in thread
* [PATCH 4.19 399/425] pinctrl: ingenic: Improve unreachable code generation
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (397 preceding siblings ...)
2021-05-20 9:22 ` [PATCH 4.19 398/425] isdn: capi: fix mismatched prototypes Greg Kroah-Hartman
@ 2021-05-20 9:22 ` Greg Kroah-Hartman
2021-05-20 9:22 ` [PATCH 4.19 400/425] xsk: Simplify detection of empty and full rings Greg Kroah-Hartman
` (32 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:22 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Randy Dunlap, Josh Poimboeuf,
Linus Walleij, Sasha Levin
From: Josh Poimboeuf <jpoimboe@redhat.com>
[ Upstream commit d6d43a92172085a2681e06a0d06aac53c7bcdd12 ]
In the second loop of ingenic_pinconf_set(), it annotates the switch
default case as unreachable(). The annotation is technically correct,
because that same case would have resulted in an early function return
in the previous loop.
However, the compiled code is suboptimal. GCC seems to work extra hard
to ensure that the unreachable code path triggers undefined behavior.
The function would fall through to start executing whatever function
happens to be next in the compilation unit.
This is problematic because:
a) it adds unnecessary 'ensure undefined behavior' logic, and
corresponding i-cache footprint; and
b) it's less robust -- if a bug were to be introduced, falling through
to the next function would be catastrophic.
Yet another issue is that, while objtool normally understands
unreachable() annotations, there's one special case where it doesn't:
when the annotation occurs immediately after a 'ret' instruction. That
happens to be the case here because unreachable() is immediately before
the return.
Remove the unreachable() annotation and replace it with a comment. This
simplifies the code generation and changes the unreachable error path to
just silently return instead of corrupting execution.
This fixes the following objtool warning:
drivers/pinctrl/pinctrl-ingenic.o: warning: objtool: ingenic_pinconf_set() falls through to next function ingenic_pinconf_group_set()
Reported-by: Randy Dunlap <rdunlap@infradead.org>
Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com>
Link: https://lore.kernel.org/r/bc20fdbcb826512cf76b7dfd0972740875931b19.1582212881.git.jpoimboe@redhat.com
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/pinctrl/pinctrl-ingenic.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/pinctrl/pinctrl-ingenic.c b/drivers/pinctrl/pinctrl-ingenic.c
index a5accffbc8c9..babf6d011264 100644
--- a/drivers/pinctrl/pinctrl-ingenic.c
+++ b/drivers/pinctrl/pinctrl-ingenic.c
@@ -642,7 +642,8 @@ static int ingenic_pinconf_set(struct pinctrl_dev *pctldev, unsigned int pin,
break;
default:
- unreachable();
+ /* unreachable */
+ break;
}
}
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 400/425] xsk: Simplify detection of empty and full rings
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (398 preceding siblings ...)
2021-05-20 9:22 ` [PATCH 4.19 399/425] pinctrl: ingenic: Improve unreachable code generation Greg Kroah-Hartman
@ 2021-05-20 9:22 ` Greg Kroah-Hartman
2021-05-20 9:22 ` [PATCH 4.19 401/425] ARM: 9058/1: cache-v7: refactor v7_invalidate_l1 to avoid clobbering r5/r6 Greg Kroah-Hartman
` (31 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:22 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Magnus Karlsson, Alexei Starovoitov,
Sasha Levin
From: Magnus Karlsson <magnus.karlsson@intel.com>
[ Upstream commit 11cc2d21499cabe7e7964389634ed1de3ee91d33 ]
In order to set the correct return flags for poll, the xsk code has to
check if the Rx queue is empty and if the Tx queue is full. This code
was unnecessarily large and complex as it used the functions that are
used to update the local state from the global state (xskq_nb_free and
xskq_nb_avail). Since we are not doing this nor updating any data
dependent on this state, we can simplify the functions. Another
benefit from this is that we can also simplify the xskq_nb_free and
xskq_nb_avail functions in a later commit.
Signed-off-by: Magnus Karlsson <magnus.karlsson@intel.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Link: https://lore.kernel.org/bpf/1576759171-28550-3-git-send-email-magnus.karlsson@intel.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/xdp/xsk_queue.h | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/net/xdp/xsk_queue.h b/net/xdp/xsk_queue.h
index fe96c0d039f2..cf7cbb5dd918 100644
--- a/net/xdp/xsk_queue.h
+++ b/net/xdp/xsk_queue.h
@@ -245,12 +245,15 @@ static inline void xskq_produce_flush_desc(struct xsk_queue *q)
static inline bool xskq_full_desc(struct xsk_queue *q)
{
- return xskq_nb_avail(q, q->nentries) == q->nentries;
+ /* No barriers needed since data is not accessed */
+ return READ_ONCE(q->ring->producer) - READ_ONCE(q->ring->consumer) ==
+ q->nentries;
}
static inline bool xskq_empty_desc(struct xsk_queue *q)
{
- return xskq_nb_free(q, q->prod_tail, q->nentries) == q->nentries;
+ /* No barriers needed since data is not accessed */
+ return READ_ONCE(q->ring->consumer) == READ_ONCE(q->ring->producer);
}
void xskq_set_umem(struct xsk_queue *q, struct xdp_umem_props *umem_props);
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 401/425] ARM: 9058/1: cache-v7: refactor v7_invalidate_l1 to avoid clobbering r5/r6
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (399 preceding siblings ...)
2021-05-20 9:22 ` [PATCH 4.19 400/425] xsk: Simplify detection of empty and full rings Greg Kroah-Hartman
@ 2021-05-20 9:22 ` Greg Kroah-Hartman
2021-05-20 9:22 ` [PATCH 4.19 402/425] PCI: thunder: Fix compile testing Greg Kroah-Hartman
` (30 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:22 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Nicolas Pitre, Ard Biesheuvel,
Russell King, Sasha Levin
From: Ard Biesheuvel <ardb@kernel.org>
[ Upstream commit f9e7a99fb6b86aa6a00e53b34ee6973840e005aa ]
The cache invalidation code in v7_invalidate_l1 can be tweaked to
re-read the associativity from CCSIDR, and keep the way identifier
component in a single register that is assigned in the outer loop. This
way, we need 2 registers less.
Given that the number of sets is typically much larger than the
associativity, rearrange the code so that the outer loop has the fewer
number of iterations, ensuring that the re-read of CCSIDR only occurs a
handful of times in practice.
Fix the whitespace while at it, and update the comment to indicate that
this code is no longer a clone of anything else.
Acked-by: Nicolas Pitre <nico@fluxnic.net>
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Russell King <rmk+kernel@armlinux.org.uk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/mm/cache-v7.S | 51 +++++++++++++++++++++---------------------
1 file changed, 25 insertions(+), 26 deletions(-)
diff --git a/arch/arm/mm/cache-v7.S b/arch/arm/mm/cache-v7.S
index 2149b47a0c5a..463965dc7922 100644
--- a/arch/arm/mm/cache-v7.S
+++ b/arch/arm/mm/cache-v7.S
@@ -28,41 +28,40 @@
* processor. We fix this by performing an invalidate, rather than a
* clean + invalidate, before jumping into the kernel.
*
- * This function is cloned from arch/arm/mach-tegra/headsmp.S, and needs
- * to be called for both secondary cores startup and primary core resume
- * procedures.
+ * This function needs to be called for both secondary cores startup and
+ * primary core resume procedures.
*/
ENTRY(v7_invalidate_l1)
mov r0, #0
mcr p15, 2, r0, c0, c0, 0
mrc p15, 1, r0, c0, c0, 0
- movw r1, #0x7fff
- and r2, r1, r0, lsr #13
+ movw r3, #0x3ff
+ and r3, r3, r0, lsr #3 @ 'Associativity' in CCSIDR[12:3]
+ clz r1, r3 @ WayShift
+ mov r2, #1
+ mov r3, r3, lsl r1 @ NumWays-1 shifted into bits [31:...]
+ movs r1, r2, lsl r1 @ #1 shifted left by same amount
+ moveq r1, #1 @ r1 needs value > 0 even if only 1 way
- movw r1, #0x3ff
+ and r2, r0, #0x7
+ add r2, r2, #4 @ SetShift
- and r3, r1, r0, lsr #3 @ NumWays - 1
- add r2, r2, #1 @ NumSets
+1: movw r4, #0x7fff
+ and r0, r4, r0, lsr #13 @ 'NumSets' in CCSIDR[27:13]
- and r0, r0, #0x7
- add r0, r0, #4 @ SetShift
-
- clz r1, r3 @ WayShift
- add r4, r3, #1 @ NumWays
-1: sub r2, r2, #1 @ NumSets--
- mov r3, r4 @ Temp = NumWays
-2: subs r3, r3, #1 @ Temp--
- mov r5, r3, lsl r1
- mov r6, r2, lsl r0
- orr r5, r5, r6 @ Reg = (Temp<<WayShift)|(NumSets<<SetShift)
- mcr p15, 0, r5, c7, c6, 2
- bgt 2b
- cmp r2, #0
- bgt 1b
- dsb st
- isb
- ret lr
+2: mov r4, r0, lsl r2 @ NumSet << SetShift
+ orr r4, r4, r3 @ Reg = (Temp<<WayShift)|(NumSets<<SetShift)
+ mcr p15, 0, r4, c7, c6, 2
+ subs r0, r0, #1 @ Set--
+ bpl 2b
+ subs r3, r3, r1 @ Way--
+ bcc 3f
+ mrc p15, 1, r0, c0, c0, 0 @ re-read cache geometry from CCSIDR
+ b 1b
+3: dsb st
+ isb
+ ret lr
ENDPROC(v7_invalidate_l1)
/*
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 402/425] PCI: thunder: Fix compile testing
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (400 preceding siblings ...)
2021-05-20 9:22 ` [PATCH 4.19 401/425] ARM: 9058/1: cache-v7: refactor v7_invalidate_l1 to avoid clobbering r5/r6 Greg Kroah-Hartman
@ 2021-05-20 9:22 ` Greg Kroah-Hartman
2021-05-20 9:22 ` [PATCH 4.19 403/425] ARM: 9066/1: ftrace: pause/unpause function graph tracer in cpu_suspend() Greg Kroah-Hartman
` (29 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:22 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Arnd Bergmann, Bjorn Helgaas,
Kuppuswamy Sathyanarayanan, Robert Richter, Sasha Levin
From: Arnd Bergmann <arnd@arndb.de>
[ Upstream commit 16f7ae5906dfbeff54f74ec75d0563bb3a87ab0b ]
Compile-testing these drivers is currently broken. Enabling it causes a
couple of build failures though:
drivers/pci/controller/pci-thunder-ecam.c:119:30: error: shift count >= width of type [-Werror,-Wshift-count-overflow]
drivers/pci/controller/pci-thunder-pem.c:54:2: error: implicit declaration of function 'writeq' [-Werror,-Wimplicit-function-declaration]
drivers/pci/controller/pci-thunder-pem.c:392:8: error: implicit declaration of function 'acpi_get_rc_resources' [-Werror,-Wimplicit-function-declaration]
Fix them with the obvious one-line changes.
Link: https://lore.kernel.org/r/20210308152501.2135937-2-arnd@kernel.org
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Reviewed-by: Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy@linux.intel.com>
Reviewed-by: Robert Richter <rric@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/pci/controller/pci-thunder-ecam.c | 2 +-
drivers/pci/controller/pci-thunder-pem.c | 13 +++++++------
drivers/pci/pci.h | 6 ++++++
3 files changed, 14 insertions(+), 7 deletions(-)
diff --git a/drivers/pci/controller/pci-thunder-ecam.c b/drivers/pci/controller/pci-thunder-ecam.c
index 32d1d7b81ef4..18715d2ce022 100644
--- a/drivers/pci/controller/pci-thunder-ecam.c
+++ b/drivers/pci/controller/pci-thunder-ecam.c
@@ -116,7 +116,7 @@ static int thunder_ecam_p2_config_read(struct pci_bus *bus, unsigned int devfn,
* the config space access window. Since we are working with
* the high-order 32 bits, shift everything down by 32 bits.
*/
- node_bits = (cfg->res.start >> 32) & (1 << 12);
+ node_bits = upper_32_bits(cfg->res.start) & (1 << 12);
v |= node_bits;
set_val(v, where, size, val);
diff --git a/drivers/pci/controller/pci-thunder-pem.c b/drivers/pci/controller/pci-thunder-pem.c
index f127ce8bd4ef..1650ec2c35f9 100644
--- a/drivers/pci/controller/pci-thunder-pem.c
+++ b/drivers/pci/controller/pci-thunder-pem.c
@@ -11,6 +11,7 @@
#include <linux/pci-acpi.h>
#include <linux/pci-ecam.h>
#include <linux/platform_device.h>
+#include <linux/io-64-nonatomic-lo-hi.h>
#include "../pci.h"
#if defined(CONFIG_PCI_HOST_THUNDER_PEM) || (defined(CONFIG_ACPI) && defined(CONFIG_PCI_QUIRKS))
@@ -314,9 +315,9 @@ static int thunder_pem_init(struct device *dev, struct pci_config_window *cfg,
* structure here for the BAR.
*/
bar4_start = res_pem->start + 0xf00000;
- pem_pci->ea_entry[0] = (u32)bar4_start | 2;
- pem_pci->ea_entry[1] = (u32)(res_pem->end - bar4_start) & ~3u;
- pem_pci->ea_entry[2] = (u32)(bar4_start >> 32);
+ pem_pci->ea_entry[0] = lower_32_bits(bar4_start) | 2;
+ pem_pci->ea_entry[1] = lower_32_bits(res_pem->end - bar4_start) & ~3u;
+ pem_pci->ea_entry[2] = upper_32_bits(bar4_start);
cfg->priv = pem_pci;
return 0;
@@ -324,9 +325,9 @@ static int thunder_pem_init(struct device *dev, struct pci_config_window *cfg,
#if defined(CONFIG_ACPI) && defined(CONFIG_PCI_QUIRKS)
-#define PEM_RES_BASE 0x87e0c0000000UL
-#define PEM_NODE_MASK GENMASK(45, 44)
-#define PEM_INDX_MASK GENMASK(26, 24)
+#define PEM_RES_BASE 0x87e0c0000000ULL
+#define PEM_NODE_MASK GENMASK_ULL(45, 44)
+#define PEM_INDX_MASK GENMASK_ULL(26, 24)
#define PEM_MIN_DOM_IN_NODE 4
#define PEM_MAX_DOM_IN_NODE 10
diff --git a/drivers/pci/pci.h b/drivers/pci/pci.h
index e9ede82ee2c2..39725b71300f 100644
--- a/drivers/pci/pci.h
+++ b/drivers/pci/pci.h
@@ -473,6 +473,12 @@ static inline int pci_dev_specific_reset(struct pci_dev *dev, int probe)
#if defined(CONFIG_PCI_QUIRKS) && defined(CONFIG_ARM64)
int acpi_get_rc_resources(struct device *dev, const char *hid, u16 segment,
struct resource *res);
+#else
+static inline int acpi_get_rc_resources(struct device *dev, const char *hid,
+ u16 segment, struct resource *res)
+{
+ return -ENODEV;
+}
#endif
u32 pci_rebar_get_possible_sizes(struct pci_dev *pdev, int bar);
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 403/425] ARM: 9066/1: ftrace: pause/unpause function graph tracer in cpu_suspend()
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (401 preceding siblings ...)
2021-05-20 9:22 ` [PATCH 4.19 402/425] PCI: thunder: Fix compile testing Greg Kroah-Hartman
@ 2021-05-20 9:22 ` Greg Kroah-Hartman
2021-05-20 9:22 ` [PATCH 4.19 404/425] ACPI / hotplug / PCI: Fix reference count leak in enable_slot() Greg Kroah-Hartman
` (28 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:22 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, louis.wang, Russell King, Sasha Levin
From: louis.wang <liang26812@gmail.com>
[ Upstream commit 8252ca87c7a2111502ee13994956f8c309faad7f ]
Enabling function_graph tracer on ARM causes kernel panic, because the
function graph tracer updates the "return address" of a function in order
to insert a trace callback on function exit, it saves the function's
original return address in a return trace stack, but cpu_suspend() may not
return through the normal return path.
cpu_suspend() will resume directly via the cpu_resume path, but the return
trace stack has been set-up by the subfunctions of cpu_suspend(), which
makes the "return address" inconsistent with cpu_suspend().
This patch refers to Commit de818bd4522c40ea02a81b387d2fa86f989c9623
("arm64: kernel: pause/unpause function graph tracer in cpu_suspend()"),
fixes the issue by pausing/resuming the function graph tracer on the thread
executing cpu_suspend(), so that the function graph tracer state is kept
consistent across functions that enter power down states and never return
by effectively disabling graph tracer while they are executing.
Signed-off-by: louis.wang <liang26812@gmail.com>
Signed-off-by: Russell King <rmk+kernel@armlinux.org.uk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/kernel/suspend.c | 19 ++++++++++++++++++-
1 file changed, 18 insertions(+), 1 deletion(-)
diff --git a/arch/arm/kernel/suspend.c b/arch/arm/kernel/suspend.c
index d08099269e35..e126386fb78a 100644
--- a/arch/arm/kernel/suspend.c
+++ b/arch/arm/kernel/suspend.c
@@ -1,4 +1,5 @@
// SPDX-License-Identifier: GPL-2.0
+#include <linux/ftrace.h>
#include <linux/init.h>
#include <linux/slab.h>
#include <linux/mm_types.h>
@@ -26,6 +27,13 @@ int cpu_suspend(unsigned long arg, int (*fn)(unsigned long))
if (!idmap_pgd)
return -EINVAL;
+ /*
+ * Function graph tracer state gets incosistent when the kernel
+ * calls functions that never return (aka suspend finishers) hence
+ * disable graph tracing during their execution.
+ */
+ pause_graph_tracing();
+
/*
* Provide a temporary page table with an identity mapping for
* the MMU-enable code, required for resuming. On successful
@@ -33,6 +41,9 @@ int cpu_suspend(unsigned long arg, int (*fn)(unsigned long))
* back to the correct page tables.
*/
ret = __cpu_suspend(arg, fn, __mpidr);
+
+ unpause_graph_tracing();
+
if (ret == 0) {
cpu_switch_mm(mm->pgd, mm);
local_flush_bp_all();
@@ -46,7 +57,13 @@ int cpu_suspend(unsigned long arg, int (*fn)(unsigned long))
int cpu_suspend(unsigned long arg, int (*fn)(unsigned long))
{
u32 __mpidr = cpu_logical_map(smp_processor_id());
- return __cpu_suspend(arg, fn, __mpidr);
+ int ret;
+
+ pause_graph_tracing();
+ ret = __cpu_suspend(arg, fn, __mpidr);
+ unpause_graph_tracing();
+
+ return ret;
}
#define idmap_pgd NULL
#endif
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 404/425] ACPI / hotplug / PCI: Fix reference count leak in enable_slot()
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (402 preceding siblings ...)
2021-05-20 9:22 ` [PATCH 4.19 403/425] ARM: 9066/1: ftrace: pause/unpause function graph tracer in cpu_suspend() Greg Kroah-Hartman
@ 2021-05-20 9:22 ` Greg Kroah-Hartman
2021-05-20 9:22 ` [PATCH 4.19 405/425] Input: elants_i2c - do not bind to i2c-hid compatible ACPI instantiated devices Greg Kroah-Hartman
` (27 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:22 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Feilong Lin, Zhiqiang Liu,
Bjorn Helgaas, Rafael J. Wysocki, Sasha Levin
From: Feilong Lin <linfeilong@huawei.com>
[ Upstream commit 3bbfd319034ddce59e023837a4aa11439460509b ]
In enable_slot(), if pci_get_slot() returns NULL, we clear the SLOT_ENABLED
flag. When pci_get_slot() finds a device, it increments the device's
reference count. In this case, we did not call pci_dev_put() to decrement
the reference count, so the memory of the device (struct pci_dev type) will
eventually leak.
Call pci_dev_put() to decrement its reference count when pci_get_slot()
returns a PCI device.
Link: https://lore.kernel.org/r/b411af88-5049-a1c6-83ac-d104a1f429be@huawei.com
Signed-off-by: Feilong Lin <linfeilong@huawei.com>
Signed-off-by: Zhiqiang Liu <liuzhiqiang26@huawei.com>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Reviewed-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/pci/hotplug/acpiphp_glue.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/pci/hotplug/acpiphp_glue.c b/drivers/pci/hotplug/acpiphp_glue.c
index be35bbfa6968..3d8844e7090a 100644
--- a/drivers/pci/hotplug/acpiphp_glue.c
+++ b/drivers/pci/hotplug/acpiphp_glue.c
@@ -540,6 +540,7 @@ static void enable_slot(struct acpiphp_slot *slot, bool bridge)
slot->flags &= ~SLOT_ENABLED;
continue;
}
+ pci_dev_put(dev);
}
}
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 405/425] Input: elants_i2c - do not bind to i2c-hid compatible ACPI instantiated devices
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (403 preceding siblings ...)
2021-05-20 9:22 ` [PATCH 4.19 404/425] ACPI / hotplug / PCI: Fix reference count leak in enable_slot() Greg Kroah-Hartman
@ 2021-05-20 9:22 ` Greg Kroah-Hartman
2021-05-20 9:22 ` [PATCH 4.19 406/425] Input: silead - add workaround for x86 BIOS-es which bring the chip up in a stuck state Greg Kroah-Hartman
` (26 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:22 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Benjamin Tissoires, Hans de Goede,
Dmitry Torokhov, Sasha Levin
From: Hans de Goede <hdegoede@redhat.com>
[ Upstream commit 65299e8bfb24774e6340e93ae49f6626598917c8 ]
Several users have been reporting that elants_i2c gives several errors
during probe and that their touchscreen does not work on their Lenovo AMD
based laptops with a touchscreen with a ELAN0001 ACPI hardware-id:
[ 0.550596] elants_i2c i2c-ELAN0001:00: i2c-ELAN0001:00 supply vcc33 not found, using dummy regulator
[ 0.551836] elants_i2c i2c-ELAN0001:00: i2c-ELAN0001:00 supply vccio not found, using dummy regulator
[ 0.560932] elants_i2c i2c-ELAN0001:00: elants_i2c_send failed (77 77 77 77): -121
[ 0.562427] elants_i2c i2c-ELAN0001:00: software reset failed: -121
[ 0.595925] elants_i2c i2c-ELAN0001:00: elants_i2c_send failed (77 77 77 77): -121
[ 0.597974] elants_i2c i2c-ELAN0001:00: software reset failed: -121
[ 0.621893] elants_i2c i2c-ELAN0001:00: elants_i2c_send failed (77 77 77 77): -121
[ 0.622504] elants_i2c i2c-ELAN0001:00: software reset failed: -121
[ 0.632650] elants_i2c i2c-ELAN0001:00: elants_i2c_send failed (4d 61 69 6e): -121
[ 0.634256] elants_i2c i2c-ELAN0001:00: boot failed: -121
[ 0.699212] elants_i2c i2c-ELAN0001:00: invalid 'hello' packet: 00 00 ff ff
[ 1.630506] elants_i2c i2c-ELAN0001:00: Failed to read fw id: -121
[ 1.645508] elants_i2c i2c-ELAN0001:00: unknown packet 00 00 ff ff
Despite these errors, the elants_i2c driver stays bound to the device
(it returns 0 from its probe method despite the errors), blocking the
i2c-hid driver from binding.
Manually unbinding the elants_i2c driver and binding the i2c-hid driver
makes the touchscreen work.
Check if the ACPI-fwnode for the touchscreen contains one of the i2c-hid
compatiblity-id strings and if it has the I2C-HID spec's DSM to get the
HID descriptor address, If it has both then make elants_i2c not bind,
so that the i2c-hid driver can bind.
This assumes that non of the (older) elan touchscreens which actually
need the elants_i2c driver falsely advertise an i2c-hid compatiblity-id
+ DSM in their ACPI-fwnodes. If some of them actually do have this
false advertising, then this change may lead to regressions.
While at it also drop the unnecessary DEVICE_NAME prefixing of the
"I2C check functionality error", dev_err already outputs the driver-name.
BugLink: https://bugzilla.kernel.org/show_bug.cgi?id=207759
Acked-by: Benjamin Tissoires <benjamin.tissoires@redhat.com>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Link: https://lore.kernel.org/r/20210405202756.16830-1-hdegoede@redhat.com
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/input/touchscreen/elants_i2c.c | 44 ++++++++++++++++++++++++--
1 file changed, 42 insertions(+), 2 deletions(-)
diff --git a/drivers/input/touchscreen/elants_i2c.c b/drivers/input/touchscreen/elants_i2c.c
index d21ca39b0fdb..adfae2d88707 100644
--- a/drivers/input/touchscreen/elants_i2c.c
+++ b/drivers/input/touchscreen/elants_i2c.c
@@ -41,6 +41,7 @@
#include <linux/of.h>
#include <linux/gpio/consumer.h>
#include <linux/regulator/consumer.h>
+#include <linux/uuid.h>
#include <asm/unaligned.h>
/* Device, Driver information */
@@ -1131,6 +1132,40 @@ static void elants_i2c_power_off(void *_data)
}
}
+#ifdef CONFIG_ACPI
+static const struct acpi_device_id i2c_hid_ids[] = {
+ {"ACPI0C50", 0 },
+ {"PNP0C50", 0 },
+ { },
+};
+
+static const guid_t i2c_hid_guid =
+ GUID_INIT(0x3CDFF6F7, 0x4267, 0x4555,
+ 0xAD, 0x05, 0xB3, 0x0A, 0x3D, 0x89, 0x38, 0xDE);
+
+static bool elants_acpi_is_hid_device(struct device *dev)
+{
+ acpi_handle handle = ACPI_HANDLE(dev);
+ union acpi_object *obj;
+
+ if (acpi_match_device_ids(ACPI_COMPANION(dev), i2c_hid_ids))
+ return false;
+
+ obj = acpi_evaluate_dsm_typed(handle, &i2c_hid_guid, 1, 1, NULL, ACPI_TYPE_INTEGER);
+ if (obj) {
+ ACPI_FREE(obj);
+ return true;
+ }
+
+ return false;
+}
+#else
+static bool elants_acpi_is_hid_device(struct device *dev)
+{
+ return false;
+}
+#endif
+
static int elants_i2c_probe(struct i2c_client *client,
const struct i2c_device_id *id)
{
@@ -1139,9 +1174,14 @@ static int elants_i2c_probe(struct i2c_client *client,
unsigned long irqflags;
int error;
+ /* Don't bind to i2c-hid compatible devices, these are handled by the i2c-hid drv. */
+ if (elants_acpi_is_hid_device(&client->dev)) {
+ dev_warn(&client->dev, "This device appears to be an I2C-HID device, not binding\n");
+ return -ENODEV;
+ }
+
if (!i2c_check_functionality(client->adapter, I2C_FUNC_I2C)) {
- dev_err(&client->dev,
- "%s: i2c check functionality error\n", DEVICE_NAME);
+ dev_err(&client->dev, "I2C check functionality error\n");
return -ENXIO;
}
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 406/425] Input: silead - add workaround for x86 BIOS-es which bring the chip up in a stuck state
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (404 preceding siblings ...)
2021-05-20 9:22 ` [PATCH 4.19 405/425] Input: elants_i2c - do not bind to i2c-hid compatible ACPI instantiated devices Greg Kroah-Hartman
@ 2021-05-20 9:22 ` Greg Kroah-Hartman
2021-05-20 9:22 ` [PATCH 4.19 407/425] um: Mark all kernel symbols as local Greg Kroah-Hartman
` (25 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:22 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hans de Goede, Dmitry Torokhov, Sasha Levin
From: Hans de Goede <hdegoede@redhat.com>
[ Upstream commit e479187748a8f151a85116a7091c599b121fdea5 ]
Some buggy BIOS-es bring up the touchscreen-controller in a stuck
state where it blocks the I2C bus. Specifically this happens on
the Jumper EZpad 7 tablet model.
After much poking at this problem I have found that the following steps
are necessary to unstuck the chip / bus:
1. Turn off the Silead chip.
2. Try to do an I2C transfer with the chip, this will fail in response to
which the I2C-bus-driver will call: i2c_recover_bus() which will unstuck
the I2C-bus. Note the unstuck-ing of the I2C bus only works if we first
drop the chip of the bus by turning it off.
3. Turn the chip back on.
On the x86/ACPI systems were this problem is seen, step 1. and 3. require
making ACPI calls and dealing with ACPI Power Resources. This commit adds
a workaround which runtime-suspends the chip to turn it off, leaving it up
to the ACPI subsystem to deal with all the ACPI specific details.
There is no good way to detect this bug, so the workaround gets activated
by a new "silead,stuck-controller-bug" boolean device-property. Since this
is only used on x86/ACPI, this will be set by model specific device-props
set by drivers/platform/x86/touchscreen_dmi.c. Therefor this new
device-property is not documented in the DT-bindings.
Dmesg will contain the following messages on systems where the workaround
is activated:
[ 54.309029] silead_ts i2c-MSSL1680:00: [Firmware Bug]: Stuck I2C bus: please ignore the next 'controller timed out' error
[ 55.373593] i2c_designware 808622C1:04: controller timed out
[ 55.582186] silead_ts i2c-MSSL1680:00: Silead chip ID: 0x80360000
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Link: https://lore.kernel.org/r/20210405202745.16777-1-hdegoede@redhat.com
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/input/touchscreen/silead.c | 44 +++++++++++++++++++++++++++---
1 file changed, 40 insertions(+), 4 deletions(-)
diff --git a/drivers/input/touchscreen/silead.c b/drivers/input/touchscreen/silead.c
index 06f0eb04a8fd..a787a6aefc69 100644
--- a/drivers/input/touchscreen/silead.c
+++ b/drivers/input/touchscreen/silead.c
@@ -28,6 +28,7 @@
#include <linux/input/mt.h>
#include <linux/input/touchscreen.h>
#include <linux/pm.h>
+#include <linux/pm_runtime.h>
#include <linux/irq.h>
#include <linux/regulator/consumer.h>
@@ -343,10 +344,8 @@ static int silead_ts_get_id(struct i2c_client *client)
error = i2c_smbus_read_i2c_block_data(client, SILEAD_REG_ID,
sizeof(chip_id), (u8 *)&chip_id);
- if (error < 0) {
- dev_err(&client->dev, "Chip ID read error %d\n", error);
+ if (error < 0)
return error;
- }
data->chip_id = le32_to_cpu(chip_id);
dev_info(&client->dev, "Silead chip ID: 0x%8X", data->chip_id);
@@ -359,12 +358,49 @@ static int silead_ts_setup(struct i2c_client *client)
int error;
u32 status;
+ /*
+ * Some buggy BIOS-es bring up the chip in a stuck state where it
+ * blocks the I2C bus. The following steps are necessary to
+ * unstuck the chip / bus:
+ * 1. Turn off the Silead chip.
+ * 2. Try to do an I2C transfer with the chip, this will fail in
+ * response to which the I2C-bus-driver will call:
+ * i2c_recover_bus() which will unstuck the I2C-bus. Note the
+ * unstuck-ing of the I2C bus only works if we first drop the
+ * chip off the bus by turning it off.
+ * 3. Turn the chip back on.
+ *
+ * On the x86/ACPI systems were this problem is seen, step 1. and
+ * 3. require making ACPI calls and dealing with ACPI Power
+ * Resources. The workaround below runtime-suspends the chip to
+ * turn it off, leaving it up to the ACPI subsystem to deal with
+ * this.
+ */
+
+ if (device_property_read_bool(&client->dev,
+ "silead,stuck-controller-bug")) {
+ pm_runtime_set_active(&client->dev);
+ pm_runtime_enable(&client->dev);
+ pm_runtime_allow(&client->dev);
+
+ pm_runtime_suspend(&client->dev);
+
+ dev_warn(&client->dev, FW_BUG "Stuck I2C bus: please ignore the next 'controller timed out' error\n");
+ silead_ts_get_id(client);
+
+ /* The forbid will also resume the device */
+ pm_runtime_forbid(&client->dev);
+ pm_runtime_disable(&client->dev);
+ }
+
silead_ts_set_power(client, SILEAD_POWER_OFF);
silead_ts_set_power(client, SILEAD_POWER_ON);
error = silead_ts_get_id(client);
- if (error)
+ if (error) {
+ dev_err(&client->dev, "Chip ID read error %d\n", error);
return error;
+ }
error = silead_ts_init(client);
if (error)
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 407/425] um: Mark all kernel symbols as local
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (405 preceding siblings ...)
2021-05-20 9:22 ` [PATCH 4.19 406/425] Input: silead - add workaround for x86 BIOS-es which bring the chip up in a stuck state Greg Kroah-Hartman
@ 2021-05-20 9:22 ` Greg Kroah-Hartman
2021-05-20 9:22 ` [PATCH 4.19 408/425] ARM: 9075/1: kernel: Fix interrupted SMC calls Greg Kroah-Hartman
` (24 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:22 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Ritesh Raj Sarraf, Johannes Berg,
Anton Ivanov, Richard Weinberger, Sasha Levin
From: Johannes Berg <johannes.berg@intel.com>
[ Upstream commit d5027ca63e0e778b641cf23e3f5c6d6212cf412b ]
Ritesh reported a bug [1] against UML, noting that it crashed on
startup. The backtrace shows the following (heavily redacted):
(gdb) bt
...
#26 0x0000000060015b5d in sem_init () at ipc/sem.c:268
#27 0x00007f89906d92f7 in ?? () from /lib/x86_64-linux-gnu/libcom_err.so.2
#28 0x00007f8990ab8fb2 in call_init (...) at dl-init.c:72
...
#40 0x00007f89909bf3a6 in nss_load_library (...) at nsswitch.c:359
...
#44 0x00007f8990895e35 in _nss_compat_getgrnam_r (...) at nss_compat/compat-grp.c:486
#45 0x00007f8990968b85 in __getgrnam_r [...]
#46 0x00007f89909d6b77 in grantpt [...]
#47 0x00007f8990a9394e in __GI_openpty [...]
#48 0x00000000604a1f65 in openpty_cb (...) at arch/um/os-Linux/sigio.c:407
#49 0x00000000604a58d0 in start_idle_thread (...) at arch/um/os-Linux/skas/process.c:598
#50 0x0000000060004a3d in start_uml () at arch/um/kernel/skas/process.c:45
#51 0x00000000600047b2 in linux_main (...) at arch/um/kernel/um_arch.c:334
#52 0x000000006000574f in main (...) at arch/um/os-Linux/main.c:144
indicating that the UML function openpty_cb() calls openpty(),
which internally calls __getgrnam_r(), which causes the nsswitch
machinery to get started.
This loads, through lots of indirection that I snipped, the
libcom_err.so.2 library, which (in an unknown function, "??")
calls sem_init().
Now, of course it wants to get libpthread's sem_init(), since
it's linked against libpthread. However, the dynamic linker
looks up that symbol against the binary first, and gets the
kernel's sem_init().
Hajime Tazaki noted that "objcopy -L" can localize a symbol,
so the dynamic linker wouldn't do the lookup this way. I tried,
but for some reason that didn't seem to work.
Doing the same thing in the linker script instead does seem to
work, though I cannot entirely explain - it *also* works if I
just add "VERSION { { global: *; }; }" instead, indicating that
something else is happening that I don't really understand. It
may be that explicitly doing that marks them with some kind of
empty version, and that's different from the default.
Explicitly marking them with a version breaks kallsyms, so that
doesn't seem to be possible.
Marking all the symbols as local seems correct, and does seem
to address the issue, so do that. Also do it for static link,
nsswitch libraries could still be loaded there.
[1] https://bugs.debian.org/983379
Reported-by: Ritesh Raj Sarraf <rrs@debian.org>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Acked-By: Anton Ivanov <anton.ivanov@cambridgegreys.com>
Tested-By: Ritesh Raj Sarraf <rrs@debian.org>
Signed-off-by: Richard Weinberger <richard@nod.at>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/um/kernel/dyn.lds.S | 6 ++++++
arch/um/kernel/uml.lds.S | 6 ++++++
2 files changed, 12 insertions(+)
diff --git a/arch/um/kernel/dyn.lds.S b/arch/um/kernel/dyn.lds.S
index 5568cf882371..899233625467 100644
--- a/arch/um/kernel/dyn.lds.S
+++ b/arch/um/kernel/dyn.lds.S
@@ -6,6 +6,12 @@ OUTPUT_ARCH(ELF_ARCH)
ENTRY(_start)
jiffies = jiffies_64;
+VERSION {
+ {
+ local: *;
+ };
+}
+
SECTIONS
{
PROVIDE (__executable_start = START);
diff --git a/arch/um/kernel/uml.lds.S b/arch/um/kernel/uml.lds.S
index 36b07ec09742..22ff701d9b71 100644
--- a/arch/um/kernel/uml.lds.S
+++ b/arch/um/kernel/uml.lds.S
@@ -7,6 +7,12 @@ OUTPUT_ARCH(ELF_ARCH)
ENTRY(_start)
jiffies = jiffies_64;
+VERSION {
+ {
+ local: *;
+ };
+}
+
SECTIONS
{
/* This must contain the right address - not quite the default ELF one.*/
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 408/425] ARM: 9075/1: kernel: Fix interrupted SMC calls
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (406 preceding siblings ...)
2021-05-20 9:22 ` [PATCH 4.19 407/425] um: Mark all kernel symbols as local Greg Kroah-Hartman
@ 2021-05-20 9:22 ` Greg Kroah-Hartman
2021-05-20 9:22 ` [PATCH 4.19 409/425] scripts/recordmcount.pl: Fix RISC-V regex for clang Greg Kroah-Hartman
` (23 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:22 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Manivannan Sadhasivam,
Bjorn Andersson, Russell King, Sasha Levin
From: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
[ Upstream commit 57ac51667d8cd62731223d687e5fe7b41c502f89 ]
On Qualcomm ARM32 platforms, the SMC call can return before it has
completed. If this occurs, the call can be restarted, but it requires
using the returned session ID value from the interrupted SMC call.
The ARM32 SMCC code already has the provision to add platform specific
quirks for things like this. So let's make use of it and add the
Qualcomm specific quirk (ARM_SMCCC_QUIRK_QCOM_A6) used by the QCOM_SCM
driver.
This change is similar to the below one added for ARM64 a while ago:
commit 82bcd087029f ("firmware: qcom: scm: Fix interrupted SCM calls")
Without this change, the Qualcomm ARM32 platforms like SDX55 will return
-EINVAL for SMC calls used for modem firmware loading and validation.
Signed-off-by: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
Reviewed-by: Bjorn Andersson <bjorn.andersson@linaro.org>
Signed-off-by: Russell King <rmk+kernel@armlinux.org.uk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/kernel/asm-offsets.c | 3 +++
arch/arm/kernel/smccc-call.S | 11 ++++++++++-
2 files changed, 13 insertions(+), 1 deletion(-)
diff --git a/arch/arm/kernel/asm-offsets.c b/arch/arm/kernel/asm-offsets.c
index ae85f67a6352..40afe953a0e2 100644
--- a/arch/arm/kernel/asm-offsets.c
+++ b/arch/arm/kernel/asm-offsets.c
@@ -30,6 +30,7 @@
#include <asm/vdso_datapage.h>
#include <asm/hardware/cache-l2x0.h>
#include <linux/kbuild.h>
+#include <linux/arm-smccc.h>
#include "signal.h"
/*
@@ -159,6 +160,8 @@ int main(void)
DEFINE(SLEEP_SAVE_SP_PHYS, offsetof(struct sleep_save_sp, save_ptr_stash_phys));
DEFINE(SLEEP_SAVE_SP_VIRT, offsetof(struct sleep_save_sp, save_ptr_stash));
#endif
+ DEFINE(ARM_SMCCC_QUIRK_ID_OFFS, offsetof(struct arm_smccc_quirk, id));
+ DEFINE(ARM_SMCCC_QUIRK_STATE_OFFS, offsetof(struct arm_smccc_quirk, state));
BLANK();
DEFINE(DMA_BIDIRECTIONAL, DMA_BIDIRECTIONAL);
DEFINE(DMA_TO_DEVICE, DMA_TO_DEVICE);
diff --git a/arch/arm/kernel/smccc-call.S b/arch/arm/kernel/smccc-call.S
index e5d43066b889..13d307cd364c 100644
--- a/arch/arm/kernel/smccc-call.S
+++ b/arch/arm/kernel/smccc-call.S
@@ -12,7 +12,9 @@
*
*/
#include <linux/linkage.h>
+#include <linux/arm-smccc.h>
+#include <asm/asm-offsets.h>
#include <asm/opcodes-sec.h>
#include <asm/opcodes-virt.h>
#include <asm/unwind.h>
@@ -36,7 +38,14 @@ UNWIND( .fnstart)
UNWIND( .save {r4-r7})
ldm r12, {r4-r7}
\instr
- pop {r4-r7}
+ ldr r4, [sp, #36]
+ cmp r4, #0
+ beq 1f // No quirk structure
+ ldr r5, [r4, #ARM_SMCCC_QUIRK_ID_OFFS]
+ cmp r5, #ARM_SMCCC_QUIRK_QCOM_A6
+ bne 1f // No quirk present
+ str r6, [r4, #ARM_SMCCC_QUIRK_STATE_OFFS]
+1: pop {r4-r7}
ldr r12, [sp, #(4 * 4)]
stm r12, {r0-r3}
bx lr
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 409/425] scripts/recordmcount.pl: Fix RISC-V regex for clang
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (407 preceding siblings ...)
2021-05-20 9:22 ` [PATCH 4.19 408/425] ARM: 9075/1: kernel: Fix interrupted SMC calls Greg Kroah-Hartman
@ 2021-05-20 9:22 ` Greg Kroah-Hartman
2021-05-20 9:22 ` [PATCH 4.19 410/425] riscv: Workaround mcount name prior to clang-13 Greg Kroah-Hartman
` (22 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:22 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Nathan Chancellor, Fangrui Song,
Palmer Dabbelt, Sasha Levin
From: Nathan Chancellor <nathan@kernel.org>
[ Upstream commit 2f095504f4b9cf75856d6a9cf90299cf75aa46c5 ]
Clang can generate R_RISCV_CALL_PLT relocations to _mcount:
$ llvm-objdump -dr build/riscv/init/main.o | rg mcount
000000000000000e: R_RISCV_CALL_PLT _mcount
000000000000004e: R_RISCV_CALL_PLT _mcount
After this, the __start_mcount_loc section is properly generated and
function tracing still works.
Link: https://github.com/ClangBuiltLinux/linux/issues/1331
Signed-off-by: Nathan Chancellor <nathan@kernel.org>
Reviewed-by: Fangrui Song <maskray@google.com>
Signed-off-by: Palmer Dabbelt <palmerdabbelt@google.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
scripts/recordmcount.pl | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/scripts/recordmcount.pl b/scripts/recordmcount.pl
index 9a8fe8ea6b03..bc12e12e4b3a 100755
--- a/scripts/recordmcount.pl
+++ b/scripts/recordmcount.pl
@@ -395,7 +395,7 @@ if ($arch eq "x86_64") {
$mcount_regex = "^\\s*([0-9a-fA-F]+):.*\\s_mcount\$";
} elsif ($arch eq "riscv") {
$function_regex = "^([0-9a-fA-F]+)\\s+<([^.0-9][0-9a-zA-Z_\\.]+)>:";
- $mcount_regex = "^\\s*([0-9a-fA-F]+):\\sR_RISCV_CALL\\s_mcount\$";
+ $mcount_regex = "^\\s*([0-9a-fA-F]+):\\sR_RISCV_CALL(_PLT)?\\s_mcount\$";
$type = ".quad";
$alignment = 2;
} elsif ($arch eq "nds32") {
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 410/425] riscv: Workaround mcount name prior to clang-13
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (408 preceding siblings ...)
2021-05-20 9:22 ` [PATCH 4.19 409/425] scripts/recordmcount.pl: Fix RISC-V regex for clang Greg Kroah-Hartman
@ 2021-05-20 9:22 ` Greg Kroah-Hartman
2021-05-20 9:23 ` [PATCH 4.19 411/425] ceph: fix fscache invalidation Greg Kroah-Hartman
` (21 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:22 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Nathan Chancellor, Nick Desaulniers,
Palmer Dabbelt, Sasha Levin
From: Nathan Chancellor <nathan@kernel.org>
[ Upstream commit 7ce04771503074a7de7f539cc43f5e1b385cb99b ]
Prior to clang 13.0.0, the RISC-V name for the mcount symbol was
"mcount", which differs from the GCC version of "_mcount", which results
in the following errors:
riscv64-linux-gnu-ld: init/main.o: in function `__traceiter_initcall_level':
main.c:(.text+0xe): undefined reference to `mcount'
riscv64-linux-gnu-ld: init/main.o: in function `__traceiter_initcall_start':
main.c:(.text+0x4e): undefined reference to `mcount'
riscv64-linux-gnu-ld: init/main.o: in function `__traceiter_initcall_finish':
main.c:(.text+0x92): undefined reference to `mcount'
riscv64-linux-gnu-ld: init/main.o: in function `.LBB32_28':
main.c:(.text+0x30c): undefined reference to `mcount'
riscv64-linux-gnu-ld: init/main.o: in function `free_initmem':
main.c:(.text+0x54c): undefined reference to `mcount'
This has been corrected in https://reviews.llvm.org/D98881 but the
minimum supported clang version is 10.0.1. To avoid build errors and to
gain a working function tracer, adjust the name of the mcount symbol for
older versions of clang in mount.S and recordmcount.pl.
Link: https://github.com/ClangBuiltLinux/linux/issues/1331
Signed-off-by: Nathan Chancellor <nathan@kernel.org>
Reviewed-by: Nick Desaulniers <ndesaulniers@google.com>
Signed-off-by: Palmer Dabbelt <palmerdabbelt@google.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/riscv/include/asm/ftrace.h | 14 ++++++++++++--
arch/riscv/kernel/mcount.S | 10 +++++-----
scripts/recordmcount.pl | 2 +-
3 files changed, 18 insertions(+), 8 deletions(-)
diff --git a/arch/riscv/include/asm/ftrace.h b/arch/riscv/include/asm/ftrace.h
index 02fbc175142e..693c3839a7df 100644
--- a/arch/riscv/include/asm/ftrace.h
+++ b/arch/riscv/include/asm/ftrace.h
@@ -10,9 +10,19 @@
#endif
#define HAVE_FUNCTION_GRAPH_RET_ADDR_PTR
+/*
+ * Clang prior to 13 had "mcount" instead of "_mcount":
+ * https://reviews.llvm.org/D98881
+ */
+#if defined(CONFIG_CC_IS_GCC) || CONFIG_CLANG_VERSION >= 130000
+#define MCOUNT_NAME _mcount
+#else
+#define MCOUNT_NAME mcount
+#endif
+
#define ARCH_SUPPORTS_FTRACE_OPS 1
#ifndef __ASSEMBLY__
-void _mcount(void);
+void MCOUNT_NAME(void);
static inline unsigned long ftrace_call_adjust(unsigned long addr)
{
return addr;
@@ -33,7 +43,7 @@ struct dyn_arch_ftrace {
* both auipc and jalr at the same time.
*/
-#define MCOUNT_ADDR ((unsigned long)_mcount)
+#define MCOUNT_ADDR ((unsigned long)MCOUNT_NAME)
#define JALR_SIGN_MASK (0x00000800)
#define JALR_OFFSET_MASK (0x00000fff)
#define AUIPC_OFFSET_MASK (0xfffff000)
diff --git a/arch/riscv/kernel/mcount.S b/arch/riscv/kernel/mcount.S
index 5721624886a1..fabddee90d1b 100644
--- a/arch/riscv/kernel/mcount.S
+++ b/arch/riscv/kernel/mcount.S
@@ -47,8 +47,8 @@
ENTRY(ftrace_stub)
#ifdef CONFIG_DYNAMIC_FTRACE
- .global _mcount
- .set _mcount, ftrace_stub
+ .global MCOUNT_NAME
+ .set MCOUNT_NAME, ftrace_stub
#endif
ret
ENDPROC(ftrace_stub)
@@ -79,7 +79,7 @@ EXPORT_SYMBOL(return_to_handler)
#endif
#ifndef CONFIG_DYNAMIC_FTRACE
-ENTRY(_mcount)
+ENTRY(MCOUNT_NAME)
la t4, ftrace_stub
#ifdef CONFIG_FUNCTION_GRAPH_TRACER
la t0, ftrace_graph_return
@@ -125,6 +125,6 @@ do_trace:
jalr t5
RESTORE_ABI_STATE
ret
-ENDPROC(_mcount)
+ENDPROC(MCOUNT_NAME)
#endif
-EXPORT_SYMBOL(_mcount)
+EXPORT_SYMBOL(MCOUNT_NAME)
diff --git a/scripts/recordmcount.pl b/scripts/recordmcount.pl
index bc12e12e4b3a..657e69125a46 100755
--- a/scripts/recordmcount.pl
+++ b/scripts/recordmcount.pl
@@ -395,7 +395,7 @@ if ($arch eq "x86_64") {
$mcount_regex = "^\\s*([0-9a-fA-F]+):.*\\s_mcount\$";
} elsif ($arch eq "riscv") {
$function_regex = "^([0-9a-fA-F]+)\\s+<([^.0-9][0-9a-zA-Z_\\.]+)>:";
- $mcount_regex = "^\\s*([0-9a-fA-F]+):\\sR_RISCV_CALL(_PLT)?\\s_mcount\$";
+ $mcount_regex = "^\\s*([0-9a-fA-F]+):\\sR_RISCV_CALL(_PLT)?\\s_?mcount\$";
$type = ".quad";
$alignment = 2;
} elsif ($arch eq "nds32") {
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 411/425] ceph: fix fscache invalidation
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (409 preceding siblings ...)
2021-05-20 9:22 ` [PATCH 4.19 410/425] riscv: Workaround mcount name prior to clang-13 Greg Kroah-Hartman
@ 2021-05-20 9:23 ` Greg Kroah-Hartman
2021-05-20 9:23 ` [PATCH 4.19 412/425] scsi: target: tcmu: Return from tcmu_handle_completions() if cmd_id not found Greg Kroah-Hartman
` (20 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:23 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jeff Layton, Ilya Dryomov, Sasha Levin
From: Jeff Layton <jlayton@kernel.org>
[ Upstream commit 10a7052c7868bc7bc72d947f5aac6f768928db87 ]
Ensure that we invalidate the fscache whenever we invalidate the
pagecache.
Signed-off-by: Jeff Layton <jlayton@kernel.org>
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/ceph/caps.c | 1 +
fs/ceph/inode.c | 1 +
2 files changed, 2 insertions(+)
diff --git a/fs/ceph/caps.c b/fs/ceph/caps.c
index 6e871a382209..918781c51f0b 100644
--- a/fs/ceph/caps.c
+++ b/fs/ceph/caps.c
@@ -1779,6 +1779,7 @@ static int try_nonblocking_invalidate(struct inode *inode)
u32 invalidating_gen = ci->i_rdcache_gen;
spin_unlock(&ci->i_ceph_lock);
+ ceph_fscache_invalidate(inode);
invalidate_mapping_pages(&inode->i_data, 0, -1);
spin_lock(&ci->i_ceph_lock);
diff --git a/fs/ceph/inode.c b/fs/ceph/inode.c
index 3c24fb77ef32..5f041fede7aa 100644
--- a/fs/ceph/inode.c
+++ b/fs/ceph/inode.c
@@ -1823,6 +1823,7 @@ static void ceph_invalidate_work(struct work_struct *work)
orig_gen = ci->i_rdcache_gen;
spin_unlock(&ci->i_ceph_lock);
+ ceph_fscache_invalidate(inode);
if (invalidate_inode_pages2(inode->i_mapping) < 0) {
pr_err("invalidate_pages %p fails\n", inode);
}
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 412/425] scsi: target: tcmu: Return from tcmu_handle_completions() if cmd_id not found
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (410 preceding siblings ...)
2021-05-20 9:23 ` [PATCH 4.19 411/425] ceph: fix fscache invalidation Greg Kroah-Hartman
@ 2021-05-20 9:23 ` Greg Kroah-Hartman
2021-05-20 9:23 ` [PATCH 4.19 413/425] gpiolib: acpi: Add quirk to ignore EC wakeups on Dell Venue 10 Pro 5055 Greg Kroah-Hartman
` (19 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:23 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Bodo Stroesser, Martin K. Petersen,
Sasha Levin
From: Bodo Stroesser <bostroesser@gmail.com>
[ Upstream commit 9814b55cde0588b6d9bc496cee43f87316cbc6f1 ]
If tcmu_handle_completions() finds an invalid cmd_id while looping over cmd
responses from userspace it sets TCMU_DEV_BIT_BROKEN and breaks the
loop. This means that it does further handling for the tcmu device.
Skip that handling by replacing 'break' with 'return'.
Additionally change tcmu_handle_completions() from unsigned int to bool,
since the value used in return already is bool.
Link: https://lore.kernel.org/r/20210423150123.24468-1-bostroesser@gmail.com
Signed-off-by: Bodo Stroesser <bostroesser@gmail.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/target/target_core_user.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/target/target_core_user.c b/drivers/target/target_core_user.c
index 0219b5a865be..dd7307375504 100644
--- a/drivers/target/target_core_user.c
+++ b/drivers/target/target_core_user.c
@@ -1216,7 +1216,7 @@ static void tcmu_set_next_deadline(struct list_head *queue,
del_timer(timer);
}
-static unsigned int tcmu_handle_completions(struct tcmu_dev *udev)
+static bool tcmu_handle_completions(struct tcmu_dev *udev)
{
struct tcmu_mailbox *mb;
struct tcmu_cmd *cmd;
@@ -1256,7 +1256,7 @@ static unsigned int tcmu_handle_completions(struct tcmu_dev *udev)
pr_err("cmd_id %u not found, ring is broken\n",
entry->hdr.cmd_id);
set_bit(TCMU_DEV_BIT_BROKEN, &udev->flags);
- break;
+ return false;
}
tcmu_handle_completion(cmd, entry);
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 413/425] gpiolib: acpi: Add quirk to ignore EC wakeups on Dell Venue 10 Pro 5055
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (411 preceding siblings ...)
2021-05-20 9:23 ` [PATCH 4.19 412/425] scsi: target: tcmu: Return from tcmu_handle_completions() if cmd_id not found Greg Kroah-Hartman
@ 2021-05-20 9:23 ` Greg Kroah-Hartman
2021-05-20 9:23 ` [PATCH 4.19 414/425] ALSA: hda: generic: change the DAC ctl name for LO+SPK or LO+HP Greg Kroah-Hartman
` (18 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:23 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hans de Goede, Andy Shevchenko, Sasha Levin
From: Hans de Goede <hdegoede@redhat.com>
[ Upstream commit da91ece226729c76f60708efc275ebd4716ad089 ]
Like some other Bay and Cherry Trail SoC based devices the Dell Venue
10 Pro 5055 has an embedded-controller which uses ACPI GPIO events to
report events instead of using the standard ACPI EC interface for this.
The EC interrupt is only used to report battery-level changes and
it keeps doing this while the system is suspended, causing the system
to not stay suspended.
Add an ignore-wake quirk for the GPIO pin used by the EC to fix the
spurious wakeups from suspend.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Acked-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpio/gpiolib-acpi.c | 14 ++++++++++++++
1 file changed, 14 insertions(+)
diff --git a/drivers/gpio/gpiolib-acpi.c b/drivers/gpio/gpiolib-acpi.c
index 4ad34c6803ad..b018909a4e46 100644
--- a/drivers/gpio/gpiolib-acpi.c
+++ b/drivers/gpio/gpiolib-acpi.c
@@ -1355,6 +1355,20 @@ static const struct dmi_system_id gpiolib_acpi_quirks[] = {
.no_edge_events_on_boot = true,
},
},
+ {
+ /*
+ * The Dell Venue 10 Pro 5055, with Bay Trail SoC + TI PMIC uses an
+ * external embedded-controller connected via I2C + an ACPI GPIO
+ * event handler on INT33FFC:02 pin 12, causing spurious wakeups.
+ */
+ .matches = {
+ DMI_MATCH(DMI_SYS_VENDOR, "Dell Inc."),
+ DMI_MATCH(DMI_PRODUCT_NAME, "Venue 10 Pro 5055"),
+ },
+ .driver_data = &(struct acpi_gpiolib_dmi_quirk) {
+ .ignore_wake = "INT33FC:02@12",
+ },
+ },
{
/*
* HP X2 10 models with Cherry Trail SoC + TI PMIC use an
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 414/425] ALSA: hda: generic: change the DAC ctl name for LO+SPK or LO+HP
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (412 preceding siblings ...)
2021-05-20 9:23 ` [PATCH 4.19 413/425] gpiolib: acpi: Add quirk to ignore EC wakeups on Dell Venue 10 Pro 5055 Greg Kroah-Hartman
@ 2021-05-20 9:23 ` Greg Kroah-Hartman
2021-05-20 9:23 ` [PATCH 4.19 415/425] block: reexpand iov_iter after read/write Greg Kroah-Hartman
` (17 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:23 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hui Wang, Takashi Iwai, Sasha Levin
From: Hui Wang <hui.wang@canonical.com>
[ Upstream commit f48652bbe3ae62ba2835a396b7e01f063e51c4cd ]
Without this change, the DAC ctl's name could be changed only when
the machine has both Speaker and Headphone, but we met some machines
which only has Lineout and Headhpone, and the Lineout and Headphone
share the Audio Mixer0 and DAC0, the ctl's name is set to "Front".
On most of machines, the "Front" is used for Speaker only or Lineout
only, but on this machine it is shared by Lineout and Headphone,
This introduces an issue in the pipewire and pulseaudio, suppose users
want the Headphone to be on and the Speaker/Lineout to be off, they
could turn off the "Front", this works on most of the machines, but on
this machine, the "Front" couldn't be turned off otherwise the
headphone will be off too. Here we do some change to let the ctl's
name change to "Headphone+LO" on this machine, and pipewire and
pulseaudio already could handle "Headphone+LO" and "Speaker+LO".
(https://gitlab.freedesktop.org/pipewire/pipewire/-/issues/747)
BugLink: http://bugs.launchpad.net/bugs/804178
Signed-off-by: Hui Wang <hui.wang@canonical.com>
Link: https://lore.kernel.org/r/20210504073917.22406-1-hui.wang@canonical.com
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/pci/hda/hda_generic.c | 16 +++++++++++-----
1 file changed, 11 insertions(+), 5 deletions(-)
diff --git a/sound/pci/hda/hda_generic.c b/sound/pci/hda/hda_generic.c
index b9f7b23ae378..6099a9f1cb3d 100644
--- a/sound/pci/hda/hda_generic.c
+++ b/sound/pci/hda/hda_generic.c
@@ -1214,11 +1214,17 @@ static const char *get_line_out_pfx(struct hda_codec *codec, int ch,
*index = ch;
return "Headphone";
case AUTO_PIN_LINE_OUT:
- /* This deals with the case where we have two DACs and
- * one LO, one HP and one Speaker */
- if (!ch && cfg->speaker_outs && cfg->hp_outs) {
- bool hp_lo_shared = !path_has_mixer(codec, spec->hp_paths[0], ctl_type);
- bool spk_lo_shared = !path_has_mixer(codec, spec->speaker_paths[0], ctl_type);
+ /* This deals with the case where one HP or one Speaker or
+ * one HP + one Speaker need to share the DAC with LO
+ */
+ if (!ch) {
+ bool hp_lo_shared = false, spk_lo_shared = false;
+
+ if (cfg->speaker_outs)
+ spk_lo_shared = !path_has_mixer(codec,
+ spec->speaker_paths[0], ctl_type);
+ if (cfg->hp_outs)
+ hp_lo_shared = !path_has_mixer(codec, spec->hp_paths[0], ctl_type);
if (hp_lo_shared && spk_lo_shared)
return spec->vmaster_mute.hook ? "PCM" : "Master";
if (hp_lo_shared)
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 415/425] block: reexpand iov_iter after read/write
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (413 preceding siblings ...)
2021-05-20 9:23 ` [PATCH 4.19 414/425] ALSA: hda: generic: change the DAC ctl name for LO+SPK or LO+HP Greg Kroah-Hartman
@ 2021-05-20 9:23 ` Greg Kroah-Hartman
2021-05-20 9:23 ` [PATCH 4.19 416/425] lib: stackdepot: turn depot_lock spinlock to raw_spinlock Greg Kroah-Hartman
` (16 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:23 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, yangerkun, Pavel Begunkov,
Jens Axboe, Sasha Levin
From: yangerkun <yangerkun@huawei.com>
[ Upstream commit cf7b39a0cbf6bf57aa07a008d46cf695add05b4c ]
We get a bug:
BUG: KASAN: slab-out-of-bounds in iov_iter_revert+0x11c/0x404
lib/iov_iter.c:1139
Read of size 8 at addr ffff0000d3fb11f8 by task
CPU: 0 PID: 12582 Comm: syz-executor.2 Not tainted
5.10.0-00843-g352c8610ccd2 #2
Hardware name: linux,dummy-virt (DT)
Call trace:
dump_backtrace+0x0/0x2d0 arch/arm64/kernel/stacktrace.c:132
show_stack+0x28/0x34 arch/arm64/kernel/stacktrace.c:196
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x110/0x164 lib/dump_stack.c:118
print_address_description+0x78/0x5c8 mm/kasan/report.c:385
__kasan_report mm/kasan/report.c:545 [inline]
kasan_report+0x148/0x1e4 mm/kasan/report.c:562
check_memory_region_inline mm/kasan/generic.c:183 [inline]
__asan_load8+0xb4/0xbc mm/kasan/generic.c:252
iov_iter_revert+0x11c/0x404 lib/iov_iter.c:1139
io_read fs/io_uring.c:3421 [inline]
io_issue_sqe+0x2344/0x2d64 fs/io_uring.c:5943
__io_queue_sqe+0x19c/0x520 fs/io_uring.c:6260
io_queue_sqe+0x2a4/0x590 fs/io_uring.c:6326
io_submit_sqe fs/io_uring.c:6395 [inline]
io_submit_sqes+0x4c0/0xa04 fs/io_uring.c:6624
__do_sys_io_uring_enter fs/io_uring.c:9013 [inline]
__se_sys_io_uring_enter fs/io_uring.c:8960 [inline]
__arm64_sys_io_uring_enter+0x190/0x708 fs/io_uring.c:8960
__invoke_syscall arch/arm64/kernel/syscall.c:36 [inline]
invoke_syscall arch/arm64/kernel/syscall.c:48 [inline]
el0_svc_common arch/arm64/kernel/syscall.c:158 [inline]
do_el0_svc+0x120/0x290 arch/arm64/kernel/syscall.c:227
el0_svc+0x1c/0x28 arch/arm64/kernel/entry-common.c:367
el0_sync_handler+0x98/0x170 arch/arm64/kernel/entry-common.c:383
el0_sync+0x140/0x180 arch/arm64/kernel/entry.S:670
Allocated by task 12570:
stack_trace_save+0x80/0xb8 kernel/stacktrace.c:121
kasan_save_stack mm/kasan/common.c:48 [inline]
kasan_set_track mm/kasan/common.c:56 [inline]
__kasan_kmalloc+0xdc/0x120 mm/kasan/common.c:461
kasan_kmalloc+0xc/0x14 mm/kasan/common.c:475
__kmalloc+0x23c/0x334 mm/slub.c:3970
kmalloc include/linux/slab.h:557 [inline]
__io_alloc_async_data+0x68/0x9c fs/io_uring.c:3210
io_setup_async_rw fs/io_uring.c:3229 [inline]
io_read fs/io_uring.c:3436 [inline]
io_issue_sqe+0x2954/0x2d64 fs/io_uring.c:5943
__io_queue_sqe+0x19c/0x520 fs/io_uring.c:6260
io_queue_sqe+0x2a4/0x590 fs/io_uring.c:6326
io_submit_sqe fs/io_uring.c:6395 [inline]
io_submit_sqes+0x4c0/0xa04 fs/io_uring.c:6624
__do_sys_io_uring_enter fs/io_uring.c:9013 [inline]
__se_sys_io_uring_enter fs/io_uring.c:8960 [inline]
__arm64_sys_io_uring_enter+0x190/0x708 fs/io_uring.c:8960
__invoke_syscall arch/arm64/kernel/syscall.c:36 [inline]
invoke_syscall arch/arm64/kernel/syscall.c:48 [inline]
el0_svc_common arch/arm64/kernel/syscall.c:158 [inline]
do_el0_svc+0x120/0x290 arch/arm64/kernel/syscall.c:227
el0_svc+0x1c/0x28 arch/arm64/kernel/entry-common.c:367
el0_sync_handler+0x98/0x170 arch/arm64/kernel/entry-common.c:383
el0_sync+0x140/0x180 arch/arm64/kernel/entry.S:670
Freed by task 12570:
stack_trace_save+0x80/0xb8 kernel/stacktrace.c:121
kasan_save_stack mm/kasan/common.c:48 [inline]
kasan_set_track+0x38/0x6c mm/kasan/common.c:56
kasan_set_free_info+0x20/0x40 mm/kasan/generic.c:355
__kasan_slab_free+0x124/0x150 mm/kasan/common.c:422
kasan_slab_free+0x10/0x1c mm/kasan/common.c:431
slab_free_hook mm/slub.c:1544 [inline]
slab_free_freelist_hook mm/slub.c:1577 [inline]
slab_free mm/slub.c:3142 [inline]
kfree+0x104/0x38c mm/slub.c:4124
io_dismantle_req fs/io_uring.c:1855 [inline]
__io_free_req+0x70/0x254 fs/io_uring.c:1867
io_put_req_find_next fs/io_uring.c:2173 [inline]
__io_queue_sqe+0x1fc/0x520 fs/io_uring.c:6279
__io_req_task_submit+0x154/0x21c fs/io_uring.c:2051
io_req_task_submit+0x2c/0x44 fs/io_uring.c:2063
task_work_run+0xdc/0x128 kernel/task_work.c:151
get_signal+0x6f8/0x980 kernel/signal.c:2562
do_signal+0x108/0x3a4 arch/arm64/kernel/signal.c:658
do_notify_resume+0xbc/0x25c arch/arm64/kernel/signal.c:722
work_pending+0xc/0x180
blkdev_read_iter can truncate iov_iter's count since the count + pos may
exceed the size of the blkdev. This will confuse io_read that we have
consume the iovec. And once we do the iov_iter_revert in io_read, we
will trigger the slab-out-of-bounds. Fix it by reexpand the count with
size has been truncated.
blkdev_write_iter can trigger the problem too.
Signed-off-by: yangerkun <yangerkun@huawei.com>
Acked-by: Pavel Begunkov <asml.silencec@gmail.com>
Link: https://lore.kernel.org/r/20210401071807.3328235-1-yangerkun@huawei.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/block_dev.c | 20 +++++++++++++++++---
1 file changed, 17 insertions(+), 3 deletions(-)
diff --git a/fs/block_dev.c b/fs/block_dev.c
index 9f3faac49025..b34f76af59c4 100644
--- a/fs/block_dev.c
+++ b/fs/block_dev.c
@@ -1919,6 +1919,7 @@ ssize_t blkdev_write_iter(struct kiocb *iocb, struct iov_iter *from)
struct inode *bd_inode = bdev_file_inode(file);
loff_t size = i_size_read(bd_inode);
struct blk_plug plug;
+ size_t shorted = 0;
ssize_t ret;
if (bdev_read_only(I_BDEV(bd_inode)))
@@ -1933,12 +1934,17 @@ ssize_t blkdev_write_iter(struct kiocb *iocb, struct iov_iter *from)
if ((iocb->ki_flags & (IOCB_NOWAIT | IOCB_DIRECT)) == IOCB_NOWAIT)
return -EOPNOTSUPP;
- iov_iter_truncate(from, size - iocb->ki_pos);
+ size -= iocb->ki_pos;
+ if (iov_iter_count(from) > size) {
+ shorted = iov_iter_count(from) - size;
+ iov_iter_truncate(from, size);
+ }
blk_start_plug(&plug);
ret = __generic_file_write_iter(iocb, from);
if (ret > 0)
ret = generic_write_sync(iocb, ret);
+ iov_iter_reexpand(from, iov_iter_count(from) + shorted);
blk_finish_plug(&plug);
return ret;
}
@@ -1950,13 +1956,21 @@ ssize_t blkdev_read_iter(struct kiocb *iocb, struct iov_iter *to)
struct inode *bd_inode = bdev_file_inode(file);
loff_t size = i_size_read(bd_inode);
loff_t pos = iocb->ki_pos;
+ size_t shorted = 0;
+ ssize_t ret;
if (pos >= size)
return 0;
size -= pos;
- iov_iter_truncate(to, size);
- return generic_file_read_iter(iocb, to);
+ if (iov_iter_count(to) > size) {
+ shorted = iov_iter_count(to) - size;
+ iov_iter_truncate(to, size);
+ }
+
+ ret = generic_file_read_iter(iocb, to);
+ iov_iter_reexpand(to, iov_iter_count(to) + shorted);
+ return ret;
}
EXPORT_SYMBOL_GPL(blkdev_read_iter);
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 416/425] lib: stackdepot: turn depot_lock spinlock to raw_spinlock
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (414 preceding siblings ...)
2021-05-20 9:23 ` [PATCH 4.19 415/425] block: reexpand iov_iter after read/write Greg Kroah-Hartman
@ 2021-05-20 9:23 ` Greg Kroah-Hartman
2021-05-20 9:23 ` [PATCH 4.19 417/425] net: stmmac: Do not enable RX FIFO overflow interrupts Greg Kroah-Hartman
` (15 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:23 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Zqiang, Andrew Halaney,
Alexander Potapenko, Gustavo A. R. Silva, Vijayanand Jitta,
Vinayak Menon, Yogesh Lal, Andrew Morton, Linus Torvalds,
Sasha Levin
From: Zqiang <qiang.zhang@windriver.com>
[ Upstream commit 78564b9434878d686c5f88c4488b20cccbcc42bc ]
In RT system, the spin_lock will be replaced by sleepable rt_mutex lock,
in __call_rcu(), disable interrupts before calling
kasan_record_aux_stack(), will trigger this calltrace:
BUG: sleeping function called from invalid context at kernel/locking/rtmutex.c:951
in_atomic(): 0, irqs_disabled(): 1, non_block: 0, pid: 19, name: pgdatinit0
Call Trace:
___might_sleep.cold+0x1b2/0x1f1
rt_spin_lock+0x3b/0xb0
stack_depot_save+0x1b9/0x440
kasan_save_stack+0x32/0x40
kasan_record_aux_stack+0xa5/0xb0
__call_rcu+0x117/0x880
__exit_signal+0xafb/0x1180
release_task+0x1d6/0x480
exit_notify+0x303/0x750
do_exit+0x678/0xcf0
kthread+0x364/0x4f0
ret_from_fork+0x22/0x30
Replace spinlock with raw_spinlock.
Link: https://lkml.kernel.org/r/20210329084009.27013-1-qiang.zhang@windriver.com
Signed-off-by: Zqiang <qiang.zhang@windriver.com>
Reported-by: Andrew Halaney <ahalaney@redhat.com>
Cc: Alexander Potapenko <glider@google.com>
Cc: Gustavo A. R. Silva <gustavoars@kernel.org>
Cc: Vijayanand Jitta <vjitta@codeaurora.org>
Cc: Vinayak Menon <vinmenon@codeaurora.org>
Cc: Yogesh Lal <ylal@codeaurora.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
lib/stackdepot.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/lib/stackdepot.c b/lib/stackdepot.c
index 3376a3291186..d0f1b7d0ce2e 100644
--- a/lib/stackdepot.c
+++ b/lib/stackdepot.c
@@ -78,7 +78,7 @@ static void *stack_slabs[STACK_ALLOC_MAX_SLABS];
static int depot_index;
static int next_slab_inited;
static size_t depot_offset;
-static DEFINE_SPINLOCK(depot_lock);
+static DEFINE_RAW_SPINLOCK(depot_lock);
static bool init_stack_slab(void **prealloc)
{
@@ -266,7 +266,7 @@ depot_stack_handle_t depot_save_stack(struct stack_trace *trace,
prealloc = page_address(page);
}
- spin_lock_irqsave(&depot_lock, flags);
+ raw_spin_lock_irqsave(&depot_lock, flags);
found = find_stack(*bucket, trace->entries, trace->nr_entries, hash);
if (!found) {
@@ -290,7 +290,7 @@ depot_stack_handle_t depot_save_stack(struct stack_trace *trace,
WARN_ON(!init_stack_slab(&prealloc));
}
- spin_unlock_irqrestore(&depot_lock, flags);
+ raw_spin_unlock_irqrestore(&depot_lock, flags);
exit:
if (prealloc) {
/* Nobody used this memory, ok to free it. */
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 417/425] net: stmmac: Do not enable RX FIFO overflow interrupts
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (415 preceding siblings ...)
2021-05-20 9:23 ` [PATCH 4.19 416/425] lib: stackdepot: turn depot_lock spinlock to raw_spinlock Greg Kroah-Hartman
@ 2021-05-20 9:23 ` Greg Kroah-Hartman
2021-05-20 9:23 ` [PATCH 4.19 418/425] ip6_gre: proper dev_{hold|put} in ndo_[un]init methods Greg Kroah-Hartman
` (14 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:23 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Yannick Vignon, Jakub Kicinski, Sasha Levin
From: Yannick Vignon <yannick.vignon@nxp.com>
[ Upstream commit 8a7cb245cf28cb3e541e0d6c8624b95d079e155b ]
The RX FIFO overflows when the system is not able to process all received
packets and they start accumulating (first in the DMA queue in memory,
then in the FIFO). An interrupt is then raised for each overflowing packet
and handled in stmmac_interrupt(). This is counter-productive, since it
brings the system (or more likely, one CPU core) to its knees to process
the FIFO overflow interrupts.
stmmac_interrupt() handles overflow interrupts by writing the rx tail ptr
into the corresponding hardware register (according to the MAC spec, this
has the effect of restarting the MAC DMA). However, without freeing any rx
descriptors, the DMA stops right away, and another overflow interrupt is
raised as the FIFO overflows again. Since the DMA is already restarted at
the end of stmmac_rx_refill() after freeing descriptors, disabling FIFO
overflow interrupts and the corresponding handling code has no side effect,
and eliminates the interrupt storm when the RX FIFO overflows.
Signed-off-by: Yannick Vignon <yannick.vignon@nxp.com>
Link: https://lore.kernel.org/r/20210506143312.20784-1-yannick.vignon@oss.nxp.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/stmicro/stmmac/dwmac4_dma.c | 7 +------
drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 14 ++------------
2 files changed, 3 insertions(+), 18 deletions(-)
diff --git a/drivers/net/ethernet/stmicro/stmmac/dwmac4_dma.c b/drivers/net/ethernet/stmicro/stmmac/dwmac4_dma.c
index 8c3780d1105f..232efe17ac2c 100644
--- a/drivers/net/ethernet/stmicro/stmmac/dwmac4_dma.c
+++ b/drivers/net/ethernet/stmicro/stmmac/dwmac4_dma.c
@@ -214,7 +214,7 @@ static void dwmac4_dma_rx_chan_op_mode(void __iomem *ioaddr, int mode,
u32 channel, int fifosz, u8 qmode)
{
unsigned int rqs = fifosz / 256 - 1;
- u32 mtl_rx_op, mtl_rx_int;
+ u32 mtl_rx_op;
mtl_rx_op = readl(ioaddr + MTL_CHAN_RX_OP_MODE(channel));
@@ -285,11 +285,6 @@ static void dwmac4_dma_rx_chan_op_mode(void __iomem *ioaddr, int mode,
}
writel(mtl_rx_op, ioaddr + MTL_CHAN_RX_OP_MODE(channel));
-
- /* Enable MTL RX overflow */
- mtl_rx_int = readl(ioaddr + MTL_CHAN_INT_CTRL(channel));
- writel(mtl_rx_int | MTL_RX_OVERFLOW_INT_EN,
- ioaddr + MTL_CHAN_INT_CTRL(channel));
}
static void dwmac4_dma_tx_chan_op_mode(void __iomem *ioaddr, int mode,
diff --git a/drivers/net/ethernet/stmicro/stmmac/stmmac_main.c b/drivers/net/ethernet/stmicro/stmmac/stmmac_main.c
index a1443d7197e8..af59761ddfa0 100644
--- a/drivers/net/ethernet/stmicro/stmmac/stmmac_main.c
+++ b/drivers/net/ethernet/stmicro/stmmac/stmmac_main.c
@@ -3706,7 +3706,6 @@ static irqreturn_t stmmac_interrupt(int irq, void *dev_id)
/* To handle GMAC own interrupts */
if ((priv->plat->has_gmac) || xmac) {
int status = stmmac_host_irq_status(priv, priv->hw, &priv->xstats);
- int mtl_status;
if (unlikely(status)) {
/* For LPI we need to save the tx status */
@@ -3717,17 +3716,8 @@ static irqreturn_t stmmac_interrupt(int irq, void *dev_id)
}
for (queue = 0; queue < queues_count; queue++) {
- struct stmmac_rx_queue *rx_q = &priv->rx_queue[queue];
-
- mtl_status = stmmac_host_mtl_irq_status(priv, priv->hw,
- queue);
- if (mtl_status != -EINVAL)
- status |= mtl_status;
-
- if (status & CORE_IRQ_MTL_RX_OVERFLOW)
- stmmac_set_rx_tail_ptr(priv, priv->ioaddr,
- rx_q->rx_tail_addr,
- queue);
+ status = stmmac_host_mtl_irq_status(priv, priv->hw,
+ queue);
}
/* PCS link status */
--
2.30.2
^ permalink raw reply related [flat|nested] 440+ messages in thread
* [PATCH 4.19 418/425] ip6_gre: proper dev_{hold|put} in ndo_[un]init methods
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (416 preceding siblings ...)
2021-05-20 9:23 ` [PATCH 4.19 417/425] net: stmmac: Do not enable RX FIFO overflow interrupts Greg Kroah-Hartman
@ 2021-05-20 9:23 ` Greg Kroah-Hartman
2021-05-20 9:23 ` [PATCH 4.19 419/425] sit: " Greg Kroah-Hartman
` (13 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:23 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Eric Dumazet, syzbot, David S. Miller
From: Eric Dumazet <edumazet@google.com>
commit 7f700334be9aeb91d5d86ef9ad2d901b9b453e9b upstream.
After adopting CONFIG_PCPU_DEV_REFCNT=n option, syzbot was able to trigger
a warning [1]
Issue here is that:
- all dev_put() should be paired with a corresponding dev_hold(),
and vice versa.
- A driver doing a dev_put() in its ndo_uninit() MUST also
do a dev_hold() in its ndo_init(), only when ndo_init()
is returning 0.
Otherwise, register_netdevice() would call ndo_uninit()
in its error path and release a refcount too soon.
ip6_gre for example (among others problematic drivers)
has to use dev_hold() in ip6gre_tunnel_init_common()
instead of from ip6gre_newlink_common(), covering
both ip6gre_tunnel_init() and ip6gre_tap_init()/
Note that ip6gre_tunnel_init_common() is not called from
ip6erspan_tap_init() thus we also need to add a dev_hold() there,
as ip6erspan_tunnel_uninit() does call dev_put()
[1]
refcount_t: decrement hit 0; leaking memory.
WARNING: CPU: 0 PID: 8422 at lib/refcount.c:31 refcount_warn_saturate+0xbf/0x1e0 lib/refcount.c:31
Modules linked in:
CPU: 1 PID: 8422 Comm: syz-executor854 Not tainted 5.12.0-rc4-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:refcount_warn_saturate+0xbf/0x1e0 lib/refcount.c:31
Code: 1d 6a 5a e8 09 31 ff 89 de e8 8d 1a ab fd 84 db 75 e0 e8 d4 13 ab fd 48 c7 c7 a0 e1 c1 89 c6 05 4a 5a e8 09 01 e8 2e 36 fb 04 <0f> 0b eb c4 e8 b8 13 ab fd 0f b6 1d 39 5a e8 09 31 ff 89 de e8 58
RSP: 0018:ffffc900018befd0 EFLAGS: 00010282
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
RDX: ffff88801ef19c40 RSI: ffffffff815c51f5 RDI: fffff52000317dec
RBP: 0000000000000004 R08: 0000000000000000 R09: 0000000000000000
R10: ffffffff815bdf8e R11: 0000000000000000 R12: ffff888018cf4568
R13: ffff888018cf4c00 R14: ffff8880228f2000 R15: ffffffff8d659b80
FS: 00000000014eb300(0000) GS:ffff8880b9c00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055d7bf2b3138 CR3: 0000000014933000 CR4: 00000000001506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
__refcount_dec include/linux/refcount.h:344 [inline]
refcount_dec include/linux/refcount.h:359 [inline]
dev_put include/linux/netdevice.h:4135 [inline]
ip6gre_tunnel_uninit+0x3d7/0x440 net/ipv6/ip6_gre.c:420
register_netdevice+0xadf/0x1500 net/core/dev.c:10308
ip6gre_newlink_common.constprop.0+0x158/0x410 net/ipv6/ip6_gre.c:1984
ip6gre_newlink+0x275/0x7a0 net/ipv6/ip6_gre.c:2017
__rtnl_newlink+0x1062/0x1710 net/core/rtnetlink.c:3443
rtnl_newlink+0x64/0xa0 net/core/rtnetlink.c:3491
rtnetlink_rcv_msg+0x44e/0xad0 net/core/rtnetlink.c:5553
netlink_rcv_skb+0x153/0x420 net/netlink/af_netlink.c:2502
netlink_unicast_kernel net/netlink/af_netlink.c:1312 [inline]
netlink_unicast+0x533/0x7d0 net/netlink/af_netlink.c:1338
netlink_sendmsg+0x856/0xd90 net/netlink/af_netlink.c:1927
sock_sendmsg_nosec net/socket.c:654 [inline]
sock_sendmsg+0xcf/0x120 net/socket.c:674
____sys_sendmsg+0x6e8/0x810 net/socket.c:2350
___sys_sendmsg+0xf3/0x170 net/socket.c:2404
__sys_sendmsg+0xe5/0x1b0 net/socket.c:2433
do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
Fixes: 919067cc845f ("net: add CONFIG_PCPU_DEV_REFCNT")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: syzbot <syzkaller@googlegroups.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/ipv6/ip6_gre.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/net/ipv6/ip6_gre.c
+++ b/net/ipv6/ip6_gre.c
@@ -1503,6 +1503,7 @@ static int ip6gre_tunnel_init_common(str
}
ip6gre_tnl_init_features(dev);
+ dev_hold(dev);
return 0;
cleanup_dst_cache_init:
@@ -1896,6 +1897,7 @@ static int ip6erspan_tap_init(struct net
dev->priv_flags |= IFF_LIVE_ADDR_CHANGE;
ip6erspan_tnl_link_config(tunnel, 1);
+ dev_hold(dev);
return 0;
cleanup_dst_cache_init:
@@ -2001,8 +2003,6 @@ static int ip6gre_newlink_common(struct
if (tb[IFLA_MTU])
ip6_tnl_change_mtu(dev, nla_get_u32(tb[IFLA_MTU]));
- dev_hold(dev);
-
out:
return err;
}
^ permalink raw reply [flat|nested] 440+ messages in thread
* [PATCH 4.19 419/425] sit: proper dev_{hold|put} in ndo_[un]init methods
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (417 preceding siblings ...)
2021-05-20 9:23 ` [PATCH 4.19 418/425] ip6_gre: proper dev_{hold|put} in ndo_[un]init methods Greg Kroah-Hartman
@ 2021-05-20 9:23 ` Greg Kroah-Hartman
2021-05-20 9:23 ` [PATCH 4.19 420/425] ip6_tunnel: " Greg Kroah-Hartman
` (12 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:23 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Eric Dumazet, syzbot, David S. Miller
From: Eric Dumazet <edumazet@google.com>
commit 6289a98f0817a4a457750d6345e754838eae9439 upstream.
After adopting CONFIG_PCPU_DEV_REFCNT=n option, syzbot was able to trigger
a warning [1]
Issue here is that:
- all dev_put() should be paired with a corresponding prior dev_hold().
- A driver doing a dev_put() in its ndo_uninit() MUST also
do a dev_hold() in its ndo_init(), only when ndo_init()
is returning 0.
Otherwise, register_netdevice() would call ndo_uninit()
in its error path and release a refcount too soon.
Fixes: 919067cc845f ("net: add CONFIG_PCPU_DEV_REFCNT")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: syzbot <syzkaller@googlegroups.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/ipv6/sit.c | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
--- a/net/ipv6/sit.c
+++ b/net/ipv6/sit.c
@@ -215,8 +215,6 @@ static int ipip6_tunnel_create(struct ne
ipip6_tunnel_clone_6rd(dev, sitn);
- dev_hold(dev);
-
ipip6_tunnel_link(sitn, t);
return 0;
@@ -1407,7 +1405,7 @@ static int ipip6_tunnel_init(struct net_
dev->tstats = NULL;
return err;
}
-
+ dev_hold(dev);
return 0;
}
^ permalink raw reply [flat|nested] 440+ messages in thread
* [PATCH 4.19 420/425] ip6_tunnel: sit: proper dev_{hold|put} in ndo_[un]init methods
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (418 preceding siblings ...)
2021-05-20 9:23 ` [PATCH 4.19 419/425] sit: " Greg Kroah-Hartman
@ 2021-05-20 9:23 ` Greg Kroah-Hartman
2021-05-20 9:23 ` [PATCH 4.19 421/425] ipv6: remove extra dev_hold() for fallback tunnels Greg Kroah-Hartman
` (11 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:23 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Eric Dumazet, syzbot, David S. Miller
From: Eric Dumazet <edumazet@google.com>
commit 48bb5697269a7cbe5194dbb044dc38c517e34c58 upstream.
Same reasons than for the previous commits :
6289a98f0817 ("sit: proper dev_{hold|put} in ndo_[un]init methods")
40cb881b5aaa ("ip6_vti: proper dev_{hold|put} in ndo_[un]init methods")
7f700334be9a ("ip6_gre: proper dev_{hold|put} in ndo_[un]init methods")
After adopting CONFIG_PCPU_DEV_REFCNT=n option, syzbot was able to trigger
a warning [1]
Issue here is that:
- all dev_put() should be paired with a corresponding prior dev_hold().
- A driver doing a dev_put() in its ndo_uninit() MUST also
do a dev_hold() in its ndo_init(), only when ndo_init()
is returning 0.
Otherwise, register_netdevice() would call ndo_uninit()
in its error path and release a refcount too soon.
[1]
WARNING: CPU: 1 PID: 21059 at lib/refcount.c:31 refcount_warn_saturate+0xbf/0x1e0 lib/refcount.c:31
Modules linked in:
CPU: 1 PID: 21059 Comm: syz-executor.4 Not tainted 5.12.0-rc4-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:refcount_warn_saturate+0xbf/0x1e0 lib/refcount.c:31
Code: 1d 6a 5a e8 09 31 ff 89 de e8 8d 1a ab fd 84 db 75 e0 e8 d4 13 ab fd 48 c7 c7 a0 e1 c1 89 c6 05 4a 5a e8 09 01 e8 2e 36 fb 04 <0f> 0b eb c4 e8 b8 13 ab fd 0f b6 1d 39 5a e8 09 31 ff 89 de e8 58
RSP: 0018:ffffc900025aefe8 EFLAGS: 00010282
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
RDX: 0000000000040000 RSI: ffffffff815c51f5 RDI: fffff520004b5def
RBP: 0000000000000004 R08: 0000000000000000 R09: 0000000000000000
R10: ffffffff815bdf8e R11: 0000000000000000 R12: ffff888023488568
R13: ffff8880254e9000 R14: 00000000dfd82cfd R15: ffff88802ee2d7c0
FS: 00007f13bc590700(0000) GS:ffff8880b9c00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f0943e74000 CR3: 0000000025273000 CR4: 00000000001506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
__refcount_dec include/linux/refcount.h:344 [inline]
refcount_dec include/linux/refcount.h:359 [inline]
dev_put include/linux/netdevice.h:4135 [inline]
ip6_tnl_dev_uninit+0x370/0x3d0 net/ipv6/ip6_tunnel.c:387
register_netdevice+0xadf/0x1500 net/core/dev.c:10308
ip6_tnl_create2+0x1b5/0x400 net/ipv6/ip6_tunnel.c:263
ip6_tnl_newlink+0x312/0x580 net/ipv6/ip6_tunnel.c:2052
__rtnl_newlink+0x1062/0x1710 net/core/rtnetlink.c:3443
rtnl_newlink+0x64/0xa0 net/core/rtnetlink.c:3491
rtnetlink_rcv_msg+0x44e/0xad0 net/core/rtnetlink.c:5553
netlink_rcv_skb+0x153/0x420 net/netlink/af_netlink.c:2502
netlink_unicast_kernel net/netlink/af_netlink.c:1312 [inline]
netlink_unicast+0x533/0x7d0 net/netlink/af_netlink.c:1338
netlink_sendmsg+0x856/0xd90 net/netlink/af_netlink.c:1927
sock_sendmsg_nosec net/socket.c:654 [inline]
sock_sendmsg+0xcf/0x120 net/socket.c:674
____sys_sendmsg+0x6e8/0x810 net/socket.c:2350
___sys_sendmsg+0xf3/0x170 net/socket.c:2404
__sys_sendmsg+0xe5/0x1b0 net/socket.c:2433
do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
entry_SYSCALL_64_after_hwframe+0x44/0xae
Fixes: 919067cc845f ("net: add CONFIG_PCPU_DEV_REFCNT")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: syzbot <syzkaller@googlegroups.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/ipv6/ip6_tunnel.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/net/ipv6/ip6_tunnel.c
+++ b/net/ipv6/ip6_tunnel.c
@@ -272,7 +272,6 @@ static int ip6_tnl_create2(struct net_de
strcpy(t->parms.name, dev->name);
- dev_hold(dev);
ip6_tnl_link(ip6n, t);
return 0;
@@ -1866,6 +1865,7 @@ ip6_tnl_dev_init_gen(struct net_device *
dev->min_mtu = ETH_MIN_MTU;
dev->max_mtu = IP6_MAX_MTU - dev->hard_header_len;
+ dev_hold(dev);
return 0;
destroy_dst:
^ permalink raw reply [flat|nested] 440+ messages in thread
* [PATCH 4.19 421/425] ipv6: remove extra dev_hold() for fallback tunnels
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (419 preceding siblings ...)
2021-05-20 9:23 ` [PATCH 4.19 420/425] ip6_tunnel: " Greg Kroah-Hartman
@ 2021-05-20 9:23 ` Greg Kroah-Hartman
2021-05-20 9:23 ` [PATCH 4.19 422/425] iomap: fix sub-page uptodate handling Greg Kroah-Hartman
` (10 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:23 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Eric Dumazet, syzbot, David S. Miller
From: Eric Dumazet <edumazet@google.com>
commit 0d7a7b2014b1a499a0fe24c9f3063d7856b5aaaf upstream.
My previous commits added a dev_hold() in tunnels ndo_init(),
but forgot to remove it from special functions setting up fallback tunnels.
Fallback tunnels do call their respective ndo_init()
This leads to various reports like :
unregister_netdevice: waiting for ip6gre0 to become free. Usage count = 2
Fixes: 48bb5697269a ("ip6_tunnel: sit: proper dev_{hold|put} in ndo_[un]init methods")
Fixes: 6289a98f0817 ("sit: proper dev_{hold|put} in ndo_[un]init methods")
Fixes: 40cb881b5aaa ("ip6_vti: proper dev_{hold|put} in ndo_[un]init methods")
Fixes: 7f700334be9a ("ip6_gre: proper dev_{hold|put} in ndo_[un]init methods")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: syzbot <syzkaller@googlegroups.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/ipv6/ip6_gre.c | 3 ---
net/ipv6/ip6_tunnel.c | 1 -
net/ipv6/ip6_vti.c | 1 -
net/ipv6/sit.c | 1 -
4 files changed, 6 deletions(-)
--- a/net/ipv6/ip6_gre.c
+++ b/net/ipv6/ip6_gre.c
@@ -392,7 +392,6 @@ static struct ip6_tnl *ip6gre_tunnel_loc
if (!(nt->parms.o_flags & TUNNEL_SEQ))
dev->features |= NETIF_F_LLTX;
- dev_hold(dev);
ip6gre_tunnel_link(ign, nt);
return nt;
@@ -1546,8 +1545,6 @@ static void ip6gre_fb_tunnel_init(struct
strcpy(tunnel->parms.name, dev->name);
tunnel->hlen = sizeof(struct ipv6hdr) + 4;
-
- dev_hold(dev);
}
static struct inet6_protocol ip6gre_protocol __read_mostly = {
--- a/net/ipv6/ip6_tunnel.c
+++ b/net/ipv6/ip6_tunnel.c
@@ -1909,7 +1909,6 @@ static int __net_init ip6_fb_tnl_dev_ini
struct ip6_tnl_net *ip6n = net_generic(net, ip6_tnl_net_id);
t->parms.proto = IPPROTO_IPV6;
- dev_hold(dev);
rcu_assign_pointer(ip6n->tnls_wc[0], t);
return 0;
--- a/net/ipv6/ip6_vti.c
+++ b/net/ipv6/ip6_vti.c
@@ -956,7 +956,6 @@ static int __net_init vti6_fb_tnl_dev_in
struct vti6_net *ip6n = net_generic(net, vti6_net_id);
t->parms.proto = IPPROTO_IPV6;
- dev_hold(dev);
rcu_assign_pointer(ip6n->tnls_wc[0], t);
return 0;
--- a/net/ipv6/sit.c
+++ b/net/ipv6/sit.c
@@ -1421,7 +1421,6 @@ static void __net_init ipip6_fb_tunnel_i
iph->ihl = 5;
iph->ttl = 64;
- dev_hold(dev);
rcu_assign_pointer(sitn->tunnels_wc[0], tunnel);
}
^ permalink raw reply [flat|nested] 440+ messages in thread
* [PATCH 4.19 422/425] iomap: fix sub-page uptodate handling
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (420 preceding siblings ...)
2021-05-20 9:23 ` [PATCH 4.19 421/425] ipv6: remove extra dev_hold() for fallback tunnels Greg Kroah-Hartman
@ 2021-05-20 9:23 ` Greg Kroah-Hartman
2021-05-20 9:23 ` [PATCH 4.19 423/425] KVM: arm64: Initialize VCPU mdcr_el2 before loading it Greg Kroah-Hartman
` (9 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:23 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jan Stancek, Christoph Hellwig,
Dave Chinner, Darrick J. Wong, Matthew Wilcox (Oracle)
From: Christoph Hellwig <hch@lst.de>
commit 1cea335d1db1ce6ab71b3d2f94a807112b738a0f upstream.
bio completions can race when a page spans more than one file system
block. Add a spinlock to synchronize marking the page uptodate.
Fixes: 9dc55f1389f9 ("iomap: add support for sub-pagesize buffered I/O without buffer heads")
Reported-by: Jan Stancek <jstancek@redhat.com>
Signed-off-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Dave Chinner <dchinner@redhat.com>
Reviewed-by: Darrick J. Wong <darrick.wong@oracle.com>
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
Signed-off-by: Matthew Wilcox (Oracle) <willy@infradead.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/iomap.c | 34 ++++++++++++++++++++++++----------
include/linux/iomap.h | 1 +
2 files changed, 25 insertions(+), 10 deletions(-)
--- a/fs/iomap.c
+++ b/fs/iomap.c
@@ -116,6 +116,7 @@ iomap_page_create(struct inode *inode, s
iop = kmalloc(sizeof(*iop), GFP_NOFS | __GFP_NOFAIL);
atomic_set(&iop->read_count, 0);
atomic_set(&iop->write_count, 0);
+ spin_lock_init(&iop->uptodate_lock);
bitmap_zero(iop->uptodate, PAGE_SIZE / SECTOR_SIZE);
/*
@@ -204,25 +205,38 @@ iomap_adjust_read_range(struct inode *in
}
static void
-iomap_set_range_uptodate(struct page *page, unsigned off, unsigned len)
+iomap_iop_set_range_uptodate(struct page *page, unsigned off, unsigned len)
{
struct iomap_page *iop = to_iomap_page(page);
struct inode *inode = page->mapping->host;
unsigned first = off >> inode->i_blkbits;
unsigned last = (off + len - 1) >> inode->i_blkbits;
- unsigned int i;
bool uptodate = true;
+ unsigned long flags;
+ unsigned int i;
- if (iop) {
- for (i = 0; i < PAGE_SIZE / i_blocksize(inode); i++) {
- if (i >= first && i <= last)
- set_bit(i, iop->uptodate);
- else if (!test_bit(i, iop->uptodate))
- uptodate = false;
- }
+ spin_lock_irqsave(&iop->uptodate_lock, flags);
+ for (i = 0; i < PAGE_SIZE / i_blocksize(inode); i++) {
+ if (i >= first && i <= last)
+ set_bit(i, iop->uptodate);
+ else if (!test_bit(i, iop->uptodate))
+ uptodate = false;
}
- if (uptodate && !PageError(page))
+ if (uptodate)
+ SetPageUptodate(page);
+ spin_unlock_irqrestore(&iop->uptodate_lock, flags);
+}
+
+static void
+iomap_set_range_uptodate(struct page *page, unsigned off, unsigned len)
+{
+ if (PageError(page))
+ return;
+
+ if (page_has_private(page))
+ iomap_iop_set_range_uptodate(page, off, len);
+ else
SetPageUptodate(page);
}
--- a/include/linux/iomap.h
+++ b/include/linux/iomap.h
@@ -108,6 +108,7 @@ struct iomap_ops {
struct iomap_page {
atomic_t read_count;
atomic_t write_count;
+ spinlock_t uptodate_lock;
DECLARE_BITMAP(uptodate, PAGE_SIZE / 512);
};
^ permalink raw reply [flat|nested] 440+ messages in thread
* [PATCH 4.19 423/425] KVM: arm64: Initialize VCPU mdcr_el2 before loading it
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (421 preceding siblings ...)
2021-05-20 9:23 ` [PATCH 4.19 422/425] iomap: fix sub-page uptodate handling Greg Kroah-Hartman
@ 2021-05-20 9:23 ` Greg Kroah-Hartman
2021-05-20 9:23 ` [PATCH 4.19 424/425] tweewide: Fix most Shebang lines Greg Kroah-Hartman
` (8 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:23 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Alexandru Elisei, Marc Zyngier
From: Alexandru Elisei <alexandru.elisei@arm.com>
commit 263d6287da1433aba11c5b4046388f2cdf49675c upstream.
When a VCPU is created, the kvm_vcpu struct is initialized to zero in
kvm_vm_ioctl_create_vcpu(). On VHE systems, the first time
vcpu.arch.mdcr_el2 is loaded on hardware is in vcpu_load(), before it is
set to a sensible value in kvm_arm_setup_debug() later in the run loop. The
result is that KVM executes for a short time with MDCR_EL2 set to zero.
This has several unintended consequences:
* Setting MDCR_EL2.HPMN to 0 is constrained unpredictable according to ARM
DDI 0487G.a, page D13-3820. The behavior specified by the architecture
in this case is for the PE to behave as if MDCR_EL2.HPMN is set to a
value less than or equal to PMCR_EL0.N, which means that an unknown
number of counters are now disabled by MDCR_EL2.HPME, which is zero.
* The host configuration for the other debug features controlled by
MDCR_EL2 is temporarily lost. This has been harmless so far, as Linux
doesn't use the other fields, but that might change in the future.
Let's avoid both issues by initializing the VCPU's mdcr_el2 field in
kvm_vcpu_vcpu_first_run_init(), thus making sure that the MDCR_EL2 register
has a consistent value after each vcpu_load().
Fixes: d5a21bcc2995 ("KVM: arm64: Move common VHE/non-VHE trap config in separate functions")
Signed-off-by: Alexandru Elisei <alexandru.elisei@arm.com>
Signed-off-by: Marc Zyngier <maz@kernel.org>
Link: https://lore.kernel.org/r/20210407144857.199746-3-alexandru.elisei@arm.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arm/include/asm/kvm_host.h | 1
arch/arm64/include/asm/kvm_host.h | 1
arch/arm64/kvm/debug.c | 88 +++++++++++++++++++++++++-------------
virt/kvm/arm/arm.c | 2
4 files changed, 64 insertions(+), 28 deletions(-)
--- a/arch/arm/include/asm/kvm_host.h
+++ b/arch/arm/include/asm/kvm_host.h
@@ -303,6 +303,7 @@ static inline void kvm_arch_sched_in(str
static inline void kvm_arch_vcpu_block_finish(struct kvm_vcpu *vcpu) {}
static inline void kvm_arm_init_debug(void) {}
+static inline void kvm_arm_vcpu_init_debug(struct kvm_vcpu *vcpu) {}
static inline void kvm_arm_setup_debug(struct kvm_vcpu *vcpu) {}
static inline void kvm_arm_clear_debug(struct kvm_vcpu *vcpu) {}
static inline void kvm_arm_reset_debug_ptr(struct kvm_vcpu *vcpu) {}
--- a/arch/arm64/include/asm/kvm_host.h
+++ b/arch/arm64/include/asm/kvm_host.h
@@ -455,6 +455,7 @@ static inline void kvm_arch_sched_in(str
static inline void kvm_arch_vcpu_block_finish(struct kvm_vcpu *vcpu) {}
void kvm_arm_init_debug(void);
+void kvm_arm_vcpu_init_debug(struct kvm_vcpu *vcpu);
void kvm_arm_setup_debug(struct kvm_vcpu *vcpu);
void kvm_arm_clear_debug(struct kvm_vcpu *vcpu);
void kvm_arm_reset_debug_ptr(struct kvm_vcpu *vcpu);
--- a/arch/arm64/kvm/debug.c
+++ b/arch/arm64/kvm/debug.c
@@ -80,6 +80,64 @@ void kvm_arm_init_debug(void)
}
/**
+ * kvm_arm_setup_mdcr_el2 - configure vcpu mdcr_el2 value
+ *
+ * @vcpu: the vcpu pointer
+ *
+ * This ensures we will trap access to:
+ * - Performance monitors (MDCR_EL2_TPM/MDCR_EL2_TPMCR)
+ * - Debug ROM Address (MDCR_EL2_TDRA)
+ * - OS related registers (MDCR_EL2_TDOSA)
+ * - Statistical profiler (MDCR_EL2_TPMS/MDCR_EL2_E2PB)
+ * - Self-hosted Trace Filter controls (MDCR_EL2_TTRF)
+ */
+static void kvm_arm_setup_mdcr_el2(struct kvm_vcpu *vcpu)
+{
+ /*
+ * This also clears MDCR_EL2_E2PB_MASK to disable guest access
+ * to the profiling buffer.
+ */
+ vcpu->arch.mdcr_el2 = __this_cpu_read(mdcr_el2) & MDCR_EL2_HPMN_MASK;
+ vcpu->arch.mdcr_el2 |= (MDCR_EL2_TPM |
+ MDCR_EL2_TPMS |
+ MDCR_EL2_TTRF |
+ MDCR_EL2_TPMCR |
+ MDCR_EL2_TDRA |
+ MDCR_EL2_TDOSA);
+
+ /* Is the VM being debugged by userspace? */
+ if (vcpu->guest_debug)
+ /* Route all software debug exceptions to EL2 */
+ vcpu->arch.mdcr_el2 |= MDCR_EL2_TDE;
+
+ /*
+ * Trap debug register access when one of the following is true:
+ * - Userspace is using the hardware to debug the guest
+ * (KVM_GUESTDBG_USE_HW is set).
+ * - The guest is not using debug (KVM_ARM64_DEBUG_DIRTY is clear).
+ */
+ if ((vcpu->guest_debug & KVM_GUESTDBG_USE_HW) ||
+ !(vcpu->arch.flags & KVM_ARM64_DEBUG_DIRTY))
+ vcpu->arch.mdcr_el2 |= MDCR_EL2_TDA;
+
+ trace_kvm_arm_set_dreg32("MDCR_EL2", vcpu->arch.mdcr_el2);
+}
+
+/**
+ * kvm_arm_vcpu_init_debug - setup vcpu debug traps
+ *
+ * @vcpu: the vcpu pointer
+ *
+ * Set vcpu initial mdcr_el2 value.
+ */
+void kvm_arm_vcpu_init_debug(struct kvm_vcpu *vcpu)
+{
+ preempt_disable();
+ kvm_arm_setup_mdcr_el2(vcpu);
+ preempt_enable();
+}
+
+/**
* kvm_arm_reset_debug_ptr - reset the debug ptr to point to the vcpu state
*/
@@ -94,13 +152,7 @@ void kvm_arm_reset_debug_ptr(struct kvm_
* @vcpu: the vcpu pointer
*
* This is called before each entry into the hypervisor to setup any
- * debug related registers. Currently this just ensures we will trap
- * access to:
- * - Performance monitors (MDCR_EL2_TPM/MDCR_EL2_TPMCR)
- * - Debug ROM Address (MDCR_EL2_TDRA)
- * - OS related registers (MDCR_EL2_TDOSA)
- * - Statistical profiler (MDCR_EL2_TPMS/MDCR_EL2_E2PB)
- * - Self-hosted Trace Filter controls (MDCR_EL2_TTRF)
+ * debug related registers.
*
* Additionally, KVM only traps guest accesses to the debug registers if
* the guest is not actively using them (see the KVM_ARM64_DEBUG_DIRTY
@@ -112,28 +164,14 @@ void kvm_arm_reset_debug_ptr(struct kvm_
void kvm_arm_setup_debug(struct kvm_vcpu *vcpu)
{
- bool trap_debug = !(vcpu->arch.flags & KVM_ARM64_DEBUG_DIRTY);
unsigned long mdscr, orig_mdcr_el2 = vcpu->arch.mdcr_el2;
trace_kvm_arm_setup_debug(vcpu, vcpu->guest_debug);
- /*
- * This also clears MDCR_EL2_E2PB_MASK to disable guest access
- * to the profiling buffer.
- */
- vcpu->arch.mdcr_el2 = __this_cpu_read(mdcr_el2) & MDCR_EL2_HPMN_MASK;
- vcpu->arch.mdcr_el2 |= (MDCR_EL2_TPM |
- MDCR_EL2_TPMS |
- MDCR_EL2_TTRF |
- MDCR_EL2_TPMCR |
- MDCR_EL2_TDRA |
- MDCR_EL2_TDOSA);
+ kvm_arm_setup_mdcr_el2(vcpu);
/* Is Guest debugging in effect? */
if (vcpu->guest_debug) {
- /* Route all software debug exceptions to EL2 */
- vcpu->arch.mdcr_el2 |= MDCR_EL2_TDE;
-
/* Save guest debug state */
save_guest_debug_regs(vcpu);
@@ -187,7 +225,6 @@ void kvm_arm_setup_debug(struct kvm_vcpu
vcpu->arch.debug_ptr = &vcpu->arch.external_debug_state;
vcpu->arch.flags |= KVM_ARM64_DEBUG_DIRTY;
- trap_debug = true;
trace_kvm_arm_set_regset("BKPTS", get_num_brps(),
&vcpu->arch.debug_ptr->dbg_bcr[0],
@@ -202,10 +239,6 @@ void kvm_arm_setup_debug(struct kvm_vcpu
BUG_ON(!vcpu->guest_debug &&
vcpu->arch.debug_ptr != &vcpu->arch.vcpu_debug_state);
- /* Trap debug register access */
- if (trap_debug)
- vcpu->arch.mdcr_el2 |= MDCR_EL2_TDA;
-
/* If KDE or MDE are set, perform a full save/restore cycle. */
if (vcpu_read_sys_reg(vcpu, MDSCR_EL1) & (DBG_MDSCR_KDE | DBG_MDSCR_MDE))
vcpu->arch.flags |= KVM_ARM64_DEBUG_DIRTY;
@@ -214,7 +247,6 @@ void kvm_arm_setup_debug(struct kvm_vcpu
if (has_vhe() && orig_mdcr_el2 != vcpu->arch.mdcr_el2)
write_sysreg(vcpu->arch.mdcr_el2, mdcr_el2);
- trace_kvm_arm_set_dreg32("MDCR_EL2", vcpu->arch.mdcr_el2);
trace_kvm_arm_set_dreg32("MDSCR_EL1", vcpu_read_sys_reg(vcpu, MDSCR_EL1));
}
--- a/virt/kvm/arm/arm.c
+++ b/virt/kvm/arm/arm.c
@@ -574,6 +574,8 @@ static int kvm_vcpu_first_run_init(struc
vcpu->arch.has_run_once = true;
+ kvm_arm_vcpu_init_debug(vcpu);
+
if (likely(irqchip_in_kernel(kvm))) {
/*
* Map the VGIC hardware resources before running a vcpu the
^ permalink raw reply [flat|nested] 440+ messages in thread
* [PATCH 4.19 424/425] tweewide: Fix most Shebang lines
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (422 preceding siblings ...)
2021-05-20 9:23 ` [PATCH 4.19 423/425] KVM: arm64: Initialize VCPU mdcr_el2 before loading it Greg Kroah-Hartman
@ 2021-05-20 9:23 ` Greg Kroah-Hartman
2021-05-20 9:23 ` [PATCH 4.19 425/425] scripts: switch explicitly to Python 3 Greg Kroah-Hartman
` (7 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:23 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Finn Behrens, Masahiro Yamada
From: Finn Behrens <me@kloenk.de>
commit c25ce589dca10d64dde139ae093abc258a32869c upstream.
Change every shebang which does not need an argument to use /usr/bin/env.
This is needed as not every distro has everything under /usr/bin,
sometimes not even bash.
Signed-off-by: Finn Behrens <me@kloenk.de>
Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
| 2 +-
Documentation/target/tcm_mod_builder.py | 2 +-
Documentation/trace/postprocess/decode_msr.py | 2 +-
Documentation/trace/postprocess/trace-pagealloc-postprocess.pl | 2 +-
Documentation/trace/postprocess/trace-vmscan-postprocess.pl | 2 +-
arch/ia64/scripts/unwcheck.py | 2 +-
scripts/bloat-o-meter | 2 +-
scripts/config | 2 +-
scripts/diffconfig | 2 +-
scripts/split-man.pl | 2 +-
tools/perf/python/tracepoint.py | 2 +-
tools/testing/ktest/compare-ktest-sample.pl | 2 +-
tools/testing/selftests/bpf/test_offload.py | 2 +-
tools/testing/selftests/tc-testing/tdc_batch.py | 2 +-
14 files changed, 14 insertions(+), 14 deletions(-)
--- a/Documentation/sphinx/parse-headers.pl
+++ b/Documentation/sphinx/parse-headers.pl
@@ -1,4 +1,4 @@
-#!/usr/bin/perl
+#!/usr/bin/env perl
use strict;
use Text::Tabs;
use Getopt::Long;
--- a/Documentation/target/tcm_mod_builder.py
+++ b/Documentation/target/tcm_mod_builder.py
@@ -1,4 +1,4 @@
-#!/usr/bin/python
+#!/usr/bin/env python
# The TCM v4 multi-protocol fabric module generation script for drivers/target/$NEW_MOD
#
# Copyright (c) 2010 Rising Tide Systems
--- a/Documentation/trace/postprocess/decode_msr.py
+++ b/Documentation/trace/postprocess/decode_msr.py
@@ -1,4 +1,4 @@
-#!/usr/bin/python
+#!/usr/bin/env python
# add symbolic names to read_msr / write_msr in trace
# decode_msr msr-index.h < trace
import sys
--- a/Documentation/trace/postprocess/trace-pagealloc-postprocess.pl
+++ b/Documentation/trace/postprocess/trace-pagealloc-postprocess.pl
@@ -1,4 +1,4 @@
-#!/usr/bin/perl
+#!/usr/bin/env perl
# This is a POC (proof of concept or piece of crap, take your pick) for reading the
# text representation of trace output related to page allocation. It makes an attempt
# to extract some high-level information on what is going on. The accuracy of the parser
--- a/Documentation/trace/postprocess/trace-vmscan-postprocess.pl
+++ b/Documentation/trace/postprocess/trace-vmscan-postprocess.pl
@@ -1,4 +1,4 @@
-#!/usr/bin/perl
+#!/usr/bin/env perl
# This is a POC for reading the text representation of trace output related to
# page reclaim. It makes an attempt to extract some high-level information on
# what is going on. The accuracy of the parser may vary
--- a/arch/ia64/scripts/unwcheck.py
+++ b/arch/ia64/scripts/unwcheck.py
@@ -1,4 +1,4 @@
-#!/usr/bin/python
+#!/usr/bin/env python
# SPDX-License-Identifier: GPL-2.0
#
# Usage: unwcheck.py FILE
--- a/scripts/bloat-o-meter
+++ b/scripts/bloat-o-meter
@@ -1,4 +1,4 @@
-#!/usr/bin/python
+#!/usr/bin/env python
#
# Copyright 2004 Matt Mackall <mpm@selenic.com>
#
--- a/scripts/config
+++ b/scripts/config
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
# SPDX-License-Identifier: GPL-2.0
# Manipulate options in a .config file from the command line
--- a/scripts/diffconfig
+++ b/scripts/diffconfig
@@ -1,4 +1,4 @@
-#!/usr/bin/python
+#!/usr/bin/env python
# SPDX-License-Identifier: GPL-2.0
#
# diffconfig - a tool to compare .config files.
--- a/scripts/split-man.pl
+++ b/scripts/split-man.pl
@@ -1,4 +1,4 @@
-#!/usr/bin/perl
+#!/usr/bin/env perl
# SPDX-License-Identifier: GPL-2.0
#
# Author: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
--- a/tools/perf/python/tracepoint.py
+++ b/tools/perf/python/tracepoint.py
@@ -1,4 +1,4 @@
-#! /usr/bin/python
+#! /usr/bin/env python
# SPDX-License-Identifier: GPL-2.0
# -*- python -*-
# -*- coding: utf-8 -*-
--- a/tools/testing/ktest/compare-ktest-sample.pl
+++ b/tools/testing/ktest/compare-ktest-sample.pl
@@ -1,4 +1,4 @@
-#!/usr/bin/perl
+#!/usr/bin/env perl
# SPDX-License-Identifier: GPL-2.0
open (IN,"ktest.pl");
--- a/tools/testing/selftests/bpf/test_offload.py
+++ b/tools/testing/selftests/bpf/test_offload.py
@@ -1,4 +1,4 @@
-#!/usr/bin/python3
+#!/usr/bin/env python3
# Copyright (C) 2017 Netronome Systems, Inc.
#
--- a/tools/testing/selftests/tc-testing/tdc_batch.py
+++ b/tools/testing/selftests/tc-testing/tdc_batch.py
@@ -1,4 +1,4 @@
-#!/usr/bin/python3
+#!/usr/bin/env python3
"""
tdc_batch.py - a script to generate TC batch file
^ permalink raw reply [flat|nested] 440+ messages in thread
* [PATCH 4.19 425/425] scripts: switch explicitly to Python 3
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (423 preceding siblings ...)
2021-05-20 9:23 ` [PATCH 4.19 424/425] tweewide: Fix most Shebang lines Greg Kroah-Hartman
@ 2021-05-20 9:23 ` Greg Kroah-Hartman
2021-05-20 20:36 ` Pavel Machek
2021-05-20 11:25 ` [PATCH 4.19 000/425] 4.19.191-rc1 review Pavel Machek
` (6 subsequent siblings)
431 siblings, 1 reply; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-20 9:23 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Andy Shevchenko, Masahiro Yamada
From: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
commit 51839e29cb5954470ea4db7236ef8c3d77a6e0bb upstream.
Some distributions are about to switch to Python 3 support only.
This means that /usr/bin/python, which is Python 2, is not available
anymore. Hence, switch scripts to use Python 3 explicitly.
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
scripts/bloat-o-meter | 2 +-
scripts/diffconfig | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
--- a/scripts/bloat-o-meter
+++ b/scripts/bloat-o-meter
@@ -1,4 +1,4 @@
-#!/usr/bin/env python
+#!/usr/bin/env python3
#
# Copyright 2004 Matt Mackall <mpm@selenic.com>
#
--- a/scripts/diffconfig
+++ b/scripts/diffconfig
@@ -1,4 +1,4 @@
-#!/usr/bin/env python
+#!/usr/bin/env python3
# SPDX-License-Identifier: GPL-2.0
#
# diffconfig - a tool to compare .config files.
^ permalink raw reply [flat|nested] 440+ messages in thread
* Re: [PATCH 4.19 000/425] 4.19.191-rc1 review
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (424 preceding siblings ...)
2021-05-20 9:23 ` [PATCH 4.19 425/425] scripts: switch explicitly to Python 3 Greg Kroah-Hartman
@ 2021-05-20 11:25 ` Pavel Machek
2021-05-20 15:25 ` Jon Hunter
` (5 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Pavel Machek @ 2021-05-20 11:25 UTC (permalink / raw)
To: Greg Kroah-Hartman
Cc: linux-kernel, torvalds, akpm, linux, shuah, patches, lkft-triage,
pavel, jonathanh, f.fainelli, stable
[-- Attachment #1: Type: text/plain, Size: 674 bytes --]
Hi!
> This is the start of the stable review cycle for the 4.19.191 release.
> There are 425 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
CIP testing did not find any problems here:
https://gitlab.com/cip-project/cip-testing/linux-stable-rc-ci/-/tree/linux-4.19.y
Tested-by: Pavel Machek (CIP) <pavel@denx.de>
Best regards,
Pavel
--
DENX Software Engineering GmbH, Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 181 bytes --]
^ permalink raw reply [flat|nested] 440+ messages in thread
* Re: [PATCH 4.19 000/425] 4.19.191-rc1 review
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (425 preceding siblings ...)
2021-05-20 11:25 ` [PATCH 4.19 000/425] 4.19.191-rc1 review Pavel Machek
@ 2021-05-20 15:25 ` Jon Hunter
2021-05-20 21:45 ` Shuah Khan
` (4 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Jon Hunter @ 2021-05-20 15:25 UTC (permalink / raw)
To: Greg Kroah-Hartman
Cc: Greg Kroah-Hartman, torvalds, akpm, linux, shuah, patches,
lkft-triage, pavel, jonathanh, f.fainelli, stable, linux-tegra
On Thu, 20 May 2021 11:16:09 +0200, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 4.19.191 release.
> There are 425 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Sat, 22 May 2021 09:20:38 +0000.
> Anything received after that time might be too late.
>
> The whole patch series can be found in one patch at:
> https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.19.191-rc1.gz
> or in the git tree and branch at:
> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.19.y
> and the diffstat can be found below.
>
> thanks,
>
> greg k-h
All tests passing for Tegra ...
Test results for stable-v4.19:
12 builds: 12 pass, 0 fail
22 boots: 22 pass, 0 fail
40 tests: 40 pass, 0 fail
Linux version: 4.19.191-rc1-g06c717b4df3a
Boards tested: tegra124-jetson-tk1, tegra186-p2771-0000,
tegra194-p2972-0000, tegra20-ventana,
tegra210-p2371-2180, tegra30-cardhu-a04
Tested-by: Jon Hunter <jonathanh@nvidia.com>
Jon
^ permalink raw reply [flat|nested] 440+ messages in thread
* Re: [PATCH 4.19 425/425] scripts: switch explicitly to Python 3
2021-05-20 9:23 ` [PATCH 4.19 425/425] scripts: switch explicitly to Python 3 Greg Kroah-Hartman
@ 2021-05-20 20:36 ` Pavel Machek
2021-05-21 4:36 ` Greg Kroah-Hartman
0 siblings, 1 reply; 440+ messages in thread
From: Pavel Machek @ 2021-05-20 20:36 UTC (permalink / raw)
To: Greg Kroah-Hartman; +Cc: linux-kernel, stable, Andy Shevchenko, Masahiro Yamada
[-- Attachment #1: Type: text/plain, Size: 657 bytes --]
Hi!
> From: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
>
> commit 51839e29cb5954470ea4db7236ef8c3d77a6e0bb upstream.
>
> Some distributions are about to switch to Python 3 support only.
> This means that /usr/bin/python, which is Python 2, is not available
> anymore. Hence, switch scripts to use Python 3 explicitly.
I'd say this is unsuitable for -stable.
Old distributions may not have python3 installed, and we should not
change this dependency in the middle of the series.
Python is not listed in Documentation/Changes . Perhaps it should be?
Best regards,
Pavel
--
http://www.livejournal.com/~pavelmachek
[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 181 bytes --]
^ permalink raw reply [flat|nested] 440+ messages in thread
* Re: [PATCH 4.19 000/425] 4.19.191-rc1 review
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (426 preceding siblings ...)
2021-05-20 15:25 ` Jon Hunter
@ 2021-05-20 21:45 ` Shuah Khan
2021-05-20 22:53 ` Guenter Roeck
` (3 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Shuah Khan @ 2021-05-20 21:45 UTC (permalink / raw)
To: Greg Kroah-Hartman, linux-kernel
Cc: torvalds, akpm, linux, shuah, patches, lkft-triage, pavel,
jonathanh, f.fainelli, stable, Shuah Khan
On 5/20/21 3:16 AM, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 4.19.191 release.
> There are 425 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Sat, 22 May 2021 09:20:38 +0000.
> Anything received after that time might be too late.
>
> The whole patch series can be found in one patch at:
> https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.19.191-rc1.gz
> or in the git tree and branch at:
> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.19.y
> and the diffstat can be found below.
>
> thanks,
>
> greg k-h
>
Compiled and booted on my test system. No dmesg regressions.
Tested-by: Shuah Khan <skhan@linuxfoundation.org>
thanks,
-- Shuah
^ permalink raw reply [flat|nested] 440+ messages in thread
* Re: [PATCH 4.19 000/425] 4.19.191-rc1 review
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (427 preceding siblings ...)
2021-05-20 21:45 ` Shuah Khan
@ 2021-05-20 22:53 ` Guenter Roeck
2021-05-21 1:52 ` Samuel Zou
` (2 subsequent siblings)
431 siblings, 0 replies; 440+ messages in thread
From: Guenter Roeck @ 2021-05-20 22:53 UTC (permalink / raw)
To: Greg Kroah-Hartman
Cc: linux-kernel, torvalds, akpm, shuah, patches, lkft-triage, pavel,
jonathanh, f.fainelli, stable
On Thu, May 20, 2021 at 11:16:09AM +0200, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 4.19.191 release.
> There are 425 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Sat, 22 May 2021 09:20:38 +0000.
> Anything received after that time might be too late.
>
Build results:
total: 155 pass: 155 fail: 0
Qemu test results:
total: 424 pass: 424 fail: 0
Tested-by: Guenter Roeck <linux@roeck-us.net>
Guenter
^ permalink raw reply [flat|nested] 440+ messages in thread
* Re: [PATCH 4.19 000/425] 4.19.191-rc1 review
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (428 preceding siblings ...)
2021-05-20 22:53 ` Guenter Roeck
@ 2021-05-21 1:52 ` Samuel Zou
2021-05-21 5:46 ` Naresh Kamboju
2021-05-21 18:23 ` Sudip Mukherjee
431 siblings, 0 replies; 440+ messages in thread
From: Samuel Zou @ 2021-05-21 1:52 UTC (permalink / raw)
To: Greg Kroah-Hartman, linux-kernel
Cc: torvalds, akpm, linux, shuah, patches, lkft-triage, pavel,
jonathanh, f.fainelli, stable
On 2021/5/20 17:16, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 4.19.191 release.
> There are 425 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Sat, 22 May 2021 09:20:38 +0000.
> Anything received after that time might be too late.
>
> The whole patch series can be found in one patch at:
> https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.19.191-rc1.gz
> or in the git tree and branch at:
> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.19.y
> and the diffstat can be found below.
>
> thanks,
>
> greg k-h
>
Tested on arm64 and x86 for 4.19.191-rc1,
Kernel repo:
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git
Branch: linux-4.19.y
Version: 4.19.191-rc1
Commit: 06c717b4df3acb666920610a100d04ebdc485e6c
Compiler: gcc version 7.3.0 (GCC)
arm64:
--------------------------------------------------------------------
Testcase Result Summary:
total: 8855
passed: 8855
failed: 0
timeout: 0
--------------------------------------------------------------------
x86:
--------------------------------------------------------------------
Testcase Result Summary:
total: 8855
passed: 8855
failed: 0
timeout: 0
--------------------------------------------------------------------
Tested-by: Hulk Robot <hulkrobot@huawei.com>
^ permalink raw reply [flat|nested] 440+ messages in thread
* Re: [PATCH 4.19 425/425] scripts: switch explicitly to Python 3
2021-05-20 20:36 ` Pavel Machek
@ 2021-05-21 4:36 ` Greg Kroah-Hartman
2021-05-21 4:37 ` Greg Kroah-Hartman
0 siblings, 1 reply; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-21 4:36 UTC (permalink / raw)
To: Pavel Machek; +Cc: linux-kernel, stable, Andy Shevchenko, Masahiro Yamada
On Thu, May 20, 2021 at 10:36:26PM +0200, Pavel Machek wrote:
> Hi!
>
> > From: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
> >
> > commit 51839e29cb5954470ea4db7236ef8c3d77a6e0bb upstream.
> >
> > Some distributions are about to switch to Python 3 support only.
> > This means that /usr/bin/python, which is Python 2, is not available
> > anymore. Hence, switch scripts to use Python 3 explicitly.
>
> I'd say this is unsuitable for -stable.
>
> Old distributions may not have python3 installed, and we should not
> change this dependency in the middle of the series.
What distro that was released in 2017 (the year 4.14.0 was released) did
not have python3 on it?
> Python is not listed in Documentation/Changes . Perhaps it should be?
It's not required to build/boot, just these helper scripts.
thanks,
greg k-h
^ permalink raw reply [flat|nested] 440+ messages in thread
* Re: [PATCH 4.19 425/425] scripts: switch explicitly to Python 3
2021-05-21 4:36 ` Greg Kroah-Hartman
@ 2021-05-21 4:37 ` Greg Kroah-Hartman
2021-06-23 20:25 ` Pavel Machek
0 siblings, 1 reply; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-05-21 4:37 UTC (permalink / raw)
To: Pavel Machek; +Cc: linux-kernel, stable, Andy Shevchenko, Masahiro Yamada
On Fri, May 21, 2021 at 06:36:18AM +0200, Greg Kroah-Hartman wrote:
> On Thu, May 20, 2021 at 10:36:26PM +0200, Pavel Machek wrote:
> > Hi!
> >
> > > From: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
> > >
> > > commit 51839e29cb5954470ea4db7236ef8c3d77a6e0bb upstream.
> > >
> > > Some distributions are about to switch to Python 3 support only.
> > > This means that /usr/bin/python, which is Python 2, is not available
> > > anymore. Hence, switch scripts to use Python 3 explicitly.
> >
> > I'd say this is unsuitable for -stable.
> >
> > Old distributions may not have python3 installed, and we should not
> > change this dependency in the middle of the series.
>
> What distro that was released in 2017 (the year 4.14.0 was released) did
> not have python3 on it?
oops, I meant 2018, when 4.19.0 was out, wrong tree...
^ permalink raw reply [flat|nested] 440+ messages in thread
* Re: [PATCH 4.19 000/425] 4.19.191-rc1 review
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (429 preceding siblings ...)
2021-05-21 1:52 ` Samuel Zou
@ 2021-05-21 5:46 ` Naresh Kamboju
2021-05-21 18:23 ` Sudip Mukherjee
431 siblings, 0 replies; 440+ messages in thread
From: Naresh Kamboju @ 2021-05-21 5:46 UTC (permalink / raw)
To: Greg Kroah-Hartman
Cc: open list, Shuah Khan, Florian Fainelli, patches, lkft-triage,
Jon Hunter, linux-stable, Pavel Machek, Andrew Morton,
Linus Torvalds, Guenter Roeck
On Thu, 20 May 2021 at 15:01, Greg Kroah-Hartman
<gregkh@linuxfoundation.org> wrote:
>
> This is the start of the stable review cycle for the 4.19.191 release.
> There are 425 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Sat, 22 May 2021 09:20:38 +0000.
> Anything received after that time might be too late.
>
> The whole patch series can be found in one patch at:
> https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.19.191-rc1.gz
> or in the git tree and branch at:
> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.19.y
> and the diffstat can be found below.
>
> thanks,
>
> greg k-h
Results from Linaro’s test farm.
No regressions on arm64, arm, x86_64, and i386.
Tested-by: Linux Kernel Functional Testing <lkft@linaro.org>
## Build
* kernel: 4.19.191-rc1
* git: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git
* git branch: linux-4.19.y
* git commit: 06c717b4df3acb666920610a100d04ebdc485e6c
* git describe: v4.19.190-426-g06c717b4df3a
* test details:
https://qa-reports.linaro.org/lkft/linux-stable-rc-linux-4.19.y/build/v4.19.190-426-g06c717b4df3a
## No regressions (compared to v4.19.190-393-g3423fd68b29e)
## No fixes (compared to v4.19.190-393-g3423fd68b29e)
## Test result summary
total: 67254, pass: 53425, fail: 2253, skip: 10797, xfail: 779,
## Build Summary
* arm: 97 total, 97 passed, 0 failed
* arm64: 25 total, 25 passed, 0 failed
* dragonboard-410c: 1 total, 1 passed, 0 failed
* hi6220-hikey: 1 total, 1 passed, 0 failed
* i386: 14 total, 14 passed, 0 failed
* juno-r2: 1 total, 1 passed, 0 failed
* mips: 39 total, 39 passed, 0 failed
* s390: 9 total, 9 passed, 0 failed
* sparc: 9 total, 9 passed, 0 failed
* x15: 1 total, 1 passed, 0 failed
* x86: 1 total, 1 passed, 0 failed
* x86_64: 15 total, 15 passed, 0 failed
## Test suites summary
* fwts
* igt-gpu-tools
* install-android-platform-tools-r2600
* kselftest-
* kselftest-android
* kselftest-bpf
* kselftest-breakpoints
* kselftest-capabilities
* kselftest-cgroup
* kselftest-clone3
* kselftest-core
* kselftest-cpu-hotplug
* kselftest-cpufreq
* kselftest-drivers
* kselftest-efivarfs
* kselftest-filesystems
* kselftest-firmware
* kselftest-fpu
* kselftest-futex
* kselftest-gpio
* kselftest-intel_pstate
* kselftest-ipc
* kselftest-ir
* kselftest-kcmp
* kselftest-kexec
* kselftest-kvm
* kselftest-lib
* kselftest-livepatch
* kselftest-lkdtm
* kselftest-membarrier
* kselftest-memfd
* kselftest-memory-hotplug
* kselftest-mincore
* kselftest-mount
* kselftest-mqueue
* kselftest-net
* kselftest-netfilter
* kselftest-nsfs
* kselftest-openat2
* kselftest-pid_namespace
* kselftest-pidfd
* kselftest-proc
* kselftest-pstore
* kselftest-ptrace
* kselftest-rseq
* kselftest-rtc
* kselftest-seccomp
* kselftest-sigaltstack
* kselftest-size
* kselftest-splice
* kselftest-static_keys
* kselftest-sync
* kselftest-sysctl
* kselftest-tc-testing
* kselftest-timens
* kselftest-timers
* kselftest-tmpfs
* kselftest-tpm2
* kselftest-user
* kselftest-vm
* kselftest-vsyscall-mode-native-
* kselftest-vsyscall-mode-none-
* kselftest-x86
* kselftest-zram
* kvm-unit-tests
* libhugetlbfs
* linux-log-parser
* ltp-cap_bounds-tests
* ltp-commands-tests
* ltp-containers-tests
* ltp-controllers-tests
* ltp-cpuhotplug-tests
* ltp-crypto-tests
* ltp-cve-tests
* ltp-dio-tests
* ltp-fcntl-locktests-tests
* ltp-filecaps-tests
* ltp-fs-tests
* ltp-fs_bind-tests
* ltp-fs_perms_simple-tests
* ltp-fsx-tests
* ltp-hugetlb-tests
* ltp-io-tests
* ltp-ipc-tests
* ltp-math-tests
* ltp-mm-tests
* ltp-nptl-tests
* ltp-open-posix-tests
* ltp-pty-tests
* ltp-sched-tests
* ltp-securebits-tests
* ltp-syscalls-tests
* ltp-tracing-tests
* network-basic-tests
* packetdrill
* perf
* rcutorture
* ssuite
* v4l2-compliance
--
Linaro LKFT
https://lkft.linaro.org
^ permalink raw reply [flat|nested] 440+ messages in thread
* Re: [PATCH 4.19 000/425] 4.19.191-rc1 review
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
` (430 preceding siblings ...)
2021-05-21 5:46 ` Naresh Kamboju
@ 2021-05-21 18:23 ` Sudip Mukherjee
431 siblings, 0 replies; 440+ messages in thread
From: Sudip Mukherjee @ 2021-05-21 18:23 UTC (permalink / raw)
To: Greg Kroah-Hartman
Cc: linux-kernel, torvalds, akpm, linux, shuah, patches, lkft-triage,
pavel, jonathanh, f.fainelli, stable
Hi Greg,
On Thu, May 20, 2021 at 11:16:09AM +0200, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 4.19.191 release.
> There are 425 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Sat, 22 May 2021 09:20:38 +0000.
> Anything received after that time might be too late.
Build test:
mips (gcc version 11.1.1 20210430): 63 configs -> no failure
arm (gcc version 11.1.1 20210430): 116 configs -> no new failure
x86_64 (gcc version 10.2.1 20210110): 2 configs -> no failure
Boot test:
x86_64: Booted on my test laptop. No regression.
x86_64: Booted on qemu. No regression.
Tested-by: Sudip Mukherjee <sudip.mukherjee@codethink.co.uk>
--
Regards
Sudip
^ permalink raw reply [flat|nested] 440+ messages in thread
* Re: [PATCH 4.19 425/425] scripts: switch explicitly to Python 3
2021-05-21 4:37 ` Greg Kroah-Hartman
@ 2021-06-23 20:25 ` Pavel Machek
2021-06-24 5:20 ` Greg Kroah-Hartman
2021-06-24 10:04 ` Andy Shevchenko
0 siblings, 2 replies; 440+ messages in thread
From: Pavel Machek @ 2021-06-23 20:25 UTC (permalink / raw)
To: Greg Kroah-Hartman; +Cc: linux-kernel, stable, Andy Shevchenko, Masahiro Yamada
[-- Attachment #1: Type: text/plain, Size: 1225 bytes --]
On Fri 2021-05-21 06:37:00, Greg Kroah-Hartman wrote:
> On Fri, May 21, 2021 at 06:36:18AM +0200, Greg Kroah-Hartman wrote:
> > On Thu, May 20, 2021 at 10:36:26PM +0200, Pavel Machek wrote:
> > > Hi!
> > >
> > > > From: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
> > > >
> > > > commit 51839e29cb5954470ea4db7236ef8c3d77a6e0bb upstream.
> > > >
> > > > Some distributions are about to switch to Python 3 support only.
> > > > This means that /usr/bin/python, which is Python 2, is not available
> > > > anymore. Hence, switch scripts to use Python 3 explicitly.
> > >
> > > I'd say this is unsuitable for -stable.
> > >
> > > Old distributions may not have python3 installed, and we should not
> > > change this dependency in the middle of the series.
> >
> > What distro that was released in 2017 (the year 4.14.0 was released) did
> > not have python3 on it?
>
> oops, I meant 2018, when 4.19.0 was out, wrong tree...
In anything yocto-based, for example, you explicitely select which
packages you want. And changing dependencies in middle of stable
release is surprising and against our documentation.
Best regards,
Pavel
--
http://www.livejournal.com/~pavelmachek
[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 181 bytes --]
^ permalink raw reply [flat|nested] 440+ messages in thread
* Re: [PATCH 4.19 425/425] scripts: switch explicitly to Python 3
2021-06-23 20:25 ` Pavel Machek
@ 2021-06-24 5:20 ` Greg Kroah-Hartman
2021-06-24 10:04 ` Andy Shevchenko
1 sibling, 0 replies; 440+ messages in thread
From: Greg Kroah-Hartman @ 2021-06-24 5:20 UTC (permalink / raw)
To: Pavel Machek; +Cc: linux-kernel, stable, Andy Shevchenko, Masahiro Yamada
On Wed, Jun 23, 2021 at 10:25:29PM +0200, Pavel Machek wrote:
> On Fri 2021-05-21 06:37:00, Greg Kroah-Hartman wrote:
> > On Fri, May 21, 2021 at 06:36:18AM +0200, Greg Kroah-Hartman wrote:
> > > On Thu, May 20, 2021 at 10:36:26PM +0200, Pavel Machek wrote:
> > > > Hi!
> > > >
> > > > > From: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
> > > > >
> > > > > commit 51839e29cb5954470ea4db7236ef8c3d77a6e0bb upstream.
> > > > >
> > > > > Some distributions are about to switch to Python 3 support only.
> > > > > This means that /usr/bin/python, which is Python 2, is not available
> > > > > anymore. Hence, switch scripts to use Python 3 explicitly.
> > > >
> > > > I'd say this is unsuitable for -stable.
> > > >
> > > > Old distributions may not have python3 installed, and we should not
> > > > change this dependency in the middle of the series.
> > >
> > > What distro that was released in 2017 (the year 4.14.0 was released) did
> > > not have python3 on it?
> >
> > oops, I meant 2018, when 4.19.0 was out, wrong tree...
>
> In anything yocto-based, for example, you explicitely select which
> packages you want. And changing dependencies in middle of stable
> release is surprising and against our documentation.
Yocto documentation does not dictate kernel development processes.
good luck!
greg k-h
^ permalink raw reply [flat|nested] 440+ messages in thread
* Re: [PATCH 4.19 425/425] scripts: switch explicitly to Python 3
2021-06-23 20:25 ` Pavel Machek
2021-06-24 5:20 ` Greg Kroah-Hartman
@ 2021-06-24 10:04 ` Andy Shevchenko
1 sibling, 0 replies; 440+ messages in thread
From: Andy Shevchenko @ 2021-06-24 10:04 UTC (permalink / raw)
To: Pavel Machek
Cc: Greg Kroah-Hartman, Linux Kernel Mailing List, Stable,
Andy Shevchenko, Masahiro Yamada
On Wed, Jun 23, 2021 at 11:28 PM Pavel Machek <pavel@ucw.cz> wrote:
> On Fri 2021-05-21 06:37:00, Greg Kroah-Hartman wrote:
> > On Fri, May 21, 2021 at 06:36:18AM +0200, Greg Kroah-Hartman wrote:
> > > On Thu, May 20, 2021 at 10:36:26PM +0200, Pavel Machek wrote:
...
> > > > Old distributions may not have python3 installed, and we should not
> > > > change this dependency in the middle of the series.
> > >
> > > What distro that was released in 2017 (the year 4.14.0 was released) did
> > > not have python3 on it?
> >
> > oops, I meant 2018, when 4.19.0 was out, wrong tree...
>
> In anything yocto-based, for example, you explicitely select which
> packages you want. And changing dependencies in middle of stable
> release is surprising and against our documentation.
How is this all relevant?
Scripts where the interpreter changed are not supposed to be used
outside of the (kernel) development process. No user should really
rely on those scripts to produce anything at any point of time or even
be there.
--
With Best Regards,
Andy Shevchenko
^ permalink raw reply [flat|nested] 440+ messages in thread
end of thread, other threads:[~2021-06-24 10:05 UTC | newest]
Thread overview: 440+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-05-20 9:16 [PATCH 4.19 000/425] 4.19.191-rc1 review Greg Kroah-Hartman
2021-05-20 9:16 ` [PATCH 4.19 001/425] s390/disassembler: increase ebpf disasm buffer size Greg Kroah-Hartman
2021-05-20 9:16 ` [PATCH 4.19 002/425] ACPI: custom_method: fix potential use-after-free issue Greg Kroah-Hartman
2021-05-20 9:16 ` [PATCH 4.19 003/425] ACPI: custom_method: fix a possible memory leak Greg Kroah-Hartman
2021-05-20 9:16 ` [PATCH 4.19 004/425] ftrace: Handle commands when closing set_ftrace_filter file Greg Kroah-Hartman
2021-05-20 9:16 ` [PATCH 4.19 005/425] ARM: 9056/1: decompressor: fix BSS size calculation for LLVM ld.lld Greg Kroah-Hartman
2021-05-20 9:16 ` [PATCH 4.19 006/425] arm64: dts: marvell: armada-37xx: add syscon compatible to NB clk node Greg Kroah-Hartman
2021-05-20 9:16 ` [PATCH 4.19 007/425] arm64: dts: mt8173: fix property typo of phys in dsi node Greg Kroah-Hartman
2021-05-20 9:16 ` [PATCH 4.19 008/425] ecryptfs: fix kernel panic with null dev_name Greg Kroah-Hartman
2021-05-20 9:16 ` [PATCH 4.19 009/425] mtd: spinand: core: add missing MODULE_DEVICE_TABLE() Greg Kroah-Hartman
2021-05-20 9:16 ` [PATCH 4.19 010/425] mtd: rawnand: atmel: Update ecc_stats.corrected counter Greg Kroah-Hartman
2021-05-20 9:16 ` [PATCH 4.19 011/425] spi: spi-ti-qspi: Free DMA resources Greg Kroah-Hartman
2021-05-20 9:16 ` [PATCH 4.19 012/425] scsi: qla2xxx: Fix crash in qla2xxx_mqueuecommand() Greg Kroah-Hartman
2021-05-20 9:16 ` [PATCH 4.19 013/425] mmc: sdhci-pci: Fix initialization of some SD cards for Intel BYT-based controllers Greg Kroah-Hartman
2021-05-20 9:16 ` [PATCH 4.19 014/425] mmc: block: Update ext_csd.cache_ctrl if it was written Greg Kroah-Hartman
2021-05-20 9:16 ` [PATCH 4.19 015/425] mmc: block: Issue a cache flush only when its enabled Greg Kroah-Hartman
2021-05-20 9:16 ` [PATCH 4.19 016/425] mmc: core: Do a power cycle when the CMD11 fails Greg Kroah-Hartman
2021-05-20 9:16 ` [PATCH 4.19 017/425] mmc: core: Set read only for SD cards with permanent write protect bit Greg Kroah-Hartman
2021-05-20 9:16 ` [PATCH 4.19 018/425] erofs: add unsupported inode i_format check Greg Kroah-Hartman
2021-05-20 9:16 ` [PATCH 4.19 019/425] cifs: Return correct error code from smb2_get_enc_key Greg Kroah-Hartman
2021-05-20 9:16 ` [PATCH 4.19 020/425] btrfs: fix metadata extent leak after failure to create subvolume Greg Kroah-Hartman
2021-05-20 9:16 ` [PATCH 4.19 021/425] intel_th: pci: Add Rocket Lake CPU support Greg Kroah-Hartman
2021-05-20 9:16 ` [PATCH 4.19 022/425] fbdev: zero-fill colormap in fbcmap.c Greg Kroah-Hartman
2021-05-20 9:16 ` [PATCH 4.19 023/425] staging: wimax/i2400m: fix byte-order issue Greg Kroah-Hartman
2021-05-20 9:16 ` [PATCH 4.19 024/425] crypto: api - check for ERR pointers in crypto_destroy_tfm() Greg Kroah-Hartman
2021-05-20 9:16 ` [PATCH 4.19 025/425] usb: gadget: uvc: add bInterval checking for HS mode Greg Kroah-Hartman
2021-05-20 9:16 ` [PATCH 4.19 026/425] genirq/matrix: Prevent allocation counter corruption Greg Kroah-Hartman
2021-05-20 9:16 ` [PATCH 4.19 027/425] usb: gadget: f_uac1: validate input parameters Greg Kroah-Hartman
2021-05-20 9:16 ` [PATCH 4.19 028/425] usb: dwc3: gadget: Ignore EP queue requests during bus reset Greg Kroah-Hartman
2021-05-20 9:16 ` [PATCH 4.19 029/425] usb: xhci: Fix port minor revision Greg Kroah-Hartman
2021-05-20 9:16 ` [PATCH 4.19 030/425] PCI: PM: Do not read power state in pci_enable_device_flags() Greg Kroah-Hartman
2021-05-20 9:16 ` [PATCH 4.19 031/425] x86/build: Propagate $(CLANG_FLAGS) to $(REALMODE_FLAGS) Greg Kroah-Hartman
2021-05-20 9:16 ` [PATCH 4.19 032/425] tee: optee: do not check memref size on return from Secure World Greg Kroah-Hartman
2021-05-20 9:16 ` [PATCH 4.19 033/425] perf/arm_pmu_platform: Fix error handling Greg Kroah-Hartman
2021-05-20 9:16 ` [PATCH 4.19 034/425] usb: xhci-mtk: support quirk to disable usb2 lpm Greg Kroah-Hartman
2021-05-20 9:16 ` [PATCH 4.19 035/425] xhci: check control context is valid before dereferencing it Greg Kroah-Hartman
2021-05-20 9:16 ` [PATCH 4.19 036/425] xhci: fix potential array out of bounds with several interrupters Greg Kroah-Hartman
2021-05-20 9:16 ` [PATCH 4.19 037/425] spi: dln2: Fix reference leak to master Greg Kroah-Hartman
2021-05-20 9:16 ` [PATCH 4.19 038/425] spi: omap-100k: " Greg Kroah-Hartman
2021-05-20 9:16 ` [PATCH 4.19 039/425] intel_th: Consistency and off-by-one fix Greg Kroah-Hartman
2021-05-20 9:16 ` [PATCH 4.19 040/425] phy: phy-twl4030-usb: Fix possible use-after-free in twl4030_usb_remove() Greg Kroah-Hartman
2021-05-20 9:16 ` [PATCH 4.19 041/425] btrfs: convert logic BUG_ON()s in replace_path to ASSERT()s Greg Kroah-Hartman
2021-05-20 9:16 ` [PATCH 4.19 042/425] scsi: lpfc: Fix incorrect dbde assignment when building target abts wqe Greg Kroah-Hartman
2021-05-20 9:16 ` [PATCH 4.19 043/425] scsi: lpfc: Fix pt2pt connection does not recover after LOGO Greg Kroah-Hartman
2021-05-20 9:16 ` [PATCH 4.19 044/425] scsi: target: pscsi: Fix warning in pscsi_complete_cmd() Greg Kroah-Hartman
2021-05-20 9:16 ` [PATCH 4.19 045/425] media: ite-cir: check for receive overflow Greg Kroah-Hartman
2021-05-20 9:16 ` [PATCH 4.19 046/425] media: drivers: media: pci: sta2x11: fix Kconfig dependency on GPIOLIB Greg Kroah-Hartman
2021-05-20 9:16 ` [PATCH 4.19 047/425] power: supply: bq27xxx: fix power_avg for newer ICs Greg Kroah-Hartman
2021-05-20 9:16 ` [PATCH 4.19 048/425] extcon: arizona: Fix some issues when HPDET IRQ fires after the jack has been unplugged Greg Kroah-Hartman
2021-05-20 9:16 ` [PATCH 4.19 049/425] media: media/saa7164: fix saa7164_encoder_register() memory leak bugs Greg Kroah-Hartman
2021-05-20 9:16 ` [PATCH 4.19 050/425] media: gspca/sq905.c: fix uninitialized variable Greg Kroah-Hartman
2021-05-20 9:17 ` [PATCH 4.19 051/425] power: supply: Use IRQF_ONESHOT Greg Kroah-Hartman
2021-05-20 9:17 ` [PATCH 4.19 052/425] drm/amdgpu : Fix asic reset regression issue introduce by 8f211fe8ac7c4f Greg Kroah-Hartman
2021-05-20 9:17 ` [PATCH 4.19 053/425] scsi: qla2xxx: Always check the return value of qla24xx_get_isp_stats() Greg Kroah-Hartman
2021-05-20 9:17 ` [PATCH 4.19 054/425] scsi: qla2xxx: Fix use after free in bsg Greg Kroah-Hartman
2021-05-20 9:17 ` [PATCH 4.19 055/425] scsi: scsi_dh_alua: Remove check for ASC 24h in alua_rtpg() Greg Kroah-Hartman
2021-05-20 9:17 ` [PATCH 4.19 056/425] media: em28xx: fix memory leak Greg Kroah-Hartman
2021-05-20 9:17 ` [PATCH 4.19 057/425] media: vivid: update EDID Greg Kroah-Hartman
2021-05-20 9:17 ` [PATCH 4.19 058/425] clk: socfpga: arria10: Fix memory leak of socfpga_clk on error return Greg Kroah-Hartman
2021-05-20 9:17 ` [PATCH 4.19 059/425] power: supply: generic-adc-battery: fix possible use-after-free in gab_remove() Greg Kroah-Hartman
2021-05-20 9:17 ` [PATCH 4.19 060/425] power: supply: s3c_adc_battery: fix possible use-after-free in s3c_adc_bat_remove() Greg Kroah-Hartman
2021-05-20 9:17 ` [PATCH 4.19 061/425] media: tc358743: fix possible use-after-free in tc358743_remove() Greg Kroah-Hartman
2021-05-20 9:17 ` [PATCH 4.19 062/425] media: adv7604: fix possible use-after-free in adv76xx_remove() Greg Kroah-Hartman
2021-05-20 9:17 ` [PATCH 4.19 063/425] media: i2c: adv7511-v4l2: fix possible use-after-free in adv7511_remove() Greg Kroah-Hartman
2021-05-20 9:17 ` [PATCH 4.19 064/425] media: i2c: adv7842: fix possible use-after-free in adv7842_remove() Greg Kroah-Hartman
2021-05-20 9:17 ` [PATCH 4.19 065/425] media: dvb-usb: fix memory leak in dvb_usb_adapter_init Greg Kroah-Hartman
2021-05-20 9:17 ` [PATCH 4.19 066/425] media: gscpa/stv06xx: fix memory leak Greg Kroah-Hartman
2021-05-20 9:17 ` [PATCH 4.19 067/425] drm/msm/mdp5: Configure PP_SYNC_HEIGHT to double the vtotal Greg Kroah-Hartman
2021-05-20 9:17 ` [PATCH 4.19 068/425] amdgpu: avoid incorrect %hu format string Greg Kroah-Hartman
2021-05-20 9:17 ` [PATCH 4.19 069/425] drm/amdgpu: fix NULL pointer dereference Greg Kroah-Hartman
2021-05-20 9:17 ` [PATCH 4.19 070/425] scsi: lpfc: Fix crash when a REG_RPI mailbox fails triggering a LOGO response Greg Kroah-Hartman
2021-05-20 9:17 ` [PATCH 4.19 071/425] scsi: lpfc: Remove unsupported mbox PORT_CAPABILITIES logic Greg Kroah-Hartman
2021-05-20 9:17 ` [PATCH 4.19 072/425] scsi: libfc: Fix a format specifier Greg Kroah-Hartman
2021-05-20 9:17 ` [PATCH 4.19 073/425] s390/archrandom: add parameter check for s390_arch_random_generate Greg Kroah-Hartman
2021-05-20 9:17 ` [PATCH 4.19 074/425] ALSA: emu8000: Fix a use after free in snd_emu8000_create_mixer Greg Kroah-Hartman
2021-05-20 9:17 ` [PATCH 4.19 075/425] ALSA: hda/conexant: Re-order CX5066 quirk table entries Greg Kroah-Hartman
2021-05-20 9:17 ` [PATCH 4.19 076/425] ALSA: sb: Fix two use after free in snd_sb_qsound_build Greg Kroah-Hartman
2021-05-20 9:17 ` [PATCH 4.19 077/425] ALSA: usb-audio: Explicitly set up the clock selector Greg Kroah-Hartman
2021-05-20 9:17 ` [PATCH 4.19 078/425] ALSA: usb-audio: More constifications Greg Kroah-Hartman
2021-05-20 9:17 ` [PATCH 4.19 079/425] ALSA: usb-audio: Add dB range mapping for Sennheiser Communications Headset PC 8 Greg Kroah-Hartman
2021-05-20 9:17 ` [PATCH 4.19 080/425] ALSA: hda/realtek: Add quirk for Intel Clevo PCx0Dx Greg Kroah-Hartman
2021-05-20 9:17 ` [PATCH 4.19 081/425] btrfs: fix race when picking most recent mod log operation for an old root Greg Kroah-Hartman
2021-05-20 9:17 ` [PATCH 4.19 082/425] arm64/vdso: Discard .note.gnu.property sections in vDSO Greg Kroah-Hartman
2021-05-20 9:17 ` [PATCH 4.19 083/425] ubifs: Only check replay with inode type to judge if inode linked Greg Kroah-Hartman
2021-05-20 9:17 ` [PATCH 4.19 084/425] f2fs: fix to avoid out-of-bounds memory access Greg Kroah-Hartman
2021-05-20 9:17 ` [PATCH 4.19 085/425] mlxsw: spectrum_mr: Update egress RIF list before routes action Greg Kroah-Hartman
2021-05-20 9:17 ` [PATCH 4.19 086/425] openvswitch: fix stack OOB read while fragmenting IPv4 packets Greg Kroah-Hartman
2021-05-20 9:17 ` [PATCH 4.19 087/425] ACPI: GTDT: Dont corrupt interrupt mappings on watchdow probe failure Greg Kroah-Hartman
2021-05-20 9:17 ` [PATCH 4.19 088/425] NFS: Dont discard pNFS layout segments that are marked for return Greg Kroah-Hartman
2021-05-20 9:17 ` [PATCH 4.19 089/425] NFSv4: Dont discard segments marked for return in _pnfs_return_layout() Greg Kroah-Hartman
2021-05-20 9:17 ` [PATCH 4.19 090/425] jffs2: Fix kasan slab-out-of-bounds problem Greg Kroah-Hartman
2021-05-20 9:17 ` [PATCH 4.19 091/425] powerpc/eeh: Fix EEH handling for hugepages in ioremap space Greg Kroah-Hartman
2021-05-20 9:17 ` [PATCH 4.19 092/425] powerpc: fix EDEADLOCK redefinition error in uapi/asm/errno.h Greg Kroah-Hartman
2021-05-20 9:17 ` [PATCH 4.19 093/425] intel_th: pci: Add Alder Lake-M support Greg Kroah-Hartman
2021-05-20 9:17 ` [PATCH 4.19 094/425] tpm: vtpm_proxy: Avoid reading host log when using a virtual device Greg Kroah-Hartman
2021-05-20 9:17 ` [PATCH 4.19 095/425] md/raid1: properly indicate failure when ending a failed write request Greg Kroah-Hartman
2021-05-20 9:17 ` [PATCH 4.19 096/425] dm raid: fix inconclusive reshape layout on fast raid4/5/6 table reload sequences Greg Kroah-Hartman
2021-05-20 9:17 ` [PATCH 4.19 097/425] security: commoncap: fix -Wstringop-overread warning Greg Kroah-Hartman
2021-05-20 9:17 ` [PATCH 4.19 098/425] Fix misc new gcc warnings Greg Kroah-Hartman
2021-05-20 9:17 ` [PATCH 4.19 099/425] jffs2: check the validity of dstlen in jffs2_zlib_compress() Greg Kroah-Hartman
2021-05-20 9:17 ` [PATCH 4.19 100/425] Revert 337f13046ff0 ("futex: Allow FUTEX_CLOCK_REALTIME with FUTEX_WAIT op") Greg Kroah-Hartman
2021-05-20 9:17 ` [PATCH 4.19 101/425] posix-timers: Preserve return value in clock_adjtime32() Greg Kroah-Hartman
2021-05-20 9:17 ` [PATCH 4.19 102/425] arm64: vdso: remove commas between macro name and arguments Greg Kroah-Hartman
2021-05-20 9:17 ` [PATCH 4.19 103/425] ext4: fix check to prevent false positive report of incorrect used inodes Greg Kroah-Hartman
2021-05-20 9:17 ` [PATCH 4.19 104/425] ext4: do not set SB_ACTIVE in ext4_orphan_cleanup() Greg Kroah-Hartman
2021-05-20 9:17 ` [PATCH 4.19 105/425] ext4: fix error code in ext4_commit_super Greg Kroah-Hartman
2021-05-20 9:17 ` [PATCH 4.19 106/425] media: dvbdev: Fix memory leak in dvb_media_device_free() Greg Kroah-Hartman
2021-05-20 9:17 ` [PATCH 4.19 107/425] usb: gadget: dummy_hcd: fix gpf in gadget_setup Greg Kroah-Hartman
2021-05-20 9:17 ` [PATCH 4.19 108/425] usb: gadget: Fix double free of device descriptor pointers Greg Kroah-Hartman
2021-05-20 9:17 ` [PATCH 4.19 109/425] usb: gadget/function/f_fs string table fix for multiple languages Greg Kroah-Hartman
2021-05-20 9:17 ` [PATCH 4.19 110/425] usb: dwc3: gadget: Fix START_TRANSFER link state check Greg Kroah-Hartman
2021-05-20 9:18 ` [PATCH 4.19 111/425] usb: dwc2: Fix session request interrupt handler Greg Kroah-Hartman
2021-05-20 9:18 ` [PATCH 4.19 112/425] tty: fix memory leak in vc_deallocate Greg Kroah-Hartman
2021-05-20 9:18 ` [PATCH 4.19 113/425] rsi: Use resume_noirq for SDIO Greg Kroah-Hartman
2021-05-20 9:18 ` [PATCH 4.19 114/425] tracing: Map all PIDs to command lines Greg Kroah-Hartman
2021-05-20 9:18 ` [PATCH 4.19 115/425] tracing: Restructure trace_clock_global() to never block Greg Kroah-Hartman
2021-05-20 9:18 ` [PATCH 4.19 116/425] dm persistent data: packed struct should have an aligned() attribute too Greg Kroah-Hartman
2021-05-20 9:18 ` [PATCH 4.19 117/425] dm space map common: fix division bug in sm_ll_find_free_block() Greg Kroah-Hartman
2021-05-20 9:18 ` [PATCH 4.19 118/425] dm rq: fix double free of blk_mq_tag_set in dev remove after table load fails Greg Kroah-Hartman
2021-05-20 9:18 ` [PATCH 4.19 119/425] modules: mark ref_module static Greg Kroah-Hartman
2021-05-20 9:18 ` [PATCH 4.19 120/425] modules: mark find_symbol static Greg Kroah-Hartman
2021-05-20 9:18 ` [PATCH 4.19 121/425] modules: mark each_symbol_section static Greg Kroah-Hartman
2021-05-20 9:18 ` [PATCH 4.19 122/425] modules: unexport __module_text_address Greg Kroah-Hartman
2021-05-20 9:18 ` [PATCH 4.19 123/425] modules: unexport __module_address Greg Kroah-Hartman
2021-05-20 9:18 ` [PATCH 4.19 124/425] modules: rename the licence field in struct symsearch to license Greg Kroah-Hartman
2021-05-20 9:18 ` [PATCH 4.19 125/425] modules: return licensing information from find_symbol Greg Kroah-Hartman
2021-05-20 9:18 ` [PATCH 4.19 126/425] modules: inherit TAINT_PROPRIETARY_MODULE Greg Kroah-Hartman
2021-05-20 9:18 ` [PATCH 4.19 127/425] Bluetooth: verify AMP hci_chan before amp_destroy Greg Kroah-Hartman
2021-05-20 9:18 ` [PATCH 4.19 128/425] hsr: use netdev_err() instead of WARN_ONCE() Greg Kroah-Hartman
2021-05-20 9:18 ` [PATCH 4.19 129/425] bluetooth: eliminate the potential race condition when removing the HCI controller Greg Kroah-Hartman
2021-05-20 9:18 ` [PATCH 4.19 130/425] net/nfc: fix use-after-free llcp_sock_bind/connect Greg Kroah-Hartman
2021-05-20 9:18 ` [PATCH 4.19 131/425] ASoC: samsung: tm2_wm5110: check of of_parse return value Greg Kroah-Hartman
2021-05-20 9:18 ` [PATCH 4.19 132/425] MIPS: pci-mt7620: fix PLL lock check Greg Kroah-Hartman
2021-05-20 9:18 ` Greg Kroah-Hartman
2021-05-20 9:18 ` [PATCH 4.19 133/425] MIPS: pci-rt2880: fix slot 0 configuration Greg Kroah-Hartman
2021-05-20 9:18 ` [PATCH 4.19 134/425] FDDI: defxx: Bail out gracefully with unassigned PCI resource for CSR Greg Kroah-Hartman
2021-05-20 9:18 ` [PATCH 4.19 135/425] iio:accel:adis16201: Fix wrong axis assignment that prevents loading Greg Kroah-Hartman
2021-05-20 9:18 ` [PATCH 4.19 136/425] misc: lis3lv02d: Fix false-positive WARN on various HP models Greg Kroah-Hartman
2021-05-20 9:18 ` [PATCH 4.19 137/425] misc: vmw_vmci: explicitly initialize vmci_notify_bm_set_msg struct Greg Kroah-Hartman
2021-05-20 9:18 ` [PATCH 4.19 138/425] misc: vmw_vmci: explicitly initialize vmci_datagram payload Greg Kroah-Hartman
2021-05-20 9:18 ` [PATCH 4.19 139/425] md/bitmap: wait for external bitmap writes to complete during tear down Greg Kroah-Hartman
2021-05-20 9:18 ` [PATCH 4.19 140/425] md-cluster: fix use-after-free issue when removing rdev Greg Kroah-Hartman
2021-05-20 9:18 ` [PATCH 4.19 141/425] md: split mddev_find Greg Kroah-Hartman
2021-05-20 9:18 ` [PATCH 4.19 142/425] md: factor out a mddev_find_locked helper from mddev_find Greg Kroah-Hartman
2021-05-20 9:18 ` [PATCH 4.19 143/425] md: md_open returns -EBUSY when entering racing area Greg Kroah-Hartman
2021-05-20 9:18 ` [PATCH 4.19 144/425] md: Fix missing unused status line of /proc/mdstat Greg Kroah-Hartman
2021-05-20 9:18 ` [PATCH 4.19 145/425] ipw2x00: potential buffer overflow in libipw_wx_set_encodeext() Greg Kroah-Hartman
2021-05-20 9:18 ` [PATCH 4.19 146/425] cfg80211: scan: drop entry from hidden_list on overflow Greg Kroah-Hartman
2021-05-20 9:18 ` [PATCH 4.19 147/425] drm/radeon: fix copy of uninitialized variable back to userspace Greg Kroah-Hartman
2021-05-20 9:18 ` [PATCH 4.19 148/425] ALSA: hda/realtek: Re-order ALC882 Acer quirk table entries Greg Kroah-Hartman
2021-05-20 9:18 ` [PATCH 4.19 149/425] ALSA: hda/realtek: Re-order ALC882 Sony " Greg Kroah-Hartman
2021-05-20 9:18 ` [PATCH 4.19 150/425] ALSA: hda/realtek: Re-order ALC882 Clevo " Greg Kroah-Hartman
2021-05-20 9:18 ` [PATCH 4.19 151/425] ALSA: hda/realtek: Re-order ALC269 HP " Greg Kroah-Hartman
2021-05-20 9:18 ` [PATCH 4.19 152/425] ALSA: hda/realtek: Re-order ALC269 Dell " Greg Kroah-Hartman
2021-05-20 9:18 ` [PATCH 4.19 153/425] ALSA: hda/realtek: Re-order ALC269 Sony " Greg Kroah-Hartman
2021-05-20 9:18 ` [PATCH 4.19 154/425] ALSA: hda/realtek: Re-order ALC269 Lenovo " Greg Kroah-Hartman
2021-05-20 9:18 ` [PATCH 4.19 155/425] ALSA: hda/realtek: Remove redundant entry for ALC861 Haier/Uniwill devices Greg Kroah-Hartman
2021-05-20 9:18 ` [PATCH 4.19 156/425] x86/cpu: Initialize MSR_TSC_AUX if RDTSCP *or* RDPID is supported Greg Kroah-Hartman
2021-05-20 9:18 ` [PATCH 4.19 157/425] KVM: s390: split kvm_s390_logical_to_effective Greg Kroah-Hartman
2021-05-20 9:18 ` [PATCH 4.19 158/425] KVM: s390: fix guarded storage control register handling Greg Kroah-Hartman
2021-05-20 9:18 ` [PATCH 4.19 159/425] KVM: s390: split kvm_s390_real_to_abs Greg Kroah-Hartman
2021-05-20 9:18 ` [PATCH 4.19 160/425] ovl: fix missing revert_creds() on error path Greg Kroah-Hartman
2021-05-20 9:18 ` [PATCH 4.19 161/425] usb: gadget: pch_udc: Revert d3cb25a12138 completely Greg Kroah-Hartman
2021-05-20 9:18 ` [PATCH 4.19 162/425] memory: gpmc: fix out of bounds read and dereference on gpmc_cs[] Greg Kroah-Hartman
2021-05-20 9:18 ` [PATCH 4.19 163/425] ARM: dts: exynos: correct fuel gauge interrupt trigger level on Midas family Greg Kroah-Hartman
2021-05-20 9:18 ` [PATCH 4.19 164/425] ARM: dts: exynos: correct MUIC " Greg Kroah-Hartman
2021-05-20 9:18 ` [PATCH 4.19 165/425] ARM: dts: exynos: correct PMIC " Greg Kroah-Hartman
2021-05-20 9:18 ` [PATCH 4.19 166/425] ARM: dts: exynos: correct PMIC interrupt trigger level on Odroid X/U3 family Greg Kroah-Hartman
2021-05-20 9:18 ` [PATCH 4.19 167/425] ARM: dts: exynos: correct PMIC interrupt trigger level on SMDK5250 Greg Kroah-Hartman
2021-05-20 9:18 ` [PATCH 4.19 168/425] ARM: dts: exynos: correct PMIC interrupt trigger level on Snow Greg Kroah-Hartman
2021-05-20 9:18 ` [PATCH 4.19 169/425] serial: stm32: fix incorrect characters on console Greg Kroah-Hartman
2021-05-20 9:18 ` [PATCH 4.19 170/425] serial: stm32: fix tx_empty condition Greg Kroah-Hartman
2021-05-20 9:19 ` [PATCH 4.19 171/425] usb: typec: tcpci: Check ROLE_CONTROL while interpreting CC_STATUS Greg Kroah-Hartman
2021-05-20 9:19 ` [PATCH 4.19 172/425] regmap: set debugfs_name to NULL after it is freed Greg Kroah-Hartman
2021-05-20 9:19 ` [PATCH 4.19 173/425] mtd: rawnand: fsmc: Fix error code in fsmc_nand_probe() Greg Kroah-Hartman
2021-05-20 9:19 ` [PATCH 4.19 174/425] mtd: rawnand: brcmnand: fix OOB R/W with Hamming ECC Greg Kroah-Hartman
2021-05-20 9:19 ` [PATCH 4.19 175/425] mtd: Handle possible -EPROBE_DEFER from parse_mtd_partitions() Greg Kroah-Hartman
2021-05-20 9:19 ` [PATCH 4.19 176/425] mtd: rawnand: qcom: Return actual error code instead of -ENODEV Greg Kroah-Hartman
2021-05-20 9:19 ` [PATCH 4.19 177/425] x86/microcode: Check for offline CPUs before requesting new microcode Greg Kroah-Hartman
2021-05-20 9:19 ` [PATCH 4.19 178/425] usb: gadget: pch_udc: Replace cpu_to_le32() by lower_32_bits() Greg Kroah-Hartman
2021-05-20 9:19 ` [PATCH 4.19 179/425] usb: gadget: pch_udc: Check if driver is present before calling ->setup() Greg Kroah-Hartman
2021-05-20 9:19 ` [PATCH 4.19 180/425] usb: gadget: pch_udc: Check for DMA mapping error Greg Kroah-Hartman
2021-05-20 9:19 ` [PATCH 4.19 181/425] crypto: qat - dont release uninitialized resources Greg Kroah-Hartman
2021-05-20 9:19 ` [PATCH 4.19 182/425] crypto: qat - ADF_STATUS_PF_RUNNING should be set after adf_dev_init Greg Kroah-Hartman
2021-05-20 9:19 ` [PATCH 4.19 183/425] fotg210-udc: Fix DMA on EP0 for length > max packet size Greg Kroah-Hartman
2021-05-20 9:19 ` [PATCH 4.19 184/425] fotg210-udc: Fix EP0 IN requests bigger than two packets Greg Kroah-Hartman
2021-05-20 9:19 ` [PATCH 4.19 185/425] fotg210-udc: Remove a dubious condition leading to fotg210_done Greg Kroah-Hartman
2021-05-20 9:19 ` [PATCH 4.19 186/425] fotg210-udc: Mask GRP2 interrupts we dont handle Greg Kroah-Hartman
2021-05-20 9:19 ` [PATCH 4.19 187/425] fotg210-udc: Dont DMA more than the buffer can take Greg Kroah-Hartman
2021-05-20 9:19 ` [PATCH 4.19 188/425] fotg210-udc: Complete OUT requests on short packets Greg Kroah-Hartman
2021-05-20 9:19 ` [PATCH 4.19 189/425] mtd: require write permissions for locking and badblock ioctls Greg Kroah-Hartman
2021-05-20 9:19 ` [PATCH 4.19 190/425] bus: qcom: Put child node before return Greg Kroah-Hartman
2021-05-20 9:19 ` [PATCH 4.19 191/425] soundwire: bus: Fix device found flag correctly Greg Kroah-Hartman
2021-05-20 9:19 ` [PATCH 4.19 192/425] phy: marvell: ARMADA375_USBCLUSTER_PHY should not default to y, unconditionally Greg Kroah-Hartman
2021-05-20 9:19 ` [PATCH 4.19 193/425] crypto: qat - fix error path in adf_isr_resource_alloc() Greg Kroah-Hartman
2021-05-20 9:19 ` [PATCH 4.19 194/425] usb: gadget: aspeed: fix dma map failure Greg Kroah-Hartman
2021-05-20 9:19 ` [PATCH 4.19 195/425] USB: gadget: udc: fix wrong pointer passed to IS_ERR() and PTR_ERR() Greg Kroah-Hartman
2021-05-20 9:19 ` [PATCH 4.19 196/425] soundwire: stream: fix memory leak in stream config error path Greg Kroah-Hartman
2021-05-20 9:19 ` [PATCH 4.19 197/425] mtd: rawnand: gpmi: Fix a double free in gpmi_nand_init Greg Kroah-Hartman
2021-05-20 9:19 ` [PATCH 4.19 198/425] irqchip/gic-v3: Fix OF_BAD_ADDR error handling Greg Kroah-Hartman
2021-05-20 9:19 ` [PATCH 4.19 199/425] staging: rtl8192u: Fix potential infinite loop Greg Kroah-Hartman
2021-05-20 9:19 ` [PATCH 4.19 200/425] staging: greybus: uart: fix unprivileged TIOCCSERIAL Greg Kroah-Hartman
2021-05-20 9:19 ` [PATCH 4.19 201/425] spi: Fix use-after-free with devm_spi_alloc_* Greg Kroah-Hartman
2021-05-20 9:19 ` [PATCH 4.19 202/425] soc: qcom: mdt_loader: Validate that p_filesz < p_memsz Greg Kroah-Hartman
2021-05-20 9:19 ` [PATCH 4.19 203/425] soc: qcom: mdt_loader: Detect truncated read of segments Greg Kroah-Hartman
2021-05-20 9:19 ` [PATCH 4.19 204/425] ACPI: CPPC: Replace cppc_attr with kobj_attribute Greg Kroah-Hartman
2021-05-20 9:19 ` [PATCH 4.19 205/425] crypto: qat - Fix a double free in adf_create_ring Greg Kroah-Hartman
2021-05-20 9:19 ` [PATCH 4.19 206/425] cpufreq: armada-37xx: Fix setting TBG parent for load levels Greg Kroah-Hartman
2021-05-20 9:19 ` [PATCH 4.19 207/425] clk: mvebu: armada-37xx-periph: remove .set_parent method for CPU PM clock Greg Kroah-Hartman
2021-05-20 9:19 ` [PATCH 4.19 208/425] cpufreq: armada-37xx: Fix the AVS value for load L1 Greg Kroah-Hartman
2021-05-20 9:19 ` [PATCH 4.19 209/425] clk: mvebu: armada-37xx-periph: Fix switching CPU freq from 250 Mhz to 1 GHz Greg Kroah-Hartman
2021-05-20 9:19 ` [PATCH 4.19 210/425] clk: mvebu: armada-37xx-periph: Fix workaround for switching from L1 to L0 Greg Kroah-Hartman
2021-05-20 9:19 ` [PATCH 4.19 211/425] cpufreq: armada-37xx: Fix driver cleanup when registration failed Greg Kroah-Hartman
2021-05-20 9:19 ` [PATCH 4.19 212/425] cpufreq: armada-37xx: Fix determining base CPU frequency Greg Kroah-Hartman
2021-05-20 9:19 ` [PATCH 4.19 213/425] usb: gadget: r8a66597: Add missing null check on return from platform_get_resource Greg Kroah-Hartman
2021-05-20 9:19 ` [PATCH 4.19 214/425] USB: cdc-acm: fix unprivileged TIOCCSERIAL Greg Kroah-Hartman
2021-05-20 9:19 ` [PATCH 4.19 215/425] tty: actually undefine superseded ASYNC flags Greg Kroah-Hartman
2021-05-20 9:19 ` [PATCH 4.19 216/425] tty: fix return value for unsupported ioctls Greg Kroah-Hartman
2021-05-20 9:19 ` [PATCH 4.19 217/425] firmware: qcom-scm: Fix QCOM_SCM configuration Greg Kroah-Hartman
2021-05-20 9:19 ` [PATCH 4.19 218/425] usbip: vudc: fix missing unlock on error in usbip_sockfd_store() Greg Kroah-Hartman
2021-05-20 9:19 ` [PATCH 4.19 219/425] platform/x86: pmc_atom: Match all Beckhoff Automation baytrail boards with critclk_systems DMI table Greg Kroah-Hartman
2021-05-20 9:19 ` [PATCH 4.19 220/425] x86/platform/uv: Fix !KEXEC build failure Greg Kroah-Hartman
2021-05-20 9:19 ` [PATCH 4.19 221/425] Drivers: hv: vmbus: Increase wait time for VMbus unload Greg Kroah-Hartman
2021-05-20 9:19 ` [PATCH 4.19 222/425] usb: dwc2: Fix host mode hibernation exit with remote wakeup flow Greg Kroah-Hartman
2021-05-20 9:19 ` [PATCH 4.19 223/425] usb: dwc2: Fix hibernation between host and device modes Greg Kroah-Hartman
2021-05-20 9:19 ` [PATCH 4.19 224/425] ttyprintk: Add TTY hangup callback Greg Kroah-Hartman
2021-05-20 9:19 ` [PATCH 4.19 225/425] soc: aspeed: fix a ternary sign expansion bug Greg Kroah-Hartman
2021-05-20 9:19 ` [PATCH 4.19 226/425] media: vivid: fix assignment of dev->fbuf_out_flags Greg Kroah-Hartman
2021-05-20 9:19 ` [PATCH 4.19 227/425] media: omap4iss: return error code when omap4iss_get() failed Greg Kroah-Hartman
2021-05-20 9:19 ` [PATCH 4.19 228/425] media: m88rs6000t: avoid potential out-of-bounds reads on arrays Greg Kroah-Hartman
2021-05-20 9:19 ` [PATCH 4.19 229/425] drm/amdkfd: fix build error with AMD_IOMMU_V2=m Greg Kroah-Hartman
2021-05-20 9:19 ` [PATCH 4.19 230/425] x86/kprobes: Fix to check non boostable prefixes correctly Greg Kroah-Hartman
2021-05-20 9:20 ` [PATCH 4.19 231/425] pata_arasan_cf: fix IRQ check Greg Kroah-Hartman
2021-05-20 9:20 ` [PATCH 4.19 232/425] pata_ipx4xx_cf: " Greg Kroah-Hartman
2021-05-20 9:20 ` [PATCH 4.19 233/425] sata_mv: add IRQ checks Greg Kroah-Hartman
2021-05-20 9:20 ` [PATCH 4.19 234/425] ata: libahci_platform: fix IRQ check Greg Kroah-Hartman
2021-05-20 9:20 ` [PATCH 4.19 235/425] nvme: retrigger ANA log update if group descriptor isnt found Greg Kroah-Hartman
2021-05-20 9:20 ` [PATCH 4.19 236/425] vfio/mdev: Do not allow a mdev_type to have a NULL parent pointer Greg Kroah-Hartman
2021-05-20 9:20 ` [PATCH 4.19 237/425] clk: qcom: a53-pll: Add missing MODULE_DEVICE_TABLE Greg Kroah-Hartman
2021-05-20 9:20 ` [PATCH 4.19 238/425] clk: uniphier: Fix potential infinite loop Greg Kroah-Hartman
2021-05-20 9:20 ` [PATCH 4.19 239/425] scsi: jazz_esp: Add IRQ check Greg Kroah-Hartman
2021-05-20 9:20 ` [PATCH 4.19 240/425] scsi: sun3x_esp: " Greg Kroah-Hartman
2021-05-20 9:20 ` [PATCH 4.19 241/425] scsi: sni_53c710: " Greg Kroah-Hartman
2021-05-20 9:20 ` [PATCH 4.19 242/425] scsi: ibmvfc: Fix invalid state machine BUG_ON() Greg Kroah-Hartman
2021-05-20 9:20 ` [PATCH 4.19 243/425] mfd: stm32-timers: Avoid clearing auto reload register Greg Kroah-Hartman
2021-05-20 9:20 ` [PATCH 4.19 244/425] HSI: core: fix resource leaks in hsi_add_client_from_dt() Greg Kroah-Hartman
2021-05-20 9:20 ` [PATCH 4.19 245/425] x86/events/amd/iommu: Fix sysfs type mismatch Greg Kroah-Hartman
2021-05-20 9:20 ` [PATCH 4.19 246/425] sched/debug: Fix cgroup_path[] serialization Greg Kroah-Hartman
2021-05-20 9:20 ` [PATCH 4.19 247/425] drivers/block/null_blk/main: Fix a double free in null_init Greg Kroah-Hartman
2021-05-20 9:20 ` [PATCH 4.19 248/425] HID: plantronics: Workaround for double volume key presses Greg Kroah-Hartman
2021-05-20 9:20 ` [PATCH 4.19 249/425] perf symbols: Fix dso__fprintf_symbols_by_name() to return the number of printed chars Greg Kroah-Hartman
2021-05-20 9:20 ` [PATCH 4.19 250/425] net: lapbether: Prevent racing when checking whether the netif is running Greg Kroah-Hartman
2021-05-20 9:20 ` [PATCH 4.19 251/425] powerpc/prom: Mark identical_pvr_fixup as __init Greg Kroah-Hartman
2021-05-20 9:20 ` [PATCH 4.19 252/425] powerpc: Fix HAVE_HARDLOCKUP_DETECTOR_ARCH build configuration Greg Kroah-Hartman
2021-05-20 9:20 ` [PATCH 4.19 253/425] ALSA: core: remove redundant spin_lock pair in snd_card_disconnect Greg Kroah-Hartman
2021-05-20 9:20 ` [PATCH 4.19 254/425] bug: Remove redundant condition check in report_bug Greg Kroah-Hartman
2021-05-20 9:20 ` [PATCH 4.19 255/425] nfc: pn533: prevent potential memory corruption Greg Kroah-Hartman
2021-05-20 9:20 ` [PATCH 4.19 256/425] net: hns3: Limiting the scope of vector_ring_chain variable Greg Kroah-Hartman
2021-05-20 9:20 ` [PATCH 4.19 257/425] ALSA: usb-audio: Add error checks for usb_driver_claim_interface() calls Greg Kroah-Hartman
2021-05-20 9:20 ` [PATCH 4.19 258/425] liquidio: Fix unintented sign extension of a left shift of a u16 Greg Kroah-Hartman
2021-05-20 9:20 ` [PATCH 4.19 259/425] powerpc/64s: Fix pte update for kernel memory on radix Greg Kroah-Hartman
2021-05-20 9:20 ` [PATCH 4.19 260/425] powerpc/perf: Fix PMU constraint check for EBB events Greg Kroah-Hartman
2021-05-20 9:20 ` [PATCH 4.19 261/425] powerpc: iommu: fix build when neither PCI or IBMVIO is set Greg Kroah-Hartman
2021-05-20 9:20 ` [PATCH 4.19 262/425] mac80211: bail out if cipher schemes are invalid Greg Kroah-Hartman
2021-05-20 9:20 ` [PATCH 4.19 263/425] mt7601u: fix always true expression Greg Kroah-Hartman
2021-05-20 9:20 ` [PATCH 4.19 264/425] IB/hfi1: Fix error return code in parse_platform_config() Greg Kroah-Hartman
2021-05-20 9:20 ` [PATCH 4.19 265/425] net: thunderx: Fix unintentional sign extension issue Greg Kroah-Hartman
2021-05-20 9:20 ` [PATCH 4.19 266/425] RDMA/srpt: Fix error return code in srpt_cm_req_recv() Greg Kroah-Hartman
2021-05-20 9:20 ` [PATCH 4.19 267/425] i2c: cadence: add IRQ check Greg Kroah-Hartman
2021-05-20 9:20 ` [PATCH 4.19 268/425] i2c: emev2: " Greg Kroah-Hartman
2021-05-20 9:20 ` [PATCH 4.19 269/425] i2c: jz4780: " Greg Kroah-Hartman
2021-05-20 9:20 ` [PATCH 4.19 270/425] i2c: sh7760: " Greg Kroah-Hartman
2021-05-20 9:20 ` [PATCH 4.19 271/425] ASoC: ak5558: correct reset polarity Greg Kroah-Hartman
2021-05-20 9:20 ` [PATCH 4.19 272/425] drm/i915/gvt: Fix error code in intel_gvt_init_device() Greg Kroah-Hartman
2021-05-20 9:20 ` [PATCH 4.19 273/425] MIPS: pci-legacy: stop using of_pci_range_to_resource Greg Kroah-Hartman
2021-05-20 9:20 ` [PATCH 4.19 274/425] powerpc/pseries: extract host bridge from pci_bus prior to bus removal Greg Kroah-Hartman
2021-05-20 9:20 ` [PATCH 4.19 275/425] rtlwifi: 8821ae: upgrade PHY and RF parameters Greg Kroah-Hartman
2021-05-20 9:20 ` [PATCH 4.19 276/425] i2c: sh7760: fix IRQ error path Greg Kroah-Hartman
2021-05-20 9:20 ` [PATCH 4.19 277/425] mwl8k: Fix a double Free in mwl8k_probe_hw Greg Kroah-Hartman
2021-05-20 9:20 ` [PATCH 4.19 278/425] vsock/vmci: log once the failed queue pair allocation Greg Kroah-Hartman
2021-05-20 9:20 ` [PATCH 4.19 279/425] RDMA/i40iw: Fix error unwinding when i40iw_hmc_sd_one fails Greg Kroah-Hartman
2021-05-20 9:20 ` [PATCH 4.19 280/425] ALSA: usb: midi: dont return -ENOMEM when usb_urb_ep_type_check fails Greg Kroah-Hartman
2021-05-20 9:20 ` [PATCH 4.19 281/425] net: davinci_emac: Fix incorrect masking of tx and rx error channel Greg Kroah-Hartman
2021-05-20 9:20 ` [PATCH 4.19 282/425] ath9k: Fix error check in ath9k_hw_read_revisions() for PCI devices Greg Kroah-Hartman
2021-05-20 9:20 ` [PATCH 4.19 283/425] ath10k: Fix ath10k_wmi_tlv_op_pull_peer_stats_info() unlock without lock Greg Kroah-Hartman
2021-05-20 9:20 ` [PATCH 4.19 284/425] powerpc/52xx: Fix an invalid ASM expression (addi used instead of add) Greg Kroah-Hartman
2021-05-20 9:20 ` [PATCH 4.19 285/425] bnxt_en: fix ternary sign extension bug in bnxt_show_temp() Greg Kroah-Hartman
2021-05-20 9:20 ` [PATCH 4.19 286/425] ARM: dts: uniphier: Change phy-mode to RGMII-ID to enable delay pins for RTL8211E Greg Kroah-Hartman
2021-05-20 9:20 ` [PATCH 4.19 287/425] arm64: " Greg Kroah-Hartman
2021-05-20 9:20 ` [PATCH 4.19 288/425] net: geneve: modify IP header check in geneve6_xmit_skb and geneve_xmit_skb Greg Kroah-Hartman
2021-05-20 9:20 ` [PATCH 4.19 289/425] net:emac/emac-mac: Fix a use after free in emac_mac_tx_buf_send Greg Kroah-Hartman
2021-05-20 9:20 ` [PATCH 4.19 290/425] RDMA/bnxt_re: Fix a double free in bnxt_qplib_alloc_res Greg Kroah-Hartman
2021-05-20 9:21 ` [PATCH 4.19 291/425] net:nfc:digital: Fix a double free in digital_tg_recv_dep_req Greg Kroah-Hartman
2021-05-20 9:21 ` [PATCH 4.19 292/425] kfifo: fix ternary sign extension bugs Greg Kroah-Hartman
2021-05-20 9:21 ` [PATCH 4.19 293/425] mm/sparse: add the missing sparse_buffer_fini() in error branch Greg Kroah-Hartman
2021-05-20 9:21 ` [PATCH 4.19 294/425] mm/memory-failure: unnecessary amount of unmapping Greg Kroah-Hartman
2021-05-20 9:21 ` [PATCH 4.19 295/425] net: Only allow init netns to set default tcp cong to a restricted algo Greg Kroah-Hartman
2021-05-20 9:21 ` [PATCH 4.19 296/425] smp: Fix smp_call_function_single_async prototype Greg Kroah-Hartman
2021-05-20 9:21 ` [PATCH 4.19 297/425] Revert "net/sctp: fix race condition in sctp_destroy_sock" Greg Kroah-Hartman
2021-05-20 9:21 ` [PATCH 4.19 298/425] sctp: delay auto_asconf init until binding the first addr Greg Kroah-Hartman
2021-05-20 9:21 ` [PATCH 4.19 299/425] Revert "of/fdt: Make sure no-map does not remove already reserved regions" Greg Kroah-Hartman
2021-05-20 9:21 ` [PATCH 4.19 300/425] Revert "fdt: Properly handle "no-map" field in the memory region" Greg Kroah-Hartman
2021-05-20 9:21 ` [PATCH 4.19 301/425] tpm: fix error return code in tpm2_get_cc_attrs_tbl() Greg Kroah-Hartman
2021-05-20 9:21 ` [PATCH 4.19 302/425] fs: dlm: fix debugfs dump Greg Kroah-Hartman
2021-05-20 9:21 ` [PATCH 4.19 303/425] tipc: convert dest nodes address to network order Greg Kroah-Hartman
2021-05-20 9:21 ` [PATCH 4.19 304/425] ASoC: Intel: bytcr_rt5640: Enable jack-detect support on Asus T100TAF Greg Kroah-Hartman
2021-05-20 9:21 ` [PATCH 4.19 305/425] net: stmmac: Set FIFO sizes for ipq806x Greg Kroah-Hartman
2021-05-20 9:21 ` [PATCH 4.19 306/425] i2c: bail out early when RDWR parameters are wrong Greg Kroah-Hartman
2021-05-20 9:21 ` [PATCH 4.19 307/425] ALSA: hdsp: dont disable if not enabled Greg Kroah-Hartman
2021-05-20 9:21 ` [PATCH 4.19 308/425] ALSA: hdspm: " Greg Kroah-Hartman
2021-05-20 9:21 ` [PATCH 4.19 309/425] ALSA: rme9652: " Greg Kroah-Hartman
2021-05-20 9:21 ` [PATCH 4.19 310/425] Bluetooth: Set CONF_NOT_COMPLETE as l2cap_chan default Greg Kroah-Hartman
2021-05-20 9:21 ` [PATCH 4.19 311/425] Bluetooth: initialize skb_queue_head at l2cap_chan_create() Greg Kroah-Hartman
2021-05-20 9:21 ` [PATCH 4.19 312/425] net: bridge: when suppression is enabled exclude RARP packets Greg Kroah-Hartman
2021-05-20 9:21 ` [PATCH 4.19 313/425] Bluetooth: check for zapped sk before connecting Greg Kroah-Hartman
2021-05-20 9:21 ` [PATCH 4.19 314/425] ip6_vti: proper dev_{hold|put} in ndo_[un]init methods Greg Kroah-Hartman
2021-05-20 9:21 ` [PATCH 4.19 315/425] ASoC: Intel: bytcr_rt5640: Add quirk for the Chuwi Hi8 tablet Greg Kroah-Hartman
2021-05-20 9:21 ` [PATCH 4.19 316/425] i2c: Add I2C_AQ_NO_REP_START adapter quirk Greg Kroah-Hartman
2021-05-20 9:21 ` [PATCH 4.19 317/425] mac80211: clear the beacons CRC after channel switch Greg Kroah-Hartman
2021-05-20 9:21 ` [PATCH 4.19 318/425] pinctrl: samsung: use int for register masks in Exynos Greg Kroah-Hartman
2021-05-20 9:21 ` [PATCH 4.19 319/425] cuse: prevent clone Greg Kroah-Hartman
2021-05-20 9:21 ` [PATCH 4.19 320/425] selftests: Set CC to clang in lib.mk if LLVM is set Greg Kroah-Hartman
2021-05-20 9:21 ` [PATCH 4.19 321/425] kconfig: nconf: stop endless search loops Greg Kroah-Hartman
2021-05-20 9:21 ` [PATCH 4.19 322/425] sctp: Fix out-of-bounds warning in sctp_process_asconf_param() Greg Kroah-Hartman
2021-05-20 9:21 ` [PATCH 4.19 323/425] powerpc/smp: Set numa node before updating mask Greg Kroah-Hartman
2021-05-20 9:21 ` [PATCH 4.19 324/425] ASoC: rt286: Generalize support for ALC3263 codec Greg Kroah-Hartman
2021-05-20 9:21 ` [PATCH 4.19 325/425] ethtool: ioctl: Fix out-of-bounds warning in store_link_ksettings_for_user() Greg Kroah-Hartman
2021-05-20 9:21 ` [PATCH 4.19 326/425] samples/bpf: Fix broken tracex1 due to kprobe argument change Greg Kroah-Hartman
2021-05-20 9:21 ` [PATCH 4.19 327/425] powerpc/pseries: Stop calling printk in rtas_stop_self() Greg Kroah-Hartman
2021-05-20 9:21 ` [PATCH 4.19 328/425] wl3501_cs: Fix out-of-bounds warnings in wl3501_send_pkt Greg Kroah-Hartman
2021-05-20 9:21 ` [PATCH 4.19 329/425] wl3501_cs: Fix out-of-bounds warnings in wl3501_mgmt_join Greg Kroah-Hartman
2021-05-20 9:21 ` [PATCH 4.19 330/425] powerpc/iommu: Annotate nested lock for lockdep Greg Kroah-Hartman
2021-05-20 9:21 ` [PATCH 4.19 331/425] net: ethernet: mtk_eth_soc: fix RX VLAN offload Greg Kroah-Hartman
2021-05-20 9:21 ` [PATCH 4.19 332/425] ia64: module: fix symbolizer crash on fdescr Greg Kroah-Hartman
2021-05-20 9:21 ` [PATCH 4.19 333/425] ASoC: rt286: Make RT286_SET_GPIO_* readable and writable Greg Kroah-Hartman
2021-05-20 9:21 ` [PATCH 4.19 334/425] f2fs: fix a redundant call to f2fs_balance_fs if an error occurs Greg Kroah-Hartman
2021-05-20 9:21 ` [PATCH 4.19 335/425] PCI: iproc: Fix return value of iproc_msi_irq_domain_alloc() Greg Kroah-Hartman
2021-05-20 9:21 ` [PATCH 4.19 336/425] PCI: Release OF node in pci_scan_device()s error path Greg Kroah-Hartman
2021-05-20 9:21 ` [PATCH 4.19 337/425] ARM: 9064/1: hw_breakpoint: Do not directly check the events overflow_handler hook Greg Kroah-Hartman
2021-05-20 9:21 ` [PATCH 4.19 338/425] rpmsg: qcom_glink_native: fix error return code of qcom_glink_rx_data() Greg Kroah-Hartman
2021-05-20 9:21 ` [PATCH 4.19 339/425] NFSv4.2: Always flush out writes in nfs42_proc_fallocate() Greg Kroah-Hartman
2021-05-20 9:21 ` [PATCH 4.19 340/425] NFS: Deal correctly with attribute generation counter overflow Greg Kroah-Hartman
2021-05-20 9:21 ` [PATCH 4.19 341/425] PCI: endpoint: Fix missing destroy_workqueue() Greg Kroah-Hartman
2021-05-20 9:21 ` [PATCH 4.19 342/425] pNFS/flexfiles: fix incorrect size check in decode_nfs_fh() Greg Kroah-Hartman
2021-05-20 9:21 ` [PATCH 4.19 343/425] NFSv4.2 fix handling of sr_eof in SEEKs reply Greg Kroah-Hartman
2021-05-20 9:21 ` [PATCH 4.19 344/425] rtc: ds1307: Fix wday settings for rx8130 Greg Kroah-Hartman
2021-05-20 9:21 ` [PATCH 4.19 345/425] net: hns3: disable phy loopback setting in hclge_mac_start_phy Greg Kroah-Hartman
2021-05-20 9:21 ` [PATCH 4.19 346/425] sctp: do asoc update earlier in sctp_sf_do_dupcook_a Greg Kroah-Hartman
2021-05-20 9:21 ` [PATCH 4.19 347/425] ethernet:enic: Fix a use after free bug in enic_hard_start_xmit Greg Kroah-Hartman
2021-05-20 9:21 ` [PATCH 4.19 348/425] sctp: fix a SCTP_MIB_CURRESTAB leak in sctp_sf_do_dupcook_b Greg Kroah-Hartman
2021-05-20 9:21 ` [PATCH 4.19 349/425] netfilter: xt_SECMARK: add new revision to fix structure layout Greg Kroah-Hartman
2021-05-20 9:21 ` [PATCH 4.19 350/425] drm/radeon: Fix off-by-one power_state index heap overwrite Greg Kroah-Hartman
2021-05-20 9:22 ` [PATCH 4.19 351/425] drm/radeon: Avoid power table parsing memory leaks Greg Kroah-Hartman
2021-05-20 9:22 ` [PATCH 4.19 352/425] khugepaged: fix wrong result value for trace_mm_collapse_huge_page_isolate() Greg Kroah-Hartman
2021-05-20 9:22 ` [PATCH 4.19 353/425] mm/hugeltb: handle the error case in hugetlb_fix_reserve_counts() Greg Kroah-Hartman
2021-05-20 9:22 ` [PATCH 4.19 354/425] ksm: fix potential missing rmap_item for stable_node Greg Kroah-Hartman
2021-05-20 9:22 ` [PATCH 4.19 355/425] net: fix nla_strcmp to handle more then one trailing null character Greg Kroah-Hartman
2021-05-20 9:22 ` [PATCH 4.19 356/425] smc: disallow TCP_ULP in smc_setsockopt() Greg Kroah-Hartman
2021-05-20 9:22 ` [PATCH 4.19 357/425] netfilter: nfnetlink_osf: Fix a missing skb_header_pointer() NULL check Greg Kroah-Hartman
2021-05-20 9:22 ` [PATCH 4.19 358/425] sched/fair: Fix unfairness caused by missing load decay Greg Kroah-Hartman
2021-05-20 9:22 ` [PATCH 4.19 359/425] kernel: kexec_file: fix error return code of kexec_calculate_store_digests() Greg Kroah-Hartman
2021-05-20 9:22 ` [PATCH 4.19 360/425] netfilter: nftables: avoid overflows in nft_hash_buckets() Greg Kroah-Hartman
2021-05-20 9:22 ` [PATCH 4.19 361/425] i40e: Fix use-after-free in i40e_client_subtask() Greg Kroah-Hartman
2021-05-20 9:22 ` [PATCH 4.19 362/425] ARC: entry: fix off-by-one error in syscall number validation Greg Kroah-Hartman
2021-05-20 9:22 ` [PATCH 4.19 363/425] powerpc/64s: Fix crashes when toggling stf barrier Greg Kroah-Hartman
2021-05-20 9:22 ` [PATCH 4.19 364/425] powerpc/64s: Fix crashes when toggling entry flush barrier Greg Kroah-Hartman
2021-05-20 9:22 ` [PATCH 4.19 365/425] hfsplus: prevent corruption in shrinking truncate Greg Kroah-Hartman
2021-05-20 9:22 ` [PATCH 4.19 366/425] squashfs: fix divide error in calculate_skip() Greg Kroah-Hartman
2021-05-20 9:22 ` [PATCH 4.19 367/425] userfaultfd: release page in error path to avoid BUG_ON Greg Kroah-Hartman
2021-05-20 9:22 ` [PATCH 4.19 368/425] drm/radeon/dpm: Disable sclk switching on Oland when two 4K 60Hz monitors are connected Greg Kroah-Hartman
2021-05-20 9:22 ` [PATCH 4.19 369/425] iio: proximity: pulsedlight: Fix rumtime PM imbalance on error Greg Kroah-Hartman
2021-05-20 9:22 ` [PATCH 4.19 370/425] usb: fotg210-hcd: Fix an error message Greg Kroah-Hartman
2021-05-20 9:22 ` [PATCH 4.19 371/425] ACPI: scan: Fix a memory leak in an error handling path Greg Kroah-Hartman
2021-05-20 9:22 ` [PATCH 4.19 372/425] blk-mq: Swap two calls in blk_mq_exit_queue() Greg Kroah-Hartman
2021-05-20 9:22 ` [PATCH 4.19 373/425] usb: dwc3: omap: improve extcon initialization Greg Kroah-Hartman
2021-05-20 9:22 ` [PATCH 4.19 374/425] usb: dwc3: pci: Enable usb2-gadget-lpm-disable for Intel Merrifield Greg Kroah-Hartman
2021-05-20 9:22 ` [PATCH 4.19 375/425] usb: xhci: Increase timeout for HC halt Greg Kroah-Hartman
2021-05-20 9:22 ` [PATCH 4.19 376/425] usb: dwc2: Fix gadget DMA unmap direction Greg Kroah-Hartman
2021-05-20 9:22 ` [PATCH 4.19 377/425] usb: core: hub: fix race condition about TRSMRCY of resume Greg Kroah-Hartman
2021-05-20 9:22 ` [PATCH 4.19 378/425] usb: dwc3: gadget: Return success always for kick transfer in ep queue Greg Kroah-Hartman
2021-05-20 9:22 ` [PATCH 4.19 379/425] xhci: Do not use GFP_KERNEL in (potentially) atomic context Greg Kroah-Hartman
2021-05-20 9:22 ` [PATCH 4.19 380/425] xhci: Add reset resume quirk for AMD xhci controller Greg Kroah-Hartman
2021-05-20 9:22 ` [PATCH 4.19 381/425] iio: gyro: mpu3050: Fix reported temperature value Greg Kroah-Hartman
2021-05-20 9:22 ` [PATCH 4.19 382/425] iio: tsl2583: Fix division by a zero lux_val Greg Kroah-Hartman
2021-05-20 9:22 ` [PATCH 4.19 383/425] cdc-wdm: untangle a circular dependency between callback and softint Greg Kroah-Hartman
2021-05-20 9:22 ` [PATCH 4.19 384/425] KVM: x86: Cancel pvclock_gtod_work on module removal Greg Kroah-Hartman
2021-05-20 9:22 ` [PATCH 4.19 385/425] FDDI: defxx: Make MMIO the configuration default except for EISA Greg Kroah-Hartman
2021-05-20 9:22 ` [PATCH 4.19 386/425] MIPS: Reinstate platform `__div64_32 handler Greg Kroah-Hartman
2021-05-20 9:22 ` [PATCH 4.19 387/425] MIPS: Avoid DIVU in `__div64_32 is result would be zero Greg Kroah-Hartman
2021-05-20 9:22 ` [PATCH 4.19 388/425] MIPS: Avoid handcoded DIVU in `__div64_32 altogether Greg Kroah-Hartman
2021-05-20 9:22 ` [PATCH 4.19 389/425] thermal/core/fair share: Lock the thermal zone while looping over instances Greg Kroah-Hartman
2021-05-20 9:22 ` [PATCH 4.19 390/425] kobject_uevent: remove warning in init_uevent_argv() Greg Kroah-Hartman
2021-05-20 9:22 ` [PATCH 4.19 391/425] netfilter: conntrack: Make global sysctls readonly in non-init netns Greg Kroah-Hartman
2021-05-20 9:22 ` [PATCH 4.19 392/425] clk: exynos7: Mark aclk_fsys1_200 as critical Greg Kroah-Hartman
2021-05-20 9:22 ` [PATCH 4.19 393/425] nvme: do not try to reconfigure APST when the controller is not live Greg Kroah-Hartman
2021-05-20 9:22 ` [PATCH 4.19 394/425] x86/msr: Fix wr/rdmsr_safe_regs_on_cpu() prototypes Greg Kroah-Hartman
2021-05-20 9:22 ` [PATCH 4.19 395/425] kgdb: fix gcc-11 warning on indentation Greg Kroah-Hartman
2021-05-20 9:22 ` [PATCH 4.19 396/425] usb: sl811-hcd: improve misleading indentation Greg Kroah-Hartman
2021-05-20 9:22 ` [PATCH 4.19 397/425] cxgb4: Fix the -Wmisleading-indentation warning Greg Kroah-Hartman
2021-05-20 9:22 ` [PATCH 4.19 398/425] isdn: capi: fix mismatched prototypes Greg Kroah-Hartman
2021-05-20 9:22 ` [PATCH 4.19 399/425] pinctrl: ingenic: Improve unreachable code generation Greg Kroah-Hartman
2021-05-20 9:22 ` [PATCH 4.19 400/425] xsk: Simplify detection of empty and full rings Greg Kroah-Hartman
2021-05-20 9:22 ` [PATCH 4.19 401/425] ARM: 9058/1: cache-v7: refactor v7_invalidate_l1 to avoid clobbering r5/r6 Greg Kroah-Hartman
2021-05-20 9:22 ` [PATCH 4.19 402/425] PCI: thunder: Fix compile testing Greg Kroah-Hartman
2021-05-20 9:22 ` [PATCH 4.19 403/425] ARM: 9066/1: ftrace: pause/unpause function graph tracer in cpu_suspend() Greg Kroah-Hartman
2021-05-20 9:22 ` [PATCH 4.19 404/425] ACPI / hotplug / PCI: Fix reference count leak in enable_slot() Greg Kroah-Hartman
2021-05-20 9:22 ` [PATCH 4.19 405/425] Input: elants_i2c - do not bind to i2c-hid compatible ACPI instantiated devices Greg Kroah-Hartman
2021-05-20 9:22 ` [PATCH 4.19 406/425] Input: silead - add workaround for x86 BIOS-es which bring the chip up in a stuck state Greg Kroah-Hartman
2021-05-20 9:22 ` [PATCH 4.19 407/425] um: Mark all kernel symbols as local Greg Kroah-Hartman
2021-05-20 9:22 ` [PATCH 4.19 408/425] ARM: 9075/1: kernel: Fix interrupted SMC calls Greg Kroah-Hartman
2021-05-20 9:22 ` [PATCH 4.19 409/425] scripts/recordmcount.pl: Fix RISC-V regex for clang Greg Kroah-Hartman
2021-05-20 9:22 ` [PATCH 4.19 410/425] riscv: Workaround mcount name prior to clang-13 Greg Kroah-Hartman
2021-05-20 9:23 ` [PATCH 4.19 411/425] ceph: fix fscache invalidation Greg Kroah-Hartman
2021-05-20 9:23 ` [PATCH 4.19 412/425] scsi: target: tcmu: Return from tcmu_handle_completions() if cmd_id not found Greg Kroah-Hartman
2021-05-20 9:23 ` [PATCH 4.19 413/425] gpiolib: acpi: Add quirk to ignore EC wakeups on Dell Venue 10 Pro 5055 Greg Kroah-Hartman
2021-05-20 9:23 ` [PATCH 4.19 414/425] ALSA: hda: generic: change the DAC ctl name for LO+SPK or LO+HP Greg Kroah-Hartman
2021-05-20 9:23 ` [PATCH 4.19 415/425] block: reexpand iov_iter after read/write Greg Kroah-Hartman
2021-05-20 9:23 ` [PATCH 4.19 416/425] lib: stackdepot: turn depot_lock spinlock to raw_spinlock Greg Kroah-Hartman
2021-05-20 9:23 ` [PATCH 4.19 417/425] net: stmmac: Do not enable RX FIFO overflow interrupts Greg Kroah-Hartman
2021-05-20 9:23 ` [PATCH 4.19 418/425] ip6_gre: proper dev_{hold|put} in ndo_[un]init methods Greg Kroah-Hartman
2021-05-20 9:23 ` [PATCH 4.19 419/425] sit: " Greg Kroah-Hartman
2021-05-20 9:23 ` [PATCH 4.19 420/425] ip6_tunnel: " Greg Kroah-Hartman
2021-05-20 9:23 ` [PATCH 4.19 421/425] ipv6: remove extra dev_hold() for fallback tunnels Greg Kroah-Hartman
2021-05-20 9:23 ` [PATCH 4.19 422/425] iomap: fix sub-page uptodate handling Greg Kroah-Hartman
2021-05-20 9:23 ` [PATCH 4.19 423/425] KVM: arm64: Initialize VCPU mdcr_el2 before loading it Greg Kroah-Hartman
2021-05-20 9:23 ` [PATCH 4.19 424/425] tweewide: Fix most Shebang lines Greg Kroah-Hartman
2021-05-20 9:23 ` [PATCH 4.19 425/425] scripts: switch explicitly to Python 3 Greg Kroah-Hartman
2021-05-20 20:36 ` Pavel Machek
2021-05-21 4:36 ` Greg Kroah-Hartman
2021-05-21 4:37 ` Greg Kroah-Hartman
2021-06-23 20:25 ` Pavel Machek
2021-06-24 5:20 ` Greg Kroah-Hartman
2021-06-24 10:04 ` Andy Shevchenko
2021-05-20 11:25 ` [PATCH 4.19 000/425] 4.19.191-rc1 review Pavel Machek
2021-05-20 15:25 ` Jon Hunter
2021-05-20 21:45 ` Shuah Khan
2021-05-20 22:53 ` Guenter Roeck
2021-05-21 1:52 ` Samuel Zou
2021-05-21 5:46 ` Naresh Kamboju
2021-05-21 18:23 ` Sudip Mukherjee
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.