All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH 5.10 00/25] 5.10.92-rc1 review
@ 2022-01-14  8:16 Greg Kroah-Hartman
  2022-01-14  8:16 ` [PATCH 5.10 01/25] md: revert io stats accounting Greg Kroah-Hartman
                   ` (32 more replies)
  0 siblings, 33 replies; 41+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-14  8:16 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, torvalds, akpm, linux, shuah, patches,
	lkft-triage, pavel, jonathanh, f.fainelli, stable

This is the start of the stable review cycle for the 5.10.92 release.
There are 25 patches in this series, all will be posted as a response
to this one.  If anyone has any issues with these being applied, please
let me know.

Responses should be made by Sun, 16 Jan 2022 08:15:33 +0000.
Anything received after that time might be too late.

The whole patch series can be found in one patch at:
	https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.10.92-rc1.gz
or in the git tree and branch at:
	git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.10.y
and the diffstat can be found below.

thanks,

greg k-h

-------------
Pseudo-Shortlog of commits:

Greg Kroah-Hartman <gregkh@linuxfoundation.org>
    Linux 5.10.92-rc1

Arnd Bergmann <arnd@arndb.de>
    staging: greybus: fix stack size warning with UBSAN

Nathan Chancellor <nathan@kernel.org>
    drm/i915: Avoid bitwise vs logical OR warning in snb_wm_latency_quirk()

Nathan Chancellor <nathan@kernel.org>
    staging: wlan-ng: Avoid bitwise vs logical OR warning in hfa384x_usb_throttlefn()

Ricardo Ribalda <ribalda@chromium.org>
    media: Revert "media: uvcvideo: Set unique vdev name based in type"

Dominik Brodowski <linux@dominikbrodowski.net>
    random: fix crash on multiple early calls to add_bootloader_randomness()

Eric Biggers <ebiggers@google.com>
    random: fix data race on crng init time

Eric Biggers <ebiggers@google.com>
    random: fix data race on crng_node_pool

Brian Silverman <brian.silverman@bluerivertech.com>
    can: gs_usb: gs_can_start_xmit(): zero-initialize hf->{flags,reserved}

Marc Kleine-Budde <mkl@pengutronix.de>
    can: isotp: convert struct tpcon::{idx,len} to unsigned int

Marc Kleine-Budde <mkl@pengutronix.de>
    can: gs_usb: fix use of uninitialized variable, detach device on reception of invalid USB data

Andy Shevchenko <andriy.shevchenko@linux.intel.com>
    mfd: intel-lpss: Fix too early PM enablement in the ACPI ->probe()

Daniel Borkmann <daniel@iogearbox.net>
    veth: Do not record rx queue hint in veth_xmit

Adrian Hunter <adrian.hunter@intel.com>
    mmc: sdhci-pci: Add PCI ID for Intel ADL

Sven Eckelmann <sven@narfation.org>
    ath11k: Fix buffer overflow when scanning with extraie

Alan Stern <stern@rowland.harvard.edu>
    USB: Fix "slab-out-of-bounds Write" bug in usb_hcd_poll_rh_status

Alan Stern <stern@rowland.harvard.edu>
    USB: core: Fix bug in resuming hub's handling of wakeup requests

Paul Cercueil <paul@crapouillou.net>
    ARM: dts: exynos: Fix BCM4330 Bluetooth reset polarity in I9100

Johan Hovold <johan@kernel.org>
    Bluetooth: bfusb: fix division by zero in send path

Aaron Ma <aaron.ma@canonical.com>
    Bluetooth: btusb: Add support for Foxconn QCA 0xe0d0

Aaron Ma <aaron.ma@canonical.com>
    Bluetooth: btusb: Add support for Foxconn MT7922A

Zijun Hu <quic_zijuhu@quicinc.com>
    Bluetooth: btusb: Add two more Bluetooth parts for WCN6855

Mark-YW.Chen <mark-yw.chen@mediatek.com>
    Bluetooth: btusb: fix memory leak in btusb_mtk_submit_wmt_recv_urb()

Daniel Borkmann <daniel@iogearbox.net>
    bpf: Fix out of bounds access from invalid *_or_null type verification

Frederic Weisbecker <frederic@kernel.org>
    workqueue: Fix unbind_workers() VS wq_worker_running() race

Guoqing Jiang <jgq516@gmail.com>
    md: revert io stats accounting


-------------

Diffstat:

 Makefile                                 |   4 +-
 arch/arm/boot/dts/exynos4210-i9100.dts   |   2 +-
 drivers/bluetooth/bfusb.c                |   3 +
 drivers/bluetooth/btusb.c                |  22 ++++++
 drivers/char/random.c                    | 117 ++++++++++++++++++-------------
 drivers/gpu/drm/i915/intel_pm.c          |   6 +-
 drivers/md/md.c                          |  57 ++++-----------
 drivers/md/md.h                          |   1 -
 drivers/media/usb/uvc/uvc_driver.c       |   7 +-
 drivers/mfd/intel-lpss-acpi.c            |   7 +-
 drivers/mmc/host/sdhci-pci-core.c        |   1 +
 drivers/mmc/host/sdhci-pci.h             |   1 +
 drivers/net/can/usb/gs_usb.c             |   5 +-
 drivers/net/veth.c                       |   1 -
 drivers/net/wireless/ath/ath11k/wmi.c    |   6 +-
 drivers/staging/greybus/audio_topology.c |  92 ++++++++++++------------
 drivers/staging/wlan-ng/hfa384x_usb.c    |  22 +++---
 drivers/usb/core/hcd.c                   |   9 ++-
 drivers/usb/core/hub.c                   |   2 +-
 kernel/bpf/verifier.c                    |   6 +-
 kernel/workqueue.c                       |   9 +++
 net/can/isotp.c                          |   4 +-
 22 files changed, 207 insertions(+), 177 deletions(-)



^ permalink raw reply	[flat|nested] 41+ messages in thread

* [PATCH 5.10 01/25] md: revert io stats accounting
  2022-01-14  8:16 [PATCH 5.10 00/25] 5.10.92-rc1 review Greg Kroah-Hartman
@ 2022-01-14  8:16 ` Greg Kroah-Hartman
  2022-01-26 10:09   ` Jack Wang
  2022-01-14  8:16 ` [PATCH 5.10 02/25] workqueue: Fix unbind_workers() VS wq_worker_running() race Greg Kroah-Hartman
                   ` (31 subsequent siblings)
  32 siblings, 1 reply; 41+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-14  8:16 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Guoqing Jiang, Song Liu, Guillaume Morin

From: Guoqing Jiang <jgq516@gmail.com>

commit ad3fc798800fb7ca04c1dfc439dba946818048d8 upstream.

The commit 41d2d848e5c0 ("md: improve io stats accounting") could cause
double fault problem per the report [1], and also it is not correct to
change ->bi_end_io if md don't own it, so let's revert it.

And io stats accounting will be replemented in later commits.

[1]. https://lore.kernel.org/linux-raid/3bf04253-3fad-434a-63a7-20214e38cf26@gmail.com/T/#t

Fixes: 41d2d848e5c0 ("md: improve io stats accounting")
Signed-off-by: Guoqing Jiang <jiangguoqing@kylinos.cn>
Signed-off-by: Song Liu <song@kernel.org>
[GM: backport to 5.10-stable]
Signed-off-by: Guillaume Morin <guillaume@morinfr.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 drivers/md/md.c |   57 +++++++++++---------------------------------------------
 drivers/md/md.h |    1 
 2 files changed, 12 insertions(+), 46 deletions(-)

--- a/drivers/md/md.c
+++ b/drivers/md/md.c
@@ -459,34 +459,12 @@ check_suspended:
 }
 EXPORT_SYMBOL(md_handle_request);
 
-struct md_io {
-	struct mddev *mddev;
-	bio_end_io_t *orig_bi_end_io;
-	void *orig_bi_private;
-	unsigned long start_time;
-	struct hd_struct *part;
-};
-
-static void md_end_io(struct bio *bio)
-{
-	struct md_io *md_io = bio->bi_private;
-	struct mddev *mddev = md_io->mddev;
-
-	part_end_io_acct(md_io->part, bio, md_io->start_time);
-
-	bio->bi_end_io = md_io->orig_bi_end_io;
-	bio->bi_private = md_io->orig_bi_private;
-
-	mempool_free(md_io, &mddev->md_io_pool);
-
-	if (bio->bi_end_io)
-		bio->bi_end_io(bio);
-}
-
 static blk_qc_t md_submit_bio(struct bio *bio)
 {
 	const int rw = bio_data_dir(bio);
+	const int sgrp = op_stat_group(bio_op(bio));
 	struct mddev *mddev = bio->bi_disk->private_data;
+	unsigned int sectors;
 
 	if (mddev == NULL || mddev->pers == NULL) {
 		bio_io_error(bio);
@@ -507,26 +485,21 @@ static blk_qc_t md_submit_bio(struct bio
 		return BLK_QC_T_NONE;
 	}
 
-	if (bio->bi_end_io != md_end_io) {
-		struct md_io *md_io;
-
-		md_io = mempool_alloc(&mddev->md_io_pool, GFP_NOIO);
-		md_io->mddev = mddev;
-		md_io->orig_bi_end_io = bio->bi_end_io;
-		md_io->orig_bi_private = bio->bi_private;
-
-		bio->bi_end_io = md_end_io;
-		bio->bi_private = md_io;
-
-		md_io->start_time = part_start_io_acct(mddev->gendisk,
-						       &md_io->part, bio);
-	}
-
+	/*
+	 * save the sectors now since our bio can
+	 * go away inside make_request
+	 */
+	sectors = bio_sectors(bio);
 	/* bio could be mergeable after passing to underlayer */
 	bio->bi_opf &= ~REQ_NOMERGE;
 
 	md_handle_request(mddev, bio);
 
+	part_stat_lock();
+	part_stat_inc(&mddev->gendisk->part0, ios[sgrp]);
+	part_stat_add(&mddev->gendisk->part0, sectors[sgrp], sectors);
+	part_stat_unlock();
+
 	return BLK_QC_T_NONE;
 }
 
@@ -5636,7 +5609,6 @@ static void md_free(struct kobject *ko)
 
 	bioset_exit(&mddev->bio_set);
 	bioset_exit(&mddev->sync_set);
-	mempool_exit(&mddev->md_io_pool);
 	kfree(mddev);
 }
 
@@ -5732,11 +5704,6 @@ static int md_alloc(dev_t dev, char *nam
 		 */
 		mddev->hold_active = UNTIL_STOP;
 
-	error = mempool_init_kmalloc_pool(&mddev->md_io_pool, BIO_POOL_SIZE,
-					  sizeof(struct md_io));
-	if (error)
-		goto abort;
-
 	error = -ENOMEM;
 	mddev->queue = blk_alloc_queue(NUMA_NO_NODE);
 	if (!mddev->queue)
--- a/drivers/md/md.h
+++ b/drivers/md/md.h
@@ -487,7 +487,6 @@ struct mddev {
 	struct bio_set			sync_set; /* for sync operations like
 						   * metadata and bitmap writes
 						   */
-	mempool_t			md_io_pool;
 
 	/* Generic flush handling.
 	 * The last to finish preflush schedules a worker to submit



^ permalink raw reply	[flat|nested] 41+ messages in thread

* [PATCH 5.10 02/25] workqueue: Fix unbind_workers() VS wq_worker_running() race
  2022-01-14  8:16 [PATCH 5.10 00/25] 5.10.92-rc1 review Greg Kroah-Hartman
  2022-01-14  8:16 ` [PATCH 5.10 01/25] md: revert io stats accounting Greg Kroah-Hartman
@ 2022-01-14  8:16 ` Greg Kroah-Hartman
  2022-01-14  8:16 ` [PATCH 5.10 03/25] bpf: Fix out of bounds access from invalid *_or_null type verification Greg Kroah-Hartman
                   ` (30 subsequent siblings)
  32 siblings, 0 replies; 41+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-14  8:16 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Lai Jiangshan, Paul E. McKenney,
	Peter Zijlstra (Intel),
	Frederic Weisbecker, Thomas Gleixner, Ingo Molnar,
	Sebastian Andrzej Siewior, Daniel Bristot de Oliveira, Tejun Heo

From: Frederic Weisbecker <frederic@kernel.org>

commit 07edfece8bcb0580a1828d939e6f8d91a8603eb2 upstream.

At CPU-hotplug time, unbind_worker() may preempt a worker while it is
waking up. In that case the following scenario can happen:

        unbind_workers()                     wq_worker_running()
        --------------                      -------------------
        	                      if (!(worker->flags & WORKER_NOT_RUNNING))
        	                          //PREEMPTED by unbind_workers
        worker->flags |= WORKER_UNBOUND;
        [...]
        atomic_set(&pool->nr_running, 0);
        //resume to worker
		                              atomic_inc(&worker->pool->nr_running);

After unbind_worker() resets pool->nr_running, the value is expected to
remain 0 until the pool ever gets rebound in case cpu_up() is called on
the target CPU in the future. But here the race leaves pool->nr_running
with a value of 1, triggering the following warning when the worker goes
idle:

	WARNING: CPU: 3 PID: 34 at kernel/workqueue.c:1823 worker_enter_idle+0x95/0xc0
	Modules linked in:
	CPU: 3 PID: 34 Comm: kworker/3:0 Not tainted 5.16.0-rc1+ #34
	Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba527-rebuilt.opensuse.org 04/01/2014
	Workqueue:  0x0 (rcu_par_gp)
	RIP: 0010:worker_enter_idle+0x95/0xc0
	Code: 04 85 f8 ff ff ff 39 c1 7f 09 48 8b 43 50 48 85 c0 74 1b 83 e2 04 75 99 8b 43 34 39 43 30 75 91 8b 83 00 03 00 00 85 c0 74 87 <0f> 0b 5b c3 48 8b 35 70 f1 37 01 48 8d 7b 48 48 81 c6 e0 93  0
	RSP: 0000:ffff9b7680277ed0 EFLAGS: 00010086
	RAX: 00000000ffffffff RBX: ffff93465eae9c00 RCX: 0000000000000000
	RDX: 0000000000000000 RSI: ffff9346418a0000 RDI: ffff934641057140
	RBP: ffff934641057170 R08: 0000000000000001 R09: ffff9346418a0080
	R10: ffff9b768027fdf0 R11: 0000000000002400 R12: ffff93465eae9c20
	R13: ffff93465eae9c20 R14: ffff93465eae9c70 R15: ffff934641057140
	FS:  0000000000000000(0000) GS:ffff93465eac0000(0000) knlGS:0000000000000000
	CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
	CR2: 0000000000000000 CR3: 000000001cc0c000 CR4: 00000000000006e0
	DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
	DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
	Call Trace:
	  <TASK>
	  worker_thread+0x89/0x3d0
	  ? process_one_work+0x400/0x400
	  kthread+0x162/0x190
	  ? set_kthread_struct+0x40/0x40
	  ret_from_fork+0x22/0x30
	  </TASK>

Also due to this incorrect "nr_running == 1", further queued work may
end up not being served, because no worker is awaken at work insert time.
This raises rcutorture writer stalls for example.

Fix this with disabling preemption in the right place in
wq_worker_running().

It's worth noting that if the worker migrates and runs concurrently with
unbind_workers(), it is guaranteed to see the WORKER_UNBOUND flag update
due to set_cpus_allowed_ptr() acquiring/releasing rq->lock.

Fixes: 6d25be5782e4 ("sched/core, workqueues: Distangle worker accounting from rq lock")
Reviewed-by: Lai Jiangshan <jiangshanlai@gmail.com>
Tested-by: Paul E. McKenney <paulmck@kernel.org>
Acked-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Signed-off-by: Frederic Weisbecker <frederic@kernel.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
Cc: Daniel Bristot de Oliveira <bristot@redhat.com>
Signed-off-by: Tejun Heo <tj@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 kernel/workqueue.c |    9 +++++++++
 1 file changed, 9 insertions(+)

--- a/kernel/workqueue.c
+++ b/kernel/workqueue.c
@@ -850,8 +850,17 @@ void wq_worker_running(struct task_struc
 
 	if (!worker->sleeping)
 		return;
+
+	/*
+	 * If preempted by unbind_workers() between the WORKER_NOT_RUNNING check
+	 * and the nr_running increment below, we may ruin the nr_running reset
+	 * and leave with an unexpected pool->nr_running == 1 on the newly unbound
+	 * pool. Protect against such race.
+	 */
+	preempt_disable();
 	if (!(worker->flags & WORKER_NOT_RUNNING))
 		atomic_inc(&worker->pool->nr_running);
+	preempt_enable();
 	worker->sleeping = 0;
 }
 



^ permalink raw reply	[flat|nested] 41+ messages in thread

* [PATCH 5.10 03/25] bpf: Fix out of bounds access from invalid *_or_null type verification
  2022-01-14  8:16 [PATCH 5.10 00/25] 5.10.92-rc1 review Greg Kroah-Hartman
  2022-01-14  8:16 ` [PATCH 5.10 01/25] md: revert io stats accounting Greg Kroah-Hartman
  2022-01-14  8:16 ` [PATCH 5.10 02/25] workqueue: Fix unbind_workers() VS wq_worker_running() race Greg Kroah-Hartman
@ 2022-01-14  8:16 ` Greg Kroah-Hartman
  2022-01-14  8:16 ` [PATCH 5.10 04/25] Bluetooth: btusb: fix memory leak in btusb_mtk_submit_wmt_recv_urb() Greg Kroah-Hartman
                   ` (29 subsequent siblings)
  32 siblings, 0 replies; 41+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-14  8:16 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Daniel Borkmann

From: Daniel Borkmann <daniel@iogearbox.net>

[ no upstream commit given implicitly fixed through the larger refactoring
  in c25b2ae136039ffa820c26138ed4a5e5f3ab3841 ]

While auditing some other code, I noticed missing checks inside the pointer
arithmetic simulation, more specifically, adjust_ptr_min_max_vals(). Several
*_OR_NULL types are not rejected whereas they are _required_ to be rejected
given the expectation is that they get promoted into a 'real' pointer type
for the success case, that is, after an explicit != NULL check.

One case which stands out and is accessible from unprivileged (iff enabled
given disabled by default) is BPF ring buffer. From crafting a PoC, the NULL
check can be bypassed through an offset, and its id marking will then lead
to promotion of mem_or_null to a mem type.

bpf_ringbuf_reserve() helper can trigger this case through passing of reserved
flags, for example.

  func#0 @0
  0: R1=ctx(id=0,off=0,imm=0) R10=fp0
  0: (7a) *(u64 *)(r10 -8) = 0
  1: R1=ctx(id=0,off=0,imm=0) R10=fp0 fp-8_w=mmmmmmmm
  1: (18) r1 = 0x0
  3: R1_w=map_ptr(id=0,off=0,ks=0,vs=0,imm=0) R10=fp0 fp-8_w=mmmmmmmm
  3: (b7) r2 = 8
  4: R1_w=map_ptr(id=0,off=0,ks=0,vs=0,imm=0) R2_w=invP8 R10=fp0 fp-8_w=mmmmmmmm
  4: (b7) r3 = 0
  5: R1_w=map_ptr(id=0,off=0,ks=0,vs=0,imm=0) R2_w=invP8 R3_w=invP0 R10=fp0 fp-8_w=mmmmmmmm
  5: (85) call bpf_ringbuf_reserve#131
  6: R0_w=mem_or_null(id=2,ref_obj_id=2,off=0,imm=0) R10=fp0 fp-8_w=mmmmmmmm refs=2
  6: (bf) r6 = r0
  7: R0_w=mem_or_null(id=2,ref_obj_id=2,off=0,imm=0) R6_w=mem_or_null(id=2,ref_obj_id=2,off=0,imm=0) R10=fp0 fp-8_w=mmmmmmmm refs=2
  7: (07) r0 += 1
  8: R0_w=mem_or_null(id=2,ref_obj_id=2,off=1,imm=0) R6_w=mem_or_null(id=2,ref_obj_id=2,off=0,imm=0) R10=fp0 fp-8_w=mmmmmmmm refs=2
  8: (15) if r0 == 0x0 goto pc+4
   R0_w=mem(id=0,ref_obj_id=0,off=0,imm=0) R6_w=mem(id=0,ref_obj_id=2,off=0,imm=0) R10=fp0 fp-8_w=mmmmmmmm refs=2
  9: R0_w=mem(id=0,ref_obj_id=0,off=0,imm=0) R6_w=mem(id=0,ref_obj_id=2,off=0,imm=0) R10=fp0 fp-8_w=mmmmmmmm refs=2
  9: (62) *(u32 *)(r6 +0) = 0
   R0_w=mem(id=0,ref_obj_id=0,off=0,imm=0) R6_w=mem(id=0,ref_obj_id=2,off=0,imm=0) R10=fp0 fp-8_w=mmmmmmmm refs=2
  10: R0_w=mem(id=0,ref_obj_id=0,off=0,imm=0) R6_w=mem(id=0,ref_obj_id=2,off=0,imm=0) R10=fp0 fp-8_w=mmmmmmmm refs=2
  10: (bf) r1 = r6
  11: R0_w=mem(id=0,ref_obj_id=0,off=0,imm=0) R1_w=mem(id=0,ref_obj_id=2,off=0,imm=0) R6_w=mem(id=0,ref_obj_id=2,off=0,imm=0) R10=fp0 fp-8_w=mmmmmmmm refs=2
  11: (b7) r2 = 0
  12: R0_w=mem(id=0,ref_obj_id=0,off=0,imm=0) R1_w=mem(id=0,ref_obj_id=2,off=0,imm=0) R2_w=invP0 R6_w=mem(id=0,ref_obj_id=2,off=0,imm=0) R10=fp0 fp-8_w=mmmmmmmm refs=2
  12: (85) call bpf_ringbuf_submit#132
  13: R6=invP(id=0) R10=fp0 fp-8=mmmmmmmm
  13: (b7) r0 = 0
  14: R0_w=invP0 R6=invP(id=0) R10=fp0 fp-8=mmmmmmmm
  14: (95) exit

  from 8 to 13: safe
  processed 15 insns (limit 1000000) max_states_per_insn 0 total_states 1 peak_states 1 mark_read 0
  OK

All three commits, that is b121b341e598 ("bpf: Add PTR_TO_BTF_ID_OR_NULL support"),
457f44363a88 ("bpf: Implement BPF ring buffer and verifier support for it"), and the
afbf21dce668 ("bpf: Support readonly/readwrite buffers in verifier") suffer the same
cause and their *_OR_NULL type pendants must be rejected in adjust_ptr_min_max_vals().

Make the test more robust by reusing reg_type_may_be_null() helper such that we catch
all *_OR_NULL types we have today and in future.

Note that pointer arithmetic on PTR_TO_BTF_ID, PTR_TO_RDONLY_BUF, and PTR_TO_RDWR_BUF
is generally allowed.

Fixes: b121b341e598 ("bpf: Add PTR_TO_BTF_ID_OR_NULL support")
Fixes: 457f44363a88 ("bpf: Implement BPF ring buffer and verifier support for it")
Fixes: afbf21dce668 ("bpf: Support readonly/readwrite buffers in verifier")
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 kernel/bpf/verifier.c |    6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

--- a/kernel/bpf/verifier.c
+++ b/kernel/bpf/verifier.c
@@ -6037,16 +6037,16 @@ static int adjust_ptr_min_max_vals(struc
 		fallthrough;
 	case PTR_TO_PACKET_END:
 	case PTR_TO_SOCKET:
-	case PTR_TO_SOCKET_OR_NULL:
 	case PTR_TO_SOCK_COMMON:
-	case PTR_TO_SOCK_COMMON_OR_NULL:
 	case PTR_TO_TCP_SOCK:
-	case PTR_TO_TCP_SOCK_OR_NULL:
 	case PTR_TO_XDP_SOCK:
+reject:
 		verbose(env, "R%d pointer arithmetic on %s prohibited\n",
 			dst, reg_type_str[ptr_reg->type]);
 		return -EACCES;
 	default:
+		if (reg_type_may_be_null(ptr_reg->type))
+			goto reject;
 		break;
 	}
 



^ permalink raw reply	[flat|nested] 41+ messages in thread

* [PATCH 5.10 04/25] Bluetooth: btusb: fix memory leak in btusb_mtk_submit_wmt_recv_urb()
  2022-01-14  8:16 [PATCH 5.10 00/25] 5.10.92-rc1 review Greg Kroah-Hartman
                   ` (2 preceding siblings ...)
  2022-01-14  8:16 ` [PATCH 5.10 03/25] bpf: Fix out of bounds access from invalid *_or_null type verification Greg Kroah-Hartman
@ 2022-01-14  8:16 ` Greg Kroah-Hartman
  2022-01-14  8:16 ` [PATCH 5.10 05/25] Bluetooth: btusb: Add two more Bluetooth parts for WCN6855 Greg Kroah-Hartman
                   ` (28 subsequent siblings)
  32 siblings, 0 replies; 41+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-14  8:16 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Mark-YW.Chen, Marcel Holtmann

From: Mark-YW.Chen <mark-yw.chen@mediatek.com>

commit 60c6a63a3d3080a62f3e0e20084f58dbeff16748 upstream.

Driver should free `usb->setup_packet` to avoid the leak.

$ cat /sys/kernel/debug/kmemleak
unreferenced object 0xffffffa564a58080 (size 128):
    backtrace:
        [<000000007eb8dd70>] kmem_cache_alloc_trace+0x22c/0x384
        [<000000008a44191d>] btusb_mtk_hci_wmt_sync+0x1ec/0x994
    [btusb]
        [<00000000ca7189a3>] btusb_mtk_setup+0x6b8/0x13cc
    [btusb]
        [<00000000c6105069>] hci_dev_do_open+0x290/0x974
    [bluetooth]
        [<00000000a583f8b8>] hci_power_on+0xdc/0x3cc [bluetooth]
        [<000000005d80e687>] process_one_work+0x514/0xc80
        [<00000000f4d57637>] worker_thread+0x818/0xd0c
        [<00000000dc7bdb55>] kthread+0x2f8/0x3b8
        [<00000000f9999513>] ret_from_fork+0x10/0x30

Fixes: a1c49c434e150 ("Bluetooth: btusb: Add protocol support for MediaTek MT7668U USB devices")
Signed-off-by: Mark-YW.Chen <mark-yw.chen@mediatek.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 drivers/bluetooth/btusb.c |    5 +++++
 1 file changed, 5 insertions(+)

--- a/drivers/bluetooth/btusb.c
+++ b/drivers/bluetooth/btusb.c
@@ -2845,6 +2845,7 @@ static void btusb_mtk_wmt_recv(struct ur
 		skb = bt_skb_alloc(HCI_WMT_MAX_EVENT_SIZE, GFP_ATOMIC);
 		if (!skb) {
 			hdev->stat.err_rx++;
+			kfree(urb->setup_packet);
 			return;
 		}
 
@@ -2865,6 +2866,7 @@ static void btusb_mtk_wmt_recv(struct ur
 			data->evt_skb = skb_clone(skb, GFP_ATOMIC);
 			if (!data->evt_skb) {
 				kfree_skb(skb);
+				kfree(urb->setup_packet);
 				return;
 			}
 		}
@@ -2873,6 +2875,7 @@ static void btusb_mtk_wmt_recv(struct ur
 		if (err < 0) {
 			kfree_skb(data->evt_skb);
 			data->evt_skb = NULL;
+			kfree(urb->setup_packet);
 			return;
 		}
 
@@ -2883,6 +2886,7 @@ static void btusb_mtk_wmt_recv(struct ur
 			wake_up_bit(&data->flags,
 				    BTUSB_TX_WAIT_VND_EVT);
 		}
+		kfree(urb->setup_packet);
 		return;
 	} else if (urb->status == -ENOENT) {
 		/* Avoid suspend failed when usb_kill_urb */
@@ -2903,6 +2907,7 @@ static void btusb_mtk_wmt_recv(struct ur
 	usb_anchor_urb(urb, &data->ctrl_anchor);
 	err = usb_submit_urb(urb, GFP_ATOMIC);
 	if (err < 0) {
+		kfree(urb->setup_packet);
 		/* -EPERM: urb is being killed;
 		 * -ENODEV: device got disconnected
 		 */



^ permalink raw reply	[flat|nested] 41+ messages in thread

* [PATCH 5.10 05/25] Bluetooth: btusb: Add two more Bluetooth parts for WCN6855
  2022-01-14  8:16 [PATCH 5.10 00/25] 5.10.92-rc1 review Greg Kroah-Hartman
                   ` (3 preceding siblings ...)
  2022-01-14  8:16 ` [PATCH 5.10 04/25] Bluetooth: btusb: fix memory leak in btusb_mtk_submit_wmt_recv_urb() Greg Kroah-Hartman
@ 2022-01-14  8:16 ` Greg Kroah-Hartman
  2022-01-14  8:16 ` [PATCH 5.10 06/25] Bluetooth: btusb: Add support for Foxconn MT7922A Greg Kroah-Hartman
                   ` (27 subsequent siblings)
  32 siblings, 0 replies; 41+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-14  8:16 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Zijun Hu, Marcel Holtmann,
	Luiz Augusto von Dentz

From: Zijun Hu <quic_zijuhu@quicinc.com>

commit d2666be51d5f09662929888dd84d1f4d38c97127 upstream.

Add USB IDs (0x10ab, 0x9309) and (0x10ab, 0x9409) to
usb_device_id table for WCN6855.

* /sys/kernel/debug/usb/devices
T:  Bus=02 Lev=01 Prnt=01 Port=00 Cnt=01 Dev#= 10 Spd=12   MxCh= 0
D:  Ver= 1.10 Cls=e0(wlcon) Sub=01 Prot=01 MxPS=64 #Cfgs=  1
P:  Vendor=10ab ProdID=9309 Rev= 0.01
C:* #Ifs= 2 Cfg#= 1 Atr=e0 MxPwr=100mA
I:* If#= 0 Alt= 0 #EPs= 3 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
E:  Ad=81(I) Atr=03(Int.) MxPS=  16 Ivl=1ms
E:  Ad=82(I) Atr=02(Bulk) MxPS=  64 Ivl=0ms
E:  Ad=02(O) Atr=02(Bulk) MxPS=  64 Ivl=0ms
I:* If#= 1 Alt= 0 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
E:  Ad=83(I) Atr=01(Isoc) MxPS=   0 Ivl=1ms
E:  Ad=03(O) Atr=01(Isoc) MxPS=   0 Ivl=1ms
I:  If#= 1 Alt= 1 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
E:  Ad=83(I) Atr=01(Isoc) MxPS=   9 Ivl=1ms
E:  Ad=03(O) Atr=01(Isoc) MxPS=   9 Ivl=1ms
I:  If#= 1 Alt= 2 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
E:  Ad=83(I) Atr=01(Isoc) MxPS=  17 Ivl=1ms
E:  Ad=03(O) Atr=01(Isoc) MxPS=  17 Ivl=1ms
I:  If#= 1 Alt= 3 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
E:  Ad=83(I) Atr=01(Isoc) MxPS=  25 Ivl=1ms
E:  Ad=03(O) Atr=01(Isoc) MxPS=  25 Ivl=1ms
I:  If#= 1 Alt= 4 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
E:  Ad=83(I) Atr=01(Isoc) MxPS=  33 Ivl=1ms
E:  Ad=03(O) Atr=01(Isoc) MxPS=  33 Ivl=1ms
I:  If#= 1 Alt= 5 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
E:  Ad=83(I) Atr=01(Isoc) MxPS=  49 Ivl=1ms
E:  Ad=03(O) Atr=01(Isoc) MxPS=  49 Ivl=1ms
I:  If#= 1 Alt= 6 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
E:  Ad=83(I) Atr=01(Isoc) MxPS=  63 Ivl=1ms
E:  Ad=03(O) Atr=01(Isoc) MxPS=  63 Ivl=1ms
I:  If#= 1 Alt= 7 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
E:  Ad=83(I) Atr=01(Isoc) MxPS=  65 Ivl=1ms
E:  Ad=03(O) Atr=01(Isoc) MxPS=  65 Ivl=1ms

T:  Bus=02 Lev=01 Prnt=01 Port=00 Cnt=01 Dev#= 11 Spd=12   MxCh= 0
D:  Ver= 1.10 Cls=e0(wlcon) Sub=01 Prot=01 MxPS=64 #Cfgs=  1
P:  Vendor=10ab ProdID=9409 Rev= 0.01
C:* #Ifs= 2 Cfg#= 1 Atr=e0 MxPwr=100mA
I:* If#= 0 Alt= 0 #EPs= 3 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
E:  Ad=81(I) Atr=03(Int.) MxPS=  16 Ivl=1ms
E:  Ad=82(I) Atr=02(Bulk) MxPS=  64 Ivl=0ms
E:  Ad=02(O) Atr=02(Bulk) MxPS=  64 Ivl=0ms
I:* If#= 1 Alt= 0 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
E:  Ad=83(I) Atr=01(Isoc) MxPS=   0 Ivl=1ms
E:  Ad=03(O) Atr=01(Isoc) MxPS=   0 Ivl=1ms
I:  If#= 1 Alt= 1 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
E:  Ad=83(I) Atr=01(Isoc) MxPS=   9 Ivl=1ms
E:  Ad=03(O) Atr=01(Isoc) MxPS=   9 Ivl=1ms
I:  If#= 1 Alt= 2 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
E:  Ad=83(I) Atr=01(Isoc) MxPS=  17 Ivl=1ms
E:  Ad=03(O) Atr=01(Isoc) MxPS=  17 Ivl=1ms
I:  If#= 1 Alt= 3 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
E:  Ad=83(I) Atr=01(Isoc) MxPS=  25 Ivl=1ms
E:  Ad=03(O) Atr=01(Isoc) MxPS=  25 Ivl=1ms
I:  If#= 1 Alt= 4 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
E:  Ad=83(I) Atr=01(Isoc) MxPS=  33 Ivl=1ms
E:  Ad=03(O) Atr=01(Isoc) MxPS=  33 Ivl=1ms
I:  If#= 1 Alt= 5 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
E:  Ad=83(I) Atr=01(Isoc) MxPS=  49 Ivl=1ms
E:  Ad=03(O) Atr=01(Isoc) MxPS=  49 Ivl=1ms
I:  If#= 1 Alt= 6 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
E:  Ad=83(I) Atr=01(Isoc) MxPS=  63 Ivl=1ms
E:  Ad=03(O) Atr=01(Isoc) MxPS=  63 Ivl=1ms
I:  If#= 1 Alt= 7 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
E:  Ad=83(I) Atr=01(Isoc) MxPS=  65 Ivl=1ms
E:  Ad=03(O) Atr=01(Isoc) MxPS=  65 Ivl=1ms

Signed-off-by: Zijun Hu <quic_zijuhu@quicinc.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 drivers/bluetooth/btusb.c |    6 ++++++
 1 file changed, 6 insertions(+)

--- a/drivers/bluetooth/btusb.c
+++ b/drivers/bluetooth/btusb.c
@@ -379,6 +379,12 @@ static const struct usb_device_id blackl
 	{ USB_DEVICE(0x8087, 0x0aaa), .driver_info = BTUSB_INTEL_NEW |
 						     BTUSB_WIDEBAND_SPEECH |
 						     BTUSB_VALID_LE_STATES },
+	{ USB_DEVICE(0x10ab, 0x9309), .driver_info = BTUSB_QCA_WCN6855 |
+						     BTUSB_WIDEBAND_SPEECH |
+						     BTUSB_VALID_LE_STATES },
+	{ USB_DEVICE(0x10ab, 0x9409), .driver_info = BTUSB_QCA_WCN6855 |
+						     BTUSB_WIDEBAND_SPEECH |
+						     BTUSB_VALID_LE_STATES },
 
 	/* Other Intel Bluetooth devices */
 	{ USB_VENDOR_AND_INTERFACE_INFO(0x8087, 0xe0, 0x01, 0x01),



^ permalink raw reply	[flat|nested] 41+ messages in thread

* [PATCH 5.10 06/25] Bluetooth: btusb: Add support for Foxconn MT7922A
  2022-01-14  8:16 [PATCH 5.10 00/25] 5.10.92-rc1 review Greg Kroah-Hartman
                   ` (4 preceding siblings ...)
  2022-01-14  8:16 ` [PATCH 5.10 05/25] Bluetooth: btusb: Add two more Bluetooth parts for WCN6855 Greg Kroah-Hartman
@ 2022-01-14  8:16 ` Greg Kroah-Hartman
  2022-01-14  8:16 ` [PATCH 5.10 07/25] Bluetooth: btusb: Add support for Foxconn QCA 0xe0d0 Greg Kroah-Hartman
                   ` (26 subsequent siblings)
  32 siblings, 0 replies; 41+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-14  8:16 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Aaron Ma, Marcel Holtmann

From: Aaron Ma <aaron.ma@canonical.com>

commit 6932627425d6d3849aecd43c02158a5312895ad4 upstream.

Add 2 USB IDs for MT7922A chip.
These 2 devices got the same description.

T:  Bus=01 Lev=01 Prnt=01 Port=02 Cnt=01 Dev#=  2 Spd=480  MxCh= 0
D:  Ver= 2.10 Cls=ef(misc ) Sub=02 Prot=01 MxPS=64 #Cfgs=  1
P:  Vendor=0489 ProdID=e0d8 Rev= 1.00

T:  Bus=03 Lev=01 Prnt=01 Port=02 Cnt=02 Dev#=  3 Spd=480  MxCh= 0
D:  Ver= 2.10 Cls=ef(misc ) Sub=02 Prot=01 MxPS=64 #Cfgs=  1
P:  Vendor=0489 ProdID=e0d9 Rev= 1.00
S:  Manufacturer=MediaTek Inc.
S:  Product=Wireless_Device
S:  SerialNumber=000000000
C:* #Ifs= 3 Cfg#= 1 Atr=e0 MxPwr=100mA
A:  FirstIf#= 0 IfCount= 3 Cls=e0(wlcon) Sub=01 Prot=01
I:* If#= 0 Alt= 0 #EPs= 3 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
E:  Ad=81(I) Atr=03(Int.) MxPS=  16 Ivl=125us
E:  Ad=82(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E:  Ad=02(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
I:* If#= 1 Alt= 0 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
E:  Ad=83(I) Atr=01(Isoc) MxPS=   0 Ivl=1ms
E:  Ad=03(O) Atr=01(Isoc) MxPS=   0 Ivl=1ms
I:  If#= 1 Alt= 1 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
E:  Ad=83(I) Atr=01(Isoc) MxPS=   9 Ivl=1ms
E:  Ad=03(O) Atr=01(Isoc) MxPS=   9 Ivl=1ms
I:  If#= 1 Alt= 2 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
E:  Ad=83(I) Atr=01(Isoc) MxPS=  17 Ivl=1ms
E:  Ad=03(O) Atr=01(Isoc) MxPS=  17 Ivl=1ms
I:  If#= 1 Alt= 3 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
E:  Ad=83(I) Atr=01(Isoc) MxPS=  25 Ivl=1ms
E:  Ad=03(O) Atr=01(Isoc) MxPS=  25 Ivl=1ms
I:  If#= 1 Alt= 4 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
E:  Ad=83(I) Atr=01(Isoc) MxPS=  33 Ivl=1ms
E:  Ad=03(O) Atr=01(Isoc) MxPS=  33 Ivl=1ms
I:  If#= 1 Alt= 5 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
E:  Ad=83(I) Atr=01(Isoc) MxPS=  49 Ivl=1ms
E:  Ad=03(O) Atr=01(Isoc) MxPS=  49 Ivl=1ms
I:  If#= 1 Alt= 6 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
E:  Ad=83(I) Atr=01(Isoc) MxPS=  63 Ivl=1ms
E:  Ad=03(O) Atr=01(Isoc) MxPS=  63 Ivl=1ms
I:* If#= 2 Alt= 0 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=(none)
E:  Ad=8a(I) Atr=03(Int.) MxPS=  64 Ivl=125us
E:  Ad=0a(O) Atr=03(Int.) MxPS=  64 Ivl=125us
I:  If#= 2 Alt= 1 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=(none)
E:  Ad=8a(I) Atr=03(Int.) MxPS= 512 Ivl=125us
E:  Ad=0a(O) Atr=03(Int.) MxPS= 512 Ivl=125us

Signed-off-by: Aaron Ma <aaron.ma@canonical.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 drivers/bluetooth/btusb.c |    8 ++++++++
 1 file changed, 8 insertions(+)

--- a/drivers/bluetooth/btusb.c
+++ b/drivers/bluetooth/btusb.c
@@ -406,6 +406,14 @@ static const struct usb_device_id blackl
 			 BTUSB_WIDEBAND_SPEECH |
 			 BTUSB_VALID_LE_STATES },
 
+	/* MediaTek MT7922A Bluetooth devices */
+	{ USB_DEVICE(0x0489, 0xe0d8), .driver_info = BTUSB_MEDIATEK |
+						     BTUSB_WIDEBAND_SPEECH |
+						     BTUSB_VALID_LE_STATES },
+	{ USB_DEVICE(0x0489, 0xe0d9), .driver_info = BTUSB_MEDIATEK |
+						     BTUSB_WIDEBAND_SPEECH |
+						     BTUSB_VALID_LE_STATES },
+
 	/* Additional Realtek 8723AE Bluetooth devices */
 	{ USB_DEVICE(0x0930, 0x021d), .driver_info = BTUSB_REALTEK },
 	{ USB_DEVICE(0x13d3, 0x3394), .driver_info = BTUSB_REALTEK },



^ permalink raw reply	[flat|nested] 41+ messages in thread

* [PATCH 5.10 07/25] Bluetooth: btusb: Add support for Foxconn QCA 0xe0d0
  2022-01-14  8:16 [PATCH 5.10 00/25] 5.10.92-rc1 review Greg Kroah-Hartman
                   ` (5 preceding siblings ...)
  2022-01-14  8:16 ` [PATCH 5.10 06/25] Bluetooth: btusb: Add support for Foxconn MT7922A Greg Kroah-Hartman
@ 2022-01-14  8:16 ` Greg Kroah-Hartman
  2022-01-14  8:16 ` [PATCH 5.10 08/25] Bluetooth: bfusb: fix division by zero in send path Greg Kroah-Hartman
                   ` (25 subsequent siblings)
  32 siblings, 0 replies; 41+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-14  8:16 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Aaron Ma, Marcel Holtmann

From: Aaron Ma <aaron.ma@canonical.com>

commit 1cd563ebd0dc062127a85e84f934f4c697bb43ef upstream.

Add an ID of Qualcomm Bluetooth SoC WCN6855.

T:  Bus=05 Lev=01 Prnt=01 Port=03 Cnt=02 Dev#=  4 Spd=12   MxCh= 0
D:  Ver= 1.10 Cls=e0(wlcon) Sub=01 Prot=01 MxPS=64 #Cfgs=  1
P:  Vendor=0489 ProdID=e0d0 Rev= 0.01
C:* #Ifs= 2 Cfg#= 1 Atr=e0 MxPwr=100mA
I:* If#= 0 Alt= 0 #EPs= 3 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
E:  Ad=81(I) Atr=03(Int.) MxPS=  16 Ivl=1ms
E:  Ad=82(I) Atr=02(Bulk) MxPS=  64 Ivl=0ms
E:  Ad=02(O) Atr=02(Bulk) MxPS=  64 Ivl=0ms
I:  If#= 1 Alt= 0 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
E:  Ad=83(I) Atr=01(Isoc) MxPS=   0 Ivl=1ms
E:  Ad=03(O) Atr=01(Isoc) MxPS=   0 Ivl=1ms
I:  If#= 1 Alt= 1 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
E:  Ad=83(I) Atr=01(Isoc) MxPS=   9 Ivl=1ms
E:  Ad=03(O) Atr=01(Isoc) MxPS=   9 Ivl=1ms
I:* If#= 1 Alt= 2 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
E:  Ad=83(I) Atr=01(Isoc) MxPS=  17 Ivl=1ms
E:  Ad=03(O) Atr=01(Isoc) MxPS=  17 Ivl=1ms
I:  If#= 1 Alt= 3 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
E:  Ad=83(I) Atr=01(Isoc) MxPS=  25 Ivl=1ms
E:  Ad=03(O) Atr=01(Isoc) MxPS=  25 Ivl=1ms
I:  If#= 1 Alt= 4 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
E:  Ad=83(I) Atr=01(Isoc) MxPS=  33 Ivl=1ms
E:  Ad=03(O) Atr=01(Isoc) MxPS=  33 Ivl=1ms
I:  If#= 1 Alt= 5 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
E:  Ad=83(I) Atr=01(Isoc) MxPS=  49 Ivl=1ms
E:  Ad=03(O) Atr=01(Isoc) MxPS=  49 Ivl=1ms
I:  If#= 1 Alt= 6 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
E:  Ad=83(I) Atr=01(Isoc) MxPS=  63 Ivl=1ms
E:  Ad=03(O) Atr=01(Isoc) MxPS=  63 Ivl=1ms
I:  If#= 1 Alt= 7 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
E:  Ad=83(I) Atr=01(Isoc) MxPS=  65 Ivl=1ms
E:  Ad=03(O) Atr=01(Isoc) MxPS=  65 Ivl=1ms

Signed-off-by: Aaron Ma <aaron.ma@canonical.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 drivers/bluetooth/btusb.c |    3 +++
 1 file changed, 3 insertions(+)

--- a/drivers/bluetooth/btusb.c
+++ b/drivers/bluetooth/btusb.c
@@ -385,6 +385,9 @@ static const struct usb_device_id blackl
 	{ USB_DEVICE(0x10ab, 0x9409), .driver_info = BTUSB_QCA_WCN6855 |
 						     BTUSB_WIDEBAND_SPEECH |
 						     BTUSB_VALID_LE_STATES },
+	{ USB_DEVICE(0x0489, 0xe0d0), .driver_info = BTUSB_QCA_WCN6855 |
+						     BTUSB_WIDEBAND_SPEECH |
+						     BTUSB_VALID_LE_STATES },
 
 	/* Other Intel Bluetooth devices */
 	{ USB_VENDOR_AND_INTERFACE_INFO(0x8087, 0xe0, 0x01, 0x01),



^ permalink raw reply	[flat|nested] 41+ messages in thread

* [PATCH 5.10 08/25] Bluetooth: bfusb: fix division by zero in send path
  2022-01-14  8:16 [PATCH 5.10 00/25] 5.10.92-rc1 review Greg Kroah-Hartman
                   ` (6 preceding siblings ...)
  2022-01-14  8:16 ` [PATCH 5.10 07/25] Bluetooth: btusb: Add support for Foxconn QCA 0xe0d0 Greg Kroah-Hartman
@ 2022-01-14  8:16 ` Greg Kroah-Hartman
  2022-01-14  8:16 ` [PATCH 5.10 09/25] ARM: dts: exynos: Fix BCM4330 Bluetooth reset polarity in I9100 Greg Kroah-Hartman
                   ` (24 subsequent siblings)
  32 siblings, 0 replies; 41+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-14  8:16 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Johan Hovold, Marcel Holtmann

From: Johan Hovold <johan@kernel.org>

commit b5e6fa7a12572c82f1e7f2f51fbb02a322291291 upstream.

Add the missing bulk-out endpoint sanity check to probe() to avoid
division by zero in bfusb_send_frame() in case a malicious device has
broken descriptors (or when doing descriptor fuzz testing).

Note that USB core will reject URBs submitted for endpoints with zero
wMaxPacketSize but that drivers doing packet-size calculations still
need to handle this (cf. commit 2548288b4fb0 ("USB: Fix: Don't skip
endpoint descriptors with maxpacket=0")).

Cc: stable@vger.kernel.org
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 drivers/bluetooth/bfusb.c |    3 +++
 1 file changed, 3 insertions(+)

--- a/drivers/bluetooth/bfusb.c
+++ b/drivers/bluetooth/bfusb.c
@@ -628,6 +628,9 @@ static int bfusb_probe(struct usb_interf
 	data->bulk_out_ep   = bulk_out_ep->desc.bEndpointAddress;
 	data->bulk_pkt_size = le16_to_cpu(bulk_out_ep->desc.wMaxPacketSize);
 
+	if (!data->bulk_pkt_size)
+		goto done;
+
 	rwlock_init(&data->lock);
 
 	data->reassembly = NULL;



^ permalink raw reply	[flat|nested] 41+ messages in thread

* [PATCH 5.10 09/25] ARM: dts: exynos: Fix BCM4330 Bluetooth reset polarity in I9100
  2022-01-14  8:16 [PATCH 5.10 00/25] 5.10.92-rc1 review Greg Kroah-Hartman
                   ` (7 preceding siblings ...)
  2022-01-14  8:16 ` [PATCH 5.10 08/25] Bluetooth: bfusb: fix division by zero in send path Greg Kroah-Hartman
@ 2022-01-14  8:16 ` Greg Kroah-Hartman
  2022-01-14  8:16 ` [PATCH 5.10 10/25] USB: core: Fix bug in resuming hubs handling of wakeup requests Greg Kroah-Hartman
                   ` (23 subsequent siblings)
  32 siblings, 0 replies; 41+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-14  8:16 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Paul Cercueil, Krzysztof Kozlowski

From: Paul Cercueil <paul@crapouillou.net>

commit 9cb6de45a006a9799ec399bce60d64b6d4fcc4af upstream.

The reset GPIO was marked active-high, which is against what's specified
in the documentation. Mark the reset GPIO as active-low. With this
change, Bluetooth can now be used on the i9100.

Fixes: 8620cc2f99b7 ("ARM: dts: exynos: Add devicetree file for the Galaxy S2")
Cc: stable@vger.kernel.org
Signed-off-by: Paul Cercueil <paul@crapouillou.net>
Link: https://lore.kernel.org/r/20211031234137.87070-1-paul@crapouillou.net
Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski@canonical.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 arch/arm/boot/dts/exynos4210-i9100.dts |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/arch/arm/boot/dts/exynos4210-i9100.dts
+++ b/arch/arm/boot/dts/exynos4210-i9100.dts
@@ -765,7 +765,7 @@
 		compatible = "brcm,bcm4330-bt";
 
 		shutdown-gpios = <&gpl0 4 GPIO_ACTIVE_HIGH>;
-		reset-gpios = <&gpl1 0 GPIO_ACTIVE_HIGH>;
+		reset-gpios = <&gpl1 0 GPIO_ACTIVE_LOW>;
 		device-wakeup-gpios = <&gpx3 1 GPIO_ACTIVE_HIGH>;
 		host-wakeup-gpios = <&gpx2 6 GPIO_ACTIVE_HIGH>;
 	};



^ permalink raw reply	[flat|nested] 41+ messages in thread

* [PATCH 5.10 10/25] USB: core: Fix bug in resuming hubs handling of wakeup requests
  2022-01-14  8:16 [PATCH 5.10 00/25] 5.10.92-rc1 review Greg Kroah-Hartman
                   ` (8 preceding siblings ...)
  2022-01-14  8:16 ` [PATCH 5.10 09/25] ARM: dts: exynos: Fix BCM4330 Bluetooth reset polarity in I9100 Greg Kroah-Hartman
@ 2022-01-14  8:16 ` Greg Kroah-Hartman
  2022-01-14  8:16 ` [PATCH 5.10 11/25] USB: Fix "slab-out-of-bounds Write" bug in usb_hcd_poll_rh_status Greg Kroah-Hartman
                   ` (22 subsequent siblings)
  32 siblings, 0 replies; 41+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-14  8:16 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Jonathan McDowell, Alan Stern

From: Alan Stern <stern@rowland.harvard.edu>

commit 0f663729bb4afc92a9986b66131ebd5b8a9254d1 upstream.

Bugzilla #213839 reports a 7-port hub that doesn't work properly when
devices are plugged into some of the ports; the kernel goes into an
unending disconnect/reinitialize loop as shown in the bug report.

This "7-port hub" comprises two four-port hubs with one plugged into
the other; the failures occur when a device is plugged into one of the
downstream hub's ports.  (These hubs have other problems too.  For
example, they bill themselves as USB-2.0 compliant but they only run
at full speed.)

It turns out that the failures are caused by bugs in both the kernel
and the hub.  The hub's bug is that it reports a different
bmAttributes value in its configuration descriptor following a remote
wakeup (0xe0 before, 0xc0 after -- the wakeup-support bit has
changed).

The kernel's bug is inside the hub driver's resume handler.  When
hub_activate() sees that one of the hub's downstream ports got a
wakeup request from a child device, it notes this fact by setting the
corresponding bit in the hub->change_bits variable.  But this variable
is meant for connection changes, not wakeup events; setting it causes
the driver to believe the downstream port has been disconnected and
then connected again (in addition to having received a wakeup
request).

Because of this, the hub driver then tries to check whether the device
currently plugged into the downstream port is the same as the device
that had been attached there before.  Normally this check succeeds and
wakeup handling continues with no harm done (which is why the bug
remained undetected until now).  But with these dodgy hubs, the check
fails because the config descriptor has changed.  This causes the hub
driver to reinitialize the child device, leading to the
disconnect/reinitialize loop described in the bug report.

The proper way to note reception of a downstream wakeup request is
to set a bit in the hub->event_bits variable instead of
hub->change_bits.  That way the hub driver will realize that something
has happened to the port but will not think the port and child device
have been disconnected.  This patch makes that change.

Cc: <stable@vger.kernel.org>
Tested-by: Jonathan McDowell <noodles@earth.li>
Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
Link: https://lore.kernel.org/r/YdCw7nSfWYPKWQoD@rowland.harvard.edu
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 drivers/usb/core/hub.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/drivers/usb/core/hub.c
+++ b/drivers/usb/core/hub.c
@@ -1224,7 +1224,7 @@ static void hub_activate(struct usb_hub
 			 */
 			if (portchange || (hub_is_superspeed(hub->hdev) &&
 						port_resumed))
-				set_bit(port1, hub->change_bits);
+				set_bit(port1, hub->event_bits);
 
 		} else if (udev->persist_enabled) {
 #ifdef CONFIG_PM



^ permalink raw reply	[flat|nested] 41+ messages in thread

* [PATCH 5.10 11/25] USB: Fix "slab-out-of-bounds Write" bug in usb_hcd_poll_rh_status
  2022-01-14  8:16 [PATCH 5.10 00/25] 5.10.92-rc1 review Greg Kroah-Hartman
                   ` (9 preceding siblings ...)
  2022-01-14  8:16 ` [PATCH 5.10 10/25] USB: core: Fix bug in resuming hubs handling of wakeup requests Greg Kroah-Hartman
@ 2022-01-14  8:16 ` Greg Kroah-Hartman
  2022-01-14  8:16 ` [PATCH 5.10 12/25] ath11k: Fix buffer overflow when scanning with extraie Greg Kroah-Hartman
                   ` (21 subsequent siblings)
  32 siblings, 0 replies; 41+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-14  8:16 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Alan Stern, syzbot+3ae6a2b06f131ab9849f

From: Alan Stern <stern@rowland.harvard.edu>

commit 1d7d4c07932e04355d6e6528d44a2f2c9e354346 upstream.

When the USB core code for getting root-hub status reports was
originally written, it was assumed that the hub driver would be its
only caller.  But this isn't true now; user programs can use usbfs to
communicate with root hubs and get status reports.  When they do this,
they may use a transfer_buffer that is smaller than the data returned
by the HCD, which will lead to a buffer overflow error when
usb_hcd_poll_rh_status() tries to store the status data.  This was
discovered by syzbot:

BUG: KASAN: slab-out-of-bounds in memcpy include/linux/fortify-string.h:225 [inline]
BUG: KASAN: slab-out-of-bounds in usb_hcd_poll_rh_status+0x5f4/0x780 drivers/usb/core/hcd.c:776
Write of size 2 at addr ffff88801da403c0 by task syz-executor133/4062

This patch fixes the bug by reducing the amount of status data if it
won't fit in the transfer_buffer.  If some data gets discarded then
the URB's completion status is set to -EOVERFLOW rather than 0, to let
the user know what happened.

Reported-and-tested-by: syzbot+3ae6a2b06f131ab9849f@syzkaller.appspotmail.com
Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/Yc+3UIQJ2STbxNua@rowland.harvard.edu
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 drivers/usb/core/hcd.c |    9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

--- a/drivers/usb/core/hcd.c
+++ b/drivers/usb/core/hcd.c
@@ -754,6 +754,7 @@ void usb_hcd_poll_rh_status(struct usb_h
 {
 	struct urb	*urb;
 	int		length;
+	int		status;
 	unsigned long	flags;
 	char		buffer[6];	/* Any root hubs with > 31 ports? */
 
@@ -771,11 +772,17 @@ void usb_hcd_poll_rh_status(struct usb_h
 		if (urb) {
 			clear_bit(HCD_FLAG_POLL_PENDING, &hcd->flags);
 			hcd->status_urb = NULL;
+			if (urb->transfer_buffer_length >= length) {
+				status = 0;
+			} else {
+				status = -EOVERFLOW;
+				length = urb->transfer_buffer_length;
+			}
 			urb->actual_length = length;
 			memcpy(urb->transfer_buffer, buffer, length);
 
 			usb_hcd_unlink_urb_from_ep(hcd, urb);
-			usb_hcd_giveback_urb(hcd, urb, 0);
+			usb_hcd_giveback_urb(hcd, urb, status);
 		} else {
 			length = 0;
 			set_bit(HCD_FLAG_POLL_PENDING, &hcd->flags);



^ permalink raw reply	[flat|nested] 41+ messages in thread

* [PATCH 5.10 12/25] ath11k: Fix buffer overflow when scanning with extraie
  2022-01-14  8:16 [PATCH 5.10 00/25] 5.10.92-rc1 review Greg Kroah-Hartman
                   ` (10 preceding siblings ...)
  2022-01-14  8:16 ` [PATCH 5.10 11/25] USB: Fix "slab-out-of-bounds Write" bug in usb_hcd_poll_rh_status Greg Kroah-Hartman
@ 2022-01-14  8:16 ` Greg Kroah-Hartman
  2022-01-14  8:16 ` [PATCH 5.10 13/25] mmc: sdhci-pci: Add PCI ID for Intel ADL Greg Kroah-Hartman
                   ` (20 subsequent siblings)
  32 siblings, 0 replies; 41+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-14  8:16 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Sven Eckelmann, Kalle Valo

From: Sven Eckelmann <sven@narfation.org>

commit a658c929ded7ea3aee324c8c2a9635a5e5a38e7f upstream.

If cfg80211 is providing extraie's for a scanning process then ath11k will
copy that over to the firmware. The extraie.len is a 32 bit value in struct
element_info and describes the amount of bytes for the vendor information
elements.

The WMI_TLV packet is having a special WMI_TAG_ARRAY_BYTE section. This
section can have a (payload) length up to 65535 bytes because the
WMI_TLV_LEN can store up to 16 bits. The code was missing such a check and
could have created a scan request which cannot be parsed correctly by the
firmware.

But the bigger problem was the allocation of the buffer. It has to align
the TLV sections by 4 bytes. But the code was using an u8 to store the
newly calculated length of this section (with alignment). And the new
calculated length was then used to allocate the skbuff. But the actual code
to copy in the data is using the extraie.len and not the calculated
"aligned" length.

The length of extraie with IEEE80211_HW_SINGLE_SCAN_ON_ALL_BANDS enabled
was 264 bytes during tests with a QCA Milan card. But it only allocated 8
bytes (264 bytes % 256) for it. As consequence, the code to memcpy the
extraie into the skb was then just overwriting data after skb->end. Things
like shinfo were therefore corrupted. This could usually be seen by a crash
in skb_zcopy_clear which tried to call a ubuf_info callback (using a bogus
address).

Tested-on: WCN6855 hw2.0 PCI WLAN.HSP.1.1-02892.1-QCAHSPSWPL_V1_V2_SILICONZ_LITE-1

Cc: stable@vger.kernel.org
Fixes: d5c65159f289 ("ath11k: driver for Qualcomm IEEE 802.11ax devices")
Signed-off-by: Sven Eckelmann <sven@narfation.org>
Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com>
Link: https://lore.kernel.org/r/20211207142913.1734635-1-sven@narfation.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 drivers/net/wireless/ath/ath11k/wmi.c |    6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

--- a/drivers/net/wireless/ath/ath11k/wmi.c
+++ b/drivers/net/wireless/ath/ath11k/wmi.c
@@ -2036,7 +2036,7 @@ int ath11k_wmi_send_scan_start_cmd(struc
 	void *ptr;
 	int i, ret, len;
 	u32 *tmp_ptr;
-	u8 extraie_len_with_pad = 0;
+	u16 extraie_len_with_pad = 0;
 	struct hint_short_ssid *s_ssid = NULL;
 	struct hint_bssid *hint_bssid = NULL;
 
@@ -2055,7 +2055,7 @@ int ath11k_wmi_send_scan_start_cmd(struc
 		len += sizeof(*bssid) * params->num_bssid;
 
 	len += TLV_HDR_SIZE;
-	if (params->extraie.len)
+	if (params->extraie.len && params->extraie.len <= 0xFFFF)
 		extraie_len_with_pad =
 			roundup(params->extraie.len, sizeof(u32));
 	len += extraie_len_with_pad;
@@ -2162,7 +2162,7 @@ int ath11k_wmi_send_scan_start_cmd(struc
 		      FIELD_PREP(WMI_TLV_LEN, len);
 	ptr += TLV_HDR_SIZE;
 
-	if (params->extraie.len)
+	if (extraie_len_with_pad)
 		memcpy(ptr, params->extraie.ptr,
 		       params->extraie.len);
 



^ permalink raw reply	[flat|nested] 41+ messages in thread

* [PATCH 5.10 13/25] mmc: sdhci-pci: Add PCI ID for Intel ADL
  2022-01-14  8:16 [PATCH 5.10 00/25] 5.10.92-rc1 review Greg Kroah-Hartman
                   ` (11 preceding siblings ...)
  2022-01-14  8:16 ` [PATCH 5.10 12/25] ath11k: Fix buffer overflow when scanning with extraie Greg Kroah-Hartman
@ 2022-01-14  8:16 ` Greg Kroah-Hartman
  2022-01-14  8:16 ` [PATCH 5.10 14/25] veth: Do not record rx queue hint in veth_xmit Greg Kroah-Hartman
                   ` (19 subsequent siblings)
  32 siblings, 0 replies; 41+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-14  8:16 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Adrian Hunter, Ulf Hansson

From: Adrian Hunter <adrian.hunter@intel.com>

commit e53e97f805cb1abeea000a61549d42f92cb10804 upstream.

Add PCI ID for Intel ADL eMMC host controller.

Signed-off-by: Adrian Hunter <adrian.hunter@intel.com>
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/20211124094850.1783220-1-adrian.hunter@intel.com
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 drivers/mmc/host/sdhci-pci-core.c |    1 +
 drivers/mmc/host/sdhci-pci.h      |    1 +
 2 files changed, 2 insertions(+)

--- a/drivers/mmc/host/sdhci-pci-core.c
+++ b/drivers/mmc/host/sdhci-pci-core.c
@@ -1932,6 +1932,7 @@ static const struct pci_device_id pci_id
 	SDHCI_PCI_DEVICE(INTEL, JSL_SD,    intel_byt_sd),
 	SDHCI_PCI_DEVICE(INTEL, LKF_EMMC,  intel_glk_emmc),
 	SDHCI_PCI_DEVICE(INTEL, LKF_SD,    intel_byt_sd),
+	SDHCI_PCI_DEVICE(INTEL, ADL_EMMC,  intel_glk_emmc),
 	SDHCI_PCI_DEVICE(O2, 8120,     o2),
 	SDHCI_PCI_DEVICE(O2, 8220,     o2),
 	SDHCI_PCI_DEVICE(O2, 8221,     o2),
--- a/drivers/mmc/host/sdhci-pci.h
+++ b/drivers/mmc/host/sdhci-pci.h
@@ -59,6 +59,7 @@
 #define PCI_DEVICE_ID_INTEL_JSL_SD	0x4df8
 #define PCI_DEVICE_ID_INTEL_LKF_EMMC	0x98c4
 #define PCI_DEVICE_ID_INTEL_LKF_SD	0x98f8
+#define PCI_DEVICE_ID_INTEL_ADL_EMMC	0x54c4
 
 #define PCI_DEVICE_ID_SYSKONNECT_8000	0x8000
 #define PCI_DEVICE_ID_VIA_95D0		0x95d0



^ permalink raw reply	[flat|nested] 41+ messages in thread

* [PATCH 5.10 14/25] veth: Do not record rx queue hint in veth_xmit
  2022-01-14  8:16 [PATCH 5.10 00/25] 5.10.92-rc1 review Greg Kroah-Hartman
                   ` (12 preceding siblings ...)
  2022-01-14  8:16 ` [PATCH 5.10 13/25] mmc: sdhci-pci: Add PCI ID for Intel ADL Greg Kroah-Hartman
@ 2022-01-14  8:16 ` Greg Kroah-Hartman
  2022-01-14  8:16 ` [PATCH 5.10 15/25] mfd: intel-lpss: Fix too early PM enablement in the ACPI ->probe() Greg Kroah-Hartman
                   ` (18 subsequent siblings)
  32 siblings, 0 replies; 41+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-14  8:16 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Laurent Bernaille, Daniel Borkmann,
	Maciej Fijalkowski, Toshiaki Makita, Eric Dumazet, Paolo Abeni,
	John Fastabend, Willem de Bruijn, Eric Dumazet, David S. Miller

From: Daniel Borkmann <daniel@iogearbox.net>

commit 710ad98c363a66a0cd8526465426c5c5f8377ee0 upstream.

Laurent reported that they have seen a significant amount of TCP retransmissions
at high throughput from applications residing in network namespaces talking to
the outside world via veths. The drops were seen on the qdisc layer (fq_codel,
as per systemd default) of the phys device such as ena or virtio_net due to all
traffic hitting a _single_ TX queue _despite_ multi-queue device. (Note that the
setup was _not_ using XDP on veths as the issue is generic.)

More specifically, after edbea9220251 ("veth: Store queue_mapping independently
of XDP prog presence") which made it all the way back to v4.19.184+,
skb_record_rx_queue() would set skb->queue_mapping to 1 (given 1 RX and 1 TX
queue by default for veths) instead of leaving at 0.

This is eventually retained and callbacks like ena_select_queue() will also pick
single queue via netdev_core_pick_tx()'s ndo_select_queue() once all the traffic
is forwarded to that device via upper stack or other means. Similarly, for others
not implementing ndo_select_queue() if XPS is disabled, netdev_pick_tx() might
call into the skb_tx_hash() and check for prior skb_rx_queue_recorded() as well.

In general, it is a _bad_ idea for virtual devices like veth to mess around with
queue selection [by default]. Given dev->real_num_tx_queues is by default 1,
the skb->queue_mapping was left untouched, and so prior to edbea9220251 the
netdev_core_pick_tx() could do its job upon __dev_queue_xmit() on the phys device.

Unbreak this and restore prior behavior by removing the skb_record_rx_queue()
from veth_xmit() altogether.

If the veth peer has an XDP program attached, then it would return the first RX
queue index in xdp_md->rx_queue_index (unless configured in non-default manner).
However, this is still better than breaking the generic case.

Fixes: edbea9220251 ("veth: Store queue_mapping independently of XDP prog presence")
Fixes: 638264dc9022 ("veth: Support per queue XDP ring")
Reported-by: Laurent Bernaille <laurent.bernaille@datadoghq.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Cc: Maciej Fijalkowski <maciej.fijalkowski@intel.com>
Cc: Toshiaki Makita <toshiaki.makita1@gmail.com>
Cc: Eric Dumazet <eric.dumazet@gmail.com>
Cc: Paolo Abeni <pabeni@redhat.com>
Cc: John Fastabend <john.fastabend@gmail.com>
Cc: Willem de Bruijn <willemb@google.com>
Acked-by: John Fastabend <john.fastabend@gmail.com>
Reviewed-by: Eric Dumazet <edumazet@google.com>
Acked-by: Toshiaki Makita <toshiaki.makita1@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 drivers/net/veth.c |    1 -
 1 file changed, 1 deletion(-)

--- a/drivers/net/veth.c
+++ b/drivers/net/veth.c
@@ -301,7 +301,6 @@ static netdev_tx_t veth_xmit(struct sk_b
 	if (rxq < rcv->real_num_rx_queues) {
 		rq = &rcv_priv->rq[rxq];
 		rcv_xdp = rcu_access_pointer(rq->xdp_prog);
-		skb_record_rx_queue(skb, rxq);
 	}
 
 	skb_tx_timestamp(skb);



^ permalink raw reply	[flat|nested] 41+ messages in thread

* [PATCH 5.10 15/25] mfd: intel-lpss: Fix too early PM enablement in the ACPI ->probe()
  2022-01-14  8:16 [PATCH 5.10 00/25] 5.10.92-rc1 review Greg Kroah-Hartman
                   ` (13 preceding siblings ...)
  2022-01-14  8:16 ` [PATCH 5.10 14/25] veth: Do not record rx queue hint in veth_xmit Greg Kroah-Hartman
@ 2022-01-14  8:16 ` Greg Kroah-Hartman
  2022-01-14  8:16 ` [PATCH 5.10 16/25] can: gs_usb: fix use of uninitialized variable, detach device on reception of invalid USB data Greg Kroah-Hartman
                   ` (17 subsequent siblings)
  32 siblings, 0 replies; 41+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-14  8:16 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Orlando Chamberlain, Aditya Garg,
	Andy Shevchenko, Lee Jones

From: Andy Shevchenko <andriy.shevchenko@linux.intel.com>

commit c9e143084d1a602f829115612e1ec79df3727c8b upstream.

The runtime PM callback may be called as soon as the runtime PM facility
is enabled and activated. It means that ->suspend() may be called before
we finish probing the device in the ACPI case. Hence, NULL pointer
dereference:

  intel-lpss INT34BA:00: IRQ index 0 not found
  BUG: kernel NULL pointer dereference, address: 0000000000000030
  ...
  Workqueue: pm pm_runtime_work
  RIP: 0010:intel_lpss_suspend+0xb/0x40 [intel_lpss]

To fix this, first try to register the device and only after that enable
runtime PM facility.

Fixes: 4b45efe85263 ("mfd: Add support for Intel Sunrisepoint LPSS devices")
Reported-by: Orlando Chamberlain <redecorating@protonmail.com>
Reported-by: Aditya Garg <gargaditya08@live.com>
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Tested-by: Aditya Garg <gargaditya08@live.com>
Signed-off-by: Lee Jones <lee.jones@linaro.org>
Link: https://lore.kernel.org/r/20211101190008.86473-1-andriy.shevchenko@linux.intel.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 drivers/mfd/intel-lpss-acpi.c |    7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

--- a/drivers/mfd/intel-lpss-acpi.c
+++ b/drivers/mfd/intel-lpss-acpi.c
@@ -102,6 +102,7 @@ static int intel_lpss_acpi_probe(struct
 {
 	struct intel_lpss_platform_info *info;
 	const struct acpi_device_id *id;
+	int ret;
 
 	id = acpi_match_device(intel_lpss_acpi_ids, &pdev->dev);
 	if (!id)
@@ -115,10 +116,14 @@ static int intel_lpss_acpi_probe(struct
 	info->mem = platform_get_resource(pdev, IORESOURCE_MEM, 0);
 	info->irq = platform_get_irq(pdev, 0);
 
+	ret = intel_lpss_probe(&pdev->dev, info);
+	if (ret)
+		return ret;
+
 	pm_runtime_set_active(&pdev->dev);
 	pm_runtime_enable(&pdev->dev);
 
-	return intel_lpss_probe(&pdev->dev, info);
+	return 0;
 }
 
 static int intel_lpss_acpi_remove(struct platform_device *pdev)



^ permalink raw reply	[flat|nested] 41+ messages in thread

* [PATCH 5.10 16/25] can: gs_usb: fix use of uninitialized variable, detach device on reception of invalid USB data
  2022-01-14  8:16 [PATCH 5.10 00/25] 5.10.92-rc1 review Greg Kroah-Hartman
                   ` (14 preceding siblings ...)
  2022-01-14  8:16 ` [PATCH 5.10 15/25] mfd: intel-lpss: Fix too early PM enablement in the ACPI ->probe() Greg Kroah-Hartman
@ 2022-01-14  8:16 ` Greg Kroah-Hartman
  2022-01-14  8:16 ` [PATCH 5.10 17/25] can: isotp: convert struct tpcon::{idx,len} to unsigned int Greg Kroah-Hartman
                   ` (16 subsequent siblings)
  32 siblings, 0 replies; 41+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-14  8:16 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Marc Kleine-Budde

From: Marc Kleine-Budde <mkl@pengutronix.de>

commit 4a8737ff068724f509d583fef404d349adba80d6 upstream.

The received data contains the channel the received data is associated
with. If the channel number is bigger than the actual number of
channels assume broken or malicious USB device and shut it down.

This fixes the error found by clang:

| drivers/net/can/usb/gs_usb.c:386:6: error: variable 'dev' is used
|                                     uninitialized whenever 'if' condition is true
|         if (hf->channel >= GS_MAX_INTF)
|             ^~~~~~~~~~~~~~~~~~~~~~~~~~
| drivers/net/can/usb/gs_usb.c:474:10: note: uninitialized use occurs here
|                           hf, dev->gs_hf_size, gs_usb_receive_bulk_callback,
|                               ^~~

Link: https://lore.kernel.org/all/20211210091158.408326-1-mkl@pengutronix.de
Fixes: d08e973a77d1 ("can: gs_usb: Added support for the GS_USB CAN devices")
Cc: stable@vger.kernel.org
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 drivers/net/can/usb/gs_usb.c |    3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

--- a/drivers/net/can/usb/gs_usb.c
+++ b/drivers/net/can/usb/gs_usb.c
@@ -320,7 +320,7 @@ static void gs_usb_receive_bulk_callback
 
 	/* device reports out of range channel id */
 	if (hf->channel >= GS_MAX_INTF)
-		goto resubmit_urb;
+		goto device_detach;
 
 	dev = usbcan->canch[hf->channel];
 
@@ -405,6 +405,7 @@ static void gs_usb_receive_bulk_callback
 
 	/* USB failure take down all interfaces */
 	if (rc == -ENODEV) {
+ device_detach:
 		for (rc = 0; rc < GS_MAX_INTF; rc++) {
 			if (usbcan->canch[rc])
 				netif_device_detach(usbcan->canch[rc]->netdev);



^ permalink raw reply	[flat|nested] 41+ messages in thread

* [PATCH 5.10 17/25] can: isotp: convert struct tpcon::{idx,len} to unsigned int
  2022-01-14  8:16 [PATCH 5.10 00/25] 5.10.92-rc1 review Greg Kroah-Hartman
                   ` (15 preceding siblings ...)
  2022-01-14  8:16 ` [PATCH 5.10 16/25] can: gs_usb: fix use of uninitialized variable, detach device on reception of invalid USB data Greg Kroah-Hartman
@ 2022-01-14  8:16 ` Greg Kroah-Hartman
  2022-01-14  8:16 ` [PATCH 5.10 18/25] can: gs_usb: gs_can_start_xmit(): zero-initialize hf->{flags,reserved} Greg Kroah-Hartman
                   ` (15 subsequent siblings)
  32 siblings, 0 replies; 41+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-14  8:16 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Oliver Hartkopp,
	syzbot+4c63f36709a642f801c5, Marc Kleine-Budde

From: Marc Kleine-Budde <mkl@pengutronix.de>

commit 5f33a09e769a9da0482f20a6770a342842443776 upstream.

In isotp_rcv_ff() 32 bit of data received over the network is assigned
to struct tpcon::len. Later in that function the length is checked for
the maximal supported length against MAX_MSG_LENGTH.

As struct tpcon::len is an "int" this check does not work, if the
provided length overflows the "int".

Later on struct tpcon::idx is compared against struct tpcon::len.

To fix this problem this patch converts both struct tpcon::{idx,len}
to unsigned int.

Fixes: e057dd3fc20f ("can: add ISO 15765-2:2016 transport protocol")
Link: https://lore.kernel.org/all/20220105132429.1170627-1-mkl@pengutronix.de
Cc: stable@vger.kernel.org
Acked-by: Oliver Hartkopp <socketcan@hartkopp.net>
Reported-by: syzbot+4c63f36709a642f801c5@syzkaller.appspotmail.com
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 net/can/isotp.c |    4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

--- a/net/can/isotp.c
+++ b/net/can/isotp.c
@@ -119,8 +119,8 @@ enum {
 };
 
 struct tpcon {
-	int idx;
-	int len;
+	unsigned int idx;
+	unsigned int len;
 	u32 state;
 	u8 bs;
 	u8 sn;



^ permalink raw reply	[flat|nested] 41+ messages in thread

* [PATCH 5.10 18/25] can: gs_usb: gs_can_start_xmit(): zero-initialize hf->{flags,reserved}
  2022-01-14  8:16 [PATCH 5.10 00/25] 5.10.92-rc1 review Greg Kroah-Hartman
                   ` (16 preceding siblings ...)
  2022-01-14  8:16 ` [PATCH 5.10 17/25] can: isotp: convert struct tpcon::{idx,len} to unsigned int Greg Kroah-Hartman
@ 2022-01-14  8:16 ` Greg Kroah-Hartman
  2022-01-14  8:16 ` [PATCH 5.10 19/25] random: fix data race on crng_node_pool Greg Kroah-Hartman
                   ` (14 subsequent siblings)
  32 siblings, 0 replies; 41+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-14  8:16 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Brian Silverman, Marc Kleine-Budde

From: Brian Silverman <brian.silverman@bluerivertech.com>

commit 89d58aebe14a365c25ba6645414afdbf4e41cea4 upstream.

No information is deliberately sent in hf->flags in host -> device
communications, but the open-source candleLight firmware echoes it
back, which can result in the GS_CAN_FLAG_OVERFLOW flag being set and
generating spurious ERRORFRAMEs.

While there also initialize the reserved member with 0.

Fixes: d08e973a77d1 ("can: gs_usb: Added support for the GS_USB CAN devices")
Link: https://lore.kernel.org/all/20220106002952.25883-1-brian.silverman@bluerivertech.com
Link: https://github.com/candle-usb/candleLight_fw/issues/87
Cc: stable@vger.kernel.org
Signed-off-by: Brian Silverman <brian.silverman@bluerivertech.com>
[mkl: initialize the reserved member, too]
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 drivers/net/can/usb/gs_usb.c |    2 ++
 1 file changed, 2 insertions(+)

--- a/drivers/net/can/usb/gs_usb.c
+++ b/drivers/net/can/usb/gs_usb.c
@@ -507,6 +507,8 @@ static netdev_tx_t gs_can_start_xmit(str
 
 	hf->echo_id = idx;
 	hf->channel = dev->channel;
+	hf->flags = 0;
+	hf->reserved = 0;
 
 	cf = (struct can_frame *)skb->data;
 



^ permalink raw reply	[flat|nested] 41+ messages in thread

* [PATCH 5.10 19/25] random: fix data race on crng_node_pool
  2022-01-14  8:16 [PATCH 5.10 00/25] 5.10.92-rc1 review Greg Kroah-Hartman
                   ` (17 preceding siblings ...)
  2022-01-14  8:16 ` [PATCH 5.10 18/25] can: gs_usb: gs_can_start_xmit(): zero-initialize hf->{flags,reserved} Greg Kroah-Hartman
@ 2022-01-14  8:16 ` Greg Kroah-Hartman
  2022-01-14  8:16 ` [PATCH 5.10 20/25] random: fix data race on crng init time Greg Kroah-Hartman
                   ` (13 subsequent siblings)
  32 siblings, 0 replies; 41+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-14  8:16 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Eric Biggers, Paul E. McKenney,
	Jason A. Donenfeld

From: Eric Biggers <ebiggers@google.com>

commit 5d73d1e320c3fd94ea15ba5f79301da9a8bcc7de upstream.

extract_crng() and crng_backtrack_protect() load crng_node_pool with a
plain load, which causes undefined behavior if do_numa_crng_init()
modifies it concurrently.

Fix this by using READ_ONCE().  Note: as per the previous discussion
https://lore.kernel.org/lkml/20211219025139.31085-1-ebiggers@kernel.org/T/#u,
READ_ONCE() is believed to be sufficient here, and it was requested that
it be used here instead of smp_load_acquire().

Also change do_numa_crng_init() to set crng_node_pool using
cmpxchg_release() instead of mb() + cmpxchg(), as the former is
sufficient here but is more lightweight.

Fixes: 1e7f583af67b ("random: make /dev/urandom scalable for silly userspace programs")
Cc: stable@vger.kernel.org
Signed-off-by: Eric Biggers <ebiggers@google.com>
Acked-by: Paul E. McKenney <paulmck@kernel.org>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 drivers/char/random.c |   42 ++++++++++++++++++++++--------------------
 1 file changed, 22 insertions(+), 20 deletions(-)

--- a/drivers/char/random.c
+++ b/drivers/char/random.c
@@ -853,8 +853,8 @@ static void do_numa_crng_init(struct wor
 		crng_initialize_secondary(crng);
 		pool[i] = crng;
 	}
-	mb();
-	if (cmpxchg(&crng_node_pool, NULL, pool)) {
+	/* pairs with READ_ONCE() in select_crng() */
+	if (cmpxchg_release(&crng_node_pool, NULL, pool) != NULL) {
 		for_each_node(i)
 			kfree(pool[i]);
 		kfree(pool);
@@ -867,8 +867,26 @@ static void numa_crng_init(void)
 {
 	schedule_work(&numa_crng_init_work);
 }
+
+static struct crng_state *select_crng(void)
+{
+	struct crng_state **pool;
+	int nid = numa_node_id();
+
+	/* pairs with cmpxchg_release() in do_numa_crng_init() */
+	pool = READ_ONCE(crng_node_pool);
+	if (pool && pool[nid])
+		return pool[nid];
+
+	return &primary_crng;
+}
 #else
 static void numa_crng_init(void) {}
+
+static struct crng_state *select_crng(void)
+{
+	return &primary_crng;
+}
 #endif
 
 /*
@@ -1015,15 +1033,7 @@ static void _extract_crng(struct crng_st
 
 static void extract_crng(__u8 out[CHACHA_BLOCK_SIZE])
 {
-	struct crng_state *crng = NULL;
-
-#ifdef CONFIG_NUMA
-	if (crng_node_pool)
-		crng = crng_node_pool[numa_node_id()];
-	if (crng == NULL)
-#endif
-		crng = &primary_crng;
-	_extract_crng(crng, out);
+	_extract_crng(select_crng(), out);
 }
 
 /*
@@ -1052,15 +1062,7 @@ static void _crng_backtrack_protect(stru
 
 static void crng_backtrack_protect(__u8 tmp[CHACHA_BLOCK_SIZE], int used)
 {
-	struct crng_state *crng = NULL;
-
-#ifdef CONFIG_NUMA
-	if (crng_node_pool)
-		crng = crng_node_pool[numa_node_id()];
-	if (crng == NULL)
-#endif
-		crng = &primary_crng;
-	_crng_backtrack_protect(crng, tmp, used);
+	_crng_backtrack_protect(select_crng(), tmp, used);
 }
 
 static ssize_t extract_crng_user(void __user *buf, size_t nbytes)



^ permalink raw reply	[flat|nested] 41+ messages in thread

* [PATCH 5.10 20/25] random: fix data race on crng init time
  2022-01-14  8:16 [PATCH 5.10 00/25] 5.10.92-rc1 review Greg Kroah-Hartman
                   ` (18 preceding siblings ...)
  2022-01-14  8:16 ` [PATCH 5.10 19/25] random: fix data race on crng_node_pool Greg Kroah-Hartman
@ 2022-01-14  8:16 ` Greg Kroah-Hartman
  2022-01-14  8:16 ` [PATCH 5.10 21/25] random: fix crash on multiple early calls to add_bootloader_randomness() Greg Kroah-Hartman
                   ` (12 subsequent siblings)
  32 siblings, 0 replies; 41+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-14  8:16 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Eric Biggers, Paul E. McKenney,
	Jason A. Donenfeld

From: Eric Biggers <ebiggers@google.com>

commit 009ba8568be497c640cab7571f7bfd18345d7b24 upstream.

_extract_crng() does plain loads of crng->init_time and
crng_global_init_time, which causes undefined behavior if
crng_reseed() and RNDRESEEDCRNG modify these corrently.

Use READ_ONCE() and WRITE_ONCE() to make the behavior defined.

Don't fix the race on crng->init_time by protecting it with crng->lock,
since it's not a problem for duplicate reseedings to occur.  I.e., the
lockless access with READ_ONCE() is fine.

Fixes: d848e5f8e1eb ("random: add new ioctl RNDRESEEDCRNG")
Fixes: e192be9d9a30 ("random: replace non-blocking pool with a Chacha20-based CRNG")
Cc: stable@vger.kernel.org
Signed-off-by: Eric Biggers <ebiggers@google.com>
Acked-by: Paul E. McKenney <paulmck@kernel.org>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 drivers/char/random.c |   17 ++++++++++-------
 1 file changed, 10 insertions(+), 7 deletions(-)

--- a/drivers/char/random.c
+++ b/drivers/char/random.c
@@ -990,7 +990,7 @@ static void crng_reseed(struct crng_stat
 		crng->state[i+4] ^= buf.key[i] ^ rv;
 	}
 	memzero_explicit(&buf, sizeof(buf));
-	crng->init_time = jiffies;
+	WRITE_ONCE(crng->init_time, jiffies);
 	spin_unlock_irqrestore(&crng->lock, flags);
 	if (crng == &primary_crng && crng_init < 2) {
 		invalidate_batched_entropy();
@@ -1016,12 +1016,15 @@ static void crng_reseed(struct crng_stat
 static void _extract_crng(struct crng_state *crng,
 			  __u8 out[CHACHA_BLOCK_SIZE])
 {
-	unsigned long v, flags;
+	unsigned long v, flags, init_time;
 
-	if (crng_ready() &&
-	    (time_after(crng_global_init_time, crng->init_time) ||
-	     time_after(jiffies, crng->init_time + CRNG_RESEED_INTERVAL)))
-		crng_reseed(crng, crng == &primary_crng ? &input_pool : NULL);
+	if (crng_ready()) {
+		init_time = READ_ONCE(crng->init_time);
+		if (time_after(READ_ONCE(crng_global_init_time), init_time) ||
+		    time_after(jiffies, init_time + CRNG_RESEED_INTERVAL))
+			crng_reseed(crng, crng == &primary_crng ?
+				    &input_pool : NULL);
+	}
 	spin_lock_irqsave(&crng->lock, flags);
 	if (arch_get_random_long(&v))
 		crng->state[14] ^= v;
@@ -1975,7 +1978,7 @@ static long random_ioctl(struct file *f,
 		if (crng_init < 2)
 			return -ENODATA;
 		crng_reseed(&primary_crng, &input_pool);
-		crng_global_init_time = jiffies - 1;
+		WRITE_ONCE(crng_global_init_time, jiffies - 1);
 		return 0;
 	default:
 		return -EINVAL;



^ permalink raw reply	[flat|nested] 41+ messages in thread

* [PATCH 5.10 21/25] random: fix crash on multiple early calls to add_bootloader_randomness()
  2022-01-14  8:16 [PATCH 5.10 00/25] 5.10.92-rc1 review Greg Kroah-Hartman
                   ` (19 preceding siblings ...)
  2022-01-14  8:16 ` [PATCH 5.10 20/25] random: fix data race on crng init time Greg Kroah-Hartman
@ 2022-01-14  8:16 ` Greg Kroah-Hartman
  2022-01-14  8:16 ` [PATCH 5.10 22/25] media: Revert "media: uvcvideo: Set unique vdev name based in type" Greg Kroah-Hartman
                   ` (11 subsequent siblings)
  32 siblings, 0 replies; 41+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-14  8:16 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Ivan T. Ivanov, Dominik Brodowski,
	Jason A. Donenfeld

From: Dominik Brodowski <linux@dominikbrodowski.net>

commit f7e67b8e803185d0aabe7f29d25a35c8be724a78 upstream.

Currently, if CONFIG_RANDOM_TRUST_BOOTLOADER is enabled, multiple calls
to add_bootloader_randomness() are broken and can cause a NULL pointer
dereference, as noted by Ivan T. Ivanov. This is not only a hypothetical
problem, as qemu on arm64 may provide bootloader entropy via EFI and via
devicetree.

On the first call to add_hwgenerator_randomness(), crng_fast_load() is
executed, and if the seed is long enough, crng_init will be set to 1.
On subsequent calls to add_bootloader_randomness() and then to
add_hwgenerator_randomness(), crng_fast_load() will be skipped. Instead,
wait_event_interruptible() and then credit_entropy_bits() will be called.
If the entropy count for that second seed is large enough, that proceeds
to crng_reseed().

However, both wait_event_interruptible() and crng_reseed() depends
(at least in numa_crng_init()) on workqueues. Therefore, test whether
system_wq is already initialized, which is a sufficient indicator that
workqueue_init_early() has progressed far enough.

If we wind up hitting the !system_wq case, we later want to do what
would have been done there when wqs are up, so set a flag, and do that
work later from the rand_initialize() call.

Reported-by: Ivan T. Ivanov <iivanov@suse.de>
Fixes: 18b915ac6b0a ("efi/random: Treat EFI_RNG_PROTOCOL output as bootloader randomness")
Cc: stable@vger.kernel.org
Signed-off-by: Dominik Brodowski <linux@dominikbrodowski.net>
[Jason: added crng_need_done state and related logic.]
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 drivers/char/random.c |   56 ++++++++++++++++++++++++++++++++------------------
 1 file changed, 36 insertions(+), 20 deletions(-)

--- a/drivers/char/random.c
+++ b/drivers/char/random.c
@@ -461,6 +461,7 @@ static struct crng_state primary_crng =
  * its value (from 0->1->2).
  */
 static int crng_init = 0;
+static bool crng_need_final_init = false;
 #define crng_ready() (likely(crng_init > 1))
 static int crng_init_cnt = 0;
 static unsigned long crng_global_init_time = 0;
@@ -838,6 +839,36 @@ static void __init crng_initialize_prima
 	crng->init_time = jiffies - CRNG_RESEED_INTERVAL - 1;
 }
 
+static void crng_finalize_init(struct crng_state *crng)
+{
+	if (crng != &primary_crng || crng_init >= 2)
+		return;
+	if (!system_wq) {
+		/* We can't call numa_crng_init until we have workqueues,
+		 * so mark this for processing later. */
+		crng_need_final_init = true;
+		return;
+	}
+
+	invalidate_batched_entropy();
+	numa_crng_init();
+	crng_init = 2;
+	process_random_ready_list();
+	wake_up_interruptible(&crng_init_wait);
+	kill_fasync(&fasync, SIGIO, POLL_IN);
+	pr_notice("crng init done\n");
+	if (unseeded_warning.missed) {
+		pr_notice("%d get_random_xx warning(s) missed due to ratelimiting\n",
+			  unseeded_warning.missed);
+		unseeded_warning.missed = 0;
+	}
+	if (urandom_warning.missed) {
+		pr_notice("%d urandom warning(s) missed due to ratelimiting\n",
+			  urandom_warning.missed);
+		urandom_warning.missed = 0;
+	}
+}
+
 #ifdef CONFIG_NUMA
 static void do_numa_crng_init(struct work_struct *work)
 {
@@ -992,25 +1023,7 @@ static void crng_reseed(struct crng_stat
 	memzero_explicit(&buf, sizeof(buf));
 	WRITE_ONCE(crng->init_time, jiffies);
 	spin_unlock_irqrestore(&crng->lock, flags);
-	if (crng == &primary_crng && crng_init < 2) {
-		invalidate_batched_entropy();
-		numa_crng_init();
-		crng_init = 2;
-		process_random_ready_list();
-		wake_up_interruptible(&crng_init_wait);
-		kill_fasync(&fasync, SIGIO, POLL_IN);
-		pr_notice("crng init done\n");
-		if (unseeded_warning.missed) {
-			pr_notice("%d get_random_xx warning(s) missed due to ratelimiting\n",
-				  unseeded_warning.missed);
-			unseeded_warning.missed = 0;
-		}
-		if (urandom_warning.missed) {
-			pr_notice("%d urandom warning(s) missed due to ratelimiting\n",
-				  urandom_warning.missed);
-			urandom_warning.missed = 0;
-		}
-	}
+	crng_finalize_init(crng);
 }
 
 static void _extract_crng(struct crng_state *crng,
@@ -1804,6 +1817,8 @@ static void __init init_std_data(struct
 int __init rand_initialize(void)
 {
 	init_std_data(&input_pool);
+	if (crng_need_final_init)
+		crng_finalize_init(&primary_crng);
 	crng_initialize_primary(&primary_crng);
 	crng_global_init_time = jiffies;
 	if (ratelimit_disable) {
@@ -2312,7 +2327,8 @@ void add_hwgenerator_randomness(const ch
 	 * We'll be woken up again once below random_write_wakeup_thresh,
 	 * or when the calling thread is about to terminate.
 	 */
-	wait_event_interruptible(random_write_wait, kthread_should_stop() ||
+	wait_event_interruptible(random_write_wait,
+			!system_wq || kthread_should_stop() ||
 			ENTROPY_BITS(&input_pool) <= random_write_wakeup_bits);
 	mix_pool_bytes(poolp, buffer, count);
 	credit_entropy_bits(poolp, entropy);



^ permalink raw reply	[flat|nested] 41+ messages in thread

* [PATCH 5.10 22/25] media: Revert "media: uvcvideo: Set unique vdev name based in type"
  2022-01-14  8:16 [PATCH 5.10 00/25] 5.10.92-rc1 review Greg Kroah-Hartman
                   ` (20 preceding siblings ...)
  2022-01-14  8:16 ` [PATCH 5.10 21/25] random: fix crash on multiple early calls to add_bootloader_randomness() Greg Kroah-Hartman
@ 2022-01-14  8:16 ` Greg Kroah-Hartman
  2022-01-14  8:16 ` [PATCH 5.10 23/25] staging: wlan-ng: Avoid bitwise vs logical OR warning in hfa384x_usb_throttlefn() Greg Kroah-Hartman
                   ` (10 subsequent siblings)
  32 siblings, 0 replies; 41+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-14  8:16 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Nicolas Dufresne, Ricardo Ribalda,
	Laurent Pinchart, Hans Verkuil, Mauro Carvalho Chehab

From: Ricardo Ribalda <ribalda@chromium.org>

commit f66dcb32af19faf49cc4a9222c3152b10c6ec84a upstream.

A lot of userspace depends on a descriptive name for vdev. Without this
patch, users have a hard time figuring out which camera shall they use
for their video conferencing.

This reverts commit e3f60e7e1a2b451f538f9926763432249bcf39c4.

Link: https://lore.kernel.org/linux-media/20211207003840.1212374-2-ribalda@chromium.org
Cc: <stable@vger.kernel.org>
Fixes: e3f60e7e1a2b ("media: uvcvideo: Set unique vdev name based in type")
Reported-by: Nicolas Dufresne <nicolas@ndufresne.ca>
Signed-off-by: Ricardo Ribalda <ribalda@chromium.org>
Reviewed-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Reviewed-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 drivers/media/usb/uvc/uvc_driver.c |    7 +------
 1 file changed, 1 insertion(+), 6 deletions(-)

--- a/drivers/media/usb/uvc/uvc_driver.c
+++ b/drivers/media/usb/uvc/uvc_driver.c
@@ -2065,7 +2065,6 @@ int uvc_register_video_device(struct uvc
 			      const struct v4l2_file_operations *fops,
 			      const struct v4l2_ioctl_ops *ioctl_ops)
 {
-	const char *name;
 	int ret;
 
 	/* Initialize the video buffers queue. */
@@ -2094,20 +2093,16 @@ int uvc_register_video_device(struct uvc
 	case V4L2_BUF_TYPE_VIDEO_CAPTURE:
 	default:
 		vdev->device_caps = V4L2_CAP_VIDEO_CAPTURE | V4L2_CAP_STREAMING;
-		name = "Video Capture";
 		break;
 	case V4L2_BUF_TYPE_VIDEO_OUTPUT:
 		vdev->device_caps = V4L2_CAP_VIDEO_OUTPUT | V4L2_CAP_STREAMING;
-		name = "Video Output";
 		break;
 	case V4L2_BUF_TYPE_META_CAPTURE:
 		vdev->device_caps = V4L2_CAP_META_CAPTURE | V4L2_CAP_STREAMING;
-		name = "Metadata";
 		break;
 	}
 
-	snprintf(vdev->name, sizeof(vdev->name), "%s %u", name,
-		 stream->header.bTerminalLink);
+	strscpy(vdev->name, dev->name, sizeof(vdev->name));
 
 	/*
 	 * Set the driver data before calling video_register_device, otherwise



^ permalink raw reply	[flat|nested] 41+ messages in thread

* [PATCH 5.10 23/25] staging: wlan-ng: Avoid bitwise vs logical OR warning in hfa384x_usb_throttlefn()
  2022-01-14  8:16 [PATCH 5.10 00/25] 5.10.92-rc1 review Greg Kroah-Hartman
                   ` (21 preceding siblings ...)
  2022-01-14  8:16 ` [PATCH 5.10 22/25] media: Revert "media: uvcvideo: Set unique vdev name based in type" Greg Kroah-Hartman
@ 2022-01-14  8:16 ` Greg Kroah-Hartman
  2022-01-14  8:16 ` [PATCH 5.10 24/25] drm/i915: Avoid bitwise vs logical OR warning in snb_wm_latency_quirk() Greg Kroah-Hartman
                   ` (9 subsequent siblings)
  32 siblings, 0 replies; 41+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-14  8:16 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Nathan Chancellor

From: Nathan Chancellor <nathan@kernel.org>

commit 502408a61f4b7eb4713f44bd77f4a48e6cb1b59a upstream.

A new warning in clang points out a place in this file where a bitwise
OR is being used with boolean expressions:

In file included from drivers/staging/wlan-ng/prism2usb.c:2:
drivers/staging/wlan-ng/hfa384x_usb.c:3787:7: warning: use of bitwise '|' with boolean operands [-Wbitwise-instead-of-logical]
            ((test_and_clear_bit(THROTTLE_RX, &hw->usb_flags) &&
            ~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/staging/wlan-ng/hfa384x_usb.c:3787:7: note: cast one or both operands to int to silence this warning
1 warning generated.

The comment explains that short circuiting here is undesirable, as the
calls to test_and_{clear,set}_bit() need to happen for both sides of the
expression.

Clang's suggestion would work to silence the warning but the readability
of the expression would suffer even more. To clean up the warning and
make the block more readable, use a variable for each side of the
bitwise expression.

Link: https://github.com/ClangBuiltLinux/linux/issues/1478
Signed-off-by: Nathan Chancellor <nathan@kernel.org>
Link: https://lore.kernel.org/r/20211014215703.3705371-1-nathan@kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 drivers/staging/wlan-ng/hfa384x_usb.c |   22 +++++++++++-----------
 1 file changed, 11 insertions(+), 11 deletions(-)

--- a/drivers/staging/wlan-ng/hfa384x_usb.c
+++ b/drivers/staging/wlan-ng/hfa384x_usb.c
@@ -3779,18 +3779,18 @@ static void hfa384x_usb_throttlefn(struc
 
 	spin_lock_irqsave(&hw->ctlxq.lock, flags);
 
-	/*
-	 * We need to check BOTH the RX and the TX throttle controls,
-	 * so we use the bitwise OR instead of the logical OR.
-	 */
 	pr_debug("flags=0x%lx\n", hw->usb_flags);
-	if (!hw->wlandev->hwremoved &&
-	    ((test_and_clear_bit(THROTTLE_RX, &hw->usb_flags) &&
-	      !test_and_set_bit(WORK_RX_RESUME, &hw->usb_flags)) |
-	     (test_and_clear_bit(THROTTLE_TX, &hw->usb_flags) &&
-	      !test_and_set_bit(WORK_TX_RESUME, &hw->usb_flags))
-	    )) {
-		schedule_work(&hw->usb_work);
+	if (!hw->wlandev->hwremoved) {
+		bool rx_throttle = test_and_clear_bit(THROTTLE_RX, &hw->usb_flags) &&
+				   !test_and_set_bit(WORK_RX_RESUME, &hw->usb_flags);
+		bool tx_throttle = test_and_clear_bit(THROTTLE_TX, &hw->usb_flags) &&
+				   !test_and_set_bit(WORK_TX_RESUME, &hw->usb_flags);
+		/*
+		 * We need to check BOTH the RX and the TX throttle controls,
+		 * so we use the bitwise OR instead of the logical OR.
+		 */
+		if (rx_throttle | tx_throttle)
+			schedule_work(&hw->usb_work);
 	}
 
 	spin_unlock_irqrestore(&hw->ctlxq.lock, flags);



^ permalink raw reply	[flat|nested] 41+ messages in thread

* [PATCH 5.10 24/25] drm/i915: Avoid bitwise vs logical OR warning in snb_wm_latency_quirk()
  2022-01-14  8:16 [PATCH 5.10 00/25] 5.10.92-rc1 review Greg Kroah-Hartman
                   ` (22 preceding siblings ...)
  2022-01-14  8:16 ` [PATCH 5.10 23/25] staging: wlan-ng: Avoid bitwise vs logical OR warning in hfa384x_usb_throttlefn() Greg Kroah-Hartman
@ 2022-01-14  8:16 ` Greg Kroah-Hartman
  2022-01-14  8:16 ` [PATCH 5.10 25/25] staging: greybus: fix stack size warning with UBSAN Greg Kroah-Hartman
                   ` (8 subsequent siblings)
  32 siblings, 0 replies; 41+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-14  8:16 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Nick Desaulniers, Nathan Chancellor,
	Dávid Bolvanský, Ville Syrjälä

From: Nathan Chancellor <nathan@kernel.org>

commit 2e70570656adfe1c5d9a29940faa348d5f132199 upstream.

A new warning in clang points out a place in this file where a bitwise
OR is being used with boolean types:

drivers/gpu/drm/i915/intel_pm.c:3066:12: warning: use of bitwise '|' with boolean operands [-Wbitwise-instead-of-logical]
        changed = ilk_increase_wm_latency(dev_priv, dev_priv->wm.pri_latency, 12) |
                  ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

This construct is intentional, as it allows every one of the calls to
ilk_increase_wm_latency() to occur (instead of short circuiting with
logical OR) while still caring about the result of each call.

To make this clearer to the compiler, use the '|=' operator to assign
the result of each ilk_increase_wm_latency() call to changed, which
keeps the meaning of the code the same but makes it obvious that every
one of these calls is expected to happen.

Link: https://github.com/ClangBuiltLinux/linux/issues/1473
Reported-by: Nick Desaulniers <ndesaulniers@google.com>
Signed-off-by: Nathan Chancellor <nathan@kernel.org>
Suggested-by: Dávid Bolvanský <david.bolvansky@gmail.com>
Reviewed-by: Nick Desaulniers <ndesaulniers@google.com>
Signed-off-by: Ville Syrjälä <ville.syrjala@linux.intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20211014211916.3550122-1-nathan@kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 drivers/gpu/drm/i915/intel_pm.c |    6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

--- a/drivers/gpu/drm/i915/intel_pm.c
+++ b/drivers/gpu/drm/i915/intel_pm.c
@@ -3044,9 +3044,9 @@ static void snb_wm_latency_quirk(struct
 	 * The BIOS provided WM memory latency values are often
 	 * inadequate for high resolution displays. Adjust them.
 	 */
-	changed = ilk_increase_wm_latency(dev_priv, dev_priv->wm.pri_latency, 12) |
-		ilk_increase_wm_latency(dev_priv, dev_priv->wm.spr_latency, 12) |
-		ilk_increase_wm_latency(dev_priv, dev_priv->wm.cur_latency, 12);
+	changed = ilk_increase_wm_latency(dev_priv, dev_priv->wm.pri_latency, 12);
+	changed |= ilk_increase_wm_latency(dev_priv, dev_priv->wm.spr_latency, 12);
+	changed |= ilk_increase_wm_latency(dev_priv, dev_priv->wm.cur_latency, 12);
 
 	if (!changed)
 		return;



^ permalink raw reply	[flat|nested] 41+ messages in thread

* [PATCH 5.10 25/25] staging: greybus: fix stack size warning with UBSAN
  2022-01-14  8:16 [PATCH 5.10 00/25] 5.10.92-rc1 review Greg Kroah-Hartman
                   ` (23 preceding siblings ...)
  2022-01-14  8:16 ` [PATCH 5.10 24/25] drm/i915: Avoid bitwise vs logical OR warning in snb_wm_latency_quirk() Greg Kroah-Hartman
@ 2022-01-14  8:16 ` Greg Kroah-Hartman
  2022-01-14 13:22 ` [PATCH 5.10 00/25] 5.10.92-rc1 review Pavel Machek
                   ` (7 subsequent siblings)
  32 siblings, 0 replies; 41+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-14  8:16 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Nick Desaulniers, Alex Elder,
	Arnd Bergmann, Nathan Chancellor

From: Arnd Bergmann <arnd@arndb.de>

commit 144779edf598e0896302c35a0926ef0b68f17c4b upstream.

clang warns about excessive stack usage in this driver when
UBSAN is enabled:

drivers/staging/greybus/audio_topology.c:977:12: error: stack frame size of 1836 bytes in function 'gbaudio_tplg_create_widget' [-Werror,-Wframe-larger-than=]

Rework this code to no longer use compound literals for
initializing the structure in each case, but instead keep
the common bits in a preallocated constant array and copy
them as needed.

Link: https://github.com/ClangBuiltLinux/linux/issues/1535
Link: https://lore.kernel.org/r/20210103223541.2790855-1-arnd@kernel.org/
Reviewed-by: Nick Desaulniers <ndesaulniers@google.com>
Reviewed-by: Alex Elder <elder@linaro.org>
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
[nathan: Address review comments from v1]
Signed-off-by: Nathan Chancellor <nathan@kernel.org>
Link: https://lore.kernel.org/r/20211209195141.1165233-1-nathan@kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 drivers/staging/greybus/audio_topology.c |   92 +++++++++++++++----------------
 1 file changed, 45 insertions(+), 47 deletions(-)

--- a/drivers/staging/greybus/audio_topology.c
+++ b/drivers/staging/greybus/audio_topology.c
@@ -974,6 +974,44 @@ static int gbaudio_widget_event(struct s
 	return ret;
 }
 
+static const struct snd_soc_dapm_widget gbaudio_widgets[] = {
+	[snd_soc_dapm_spk]	= SND_SOC_DAPM_SPK(NULL, gbcodec_event_spk),
+	[snd_soc_dapm_hp]	= SND_SOC_DAPM_HP(NULL, gbcodec_event_hp),
+	[snd_soc_dapm_mic]	= SND_SOC_DAPM_MIC(NULL, gbcodec_event_int_mic),
+	[snd_soc_dapm_output]	= SND_SOC_DAPM_OUTPUT(NULL),
+	[snd_soc_dapm_input]	= SND_SOC_DAPM_INPUT(NULL),
+	[snd_soc_dapm_switch]	= SND_SOC_DAPM_SWITCH_E(NULL, SND_SOC_NOPM,
+					0, 0, NULL,
+					gbaudio_widget_event,
+					SND_SOC_DAPM_PRE_PMU |
+					SND_SOC_DAPM_POST_PMD),
+	[snd_soc_dapm_pga]	= SND_SOC_DAPM_PGA_E(NULL, SND_SOC_NOPM,
+					0, 0, NULL, 0,
+					gbaudio_widget_event,
+					SND_SOC_DAPM_PRE_PMU |
+					SND_SOC_DAPM_POST_PMD),
+	[snd_soc_dapm_mixer]	= SND_SOC_DAPM_MIXER_E(NULL, SND_SOC_NOPM,
+					0, 0, NULL, 0,
+					gbaudio_widget_event,
+					SND_SOC_DAPM_PRE_PMU |
+					SND_SOC_DAPM_POST_PMD),
+	[snd_soc_dapm_mux]	= SND_SOC_DAPM_MUX_E(NULL, SND_SOC_NOPM,
+					0, 0, NULL,
+					gbaudio_widget_event,
+					SND_SOC_DAPM_PRE_PMU |
+					SND_SOC_DAPM_POST_PMD),
+	[snd_soc_dapm_aif_in]	= SND_SOC_DAPM_AIF_IN_E(NULL, NULL, 0,
+					SND_SOC_NOPM, 0, 0,
+					gbaudio_widget_event,
+					SND_SOC_DAPM_PRE_PMU |
+					SND_SOC_DAPM_POST_PMD),
+	[snd_soc_dapm_aif_out]	= SND_SOC_DAPM_AIF_OUT_E(NULL, NULL, 0,
+					SND_SOC_NOPM, 0, 0,
+					gbaudio_widget_event,
+					SND_SOC_DAPM_PRE_PMU |
+					SND_SOC_DAPM_POST_PMD),
+};
+
 static int gbaudio_tplg_create_widget(struct gbaudio_module_info *module,
 				      struct snd_soc_dapm_widget *dw,
 				      struct gb_audio_widget *w, int *w_size)
@@ -1052,77 +1090,37 @@ static int gbaudio_tplg_create_widget(st
 
 	switch (w->type) {
 	case snd_soc_dapm_spk:
-		*dw = (struct snd_soc_dapm_widget)
-			SND_SOC_DAPM_SPK(w->name, gbcodec_event_spk);
+		*dw = gbaudio_widgets[w->type];
 		module->op_devices |= GBAUDIO_DEVICE_OUT_SPEAKER;
 		break;
 	case snd_soc_dapm_hp:
-		*dw = (struct snd_soc_dapm_widget)
-			SND_SOC_DAPM_HP(w->name, gbcodec_event_hp);
+		*dw = gbaudio_widgets[w->type];
 		module->op_devices |= (GBAUDIO_DEVICE_OUT_WIRED_HEADSET
 					| GBAUDIO_DEVICE_OUT_WIRED_HEADPHONE);
 		module->ip_devices |= GBAUDIO_DEVICE_IN_WIRED_HEADSET;
 		break;
 	case snd_soc_dapm_mic:
-		*dw = (struct snd_soc_dapm_widget)
-			SND_SOC_DAPM_MIC(w->name, gbcodec_event_int_mic);
+		*dw = gbaudio_widgets[w->type];
 		module->ip_devices |= GBAUDIO_DEVICE_IN_BUILTIN_MIC;
 		break;
 	case snd_soc_dapm_output:
-		*dw = (struct snd_soc_dapm_widget)SND_SOC_DAPM_OUTPUT(w->name);
-		break;
 	case snd_soc_dapm_input:
-		*dw = (struct snd_soc_dapm_widget)SND_SOC_DAPM_INPUT(w->name);
-		break;
 	case snd_soc_dapm_switch:
-		*dw = (struct snd_soc_dapm_widget)
-			SND_SOC_DAPM_SWITCH_E(w->name, SND_SOC_NOPM, 0, 0,
-					      widget_kctls,
-					      gbaudio_widget_event,
-					      SND_SOC_DAPM_PRE_PMU |
-					      SND_SOC_DAPM_POST_PMD);
-		break;
 	case snd_soc_dapm_pga:
-		*dw = (struct snd_soc_dapm_widget)
-			SND_SOC_DAPM_PGA_E(w->name, SND_SOC_NOPM, 0, 0, NULL, 0,
-					   gbaudio_widget_event,
-					   SND_SOC_DAPM_PRE_PMU |
-					   SND_SOC_DAPM_POST_PMD);
-		break;
 	case snd_soc_dapm_mixer:
-		*dw = (struct snd_soc_dapm_widget)
-			SND_SOC_DAPM_MIXER_E(w->name, SND_SOC_NOPM, 0, 0, NULL,
-					     0, gbaudio_widget_event,
-					     SND_SOC_DAPM_PRE_PMU |
-					     SND_SOC_DAPM_POST_PMD);
-		break;
 	case snd_soc_dapm_mux:
-		*dw = (struct snd_soc_dapm_widget)
-			SND_SOC_DAPM_MUX_E(w->name, SND_SOC_NOPM, 0, 0,
-					   widget_kctls, gbaudio_widget_event,
-					   SND_SOC_DAPM_PRE_PMU |
-					   SND_SOC_DAPM_POST_PMD);
+		*dw = gbaudio_widgets[w->type];
 		break;
 	case snd_soc_dapm_aif_in:
-		*dw = (struct snd_soc_dapm_widget)
-			SND_SOC_DAPM_AIF_IN_E(w->name, w->sname, 0,
-					      SND_SOC_NOPM,
-					      0, 0, gbaudio_widget_event,
-					      SND_SOC_DAPM_PRE_PMU |
-					      SND_SOC_DAPM_POST_PMD);
-		break;
 	case snd_soc_dapm_aif_out:
-		*dw = (struct snd_soc_dapm_widget)
-			SND_SOC_DAPM_AIF_OUT_E(w->name, w->sname, 0,
-					       SND_SOC_NOPM,
-					       0, 0, gbaudio_widget_event,
-					       SND_SOC_DAPM_PRE_PMU |
-					       SND_SOC_DAPM_POST_PMD);
+		*dw = gbaudio_widgets[w->type];
+		dw->sname = w->sname;
 		break;
 	default:
 		ret = -EINVAL;
 		goto error;
 	}
+	dw->name = w->name;
 
 	dev_dbg(module->dev, "%s: widget of type %d created\n", dw->name,
 		dw->id);



^ permalink raw reply	[flat|nested] 41+ messages in thread

* Re: [PATCH 5.10 00/25] 5.10.92-rc1 review
  2022-01-14  8:16 [PATCH 5.10 00/25] 5.10.92-rc1 review Greg Kroah-Hartman
                   ` (24 preceding siblings ...)
  2022-01-14  8:16 ` [PATCH 5.10 25/25] staging: greybus: fix stack size warning with UBSAN Greg Kroah-Hartman
@ 2022-01-14 13:22 ` Pavel Machek
  2022-01-14 18:09 ` Jon Hunter
                   ` (6 subsequent siblings)
  32 siblings, 0 replies; 41+ messages in thread
From: Pavel Machek @ 2022-01-14 13:22 UTC (permalink / raw)
  To: Greg Kroah-Hartman
  Cc: linux-kernel, torvalds, akpm, linux, shuah, patches, lkft-triage,
	pavel, jonathanh, f.fainelli, stable

[-- Attachment #1: Type: text/plain, Size: 826 bytes --]

Hi!

> This is the start of the stable review cycle for the 5.10.92 release.
> There are 25 patches in this series, all will be posted as a response
> to this one.  If anyone has any issues with these being applied, please
> let me know.
> 
> Responses should be made by Sun, 16 Jan 2022 08:15:33 +0000.
> Anything received after that time might be too late.

CIP testing did not find any new kernel problems here (gcc 8 gmp.h
problem remains):

https://gitlab.com/cip-project/cip-testing/linux-stable-rc-ci/-/tree/linux-5.10.y

Tested-by: Pavel Machek (CIP) <pavel@denx.de>

Best regards,
                                                                Pavel
-- 
DENX Software Engineering GmbH,      Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 195 bytes --]

^ permalink raw reply	[flat|nested] 41+ messages in thread

* Re: [PATCH 5.10 00/25] 5.10.92-rc1 review
  2022-01-14  8:16 [PATCH 5.10 00/25] 5.10.92-rc1 review Greg Kroah-Hartman
                   ` (25 preceding siblings ...)
  2022-01-14 13:22 ` [PATCH 5.10 00/25] 5.10.92-rc1 review Pavel Machek
@ 2022-01-14 18:09 ` Jon Hunter
  2022-01-14 21:25 ` Fox Chen
                   ` (5 subsequent siblings)
  32 siblings, 0 replies; 41+ messages in thread
From: Jon Hunter @ 2022-01-14 18:09 UTC (permalink / raw)
  To: Greg Kroah-Hartman
  Cc: Greg Kroah-Hartman, torvalds, akpm, linux, shuah, patches,
	lkft-triage, pavel, jonathanh, f.fainelli, stable, linux-tegra

On Fri, 14 Jan 2022 09:16:08 +0100, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 5.10.92 release.
> There are 25 patches in this series, all will be posted as a response
> to this one.  If anyone has any issues with these being applied, please
> let me know.
> 
> Responses should be made by Sun, 16 Jan 2022 08:15:33 +0000.
> Anything received after that time might be too late.
> 
> The whole patch series can be found in one patch at:
> 	https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.10.92-rc1.gz
> or in the git tree and branch at:
> 	git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.10.y
> and the diffstat can be found below.
> 
> thanks,
> 
> greg k-h

All tests passing for Tegra ...

Test results for stable-v5.10:
    10 builds:	10 pass, 0 fail
    28 boots:	28 pass, 0 fail
    75 tests:	75 pass, 0 fail

Linux version:	5.10.92-rc1-gfe11f2e0d63b
Boards tested:	tegra124-jetson-tk1, tegra186-p2771-0000,
                tegra194-p2972-0000, tegra194-p3509-0000+p3668-0000,
                tegra20-ventana, tegra210-p2371-2180,
                tegra210-p3450-0000, tegra30-cardhu-a04

Tested-by: Jon Hunter <jonathanh@nvidia.com>

Jon

^ permalink raw reply	[flat|nested] 41+ messages in thread

* RE: [PATCH 5.10 00/25] 5.10.92-rc1 review
  2022-01-14  8:16 [PATCH 5.10 00/25] 5.10.92-rc1 review Greg Kroah-Hartman
                   ` (26 preceding siblings ...)
  2022-01-14 18:09 ` Jon Hunter
@ 2022-01-14 21:25 ` Fox Chen
  2022-01-14 22:29 ` Florian Fainelli
                   ` (4 subsequent siblings)
  32 siblings, 0 replies; 41+ messages in thread
From: Fox Chen @ 2022-01-14 21:25 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, torvalds, akpm, linux, shuah, patches,
	lkft-triage, pavel, jonathanh, f.fainelli, stable, Fox Chen

On Fri, 14 Jan 2022 09:16:08 +0100, Greg Kroah-Hartman <gregkh@linuxfoundation.org> wrote:
> This is the start of the stable review cycle for the 5.10.92 release.
> There are 25 patches in this series, all will be posted as a response
> to this one.  If anyone has any issues with these being applied, please
> let me know.
> 
> Responses should be made by Sun, 16 Jan 2022 08:15:33 +0000.
> Anything received after that time might be too late.
> 
> The whole patch series can be found in one patch at:
> 	https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.10.92-rc1.gz
> or in the git tree and branch at:
> 	git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.10.y
> and the diffstat can be found below.
> 
> thanks,
> 
> greg k-h
> 

5.10.92-rc1 Successfully Compiled and booted on my Raspberry PI 4b (8g) (bcm2711)
                
Tested-by: Fox Chen <foxhlchen@gmail.com>


^ permalink raw reply	[flat|nested] 41+ messages in thread

* Re: [PATCH 5.10 00/25] 5.10.92-rc1 review
  2022-01-14  8:16 [PATCH 5.10 00/25] 5.10.92-rc1 review Greg Kroah-Hartman
                   ` (27 preceding siblings ...)
  2022-01-14 21:25 ` Fox Chen
@ 2022-01-14 22:29 ` Florian Fainelli
  2022-01-15  0:25 ` Shuah Khan
                   ` (3 subsequent siblings)
  32 siblings, 0 replies; 41+ messages in thread
From: Florian Fainelli @ 2022-01-14 22:29 UTC (permalink / raw)
  To: Greg Kroah-Hartman, linux-kernel
  Cc: torvalds, akpm, linux, shuah, patches, lkft-triage, pavel,
	jonathanh, stable

On 1/14/22 12:16 AM, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 5.10.92 release.
> There are 25 patches in this series, all will be posted as a response
> to this one.  If anyone has any issues with these being applied, please
> let me know.
> 
> Responses should be made by Sun, 16 Jan 2022 08:15:33 +0000.
> Anything received after that time might be too late.
> 
> The whole patch series can be found in one patch at:
> 	https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.10.92-rc1.gz
> or in the git tree and branch at:
> 	git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.10.y
> and the diffstat can be found below.
> 
> thanks,
> 
> greg k-h

On ARCH_BRCMSTB using 32-bit and 64-bit ARM kernels:

Tested-by: Florian Fainelli <f.fainelli@gmail.com>
-- 
Florian

^ permalink raw reply	[flat|nested] 41+ messages in thread

* Re: [PATCH 5.10 00/25] 5.10.92-rc1 review
  2022-01-14  8:16 [PATCH 5.10 00/25] 5.10.92-rc1 review Greg Kroah-Hartman
                   ` (28 preceding siblings ...)
  2022-01-14 22:29 ` Florian Fainelli
@ 2022-01-15  0:25 ` Shuah Khan
  2022-01-15  5:35 ` Naresh Kamboju
                   ` (2 subsequent siblings)
  32 siblings, 0 replies; 41+ messages in thread
From: Shuah Khan @ 2022-01-15  0:25 UTC (permalink / raw)
  To: Greg Kroah-Hartman, linux-kernel
  Cc: torvalds, akpm, linux, shuah, patches, lkft-triage, pavel,
	jonathanh, f.fainelli, stable, Shuah Khan

On 1/14/22 1:16 AM, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 5.10.92 release.
> There are 25 patches in this series, all will be posted as a response
> to this one.  If anyone has any issues with these being applied, please
> let me know.
> 
> Responses should be made by Sun, 16 Jan 2022 08:15:33 +0000.
> Anything received after that time might be too late.
> 
> The whole patch series can be found in one patch at:
> 	https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.10.92-rc1.gz
> or in the git tree and branch at:
> 	git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.10.y
> and the diffstat can be found below.
> 
> thanks,
> 
> greg k-h
> 

Compiled and booted on my test system. No dmesg regressions.

Tested-by: Shuah Khan <skhan@linuxfoundation.org>

thanks,
-- Shuah

^ permalink raw reply	[flat|nested] 41+ messages in thread

* Re: [PATCH 5.10 00/25] 5.10.92-rc1 review
  2022-01-14  8:16 [PATCH 5.10 00/25] 5.10.92-rc1 review Greg Kroah-Hartman
                   ` (29 preceding siblings ...)
  2022-01-15  0:25 ` Shuah Khan
@ 2022-01-15  5:35 ` Naresh Kamboju
  2022-01-15 11:07 ` Sudip Mukherjee
  2022-01-15 16:39 ` Guenter Roeck
  32 siblings, 0 replies; 41+ messages in thread
From: Naresh Kamboju @ 2022-01-15  5:35 UTC (permalink / raw)
  To: Greg Kroah-Hartman
  Cc: linux-kernel, torvalds, akpm, linux, shuah, patches, lkft-triage,
	pavel, jonathanh, f.fainelli, stable

On Fri, 14 Jan 2022 at 13:48, Greg Kroah-Hartman
<gregkh@linuxfoundation.org> wrote:
>
> This is the start of the stable review cycle for the 5.10.92 release.
> There are 25 patches in this series, all will be posted as a response
> to this one.  If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Sun, 16 Jan 2022 08:15:33 +0000.
> Anything received after that time might be too late.
>
> The whole patch series can be found in one patch at:
>         https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.10.92-rc1.gz
> or in the git tree and branch at:
>         git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.10.y
> and the diffstat can be found below.
>
> thanks,
>
> greg k-h

Results from Linaro’s test farm.
No regressions on arm64, arm, x86_64, and i386.

Tested-by: Linux Kernel Functional Testing <lkft@linaro.org>

## Build
* kernel: 5.10.92-rc1
* git: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git
* git branch: linux-5.10.y
* git commit: fe11f2e0d63baa47c1e36b02721b4fd7a1157955
* git describe: v5.10.91-26-gfe11f2e0d63b
* test details:
https://qa-reports.linaro.org/lkft/linux-stable-rc-linux-5.10.y/build/v5.10.91-26-gfe11f2e0d63b

## Test Regressions (compared to v5.10.91)
No test regressions found.

## Metric Regressions (compared to v5.10.91)
No metric regressions found.

## Test Fixes (compared to v5.10.91)
No test fixes found.

## Metric Fixes (compared to v5.10.91)
No metric fixes found.

## Test result summary
total: 94616, pass: 81315, fail: 544, skip: 11939, xfail: 818

## Build Summary
* arc: 10 total, 10 passed, 0 failed
* arm: 259 total, 255 passed, 4 failed
* arm64: 37 total, 37 passed, 0 failed
* dragonboard-410c: 1 total, 1 passed, 0 failed
* hi6220-hikey: 1 total, 1 passed, 0 failed
* i386: 36 total, 36 passed, 0 failed
* juno-r2: 1 total, 1 passed, 0 failed
* mips: 34 total, 30 passed, 4 failed
* parisc: 12 total, 12 passed, 0 failed
* powerpc: 52 total, 46 passed, 6 failed
* riscv: 24 total, 22 passed, 2 failed
* s390: 18 total, 18 passed, 0 failed
* sh: 24 total, 24 passed, 0 failed
* sparc: 12 total, 12 passed, 0 failed
* x15: 1 total, 1 passed, 0 failed
* x86: 1 total, 1 passed, 0 failed
* x86_64: 37 total, 37 passed, 0 failed

## Test suites summary
* fwts
* igt-gpu-tools
* kselftest-android
* kselftest-arm64
* kselftest-arm64/arm64.btitest.bti_c_func
* kselftest-arm64/arm64.btitest.bti_j_func
* kselftest-arm64/arm64.btitest.bti_jc_func
* kselftest-arm64/arm64.btitest.bti_none_func
* kselftest-arm64/arm64.btitest.nohint_func
* kselftest-arm64/arm64.btitest.paciasp_func
* kselftest-arm64/arm64.nobtitest.bti_c_func
* kselftest-arm64/arm64.nobtitest.bti_j_func
* kselftest-arm64/arm64.nobtitest.bti_jc_func
* kselftest-arm64/arm64.nobtitest.bti_none_func
* kselftest-arm64/arm64.nobtitest.nohint_func
* kselftest-arm64/arm64.nobtitest.paciasp_func
* kselftest-bpf
* kselftest-breakpoints
* kselftest-capabilities
* kselftest-cgroup
* kselftest-clone3
* kselftest-core
* kselftest-cpu-hotplug
* kselftest-cpufreq
* kselftest-drivers
* kselftest-efivarfs
* kselftest-filesystems
* kselftest-firmware
* kselftest-fpu
* kselftest-futex
* kselftest-gpio
* kselftest-intel_pstate
* kselftest-ipc
* kselftest-ir
* kselftest-kcmp
* kselftest-kexec
* kselftest-kvm
* kselftest-lib
* kselftest-livepatch
* kselftest-membarrier
* kselftest-memfd
* kselftest-memory-hotplug
* kselftest-mincore
* kselftest-mount
* kselftest-mqueue
* kselftest-net
* kselftest-netfilter
* kselftest-nsfs
* kselftest-openat2
* kselftest-pid_namespace
* kselftest-pidfd
* kselftest-proc
* kselftest-pstore
* kselftest-ptrace
* kselftest-rseq
* kselftest-rtc
* kselftest-seccomp
* kselftest-sigaltstack
* kselftest-size
* kselftest-splice
* kselftest-static_keys
* kselftest-sync
* kselftest-sysctl
* kselftest-tc-testing
* kselftest-timens
* kselftest-timers
* kselftest-tmpfs
* kselftest-tpm2
* kselftest-user
* kselftest-vm
* kselftest-x86
* kselftest-zram
* kunit
* kvm-unit-tests
* libgpiod
* libhugetlbfs
* linux-log-parser
* ltp-cap_bounds-tests
* ltp-commands-tests
* ltp-containers-tests
* ltp-controllers-tests
* ltp-cpuhotplug-tests
* ltp-crypto-tests
* ltp-cve-tests
* ltp-dio-tests
* ltp-fcntl-locktests-tests
* ltp-filecaps-tests
* ltp-fs-tests
* ltp-fs_bind-tests
* ltp-fs_perms_simple-tests
* ltp-fsx-tests
* ltp-hugetlb-tests
* ltp-io-tests
* ltp-ipc-tests
* ltp-math-tests
* ltp-mm-tests
* ltp-nptl-tests
* ltp-open-posix-tests
* ltp-pty-tests
* ltp-sched-tests
* ltp-securebits-tests
* ltp-syscalls-tests
* ltp-tracing-tests
* network-basic-tests
* packetdrill
* perf
* rcutorture
* ssuite
* v4l2-compliance

--
Linaro LKFT
https://lkft.linaro.org

^ permalink raw reply	[flat|nested] 41+ messages in thread

* Re: [PATCH 5.10 00/25] 5.10.92-rc1 review
  2022-01-14  8:16 [PATCH 5.10 00/25] 5.10.92-rc1 review Greg Kroah-Hartman
                   ` (30 preceding siblings ...)
  2022-01-15  5:35 ` Naresh Kamboju
@ 2022-01-15 11:07 ` Sudip Mukherjee
  2022-01-15 16:39 ` Guenter Roeck
  32 siblings, 0 replies; 41+ messages in thread
From: Sudip Mukherjee @ 2022-01-15 11:07 UTC (permalink / raw)
  To: Greg Kroah-Hartman
  Cc: linux-kernel, torvalds, akpm, linux, shuah, patches, lkft-triage,
	pavel, jonathanh, f.fainelli, stable

Hi Greg,

On Fri, Jan 14, 2022 at 09:16:08AM +0100, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 5.10.92 release.
> There are 25 patches in this series, all will be posted as a response
> to this one.  If anyone has any issues with these being applied, please
> let me know.
> 
> Responses should be made by Sun, 16 Jan 2022 08:15:33 +0000.
> Anything received after that time might be too late.

Build test:
mips (gcc version 11.2.1 20220106): 63 configs -> no new failure
arm (gcc version 11.2.1 20220106): 105 configs -> no new failure
arm64 (gcc version 11.2.1 20220106): 3 configs -> no failure
x86_64 (gcc version 11.2.1 20220106): 4 configs -> no failure

Boot test:
x86_64: Booted on my test laptop. No regression.
x86_64: Booted on qemu. No regression. [1]
arm64: Booted on rpi4b (4GB model). No regression. [2]

[1]. https://openqa.qa.codethink.co.uk/tests/626
[2]. https://openqa.qa.codethink.co.uk/tests/628


Tested-by: Sudip Mukherjee <sudip.mukherjee@codethink.co.uk>

--
Regards
Sudip


^ permalink raw reply	[flat|nested] 41+ messages in thread

* Re: [PATCH 5.10 00/25] 5.10.92-rc1 review
  2022-01-14  8:16 [PATCH 5.10 00/25] 5.10.92-rc1 review Greg Kroah-Hartman
                   ` (31 preceding siblings ...)
  2022-01-15 11:07 ` Sudip Mukherjee
@ 2022-01-15 16:39 ` Guenter Roeck
  32 siblings, 0 replies; 41+ messages in thread
From: Guenter Roeck @ 2022-01-15 16:39 UTC (permalink / raw)
  To: Greg Kroah-Hartman
  Cc: linux-kernel, torvalds, akpm, shuah, patches, lkft-triage, pavel,
	jonathanh, f.fainelli, stable

On Fri, Jan 14, 2022 at 09:16:08AM +0100, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 5.10.92 release.
> There are 25 patches in this series, all will be posted as a response
> to this one.  If anyone has any issues with these being applied, please
> let me know.
> 
> Responses should be made by Sun, 16 Jan 2022 08:15:33 +0000.
> Anything received after that time might be too late.
> 

Build results:
	total: 159 pass: 159 fail: 0
Qemu test results:
	total: 470 pass: 470 fail: 0

Tested-by: Guenter Roeck <linux@roeck-us.net>

Guenter

^ permalink raw reply	[flat|nested] 41+ messages in thread

* Re: [PATCH 5.10 01/25] md: revert io stats accounting
  2022-01-14  8:16 ` [PATCH 5.10 01/25] md: revert io stats accounting Greg Kroah-Hartman
@ 2022-01-26 10:09   ` Jack Wang
  2022-01-26 11:42     ` Greg Kroah-Hartman
  2022-01-26 15:12     ` Guillaume Morin
  0 siblings, 2 replies; 41+ messages in thread
From: Jack Wang @ 2022-01-26 10:09 UTC (permalink / raw)
  To: Greg Kroah-Hartman
  Cc: linux-kernel, stable, Guoqing Jiang, Song Liu, Guillaume Morin

Hi,

Greg Kroah-Hartman <gregkh@linuxfoundation.org> 于2022年1月14日周五 19:57写道:
>
> From: Guoqing Jiang <jgq516@gmail.com>
>
> commit ad3fc798800fb7ca04c1dfc439dba946818048d8 upstream.
>
> The commit 41d2d848e5c0 ("md: improve io stats accounting") could cause
> double fault problem per the report [1], and also it is not correct to
> change ->bi_end_io if md don't own it, so let's revert it.
>
> And io stats accounting will be replemented in later commits.
>
> [1]. https://lore.kernel.org/linux-raid/3bf04253-3fad-434a-63a7-20214e38cf26@gmail.com/T/#t
>
> Fixes: 41d2d848e5c0 ("md: improve io stats accounting")
> Signed-off-by: Guoqing Jiang <jiangguoqing@kylinos.cn>
> Signed-off-by: Song Liu <song@kernel.org>
> [GM: backport to 5.10-stable]
> Signed-off-by: Guillaume Morin <guillaume@morinfr.org>
> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
> ---
>  drivers/md/md.c |   57 +++++++++++---------------------------------------------
>  drivers/md/md.h |    1
>  2 files changed, 12 insertions(+), 46 deletions(-)
>
> --- a/drivers/md/md.c
> +++ b/drivers/md/md.c
> @@ -459,34 +459,12 @@ check_suspended:
>  }
>  EXPORT_SYMBOL(md_handle_request);
>
> -struct md_io {
> -       struct mddev *mddev;
> -       bio_end_io_t *orig_bi_end_io;
> -       void *orig_bi_private;
> -       unsigned long start_time;
> -       struct hd_struct *part;
> -};
> -
> -static void md_end_io(struct bio *bio)
> -{
> -       struct md_io *md_io = bio->bi_private;
> -       struct mddev *mddev = md_io->mddev;
> -
> -       part_end_io_acct(md_io->part, bio, md_io->start_time);
> -
> -       bio->bi_end_io = md_io->orig_bi_end_io;
> -       bio->bi_private = md_io->orig_bi_private;
> -
> -       mempool_free(md_io, &mddev->md_io_pool);
> -
> -       if (bio->bi_end_io)
> -               bio->bi_end_io(bio);
> -}
> -
>  static blk_qc_t md_submit_bio(struct bio *bio)
>  {
>         const int rw = bio_data_dir(bio);
> +       const int sgrp = op_stat_group(bio_op(bio));
>         struct mddev *mddev = bio->bi_disk->private_data;
> +       unsigned int sectors;
>
>         if (mddev == NULL || mddev->pers == NULL) {
>                 bio_io_error(bio);
> @@ -507,26 +485,21 @@ static blk_qc_t md_submit_bio(struct bio
>                 return BLK_QC_T_NONE;
>         }
>
> -       if (bio->bi_end_io != md_end_io) {
> -               struct md_io *md_io;
> -
> -               md_io = mempool_alloc(&mddev->md_io_pool, GFP_NOIO);
> -               md_io->mddev = mddev;
> -               md_io->orig_bi_end_io = bio->bi_end_io;
> -               md_io->orig_bi_private = bio->bi_private;
> -
> -               bio->bi_end_io = md_end_io;
> -               bio->bi_private = md_io;
> -
> -               md_io->start_time = part_start_io_acct(mddev->gendisk,
> -                                                      &md_io->part, bio);
> -       }
> -
> +       /*
> +        * save the sectors now since our bio can
> +        * go away inside make_request
> +        */
> +       sectors = bio_sectors(bio);
This code snip is not inside the original patch, and it's not in
latest upstream too.
>         /* bio could be mergeable after passing to underlayer */
>         bio->bi_opf &= ~REQ_NOMERGE;
>
>         md_handle_request(mddev, bio);
>
> +       part_stat_lock();
> +       part_stat_inc(&mddev->gendisk->part0, ios[sgrp]);
> +       part_stat_add(&mddev->gendisk->part0, sectors[sgrp], sectors);
> +       part_stat_unlock();
> +
same here, this code snip is not inside the original patch, and it's
not in latest upstream too.

I think would be good keep it as the upstream version.

Best!
Jinpu Wang @ IONOS
>         return BLK_QC_T_NONE;
>  }
>
> @@ -5636,7 +5609,6 @@ static void md_free(struct kobject *ko)
>
>         bioset_exit(&mddev->bio_set);
>         bioset_exit(&mddev->sync_set);
> -       mempool_exit(&mddev->md_io_pool);
>         kfree(mddev);
>  }
>
> @@ -5732,11 +5704,6 @@ static int md_alloc(dev_t dev, char *nam
>                  */
>                 mddev->hold_active = UNTIL_STOP;
>
> -       error = mempool_init_kmalloc_pool(&mddev->md_io_pool, BIO_POOL_SIZE,
> -                                         sizeof(struct md_io));
> -       if (error)
> -               goto abort;
> -
>         error = -ENOMEM;
>         mddev->queue = blk_alloc_queue(NUMA_NO_NODE);
>         if (!mddev->queue)
> --- a/drivers/md/md.h
> +++ b/drivers/md/md.h
> @@ -487,7 +487,6 @@ struct mddev {
>         struct bio_set                  sync_set; /* for sync operations like
>                                                    * metadata and bitmap writes
>                                                    */
> -       mempool_t                       md_io_pool;
>
>         /* Generic flush handling.
>          * The last to finish preflush schedules a worker to submit
>
>

^ permalink raw reply	[flat|nested] 41+ messages in thread

* Re: [PATCH 5.10 01/25] md: revert io stats accounting
  2022-01-26 10:09   ` Jack Wang
@ 2022-01-26 11:42     ` Greg Kroah-Hartman
  2022-01-26 12:37       ` Jack Wang
  2022-01-26 15:12     ` Guillaume Morin
  1 sibling, 1 reply; 41+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-26 11:42 UTC (permalink / raw)
  To: Jack Wang; +Cc: linux-kernel, stable, Guoqing Jiang, Song Liu, Guillaume Morin

On Wed, Jan 26, 2022 at 11:09:46AM +0100, Jack Wang wrote:
> Hi,
> 
> Greg Kroah-Hartman <gregkh@linuxfoundation.org> 于2022年1月14日周五 19:57写道:
> >
> > From: Guoqing Jiang <jgq516@gmail.com>
> >
> > commit ad3fc798800fb7ca04c1dfc439dba946818048d8 upstream.
> >
> > The commit 41d2d848e5c0 ("md: improve io stats accounting") could cause
> > double fault problem per the report [1], and also it is not correct to
> > change ->bi_end_io if md don't own it, so let's revert it.
> >
> > And io stats accounting will be replemented in later commits.
> >
> > [1]. https://lore.kernel.org/linux-raid/3bf04253-3fad-434a-63a7-20214e38cf26@gmail.com/T/#t
> >
> > Fixes: 41d2d848e5c0 ("md: improve io stats accounting")
> > Signed-off-by: Guoqing Jiang <jiangguoqing@kylinos.cn>
> > Signed-off-by: Song Liu <song@kernel.org>
> > [GM: backport to 5.10-stable]
> > Signed-off-by: Guillaume Morin <guillaume@morinfr.org>
> > Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
> > ---
> >  drivers/md/md.c |   57 +++++++++++---------------------------------------------
> >  drivers/md/md.h |    1
> >  2 files changed, 12 insertions(+), 46 deletions(-)
> >
> > --- a/drivers/md/md.c
> > +++ b/drivers/md/md.c
> > @@ -459,34 +459,12 @@ check_suspended:
> >  }
> >  EXPORT_SYMBOL(md_handle_request);
> >
> > -struct md_io {
> > -       struct mddev *mddev;
> > -       bio_end_io_t *orig_bi_end_io;
> > -       void *orig_bi_private;
> > -       unsigned long start_time;
> > -       struct hd_struct *part;
> > -};
> > -
> > -static void md_end_io(struct bio *bio)
> > -{
> > -       struct md_io *md_io = bio->bi_private;
> > -       struct mddev *mddev = md_io->mddev;
> > -
> > -       part_end_io_acct(md_io->part, bio, md_io->start_time);
> > -
> > -       bio->bi_end_io = md_io->orig_bi_end_io;
> > -       bio->bi_private = md_io->orig_bi_private;
> > -
> > -       mempool_free(md_io, &mddev->md_io_pool);
> > -
> > -       if (bio->bi_end_io)
> > -               bio->bi_end_io(bio);
> > -}
> > -
> >  static blk_qc_t md_submit_bio(struct bio *bio)
> >  {
> >         const int rw = bio_data_dir(bio);
> > +       const int sgrp = op_stat_group(bio_op(bio));
> >         struct mddev *mddev = bio->bi_disk->private_data;
> > +       unsigned int sectors;
> >
> >         if (mddev == NULL || mddev->pers == NULL) {
> >                 bio_io_error(bio);
> > @@ -507,26 +485,21 @@ static blk_qc_t md_submit_bio(struct bio
> >                 return BLK_QC_T_NONE;
> >         }
> >
> > -       if (bio->bi_end_io != md_end_io) {
> > -               struct md_io *md_io;
> > -
> > -               md_io = mempool_alloc(&mddev->md_io_pool, GFP_NOIO);
> > -               md_io->mddev = mddev;
> > -               md_io->orig_bi_end_io = bio->bi_end_io;
> > -               md_io->orig_bi_private = bio->bi_private;
> > -
> > -               bio->bi_end_io = md_end_io;
> > -               bio->bi_private = md_io;
> > -
> > -               md_io->start_time = part_start_io_acct(mddev->gendisk,
> > -                                                      &md_io->part, bio);
> > -       }
> > -
> > +       /*
> > +        * save the sectors now since our bio can
> > +        * go away inside make_request
> > +        */
> > +       sectors = bio_sectors(bio);
> This code snip is not inside the original patch, and it's not in
> latest upstream too.
> >         /* bio could be mergeable after passing to underlayer */
> >         bio->bi_opf &= ~REQ_NOMERGE;
> >
> >         md_handle_request(mddev, bio);
> >
> > +       part_stat_lock();
> > +       part_stat_inc(&mddev->gendisk->part0, ios[sgrp]);
> > +       part_stat_add(&mddev->gendisk->part0, sectors[sgrp], sectors);
> > +       part_stat_unlock();
> > +
> same here, this code snip is not inside the original patch, and it's
> not in latest upstream too.

Is it a problem?

> I think would be good keep it as the upstream version.

Can you send a revert of this commit (it is in 5.10.92), and a backport
of the correct fix?

thanks,

greg k-h

^ permalink raw reply	[flat|nested] 41+ messages in thread

* Re: [PATCH 5.10 01/25] md: revert io stats accounting
  2022-01-26 11:42     ` Greg Kroah-Hartman
@ 2022-01-26 12:37       ` Jack Wang
  2022-01-26 12:57         ` Greg Kroah-Hartman
  2022-01-26 15:19         ` Guillaume Morin
  0 siblings, 2 replies; 41+ messages in thread
From: Jack Wang @ 2022-01-26 12:37 UTC (permalink / raw)
  To: Greg Kroah-Hartman
  Cc: linux-kernel, stable, Guoqing Jiang, Song Liu, Guillaume Morin

Greg Kroah-Hartman <gregkh@linuxfoundation.org> 于2022年1月26日周三 12:42写道:
>
> On Wed, Jan 26, 2022 at 11:09:46AM +0100, Jack Wang wrote:
> > Hi,
> >
> > Greg Kroah-Hartman <gregkh@linuxfoundation.org> 于2022年1月14日周五 19:57写道:
> > >
> > > From: Guoqing Jiang <jgq516@gmail.com>
> > >
> > > commit ad3fc798800fb7ca04c1dfc439dba946818048d8 upstream.
> > >
> > > The commit 41d2d848e5c0 ("md: improve io stats accounting") could cause
> > > double fault problem per the report [1], and also it is not correct to
> > > change ->bi_end_io if md don't own it, so let's revert it.
> > >
> > > And io stats accounting will be replemented in later commits.
> > >
> > > [1]. https://lore.kernel.org/linux-raid/3bf04253-3fad-434a-63a7-20214e38cf26@gmail.com/T/#t
> > >
> > > Fixes: 41d2d848e5c0 ("md: improve io stats accounting")
> > > Signed-off-by: Guoqing Jiang <jiangguoqing@kylinos.cn>
> > > Signed-off-by: Song Liu <song@kernel.org>
> > > [GM: backport to 5.10-stable]
> > > Signed-off-by: Guillaume Morin <guillaume@morinfr.org>
> > > Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
> > > ---
> > >  drivers/md/md.c |   57 +++++++++++---------------------------------------------
> > >  drivers/md/md.h |    1
> > >  2 files changed, 12 insertions(+), 46 deletions(-)
> > >
> > > --- a/drivers/md/md.c
> > > +++ b/drivers/md/md.c
> > > @@ -459,34 +459,12 @@ check_suspended:
> > >  }
> > >  EXPORT_SYMBOL(md_handle_request);
> > >
> > > -struct md_io {
> > > -       struct mddev *mddev;
> > > -       bio_end_io_t *orig_bi_end_io;
> > > -       void *orig_bi_private;
> > > -       unsigned long start_time;
> > > -       struct hd_struct *part;
> > > -};
> > > -
> > > -static void md_end_io(struct bio *bio)
> > > -{
> > > -       struct md_io *md_io = bio->bi_private;
> > > -       struct mddev *mddev = md_io->mddev;
> > > -
> > > -       part_end_io_acct(md_io->part, bio, md_io->start_time);
> > > -
> > > -       bio->bi_end_io = md_io->orig_bi_end_io;
> > > -       bio->bi_private = md_io->orig_bi_private;
> > > -
> > > -       mempool_free(md_io, &mddev->md_io_pool);
> > > -
> > > -       if (bio->bi_end_io)
> > > -               bio->bi_end_io(bio);
> > > -}
> > > -
> > >  static blk_qc_t md_submit_bio(struct bio *bio)
> > >  {
> > >         const int rw = bio_data_dir(bio);
> > > +       const int sgrp = op_stat_group(bio_op(bio));
> > >         struct mddev *mddev = bio->bi_disk->private_data;
> > > +       unsigned int sectors;
> > >
> > >         if (mddev == NULL || mddev->pers == NULL) {
> > >                 bio_io_error(bio);
> > > @@ -507,26 +485,21 @@ static blk_qc_t md_submit_bio(struct bio
> > >                 return BLK_QC_T_NONE;
> > >         }
> > >
> > > -       if (bio->bi_end_io != md_end_io) {
> > > -               struct md_io *md_io;
> > > -
> > > -               md_io = mempool_alloc(&mddev->md_io_pool, GFP_NOIO);
> > > -               md_io->mddev = mddev;
> > > -               md_io->orig_bi_end_io = bio->bi_end_io;
> > > -               md_io->orig_bi_private = bio->bi_private;
> > > -
> > > -               bio->bi_end_io = md_end_io;
> > > -               bio->bi_private = md_io;
> > > -
> > > -               md_io->start_time = part_start_io_acct(mddev->gendisk,
> > > -                                                      &md_io->part, bio);
> > > -       }
> > > -
> > > +       /*
> > > +        * save the sectors now since our bio can
> > > +        * go away inside make_request
> > > +        */
> > > +       sectors = bio_sectors(bio);
> > This code snip is not inside the original patch, and it's not in
> > latest upstream too.
> > >         /* bio could be mergeable after passing to underlayer */
> > >         bio->bi_opf &= ~REQ_NOMERGE;
> > >
> > >         md_handle_request(mddev, bio);
> > >
> > > +       part_stat_lock();
> > > +       part_stat_inc(&mddev->gendisk->part0, ios[sgrp]);
> > > +       part_stat_add(&mddev->gendisk->part0, sectors[sgrp], sectors);
> > > +       part_stat_unlock();
> > > +
> > same here, this code snip is not inside the original patch, and it's
> > not in latest upstream too.
>
> Is it a problem?
Not sure, might cause some confusion regarding io stats.
>
> > I think would be good keep it as the upstream version.
>
> Can you send a revert of this commit (it is in 5.10.92), and a backport
> of the correct fix?
>
sure, I just sent an incremental fix for the backport itself.
is it ok?

Thanks!


> thanks,
>
> greg k-h

^ permalink raw reply	[flat|nested] 41+ messages in thread

* Re: [PATCH 5.10 01/25] md: revert io stats accounting
  2022-01-26 12:37       ` Jack Wang
@ 2022-01-26 12:57         ` Greg Kroah-Hartman
  2022-01-26 15:19         ` Guillaume Morin
  1 sibling, 0 replies; 41+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-26 12:57 UTC (permalink / raw)
  To: Jack Wang; +Cc: linux-kernel, stable, Guoqing Jiang, Song Liu, Guillaume Morin

On Wed, Jan 26, 2022 at 01:37:12PM +0100, Jack Wang wrote:
> Greg Kroah-Hartman <gregkh@linuxfoundation.org> 于2022年1月26日周三 12:42写道:
> >
> > On Wed, Jan 26, 2022 at 11:09:46AM +0100, Jack Wang wrote:
> > > Hi,
> > >
> > > Greg Kroah-Hartman <gregkh@linuxfoundation.org> 于2022年1月14日周五 19:57写道:
> > > >
> > > > From: Guoqing Jiang <jgq516@gmail.com>
> > > >
> > > > commit ad3fc798800fb7ca04c1dfc439dba946818048d8 upstream.
> > > >
> > > > The commit 41d2d848e5c0 ("md: improve io stats accounting") could cause
> > > > double fault problem per the report [1], and also it is not correct to
> > > > change ->bi_end_io if md don't own it, so let's revert it.
> > > >
> > > > And io stats accounting will be replemented in later commits.
> > > >
> > > > [1]. https://lore.kernel.org/linux-raid/3bf04253-3fad-434a-63a7-20214e38cf26@gmail.com/T/#t
> > > >
> > > > Fixes: 41d2d848e5c0 ("md: improve io stats accounting")
> > > > Signed-off-by: Guoqing Jiang <jiangguoqing@kylinos.cn>
> > > > Signed-off-by: Song Liu <song@kernel.org>
> > > > [GM: backport to 5.10-stable]
> > > > Signed-off-by: Guillaume Morin <guillaume@morinfr.org>
> > > > Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
> > > > ---
> > > >  drivers/md/md.c |   57 +++++++++++---------------------------------------------
> > > >  drivers/md/md.h |    1
> > > >  2 files changed, 12 insertions(+), 46 deletions(-)
> > > >
> > > > --- a/drivers/md/md.c
> > > > +++ b/drivers/md/md.c
> > > > @@ -459,34 +459,12 @@ check_suspended:
> > > >  }
> > > >  EXPORT_SYMBOL(md_handle_request);
> > > >
> > > > -struct md_io {
> > > > -       struct mddev *mddev;
> > > > -       bio_end_io_t *orig_bi_end_io;
> > > > -       void *orig_bi_private;
> > > > -       unsigned long start_time;
> > > > -       struct hd_struct *part;
> > > > -};
> > > > -
> > > > -static void md_end_io(struct bio *bio)
> > > > -{
> > > > -       struct md_io *md_io = bio->bi_private;
> > > > -       struct mddev *mddev = md_io->mddev;
> > > > -
> > > > -       part_end_io_acct(md_io->part, bio, md_io->start_time);
> > > > -
> > > > -       bio->bi_end_io = md_io->orig_bi_end_io;
> > > > -       bio->bi_private = md_io->orig_bi_private;
> > > > -
> > > > -       mempool_free(md_io, &mddev->md_io_pool);
> > > > -
> > > > -       if (bio->bi_end_io)
> > > > -               bio->bi_end_io(bio);
> > > > -}
> > > > -
> > > >  static blk_qc_t md_submit_bio(struct bio *bio)
> > > >  {
> > > >         const int rw = bio_data_dir(bio);
> > > > +       const int sgrp = op_stat_group(bio_op(bio));
> > > >         struct mddev *mddev = bio->bi_disk->private_data;
> > > > +       unsigned int sectors;
> > > >
> > > >         if (mddev == NULL || mddev->pers == NULL) {
> > > >                 bio_io_error(bio);
> > > > @@ -507,26 +485,21 @@ static blk_qc_t md_submit_bio(struct bio
> > > >                 return BLK_QC_T_NONE;
> > > >         }
> > > >
> > > > -       if (bio->bi_end_io != md_end_io) {
> > > > -               struct md_io *md_io;
> > > > -
> > > > -               md_io = mempool_alloc(&mddev->md_io_pool, GFP_NOIO);
> > > > -               md_io->mddev = mddev;
> > > > -               md_io->orig_bi_end_io = bio->bi_end_io;
> > > > -               md_io->orig_bi_private = bio->bi_private;
> > > > -
> > > > -               bio->bi_end_io = md_end_io;
> > > > -               bio->bi_private = md_io;
> > > > -
> > > > -               md_io->start_time = part_start_io_acct(mddev->gendisk,
> > > > -                                                      &md_io->part, bio);
> > > > -       }
> > > > -
> > > > +       /*
> > > > +        * save the sectors now since our bio can
> > > > +        * go away inside make_request
> > > > +        */
> > > > +       sectors = bio_sectors(bio);
> > > This code snip is not inside the original patch, and it's not in
> > > latest upstream too.
> > > >         /* bio could be mergeable after passing to underlayer */
> > > >         bio->bi_opf &= ~REQ_NOMERGE;
> > > >
> > > >         md_handle_request(mddev, bio);
> > > >
> > > > +       part_stat_lock();
> > > > +       part_stat_inc(&mddev->gendisk->part0, ios[sgrp]);
> > > > +       part_stat_add(&mddev->gendisk->part0, sectors[sgrp], sectors);
> > > > +       part_stat_unlock();
> > > > +
> > > same here, this code snip is not inside the original patch, and it's
> > > not in latest upstream too.
> >
> > Is it a problem?
> Not sure, might cause some confusion regarding io stats.
> >
> > > I think would be good keep it as the upstream version.
> >
> > Can you send a revert of this commit (it is in 5.10.92), and a backport
> > of the correct fix?
> >
> sure, I just sent an incremental fix for the backport itself.
> is it ok?

That works, I'll queue it up after this next round of releases, thanks!

greg k-h

^ permalink raw reply	[flat|nested] 41+ messages in thread

* Re: [PATCH 5.10 01/25] md: revert io stats accounting
  2022-01-26 10:09   ` Jack Wang
  2022-01-26 11:42     ` Greg Kroah-Hartman
@ 2022-01-26 15:12     ` Guillaume Morin
  2022-01-26 21:22       ` Jack Wang
  1 sibling, 1 reply; 41+ messages in thread
From: Guillaume Morin @ 2022-01-26 15:12 UTC (permalink / raw)
  To: Jack Wang
  Cc: Greg Kroah-Hartman, linux-kernel, stable, Guoqing Jiang,
	Song Liu, Guillaume Morin

On 26 Jan 11:09, Jack Wang wrote:
> >
> > -       if (bio->bi_end_io != md_end_io) {
> > -               struct md_io *md_io;
> > -
> > -               md_io = mempool_alloc(&mddev->md_io_pool, GFP_NOIO);
> > -               md_io->mddev = mddev;
> > -               md_io->orig_bi_end_io = bio->bi_end_io;
> > -               md_io->orig_bi_private = bio->bi_private;
> > -
> > -               bio->bi_end_io = md_end_io;
> > -               bio->bi_private = md_io;
> > -
> > -               md_io->start_time = part_start_io_acct(mddev->gendisk,
> > -                                                      &md_io->part, bio);
> > -       }
> > -
> > +       /*
> > +        * save the sectors now since our bio can
> > +        * go away inside make_request
> > +        */
> > +       sectors = bio_sectors(bio);
> This code snip is not inside the original patch, and it's not in
> latest upstream too.
> >         /* bio could be mergeable after passing to underlayer */
> >         bio->bi_opf &= ~REQ_NOMERGE;
> >
> >         md_handle_request(mddev, bio);
> >
> > +       part_stat_lock();
> > +       part_stat_inc(&mddev->gendisk->part0, ios[sgrp]);
> > +       part_stat_add(&mddev->gendisk->part0, sectors[sgrp], sectors);
> > +       part_stat_unlock();
> > +
> same here, this code snip is not inside the original patch, and it's
> not in latest upstream too.

Both snippets came from the code before 41d2d848e5c0 that the patch is
being reverted here.  As I explained in my original message, upstream is
different because of 99dfc43ecbf6 which is not in 5.10.

> I think would be good keep it as the upstream version.

If you don't include these lines, isn't this worse as it's not calling
either part_start_io_acct or bio_start_io_acct (in 99dfc43ecbf6)?

-- 
Guillaume Morin <guillaume@morinfr.org>

^ permalink raw reply	[flat|nested] 41+ messages in thread

* Re: [PATCH 5.10 01/25] md: revert io stats accounting
  2022-01-26 12:37       ` Jack Wang
  2022-01-26 12:57         ` Greg Kroah-Hartman
@ 2022-01-26 15:19         ` Guillaume Morin
  1 sibling, 0 replies; 41+ messages in thread
From: Guillaume Morin @ 2022-01-26 15:19 UTC (permalink / raw)
  To: Jack Wang
  Cc: Greg Kroah-Hartman, linux-kernel, stable, Guoqing Jiang,
	Song Liu, Guillaume Morin

On 26 Jan 13:37, Jack Wang wrote:
> > > >
> > > > -       if (bio->bi_end_io != md_end_io) {
> > > > -               struct md_io *md_io;
> > > > -
> > > > -               md_io = mempool_alloc(&mddev->md_io_pool, GFP_NOIO);
> > > > -               md_io->mddev = mddev;
> > > > -               md_io->orig_bi_end_io = bio->bi_end_io;
> > > > -               md_io->orig_bi_private = bio->bi_private;
> > > > -
> > > > -               bio->bi_end_io = md_end_io;
> > > > -               bio->bi_private = md_io;
> > > > -
> > > > -               md_io->start_time = part_start_io_acct(mddev->gendisk,
> > > > -                                                      &md_io->part, bio);
> > > > -       }
> > > > -
> > > > +       /*
> > > > +        * save the sectors now since our bio can
> > > > +        * go away inside make_request
> > > > +        */
> > > > +       sectors = bio_sectors(bio);
> > > This code snip is not inside the original patch, and it's not in
> > > latest upstream too.
> > > >         /* bio could be mergeable after passing to underlayer */
> > > >         bio->bi_opf &= ~REQ_NOMERGE;
> > > >
> > > >         md_handle_request(mddev, bio);
> > > >
> > > > +       part_stat_lock();
> > > > +       part_stat_inc(&mddev->gendisk->part0, ios[sgrp]);
> > > > +       part_stat_add(&mddev->gendisk->part0, sectors[sgrp], sectors);
> > > > +       part_stat_unlock();
> > > > +
> > > same here, this code snip is not inside the original patch, and it's
> > > not in latest upstream too.
> >
> > Is it a problem?
> Not sure, might cause some confusion regarding io stats.

Have you observed anything weird? Because if you don't include this, I
don't see where these stats are updated at all. Could you explain
please?

-- 
Guillaume Morin <guillaume@morinfr.org>

^ permalink raw reply	[flat|nested] 41+ messages in thread

* Re: [PATCH 5.10 01/25] md: revert io stats accounting
  2022-01-26 15:12     ` Guillaume Morin
@ 2022-01-26 21:22       ` Jack Wang
  0 siblings, 0 replies; 41+ messages in thread
From: Jack Wang @ 2022-01-26 21:22 UTC (permalink / raw)
  To: Guillaume Morin
  Cc: Greg Kroah-Hartman, linux-kernel, stable, Guoqing Jiang, Song Liu

Guillaume Morin <guillaume@morinfr.org> 于2022年1月26日周三 16:12写道:
>
> On 26 Jan 11:09, Jack Wang wrote:
> > >
> > > -       if (bio->bi_end_io != md_end_io) {
> > > -               struct md_io *md_io;
> > > -
> > > -               md_io = mempool_alloc(&mddev->md_io_pool, GFP_NOIO);
> > > -               md_io->mddev = mddev;
> > > -               md_io->orig_bi_end_io = bio->bi_end_io;
> > > -               md_io->orig_bi_private = bio->bi_private;
> > > -
> > > -               bio->bi_end_io = md_end_io;
> > > -               bio->bi_private = md_io;
> > > -
> > > -               md_io->start_time = part_start_io_acct(mddev->gendisk,
> > > -                                                      &md_io->part, bio);
> > > -       }
> > > -
> > > +       /*
> > > +        * save the sectors now since our bio can
> > > +        * go away inside make_request
> > > +        */
> > > +       sectors = bio_sectors(bio);
> > This code snip is not inside the original patch, and it's not in
> > latest upstream too.
> > >         /* bio could be mergeable after passing to underlayer */
> > >         bio->bi_opf &= ~REQ_NOMERGE;
> > >
> > >         md_handle_request(mddev, bio);
> > >
> > > +       part_stat_lock();
> > > +       part_stat_inc(&mddev->gendisk->part0, ios[sgrp]);
> > > +       part_stat_add(&mddev->gendisk->part0, sectors[sgrp], sectors);
> > > +       part_stat_unlock();
> > > +
> > same here, this code snip is not inside the original patch, and it's
> > not in latest upstream too.
>
> Both snippets came from the code before 41d2d848e5c0 that the patch is
> being reverted here.  As I explained in my original message, upstream is
> different because of 99dfc43ecbf6 which is not in 5.10.
oh, I missed it, you are right.
>
> > I think would be good keep it as the upstream version.
>
> If you don't include these lines, isn't this worse as it's not calling
> either part_start_io_acct or bio_start_io_acct (in 99dfc43ecbf6)?

Your patch is correct.
Sorry for the noise.

>
> --
> Guillaume Morin <guillaume@morinfr.org>

^ permalink raw reply	[flat|nested] 41+ messages in thread

end of thread, other threads:[~2022-01-26 21:22 UTC | newest]

Thread overview: 41+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-01-14  8:16 [PATCH 5.10 00/25] 5.10.92-rc1 review Greg Kroah-Hartman
2022-01-14  8:16 ` [PATCH 5.10 01/25] md: revert io stats accounting Greg Kroah-Hartman
2022-01-26 10:09   ` Jack Wang
2022-01-26 11:42     ` Greg Kroah-Hartman
2022-01-26 12:37       ` Jack Wang
2022-01-26 12:57         ` Greg Kroah-Hartman
2022-01-26 15:19         ` Guillaume Morin
2022-01-26 15:12     ` Guillaume Morin
2022-01-26 21:22       ` Jack Wang
2022-01-14  8:16 ` [PATCH 5.10 02/25] workqueue: Fix unbind_workers() VS wq_worker_running() race Greg Kroah-Hartman
2022-01-14  8:16 ` [PATCH 5.10 03/25] bpf: Fix out of bounds access from invalid *_or_null type verification Greg Kroah-Hartman
2022-01-14  8:16 ` [PATCH 5.10 04/25] Bluetooth: btusb: fix memory leak in btusb_mtk_submit_wmt_recv_urb() Greg Kroah-Hartman
2022-01-14  8:16 ` [PATCH 5.10 05/25] Bluetooth: btusb: Add two more Bluetooth parts for WCN6855 Greg Kroah-Hartman
2022-01-14  8:16 ` [PATCH 5.10 06/25] Bluetooth: btusb: Add support for Foxconn MT7922A Greg Kroah-Hartman
2022-01-14  8:16 ` [PATCH 5.10 07/25] Bluetooth: btusb: Add support for Foxconn QCA 0xe0d0 Greg Kroah-Hartman
2022-01-14  8:16 ` [PATCH 5.10 08/25] Bluetooth: bfusb: fix division by zero in send path Greg Kroah-Hartman
2022-01-14  8:16 ` [PATCH 5.10 09/25] ARM: dts: exynos: Fix BCM4330 Bluetooth reset polarity in I9100 Greg Kroah-Hartman
2022-01-14  8:16 ` [PATCH 5.10 10/25] USB: core: Fix bug in resuming hubs handling of wakeup requests Greg Kroah-Hartman
2022-01-14  8:16 ` [PATCH 5.10 11/25] USB: Fix "slab-out-of-bounds Write" bug in usb_hcd_poll_rh_status Greg Kroah-Hartman
2022-01-14  8:16 ` [PATCH 5.10 12/25] ath11k: Fix buffer overflow when scanning with extraie Greg Kroah-Hartman
2022-01-14  8:16 ` [PATCH 5.10 13/25] mmc: sdhci-pci: Add PCI ID for Intel ADL Greg Kroah-Hartman
2022-01-14  8:16 ` [PATCH 5.10 14/25] veth: Do not record rx queue hint in veth_xmit Greg Kroah-Hartman
2022-01-14  8:16 ` [PATCH 5.10 15/25] mfd: intel-lpss: Fix too early PM enablement in the ACPI ->probe() Greg Kroah-Hartman
2022-01-14  8:16 ` [PATCH 5.10 16/25] can: gs_usb: fix use of uninitialized variable, detach device on reception of invalid USB data Greg Kroah-Hartman
2022-01-14  8:16 ` [PATCH 5.10 17/25] can: isotp: convert struct tpcon::{idx,len} to unsigned int Greg Kroah-Hartman
2022-01-14  8:16 ` [PATCH 5.10 18/25] can: gs_usb: gs_can_start_xmit(): zero-initialize hf->{flags,reserved} Greg Kroah-Hartman
2022-01-14  8:16 ` [PATCH 5.10 19/25] random: fix data race on crng_node_pool Greg Kroah-Hartman
2022-01-14  8:16 ` [PATCH 5.10 20/25] random: fix data race on crng init time Greg Kroah-Hartman
2022-01-14  8:16 ` [PATCH 5.10 21/25] random: fix crash on multiple early calls to add_bootloader_randomness() Greg Kroah-Hartman
2022-01-14  8:16 ` [PATCH 5.10 22/25] media: Revert "media: uvcvideo: Set unique vdev name based in type" Greg Kroah-Hartman
2022-01-14  8:16 ` [PATCH 5.10 23/25] staging: wlan-ng: Avoid bitwise vs logical OR warning in hfa384x_usb_throttlefn() Greg Kroah-Hartman
2022-01-14  8:16 ` [PATCH 5.10 24/25] drm/i915: Avoid bitwise vs logical OR warning in snb_wm_latency_quirk() Greg Kroah-Hartman
2022-01-14  8:16 ` [PATCH 5.10 25/25] staging: greybus: fix stack size warning with UBSAN Greg Kroah-Hartman
2022-01-14 13:22 ` [PATCH 5.10 00/25] 5.10.92-rc1 review Pavel Machek
2022-01-14 18:09 ` Jon Hunter
2022-01-14 21:25 ` Fox Chen
2022-01-14 22:29 ` Florian Fainelli
2022-01-15  0:25 ` Shuah Khan
2022-01-15  5:35 ` Naresh Kamboju
2022-01-15 11:07 ` Sudip Mukherjee
2022-01-15 16:39 ` Guenter Roeck

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.