* [PATCH 5.10 000/563] 5.10.94-rc1 review
@ 2022-01-24 18:36 Greg Kroah-Hartman
2022-01-24 18:36 ` [PATCH 5.10 001/563] KVM: VMX: switch blocked_vcpu_on_cpu_lock to raw spinlock Greg Kroah-Hartman
` (566 more replies)
0 siblings, 567 replies; 584+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:36 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, torvalds, akpm, linux, shuah, patches,
lkft-triage, pavel, jonathanh, f.fainelli, sudipm.mukherjee,
stable
This is the start of the stable review cycle for the 5.10.94 release.
There are 563 patches in this series, all will be posted as a response
to this one. If anyone has any issues with these being applied, please
let me know.
Responses should be made by Wed, 26 Jan 2022 18:39:11 +0000.
Anything received after that time might be too late.
The whole patch series can be found in one patch at:
https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.10.94-rc1.gz
or in the git tree and branch at:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.10.y
and the diffstat can be found below.
thanks,
greg k-h
-------------
Pseudo-Shortlog of commits:
Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Linux 5.10.94-rc1
Fabio Estevam <festevam@denx.de>
ath10k: Fix the MTU size on QCA9377 SDIO
Doyle, Patrick <pdoyle@irobot.com>
mtd: nand: bbt: Fix corner case in bad block table handling
Andrey Konovalov <andreyknvl@google.com>
lib/test_meminit: destroy cache in kmem_cache_alloc_bulk() test
Alistair Popple <apopple@nvidia.com>
mm/hmm.c: allow VM_MIXEDMAP to work with hmm_range_fault
Miaoqian Lin <linmq006@gmail.com>
lib82596: Fix IRQ check in sni_82596_probe
Matthias Schiffer <matthias.schiffer@ew.tq-group.com>
scripts/dtc: dtx_diff: remove broken example from help text
Sam Protsenko <semen.protsenko@linaro.org>
dt-bindings: watchdog: Require samsung,syscon-phandle for Exynos7
Alexander Stein <alexander.stein@mailbox.org>
dt-bindings: display: meson-vpu: Add missing amlogic,canvas property
Alexander Stein <alexander.stein@mailbox.org>
dt-bindings: display: meson-dw-hdmi: add missing sound-name-prefix property
Tom Rix <trix@redhat.com>
net: mscc: ocelot: fix using match before it is set
Russell King (Oracle) <rmk+kernel@armlinux.org.uk>
net: sfp: fix high power modules without diagnostic monitoring
Tom Rix <trix@redhat.com>
net: ethernet: mtk_eth_soc: fix error checking in mtk_mac_config()
Sergey Shtylyov <s.shtylyov@omp.ru>
bcmgenet: add WOL IRQ check
Kevin Bracey <kevin@bracey.fi>
net_sched: restore "mpu xxx" handling
Jie Wang <wangjie125@huawei.com>
net: bonding: fix bond_xmit_broadcast return value error bug
David Heidelberg <david@ixit.cz>
arm64: dts: qcom: msm8996: drop not documented adreno properties
Leon Romanovsky <leon@kernel.org>
devlink: Remove misleading internal_flags from health reporter dump
Zechuan Chen <chenzechuan1@huawei.com>
perf probe: Fix ppc64 'perf probe add events failed' case
Tudor Ambarus <tudor.ambarus@microchip.com>
dmaengine: at_xdmac: Fix at_xdmac_lld struct definition
Tudor Ambarus <tudor.ambarus@microchip.com>
dmaengine: at_xdmac: Fix lld view setting
Tudor Ambarus <tudor.ambarus@microchip.com>
dmaengine: at_xdmac: Fix concurrency over xfers_list
Tudor Ambarus <tudor.ambarus@microchip.com>
dmaengine: at_xdmac: Print debug message after realeasing the lock
Tudor Ambarus <tudor.ambarus@microchip.com>
dmaengine: at_xdmac: Start transfer for cyclic channels in issue_pending
Tudor Ambarus <tudor.ambarus@microchip.com>
dmaengine: at_xdmac: Don't start transactions at tx_submit level
Adrian Hunter <adrian.hunter@intel.com>
perf script: Fix hex dump character output
Guillaume Nault <gnault@redhat.com>
libcxgb: Don't accidentally set RTO_ONLINK in cxgb_find_route()
Guillaume Nault <gnault@redhat.com>
gre: Don't accidentally set RTO_ONLINK in gre_fill_metadata_dst()
Guillaume Nault <gnault@redhat.com>
xfrm: Don't accidentally set RTO_ONLINK in decode_session4()
Eric Dumazet <edumazet@google.com>
netns: add schedule point in ops_exit_list()
Eric Dumazet <edumazet@google.com>
inet: frags: annotate races around fqdir->dead and fqdir->high_thresh
Eric W. Biederman <ebiederm@xmission.com>
taskstats: Cleanup the use of task->exit_code
Michael S. Tsirkin <mst@redhat.com>
virtio_ring: mark ring unused on error
Eli Cohen <elic@nvidia.com>
vdpa/mlx5: Fix wrong configuration of virtio_version_1_0
Laurence de Bruxelles <lfdebrux@gmail.com>
rtc: pxa: fix null pointer dereference
Dmitry Torokhov <dmitry.torokhov@gmail.com>
HID: vivaldi: fix handling devices not using numbered reports
Robert Hancock <robert.hancock@calian.com>
net: axienet: increase default TX ring size to 128
Robert Hancock <robert.hancock@calian.com>
net: axienet: fix for TX busy handling
Robert Hancock <robert.hancock@calian.com>
net: axienet: fix number of TX ring slots for available check
Robert Hancock <robert.hancock@calian.com>
net: axienet: Fix TX ring slot available check
Robert Hancock <robert.hancock@calian.com>
net: axienet: limit minimum TX ring size
Robert Hancock <robert.hancock@calian.com>
net: axienet: add missing memory barriers
Robert Hancock <robert.hancock@calian.com>
net: axienet: reset core on initialization prior to MDIO access
Robert Hancock <robert.hancock@calian.com>
net: axienet: Wait for PhyRstCmplt after core reset
Robert Hancock <robert.hancock@calian.com>
net: axienet: increase reset timeout
Wen Gu <guwen@linux.alibaba.com>
net/smc: Fix hung_task when removing SMC-R devices
Robert Hancock <robert.hancock@calian.com>
clk: si5341: Fix clock HW provider cleanup
Stephen Boyd <sboyd@kernel.org>
clk: Emit a stern warning with writable debugfs enabled
Eric Dumazet <edumazet@google.com>
af_unix: annote lockless accesses to unix_tot_inflight & gc_in_progress
Chao Yu <chao@kernel.org>
f2fs: fix to reserve space for IO align feature
Hyeong-Jun Kim <hj514.kim@samsung.com>
f2fs: compress: fix potential deadlock of compress file
Miaoqian Lin <linmq006@gmail.com>
parisc: pdc_stable: Fix memory leak in pdcs_register_pathentries
Tobias Waldekranz <tobias@waldekranz.com>
net/fsl: xgmac_mdio: Fix incorrect iounmap when removing module
Tobias Waldekranz <tobias@waldekranz.com>
net/fsl: xgmac_mdio: Add workaround for erratum A-009885
Eric Dumazet <edumazet@google.com>
ipv4: avoid quadratic behavior in netns dismantle
Eric Dumazet <edumazet@google.com>
ipv4: update fib_info_cnt under spinlock protection
German Gomez <german.gomez@arm.com>
perf evsel: Override attr->sample_period for non-libpfm4 events
Toke Høiland-Jørgensen <toke@redhat.com>
xdp: check prog type before updating BPF link
Quentin Monnet <quentin@isovalent.com>
bpftool: Remove inclusion of utilities.mak from Makefiles
Russell King <russell.king@oracle.com>
arm64/bpf: Remove 128MB limit for BPF JIT programs
Ye Bin <yebin10@huawei.com>
block: Fix fsync always failed if once failed
Tobias Waldekranz <tobias@waldekranz.com>
powerpc/fsl/dts: Enable WA for erratum A-009885 on fman3l MDIO buses
Anders Roxell <anders.roxell@linaro.org>
powerpc/cell: Fix clang -Wimplicit-fallthrough warning
Moshe Shemesh <moshe@nvidia.com>
Revert "net/mlx5: Add retry mechanism to the command entry index allocation"
Amelie Delaunay <amelie.delaunay@foss.st.com>
dmaengine: stm32-mdma: fix STM32_MDMA_CTBR_TSEL_MASK
Chengguang Xu <cgxu519@mykernel.net>
RDMA/rxe: Fix a typo in opcode name
Yixing Liu <liuyixing1@huawei.com>
RDMA/hns: Modify the mapping attribute of doorbell to device
Kunihiko Hayashi <hayashi.kunihiko@socionext.com>
dmaengine: uniphier-xdmac: Fix type of address variables
Bart Van Assche <bvanassche@acm.org>
scsi: core: Show SCMD_LAST in text form
Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Bluetooth: hci_sync: Fix not setting adv set duration
Randy Dunlap <rdunlap@infradead.org>
Documentation: fix firewire.rst ABI file path error
Lukas Bulwahn <lukas.bulwahn@gmail.com>
Documentation: refer to config RANDOMIZE_BASE for kernel address-space randomization
Sakari Ailus <sakari.ailus@linux.intel.com>
Documentation: ACPI: Fix data node reference documentation
Daniel Thompson <daniel.thompson@linaro.org>
Documentation: dmaengine: Correctly describe dmatest with channel unset
Randy Dunlap <rdunlap@infradead.org>
media: correct MEDIA_TEST_SUPPORT help text
Maxime Ripard <maxime@cerno.tech>
drm/vc4: hdmi: Make sure the device is powered with CEC
Suresh Udipi <sudipi@jp.adit-jv.com>
media: rcar-csi2: Optimize the selection PHTW register
Marc Kleine-Budde <mkl@pengutronix.de>
can: mcp251xfd: mcp251xfd_tef_obj_read(): fix typo in error message
Ben Hutchings <ben@decadent.org.uk>
firmware: Update Kconfig help text for Google firmware
Baruch Siach <baruch@tkos.co.il>
of: base: Improve argument length mismatch error
Christian König <christian.koenig@amd.com>
drm/radeon: fix error handling in radeon_driver_open_kms
Theodore Ts'o <tytso@mit.edu>
ext4: don't use the orphan list when migrating an inode
Ye Bin <yebin10@huawei.com>
ext4: fix null-ptr-deref in '__ext4_journal_ensure_credits'
Sebastian Andrzej Siewior <bigeasy@linutronix.de>
ext4: destroy ext4_fc_dentry_cachep kmemcache on module removal
Xin Yin <yinxin.x@bytedance.com>
ext4: fast commit may miss tracking unwritten range during ftruncate
Xin Yin <yinxin.x@bytedance.com>
ext4: use ext4_ext_remove_space() for fast commit replay delete range
Ye Bin <yebin10@huawei.com>
ext4: Fix BUG_ON in ext4_bread when write quota data
Luís Henriques <lhenriques@suse.de>
ext4: set csum seed in tmp inode while migrating to extents
Xin Yin <yinxin.x@bytedance.com>
ext4: fix fast commit may miss tracking range for FALLOC_FL_ZERO_RANGE
Harshad Shirwadkar <harshadshirwadkar@gmail.com>
ext4: initialize err_blk before calling __ext4_get_inode_loc
Chunguang Xu <brookxu@tencent.com>
ext4: fix a possible ABBA deadlock due to busy PA
Jan Kara <jack@suse.cz>
ext4: make sure quota gets properly shutdown on error
Jan Kara <jack@suse.cz>
ext4: make sure to reset inode lockdep class when quota enabling fails
Filipe Manana <fdmanana@suse.com>
btrfs: respect the max size in the header when activating swap file
Josef Bacik <josef@toxicpanda.com>
btrfs: check the root node for uptodate before returning it
Filipe Manana <fdmanana@suse.com>
btrfs: fix deadlock between quota enable and other quota operations
Ghalem Boudour <ghalem.boudour@6wind.com>
xfrm: fix policy lookup for ipv6 gre packets
Pali Rohár <pali@kernel.org>
PCI: pci-bridge-emul: Set PCI_STATUS_CAP_LIST for PCIe device
Pali Rohár <pali@kernel.org>
PCI: pci-bridge-emul: Correctly set PCIe capabilities
Pali Rohár <pali@kernel.org>
PCI: pci-bridge-emul: Fix definitions of reserved bits
Pali Rohár <pali@kernel.org>
PCI: pci-bridge-emul: Properly mark reserved PCIe bits in PCI config space
Pali Rohár <pali@kernel.org>
PCI: pci-bridge-emul: Make expansion ROM Base Address register read-only
Lukas Wunner <lukas@wunner.de>
PCI: pciehp: Fix infinite loop in IRQ handler upon power fault
Hans de Goede <hdegoede@redhat.com>
PCI: pciehp: Use down_read/write_nested(reset_lock) to fix lockdep errors
Rob Herring <robh@kernel.org>
PCI: xgene: Fix IB window setup
Nicholas Piggin <npiggin@gmail.com>
powerpc/64s/radix: Fix huge vmap false positive
John David Anglin <dave.anglin@bell.net>
parisc: Fix lpa and lpa_user defines
Brian Norris <briannorris@chromium.org>
drm/bridge: analogix_dp: Make PSR-exit block less
Ilia Mirkin <imirkin@alum.mit.edu>
drm/nouveau/kms/nv04: use vzalloc for nv04_display
Lucas Stach <l.stach@pengutronix.de>
drm/etnaviv: limit submit sizes
Sakari Ailus <sakari.ailus@linux.intel.com>
device property: Fix fwnode_graph_devcon_match() fwnode leak
Alexander Gordeev <agordeev@linux.ibm.com>
s390/mm: fix 2KB pgtable release race
Ilan Peer <ilan.peer@intel.com>
iwlwifi: mvm: Increase the scan timeout guard to 30 seconds
Xiangyang Zhang <xyz.sun.ok@gmail.com>
tracing/kprobes: 'nmissed' not showed correctly for kretprobe
Andrey Ryabinin <arbn@yandex-team.com>
cputime, cpuacct: Include guest time in user time in cpuacct.stat
Lukas Wunner <lukas@wunner.de>
serial: Fix incorrect rs485 polarity on uart open
Xie Yongji <xieyongji@bytedance.com>
fuse: Pass correct lend value to filemap_write_and_wait_range()
Oleksandr Andrushchenko <oleksandr_andrushchenko@epam.com>
xen/gntdev: fix unmap notification order
Kunihiko Hayashi <hayashi.kunihiko@socionext.com>
spi: uniphier: Fix a bug that doesn't point to private data correctly
Patrick Williams <patrick@stwcx.xyz>
tpm: fix NPE on probe for missing device
Petr Cvachoucek <cvachoucek@gmail.com>
ubifs: Error path in ubifs_remount_rw() seems to wrongly free write buffers
Meng Li <Meng.Li@windriver.com>
crypto: caam - replace this_cpu_ptr with raw_cpu_ptr
Marek Vasut <marex@denx.de>
crypto: stm32/crc32 - Fix kernel BUG triggered in probe()
Heiner Kallweit <hkallweit1@gmail.com>
crypto: omap-aes - Fix broken pm_runtime_and_get() usage
Arnaud Pouliquen <arnaud.pouliquen@foss.st.com>
rpmsg: core: Clean up resources on announce_create failure.
Miaoqian Lin <linmq006@gmail.com>
phy: mediatek: Fix missing check in mtk_mipi_tx_probe
Tzung-Bi Shih <tzungbi@google.com>
ASoC: mediatek: mt8183: fix device_node leak
Tzung-Bi Shih <tzungbi@google.com>
ASoC: mediatek: mt8173: fix device_node leak
Christoph Hellwig <hch@lst.de>
scsi: sr: Don't use GFP_DMA
Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
MIPS: Octeon: Fix build errors using clang
Lakshmi Sowjanya D <lakshmi.sowjanya.d@intel.com>
i2c: designware-pci: Fix to change data types of hcnt and lcnt parameters
Marc Zyngier <maz@kernel.org>
irqchip/gic-v4: Disable redistributors' view of the VPE table at boot time
Ye Guojin <ye.guojin@zte.com.cn>
MIPS: OCTEON: add put_device() after of_find_device_by_node()
Jan Kara <jack@suse.cz>
udf: Fix error handling in udf_new_inode()
Hari Bathini <hbathini@linux.ibm.com>
powerpc/fadump: Fix inaccurate CPU state info in vmcore generated with panic
Hari Bathini <hbathini@linux.ibm.com>
powerpc: handle kdump appropriately with crash_kexec_post_notifiers option
Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
selftests/powerpc/spectre_v2: Return skip code when miss_percent is high
Christophe Leroy <christophe.leroy@csgroup.eu>
powerpc/40x: Map 32Mbytes of memory at startup
Nathan Chancellor <nathan@kernel.org>
MIPS: Loongson64: Use three arguments for slti
Takashi Iwai <tiwai@suse.de>
ALSA: seq: Set upper limit of processed events
James Smart <jsmart2021@gmail.com>
scsi: lpfc: Trigger SLI4 firmware dump before doing driver cleanup
Christoph Hellwig <hch@lst.de>
dm: fix alloc_dax error handling in alloc_dev
Srinivas Kandagatla <srinivas.kandagatla@linaro.org>
nvmem: core: set size for sysfs bin file
Christophe Leroy <christophe.leroy@csgroup.eu>
w1: Misuse of get_user()/put_user() reported by sparse
Alexey Kardashevskiy <aik@ozlabs.ru>
KVM: PPC: Book3S: Suppress failed alloc warning in H_COPY_TOFROM_GUEST
Alexey Kardashevskiy <aik@ozlabs.ru>
KVM: PPC: Book3S: Suppress warnings when allocating too big memory slots
Christophe Leroy <christophe.leroy@csgroup.eu>
powerpc/powermac: Add missing lockdep_register_key()
Martin Blumenstingl <martin.blumenstingl@googlemail.com>
clk: meson: gxbb: Fix the SDM_EN bit for MPLL0 on GXBB
Joakim Tjernlund <joakim.tjernlund@infinera.com>
i2c: mpc: Correct I2C reset procedure
Michael Ellerman <mpe@ellerman.id.au>
powerpc/smp: Move setup_profiling_timer() under CONFIG_PROFILING
Heiner Kallweit <hkallweit1@gmail.com>
i2c: i801: Don't silently correct invalid transfer size
Nicholas Piggin <npiggin@gmail.com>
powerpc/watchdog: Fix missed watchdog reset due to memory ordering race
Julia Lawall <Julia.Lawall@lip6.fr>
powerpc/btext: add missing of_node_put
Julia Lawall <Julia.Lawall@lip6.fr>
powerpc/cell: add missing of_node_put
Julia Lawall <Julia.Lawall@lip6.fr>
powerpc/powernv: add missing of_node_put
Julia Lawall <Julia.Lawall@lip6.fr>
powerpc/6xx: add missing of_node_put
Ingo Molnar <mingo@kernel.org>
x86/kbuild: Enable CONFIG_KALLSYMS_ALL=y in the defconfigs
Mauro Carvalho Chehab <mchehab@kernel.org>
scripts: sphinx-pre-install: Fix ctex support on Debian
John David Anglin <dave.anglin@bell.net>
parisc: Avoid calling faulthandler_disabled() twice
Jason A. Donenfeld <Jason@zx2c4.com>
random: do not throw away excess input to crng_fast_load
Lukas Wunner <lukas@wunner.de>
serial: core: Keep mctrl register state and cached copy in sync
Lukas Wunner <lukas@wunner.de>
serial: pl010: Drop CR register reset on set_termios
Konrad Dybcio <konrad.dybcio@somainline.org>
regulator: qcom_smd: Align probe function with rpmh-regulator
Russell King (Oracle) <rmk+kernel@armlinux.org.uk>
net: gemini: allow any RGMII interface mode
Russell King (Oracle) <rmk+kernel@armlinux.org.uk>
net: phy: marvell: configure RGMII delays for 88E1118
Danielle Ratson <danieller@nvidia.com>
mlxsw: pci: Avoid flow control for EMAD packets
Joe Thornber <ejt@redhat.com>
dm space map common: add bounds check to sm_ll_lookup_bitmap()
Joe Thornber <ejt@redhat.com>
dm btree: add a defensive bounds check to insert_at()
Ping-Ke Shih <pkshih@realtek.com>
mac80211: allow non-standard VHT MCS-10/11
Florian Fainelli <f.fainelli@gmail.com>
net: mdio: Demote probed message to debug print
Josef Bacik <josef@toxicpanda.com>
btrfs: remove BUG_ON(!eie) in find_parent_nodes
Josef Bacik <josef@toxicpanda.com>
btrfs: remove BUG_ON() in find_parent_nodes()
Thomas Weißschuh <linux@weissschuh.net>
ACPI: battery: Add the ThinkPad "Not Charging" quirk
Marina Nikolic <Marina.Nikolic@amd.com>
amdgpu/pm: Make sysfs pm attributes as read-only for VFs
Zongmin Zhou <zhouzongmin@kylinos.cn>
drm/amdgpu: fixup bad vram size on gmc v8
Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
ACPICA: Hardware: Do not flush CPU cache when entering S4 and S5
Sudeep Holla <sudeep.holla@arm.com>
ACPICA: Fix wrong interpretation of PCC address
Rafael J. Wysocki <rafael.j.wysocki@intel.com>
ACPICA: Executer: Fix the REFCLASS_REFOF case in acpi_ex_opcode_1A_0T_1R()
Rafael J. Wysocki <rafael.j.wysocki@intel.com>
ACPICA: Utilities: Avoid deleting the same object twice in a row
Mark Langsdorf <mlangsdo@redhat.com>
ACPICA: actypes.h: Expand the ACPI_ACCESS_ definitions
Kyeong Yoo <kyeong.yoo@alliedtelesis.co.nz>
jffs2: GC deadlock reading a page that is used in jffs2_write_begin()
Lucas Stach <l.stach@pengutronix.de>
drm/etnaviv: consider completed fence seqno in hang check
Antony Antony <antony.antony@secunet.com>
xfrm: rate limit SA mapping change message to user space
Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Bluetooth: vhci: Set HCI_QUIRK_VALID_LE_STATES
Ben Greear <greearb@candelatech.com>
ath11k: Fix napi related hang
Randy Dunlap <rdunlap@infradead.org>
um: registers: Rename function names to avoid conflicts and build problems
Luca Coelho <luciano.coelho@intel.com>
iwlwifi: pcie: make sure prph_info is set when treating wakeup IRQ
Ilan Peer <ilan.peer@intel.com>
iwlwifi: mvm: Fix calculation of frame length
Johannes Berg <johannes.berg@intel.com>
iwlwifi: remove module loading failure message
Johannes Berg <johannes.berg@intel.com>
iwlwifi: fix leaks/bad data after failed firmware load
Changcheng Deng <deng.changcheng@zte.com.cn>
PM: AVS: qcom-cpr: Use div64_ul instead of do_div
Po-Hao Huang <phhuang@realtek.com>
rtw88: 8822c: update rx settings to prevent potential hw deadlock
Zekun Shen <bruceshenzk@gmail.com>
ath9k: Fix out-of-bound memcpy in ath9k_hif_usb_rx_stream
Kai-Heng Feng <kai.heng.feng@canonical.com>
usb: hub: Add delay for SuperSpeed hub resume to let links transit to U0
Rafael J. Wysocki <rafael.j.wysocki@intel.com>
cpufreq: Fix initialization of min and max frequency QoS requests
Rafael J. Wysocki <rafael.j.wysocki@intel.com>
PM: runtime: Add safety net to supplier device release
Thierry Reding <treding@nvidia.com>
arm64: tegra: Adjust length of CCPLEX cluster MMIO region
Biwen Li <biwen.li@nxp.com>
arm64: dts: ls1028a-qds: move rtc node to the correct i2c bus
Paul Moore <paul@paul-moore.com>
audit: ensure userspace is penalized the same as the kernel when under pressure
Ulf Hansson <ulf.hansson@linaro.org>
mmc: core: Fixup storing of OCR for MMC_QUIRK_NONSTD_SDIO
Zhou Qingyang <zhou1615@umn.edu>
media: saa7146: hexium_gemini: Fix a NULL pointer dereference in hexium_attach()
Sean Young <sean@mess.org>
media: igorplugusb: receiver overflow should be reported
Alistair Francis <alistair@alistair23.me>
HID: quirks: Allow inverting the absolute X/Y values
Paolo Abeni <pabeni@redhat.com>
bpf: Do not WARN in bpf_warn_invalid_xdp_action()
Suresh Kumar <surkumar@redhat.com>
net: bonding: debug: avoid printing debug logs when bond is not notifying peers
Borislav Petkov <bp@suse.de>
x86/mce: Mark mce_read_aux() noinstr
Borislav Petkov <bp@suse.de>
x86/mce: Mark mce_end() noinstr
Borislav Petkov <bp@suse.de>
x86/mce: Mark mce_panic() noinstr
Borislav Petkov <bp@suse.de>
x86/mce: Allow instrumentation during task work queueing
Baochen Qiang <quic_bqiang@quicinc.com>
ath11k: Avoid false DEADLOCK warning reported by lockdep
Heiko Carstens <hca@linux.ibm.com>
selftests/ftrace: make kprobe profile testcase description unique
Iwona Winiarska <iwona.winiarska@intel.com>
gpio: aspeed: Convert aspeed_gpio.lock to raw_spinlock
Russell King (Oracle) <rmk+kernel@armlinux.org.uk>
net: phy: prefer 1000baseT over 1000baseKX
Antoine Tenart <atenart@kernel.org>
net-sysfs: update the queue counts in the unregistration path
Sebastian Gottschall <s.gottschall@dd-wrt.com>
ath10k: Fix tx hanging
Wen Gong <quic_wgong@quicinc.com>
ath11k: avoid deadlock by change ieee80211_queue_work for regd_update_work
Shaul Triebitz <shaul.triebitz@intel.com>
iwlwifi: mvm: avoid clearing a just saved session protection id
Johannes Berg <johannes.berg@intel.com>
iwlwifi: mvm: synchronize with FW after multicast commands
Mika Westerberg <mika.westerberg@linux.intel.com>
thunderbolt: Runtime PM activate both ends of the device link
Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
media: m920x: don't use stack on USB reads
Zhou Qingyang <zhou1615@umn.edu>
media: saa7146: hexium_orion: Fix a NULL pointer dereference in hexium_attach()
Niklas Söderlund <niklas.soderlund+renesas@ragnatech.se>
media: rcar-vin: Update format alignment constraints
James Hilliard <james.hilliard1@gmail.com>
media: uvcvideo: Increase UVC_CTRL_CONTROL_TIMEOUT to 5 seconds.
Laurent Pinchart <laurent.pinchart+renesas@ideasonboard.com>
drm: rcar-du: Fix CRTC timings when CMM is used
Joerg Roedel <jroedel@suse.de>
x86/mm: Flush global TLB when switching to trampoline page-table
Xiongwei Song <sxwjean@gmail.com>
floppy: Add max size check for user space request
Neal Liu <neal_liu@aspeedtech.com>
usb: uhci: add aspeed ast2600 uhci support
Kishon Vijay Abraham I <kishon@ti.com>
arm64: dts: ti: j7200-main: Fix 'dtbs_check' serdes_ln_ctrl node
Hans de Goede <hdegoede@redhat.com>
ACPI / x86: Add not-present quirk for the PCI0.SDHB.BRC1 device on the GPD win
Hans de Goede <hdegoede@redhat.com>
ACPI / x86: Allow specifying acpi_device_override_status() quirks by path
Hans de Goede <hdegoede@redhat.com>
ACPI: Change acpi_device_always_present() into acpi_device_override_status()
Hans de Goede <hdegoede@redhat.com>
ACPI / x86: Drop PWM2 device on Lenovo Yoga Book from always present table
Mansur Alisha Shaik <mansur@codeaurora.org>
media: venus: avoid calling core_clk_setrate() concurrently during concurrent video sessions
Sriram R <quic_srirrama@quicinc.com>
ath11k: Avoid NULL ptr access during mgmt tx cleanup
Zekun Shen <bruceshenzk@gmail.com>
rsi: Fix out-of-bounds read in rsi_read_pkt()
Zekun Shen <bruceshenzk@gmail.com>
rsi: Fix use-after-free in rsi_rx_done_handler()
Zekun Shen <bruceshenzk@gmail.com>
mwifiex: Fix skb_over_panic in mwifiex_usb_recv()
Stephan Müller <smueller@chronox.de>
crypto: jitter - consider 32 LSB for APT
Chengfeng Ye <cyeaa@connect.ust.hk>
HSI: core: Fix return freed object in hsi_new_client
Hans de Goede <hdegoede@redhat.com>
gpiolib: acpi: Do not set the IRQ type if the IRQ is already in use
Fugang Duan <fugang.duan@nxp.com>
tty: serial: imx: disable UCR4_OREN in .stop_rx() instead of .shutdown()
Martyn Welch <martyn.welch@collabora.com>
drm/bridge: megachips: Ensure both bridges are probed before registration
Danielle Ratson <danieller@nvidia.com>
mlxsw: pci: Add shutdown method in PCI driver
Jan Kiszka <jan.kiszka@siemens.com>
soc: ti: pruss: fix referenced node in error message
Alex Deucher <alexander.deucher@amd.com>
drm/amdgpu/display: set vblank_disable_immediate for DC
Yang Li <yang.lee@linux.alibaba.com>
drm/amd/display: check top_pipe_to_program pointer
Lukas Bulwahn <lukas.bulwahn@gmail.com>
ARM: imx: rename DEBUG_IMX21_IMX27_UART to DEBUG_IMX27_UART
Dinh Nguyen <dinguyen@kernel.org>
EDAC/synopsys: Use the quirk for version instead of ddr version
Zheyu Ma <zheyuma97@gmail.com>
media: b2c2: Add missing check in flexcop_pci_isr:
José Expósito <jose.exposito89@gmail.com>
HID: apple: Do not reset quirks when the Fn key is not found
Hans de Goede <hdegoede@redhat.com>
drm: panel-orientation-quirks: Add quirk for the Lenovo Yoga Book X91F/L
Pavankumar Kondeti <quic_pkondeti@quicinc.com>
usb: gadget: f_fs: Use stream_open() for endpoint files
Baochen Qiang <bqiang@codeaurora.org>
ath11k: Fix crash caused by uninitialized TX ring
Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
media: atomisp: handle errors at sh_css_create_isp_params()
Linus Lüssing <linus.luessing@c0d3.blue>
batman-adv: allow netlink usage in unprivileged containers
Wan Jiabing <wanjiabing@vivo.com>
ARM: shmobile: rcar-gen2: Add missing of_node_put()
Hans de Goede <hdegoede@redhat.com>
media: atomisp-ov2680: Fix ov2680_set_fmt() clobbering the exposure
Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
media: atomisp: set per-device's default mode
Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
media: atomisp: fix try_fmt logic
Ben Skeggs <bskeggs@redhat.com>
drm/nouveau/pmu/gm200-: avoid touching PMU outside of DEVINIT/PREOS/ACR
Neil Armstrong <narmstrong@baylibre.com>
drm/bridge: dw-hdmi: handle ELD when DRM_BRIDGE_ATTACH_NO_CONNECTOR
Zekun Shen <bruceshenzk@gmail.com>
ar5523: Fix null-ptr-deref with unexpected WDCMSG_TARGET_START reply
Andrii Nakryiko <andrii@kernel.org>
selftests/bpf: Fix bpf_object leak in skb_ctx selftest
Qiang Yu <yuq825@gmail.com>
drm/lima: fix warning when CONFIG_DEBUG_SG=y & CONFIG_DMA_API_DEBUG=y
Andrii Nakryiko <andrii@kernel.org>
libbpf: Validate that .BTF and .BTF.ext sections contain data
Alexander Aring <aahringo@redhat.com>
fs: dlm: filter user dlm messages for kernel locks
Wei Yongjun <weiyongjun1@huawei.com>
Bluetooth: Fix debugfs entry leak in hci_register_dev()
Sicelo A. Mhlongo <absicsz@gmail.com>
ARM: dts: omap3-n900: Fix lp5523 for multi color
Baruch Siach <baruch@tkos.co.il>
of: base: Fix phandle argument length mismatch error message
Conor Dooley <conor.dooley@microchip.com>
clk: bm1880: remove kfrees on static allocations
Shengjiu Wang <shengjiu.wang@nxp.com>
ASoC: fsl_asrc: refine the check of available clock divider
Kamal Heib <kamalheib1@gmail.com>
RDMA/cxgb4: Set queue pair state when being queried
Alyssa Ross <hi@alyssa.is>
ASoC: fsl_mqs: fix MODULE_ALIAS
Ammar Faizi <ammarfaizi2@gmail.com>
powerpc/xive: Add missing null check after calling kmalloc
Randy Dunlap <rdunlap@infradead.org>
mips: bcm63xx: add support for clk_set_parent()
Randy Dunlap <rdunlap@infradead.org>
mips: lantiq: add support for clk_set_parent()
Sameer Pujar <spujar@nvidia.com>
arm64: tegra: Remove non existent Tegra194 reset
Sameer Pujar <spujar@nvidia.com>
arm64: tegra: Fix Tegra194 HDA {clock,reset}-names ordering
Fabrice Gasnier <fabrice.gasnier@foss.st.com>
counter: stm32-lptimer-cnt: remove iio counter abi
Wei Yongjun <weiyongjun1@huawei.com>
misc: lattice-ecp3-config: Fix task hung when firmware load failed
Jiasheng Jiang <jiasheng@iscas.ac.cn>
ASoC: samsung: idma: Check of ioremap return value
Jiasheng Jiang <jiasheng@iscas.ac.cn>
ASoC: mediatek: Check for error clk pointer
Ryuta NAKANISHI <nakanishi.ryuta@socionext.com>
phy: uniphier-usb3ss: fix unintended writing zeros to PHY register
Alan Stern <stern@rowland.harvard.edu>
scsi: block: pm: Always set request queue runtime active in blk_post_runtime_resume()
Xiongfeng Wang <wangxiongfeng2@huawei.com>
iommu/iova: Fix race between FQ timeout and teardown
Cezary Rojewski <cezary.rojewski@intel.com>
ASoC: Intel: catpt: Test dmaengine_submit() result before moving on
Maxim Levitsky <mlevitsk@redhat.com>
iommu/amd: Restore GA log/tail pointer on host resume
Suravee Suthikulpanit <suravee.suthikulpanit@amd.com>
iommu/amd: Remove iommu_init_ga()
Arnd Bergmann <arnd@arndb.de>
dmaengine: pxa/mmp: stop referencing config->slave_id
Lukas Bulwahn <lukas.bulwahn@gmail.com>
mips: fix Kconfig reference to PHYS_ADDR_T_64BIT
Lukas Bulwahn <lukas.bulwahn@gmail.com>
mips: add SYS_HAS_CPU_MIPS64_R5 config for MIPS Release 5 support
Dillon Min <dillon.minfei@gmail.com>
clk: stm32: Fix ltdc's clock turn off by clk_disable_unused() after system enter shell
Frank Rowand <frank.rowand@sony.com>
of: unittest: 64 bit dma address test requires arch support
Jim Quinlan <jim2101024@gmail.com>
of: unittest: fix warning on PowerPC frame size warning
Jiasheng Jiang <jiasheng@iscas.ac.cn>
ASoC: rt5663: Handle device_property_read_u32_array error codes
Avihai Horon <avihaih@nvidia.com>
RDMA/cma: Let cma_resolve_ib_dev() continue search even after empty entry
Avihai Horon <avihaih@nvidia.com>
RDMA/core: Let ib_find_gid() continue search even after empty entry
Christophe Leroy <christophe.leroy@csgroup.eu>
powerpc/powermac: Add additional missing lockdep_register_key()
Thomas Gleixner <tglx@linutronix.de>
PCI/MSI: Fix pci_irq_vector()/pci_irq_get_affinity()
Kamal Heib <kamalheib1@gmail.com>
RDMA/qedr: Fix reporting max_{send/recv}_wr attrs
Bart Van Assche <bvanassche@acm.org>
scsi: ufs: Fix race conditions related to driver data
Hector Martin <marcan@marcan.st>
iommu/io-pgtable-arm: Fix table descriptor paddr formatting
Jiasheng Jiang <jiasheng@iscas.ac.cn>
uio: uio_dmem_genirq: Catch the Exception
Stafford Horne <shorne@gmail.com>
openrisc: Add clone3 ABI wrapper
Todd Kjos <tkjos@google.com>
binder: fix handling of error during copy
Kees Cook <keescook@chromium.org>
char/mwave: Adjust io port register size
Takashi Iwai <tiwai@suse.de>
ALSA: usb-audio: Drop superfluous '0' in Presonus Studio 1810c's ID
Bixuan Cui <cuibixuan@linux.alibaba.com>
ALSA: oss: fix compile error when OSS_DEBUG is enabled
Waiman Long <longman@redhat.com>
clocksource: Avoid accidental unstable marking of clocksources
Paul E. McKenney <paulmck@kernel.org>
clocksource: Reduce clocksource-skew threshold
Christophe Leroy <christophe.leroy@csgroup.eu>
powerpc/32s: Fix shift-out-of-bounds in KASAN init
Athira Rajeev <atrajeev@linux.vnet.ibm.com>
powerpc/perf: Fix PMU callbacks to clear pending PMI before resetting an overflown PMC
Christophe Leroy <christophe.leroy@csgroup.eu>
powerpc/irq: Add helper to set regs->softe
Nicholas Piggin <npiggin@gmail.com>
powerpc/perf: move perf irq/nmi handling details into traps.c
Athira Rajeev <atrajeev@linux.vnet.ibm.com>
powerpc/perf: MMCR0 control for PMU registers under PMCC=00
Jordan Niethe <jniethe5@gmail.com>
powerpc/64s: Convert some cpu_setup() and cpu_restore() functions to C
Niklas Söderlund <niklas.soderlund+renesas@ragnatech.se>
dt-bindings: thermal: Fix definition of cooling-maps contribution property
Lukas Bulwahn <lukas.bulwahn@gmail.com>
ASoC: uniphier: drop selecting non-existing SND_SOC_UNIPHIER_AIO_DMA
Peiwei Hu <jlu.hpw@foxmail.com>
powerpc/prom_init: Fix improper check of prom_getprop()
Adam Ford <aford173@gmail.com>
clk: imx8mn: Fix imx8mn_clko1_sels
Igor Pylypiv <ipylypiv@google.com>
scsi: pm80xx: Update WARN_ON check in pm8001_mpi_build_cmd()
Kamal Heib <kamalheib1@gmail.com>
RDMA/hns: Validate the pkey index
Christophe JAILLET <christophe.jaillet@wanadoo.fr>
RDMA/bnxt_re: Scan the whole bitmap when checking if "disabling RCFW with pending cmd-bit"
Takashi Iwai <tiwai@suse.de>
ALSA: hda: Add missing rwsem around snd_ctl_remove() calls
Takashi Iwai <tiwai@suse.de>
ALSA: PCM: Add missing rwsem around snd_ctl_remove() calls
Takashi Iwai <tiwai@suse.de>
ALSA: jack: Add missing rwsem around snd_ctl_remove() calls
Jan Kara <jack@suse.cz>
ext4: avoid trim error on fs with small groups
Pavel Skripkin <paskripkin@gmail.com>
net: mcs7830: handle usb read errors properly
Nathan Chancellor <nathan@kernel.org>
iwlwifi: mvm: Use div_s64 instead of do_div in iwl_mvm_ftm_rtt_smoothing()
Dominik Brodowski <linux@dominikbrodowski.net>
pcmcia: fix setting of kthread task states
Jiasheng Jiang <jiasheng@iscas.ac.cn>
can: xilinx_can: xcan_probe(): check for error irq
Marc Kleine-Budde <mkl@pengutronix.de>
can: softing: softing_startstop(): fix set but not used variable warning
Christophe Jaillet <christophe.jaillet@wanadoo.fr>
tpm_tis: Fix an error handling path in 'tpm_tis_core_init()'
Chen Jun <chenjun102@huawei.com>
tpm: add request_locality before write TPM_INT_ENABLE
Marc Kleine-Budde <mkl@pengutronix.de>
can: mcp251xfd: add missing newline to printed strings
Fabio Estevam <festevam@denx.de>
regmap: Call regmap_debugfs_exit() prior to _init()
Dan Carpenter <dan.carpenter@oracle.com>
netrom: fix api breakage in nr_setsockopt()
Dan Carpenter <dan.carpenter@oracle.com>
ax25: uninitialized variable in ax25_setsockopt()
Miaoqian Lin <linmq006@gmail.com>
spi: spi-meson-spifc: Add missing pm_runtime_disable() in meson_spifc_probe
Dan Carpenter <dan.carpenter@oracle.com>
Bluetooth: L2CAP: uninitialized variables in l2cap_sock_setsockopt()
Zizhuang Deng <sunsetdzz@gmail.com>
lib/mpi: Add the return value check of kcalloc()
Moshe Shemesh <moshe@nvidia.com>
net/mlx5: Set command entry semaphore up once got index free
Aya Levin <ayal@nvidia.com>
Revert "net/mlx5e: Block offload of outer header csum for UDP tunnels"
Maor Dickman <maord@nvidia.com>
net/mlx5e: Don't block routes with nexthop objects in SW
Aya Levin <ayal@nvidia.com>
net/mlx5e: Fix page DMA map/unmap attributes
Michal Suchanek <msuchanek@suse.de>
debugfs: lockdown: Allow reading debugfs files that are not world readable
José Expósito <jose.exposito89@gmail.com>
HID: hid-uclogic-params: Invalid parameter check in uclogic_params_frame_init_v1_buttonpad
José Expósito <jose.exposito89@gmail.com>
HID: hid-uclogic-params: Invalid parameter check in uclogic_params_huion_init
José Expósito <jose.exposito89@gmail.com>
HID: hid-uclogic-params: Invalid parameter check in uclogic_params_get_str_desc
José Expósito <jose.exposito89@gmail.com>
HID: hid-uclogic-params: Invalid parameter check in uclogic_params_init
Miaoqian Lin <linmq006@gmail.com>
usb: dwc3: qcom: Fix NULL vs IS_ERR checking in dwc3_qcom_probe
Miaoqian Lin <linmq006@gmail.com>
Bluetooth: hci_qca: Fix NULL vs IS_ERR_OR_NULL check in qca_serdev_probe
Jiasheng Jiang <jiasheng@iscas.ac.cn>
Bluetooth: hci_bcm: Check for error irq
Jiasheng Jiang <jiasheng@iscas.ac.cn>
fsl/fman: Check for null pointer after calling devm_ioremap
Jiasheng Jiang <jiasheng@iscas.ac.cn>
staging: greybus: audio: Check null pointer
Dan Carpenter <dan.carpenter@oracle.com>
rocker: fix a sleeping in atomic bug
Eric Dumazet <edumazet@google.com>
ppp: ensure minimum packet size in ppp_write()
Florian Westphal <fw@strlen.de>
netfilter: nft_set_pipapo: allocate pcpu scratch maps on clone
Kuniyuki Iwashima <kuniyu@amazon.co.jp>
bpf: Fix SO_RCVBUF/SO_SNDBUF handling in _bpf_setsockopt().
Daniel Borkmann <daniel@iogearbox.net>
bpf: Don't promote bogus looking registers after null check.
Xin Xiong <xiongx18@fudan.edu.cn>
netfilter: ipt_CLUSTERIP: fix refcount leak in clusterip_tg_check()
Jiasheng Jiang <jiasheng@iscas.ac.cn>
power: reset: mt6397: Check for null res pointer
Zhou Qingyang <zhou1615@umn.edu>
pcmcia: rsrc_nonstatic: Fix a NULL pointer dereference in nonstatic_find_mem_region()
Zhou Qingyang <zhou1615@umn.edu>
pcmcia: rsrc_nonstatic: Fix a NULL pointer dereference in __nonstatic_find_io_region()
Hans de Goede <hdegoede@redhat.com>
ACPI: scan: Create platform device for BCM4752 and LNV4752 ACPI nodes
Zhang Zixun <zhang133010@icloud.com>
x86/mce/inject: Avoid out-of-bounds write when setting flags
Arseny Demidov <arsdemal@gmail.com>
hwmon: (mr75203) fix wrong power-up delay value
Nathan Chancellor <nathan@kernel.org>
x86/boot/compressed: Move CLANG_FLAGS to beginning of KBUILD_CFLAGS
Panicker Harish <quic_pharish@quicinc.com>
Bluetooth: hci_qca: Stop IBS timer during BT OFF
Clément Léger <clement.leger@bootlin.com>
software node: fix wrong node passed to find nargs_prop
Marijn Suijten <marijn.suijten@somainline.org>
backlight: qcom-wled: Respect enabled-strings in set_brightness
Marijn Suijten <marijn.suijten@somainline.org>
backlight: qcom-wled: Use cpu_to_le16 macro to perform conversion
Marijn Suijten <marijn.suijten@somainline.org>
backlight: qcom-wled: Override default length with qcom,enabled-strings
Marijn Suijten <marijn.suijten@somainline.org>
backlight: qcom-wled: Fix off-by-one maximum with default num_strings
Marijn Suijten <marijn.suijten@somainline.org>
backlight: qcom-wled: Pass number of elements to read to read_u32_array
Marijn Suijten <marijn.suijten@somainline.org>
backlight: qcom-wled: Validate enabled string indices in DT
Paul Chaignon <paul@isovalent.com>
bpftool: Enable line buffering for stdout
Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Bluetooth: L2CAP: Fix using wrong mode
Johannes Berg <johannes.berg@intel.com>
um: virtio_uml: Fix time-travel external time propagation
Johannes Berg <johannes.berg@intel.com>
um: fix ndelay/udelay defines
Bernard Zhao <bernard@vivo.com>
selinux: fix potential memleak in selinux_add_opt()
Sergey Shtylyov <s.shtylyov@omp.ru>
mmc: meson-mx-sdio: add IRQ check
Sergey Shtylyov <s.shtylyov@omp.ru>
mmc: meson-mx-sdhc: add IRQ check
Nathan Errera <nathan.errera@intel.com>
iwlwifi: mvm: test roc running status bits before removing the sta
Johannes Berg <johannes.berg@intel.com>
iwlwifi: mvm: fix 32-bit build in FTM
Marek Behún <kabel@kernel.org>
ARM: dts: armada-38x: Add generic compatible to UART nodes
Robert Marko <robert.marko@sartura.hr>
arm64: dts: marvell: cn9130: enable CP0 GPIO controllers
Robert Marko <robert.marko@sartura.hr>
arm64: dts: marvell: cn9130: add GPIO and SPI aliases
Wei Yongjun <weiyongjun1@huawei.com>
usb: ftdi-elan: fix memory leak on device disconnect
Andre Przywara <andre.przywara@arm.com>
ARM: 9159/1: decompressor: Avoid UNPREDICTABLE NOP encoding
Antony Antony <antony.antony@secunet.com>
xfrm: state and policy should fail if XFRMA_IF_ID 0
Antony Antony <antony.antony@secunet.com>
xfrm: interface with if_id 0 should return error
Jernej Skrabec <jernej.skrabec@gmail.com>
media: hantro: Fix probe func error path
Robin Murphy <robin.murphy@arm.com>
drm/tegra: vic: Fix DMA API misuse
Stephen Boyd <swboyd@chromium.org>
drm/bridge: ti-sn65dsi86: Set max register for regmap
Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
drm/msm/dpu: fix safe status debugfs file
Baruch Siach <baruch@tkos.co.il>
arm64: dts: qcom: ipq6018: Fix gpio-ranges property
Srinivas Kandagatla <srinivas.kandagatla@linaro.org>
arm64: dts: qcom: c630: Fix soundcard setup
Zhou Qingyang <zhou1615@umn.edu>
ath11k: Fix a NULL pointer dereference in ath11k_mac_op_hw_scan()
Jiasheng Jiang <jiasheng@iscas.ac.cn>
media: coda/imx-vdoa: Handle dma_set_coherent_mask error codes
Wang Hai <wanghai38@huawei.com>
media: msi001: fix possible null-ptr-deref in msi001_probe()
Anton Vasilyev <vasilyev@ispras.ru>
media: dw2102: Fix use after free
Christian Lamparter <chunkeey@gmail.com>
ARM: dts: gemini: NAS4220-B: fis-index-block with 128 KiB sectors
Rameshkumar Sundaram <quic_ramess@quicinc.com>
ath11k: Fix deleting uninitialized kernel timer during fragment cache flush
Herbert Xu <herbert@gondor.apana.org.au>
crypto: stm32 - Revert broken pm_runtime_resume_and_get changes
Nicolas Toromanoff <nicolas.toromanoff@foss.st.com>
crypto: stm32/cryp - fix bugs and crash in tests
Nicolas Toromanoff <nicolas.toromanoff@foss.st.com>
crypto: stm32/cryp - fix lrw chaining mode
Nicolas Toromanoff <nicolas.toromanoff@foss.st.com>
crypto: stm32/cryp - fix double pm exit
Nicolas Toromanoff <nicolas.toromanoff@foss.st.com>
crypto: stm32/cryp - check early input data
Nicolas Toromanoff <nicolas.toromanoff@foss.st.com>
crypto: stm32/cryp - fix xts and race condition in crypto_engine requests
Nicolas Toromanoff <nicolas.toromanoff@foss.st.com>
crypto: stm32/cryp - fix CTR counter carry
Herbert Xu <herbert@gondor.apana.org.au>
crypto: stm32 - Fix last sparse warning in stm32_cryp_check_ctr_counter
Jakub Kicinski <kuba@kernel.org>
selftests: harness: avoid false negatives if test has no ASSERTs
Anders Roxell <anders.roxell@linaro.org>
selftests: clone3: clone3: add case CLONE3_ARGS_NO_TEST
Kees Cook <keescook@chromium.org>
x86/uaccess: Move variable into switch case statement
Eric Dumazet <edumazet@google.com>
xfrm: fix a small bug in xfrm_sa_len()
Brian Norris <briannorris@chromium.org>
mwifiex: Fix possible ABBA deadlock
Frederic Weisbecker <frederic@kernel.org>
rcu/exp: Mark current CPU as exp-QS in IPI loop second pass
Jackie Liu <liuyun01@kylinos.cn>
drm/msm/dp: displayPort driver need algorithm rational
Li Hua <hucool.lihua@huawei.com>
sched/rt: Try to restart rt period timer when rt runtime exceeded
Lv Yunlong <lyl2019@mail.ustc.edu.cn>
wireless: iwlwifi: Fix a double free in iwl_txq_dyn_alloc_dma
Robert Schlabbach <robert_s@gmx.net>
media: si2157: Fix "warm" tuner state detection
Zhou Qingyang <zhou1615@umn.edu>
media: saa7146: mxb: Fix a NULL pointer dereference in mxb_attach()
Zhou Qingyang <zhou1615@umn.edu>
media: dib8000: Fix a memleak in dib8000_init()
Reiji Watanabe <reijiw@google.com>
arm64: clear_page() shouldn't use DC ZVA when DCZID_EL0.DZP == 1
Will Deacon <will@kernel.org>
arm64: lib: Annotate {clear, copy}_page() as position-independent
Kajol Jain <kjain@linux.ibm.com>
bpf: Remove config check to enable bpf support for branch records
Hou Tao <houtao1@huawei.com>
bpf: Disallow BPF_LOG_KERNEL log level for bpf(BPF_BTF_LOAD)
Alexei Starovoitov <ast@kernel.org>
bpf: Adjust BTF log size limit.
Vincent Donnefort <vincent.donnefort@arm.com>
sched/fair: Fix per-CPU kthread and wakee stacking for asym CPU capacity
Vincent Donnefort <vincent.donnefort@arm.com>
sched/fair: Fix detection of per-CPU kthreads waking a task
Sean Wang <sean.wang@mediatek.com>
Bluetooth: btmtksdio: fix resume failure
Yang Yingliang <yangyingliang@huawei.com>
staging: rtl8192e: rtllib_module: fix error handle case in alloc_rtllib()
Yang Yingliang <yangyingliang@huawei.com>
staging: rtl8192e: return error code from rtllib_softmac_init()
Tasos Sahanidis <tasos@tasossah.com>
floppy: Fix hang in watchdog when disk is ejected
Lino Sanfilippo <LinoSanfilippo@gmx.de>
serial: amba-pl011: do not request memory region twice
Lizhi Hou <lizhi.hou@xilinx.com>
tty: serial: uartlite: allow 64 bit address
Nishanth Menon <nm@ti.com>
arm64: dts: ti: k3-j7200: Correct the d-cache-sets info
Nishanth Menon <nm@ti.com>
arm64: dts: ti: k3-j721e: Fix the L2 cache sets
Nishanth Menon <nm@ti.com>
arm64: dts: ti: k3-j7200: Fix the L2 cache sets
Zhou Qingyang <zhou1615@umn.edu>
drm/radeon/radeon_kms: Fix a NULL pointer dereference in radeon_driver_open_kms()
Zhou Qingyang <zhou1615@umn.edu>
drm/amdgpu: Fix a NULL pointer dereference in amdgpu_connector_lcd_native_mode()
Paul Gerber <Paul.Gerber@tq-group.com>
thermal/drivers/imx8mm: Enable ADC when enabling monitor
Rafael J. Wysocki <rafael.j.wysocki@intel.com>
ACPI: EC: Rework flushing of EC work while suspended to idle
William Kucharski <william.kucharski@oracle.com>
cgroup: Trace event cgroup id fields should be u64
Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
arm64: dts: qcom: msm8916: fix MMC controller aliases
Florian Westphal <fw@strlen.de>
netfilter: bridge: add support for pppoe filtering
Oleksij Rempel <linux@rempel-privat.de>
thermal/drivers/imx: Implement runtime PM support
Christophe JAILLET <christophe.jaillet@wanadoo.fr>
media: venus: core: Fix a resource leak in the error handling path of 'venus_probe()'
Christophe JAILLET <christophe.jaillet@wanadoo.fr>
media: venus: core: Fix a potential NULL pointer dereference in an error handling path
Bryan O'Donoghue <bryan.odonoghue@linaro.org>
media: venus: core, venc, vdec: Fix probe dependency error
Stanimir Varbanov <stanimir.varbanov@linaro.org>
media: venus: pm_helpers: Control core power domain manually
Philipp Zabel <p.zabel@pengutronix.de>
media: coda: fix CODA960 JPEG encoder buffer overflow
Dafna Hirschfeld <dafna.hirschfeld@collabora.com>
media: mtk-vcodec: call v4l2_m2m_ctx_release first when file is released
Yang Yingliang <yangyingliang@huawei.com>
media: si470x-i2c: fix possible memory leak in si470x_i2c_probe()
Fabio Estevam <festevam@denx.de>
media: imx-pxp: Initialize the spinlock prior to using it
Suresh Udipi <sudipi@jp.adit-jv.com>
media: rcar-csi2: Correct the selection of hsfreqrange
Claudiu Beznea <claudiu.beznea@microchip.com>
mfd: atmel-flexcom: Use .resume_noirq
Claudiu Beznea <claudiu.beznea@microchip.com>
mfd: atmel-flexcom: Remove #ifdef CONFIG_PM_SLEEP
Tudor Ambarus <tudor.ambarus@microchip.com>
tty: serial: atmel: Call dma_async_issue_pending()
Tudor Ambarus <tudor.ambarus@microchip.com>
tty: serial: atmel: Check return code of dmaengine_submit()
Peng Fan <peng.fan@nxp.com>
arm64: dts: ti: k3-j721e: correct cache-sets info
Anilkumar Kolli <akolli@codeaurora.org>
ath11k: Use host CE parameters for CE interrupts configuration
Giovanni Cabiddu <giovanni.cabiddu@intel.com>
crypto: qat - fix undetected PFVF timeout in ACK loop
Marco Chiappero <marco.chiappero@intel.com>
crypto: qat - make pfvf send message direction agnostic
Marco Chiappero <marco.chiappero@intel.com>
crypto: qat - remove unnecessary collision prevention step in PFVF
Bhaskar Chowdhury <unixbhaskar@gmail.com>
crypto: qat - fix spelling mistake: "messge" -> "message"
Dillon Min <dillon.minfei@gmail.com>
ARM: dts: stm32: fix dtbs_check warning on ili9341 dts binding on stm32f429 disco
George G. Davis <davis.george@siemens.com>
mtd: hyperbus: rpc-if: fix bug in rpcif_hb_remove
Chengfeng Ye <cyeaa@connect.ust.hk>
crypto: qce - fix uaf on qce_skcipher_register_one
Chengfeng Ye <cyeaa@connect.ust.hk>
crypto: qce - fix uaf on qce_ahash_register_one
Wang Hai <wanghai38@huawei.com>
media: dmxdev: fix UAF when dvb_register_device() fails
Biju Das <biju.das.jz@bp.renesas.com>
arm64: dts: renesas: cat875: Add rx/tx delays
Dan Carpenter <dan.carpenter@oracle.com>
drm/vboxvideo: fix a NULL vs IS_ERR() check
Alexander Aring <aahringo@redhat.com>
fs: dlm: fix build with CONFIG_IPV6 disabled
Jens Wiklander <jens.wiklander@linaro.org>
tee: fix put order in teedev_close_context()
Karthikeyan Kathirvel <kathirve@codeaurora.org>
ath11k: reset RSN/WPA present state for open BSS
Karthikeyan Kathirvel <kathirve@codeaurora.org>
ath11k: clear the keys properly via DISABLE_KEY
Sven Eckelmann <sven@narfation.org>
ath11k: Fix ETSI regd with weather radar overlap
Pavel Skripkin <paskripkin@gmail.com>
Bluetooth: stop proccessing malicious adv data
Lad Prabhakar <prabhakar.mahadev-lad.rj@bp.renesas.com>
memory: renesas-rpc-if: Return error in case devm_ioremap_resource() fails
Alexander Aring <aahringo@redhat.com>
fs: dlm: don't call kernel_getpeername() in error_report()
Alexander Aring <aahringo@redhat.com>
fs: dlm: use sk->sk_socket instead of con->sock
Christian Hewitt <christianshewitt@gmail.com>
arm64: dts: meson-gxbb-wetek: fix missing GPIO binding
Christian Hewitt <christianshewitt@gmail.com>
arm64: dts: meson-gxbb-wetek: fix HDMI in early boot
Alexander Stein <alexander.stein@mailbox.org>
arm64: dts: amlogic: Fix SPI NOR flash node name for ODROID N2/N2+
Alexander Stein <alexander.stein@mailbox.org>
arm64: dts: amlogic: meson-g12: Fix GPU operating point table node name
Jammy Huang <jammy_huang@aspeedtech.com>
media: aspeed: Update signal status immediately to ensure sane hw state
Dongliang Mu <mudongliangabcd@gmail.com>
media: em28xx: fix memory leak in em28xx_init_dev
Jammy Huang <jammy_huang@aspeedtech.com>
media: aspeed: fix mode-detect always time out at 2nd run
Dan Carpenter <dan.carpenter@oracle.com>
media: atomisp: fix uninitialized bug in gmin_get_pmic_id_and_addr()
Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
media: atomisp: fix enum formats logic
Tsuchiya Yuto <kitakar@gmail.com>
media: atomisp: add NULL check for asd obtained from atomisp_video_pipe
Aline Santana Cordeiro <alinesantanacordeiro@gmail.com>
media: staging: media: atomisp: pci: Balance braces around conditional statements in file atomisp_cmd.c
Tsuchiya Yuto <kitakar@gmail.com>
media: atomisp: fix ifdefs in sh_css.c
Tsuchiya Yuto <kitakar@gmail.com>
media: atomisp: fix inverted error check for ia_css_mipi_is_source_port_valid()
Tsuchiya Yuto <kitakar@gmail.com>
media: atomisp: do not use err var when checking port validity for ISP2400
Tsuchiya Yuto <kitakar@gmail.com>
media: atomisp: fix inverted logic in buffers_needed()
Tsuchiya Yuto <kitakar@gmail.com>
media: atomisp: fix punit_ddr_dvfs_enable() argument for mrfld_power up case
Tsuchiya Yuto <kitakar@gmail.com>
media: atomisp: add missing media_device_cleanup() in atomisp_unregister_entities()
Dillon Min <dillon.minfei@gmail.com>
media: videobuf2: Fix the size printk format
Lad Prabhakar <prabhakar.mahadev-lad.rj@bp.renesas.com>
mtd: hyperbus: rpc-if: Check return value of rpcif_sw_init()
Rameshkumar Sundaram <ramess@codeaurora.org>
ath11k: Send PPDU_STATS_CFG with proper pdev mask to firmware
Benjamin Li <benl@squareup.com>
wcn36xx: fix RX BD rate mapping for 5GHz legacy rates
Benjamin Li <benl@squareup.com>
wcn36xx: populate band before determining rate on RX
Bryan O'Donoghue <bryan.odonoghue@linaro.org>
wcn36xx: Put DXE block into reset before freeing memory
Bryan O'Donoghue <bryan.odonoghue@linaro.org>
wcn36xx: Release DMA channel descriptor allocations
Bryan O'Donoghue <bryan.odonoghue@linaro.org>
wcn36xx: Fix DMA channel enable/disable cycle
Bryan O'Donoghue <bryan.odonoghue@linaro.org>
wcn36xx: Indicate beacon not connection loss on MISSED_BEACON_IND
Benjamin Li <benl@squareup.com>
wcn36xx: ensure pairing of init_scan/finish_scan and start_scan/end_scan
Maxime Ripard <maxime@cerno.tech>
drm/vc4: hdmi: Set a default HSM rate
Maxime Ripard <maxime@cerno.tech>
clk: bcm-2835: Remove rounding up the dividers
Maxime Ripard <maxime@cerno.tech>
clk: bcm-2835: Pick the closest clock rate
Wang Hai <wanghai38@huawei.com>
Bluetooth: cmtp: fix possible panic when cmtp_init_sockets() fails
Brian Norris <briannorris@chromium.org>
drm/rockchip: dsi: Reconfigure hardware on resume()
Brian Norris <briannorris@chromium.org>
drm/rockchip: dsi: Disable PLL clock on bind error
Brian Norris <briannorris@chromium.org>
drm/rockchip: dsi: Hold pm-runtime across bind/unbind
Brian Norris <briannorris@chromium.org>
drm/rockchip: dsi: Fix unbalanced clock on probe error
Brian Norris <briannorris@chromium.org>
drm/panel: innolux-p079zca: Delete panel on attach() failure
Brian Norris <briannorris@chromium.org>
drm/panel: kingdisplay-kd097d04: Delete panel on attach() failure
Wang Hai <wanghai38@huawei.com>
drm: fix null-ptr-deref in drm_dev_init_release()
Dan Carpenter <dan.carpenter@oracle.com>
drm/bridge: display-connector: fix an uninitialized pointer in probe()
Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Bluetooth: L2CAP: Fix not initializing sk_peer_pid
xinhui pan <xinhui.pan@amd.com>
drm/ttm: Put BO in its memory manager's lru list
Gang Li <ligang.bdlg@bytedance.com>
shmem: fix a race between shmem_unused_huge_shrink and shmem_evict_inode
Baoquan He <bhe@redhat.com>
mm/page_alloc.c: do not warn allocation failure on zone DMA if no managed pages
Baoquan He <bhe@redhat.com>
dma/pool: create dma atomic pool only if dma zone has managed pages
Baoquan He <bhe@redhat.com>
mm_zone: add function to check if managed dma zone exists
Yifeng Li <tomli@tomli.me>
PCI: Add function 1 DMA alias quirk for Marvell 88SE9125 SATA controller
Thomas Hellström <thomas.hellstrom@linux.intel.com>
dma_fence_array: Fix PENDING_ERROR leak in dma_fence_array_signaled()
Dmitry Osipenko <digetx@gmail.com>
gpu: host1x: Add back arm_iommu_detach_device()
Yunfei Wang <yf.wang@mediatek.com>
iommu/io-pgtable-arm-v7s: Add error handle for page table allocation failure
Christophe Leroy <christophe.leroy@csgroup.eu>
lkdtm: Fix content of section containing lkdtm_rodata_do_nothing()
Jonathan Cameron <Jonathan.Cameron@huawei.com>
iio: adc: ti-adc081c: Partial revert of removal of ACPI IDs
Johan Hovold <johan@kernel.org>
can: softing_cs: softingcs_probe(): fix memleak on registration failure
Hans Verkuil <hverkuil-cisco@xs4all.nl>
media: cec-pin: fix interrupt en/disable handling
Johan Hovold <johan@kernel.org>
media: stk1160: fix control-message timeouts
Johan Hovold <johan@kernel.org>
media: pvrusb2: fix control-message timeouts
Johan Hovold <johan@kernel.org>
media: redrat3: fix control-message timeouts
Michael Kuron <michael.kuron@gmail.com>
media: dib0700: fix undefined behavior in tuner shutdown
Johan Hovold <johan@kernel.org>
media: s2255: fix control-message timeouts
Johan Hovold <johan@kernel.org>
media: cpia2: fix control-message timeouts
Johan Hovold <johan@kernel.org>
media: em28xx: fix control-message timeouts
Johan Hovold <johan@kernel.org>
media: mceusb: fix control-message timeouts
Johan Hovold <johan@kernel.org>
media: flexcop-usb: fix control-message timeouts
Hans Verkuil <hverkuil-cisco@xs4all.nl>
media: v4l2-ioctl.c: readbuffers depends on V4L2_CAP_READWRITE
Mateusz Jończyk <mat.jonczyk@o2.pl>
rtc: cmos: take rtc_lock while reading from CMOS
Willy Tarreau <w@1wt.eu>
tools/nolibc: fix incorrect truncation of exit code
Willy Tarreau <w@1wt.eu>
tools/nolibc: i386: fix initial stack alignment
Ammar Faizi <ammar.faizi@students.amikom.ac.id>
tools/nolibc: x86-64: Fix startup code bug
Lucas De Marchi <lucas.demarchi@intel.com>
x86/gpu: Reserve stolen memory for first integrated Intel GPU
Paul Cercueil <paul@crapouillou.net>
mtd: rawnand: davinci: Rewrite function description
Paul Cercueil <paul@crapouillou.net>
mtd: rawnand: davinci: Avoid duplicated page read
Paul Cercueil <paul@crapouillou.net>
mtd: rawnand: davinci: Don't calculate ECC when reading page
Andreas Oetken <ennoerlangen@gmail.com>
mtd: Fixed breaking list in __mtd_del_partition.
Stefan Riedmueller <s.riedmueller@phytec.de>
mtd: rawnand: gpmi: Remove explicit default gpmi clock setting for i.MX6
Christian Eggers <ceggers@arri.de>
mtd: rawnand: gpmi: Add ERR007117 protection for nfc_apply_timings
Krzysztof Kozlowski <krzysztof.kozlowski@canonical.com>
nfc: llcp: fix NULL error pointer dereference on sendmsg() after failed bind()
Chao Yu <chao@kernel.org>
f2fs: fix to do sanity check in is_alive()
Jason Gerecke <killertofu@gmail.com>
HID: wacom: Avoid using stale array indicies to read contact count
Jason Gerecke <killertofu@gmail.com>
HID: wacom: Ignore the confidence flag when a touch is removed
Jason Gerecke <killertofu@gmail.com>
HID: wacom: Reset expected and received contact counts at the same time
Jann Horn <jannh@google.com>
HID: uhid: Fix worker destroying device without any protection
Marcelo Tosatti <mtosatti@redhat.com>
KVM: VMX: switch blocked_vcpu_on_cpu_lock to raw spinlock
-------------
Diffstat:
.../ABI/testing/sysfs-bus-iio-lptimer-stm32 | 62 --
Documentation/admin-guide/hw-vuln/spectre.rst | 2 +-
.../bindings/display/amlogic,meson-dw-hdmi.yaml | 5 +
.../bindings/display/amlogic,meson-vpu.yaml | 6 +
.../devicetree/bindings/thermal/thermal-zones.yaml | 9 +-
.../devicetree/bindings/watchdog/samsung-wdt.yaml | 5 +-
Documentation/driver-api/dmaengine/dmatest.rst | 7 +-
Documentation/driver-api/firewire.rst | 4 +-
.../acpi/dsd/data-node-references.rst | 10 +-
Makefile | 4 +-
arch/arm/Kconfig.debug | 14 +-
arch/arm/boot/compressed/efi-header.S | 22 +-
arch/arm/boot/compressed/head.S | 3 +-
arch/arm/boot/dts/armada-38x.dtsi | 4 +-
arch/arm/boot/dts/gemini-nas4220b.dts | 2 +-
arch/arm/boot/dts/omap3-n900.dts | 50 +-
arch/arm/boot/dts/stm32f429-disco.dts | 2 +-
arch/arm/include/debug/imx-uart.h | 18 +-
arch/arm/mach-shmobile/regulator-quirk-rcar-gen2.c | 5 +-
arch/arm64/boot/dts/amlogic/meson-g12-common.dtsi | 2 +-
.../boot/dts/amlogic/meson-g12b-odroid-n2.dtsi | 2 +-
arch/arm64/boot/dts/amlogic/meson-gxbb-wetek.dtsi | 3 +
arch/arm64/boot/dts/freescale/fsl-ls1028a-qds.dts | 14 +-
arch/arm64/boot/dts/marvell/cn9130.dtsi | 15 +
arch/arm64/boot/dts/nvidia/tegra186.dtsi | 2 +-
arch/arm64/boot/dts/nvidia/tegra194.dtsi | 9 +-
arch/arm64/boot/dts/qcom/ipq6018.dtsi | 2 +-
arch/arm64/boot/dts/qcom/msm8916.dtsi | 4 +-
arch/arm64/boot/dts/qcom/msm8996.dtsi | 3 -
.../boot/dts/qcom/sdm850-lenovo-yoga-c630.dts | 27 +
arch/arm64/boot/dts/renesas/cat875.dtsi | 1 +
arch/arm64/boot/dts/ti/k3-j7200-main.dtsi | 2 +-
arch/arm64/boot/dts/ti/k3-j7200.dtsi | 6 +-
arch/arm64/boot/dts/ti/k3-j721e.dtsi | 6 +-
arch/arm64/include/asm/extable.h | 9 -
arch/arm64/include/asm/memory.h | 5 +-
arch/arm64/kernel/traps.c | 2 +-
arch/arm64/lib/clear_page.S | 14 +-
arch/arm64/lib/copy_page.S | 4 +-
arch/arm64/mm/ptdump.c | 2 -
arch/arm64/net/bpf_jit_comp.c | 7 +-
arch/mips/Kconfig | 6 +-
arch/mips/bcm63xx/clk.c | 6 +
arch/mips/cavium-octeon/octeon-platform.c | 2 +
arch/mips/cavium-octeon/octeon-usb.c | 1 +
.../asm/mach-loongson64/kernel-entry-init.h | 4 +-
arch/mips/include/asm/octeon/cvmx-bootinfo.h | 4 +-
arch/mips/lantiq/clk.c | 6 +
arch/openrisc/include/asm/syscalls.h | 2 +
arch/openrisc/kernel/entry.S | 5 +
arch/parisc/include/asm/special_insns.h | 44 +-
arch/parisc/kernel/traps.c | 2 +-
arch/powerpc/boot/dts/fsl/qoriq-fman3l-0.dtsi | 2 +
arch/powerpc/include/asm/cpu_setup_power.h | 12 +
arch/powerpc/include/asm/hw_irq.h | 51 +-
arch/powerpc/include/asm/reg.h | 1 +
arch/powerpc/kernel/btext.c | 4 +-
arch/powerpc/kernel/cpu_setup_power.S | 252 ------
arch/powerpc/kernel/cpu_setup_power.c | 272 ++++++
arch/powerpc/kernel/cputable.c | 12 +-
arch/powerpc/kernel/dt_cpu_ftrs.c | 1 +
arch/powerpc/kernel/fadump.c | 8 +
arch/powerpc/kernel/head_40x.S | 9 +-
arch/powerpc/kernel/prom_init.c | 2 +-
arch/powerpc/kernel/smp.c | 42 +
arch/powerpc/kernel/traps.c | 31 +-
arch/powerpc/kernel/watchdog.c | 41 +-
arch/powerpc/kvm/book3s_hv.c | 8 +-
arch/powerpc/kvm/book3s_hv_nested.c | 2 +-
arch/powerpc/mm/book3s64/radix_pgtable.c | 4 +-
arch/powerpc/mm/kasan/book3s_32.c | 3 +-
arch/powerpc/mm/pgtable_64.c | 14 +-
arch/powerpc/perf/core-book3s.c | 97 ++-
arch/powerpc/perf/core-fsl-emb.c | 25 -
arch/powerpc/perf/isa207-common.c | 8 +
arch/powerpc/platforms/cell/iommu.c | 1 +
arch/powerpc/platforms/cell/pervasive.c | 1 +
arch/powerpc/platforms/embedded6xx/hlwd-pic.c | 1 +
arch/powerpc/platforms/powermac/low_i2c.c | 3 +
arch/powerpc/platforms/powernv/opal-lpc.c | 1 +
arch/powerpc/sysdev/xive/spapr.c | 3 +
arch/s390/mm/pgalloc.c | 4 +-
arch/um/drivers/virtio_uml.c | 4 +
arch/um/include/asm/delay.h | 4 +-
arch/um/include/shared/registers.h | 4 +-
arch/um/os-Linux/registers.c | 4 +-
arch/um/os-Linux/start_up.c | 2 +-
arch/x86/boot/compressed/Makefile | 7 +-
arch/x86/configs/i386_defconfig | 1 +
arch/x86/configs/x86_64_defconfig | 1 +
arch/x86/include/asm/realmode.h | 1 +
arch/x86/include/asm/uaccess.h | 5 +-
arch/x86/kernel/cpu/mce/core.c | 42 +-
arch/x86/kernel/cpu/mce/inject.c | 2 +-
arch/x86/kernel/early-quirks.c | 10 +-
arch/x86/kernel/reboot.c | 12 +-
arch/x86/kernel/tsc.c | 1 +
arch/x86/kvm/vmx/posted_intr.c | 16 +-
arch/x86/realmode/init.c | 26 +
arch/x86/um/syscalls_64.c | 3 +-
block/blk-flush.c | 4 +-
block/blk-pm.c | 22 +-
crypto/jitterentropy.c | 3 +-
drivers/acpi/acpica/exfield.c | 7 +-
drivers/acpi/acpica/exoparg1.c | 3 +-
drivers/acpi/acpica/hwesleep.c | 4 +-
drivers/acpi/acpica/hwsleep.c | 4 +-
drivers/acpi/acpica/hwxfsleep.c | 2 -
drivers/acpi/acpica/utdelete.c | 1 +
drivers/acpi/battery.c | 22 +
drivers/acpi/bus.c | 4 +-
drivers/acpi/ec.c | 57 +-
drivers/acpi/internal.h | 2 +
drivers/acpi/scan.c | 13 +-
drivers/acpi/x86/utils.c | 116 ++-
drivers/android/binder.c | 4 +-
drivers/base/core.c | 3 +-
drivers/base/power/runtime.c | 41 +-
drivers/base/property.c | 4 +-
drivers/base/regmap/regmap.c | 1 +
drivers/base/swnode.c | 2 +-
drivers/block/floppy.c | 6 +-
drivers/bluetooth/btmtksdio.c | 2 +
drivers/bluetooth/hci_bcm.c | 7 +-
drivers/bluetooth/hci_qca.c | 5 +-
drivers/bluetooth/hci_vhci.c | 2 +
drivers/char/mwave/3780i.h | 2 +-
drivers/char/random.c | 19 +-
drivers/char/tpm/tpm_tis_core.c | 14 +-
drivers/clk/bcm/clk-bcm2835.c | 13 +-
drivers/clk/clk-bm1880.c | 20 +-
drivers/clk/clk-si5341.c | 2 +-
drivers/clk/clk-stm32f4.c | 4 -
drivers/clk/clk.c | 18 +
drivers/clk/imx/clk-imx8mn.c | 6 +-
drivers/clk/meson/gxbb.c | 44 +-
drivers/counter/Kconfig | 2 +-
drivers/counter/stm32-lptimer-cnt.c | 297 +------
drivers/cpufreq/cpufreq.c | 4 +-
drivers/crypto/caam/caamalg_qi2.c | 2 +-
drivers/crypto/omap-aes.c | 2 +-
drivers/crypto/qat/qat_common/adf_pf2vf_msg.c | 45 +-
drivers/crypto/qat/qat_common/adf_vf2pf_msg.c | 4 +-
drivers/crypto/qce/sha.c | 2 +-
drivers/crypto/qce/skcipher.c | 2 +-
drivers/crypto/stm32/stm32-crc32.c | 4 +-
drivers/crypto/stm32/stm32-cryp.c | 938 ++++++++-------------
drivers/crypto/stm32/stm32-hash.c | 6 +-
drivers/dma-buf/dma-fence-array.c | 6 +-
drivers/dma/at_xdmac.c | 57 +-
drivers/dma/mmp_pdma.c | 6 -
drivers/dma/pxa_dma.c | 7 -
drivers/dma/stm32-mdma.c | 2 +-
drivers/dma/uniphier-xdmac.c | 5 +-
drivers/edac/synopsys_edac.c | 3 +-
drivers/firmware/google/Kconfig | 6 +-
drivers/gpio/gpio-aspeed.c | 52 +-
drivers/gpio/gpiolib-acpi.c | 15 +-
drivers/gpu/drm/amd/amdgpu/amdgpu_connectors.c | 6 +
drivers/gpu/drm/amd/amdgpu/amdgpu_irq.c | 1 -
drivers/gpu/drm/amd/amdgpu/gmc_v8_0.c | 13 +-
drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 3 +
drivers/gpu/drm/amd/display/dc/core/dc.c | 3 +-
drivers/gpu/drm/amd/pm/amdgpu_pm.c | 6 +
drivers/gpu/drm/bridge/analogix/analogix_dp_reg.c | 14 +-
drivers/gpu/drm/bridge/display-connector.c | 2 +-
.../drm/bridge/megachips-stdpxxxx-ge-b850v3-fw.c | 40 +-
.../gpu/drm/bridge/synopsys/dw-hdmi-ahb-audio.c | 10 +-
drivers/gpu/drm/bridge/synopsys/dw-hdmi-audio.h | 4 +-
.../gpu/drm/bridge/synopsys/dw-hdmi-i2s-audio.c | 9 +-
drivers/gpu/drm/bridge/synopsys/dw-hdmi.c | 12 +-
drivers/gpu/drm/bridge/ti-sn65dsi86.c | 1 +
drivers/gpu/drm/drm_drv.c | 9 +-
drivers/gpu/drm/drm_panel_orientation_quirks.c | 6 +
drivers/gpu/drm/etnaviv/etnaviv_gem_submit.c | 6 +
drivers/gpu/drm/etnaviv/etnaviv_gpu.h | 1 +
drivers/gpu/drm/etnaviv/etnaviv_sched.c | 4 +-
drivers/gpu/drm/lima/lima_device.c | 1 +
drivers/gpu/drm/mediatek/mtk_mipi_tx.c | 2 +
drivers/gpu/drm/msm/Kconfig | 1 +
drivers/gpu/drm/msm/disp/dpu1/dpu_kms.c | 4 +-
drivers/gpu/drm/nouveau/dispnv04/disp.c | 4 +-
drivers/gpu/drm/nouveau/nvkm/subdev/pmu/base.c | 37 +-
drivers/gpu/drm/panel/panel-innolux-p079zca.c | 10 +-
drivers/gpu/drm/panel/panel-kingdisplay-kd097d04.c | 8 +-
drivers/gpu/drm/radeon/radeon_kms.c | 42 +-
drivers/gpu/drm/rcar-du/rcar_du_crtc.c | 20 +-
drivers/gpu/drm/rockchip/dw-mipi-dsi-rockchip.c | 82 +-
drivers/gpu/drm/tegra/vic.c | 7 +-
drivers/gpu/drm/ttm/ttm_bo.c | 2 +
drivers/gpu/drm/vboxvideo/vbox_main.c | 4 +-
drivers/gpu/drm/vc4/vc4_hdmi.c | 24 +-
drivers/gpu/host1x/dev.c | 15 +
drivers/hid/hid-apple.c | 2 +-
drivers/hid/hid-input.c | 6 +
drivers/hid/hid-uclogic-params.c | 31 +-
drivers/hid/hid-vivaldi.c | 34 +-
drivers/hid/uhid.c | 29 +-
drivers/hid/wacom_wac.c | 39 +-
drivers/hsi/hsi_core.c | 1 +
drivers/hwmon/mr75203.c | 2 +-
drivers/i2c/busses/i2c-designware-pcidrv.c | 8 +-
drivers/i2c/busses/i2c-i801.c | 15 +-
drivers/i2c/busses/i2c-mpc.c | 23 +-
drivers/iio/adc/ti-adc081c.c | 22 +-
drivers/infiniband/core/cma.c | 12 +-
drivers/infiniband/core/device.c | 3 +-
drivers/infiniband/hw/bnxt_re/qplib_rcfw.c | 6 +-
drivers/infiniband/hw/bnxt_re/qplib_rcfw.h | 1 -
drivers/infiniband/hw/cxgb4/qp.c | 1 +
drivers/infiniband/hw/hns/hns_roce_main.c | 5 +-
drivers/infiniband/hw/qedr/verbs.c | 2 +
drivers/infiniband/sw/rxe/rxe_opcode.c | 2 +-
drivers/iommu/amd/init.c | 48 +-
drivers/iommu/io-pgtable-arm-v7s.c | 6 +-
drivers/iommu/io-pgtable-arm.c | 9 +-
drivers/iommu/iova.c | 3 +-
drivers/irqchip/irq-gic-v3.c | 16 +
drivers/md/dm.c | 4 +-
drivers/md/persistent-data/dm-btree.c | 8 +-
drivers/md/persistent-data/dm-space-map-common.c | 5 +
drivers/media/Kconfig | 8 +-
drivers/media/cec/core/cec-pin.c | 31 +-
drivers/media/common/saa7146/saa7146_fops.c | 2 +-
.../media/common/videobuf2/videobuf2-dma-contig.c | 8 +-
drivers/media/dvb-core/dmxdev.c | 18 +-
drivers/media/dvb-frontends/dib8000.c | 4 +-
drivers/media/pci/b2c2/flexcop-pci.c | 3 +
drivers/media/pci/saa7146/hexium_gemini.c | 7 +-
drivers/media/pci/saa7146/hexium_orion.c | 8 +-
drivers/media/pci/saa7146/mxb.c | 8 +-
drivers/media/platform/aspeed-video.c | 14 +-
drivers/media/platform/coda/coda-common.c | 8 +-
drivers/media/platform/coda/coda-jpeg.c | 21 +-
drivers/media/platform/coda/imx-vdoa.c | 6 +-
drivers/media/platform/imx-pxp.c | 4 +-
.../media/platform/mtk-vcodec/mtk_vcodec_enc_drv.c | 2 +-
drivers/media/platform/qcom/venus/core.c | 39 +-
drivers/media/platform/qcom/venus/core.h | 2 -
drivers/media/platform/qcom/venus/pm_helpers.c | 94 +--
drivers/media/platform/qcom/venus/pm_helpers.h | 7 +-
drivers/media/platform/rcar-vin/rcar-csi2.c | 18 +-
drivers/media/platform/rcar-vin/rcar-v4l2.c | 15 +-
drivers/media/radio/si470x/radio-si470x-i2c.c | 3 +-
drivers/media/rc/igorplugusb.c | 4 +-
drivers/media/rc/mceusb.c | 8 +-
drivers/media/rc/redrat3.c | 22 +-
drivers/media/tuners/msi001.c | 7 +
drivers/media/tuners/si2157.c | 2 +-
drivers/media/usb/b2c2/flexcop-usb.c | 10 +-
drivers/media/usb/b2c2/flexcop-usb.h | 12 +-
drivers/media/usb/cpia2/cpia2_usb.c | 4 +-
drivers/media/usb/dvb-usb/dib0700_core.c | 2 -
drivers/media/usb/dvb-usb/dw2102.c | 338 +++++---
drivers/media/usb/dvb-usb/m920x.c | 12 +-
drivers/media/usb/em28xx/em28xx-cards.c | 18 +-
drivers/media/usb/em28xx/em28xx-core.c | 4 +-
drivers/media/usb/pvrusb2/pvrusb2-hdw.c | 8 +-
drivers/media/usb/s2255/s2255drv.c | 4 +-
drivers/media/usb/stk1160/stk1160-core.c | 4 +-
drivers/media/usb/uvc/uvcvideo.h | 2 +-
drivers/media/v4l2-core/v4l2-ioctl.c | 4 +-
drivers/memory/renesas-rpc-if.c | 2 +-
drivers/mfd/atmel-flexcom.c | 11 +-
drivers/misc/lattice-ecp3-config.c | 12 +-
drivers/misc/lkdtm/Makefile | 2 +-
drivers/mmc/core/sdio.c | 4 +-
drivers/mmc/host/meson-mx-sdhc-mmc.c | 5 +
drivers/mmc/host/meson-mx-sdio.c | 5 +
drivers/mtd/hyperbus/rpc-if.c | 8 +-
drivers/mtd/mtdpart.c | 2 +-
drivers/mtd/nand/bbt.c | 2 +-
drivers/mtd/nand/raw/davinci_nand.c | 16 +-
drivers/mtd/nand/raw/gpmi-nand/gpmi-nand.c | 37 +-
drivers/net/bonding/bond_main.c | 36 +-
drivers/net/can/softing/softing_cs.c | 2 +-
drivers/net/can/softing/softing_fw.c | 11 +-
drivers/net/can/spi/mcp251xfd/mcp251xfd-core.c | 6 +-
drivers/net/can/xilinx_can.c | 7 +-
drivers/net/ethernet/broadcom/genet/bcmgenet.c | 10 +-
drivers/net/ethernet/chelsio/libcxgb/libcxgb_cm.c | 3 +-
drivers/net/ethernet/cortina/gemini.c | 9 +-
drivers/net/ethernet/freescale/fman/mac.c | 21 +-
drivers/net/ethernet/freescale/xgmac_mdio.c | 28 +-
drivers/net/ethernet/i825xx/sni_82596.c | 3 +-
drivers/net/ethernet/mediatek/mtk_eth_soc.c | 2 +-
drivers/net/ethernet/mellanox/mlx5/core/cmd.c | 36 +-
.../net/ethernet/mellanox/mlx5/core/en/xsk/pool.c | 4 +-
drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 10 +-
drivers/net/ethernet/mellanox/mlx5/core/en_rx.c | 7 +-
drivers/net/ethernet/mellanox/mlx5/core/lag_mp.c | 6 +-
drivers/net/ethernet/mellanox/mlxsw/cmd.h | 12 +
drivers/net/ethernet/mellanox/mlxsw/pci.c | 7 +-
drivers/net/ethernet/mscc/ocelot_flower.c | 15 +-
drivers/net/ethernet/rocker/rocker_ofdpa.c | 3 +-
drivers/net/ethernet/xilinx/xilinx_axienet_main.c | 135 +--
drivers/net/phy/marvell.c | 6 +
drivers/net/phy/mdio_bus.c | 2 +-
drivers/net/phy/phy-core.c | 2 +-
drivers/net/phy/sfp.c | 25 +-
drivers/net/ppp/ppp_generic.c | 7 +-
drivers/net/usb/mcs7830.c | 12 +-
drivers/net/wireless/ath/ar5523/ar5523.c | 4 +
drivers/net/wireless/ath/ath10k/core.c | 19 +-
drivers/net/wireless/ath/ath10k/htt_tx.c | 3 +
drivers/net/wireless/ath/ath10k/hw.h | 3 +
drivers/net/wireless/ath/ath10k/txrx.c | 2 -
drivers/net/wireless/ath/ath11k/ahb.c | 28 +-
drivers/net/wireless/ath/ath11k/core.h | 2 +-
drivers/net/wireless/ath/ath11k/dp.h | 3 +-
drivers/net/wireless/ath/ath11k/dp_tx.c | 2 +-
drivers/net/wireless/ath/ath11k/hal.c | 22 +
drivers/net/wireless/ath/ath11k/hal.h | 2 +
drivers/net/wireless/ath/ath11k/hw.c | 2 -
drivers/net/wireless/ath/ath11k/mac.c | 52 +-
drivers/net/wireless/ath/ath11k/pci.c | 12 +-
drivers/net/wireless/ath/ath11k/reg.c | 103 +--
drivers/net/wireless/ath/ath11k/wmi.c | 5 +-
drivers/net/wireless/ath/ath9k/hif_usb.c | 7 +
drivers/net/wireless/ath/wcn36xx/dxe.c | 49 +-
drivers/net/wireless/ath/wcn36xx/main.c | 34 +-
drivers/net/wireless/ath/wcn36xx/smd.c | 8 +-
drivers/net/wireless/ath/wcn36xx/txrx.c | 41 +-
drivers/net/wireless/ath/wcn36xx/wcn36xx.h | 1 +
drivers/net/wireless/intel/iwlwifi/iwl-drv.c | 17 +-
.../net/wireless/intel/iwlwifi/mvm/ftm-initiator.c | 2 +-
drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c | 17 +
drivers/net/wireless/intel/iwlwifi/mvm/rxmq.c | 27 +
drivers/net/wireless/intel/iwlwifi/mvm/scan.c | 2 +-
.../net/wireless/intel/iwlwifi/mvm/time-event.c | 27 +-
drivers/net/wireless/intel/iwlwifi/pcie/rx.c | 7 +-
drivers/net/wireless/intel/iwlwifi/queue/tx.c | 1 +
drivers/net/wireless/marvell/mwifiex/sta_event.c | 8 +-
drivers/net/wireless/marvell/mwifiex/usb.c | 3 +-
drivers/net/wireless/realtek/rtw88/main.c | 2 +-
drivers/net/wireless/realtek/rtw88/rtw8821c.h | 2 +-
drivers/net/wireless/realtek/rtw88/rtw8822b.c | 2 +-
drivers/net/wireless/realtek/rtw88/rtw8822c.c | 2 +-
drivers/net/wireless/rsi/rsi_91x_main.c | 4 +
drivers/net/wireless/rsi/rsi_91x_usb.c | 9 +-
drivers/net/wireless/rsi/rsi_usb.h | 2 +
drivers/nvmem/core.c | 2 +
drivers/of/base.c | 11 +-
drivers/of/unittest.c | 21 +-
drivers/parisc/pdc_stable.c | 4 +-
drivers/pci/controller/pci-aardvark.c | 4 +-
drivers/pci/controller/pci-mvebu.c | 8 +
drivers/pci/controller/pci-xgene.c | 2 +-
drivers/pci/hotplug/pciehp.h | 3 +
drivers/pci/hotplug/pciehp_core.c | 2 +-
drivers/pci/hotplug/pciehp_hpc.c | 28 +-
drivers/pci/msi.c | 26 +-
drivers/pci/pci-bridge-emul.c | 70 +-
drivers/pci/quirks.c | 3 +
drivers/pcmcia/cs.c | 8 +-
drivers/pcmcia/rsrc_nonstatic.c | 6 +
drivers/phy/socionext/phy-uniphier-usb3ss.c | 10 +-
drivers/power/reset/mt6323-poweroff.c | 3 +
drivers/regulator/qcom_smd-regulator.c | 100 ++-
drivers/rpmsg/rpmsg_core.c | 20 +-
drivers/rtc/rtc-cmos.c | 3 +
drivers/rtc/rtc-pxa.c | 4 +
drivers/scsi/lpfc/lpfc.h | 2 +-
drivers/scsi/lpfc/lpfc_attr.c | 62 +-
drivers/scsi/lpfc/lpfc_hbadisc.c | 8 +-
drivers/scsi/lpfc/lpfc_sli.c | 6 -
drivers/scsi/pm8001/pm8001_hwi.c | 4 +-
drivers/scsi/scsi_debugfs.c | 1 +
drivers/scsi/scsi_pm.c | 2 +-
drivers/scsi/sr.c | 2 +-
drivers/scsi/sr_vendor.c | 4 +-
drivers/scsi/ufs/tc-dwc-g210-pci.c | 1 -
drivers/scsi/ufs/ufshcd-pci.c | 2 -
drivers/scsi/ufs/ufshcd-pltfrm.c | 2 -
drivers/scsi/ufs/ufshcd.c | 7 +
drivers/soc/mediatek/mtk-scpsys.c | 15 +-
drivers/soc/qcom/cpr.c | 2 +-
drivers/soc/ti/pruss.c | 2 +-
drivers/spi/spi-meson-spifc.c | 1 +
drivers/spi/spi-uniphier.c | 11 +-
drivers/staging/greybus/audio_topology.c | 15 +
drivers/staging/media/atomisp/i2c/ov2680.h | 24 -
drivers/staging/media/atomisp/pci/atomisp_cmd.c | 92 +-
drivers/staging/media/atomisp/pci/atomisp_fops.c | 11 +
.../media/atomisp/pci/atomisp_gmin_platform.c | 2 +-
drivers/staging/media/atomisp/pci/atomisp_ioctl.c | 185 +++-
drivers/staging/media/atomisp/pci/atomisp_subdev.c | 15 +-
drivers/staging/media/atomisp/pci/atomisp_subdev.h | 3 +
drivers/staging/media/atomisp/pci/atomisp_v4l2.c | 13 +-
drivers/staging/media/atomisp/pci/atomisp_v4l2.h | 3 +-
drivers/staging/media/atomisp/pci/sh_css.c | 27 +-
drivers/staging/media/atomisp/pci/sh_css_mipi.c | 41 +-
drivers/staging/media/atomisp/pci/sh_css_params.c | 8 +-
drivers/staging/media/hantro/hantro_drv.c | 3 +-
drivers/staging/rtl8192e/rtllib.h | 2 +-
drivers/staging/rtl8192e/rtllib_module.c | 16 +-
drivers/staging/rtl8192e/rtllib_softmac.c | 6 +-
drivers/tee/tee_core.c | 4 +-
drivers/thermal/imx8mm_thermal.c | 3 +
drivers/thermal/imx_thermal.c | 145 ++--
drivers/thunderbolt/acpi.c | 13 +
drivers/tty/serial/amba-pl010.c | 3 -
drivers/tty/serial/amba-pl011.c | 27 +-
drivers/tty/serial/atmel_serial.c | 14 +
drivers/tty/serial/imx.c | 7 +-
drivers/tty/serial/serial_core.c | 7 +-
drivers/tty/serial/uartlite.c | 2 +-
drivers/uio/uio_dmem_genirq.c | 6 +-
drivers/usb/core/hub.c | 5 +-
drivers/usb/dwc3/dwc3-qcom.c | 7 +-
drivers/usb/gadget/function/f_fs.c | 4 +-
drivers/usb/host/uhci-platform.c | 3 +-
drivers/usb/misc/ftdi-elan.c | 1 +
drivers/vdpa/mlx5/net/mlx5_vnet.c | 2 -
drivers/video/backlight/qcom-wled.c | 122 +--
drivers/virtio/virtio_ring.c | 4 +-
drivers/w1/slaves/w1_ds28e04.c | 26 +-
drivers/xen/gntdev.c | 6 +-
fs/btrfs/backref.c | 21 +-
fs/btrfs/ctree.c | 19 +-
fs/btrfs/inode.c | 11 +
fs/btrfs/qgroup.c | 19 +
fs/debugfs/file.c | 2 +-
fs/dlm/lock.c | 9 +
fs/dlm/lowcomms.c | 45 +-
fs/ext4/ext4.h | 1 +
fs/ext4/ext4_jbd2.c | 2 +
fs/ext4/extents.c | 2 -
fs/ext4/fast_commit.c | 18 +-
fs/ext4/inode.c | 14 +-
fs/ext4/ioctl.c | 2 -
fs/ext4/mballoc.c | 48 +-
fs/ext4/migrate.c | 23 +-
fs/ext4/super.c | 27 +-
fs/f2fs/compress.c | 50 +-
fs/f2fs/f2fs.h | 11 +
fs/f2fs/gc.c | 3 +
fs/f2fs/segment.h | 3 +-
fs/f2fs/super.c | 44 +
fs/f2fs/sysfs.c | 4 +-
fs/fuse/file.c | 2 +-
fs/jffs2/file.c | 40 +-
fs/ubifs/super.c | 1 -
fs/udf/ialloc.c | 2 +
include/acpi/acpi_bus.h | 5 +-
include/acpi/actypes.h | 10 +-
include/linux/blk-pm.h | 2 +-
include/linux/bpf_verifier.h | 7 +
include/linux/clocksource.h | 3 +
include/linux/hid.h | 2 +
include/linux/mmzone.h | 9 +
include/linux/pm_runtime.h | 3 +
include/net/inet_frag.h | 11 +-
include/net/ipv6_frag.h | 3 +-
include/net/sch_generic.h | 5 +
include/net/xfrm.h | 5 +
include/trace/events/cgroup.h | 12 +-
include/uapi/linux/xfrm.h | 1 +
kernel/audit.c | 18 +-
kernel/bpf/btf.c | 3 +-
kernel/bpf/verifier.c | 18 +-
kernel/dma/pool.c | 4 +-
kernel/rcu/tree_exp.h | 1 +
kernel/sched/cputime.c | 4 +-
kernel/sched/fair.c | 4 +-
kernel/sched/rt.c | 23 +-
kernel/time/clocksource.c | 96 ++-
kernel/time/jiffies.c | 15 +-
kernel/trace/bpf_trace.c | 6 +-
kernel/trace/trace_kprobe.c | 5 +-
kernel/tsacct.c | 7 +-
lib/mpi/mpi-mod.c | 2 +
lib/test_hmm.c | 24 +
lib/test_meminit.c | 1 +
mm/hmm.c | 5 +-
mm/page_alloc.c | 19 +-
mm/shmem.c | 37 +-
net/ax25/af_ax25.c | 10 +-
net/batman-adv/netlink.c | 30 +-
net/bluetooth/cmtp/core.c | 4 +-
net/bluetooth/hci_core.c | 1 +
net/bluetooth/hci_event.c | 8 +-
net/bluetooth/hci_request.c | 2 +-
net/bluetooth/l2cap_sock.c | 45 +-
net/bridge/br_netfilter_hooks.c | 7 +-
net/core/dev.c | 6 +
net/core/devlink.c | 2 -
net/core/filter.c | 8 +-
net/core/net-sysfs.c | 3 +
net/core/net_namespace.c | 4 +-
net/ipv4/fib_semantics.c | 47 +-
net/ipv4/inet_fragment.c | 8 +-
net/ipv4/ip_fragment.c | 3 +-
net/ipv4/ip_gre.c | 5 +-
net/ipv4/netfilter/ipt_CLUSTERIP.c | 5 +-
net/ipv6/ip6_gre.c | 5 +-
net/mac80211/rx.c | 2 +-
net/netfilter/nft_set_pipapo.c | 8 +
net/netrom/af_netrom.c | 12 +-
net/nfc/llcp_sock.c | 5 +
net/sched/sch_generic.c | 1 +
net/smc/smc_core.c | 17 +-
net/unix/garbage.c | 14 +-
net/unix/scm.c | 6 +-
net/xfrm/xfrm_compat.c | 6 +-
net/xfrm/xfrm_interface.c | 14 +-
net/xfrm/xfrm_policy.c | 24 +-
net/xfrm/xfrm_state.c | 23 +-
net/xfrm/xfrm_user.c | 41 +-
scripts/dtc/dtx_diff | 8 +-
scripts/sphinx-pre-install | 3 +
security/selinux/hooks.c | 12 +-
sound/core/jack.c | 3 +
sound/core/oss/pcm_oss.c | 2 +-
sound/core/pcm.c | 6 +-
sound/core/seq/seq_queue.c | 14 +-
sound/pci/hda/hda_codec.c | 3 +
sound/soc/codecs/rt5663.c | 12 +-
sound/soc/fsl/fsl_asrc.c | 69 +-
sound/soc/fsl/fsl_mqs.c | 2 +-
sound/soc/intel/catpt/dsp.c | 14 +-
sound/soc/mediatek/mt8173/mt8173-max98090.c | 3 +
sound/soc/mediatek/mt8173/mt8173-rt5650-rt5514.c | 2 +
sound/soc/mediatek/mt8173/mt8173-rt5650-rt5676.c | 2 +
sound/soc/mediatek/mt8173/mt8173-rt5650.c | 2 +
sound/soc/mediatek/mt8183/mt8183-da7219-max98357.c | 6 +-
.../mt8183/mt8183-mt6358-ts3a227-max98357.c | 7 +-
sound/soc/samsung/idma.c | 2 +
sound/soc/uniphier/Kconfig | 2 -
sound/usb/format.c | 2 +-
sound/usb/mixer_quirks.c | 2 +-
sound/usb/quirks.c | 2 +-
tools/bpf/bpftool/Documentation/Makefile | 1 -
tools/bpf/bpftool/Makefile | 1 -
tools/bpf/bpftool/main.c | 2 +
tools/include/nolibc/nolibc.h | 33 +-
tools/lib/bpf/libbpf.c | 4 +
tools/perf/util/debug.c | 2 +-
tools/perf/util/evsel.c | 25 +-
tools/perf/util/probe-event.c | 3 +
tools/testing/selftests/bpf/prog_tests/skb_ctx.c | 2 +
tools/testing/selftests/clone3/clone3.c | 6 +
.../selftests/ftrace/test.d/kprobe/profile.tc | 2 +-
tools/testing/selftests/kselftest_harness.h | 2 +-
.../selftests/powerpc/security/spectre_v2.c | 2 +-
tools/testing/selftests/vm/hmm-tests.c | 42 +
546 files changed, 5569 insertions(+), 3345 deletions(-)
^ permalink raw reply [flat|nested] 584+ messages in thread
* [PATCH 5.10 001/563] KVM: VMX: switch blocked_vcpu_on_cpu_lock to raw spinlock
2022-01-24 18:36 [PATCH 5.10 000/563] 5.10.94-rc1 review Greg Kroah-Hartman
@ 2022-01-24 18:36 ` Greg Kroah-Hartman
2022-01-24 18:36 ` [PATCH 5.10 002/563] HID: uhid: Fix worker destroying device without any protection Greg Kroah-Hartman
` (565 subsequent siblings)
566 siblings, 0 replies; 584+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:36 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Marcelo Tosatti, Paolo Bonzini
From: Marcelo Tosatti <mtosatti@redhat.com>
commit 5f02ef741a785678930f3ff0a8b6b2b0ef1bb402 upstream.
blocked_vcpu_on_cpu_lock is taken from hard interrupt context
(pi_wakeup_handler), therefore it cannot sleep.
Switch it to a raw spinlock.
Fixes:
[41297.066254] BUG: scheduling while atomic: CPU 0/KVM/635218/0x00010001
[41297.066323] Preemption disabled at:
[41297.066324] [<ffffffff902ee47f>] irq_enter_rcu+0xf/0x60
[41297.066339] Call Trace:
[41297.066342] <IRQ>
[41297.066346] dump_stack_lvl+0x34/0x44
[41297.066353] ? irq_enter_rcu+0xf/0x60
[41297.066356] __schedule_bug.cold+0x7d/0x8b
[41297.066361] __schedule+0x439/0x5b0
[41297.066365] ? task_blocks_on_rt_mutex.constprop.0.isra.0+0x1b0/0x440
[41297.066369] schedule_rtlock+0x1e/0x40
[41297.066371] rtlock_slowlock_locked+0xf1/0x260
[41297.066374] rt_spin_lock+0x3b/0x60
[41297.066378] pi_wakeup_handler+0x31/0x90 [kvm_intel]
[41297.066388] sysvec_kvm_posted_intr_wakeup_ipi+0x9d/0xd0
[41297.066392] </IRQ>
[41297.066392] asm_sysvec_kvm_posted_intr_wakeup_ipi+0x12/0x20
...
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
Cc: stable@vger.kernel.org
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/kvm/vmx/posted_intr.c | 16 ++++++++--------
1 file changed, 8 insertions(+), 8 deletions(-)
--- a/arch/x86/kvm/vmx/posted_intr.c
+++ b/arch/x86/kvm/vmx/posted_intr.c
@@ -15,7 +15,7 @@
* can find which vCPU should be waken up.
*/
static DEFINE_PER_CPU(struct list_head, blocked_vcpu_on_cpu);
-static DEFINE_PER_CPU(spinlock_t, blocked_vcpu_on_cpu_lock);
+static DEFINE_PER_CPU(raw_spinlock_t, blocked_vcpu_on_cpu_lock);
static inline struct pi_desc *vcpu_to_pi_desc(struct kvm_vcpu *vcpu)
{
@@ -121,9 +121,9 @@ static void __pi_post_block(struct kvm_v
new.control) != old.control);
if (!WARN_ON_ONCE(vcpu->pre_pcpu == -1)) {
- spin_lock(&per_cpu(blocked_vcpu_on_cpu_lock, vcpu->pre_pcpu));
+ raw_spin_lock(&per_cpu(blocked_vcpu_on_cpu_lock, vcpu->pre_pcpu));
list_del(&vcpu->blocked_vcpu_list);
- spin_unlock(&per_cpu(blocked_vcpu_on_cpu_lock, vcpu->pre_pcpu));
+ raw_spin_unlock(&per_cpu(blocked_vcpu_on_cpu_lock, vcpu->pre_pcpu));
vcpu->pre_pcpu = -1;
}
}
@@ -154,11 +154,11 @@ int pi_pre_block(struct kvm_vcpu *vcpu)
local_irq_disable();
if (!WARN_ON_ONCE(vcpu->pre_pcpu != -1)) {
vcpu->pre_pcpu = vcpu->cpu;
- spin_lock(&per_cpu(blocked_vcpu_on_cpu_lock, vcpu->pre_pcpu));
+ raw_spin_lock(&per_cpu(blocked_vcpu_on_cpu_lock, vcpu->pre_pcpu));
list_add_tail(&vcpu->blocked_vcpu_list,
&per_cpu(blocked_vcpu_on_cpu,
vcpu->pre_pcpu));
- spin_unlock(&per_cpu(blocked_vcpu_on_cpu_lock, vcpu->pre_pcpu));
+ raw_spin_unlock(&per_cpu(blocked_vcpu_on_cpu_lock, vcpu->pre_pcpu));
}
do {
@@ -215,7 +215,7 @@ void pi_wakeup_handler(void)
struct kvm_vcpu *vcpu;
int cpu = smp_processor_id();
- spin_lock(&per_cpu(blocked_vcpu_on_cpu_lock, cpu));
+ raw_spin_lock(&per_cpu(blocked_vcpu_on_cpu_lock, cpu));
list_for_each_entry(vcpu, &per_cpu(blocked_vcpu_on_cpu, cpu),
blocked_vcpu_list) {
struct pi_desc *pi_desc = vcpu_to_pi_desc(vcpu);
@@ -223,13 +223,13 @@ void pi_wakeup_handler(void)
if (pi_test_on(pi_desc) == 1)
kvm_vcpu_kick(vcpu);
}
- spin_unlock(&per_cpu(blocked_vcpu_on_cpu_lock, cpu));
+ raw_spin_unlock(&per_cpu(blocked_vcpu_on_cpu_lock, cpu));
}
void __init pi_init_cpu(int cpu)
{
INIT_LIST_HEAD(&per_cpu(blocked_vcpu_on_cpu, cpu));
- spin_lock_init(&per_cpu(blocked_vcpu_on_cpu_lock, cpu));
+ raw_spin_lock_init(&per_cpu(blocked_vcpu_on_cpu_lock, cpu));
}
bool pi_has_pending_interrupt(struct kvm_vcpu *vcpu)
^ permalink raw reply [flat|nested] 584+ messages in thread
* [PATCH 5.10 002/563] HID: uhid: Fix worker destroying device without any protection
2022-01-24 18:36 [PATCH 5.10 000/563] 5.10.94-rc1 review Greg Kroah-Hartman
2022-01-24 18:36 ` [PATCH 5.10 001/563] KVM: VMX: switch blocked_vcpu_on_cpu_lock to raw spinlock Greg Kroah-Hartman
@ 2022-01-24 18:36 ` Greg Kroah-Hartman
2022-01-24 18:36 ` [PATCH 5.10 003/563] HID: wacom: Reset expected and received contact counts at the same time Greg Kroah-Hartman
` (564 subsequent siblings)
566 siblings, 0 replies; 584+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:36 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Jann Horn, Jiri Kosina
From: Jann Horn <jannh@google.com>
commit 4ea5763fb79ed89b3bdad455ebf3f33416a81624 upstream.
uhid has to run hid_add_device() from workqueue context while allowing
parallel use of the userspace API (which is protected with ->devlock).
But hid_add_device() can fail. Currently, that is handled by immediately
destroying the associated HID device, without using ->devlock - but if
there are concurrent requests from userspace, that's wrong and leads to
NULL dereferences and/or memory corruption (via use-after-free).
Fix it by leaving the HID device as-is in the worker. We can clean it up
later, either in the UHID_DESTROY command handler or in the ->release()
handler.
Cc: stable@vger.kernel.org
Fixes: 67f8ecc550b5 ("HID: uhid: fix timeout when probe races with IO")
Signed-off-by: Jann Horn <jannh@google.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/hid/uhid.c | 29 +++++++++++++++++++++++++----
1 file changed, 25 insertions(+), 4 deletions(-)
--- a/drivers/hid/uhid.c
+++ b/drivers/hid/uhid.c
@@ -28,11 +28,22 @@
struct uhid_device {
struct mutex devlock;
+
+ /* This flag tracks whether the HID device is usable for commands from
+ * userspace. The flag is already set before hid_add_device(), which
+ * runs in workqueue context, to allow hid_add_device() to communicate
+ * with userspace.
+ * However, if hid_add_device() fails, the flag is cleared without
+ * holding devlock.
+ * We guarantee that if @running changes from true to false while you're
+ * holding @devlock, it's still fine to access @hid.
+ */
bool running;
__u8 *rd_data;
uint rd_size;
+ /* When this is NULL, userspace may use UHID_CREATE/UHID_CREATE2. */
struct hid_device *hid;
struct uhid_event input_buf;
@@ -63,9 +74,18 @@ static void uhid_device_add_worker(struc
if (ret) {
hid_err(uhid->hid, "Cannot register HID device: error %d\n", ret);
- hid_destroy_device(uhid->hid);
- uhid->hid = NULL;
+ /* We used to call hid_destroy_device() here, but that's really
+ * messy to get right because we have to coordinate with
+ * concurrent writes from userspace that might be in the middle
+ * of using uhid->hid.
+ * Just leave uhid->hid as-is for now, and clean it up when
+ * userspace tries to close or reinitialize the uhid instance.
+ *
+ * However, we do have to clear the ->running flag and do a
+ * wakeup to make sure userspace knows that the device is gone.
+ */
uhid->running = false;
+ wake_up_interruptible(&uhid->report_wait);
}
}
@@ -474,7 +494,7 @@ static int uhid_dev_create2(struct uhid_
void *rd_data;
int ret;
- if (uhid->running)
+ if (uhid->hid)
return -EALREADY;
rd_size = ev->u.create2.rd_size;
@@ -556,7 +576,7 @@ static int uhid_dev_create(struct uhid_d
static int uhid_dev_destroy(struct uhid_device *uhid)
{
- if (!uhid->running)
+ if (!uhid->hid)
return -EINVAL;
uhid->running = false;
@@ -565,6 +585,7 @@ static int uhid_dev_destroy(struct uhid_
cancel_work_sync(&uhid->worker);
hid_destroy_device(uhid->hid);
+ uhid->hid = NULL;
kfree(uhid->rd_data);
return 0;
^ permalink raw reply [flat|nested] 584+ messages in thread
* [PATCH 5.10 003/563] HID: wacom: Reset expected and received contact counts at the same time
2022-01-24 18:36 [PATCH 5.10 000/563] 5.10.94-rc1 review Greg Kroah-Hartman
2022-01-24 18:36 ` [PATCH 5.10 001/563] KVM: VMX: switch blocked_vcpu_on_cpu_lock to raw spinlock Greg Kroah-Hartman
2022-01-24 18:36 ` [PATCH 5.10 002/563] HID: uhid: Fix worker destroying device without any protection Greg Kroah-Hartman
@ 2022-01-24 18:36 ` Greg Kroah-Hartman
2022-01-24 18:36 ` [PATCH 5.10 004/563] HID: wacom: Ignore the confidence flag when a touch is removed Greg Kroah-Hartman
` (563 subsequent siblings)
566 siblings, 0 replies; 584+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:36 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jason Gerecke, Ping Cheng, Jiri Kosina
From: Jason Gerecke <killertofu@gmail.com>
commit 546e41ac994cc185ef3de610ca849a294b5df3ba upstream.
These two values go hand-in-hand and must be valid for the driver to
behave correctly. We are currently lazy about updating the values and
rely on the "expected" code flow to take care of making sure they're
valid at the point they're needed. The "expected" flow changed somewhat
with commit f8b6a74719b5 ("HID: wacom: generic: Support multiple tools
per report"), however. This led to problems with the DTH-2452 due (in
part) to *all* contacts being fully processed -- even those past the
expected contact count. Specifically, the received count gets reset to
0 once all expected fingers are processed, but not the expected count.
The rest of the contacts in the report are then *also* processed since
now the driver thinks we've only processed 0 of N expected contacts.
Later commits such as 7fb0413baa7f (HID: wacom: Use "Confidence" flag to
prevent reporting invalid contacts) worked around the DTH-2452 issue by
skipping the invalid contacts at the end of the report, but this is not
a complete fix. The confidence flag cannot be relied on when a contact
is removed (see the following patch), and dealing with that condition
re-introduces the DTH-2452 issue unless we also address this contact
count laziness. By resetting expected and received counts at the same
time we ensure the driver understands that there are 0 more contacts
expected in the report. Similarly, we also make sure to reset the
received count if for some reason we're out of sync in the pre-report
phase.
Link: https://github.com/linuxwacom/input-wacom/issues/288
Fixes: f8b6a74719b5 ("HID: wacom: generic: Support multiple tools per report")
CC: stable@vger.kernel.org
Signed-off-by: Jason Gerecke <jason.gerecke@wacom.com>
Reviewed-by: Ping Cheng <ping.cheng@wacom.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/hid/wacom_wac.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
--- a/drivers/hid/wacom_wac.c
+++ b/drivers/hid/wacom_wac.c
@@ -2664,11 +2664,14 @@ static void wacom_wac_finger_pre_report(
hid_data->cc_index >= 0) {
struct hid_field *field = report->field[hid_data->cc_index];
int value = field->value[hid_data->cc_value_index];
- if (value)
+ if (value) {
hid_data->num_expected = value;
+ hid_data->num_received = 0;
+ }
}
else {
hid_data->num_expected = wacom_wac->features.touch_max;
+ hid_data->num_received = 0;
}
}
@@ -2692,6 +2695,7 @@ static void wacom_wac_finger_report(stru
input_sync(input);
wacom_wac->hid_data.num_received = 0;
+ wacom_wac->hid_data.num_expected = 0;
/* keep touch state for pen event */
wacom_wac->shared->touch_down = wacom_wac_finger_count_touches(wacom_wac);
^ permalink raw reply [flat|nested] 584+ messages in thread
* [PATCH 5.10 004/563] HID: wacom: Ignore the confidence flag when a touch is removed
2022-01-24 18:36 [PATCH 5.10 000/563] 5.10.94-rc1 review Greg Kroah-Hartman
` (2 preceding siblings ...)
2022-01-24 18:36 ` [PATCH 5.10 003/563] HID: wacom: Reset expected and received contact counts at the same time Greg Kroah-Hartman
@ 2022-01-24 18:36 ` Greg Kroah-Hartman
2022-01-24 18:36 ` [PATCH 5.10 005/563] HID: wacom: Avoid using stale array indicies to read contact count Greg Kroah-Hartman
` (562 subsequent siblings)
566 siblings, 0 replies; 584+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:36 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jason Gerecke, Ping Cheng, Jiri Kosina
From: Jason Gerecke <killertofu@gmail.com>
commit df03e9bd6d4806619b4cdc91a3d7695818a8e2b7 upstream.
AES hardware may internally re-classify a contact that it thought was
intentional as a palm. Intentional contacts are reported as "down" with
the confidence bit set. When this re-classification occurs, however, the
state transitions to "up" with the confidence bit cleared. This kind of
transition appears to be legal according to Microsoft docs, but we do
not handle it correctly. Because the confidence bit is clear, we don't
call `wacom_wac_finger_slot` and update userspace. This causes hung
touches that confuse userspace and interfere with pen arbitration.
This commit adds a special case to ignore the confidence flag if a contact
is reported as removed. This ensures we do not leave a hung touch if one
of these re-classification events occured. Ideally we'd have some way to
also let userspace know that the touch has been re-classified as a palm
and needs to be canceled, but that's not possible right now :)
Link: https://github.com/linuxwacom/input-wacom/issues/288
Fixes: 7fb0413baa7f (HID: wacom: Use "Confidence" flag to prevent reporting invalid contacts)
CC: stable@vger.kernel.org
Signed-off-by: Jason Gerecke <jason.gerecke@wacom.com>
Reviewed-by: Ping Cheng <ping.cheng@wacom.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/hid/wacom_wac.c | 29 ++++++++++++++++++++++++++---
1 file changed, 26 insertions(+), 3 deletions(-)
--- a/drivers/hid/wacom_wac.c
+++ b/drivers/hid/wacom_wac.c
@@ -2566,6 +2566,24 @@ static void wacom_wac_finger_slot(struct
}
}
+static bool wacom_wac_slot_is_active(struct input_dev *dev, int key)
+{
+ struct input_mt *mt = dev->mt;
+ struct input_mt_slot *s;
+
+ if (!mt)
+ return false;
+
+ for (s = mt->slots; s != mt->slots + mt->num_slots; s++) {
+ if (s->key == key &&
+ input_mt_get_value(s, ABS_MT_TRACKING_ID) >= 0) {
+ return true;
+ }
+ }
+
+ return false;
+}
+
static void wacom_wac_finger_event(struct hid_device *hdev,
struct hid_field *field, struct hid_usage *usage, __s32 value)
{
@@ -2613,9 +2631,14 @@ static void wacom_wac_finger_event(struc
}
if (usage->usage_index + 1 == field->report_count) {
- if (equivalent_usage == wacom_wac->hid_data.last_slot_field &&
- wacom_wac->hid_data.confidence)
- wacom_wac_finger_slot(wacom_wac, wacom_wac->touch_input);
+ if (equivalent_usage == wacom_wac->hid_data.last_slot_field) {
+ bool touch_removed = wacom_wac_slot_is_active(wacom_wac->touch_input,
+ wacom_wac->hid_data.id) && !wacom_wac->hid_data.tipswitch;
+
+ if (wacom_wac->hid_data.confidence || touch_removed) {
+ wacom_wac_finger_slot(wacom_wac, wacom_wac->touch_input);
+ }
+ }
}
}
^ permalink raw reply [flat|nested] 584+ messages in thread
* [PATCH 5.10 005/563] HID: wacom: Avoid using stale array indicies to read contact count
2022-01-24 18:36 [PATCH 5.10 000/563] 5.10.94-rc1 review Greg Kroah-Hartman
` (3 preceding siblings ...)
2022-01-24 18:36 ` [PATCH 5.10 004/563] HID: wacom: Ignore the confidence flag when a touch is removed Greg Kroah-Hartman
@ 2022-01-24 18:36 ` Greg Kroah-Hartman
2022-01-24 18:36 ` [PATCH 5.10 006/563] f2fs: fix to do sanity check in is_alive() Greg Kroah-Hartman
` (561 subsequent siblings)
566 siblings, 0 replies; 584+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:36 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jason Gerecke, Ping Cheng, Jiri Kosina
From: Jason Gerecke <killertofu@gmail.com>
commit 20f3cf5f860f9f267a6a6e5642d3d0525edb1814 upstream.
If we ever see a touch report with contact count data we initialize
several variables used to read the contact count in the pre-report
phase. These variables are never reset if we process a report which
doesn't contain a contact count, however. This can cause the pre-
report function to trigger a read of arbitrary memory (e.g. NULL
if we're lucky) and potentially crash the driver.
This commit restores resetting of the variables back to default
"none" values that were used prior to the commit mentioned
below.
Link: https://github.com/linuxwacom/input-wacom/issues/276
Fixes: 003f50ab673c (HID: wacom: Update last_slot_field during pre_report phase)
CC: stable@vger.kernel.org
Signed-off-by: Jason Gerecke <jason.gerecke@wacom.com>
Reviewed-by: Ping Cheng <ping.cheng@wacom.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/hid/wacom_wac.c | 4 ++++
1 file changed, 4 insertions(+)
--- a/drivers/hid/wacom_wac.c
+++ b/drivers/hid/wacom_wac.c
@@ -2654,6 +2654,10 @@ static void wacom_wac_finger_pre_report(
hid_data->confidence = true;
+ hid_data->cc_report = 0;
+ hid_data->cc_index = -1;
+ hid_data->cc_value_index = -1;
+
for (i = 0; i < report->maxfield; i++) {
struct hid_field *field = report->field[i];
int j;
^ permalink raw reply [flat|nested] 584+ messages in thread
* [PATCH 5.10 006/563] f2fs: fix to do sanity check in is_alive()
2022-01-24 18:36 [PATCH 5.10 000/563] 5.10.94-rc1 review Greg Kroah-Hartman
` (4 preceding siblings ...)
2022-01-24 18:36 ` [PATCH 5.10 005/563] HID: wacom: Avoid using stale array indicies to read contact count Greg Kroah-Hartman
@ 2022-01-24 18:36 ` Greg Kroah-Hartman
2022-01-24 18:36 ` [PATCH 5.10 007/563] nfc: llcp: fix NULL error pointer dereference on sendmsg() after failed bind() Greg Kroah-Hartman
` (560 subsequent siblings)
566 siblings, 0 replies; 584+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:36 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Chao Yu, Jaegeuk Kim
From: Chao Yu <chao@kernel.org>
commit 77900c45ee5cd5da63bd4d818a41dbdf367e81cd upstream.
In fuzzed image, SSA table may indicate that a data block belongs to
invalid node, which node ID is out-of-range (0, 1, 2 or max_nid), in
order to avoid migrating inconsistent data in such corrupted image,
let's do sanity check anyway before data block migration.
Cc: stable@vger.kernel.org
Signed-off-by: Chao Yu <chao@kernel.org>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/f2fs/gc.c | 3 +++
1 file changed, 3 insertions(+)
--- a/fs/f2fs/gc.c
+++ b/fs/f2fs/gc.c
@@ -998,6 +998,9 @@ static bool is_alive(struct f2fs_sb_info
set_sbi_flag(sbi, SBI_NEED_FSCK);
}
+ if (f2fs_check_nid_range(sbi, dni->ino))
+ return false;
+
*nofs = ofs_of_node(node_page);
source_blkaddr = data_blkaddr(NULL, node_page, ofs_in_node);
f2fs_put_page(node_page, 1);
^ permalink raw reply [flat|nested] 584+ messages in thread
* [PATCH 5.10 007/563] nfc: llcp: fix NULL error pointer dereference on sendmsg() after failed bind()
2022-01-24 18:36 [PATCH 5.10 000/563] 5.10.94-rc1 review Greg Kroah-Hartman
` (5 preceding siblings ...)
2022-01-24 18:36 ` [PATCH 5.10 006/563] f2fs: fix to do sanity check in is_alive() Greg Kroah-Hartman
@ 2022-01-24 18:36 ` Greg Kroah-Hartman
2022-01-24 18:36 ` [PATCH 5.10 008/563] mtd: rawnand: gpmi: Add ERR007117 protection for nfc_apply_timings Greg Kroah-Hartman
` (559 subsequent siblings)
566 siblings, 0 replies; 584+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:36 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Krzysztof Kozlowski, David S. Miller,
syzbot+7f23bcddf626e0593a39
From: Krzysztof Kozlowski <krzysztof.kozlowski@canonical.com>
commit dded08927ca3c31a5c37f8e7f95fe98770475dd4 upstream.
Syzbot detected a NULL pointer dereference of nfc_llcp_sock->dev pointer
(which is a 'struct nfc_dev *') with calls to llcp_sock_sendmsg() after
a failed llcp_sock_bind(). The message being sent is a SOCK_DGRAM.
KASAN report:
BUG: KASAN: null-ptr-deref in nfc_alloc_send_skb+0x2d/0xc0
Read of size 4 at addr 00000000000005c8 by task llcp_sock_nfc_a/899
CPU: 5 PID: 899 Comm: llcp_sock_nfc_a Not tainted 5.16.0-rc6-next-20211224-00001-gc6437fbf18b0 #125
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-2 04/01/2014
Call Trace:
<TASK>
dump_stack_lvl+0x45/0x59
? nfc_alloc_send_skb+0x2d/0xc0
__kasan_report.cold+0x117/0x11c
? mark_lock+0x480/0x4f0
? nfc_alloc_send_skb+0x2d/0xc0
kasan_report+0x38/0x50
nfc_alloc_send_skb+0x2d/0xc0
nfc_llcp_send_ui_frame+0x18c/0x2a0
? nfc_llcp_send_i_frame+0x230/0x230
? __local_bh_enable_ip+0x86/0xe0
? llcp_sock_connect+0x470/0x470
? llcp_sock_connect+0x470/0x470
sock_sendmsg+0x8e/0xa0
____sys_sendmsg+0x253/0x3f0
...
The issue was visible only with multiple simultaneous calls to bind() and
sendmsg(), which resulted in most of the bind() calls to fail. The
bind() was failing on checking if there is available WKS/SDP/SAP
(respective bit in 'struct nfc_llcp_local' fields). When there was no
available WKS/SDP/SAP, the bind returned error but the sendmsg() to such
socket was able to trigger mentioned NULL pointer dereference of
nfc_llcp_sock->dev.
The code looks simply racy and currently it protects several paths
against race with checks for (!nfc_llcp_sock->local) which is NULL-ified
in error paths of bind(). The llcp_sock_sendmsg() did not have such
check but called function nfc_llcp_send_ui_frame() had, although not
protected with lock_sock().
Therefore the race could look like (same socket is used all the time):
CPU0 CPU1
==== ====
llcp_sock_bind()
- lock_sock()
- success
- release_sock()
- return 0
llcp_sock_sendmsg()
- lock_sock()
- release_sock()
llcp_sock_bind(), same socket
- lock_sock()
- error
- nfc_llcp_send_ui_frame()
- if (!llcp_sock->local)
- llcp_sock->local = NULL
- nfc_put_device(dev)
- dereference llcp_sock->dev
- release_sock()
- return -ERRNO
The nfc_llcp_send_ui_frame() checked llcp_sock->local outside of the
lock, which is racy and ineffective check. Instead, its caller
llcp_sock_sendmsg(), should perform the check inside lock_sock().
Reported-and-tested-by: syzbot+7f23bcddf626e0593a39@syzkaller.appspotmail.com
Fixes: b874dec21d1c ("NFC: Implement LLCP connection less Tx path")
Cc: <stable@vger.kernel.org>
Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski@canonical.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/nfc/llcp_sock.c | 5 +++++
1 file changed, 5 insertions(+)
--- a/net/nfc/llcp_sock.c
+++ b/net/nfc/llcp_sock.c
@@ -789,6 +789,11 @@ static int llcp_sock_sendmsg(struct sock
lock_sock(sk);
+ if (!llcp_sock->local) {
+ release_sock(sk);
+ return -ENODEV;
+ }
+
if (sk->sk_type == SOCK_DGRAM) {
DECLARE_SOCKADDR(struct sockaddr_nfc_llcp *, addr,
msg->msg_name);
^ permalink raw reply [flat|nested] 584+ messages in thread
* [PATCH 5.10 008/563] mtd: rawnand: gpmi: Add ERR007117 protection for nfc_apply_timings
2022-01-24 18:36 [PATCH 5.10 000/563] 5.10.94-rc1 review Greg Kroah-Hartman
` (6 preceding siblings ...)
2022-01-24 18:36 ` [PATCH 5.10 007/563] nfc: llcp: fix NULL error pointer dereference on sendmsg() after failed bind() Greg Kroah-Hartman
@ 2022-01-24 18:36 ` Greg Kroah-Hartman
2022-01-24 18:36 ` [PATCH 5.10 009/563] mtd: rawnand: gpmi: Remove explicit default gpmi clock setting for i.MX6 Greg Kroah-Hartman
` (558 subsequent siblings)
566 siblings, 0 replies; 584+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:36 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Stefan Riedmueller, Christian Eggers,
Han Xu, Miquel Raynal
From: Christian Eggers <ceggers@arri.de>
commit f53d4c109a666bf1a4883b45d546fba079258717 upstream.
gpmi_io clock needs to be gated off when changing the parent/dividers of
enfc_clk_root (i.MX6Q/i.MX6UL) respectively qspi2_clk_root (i.MX6SX).
Otherwise this rate change can lead to an unresponsive GPMI core which
results in DMA timeouts and failed driver probe:
[ 4.072318] gpmi-nand 112000.gpmi-nand: DMA timeout, last DMA
...
[ 4.370355] gpmi-nand 112000.gpmi-nand: Chip: 0, Error -110
...
[ 4.375988] gpmi-nand 112000.gpmi-nand: Chip: 0, Error -22
[ 4.381524] gpmi-nand 112000.gpmi-nand: Error in ECC-based read: -22
[ 4.387988] gpmi-nand 112000.gpmi-nand: Chip: 0, Error -22
[ 4.393535] gpmi-nand 112000.gpmi-nand: Chip: 0, Error -22
...
Other than stated in i.MX 6 erratum ERR007117, it should be sufficient
to gate only gpmi_io because all other bch/nand clocks are derived from
different clock roots.
The i.MX6 reference manuals state that changing clock muxers can cause
glitches but are silent about changing dividers. But tests showed that
these glitches can definitely happen on i.MX6ULL. For i.MX7D/8MM in turn,
the manual guarantees that no glitches can happen when changing
dividers.
Co-developed-by: Stefan Riedmueller <s.riedmueller@phytec.de>
Signed-off-by: Stefan Riedmueller <s.riedmueller@phytec.de>
Signed-off-by: Christian Eggers <ceggers@arri.de>
Cc: stable@vger.kernel.org
Acked-by: Han Xu <han.xu@nxp.com>
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
Link: https://lore.kernel.org/linux-mtd/20211102202022.15551-2-ceggers@arri.de
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/mtd/nand/raw/gpmi-nand/gpmi-nand.c | 28 +++++++++++++++++++++++++---
1 file changed, 25 insertions(+), 3 deletions(-)
--- a/drivers/mtd/nand/raw/gpmi-nand/gpmi-nand.c
+++ b/drivers/mtd/nand/raw/gpmi-nand/gpmi-nand.c
@@ -711,14 +711,32 @@ static void gpmi_nfc_compute_timings(str
(use_half_period ? BM_GPMI_CTRL1_HALF_PERIOD : 0);
}
-static void gpmi_nfc_apply_timings(struct gpmi_nand_data *this)
+static int gpmi_nfc_apply_timings(struct gpmi_nand_data *this)
{
struct gpmi_nfc_hardware_timing *hw = &this->hw;
struct resources *r = &this->resources;
void __iomem *gpmi_regs = r->gpmi_regs;
unsigned int dll_wait_time_us;
+ int ret;
+
+ /* Clock dividers do NOT guarantee a clean clock signal on its output
+ * during the change of the divide factor on i.MX6Q/UL/SX. On i.MX7/8,
+ * all clock dividers provide these guarantee.
+ */
+ if (GPMI_IS_MX6Q(this) || GPMI_IS_MX6SX(this))
+ clk_disable_unprepare(r->clock[0]);
+
+ ret = clk_set_rate(r->clock[0], hw->clk_rate);
+ if (ret) {
+ dev_err(this->dev, "cannot set clock rate to %lu Hz: %d\n", hw->clk_rate, ret);
+ return ret;
+ }
- clk_set_rate(r->clock[0], hw->clk_rate);
+ if (GPMI_IS_MX6Q(this) || GPMI_IS_MX6SX(this)) {
+ ret = clk_prepare_enable(r->clock[0]);
+ if (ret)
+ return ret;
+ }
writel(hw->timing0, gpmi_regs + HW_GPMI_TIMING0);
writel(hw->timing1, gpmi_regs + HW_GPMI_TIMING1);
@@ -737,6 +755,8 @@ static void gpmi_nfc_apply_timings(struc
/* Wait for the DLL to settle. */
udelay(dll_wait_time_us);
+
+ return 0;
}
static int gpmi_setup_interface(struct nand_chip *chip, int chipnr,
@@ -2278,7 +2298,9 @@ static int gpmi_nfc_exec_op(struct nand_
*/
if (this->hw.must_apply_timings) {
this->hw.must_apply_timings = false;
- gpmi_nfc_apply_timings(this);
+ ret = gpmi_nfc_apply_timings(this);
+ if (ret)
+ return ret;
}
dev_dbg(this->dev, "%s: %d instructions\n", __func__, op->ninstrs);
^ permalink raw reply [flat|nested] 584+ messages in thread
* [PATCH 5.10 009/563] mtd: rawnand: gpmi: Remove explicit default gpmi clock setting for i.MX6
2022-01-24 18:36 [PATCH 5.10 000/563] 5.10.94-rc1 review Greg Kroah-Hartman
` (7 preceding siblings ...)
2022-01-24 18:36 ` [PATCH 5.10 008/563] mtd: rawnand: gpmi: Add ERR007117 protection for nfc_apply_timings Greg Kroah-Hartman
@ 2022-01-24 18:36 ` Greg Kroah-Hartman
2022-01-24 18:36 ` [PATCH 5.10 010/563] mtd: Fixed breaking list in __mtd_del_partition Greg Kroah-Hartman
` (557 subsequent siblings)
566 siblings, 0 replies; 584+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:36 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Stefan Riedmueller, Han Xu, Miquel Raynal
From: Stefan Riedmueller <s.riedmueller@phytec.de>
commit aa1baa0e6c1aa4872e481dce4fc7fd6f3dd8496b upstream.
There is no need to explicitly set the default gpmi clock rate during
boot for the i.MX 6 since this is done during nand_detect anyway.
Signed-off-by: Stefan Riedmueller <s.riedmueller@phytec.de>
Cc: stable@vger.kernel.org
Acked-by: Han Xu <han.xu@nxp.com>
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
Link: https://lore.kernel.org/linux-mtd/20211102202022.15551-1-ceggers@arri.de
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/mtd/nand/raw/gpmi-nand/gpmi-nand.c | 9 ---------
1 file changed, 9 deletions(-)
--- a/drivers/mtd/nand/raw/gpmi-nand/gpmi-nand.c
+++ b/drivers/mtd/nand/raw/gpmi-nand/gpmi-nand.c
@@ -1052,15 +1052,6 @@ static int gpmi_get_clks(struct gpmi_nan
r->clock[i] = clk;
}
- if (GPMI_IS_MX6(this))
- /*
- * Set the default value for the gpmi clock.
- *
- * If you want to use the ONFI nand which is in the
- * Synchronous Mode, you should change the clock as you need.
- */
- clk_set_rate(r->clock[0], 22000000);
-
return 0;
err_clock:
^ permalink raw reply [flat|nested] 584+ messages in thread
* [PATCH 5.10 010/563] mtd: Fixed breaking list in __mtd_del_partition.
2022-01-24 18:36 [PATCH 5.10 000/563] 5.10.94-rc1 review Greg Kroah-Hartman
` (8 preceding siblings ...)
2022-01-24 18:36 ` [PATCH 5.10 009/563] mtd: rawnand: gpmi: Remove explicit default gpmi clock setting for i.MX6 Greg Kroah-Hartman
@ 2022-01-24 18:36 ` Greg Kroah-Hartman
2022-01-24 18:36 ` [PATCH 5.10 011/563] mtd: rawnand: davinci: Dont calculate ECC when reading page Greg Kroah-Hartman
` (556 subsequent siblings)
566 siblings, 0 replies; 584+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:36 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Andreas Oetken, Miquel Raynal
From: Andreas Oetken <ennoerlangen@gmail.com>
commit 2966daf7d253d9904b337b040dd7a43472858b8a upstream.
Not the child partition should be removed from the partition list
but the partition itself. Otherwise the partition list gets broken
and any subsequent remove operations leads to a kernel panic.
Fixes: 46b5889cc2c5 ("mtd: implement proper partition handling")
Signed-off-by: Andreas Oetken <andreas.oetken@siemens-energy.com>
Cc: stable@vger.kernel.org
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
Link: https://lore.kernel.org/linux-mtd/20211102172604.2921065-1-andreas.oetken@siemens-energy.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/mtd/mtdpart.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/mtd/mtdpart.c
+++ b/drivers/mtd/mtdpart.c
@@ -313,7 +313,7 @@ static int __mtd_del_partition(struct mt
if (err)
return err;
- list_del(&child->part.node);
+ list_del(&mtd->part.node);
free_partition(mtd);
return 0;
^ permalink raw reply [flat|nested] 584+ messages in thread
* [PATCH 5.10 011/563] mtd: rawnand: davinci: Dont calculate ECC when reading page
2022-01-24 18:36 [PATCH 5.10 000/563] 5.10.94-rc1 review Greg Kroah-Hartman
` (9 preceding siblings ...)
2022-01-24 18:36 ` [PATCH 5.10 010/563] mtd: Fixed breaking list in __mtd_del_partition Greg Kroah-Hartman
@ 2022-01-24 18:36 ` Greg Kroah-Hartman
2022-01-24 18:36 ` [PATCH 5.10 012/563] mtd: rawnand: davinci: Avoid duplicated page read Greg Kroah-Hartman
` (555 subsequent siblings)
566 siblings, 0 replies; 584+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:36 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Paul Cercueil, Miquel Raynal
From: Paul Cercueil <paul@crapouillou.net>
commit 71e89591502d737c10db2bd4d8fcfaa352552afb upstream.
The function nand_davinci_read_page_hwecc_oob_first() does read the ECC
data from the OOB area. Therefore it does not need to calculate the ECC
as it is already available.
Cc: <stable@vger.kernel.org> # v5.2
Fixes: a0ac778eb82c ("mtd: rawnand: ingenic: Add support for the JZ4740")
Signed-off-by: Paul Cercueil <paul@crapouillou.net>
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
Link: https://lore.kernel.org/linux-mtd/20211016132228.40254-1-paul@crapouillou.net
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/mtd/nand/raw/davinci_nand.c | 3 ---
1 file changed, 3 deletions(-)
--- a/drivers/mtd/nand/raw/davinci_nand.c
+++ b/drivers/mtd/nand/raw/davinci_nand.c
@@ -394,7 +394,6 @@ static int nand_davinci_read_page_hwecc_
int eccsteps = chip->ecc.steps;
uint8_t *p = buf;
uint8_t *ecc_code = chip->ecc.code_buf;
- uint8_t *ecc_calc = chip->ecc.calc_buf;
unsigned int max_bitflips = 0;
/* Read the OOB area first */
@@ -420,8 +419,6 @@ static int nand_davinci_read_page_hwecc_
if (ret)
return ret;
- chip->ecc.calculate(chip, p, &ecc_calc[i]);
-
stat = chip->ecc.correct(chip, p, &ecc_code[i], NULL);
if (stat == -EBADMSG &&
(chip->ecc.options & NAND_ECC_GENERIC_ERASED_CHECK)) {
^ permalink raw reply [flat|nested] 584+ messages in thread
* [PATCH 5.10 012/563] mtd: rawnand: davinci: Avoid duplicated page read
2022-01-24 18:36 [PATCH 5.10 000/563] 5.10.94-rc1 review Greg Kroah-Hartman
` (10 preceding siblings ...)
2022-01-24 18:36 ` [PATCH 5.10 011/563] mtd: rawnand: davinci: Dont calculate ECC when reading page Greg Kroah-Hartman
@ 2022-01-24 18:36 ` Greg Kroah-Hartman
2022-01-24 18:36 ` [PATCH 5.10 013/563] mtd: rawnand: davinci: Rewrite function description Greg Kroah-Hartman
` (554 subsequent siblings)
566 siblings, 0 replies; 584+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:36 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Paul Cercueil, Miquel Raynal
From: Paul Cercueil <paul@crapouillou.net>
commit 9c9d709965385de5a99f84b14bd5860e1541729e upstream.
The function nand_davinci_read_page_hwecc_oob_first() first reads the
OOB data, extracts the ECC information, programs the ECC hardware before
reading the actual data in a loop.
Right after the OOB data was read, it called nand_read_page_op() to
reset the read cursor to the beginning of the page. This caused the
first page to be read twice: in that call, and later in the loop.
Address that issue by changing the call to nand_read_page_op() to
nand_change_read_column_op(), which will only reset the read cursor.
Cc: <stable@vger.kernel.org> # v5.2
Fixes: a0ac778eb82c ("mtd: rawnand: ingenic: Add support for the JZ4740")
Signed-off-by: Paul Cercueil <paul@crapouillou.net>
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
Link: https://lore.kernel.org/linux-mtd/20211016132228.40254-2-paul@crapouillou.net
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/mtd/nand/raw/davinci_nand.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/drivers/mtd/nand/raw/davinci_nand.c
+++ b/drivers/mtd/nand/raw/davinci_nand.c
@@ -401,7 +401,8 @@ static int nand_davinci_read_page_hwecc_
if (ret)
return ret;
- ret = nand_read_page_op(chip, page, 0, NULL, 0);
+ /* Move read cursor to start of page */
+ ret = nand_change_read_column_op(chip, 0, NULL, 0, false);
if (ret)
return ret;
^ permalink raw reply [flat|nested] 584+ messages in thread
* [PATCH 5.10 013/563] mtd: rawnand: davinci: Rewrite function description
2022-01-24 18:36 [PATCH 5.10 000/563] 5.10.94-rc1 review Greg Kroah-Hartman
` (11 preceding siblings ...)
2022-01-24 18:36 ` [PATCH 5.10 012/563] mtd: rawnand: davinci: Avoid duplicated page read Greg Kroah-Hartman
@ 2022-01-24 18:36 ` Greg Kroah-Hartman
2022-01-24 18:36 ` [PATCH 5.10 014/563] x86/gpu: Reserve stolen memory for first integrated Intel GPU Greg Kroah-Hartman
` (553 subsequent siblings)
566 siblings, 0 replies; 584+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:36 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Paul Cercueil, Miquel Raynal
From: Paul Cercueil <paul@crapouillou.net>
commit 0697f8441faad552fbeb02d74454b5e7bcc956a2 upstream.
The original comment that describes the function
nand_davinci_read_page_hwecc_oob_first() is very obscure and it is hard
to understand what it is for.
Cc: <stable@vger.kernel.org> # v5.2
Fixes: a0ac778eb82c ("mtd: rawnand: ingenic: Add support for the JZ4740")
Signed-off-by: Paul Cercueil <paul@crapouillou.net>
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
Link: https://lore.kernel.org/linux-mtd/20211016132228.40254-3-paul@crapouillou.net
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/mtd/nand/raw/davinci_nand.c | 10 ++++------
1 file changed, 4 insertions(+), 6 deletions(-)
--- a/drivers/mtd/nand/raw/davinci_nand.c
+++ b/drivers/mtd/nand/raw/davinci_nand.c
@@ -372,17 +372,15 @@ correct:
}
/**
- * nand_read_page_hwecc_oob_first - hw ecc, read oob first
+ * nand_davinci_read_page_hwecc_oob_first - Hardware ECC page read with ECC
+ * data read from OOB area
* @chip: nand chip info structure
* @buf: buffer to store read data
* @oob_required: caller requires OOB data read to chip->oob_poi
* @page: page number to read
*
- * Hardware ECC for large page chips, require OOB to be read first. For this
- * ECC mode, the write_page method is re-used from ECC_HW. These methods
- * read/write ECC from the OOB area, unlike the ECC_HW_SYNDROME support with
- * multiple ECC steps, follows the "infix ECC" scheme and reads/writes ECC from
- * the data area, by overwriting the NAND manufacturer bad block markings.
+ * Hardware ECC for large page chips, which requires the ECC data to be
+ * extracted from the OOB before the actual data is read.
*/
static int nand_davinci_read_page_hwecc_oob_first(struct nand_chip *chip,
uint8_t *buf,
^ permalink raw reply [flat|nested] 584+ messages in thread
* [PATCH 5.10 014/563] x86/gpu: Reserve stolen memory for first integrated Intel GPU
2022-01-24 18:36 [PATCH 5.10 000/563] 5.10.94-rc1 review Greg Kroah-Hartman
` (12 preceding siblings ...)
2022-01-24 18:36 ` [PATCH 5.10 013/563] mtd: rawnand: davinci: Rewrite function description Greg Kroah-Hartman
@ 2022-01-24 18:36 ` Greg Kroah-Hartman
2022-01-24 18:36 ` [PATCH 5.10 015/563] tools/nolibc: x86-64: Fix startup code bug Greg Kroah-Hartman
` (552 subsequent siblings)
566 siblings, 0 replies; 584+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:36 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Lucas De Marchi, Bjorn Helgaas
From: Lucas De Marchi <lucas.demarchi@intel.com>
commit 9c494ca4d3a535f9ca11ad6af1813983c1c6cbdd upstream.
"Stolen memory" is memory set aside for use by an Intel integrated GPU.
The intel_graphics_quirks() early quirk reserves this memory when it is
called for a GPU that appears in the intel_early_ids[] table of integrated
GPUs.
Previously intel_graphics_quirks() was marked as QFLAG_APPLY_ONCE, so it
was called only for the first Intel GPU found. If a discrete GPU happened
to be enumerated first, intel_graphics_quirks() was called for it but not
for any integrated GPU found later. Therefore, stolen memory for such an
integrated GPU was never reserved.
For example, this problem occurs in this Alderlake-P (integrated) + DG2
(discrete) topology where the DG2 is found first, but stolen memory is
associated with the integrated GPU:
- 00:01.0 Bridge
`- 03:00.0 DG2 discrete GPU
- 00:02.0 Integrated GPU (with stolen memory)
Remove the QFLAG_APPLY_ONCE flag and call intel_graphics_quirks() for every
Intel GPU. Reserve stolen memory for the first GPU that appears in
intel_early_ids[].
[bhelgaas: commit log, add code comment, squash in
https://lore.kernel.org/r/20220118190558.2ququ4vdfjuahicm@ldmartin-desk2]
Link: https://lore.kernel.org/r/20220114002843.2083382-1-lucas.demarchi@intel.com
Signed-off-by: Lucas De Marchi <lucas.demarchi@intel.com>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Cc: stable@vger.kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/kernel/early-quirks.c | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
--- a/arch/x86/kernel/early-quirks.c
+++ b/arch/x86/kernel/early-quirks.c
@@ -515,6 +515,7 @@ static const struct intel_early_ops gen1
.stolen_size = gen9_stolen_size,
};
+/* Intel integrated GPUs for which we need to reserve "stolen memory" */
static const struct pci_device_id intel_early_ids[] __initconst = {
INTEL_I830_IDS(&i830_early_ops),
INTEL_I845G_IDS(&i845_early_ops),
@@ -588,6 +589,13 @@ static void __init intel_graphics_quirks
u16 device;
int i;
+ /*
+ * Reserve "stolen memory" for an integrated GPU. If we've already
+ * found one, there's nothing to do for other (discrete) GPUs.
+ */
+ if (resource_size(&intel_graphics_stolen_res))
+ return;
+
device = read_pci_config_16(num, slot, func, PCI_DEVICE_ID);
for (i = 0; i < ARRAY_SIZE(intel_early_ids); i++) {
@@ -700,7 +708,7 @@ static struct chipset early_qrk[] __init
{ PCI_VENDOR_ID_INTEL, 0x3406, PCI_CLASS_BRIDGE_HOST,
PCI_BASE_CLASS_BRIDGE, 0, intel_remapping_check },
{ PCI_VENDOR_ID_INTEL, PCI_ANY_ID, PCI_CLASS_DISPLAY_VGA, PCI_ANY_ID,
- QFLAG_APPLY_ONCE, intel_graphics_quirks },
+ 0, intel_graphics_quirks },
/*
* HPET on the current version of the Baytrail platform has accuracy
* problems: it will halt in deep idle state - so we disable it.
^ permalink raw reply [flat|nested] 584+ messages in thread
* [PATCH 5.10 015/563] tools/nolibc: x86-64: Fix startup code bug
2022-01-24 18:36 [PATCH 5.10 000/563] 5.10.94-rc1 review Greg Kroah-Hartman
` (13 preceding siblings ...)
2022-01-24 18:36 ` [PATCH 5.10 014/563] x86/gpu: Reserve stolen memory for first integrated Intel GPU Greg Kroah-Hartman
@ 2022-01-24 18:36 ` Greg Kroah-Hartman
2022-01-24 18:36 ` [PATCH 5.10 016/563] tools/nolibc: i386: fix initial stack alignment Greg Kroah-Hartman
` (551 subsequent siblings)
566 siblings, 0 replies; 584+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:36 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Bedirhan KURT, Louvian Lyndal,
Peter Cordes, Ammar Faizi, Willy Tarreau, Paul E. McKenney
From: Ammar Faizi <ammar.faizi@students.amikom.ac.id>
commit 937ed91c712273131de6d2a02caafd3ee84e0c72 upstream.
Before this patch, the `_start` function looks like this:
```
0000000000001170 <_start>:
1170: pop %rdi
1171: mov %rsp,%rsi
1174: lea 0x8(%rsi,%rdi,8),%rdx
1179: and $0xfffffffffffffff0,%rsp
117d: sub $0x8,%rsp
1181: call 1000 <main>
1186: movzbq %al,%rdi
118a: mov $0x3c,%rax
1191: syscall
1193: hlt
1194: data16 cs nopw 0x0(%rax,%rax,1)
119f: nop
```
Note the "and" to %rsp with $-16, it makes the %rsp be 16-byte aligned,
but then there is a "sub" with $0x8 which makes the %rsp no longer
16-byte aligned, then it calls main. That's the bug!
What actually the x86-64 System V ABI mandates is that right before the
"call", the %rsp must be 16-byte aligned, not after the "call". So the
"sub" with $0x8 here breaks the alignment. Remove it.
An example where this rule matters is when the callee needs to align
its stack at 16-byte for aligned move instruction, like `movdqa` and
`movaps`. If the callee can't align its stack properly, it will result
in segmentation fault.
x86-64 System V ABI also mandates the deepest stack frame should be
zero. Just to be safe, let's zero the %rbp on startup as the content
of %rbp may be unspecified when the program starts. Now it looks like
this:
```
0000000000001170 <_start>:
1170: pop %rdi
1171: mov %rsp,%rsi
1174: lea 0x8(%rsi,%rdi,8),%rdx
1179: xor %ebp,%ebp # zero the %rbp
117b: and $0xfffffffffffffff0,%rsp # align the %rsp
117f: call 1000 <main>
1184: movzbq %al,%rdi
1188: mov $0x3c,%rax
118f: syscall
1191: hlt
1192: data16 cs nopw 0x0(%rax,%rax,1)
119d: nopl (%rax)
```
Cc: Bedirhan KURT <windowz414@gnuweeb.org>
Cc: Louvian Lyndal <louvianlyndal@gmail.com>
Reported-by: Peter Cordes <peter@cordes.ca>
Signed-off-by: Ammar Faizi <ammar.faizi@students.amikom.ac.id>
[wt: I did this on purpose due to a misunderstanding of the spec, other
archs will thus have to be rechecked, particularly i386]
Cc: stable@vger.kernel.org
Signed-off-by: Willy Tarreau <w@1wt.eu>
Signed-off-by: Paul E. McKenney <paulmck@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
tools/include/nolibc/nolibc.h | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
--- a/tools/include/nolibc/nolibc.h
+++ b/tools/include/nolibc/nolibc.h
@@ -422,14 +422,20 @@ struct stat {
})
/* startup code */
+/*
+ * x86-64 System V ABI mandates:
+ * 1) %rsp must be 16-byte aligned right before the function call.
+ * 2) The deepest stack frame should be zero (the %rbp).
+ *
+ */
asm(".section .text\n"
".global _start\n"
"_start:\n"
"pop %rdi\n" // argc (first arg, %rdi)
"mov %rsp, %rsi\n" // argv[] (second arg, %rsi)
"lea 8(%rsi,%rdi,8),%rdx\n" // then a NULL then envp (third arg, %rdx)
- "and $-16, %rsp\n" // x86 ABI : esp must be 16-byte aligned when
- "sub $8, %rsp\n" // entering the callee
+ "xor %ebp, %ebp\n" // zero the stack frame
+ "and $-16, %rsp\n" // x86 ABI : esp must be 16-byte aligned before call
"call main\n" // main() returns the status code, we'll exit with it.
"movzb %al, %rdi\n" // retrieve exit code from 8 lower bits
"mov $60, %rax\n" // NR_exit == 60
^ permalink raw reply [flat|nested] 584+ messages in thread
* [PATCH 5.10 016/563] tools/nolibc: i386: fix initial stack alignment
2022-01-24 18:36 [PATCH 5.10 000/563] 5.10.94-rc1 review Greg Kroah-Hartman
` (14 preceding siblings ...)
2022-01-24 18:36 ` [PATCH 5.10 015/563] tools/nolibc: x86-64: Fix startup code bug Greg Kroah-Hartman
@ 2022-01-24 18:36 ` Greg Kroah-Hartman
2022-01-24 18:36 ` [PATCH 5.10 017/563] tools/nolibc: fix incorrect truncation of exit code Greg Kroah-Hartman
` (550 subsequent siblings)
566 siblings, 0 replies; 584+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:36 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Ammar Faizi, Willy Tarreau, Paul E. McKenney
From: Willy Tarreau <w@1wt.eu>
commit ebbe0d8a449d183fa43b42d84fcb248e25303985 upstream.
After re-checking in the spec and comparing stack offsets with glibc,
The last pushed argument must be 16-byte aligned (i.e. aligned before the
call) so that in the callee esp+4 is multiple of 16, so the principle is
the 32-bit equivalent to what Ammar fixed for x86_64. It's possible that
32-bit code using SSE2 or MMX could have been affected. In addition the
frame pointer ought to be zero at the deepest level.
Link: https://gitlab.com/x86-psABIs/i386-ABI/-/wikis/Intel386-psABI
Cc: Ammar Faizi <ammar.faizi@students.amikom.ac.id>
Cc: stable@vger.kernel.org
Signed-off-by: Willy Tarreau <w@1wt.eu>
Signed-off-by: Paul E. McKenney <paulmck@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
tools/include/nolibc/nolibc.h | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
--- a/tools/include/nolibc/nolibc.h
+++ b/tools/include/nolibc/nolibc.h
@@ -606,13 +606,21 @@ struct sys_stat_struct {
})
/* startup code */
+/*
+ * i386 System V ABI mandates:
+ * 1) last pushed argument must be 16-byte aligned.
+ * 2) The deepest stack frame should be set to zero
+ *
+ */
asm(".section .text\n"
".global _start\n"
"_start:\n"
"pop %eax\n" // argc (first arg, %eax)
"mov %esp, %ebx\n" // argv[] (second arg, %ebx)
"lea 4(%ebx,%eax,4),%ecx\n" // then a NULL then envp (third arg, %ecx)
- "and $-16, %esp\n" // x86 ABI : esp must be 16-byte aligned when
+ "xor %ebp, %ebp\n" // zero the stack frame
+ "and $-16, %esp\n" // x86 ABI : esp must be 16-byte aligned before
+ "sub $4, %esp\n" // the call instruction (args are aligned)
"push %ecx\n" // push all registers on the stack so that we
"push %ebx\n" // support both regparm and plain stack modes
"push %eax\n"
^ permalink raw reply [flat|nested] 584+ messages in thread
* [PATCH 5.10 017/563] tools/nolibc: fix incorrect truncation of exit code
2022-01-24 18:36 [PATCH 5.10 000/563] 5.10.94-rc1 review Greg Kroah-Hartman
` (15 preceding siblings ...)
2022-01-24 18:36 ` [PATCH 5.10 016/563] tools/nolibc: i386: fix initial stack alignment Greg Kroah-Hartman
@ 2022-01-24 18:36 ` Greg Kroah-Hartman
2022-01-24 18:36 ` [PATCH 5.10 018/563] rtc: cmos: take rtc_lock while reading from CMOS Greg Kroah-Hartman
` (549 subsequent siblings)
566 siblings, 0 replies; 584+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:36 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Ammar Faizi, Willy Tarreau, Paul E. McKenney
From: Willy Tarreau <w@1wt.eu>
commit de0244ae40ae91145faaf164a4252347607c3711 upstream.
Ammar Faizi reported that our exit code handling is wrong. We truncate
it to the lowest 8 bits but the syscall itself is expected to take a
regular 32-bit signed integer, not an unsigned char. It's the kernel
that later truncates it to the lowest 8 bits. The difference is visible
in strace, where the program below used to show exit(255) instead of
exit(-1):
int main(void)
{
return -1;
}
This patch applies the fix to all archs. x86_64, i386, arm64, armv7 and
mips were all tested and confirmed to work fine now. Risc-v was not
tested but the change is trivial and exactly the same as for other archs.
Reported-by: Ammar Faizi <ammar.faizi@students.amikom.ac.id>
Cc: stable@vger.kernel.org
Signed-off-by: Willy Tarreau <w@1wt.eu>
Signed-off-by: Paul E. McKenney <paulmck@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
tools/include/nolibc/nolibc.h | 13 +++++--------
1 file changed, 5 insertions(+), 8 deletions(-)
--- a/tools/include/nolibc/nolibc.h
+++ b/tools/include/nolibc/nolibc.h
@@ -437,7 +437,7 @@ asm(".section .text\n"
"xor %ebp, %ebp\n" // zero the stack frame
"and $-16, %rsp\n" // x86 ABI : esp must be 16-byte aligned before call
"call main\n" // main() returns the status code, we'll exit with it.
- "movzb %al, %rdi\n" // retrieve exit code from 8 lower bits
+ "mov %eax, %edi\n" // retrieve exit code (32 bit)
"mov $60, %rax\n" // NR_exit == 60
"syscall\n" // really exit
"hlt\n" // ensure it does not return
@@ -625,9 +625,9 @@ asm(".section .text\n"
"push %ebx\n" // support both regparm and plain stack modes
"push %eax\n"
"call main\n" // main() returns the status code in %eax
- "movzbl %al, %ebx\n" // retrieve exit code from lower 8 bits
- "movl $1, %eax\n" // NR_exit == 1
- "int $0x80\n" // exit now
+ "mov %eax, %ebx\n" // retrieve exit code (32-bit int)
+ "movl $1, %eax\n" // NR_exit == 1
+ "int $0x80\n" // exit now
"hlt\n" // ensure it does not
"");
@@ -811,7 +811,6 @@ asm(".section .text\n"
"and %r3, %r1, $-8\n" // AAPCS : sp must be 8-byte aligned in the
"mov %sp, %r3\n" // callee, an bl doesn't push (lr=pc)
"bl main\n" // main() returns the status code, we'll exit with it.
- "and %r0, %r0, $0xff\n" // limit exit code to 8 bits
"movs r7, $1\n" // NR_exit == 1
"svc $0x00\n"
"");
@@ -1008,7 +1007,6 @@ asm(".section .text\n"
"add x2, x2, x1\n" // + argv
"and sp, x1, -16\n" // sp must be 16-byte aligned in the callee
"bl main\n" // main() returns the status code, we'll exit with it.
- "and x0, x0, 0xff\n" // limit exit code to 8 bits
"mov x8, 93\n" // NR_exit == 93
"svc #0\n"
"");
@@ -1213,7 +1211,7 @@ asm(".section .text\n"
"addiu $sp,$sp,-16\n" // the callee expects to save a0..a3 there!
"jal main\n" // main() returns the status code, we'll exit with it.
"nop\n" // delayed slot
- "and $a0, $v0, 0xff\n" // limit exit code to 8 bits
+ "move $a0, $v0\n" // retrieve 32-bit exit code from v0
"li $v0, 4001\n" // NR_exit == 4001
"syscall\n"
".end __start\n"
@@ -1411,7 +1409,6 @@ asm(".section .text\n"
"add a2,a2,a1\n" // + argv
"andi sp,a1,-16\n" // sp must be 16-byte aligned
"call main\n" // main() returns the status code, we'll exit with it.
- "andi a0, a0, 0xff\n" // limit exit code to 8 bits
"li a7, 93\n" // NR_exit == 93
"ecall\n"
"");
^ permalink raw reply [flat|nested] 584+ messages in thread
* [PATCH 5.10 018/563] rtc: cmos: take rtc_lock while reading from CMOS
2022-01-24 18:36 [PATCH 5.10 000/563] 5.10.94-rc1 review Greg Kroah-Hartman
` (16 preceding siblings ...)
2022-01-24 18:36 ` [PATCH 5.10 017/563] tools/nolibc: fix incorrect truncation of exit code Greg Kroah-Hartman
@ 2022-01-24 18:36 ` Greg Kroah-Hartman
2022-01-24 18:36 ` [PATCH 5.10 019/563] media: v4l2-ioctl.c: readbuffers depends on V4L2_CAP_READWRITE Greg Kroah-Hartman
` (548 subsequent siblings)
566 siblings, 0 replies; 584+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:36 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Mateusz Jończyk,
Nobuhiro Iwamatsu, Alessandro Zummo, Alexandre Belloni
From: Mateusz Jończyk <mat.jonczyk@o2.pl>
commit 454f47ff464325223129b9b5b8d0b61946ec704d upstream.
Reading from the CMOS involves writing to the index register and then
reading from the data register. Therefore access to the CMOS has to be
serialized with rtc_lock. This invocation of CMOS_READ was not
serialized, which could cause trouble when other code is accessing CMOS
at the same time.
Use spin_lock_irq() like the rest of the function.
Nothing in kernel modifies the RTC_DM_BINARY bit, so there could be a
separate pair of spin_lock_irq() / spin_unlock_irq() before doing the
math.
Signed-off-by: Mateusz Jończyk <mat.jonczyk@o2.pl>
Reviewed-by: Nobuhiro Iwamatsu <iwamatsu@nigauri.org>
Cc: Alessandro Zummo <a.zummo@towertech.it>
Cc: Alexandre Belloni <alexandre.belloni@bootlin.com>
Cc: stable@vger.kernel.org
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Link: https://lore.kernel.org/r/20211210200131.153887-2-mat.jonczyk@o2.pl
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/rtc/rtc-cmos.c | 3 +++
1 file changed, 3 insertions(+)
--- a/drivers/rtc/rtc-cmos.c
+++ b/drivers/rtc/rtc-cmos.c
@@ -463,7 +463,10 @@ static int cmos_set_alarm(struct device
min = t->time.tm_min;
sec = t->time.tm_sec;
+ spin_lock_irq(&rtc_lock);
rtc_control = CMOS_READ(RTC_CONTROL);
+ spin_unlock_irq(&rtc_lock);
+
if (!(rtc_control & RTC_DM_BINARY) || RTC_ALWAYS_BCD) {
/* Writing 0xff means "don't care" or "match all". */
mon = (mon <= 12) ? bin2bcd(mon) : 0xff;
^ permalink raw reply [flat|nested] 584+ messages in thread
* [PATCH 5.10 019/563] media: v4l2-ioctl.c: readbuffers depends on V4L2_CAP_READWRITE
2022-01-24 18:36 [PATCH 5.10 000/563] 5.10.94-rc1 review Greg Kroah-Hartman
` (17 preceding siblings ...)
2022-01-24 18:36 ` [PATCH 5.10 018/563] rtc: cmos: take rtc_lock while reading from CMOS Greg Kroah-Hartman
@ 2022-01-24 18:36 ` Greg Kroah-Hartman
2022-01-24 18:36 ` [PATCH 5.10 020/563] media: flexcop-usb: fix control-message timeouts Greg Kroah-Hartman
` (547 subsequent siblings)
566 siblings, 0 replies; 584+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:36 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hans Verkuil, Mauro Carvalho Chehab
From: Hans Verkuil <hverkuil-cisco@xs4all.nl>
commit cd9d9377ed235b294a492a094e1666178a5e78fd upstream.
If V4L2_CAP_READWRITE is not set, then readbuffers must be set to 0,
otherwise v4l2-compliance will complain.
A note on the Fixes tag below: this patch does not really fix that commit,
but it can be applied from that commit onwards. For older code there is no
guarantee that device_caps is set, so even though this patch would apply,
it will not work reliably.
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Fixes: 049e684f2de9 (media: v4l2-dev: fix WARN_ON(!vdev->device_caps))
Cc: <stable@vger.kernel.org>
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/media/v4l2-core/v4l2-ioctl.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
--- a/drivers/media/v4l2-core/v4l2-ioctl.c
+++ b/drivers/media/v4l2-core/v4l2-ioctl.c
@@ -2127,6 +2127,7 @@ static int v4l_prepare_buf(const struct
static int v4l_g_parm(const struct v4l2_ioctl_ops *ops,
struct file *file, void *fh, void *arg)
{
+ struct video_device *vfd = video_devdata(file);
struct v4l2_streamparm *p = arg;
v4l2_std_id std;
int ret = check_fmt(file, p->type);
@@ -2138,7 +2139,8 @@ static int v4l_g_parm(const struct v4l2_
if (p->type != V4L2_BUF_TYPE_VIDEO_CAPTURE &&
p->type != V4L2_BUF_TYPE_VIDEO_CAPTURE_MPLANE)
return -EINVAL;
- p->parm.capture.readbuffers = 2;
+ if (vfd->device_caps & V4L2_CAP_READWRITE)
+ p->parm.capture.readbuffers = 2;
ret = ops->vidioc_g_std(file, fh, &std);
if (ret == 0)
v4l2_video_std_frame_period(std, &p->parm.capture.timeperframe);
^ permalink raw reply [flat|nested] 584+ messages in thread
* [PATCH 5.10 020/563] media: flexcop-usb: fix control-message timeouts
2022-01-24 18:36 [PATCH 5.10 000/563] 5.10.94-rc1 review Greg Kroah-Hartman
` (18 preceding siblings ...)
2022-01-24 18:36 ` [PATCH 5.10 019/563] media: v4l2-ioctl.c: readbuffers depends on V4L2_CAP_READWRITE Greg Kroah-Hartman
@ 2022-01-24 18:36 ` Greg Kroah-Hartman
2022-01-24 18:36 ` [PATCH 5.10 021/563] media: mceusb: " Greg Kroah-Hartman
` (546 subsequent siblings)
566 siblings, 0 replies; 584+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:36 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Johan Hovold, Hans Verkuil,
Mauro Carvalho Chehab
From: Johan Hovold <johan@kernel.org>
commit cd1798a387825cc4a51282f5a611ad05bb1ad75f upstream.
USB control-message timeouts are specified in milliseconds and should
specifically not vary with CONFIG_HZ.
Note that the driver was multiplying some of the timeout values with HZ
twice resulting in 3000-second timeouts with HZ=1000.
Also note that two of the timeout defines are currently unused.
Fixes: 2154be651b90 ("[media] redrat3: new rc-core IR transceiver device driver")
Cc: stable@vger.kernel.org # 3.0
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/media/usb/b2c2/flexcop-usb.c | 10 +++++-----
drivers/media/usb/b2c2/flexcop-usb.h | 12 ++++++------
2 files changed, 11 insertions(+), 11 deletions(-)
--- a/drivers/media/usb/b2c2/flexcop-usb.c
+++ b/drivers/media/usb/b2c2/flexcop-usb.c
@@ -87,7 +87,7 @@ static int flexcop_usb_readwrite_dw(stru
0,
fc_usb->data,
sizeof(u32),
- B2C2_WAIT_FOR_OPERATION_RDW * HZ);
+ B2C2_WAIT_FOR_OPERATION_RDW);
if (ret != sizeof(u32)) {
err("error while %s dword from %d (%d).", read ? "reading" :
@@ -155,7 +155,7 @@ static int flexcop_usb_v8_memory_req(str
wIndex,
fc_usb->data,
buflen,
- nWaitTime * HZ);
+ nWaitTime);
if (ret != buflen)
ret = -EIO;
@@ -249,13 +249,13 @@ static int flexcop_usb_i2c_req(struct fl
/* DKT 020208 - add this to support special case of DiSEqC */
case USB_FUNC_I2C_CHECKWRITE:
pipe = B2C2_USB_CTRL_PIPE_OUT;
- nWaitTime = 2;
+ nWaitTime = 2000;
request_type |= USB_DIR_OUT;
break;
case USB_FUNC_I2C_READ:
case USB_FUNC_I2C_REPEATREAD:
pipe = B2C2_USB_CTRL_PIPE_IN;
- nWaitTime = 2;
+ nWaitTime = 2000;
request_type |= USB_DIR_IN;
break;
default:
@@ -282,7 +282,7 @@ static int flexcop_usb_i2c_req(struct fl
wIndex,
fc_usb->data,
buflen,
- nWaitTime * HZ);
+ nWaitTime);
if (ret != buflen)
ret = -EIO;
--- a/drivers/media/usb/b2c2/flexcop-usb.h
+++ b/drivers/media/usb/b2c2/flexcop-usb.h
@@ -91,13 +91,13 @@ typedef enum {
UTILITY_SRAM_TESTVERIFY = 0x16,
} flexcop_usb_utility_function_t;
-#define B2C2_WAIT_FOR_OPERATION_RW (1*HZ)
-#define B2C2_WAIT_FOR_OPERATION_RDW (3*HZ)
-#define B2C2_WAIT_FOR_OPERATION_WDW (1*HZ)
+#define B2C2_WAIT_FOR_OPERATION_RW 1000
+#define B2C2_WAIT_FOR_OPERATION_RDW 3000
+#define B2C2_WAIT_FOR_OPERATION_WDW 1000
-#define B2C2_WAIT_FOR_OPERATION_V8READ (3*HZ)
-#define B2C2_WAIT_FOR_OPERATION_V8WRITE (3*HZ)
-#define B2C2_WAIT_FOR_OPERATION_V8FLASH (3*HZ)
+#define B2C2_WAIT_FOR_OPERATION_V8READ 3000
+#define B2C2_WAIT_FOR_OPERATION_V8WRITE 3000
+#define B2C2_WAIT_FOR_OPERATION_V8FLASH 3000
typedef enum {
V8_MEMORY_PAGE_DVB_CI = 0x20,
^ permalink raw reply [flat|nested] 584+ messages in thread
* [PATCH 5.10 021/563] media: mceusb: fix control-message timeouts
2022-01-24 18:36 [PATCH 5.10 000/563] 5.10.94-rc1 review Greg Kroah-Hartman
` (19 preceding siblings ...)
2022-01-24 18:36 ` [PATCH 5.10 020/563] media: flexcop-usb: fix control-message timeouts Greg Kroah-Hartman
@ 2022-01-24 18:36 ` Greg Kroah-Hartman
2022-01-24 18:36 ` [PATCH 5.10 022/563] media: em28xx: " Greg Kroah-Hartman
` (545 subsequent siblings)
566 siblings, 0 replies; 584+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:36 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Johan Hovold, Hans Verkuil,
Mauro Carvalho Chehab
From: Johan Hovold <johan@kernel.org>
commit 16394e998cbb050730536bdf7e89f5a70efbd974 upstream.
USB control-message timeouts are specified in milliseconds and should
specifically not vary with CONFIG_HZ.
Fixes: 66e89522aff7 ("V4L/DVB: IR: add mceusb IR receiver driver")
Cc: stable@vger.kernel.org # 2.6.36
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/media/rc/mceusb.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
--- a/drivers/media/rc/mceusb.c
+++ b/drivers/media/rc/mceusb.c
@@ -1430,7 +1430,7 @@ static void mceusb_gen1_init(struct mceu
*/
ret = usb_control_msg(ir->usbdev, usb_rcvctrlpipe(ir->usbdev, 0),
USB_REQ_SET_ADDRESS, USB_TYPE_VENDOR, 0, 0,
- data, USB_CTRL_MSG_SZ, HZ * 3);
+ data, USB_CTRL_MSG_SZ, 3000);
dev_dbg(dev, "set address - ret = %d", ret);
dev_dbg(dev, "set address - data[0] = %d, data[1] = %d",
data[0], data[1]);
@@ -1438,20 +1438,20 @@ static void mceusb_gen1_init(struct mceu
/* set feature: bit rate 38400 bps */
ret = usb_control_msg(ir->usbdev, usb_sndctrlpipe(ir->usbdev, 0),
USB_REQ_SET_FEATURE, USB_TYPE_VENDOR,
- 0xc04e, 0x0000, NULL, 0, HZ * 3);
+ 0xc04e, 0x0000, NULL, 0, 3000);
dev_dbg(dev, "set feature - ret = %d", ret);
/* bRequest 4: set char length to 8 bits */
ret = usb_control_msg(ir->usbdev, usb_sndctrlpipe(ir->usbdev, 0),
4, USB_TYPE_VENDOR,
- 0x0808, 0x0000, NULL, 0, HZ * 3);
+ 0x0808, 0x0000, NULL, 0, 3000);
dev_dbg(dev, "set char length - retB = %d", ret);
/* bRequest 2: set handshaking to use DTR/DSR */
ret = usb_control_msg(ir->usbdev, usb_sndctrlpipe(ir->usbdev, 0),
2, USB_TYPE_VENDOR,
- 0x0000, 0x0100, NULL, 0, HZ * 3);
+ 0x0000, 0x0100, NULL, 0, 3000);
dev_dbg(dev, "set handshake - retC = %d", ret);
/* device resume */
^ permalink raw reply [flat|nested] 584+ messages in thread
* [PATCH 5.10 022/563] media: em28xx: fix control-message timeouts
2022-01-24 18:36 [PATCH 5.10 000/563] 5.10.94-rc1 review Greg Kroah-Hartman
` (20 preceding siblings ...)
2022-01-24 18:36 ` [PATCH 5.10 021/563] media: mceusb: " Greg Kroah-Hartman
@ 2022-01-24 18:36 ` Greg Kroah-Hartman
2022-01-24 18:36 ` [PATCH 5.10 023/563] media: cpia2: " Greg Kroah-Hartman
` (544 subsequent siblings)
566 siblings, 0 replies; 584+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:36 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Johan Hovold, Hans Verkuil,
Mauro Carvalho Chehab
From: Johan Hovold <johan@kernel.org>
commit d9b7e8df3aa9b8c10708aab60e72e79ac08237e4 upstream.
USB control-message timeouts are specified in milliseconds and should
specifically not vary with CONFIG_HZ.
Fixes: a6c2ba283565 ("[PATCH] v4l: 716: support for em28xx board family")
Cc: stable@vger.kernel.org # 2.6.16
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/media/usb/em28xx/em28xx-core.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/drivers/media/usb/em28xx/em28xx-core.c
+++ b/drivers/media/usb/em28xx/em28xx-core.c
@@ -89,7 +89,7 @@ int em28xx_read_reg_req_len(struct em28x
mutex_lock(&dev->ctrl_urb_lock);
ret = usb_control_msg(udev, pipe, req,
USB_DIR_IN | USB_TYPE_VENDOR | USB_RECIP_DEVICE,
- 0x0000, reg, dev->urb_buf, len, HZ);
+ 0x0000, reg, dev->urb_buf, len, 1000);
if (ret < 0) {
em28xx_regdbg("(pipe 0x%08x): IN: %02x %02x %02x %02x %02x %02x %02x %02x failed with error %i\n",
pipe,
@@ -158,7 +158,7 @@ int em28xx_write_regs_req(struct em28xx
memcpy(dev->urb_buf, buf, len);
ret = usb_control_msg(udev, pipe, req,
USB_DIR_OUT | USB_TYPE_VENDOR | USB_RECIP_DEVICE,
- 0x0000, reg, dev->urb_buf, len, HZ);
+ 0x0000, reg, dev->urb_buf, len, 1000);
mutex_unlock(&dev->ctrl_urb_lock);
if (ret < 0) {
^ permalink raw reply [flat|nested] 584+ messages in thread
* [PATCH 5.10 023/563] media: cpia2: fix control-message timeouts
2022-01-24 18:36 [PATCH 5.10 000/563] 5.10.94-rc1 review Greg Kroah-Hartman
` (21 preceding siblings ...)
2022-01-24 18:36 ` [PATCH 5.10 022/563] media: em28xx: " Greg Kroah-Hartman
@ 2022-01-24 18:36 ` Greg Kroah-Hartman
2022-01-24 18:36 ` [PATCH 5.10 024/563] media: s2255: " Greg Kroah-Hartman
` (543 subsequent siblings)
566 siblings, 0 replies; 584+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:36 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Johan Hovold, Hans Verkuil,
Mauro Carvalho Chehab
From: Johan Hovold <johan@kernel.org>
commit 10729be03327f53258cb196362015ad5c6eabe02 upstream.
USB control-message timeouts are specified in milliseconds and should
specifically not vary with CONFIG_HZ.
Fixes: ab33d5071de7 ("V4L/DVB (3376): Add cpia2 camera support")
Cc: stable@vger.kernel.org # 2.6.17
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/media/usb/cpia2/cpia2_usb.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/drivers/media/usb/cpia2/cpia2_usb.c
+++ b/drivers/media/usb/cpia2/cpia2_usb.c
@@ -550,7 +550,7 @@ static int write_packet(struct usb_devic
0, /* index */
buf, /* buffer */
size,
- HZ);
+ 1000);
kfree(buf);
return ret;
@@ -582,7 +582,7 @@ static int read_packet(struct usb_device
0, /* index */
buf, /* buffer */
size,
- HZ);
+ 1000);
if (ret >= 0)
memcpy(registers, buf, size);
^ permalink raw reply [flat|nested] 584+ messages in thread
* [PATCH 5.10 024/563] media: s2255: fix control-message timeouts
2022-01-24 18:36 [PATCH 5.10 000/563] 5.10.94-rc1 review Greg Kroah-Hartman
` (22 preceding siblings ...)
2022-01-24 18:36 ` [PATCH 5.10 023/563] media: cpia2: " Greg Kroah-Hartman
@ 2022-01-24 18:36 ` Greg Kroah-Hartman
2022-01-24 18:36 ` [PATCH 5.10 025/563] media: dib0700: fix undefined behavior in tuner shutdown Greg Kroah-Hartman
` (542 subsequent siblings)
566 siblings, 0 replies; 584+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:36 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Johan Hovold, Hans Verkuil,
Mauro Carvalho Chehab
From: Johan Hovold <johan@kernel.org>
commit f71d272ad4e354097020a4e6b1dc6e4b59feb50f upstream.
USB control-message timeouts are specified in milliseconds and should
specifically not vary with CONFIG_HZ.
Use the common control-message timeout define for the five-second
timeouts.
Fixes: 38f993ad8b1f ("V4L/DVB (8125): This driver adds support for the Sensoray 2255 devices.")
Cc: stable@vger.kernel.org # 2.6.27
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/media/usb/s2255/s2255drv.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/drivers/media/usb/s2255/s2255drv.c
+++ b/drivers/media/usb/s2255/s2255drv.c
@@ -1884,7 +1884,7 @@ static long s2255_vendor_req(struct s225
USB_TYPE_VENDOR | USB_RECIP_DEVICE |
USB_DIR_IN,
Value, Index, buf,
- TransferBufferLength, HZ * 5);
+ TransferBufferLength, USB_CTRL_SET_TIMEOUT);
if (r >= 0)
memcpy(TransferBuffer, buf, TransferBufferLength);
@@ -1893,7 +1893,7 @@ static long s2255_vendor_req(struct s225
r = usb_control_msg(dev->udev, usb_sndctrlpipe(dev->udev, 0),
Request, USB_TYPE_VENDOR | USB_RECIP_DEVICE,
Value, Index, buf,
- TransferBufferLength, HZ * 5);
+ TransferBufferLength, USB_CTRL_SET_TIMEOUT);
}
kfree(buf);
return r;
^ permalink raw reply [flat|nested] 584+ messages in thread
* [PATCH 5.10 025/563] media: dib0700: fix undefined behavior in tuner shutdown
2022-01-24 18:36 [PATCH 5.10 000/563] 5.10.94-rc1 review Greg Kroah-Hartman
` (23 preceding siblings ...)
2022-01-24 18:36 ` [PATCH 5.10 024/563] media: s2255: " Greg Kroah-Hartman
@ 2022-01-24 18:36 ` Greg Kroah-Hartman
2022-01-24 18:36 ` [PATCH 5.10 026/563] media: redrat3: fix control-message timeouts Greg Kroah-Hartman
` (541 subsequent siblings)
566 siblings, 0 replies; 584+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:36 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Michael Kuron, Mauro Carvalho Chehab
From: Michael Kuron <michael.kuron@gmail.com>
commit f7b77ebe6d2f49c7747b2d619586d1aa33f9ea91 upstream.
This fixes a problem where closing the tuner would leave it in a state
where it would not tune to any channel when reopened. This problem was
discovered as part of https://github.com/hselasky/webcamd/issues/16.
Since adap->id is 0 or 1, this bit-shift overflows, which is undefined
behavior. The driver still worked in practice as the overflow would in
most environments result in 0, which rendered the line a no-op. When
running the driver as part of webcamd however, the overflow could lead
to 0xff due to optimizations by the compiler, which would, in the end,
improperly shut down the tuner.
The bug is a regression introduced in the commit referenced below. The
present patch causes identical behavior to before that commit for
adap->id equal to 0 or 1. The driver does not contain support for
dib0700 devices with more adapters, assuming such even exist.
Tests have been performed with the Xbox One Digital TV Tuner on amd64.
Not all dib0700 devices are expected to be affected by the regression;
this code path is only taken by those with incorrect endpoint numbers.
Link: https://lore.kernel.org/linux-media/1d2fc36d94ced6f67c7cc21dcc469d5e5bdd8201.1632689033.git.mchehab+huawei@kernel.org
Cc: stable@vger.kernel.org
Fixes: 7757ddda6f4f ("[media] DiB0700: add function to change I2C-speed")
Signed-off-by: Michael Kuron <michael.kuron@gmail.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/media/usb/dvb-usb/dib0700_core.c | 2 --
1 file changed, 2 deletions(-)
--- a/drivers/media/usb/dvb-usb/dib0700_core.c
+++ b/drivers/media/usb/dvb-usb/dib0700_core.c
@@ -618,8 +618,6 @@ int dib0700_streaming_ctrl(struct dvb_us
deb_info("the endpoint number (%i) is not correct, use the adapter id instead", adap->fe_adap[0].stream.props.endpoint);
if (onoff)
st->channel_state |= 1 << (adap->id);
- else
- st->channel_state |= 1 << ~(adap->id);
} else {
if (onoff)
st->channel_state |= 1 << (adap->fe_adap[0].stream.props.endpoint-2);
^ permalink raw reply [flat|nested] 584+ messages in thread
* [PATCH 5.10 026/563] media: redrat3: fix control-message timeouts
2022-01-24 18:36 [PATCH 5.10 000/563] 5.10.94-rc1 review Greg Kroah-Hartman
` (24 preceding siblings ...)
2022-01-24 18:36 ` [PATCH 5.10 025/563] media: dib0700: fix undefined behavior in tuner shutdown Greg Kroah-Hartman
@ 2022-01-24 18:36 ` Greg Kroah-Hartman
2022-01-24 18:36 ` [PATCH 5.10 027/563] media: pvrusb2: " Greg Kroah-Hartman
` (540 subsequent siblings)
566 siblings, 0 replies; 584+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:36 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Johan Hovold, Hans Verkuil,
Mauro Carvalho Chehab
From: Johan Hovold <johan@kernel.org>
commit 2adc965c8bfa224e11ecccf9c92fd458c4236428 upstream.
USB control-message timeouts are specified in milliseconds and should
specifically not vary with CONFIG_HZ.
Fixes: 2154be651b90 ("[media] redrat3: new rc-core IR transceiver device driver")
Cc: stable@vger.kernel.org # 3.0
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/media/rc/redrat3.c | 22 +++++++++++-----------
1 file changed, 11 insertions(+), 11 deletions(-)
--- a/drivers/media/rc/redrat3.c
+++ b/drivers/media/rc/redrat3.c
@@ -404,7 +404,7 @@ static int redrat3_send_cmd(int cmd, str
udev = rr3->udev;
res = usb_control_msg(udev, usb_rcvctrlpipe(udev, 0), cmd,
USB_TYPE_VENDOR | USB_RECIP_DEVICE | USB_DIR_IN,
- 0x0000, 0x0000, data, sizeof(u8), HZ * 10);
+ 0x0000, 0x0000, data, sizeof(u8), 10000);
if (res < 0) {
dev_err(rr3->dev, "%s: Error sending rr3 cmd res %d, data %d",
@@ -480,7 +480,7 @@ static u32 redrat3_get_timeout(struct re
pipe = usb_rcvctrlpipe(rr3->udev, 0);
ret = usb_control_msg(rr3->udev, pipe, RR3_GET_IR_PARAM,
USB_TYPE_VENDOR | USB_RECIP_DEVICE | USB_DIR_IN,
- RR3_IR_IO_SIG_TIMEOUT, 0, tmp, len, HZ * 5);
+ RR3_IR_IO_SIG_TIMEOUT, 0, tmp, len, 5000);
if (ret != len)
dev_warn(rr3->dev, "Failed to read timeout from hardware\n");
else {
@@ -510,7 +510,7 @@ static int redrat3_set_timeout(struct rc
ret = usb_control_msg(udev, usb_sndctrlpipe(udev, 0), RR3_SET_IR_PARAM,
USB_TYPE_VENDOR | USB_RECIP_DEVICE | USB_DIR_OUT,
RR3_IR_IO_SIG_TIMEOUT, 0, timeout, sizeof(*timeout),
- HZ * 25);
+ 25000);
dev_dbg(dev, "set ir parm timeout %d ret 0x%02x\n",
be32_to_cpu(*timeout), ret);
@@ -542,32 +542,32 @@ static void redrat3_reset(struct redrat3
*val = 0x01;
rc = usb_control_msg(udev, rxpipe, RR3_RESET,
USB_TYPE_VENDOR | USB_RECIP_DEVICE | USB_DIR_IN,
- RR3_CPUCS_REG_ADDR, 0, val, len, HZ * 25);
+ RR3_CPUCS_REG_ADDR, 0, val, len, 25000);
dev_dbg(dev, "reset returned 0x%02x\n", rc);
*val = length_fuzz;
rc = usb_control_msg(udev, txpipe, RR3_SET_IR_PARAM,
USB_TYPE_VENDOR | USB_RECIP_DEVICE | USB_DIR_OUT,
- RR3_IR_IO_LENGTH_FUZZ, 0, val, len, HZ * 25);
+ RR3_IR_IO_LENGTH_FUZZ, 0, val, len, 25000);
dev_dbg(dev, "set ir parm len fuzz %d rc 0x%02x\n", *val, rc);
*val = (65536 - (minimum_pause * 2000)) / 256;
rc = usb_control_msg(udev, txpipe, RR3_SET_IR_PARAM,
USB_TYPE_VENDOR | USB_RECIP_DEVICE | USB_DIR_OUT,
- RR3_IR_IO_MIN_PAUSE, 0, val, len, HZ * 25);
+ RR3_IR_IO_MIN_PAUSE, 0, val, len, 25000);
dev_dbg(dev, "set ir parm min pause %d rc 0x%02x\n", *val, rc);
*val = periods_measure_carrier;
rc = usb_control_msg(udev, txpipe, RR3_SET_IR_PARAM,
USB_TYPE_VENDOR | USB_RECIP_DEVICE | USB_DIR_OUT,
- RR3_IR_IO_PERIODS_MF, 0, val, len, HZ * 25);
+ RR3_IR_IO_PERIODS_MF, 0, val, len, 25000);
dev_dbg(dev, "set ir parm periods measure carrier %d rc 0x%02x", *val,
rc);
*val = RR3_DRIVER_MAXLENS;
rc = usb_control_msg(udev, txpipe, RR3_SET_IR_PARAM,
USB_TYPE_VENDOR | USB_RECIP_DEVICE | USB_DIR_OUT,
- RR3_IR_IO_MAX_LENGTHS, 0, val, len, HZ * 25);
+ RR3_IR_IO_MAX_LENGTHS, 0, val, len, 25000);
dev_dbg(dev, "set ir parm max lens %d rc 0x%02x\n", *val, rc);
kfree(val);
@@ -585,7 +585,7 @@ static void redrat3_get_firmware_rev(str
rc = usb_control_msg(rr3->udev, usb_rcvctrlpipe(rr3->udev, 0),
RR3_FW_VERSION,
USB_TYPE_VENDOR | USB_RECIP_DEVICE | USB_DIR_IN,
- 0, 0, buffer, RR3_FW_VERSION_LEN, HZ * 5);
+ 0, 0, buffer, RR3_FW_VERSION_LEN, 5000);
if (rc >= 0)
dev_info(rr3->dev, "Firmware rev: %s", buffer);
@@ -825,14 +825,14 @@ static int redrat3_transmit_ir(struct rc
pipe = usb_sndbulkpipe(rr3->udev, rr3->ep_out->bEndpointAddress);
ret = usb_bulk_msg(rr3->udev, pipe, irdata,
- sendbuf_len, &ret_len, 10 * HZ);
+ sendbuf_len, &ret_len, 10000);
dev_dbg(dev, "sent %d bytes, (ret %d)\n", ret_len, ret);
/* now tell the hardware to transmit what we sent it */
pipe = usb_rcvctrlpipe(rr3->udev, 0);
ret = usb_control_msg(rr3->udev, pipe, RR3_TX_SEND_SIGNAL,
USB_TYPE_VENDOR | USB_RECIP_DEVICE | USB_DIR_IN,
- 0, 0, irdata, 2, HZ * 10);
+ 0, 0, irdata, 2, 10000);
if (ret < 0)
dev_err(dev, "Error: control msg send failed, rc %d\n", ret);
^ permalink raw reply [flat|nested] 584+ messages in thread
* [PATCH 5.10 027/563] media: pvrusb2: fix control-message timeouts
2022-01-24 18:36 [PATCH 5.10 000/563] 5.10.94-rc1 review Greg Kroah-Hartman
` (25 preceding siblings ...)
2022-01-24 18:36 ` [PATCH 5.10 026/563] media: redrat3: fix control-message timeouts Greg Kroah-Hartman
@ 2022-01-24 18:36 ` Greg Kroah-Hartman
2022-01-24 18:36 ` [PATCH 5.10 028/563] media: stk1160: " Greg Kroah-Hartman
` (539 subsequent siblings)
566 siblings, 0 replies; 584+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:36 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Johan Hovold, Hans Verkuil,
Mauro Carvalho Chehab
From: Johan Hovold <johan@kernel.org>
commit b82bf9b9dc305d7d3d93eab106d70dbf2171b43e upstream.
USB control-message timeouts are specified in milliseconds and should
specifically not vary with CONFIG_HZ.
Fixes: d855497edbfb ("V4L/DVB (4228a): pvrusb2 to kernel 2.6.18")
Cc: stable@vger.kernel.org # 2.6.18
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/media/usb/pvrusb2/pvrusb2-hdw.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
--- a/drivers/media/usb/pvrusb2/pvrusb2-hdw.c
+++ b/drivers/media/usb/pvrusb2/pvrusb2-hdw.c
@@ -1467,7 +1467,7 @@ static int pvr2_upload_firmware1(struct
for (address = 0; address < fwsize; address += 0x800) {
memcpy(fw_ptr, fw_entry->data + address, 0x800);
ret += usb_control_msg(hdw->usb_dev, pipe, 0xa0, 0x40, address,
- 0, fw_ptr, 0x800, HZ);
+ 0, fw_ptr, 0x800, 1000);
}
trace_firmware("Upload done, releasing device's CPU");
@@ -1605,7 +1605,7 @@ int pvr2_upload_firmware2(struct pvr2_hd
((u32 *)fw_ptr)[icnt] = swab32(((u32 *)fw_ptr)[icnt]);
ret |= usb_bulk_msg(hdw->usb_dev, pipe, fw_ptr,bcnt,
- &actual_length, HZ);
+ &actual_length, 1000);
ret |= (actual_length != bcnt);
if (ret) break;
fw_done += bcnt;
@@ -3438,7 +3438,7 @@ void pvr2_hdw_cpufw_set_enabled(struct p
0xa0,0xc0,
address,0,
hdw->fw_buffer+address,
- 0x800,HZ);
+ 0x800,1000);
if (ret < 0) break;
}
@@ -3977,7 +3977,7 @@ void pvr2_hdw_cpureset_assert(struct pvr
/* Write the CPUCS register on the 8051. The lsb of the register
is the reset bit; a 1 asserts reset while a 0 clears it. */
pipe = usb_sndctrlpipe(hdw->usb_dev, 0);
- ret = usb_control_msg(hdw->usb_dev,pipe,0xa0,0x40,0xe600,0,da,1,HZ);
+ ret = usb_control_msg(hdw->usb_dev,pipe,0xa0,0x40,0xe600,0,da,1,1000);
if (ret < 0) {
pvr2_trace(PVR2_TRACE_ERROR_LEGS,
"cpureset_assert(%d) error=%d",val,ret);
^ permalink raw reply [flat|nested] 584+ messages in thread
* [PATCH 5.10 028/563] media: stk1160: fix control-message timeouts
2022-01-24 18:36 [PATCH 5.10 000/563] 5.10.94-rc1 review Greg Kroah-Hartman
` (26 preceding siblings ...)
2022-01-24 18:36 ` [PATCH 5.10 027/563] media: pvrusb2: " Greg Kroah-Hartman
@ 2022-01-24 18:36 ` Greg Kroah-Hartman
2022-01-24 18:36 ` [PATCH 5.10 029/563] media: cec-pin: fix interrupt en/disable handling Greg Kroah-Hartman
` (538 subsequent siblings)
566 siblings, 0 replies; 584+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:36 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Johan Hovold, Hans Verkuil,
Mauro Carvalho Chehab
From: Johan Hovold <johan@kernel.org>
commit 6aa6e70cdb5b863a57bad61310bf89b6617a5d2d upstream.
USB control-message timeouts are specified in milliseconds and should
specifically not vary with CONFIG_HZ.
Fixes: 9cb2173e6ea8 ("[media] media: Add stk1160 new driver (easycap replacement)")
Cc: stable@vger.kernel.org # 3.7
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/media/usb/stk1160/stk1160-core.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/drivers/media/usb/stk1160/stk1160-core.c
+++ b/drivers/media/usb/stk1160/stk1160-core.c
@@ -65,7 +65,7 @@ int stk1160_read_reg(struct stk1160 *dev
return -ENOMEM;
ret = usb_control_msg(dev->udev, pipe, 0x00,
USB_DIR_IN | USB_TYPE_VENDOR | USB_RECIP_DEVICE,
- 0x00, reg, buf, sizeof(u8), HZ);
+ 0x00, reg, buf, sizeof(u8), 1000);
if (ret < 0) {
stk1160_err("read failed on reg 0x%x (%d)\n",
reg, ret);
@@ -85,7 +85,7 @@ int stk1160_write_reg(struct stk1160 *de
ret = usb_control_msg(dev->udev, pipe, 0x01,
USB_DIR_OUT | USB_TYPE_VENDOR | USB_RECIP_DEVICE,
- value, reg, NULL, 0, HZ);
+ value, reg, NULL, 0, 1000);
if (ret < 0) {
stk1160_err("write failed on reg 0x%x (%d)\n",
reg, ret);
^ permalink raw reply [flat|nested] 584+ messages in thread
* [PATCH 5.10 029/563] media: cec-pin: fix interrupt en/disable handling
2022-01-24 18:36 [PATCH 5.10 000/563] 5.10.94-rc1 review Greg Kroah-Hartman
` (27 preceding siblings ...)
2022-01-24 18:36 ` [PATCH 5.10 028/563] media: stk1160: " Greg Kroah-Hartman
@ 2022-01-24 18:36 ` Greg Kroah-Hartman
2022-01-24 18:36 ` [PATCH 5.10 030/563] can: softing_cs: softingcs_probe(): fix memleak on registration failure Greg Kroah-Hartman
` (537 subsequent siblings)
566 siblings, 0 replies; 584+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:36 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hans Verkuil, Mauro Carvalho Chehab
From: Hans Verkuil <hverkuil-cisco@xs4all.nl>
commit 713bdfa10b5957053811470d298def9537d9ff13 upstream.
The en/disable_irq() functions keep track of the 'depth': i.e. if
interrupts are disabled twice, then it needs to enable_irq() calls to
enable them again. The cec-pin framework didn't take this into accound
and could disable irqs multiple times, and it expected that a single
enable_irq() would enable them again.
Move all calls to en/disable_irq() to the kthread where it is easy
to keep track of the current irq state and ensure that multiple
en/disable_irq calls never happen.
If interrupts where disabled twice, then they would never turn on
again, leaving the CEC adapter in a dead state.
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Fixes: 865463fc03ed (media: cec-pin: add error injection support)
Cc: <stable@vger.kernel.org>
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/media/cec/core/cec-pin.c | 31 ++++++++++++++++++-------------
1 file changed, 18 insertions(+), 13 deletions(-)
--- a/drivers/media/cec/core/cec-pin.c
+++ b/drivers/media/cec/core/cec-pin.c
@@ -1033,6 +1033,7 @@ static int cec_pin_thread_func(void *_ad
{
struct cec_adapter *adap = _adap;
struct cec_pin *pin = adap->pin;
+ bool irq_enabled = false;
for (;;) {
wait_event_interruptible(pin->kthread_waitq,
@@ -1060,6 +1061,7 @@ static int cec_pin_thread_func(void *_ad
ns_to_ktime(pin->work_rx_msg.rx_ts));
msg->len = 0;
}
+
if (pin->work_tx_status) {
unsigned int tx_status = pin->work_tx_status;
@@ -1083,27 +1085,39 @@ static int cec_pin_thread_func(void *_ad
switch (atomic_xchg(&pin->work_irq_change,
CEC_PIN_IRQ_UNCHANGED)) {
case CEC_PIN_IRQ_DISABLE:
- pin->ops->disable_irq(adap);
+ if (irq_enabled) {
+ pin->ops->disable_irq(adap);
+ irq_enabled = false;
+ }
cec_pin_high(pin);
cec_pin_to_idle(pin);
hrtimer_start(&pin->timer, ns_to_ktime(0),
HRTIMER_MODE_REL);
break;
case CEC_PIN_IRQ_ENABLE:
+ if (irq_enabled)
+ break;
pin->enable_irq_failed = !pin->ops->enable_irq(adap);
if (pin->enable_irq_failed) {
cec_pin_to_idle(pin);
hrtimer_start(&pin->timer, ns_to_ktime(0),
HRTIMER_MODE_REL);
+ } else {
+ irq_enabled = true;
}
break;
default:
break;
}
-
if (kthread_should_stop())
break;
}
+ if (pin->ops->disable_irq && irq_enabled)
+ pin->ops->disable_irq(adap);
+ hrtimer_cancel(&pin->timer);
+ cec_pin_read(pin);
+ cec_pin_to_idle(pin);
+ pin->state = CEC_ST_OFF;
return 0;
}
@@ -1130,13 +1144,7 @@ static int cec_pin_adap_enable(struct ce
hrtimer_start(&pin->timer, ns_to_ktime(0),
HRTIMER_MODE_REL);
} else {
- if (pin->ops->disable_irq)
- pin->ops->disable_irq(adap);
- hrtimer_cancel(&pin->timer);
kthread_stop(pin->kthread);
- cec_pin_read(pin);
- cec_pin_to_idle(pin);
- pin->state = CEC_ST_OFF;
}
return 0;
}
@@ -1157,11 +1165,8 @@ void cec_pin_start_timer(struct cec_pin
if (pin->state != CEC_ST_RX_IRQ)
return;
- atomic_set(&pin->work_irq_change, CEC_PIN_IRQ_UNCHANGED);
- pin->ops->disable_irq(pin->adap);
- cec_pin_high(pin);
- cec_pin_to_idle(pin);
- hrtimer_start(&pin->timer, ns_to_ktime(0), HRTIMER_MODE_REL);
+ atomic_set(&pin->work_irq_change, CEC_PIN_IRQ_DISABLE);
+ wake_up_interruptible(&pin->kthread_waitq);
}
static int cec_pin_adap_transmit(struct cec_adapter *adap, u8 attempts,
^ permalink raw reply [flat|nested] 584+ messages in thread
* [PATCH 5.10 030/563] can: softing_cs: softingcs_probe(): fix memleak on registration failure
2022-01-24 18:36 [PATCH 5.10 000/563] 5.10.94-rc1 review Greg Kroah-Hartman
` (28 preceding siblings ...)
2022-01-24 18:36 ` [PATCH 5.10 029/563] media: cec-pin: fix interrupt en/disable handling Greg Kroah-Hartman
@ 2022-01-24 18:36 ` Greg Kroah-Hartman
2022-01-24 18:36 ` [PATCH 5.10 031/563] iio: adc: ti-adc081c: Partial revert of removal of ACPI IDs Greg Kroah-Hartman
` (536 subsequent siblings)
566 siblings, 0 replies; 584+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:36 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Johan Hovold, Marc Kleine-Budde
From: Johan Hovold <johan@kernel.org>
commit ced4913efb0acc844ed65cc01d091a85d83a2082 upstream.
In case device registration fails during probe, the driver state and
the embedded platform device structure needs to be freed using
platform_device_put() to properly free all resources (e.g. the device
name).
Fixes: 0a0b7a5f7a04 ("can: add driver for Softing card")
Link: https://lore.kernel.org/all/20211222104843.6105-1-johan@kernel.org
Cc: stable@vger.kernel.org # 2.6.38
Signed-off-by: Johan Hovold <johan@kernel.org>
Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/can/softing/softing_cs.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/net/can/softing/softing_cs.c
+++ b/drivers/net/can/softing/softing_cs.c
@@ -293,7 +293,7 @@ static int softingcs_probe(struct pcmcia
return 0;
platform_failed:
- kfree(dev);
+ platform_device_put(pdev);
mem_failed:
pcmcia_bad:
pcmcia_failed:
^ permalink raw reply [flat|nested] 584+ messages in thread
* [PATCH 5.10 031/563] iio: adc: ti-adc081c: Partial revert of removal of ACPI IDs
2022-01-24 18:36 [PATCH 5.10 000/563] 5.10.94-rc1 review Greg Kroah-Hartman
` (29 preceding siblings ...)
2022-01-24 18:36 ` [PATCH 5.10 030/563] can: softing_cs: softingcs_probe(): fix memleak on registration failure Greg Kroah-Hartman
@ 2022-01-24 18:36 ` Greg Kroah-Hartman
2022-01-24 18:36 ` [PATCH 5.10 032/563] lkdtm: Fix content of section containing lkdtm_rodata_do_nothing() Greg Kroah-Hartman
` (535 subsequent siblings)
566 siblings, 0 replies; 584+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:36 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Kunyang Fan, Jonathan Cameron,
Andy Shevchenko, Stable
From: Jonathan Cameron <Jonathan.Cameron@huawei.com>
commit c9791a94384af07592d29504004d2255dbaf8663 upstream.
Unfortuanately a non standards compliant ACPI ID is known to be
in the wild on some AAEON boards.
Partly revert the removal of these IDs so that ADC081C will again
work + add a comment to that affect for future reference.
Whilst here use generic firmware properties rather than the ACPI
specific handling previously found in this driver.
Reported-by: Kunyang Fan <Kunyang_Fan@aaeon.com.tw>
Fixes: c458b7ca3fd0 ("iio:adc:ti-adc081c: Drop ACPI ids that seem very unlikely to be official.")
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Cc: Andy Shevchenko <andy.shevchenko@gmail.com>
Tested-by: Kunyang Fan <Kunyang_Fan@aaeon.com.tw> #UP-extremei11
Link: https://lore.kernel.org/r/20211205172728.2826512-1-jic23@kernel.org
Cc: <Stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/iio/adc/ti-adc081c.c | 22 +++++++++++++++++-----
1 file changed, 17 insertions(+), 5 deletions(-)
--- a/drivers/iio/adc/ti-adc081c.c
+++ b/drivers/iio/adc/ti-adc081c.c
@@ -19,6 +19,7 @@
#include <linux/i2c.h>
#include <linux/module.h>
#include <linux/mod_devicetable.h>
+#include <linux/property.h>
#include <linux/iio/iio.h>
#include <linux/iio/buffer.h>
@@ -151,13 +152,16 @@ static int adc081c_probe(struct i2c_clie
{
struct iio_dev *iio;
struct adc081c *adc;
- struct adcxx1c_model *model;
+ const struct adcxx1c_model *model;
int err;
if (!i2c_check_functionality(client->adapter, I2C_FUNC_SMBUS_WORD_DATA))
return -EOPNOTSUPP;
- model = &adcxx1c_models[id->driver_data];
+ if (dev_fwnode(&client->dev))
+ model = device_get_match_data(&client->dev);
+ else
+ model = &adcxx1c_models[id->driver_data];
iio = devm_iio_device_alloc(&client->dev, sizeof(*adc));
if (!iio)
@@ -224,10 +228,17 @@ static const struct i2c_device_id adc081
};
MODULE_DEVICE_TABLE(i2c, adc081c_id);
+static const struct acpi_device_id adc081c_acpi_match[] = {
+ /* Used on some AAEON boards */
+ { "ADC081C", (kernel_ulong_t)&adcxx1c_models[ADC081C] },
+ { }
+};
+MODULE_DEVICE_TABLE(acpi, adc081c_acpi_match);
+
static const struct of_device_id adc081c_of_match[] = {
- { .compatible = "ti,adc081c" },
- { .compatible = "ti,adc101c" },
- { .compatible = "ti,adc121c" },
+ { .compatible = "ti,adc081c", .data = &adcxx1c_models[ADC081C] },
+ { .compatible = "ti,adc101c", .data = &adcxx1c_models[ADC101C] },
+ { .compatible = "ti,adc121c", .data = &adcxx1c_models[ADC121C] },
{ }
};
MODULE_DEVICE_TABLE(of, adc081c_of_match);
@@ -236,6 +247,7 @@ static struct i2c_driver adc081c_driver
.driver = {
.name = "adc081c",
.of_match_table = adc081c_of_match,
+ .acpi_match_table = adc081c_acpi_match,
},
.probe = adc081c_probe,
.remove = adc081c_remove,
^ permalink raw reply [flat|nested] 584+ messages in thread
* [PATCH 5.10 032/563] lkdtm: Fix content of section containing lkdtm_rodata_do_nothing()
2022-01-24 18:36 [PATCH 5.10 000/563] 5.10.94-rc1 review Greg Kroah-Hartman
` (30 preceding siblings ...)
2022-01-24 18:36 ` [PATCH 5.10 031/563] iio: adc: ti-adc081c: Partial revert of removal of ACPI IDs Greg Kroah-Hartman
@ 2022-01-24 18:36 ` Greg Kroah-Hartman
2022-01-24 18:36 ` [PATCH 5.10 033/563] iommu/io-pgtable-arm-v7s: Add error handle for page table allocation failure Greg Kroah-Hartman
` (534 subsequent siblings)
566 siblings, 0 replies; 584+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:36 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Kees Cook, Arnd Bergmann,
Nick Desaulniers, Nathan Chancellor, Christophe Leroy
From: Christophe Leroy <christophe.leroy@csgroup.eu>
commit bc93a22a19eb2b68a16ecf04cdf4b2ed65aaf398 upstream.
On a kernel without CONFIG_STRICT_KERNEL_RWX, running EXEC_RODATA
test leads to "Illegal instruction" failure.
Looking at the content of rodata_objcopy.o, we see that the
function content zeroes only:
Disassembly of section .rodata:
0000000000000000 <.lkdtm_rodata_do_nothing>:
0: 00 00 00 00 .long 0x0
Add the contents flag in order to keep the content of the section
while renaming it.
Disassembly of section .rodata:
0000000000000000 <.lkdtm_rodata_do_nothing>:
0: 4e 80 00 20 blr
Fixes: e9e08a07385e ("lkdtm: support llvm-objcopy")
Cc: stable@vger.kernel.org
Cc: Kees Cook <keescook@chromium.org>
Cc: Arnd Bergmann <arnd@arndb.de>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Nick Desaulniers <ndesaulniers@google.com>
Cc: Nathan Chancellor <nathan@kernel.org>
Signed-off-by: Christophe Leroy <christophe.leroy@csgroup.eu>
Reviewed-by: Nick Desaulniers <ndesaulniers@google.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
Link: https://lore.kernel.org/r/8900731fbc05fb8b0de18af7133a8fc07c3c53a1.1633712176.git.christophe.leroy@csgroup.eu
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/misc/lkdtm/Makefile | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/misc/lkdtm/Makefile
+++ b/drivers/misc/lkdtm/Makefile
@@ -16,7 +16,7 @@ KCOV_INSTRUMENT_rodata.o := n
OBJCOPYFLAGS :=
OBJCOPYFLAGS_rodata_objcopy.o := \
- --rename-section .noinstr.text=.rodata,alloc,readonly,load
+ --rename-section .noinstr.text=.rodata,alloc,readonly,load,contents
targets += rodata.o rodata_objcopy.o
$(obj)/rodata_objcopy.o: $(obj)/rodata.o FORCE
$(call if_changed,objcopy)
^ permalink raw reply [flat|nested] 584+ messages in thread
* [PATCH 5.10 033/563] iommu/io-pgtable-arm-v7s: Add error handle for page table allocation failure
2022-01-24 18:36 [PATCH 5.10 000/563] 5.10.94-rc1 review Greg Kroah-Hartman
` (31 preceding siblings ...)
2022-01-24 18:36 ` [PATCH 5.10 032/563] lkdtm: Fix content of section containing lkdtm_rodata_do_nothing() Greg Kroah-Hartman
@ 2022-01-24 18:36 ` Greg Kroah-Hartman
2022-01-24 18:36 ` [PATCH 5.10 034/563] gpu: host1x: Add back arm_iommu_detach_device() Greg Kroah-Hartman
` (533 subsequent siblings)
566 siblings, 0 replies; 584+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:36 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Yunfei Wang, Robin Murphy, Will Deacon
From: Yunfei Wang <yf.wang@mediatek.com>
commit a556cfe4cabc6d79cbb7733f118bbb420b376fe6 upstream.
In __arm_v7s_alloc_table function:
iommu call kmem_cache_alloc to allocate page table, this function
allocate memory may fail, when kmem_cache_alloc fails to allocate
table, call virt_to_phys will be abnomal and return unexpected phys
and goto out_free, then call kmem_cache_free to release table will
trigger KE, __get_free_pages and free_pages have similar problem,
so add error handle for page table allocation failure.
Fixes: 29859aeb8a6e ("iommu/io-pgtable-arm-v7s: Abort allocation when table address overflows the PTE")
Signed-off-by: Yunfei Wang <yf.wang@mediatek.com>
Cc: <stable@vger.kernel.org> # 5.10.*
Acked-by: Robin Murphy <robin.murphy@arm.com>
Link: https://lore.kernel.org/r/20211207113315.29109-1-yf.wang@mediatek.com
Signed-off-by: Will Deacon <will@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/iommu/io-pgtable-arm-v7s.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
--- a/drivers/iommu/io-pgtable-arm-v7s.c
+++ b/drivers/iommu/io-pgtable-arm-v7s.c
@@ -242,13 +242,17 @@ static void *__arm_v7s_alloc_table(int l
__GFP_ZERO | ARM_V7S_TABLE_GFP_DMA, get_order(size));
else if (lvl == 2)
table = kmem_cache_zalloc(data->l2_tables, gfp);
+
+ if (!table)
+ return NULL;
+
phys = virt_to_phys(table);
if (phys != (arm_v7s_iopte)phys) {
/* Doesn't fit in PTE */
dev_err(dev, "Page table does not fit in PTE: %pa", &phys);
goto out_free;
}
- if (table && !cfg->coherent_walk) {
+ if (!cfg->coherent_walk) {
dma = dma_map_single(dev, table, size, DMA_TO_DEVICE);
if (dma_mapping_error(dev, dma))
goto out_free;
^ permalink raw reply [flat|nested] 584+ messages in thread
* [PATCH 5.10 034/563] gpu: host1x: Add back arm_iommu_detach_device()
2022-01-24 18:36 [PATCH 5.10 000/563] 5.10.94-rc1 review Greg Kroah-Hartman
` (32 preceding siblings ...)
2022-01-24 18:36 ` [PATCH 5.10 033/563] iommu/io-pgtable-arm-v7s: Add error handle for page table allocation failure Greg Kroah-Hartman
@ 2022-01-24 18:36 ` Greg Kroah-Hartman
2022-01-24 18:36 ` Greg Kroah-Hartman
` (532 subsequent siblings)
566 siblings, 0 replies; 584+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:36 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Dmitry Osipenko, Thierry Reding
From: Dmitry Osipenko <digetx@gmail.com>
commit d5185965c3b59073c4520bad7dd2adf725b9abba upstream.
Host1x DMA buffer isn't mapped properly when CONFIG_ARM_DMA_USE_IOMMU=y.
The memory management code of Host1x driver has a longstanding overhaul
overdue and it's not obvious where the problem is in this case. Hence
let's add back the old workaround which we already had sometime before.
It explicitly detaches Host1x device from the offending implicit IOMMU
domain. This fixes a completely broken Host1x DMA in case of ARM32
multiplatform kernel config.
Cc: stable@vger.kernel.org
Fixes: af1cbfb9bf0f ("gpu: host1x: Support DMA mapping of buffers")
Signed-off-by: Dmitry Osipenko <digetx@gmail.com>
Signed-off-by: Thierry Reding <treding@nvidia.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/host1x/dev.c | 15 +++++++++++++++
1 file changed, 15 insertions(+)
--- a/drivers/gpu/host1x/dev.c
+++ b/drivers/gpu/host1x/dev.c
@@ -18,6 +18,10 @@
#include <trace/events/host1x.h>
#undef CREATE_TRACE_POINTS
+#if IS_ENABLED(CONFIG_ARM_DMA_USE_IOMMU)
+#include <asm/dma-iommu.h>
+#endif
+
#include "bus.h"
#include "channel.h"
#include "debug.h"
@@ -232,6 +236,17 @@ static struct iommu_domain *host1x_iommu
struct iommu_domain *domain = iommu_get_domain_for_dev(host->dev);
int err;
+#if IS_ENABLED(CONFIG_ARM_DMA_USE_IOMMU)
+ if (host->dev->archdata.mapping) {
+ struct dma_iommu_mapping *mapping =
+ to_dma_iommu_mapping(host->dev);
+ arm_iommu_detach_device(host->dev);
+ arm_iommu_release_mapping(mapping);
+
+ domain = iommu_get_domain_for_dev(host->dev);
+ }
+#endif
+
/*
* We may not always want to enable IOMMU support (for example if the
* host1x firewall is already enabled and we don't support addressing
^ permalink raw reply [flat|nested] 584+ messages in thread
* [PATCH 5.10 035/563] dma_fence_array: Fix PENDING_ERROR leak in dma_fence_array_signaled()
2022-01-24 18:36 [PATCH 5.10 000/563] 5.10.94-rc1 review Greg Kroah-Hartman
@ 2022-01-24 18:36 ` Greg Kroah-Hartman
2022-01-24 18:36 ` [PATCH 5.10 002/563] HID: uhid: Fix worker destroying device without any protection Greg Kroah-Hartman
` (565 subsequent siblings)
566 siblings, 0 replies; 584+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:36 UTC (permalink / raw)
To: linux-kernel
Cc: Thomas Hellström, Gustavo Padovan, stable, linaro-mm-sig,
dri-devel, Greg Kroah-Hartman, Chris Wilson,
Christian König, linux-media
From: Thomas Hellström <thomas.hellstrom@linux.intel.com>
commit 95d35838880fb040ccb9fe4a48816bd0c8b62df5 upstream.
If a dma_fence_array is reported signaled by a call to
dma_fence_is_signaled(), it may leak the PENDING_ERROR status.
Fix this by clearing the PENDING_ERROR status if we return true in
dma_fence_array_signaled().
v2:
- Update Cc list, and add R-b.
Fixes: 1f70b8b812f3 ("dma-fence: Propagate errors to dma-fence-array container")
Cc: Chris Wilson <chris@chris-wilson.co.uk>
Cc: Sumit Semwal <sumit.semwal@linaro.org>
Cc: Gustavo Padovan <gustavo@padovan.org>
Cc: Christian König <christian.koenig@amd.com>
Cc: "Christian König" <christian.koenig@amd.com>
Cc: linux-media@vger.kernel.org
Cc: dri-devel@lists.freedesktop.org
Cc: linaro-mm-sig@lists.linaro.org
Cc: <stable@vger.kernel.org> # v5.4+
Signed-off-by: Thomas Hellström <thomas.hellstrom@linux.intel.com>
Reviewed-by: Christian König <christian.koenig@amd.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20211129152727.448908-1-thomas.hellstrom@linux.intel.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/dma-buf/dma-fence-array.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
--- a/drivers/dma-buf/dma-fence-array.c
+++ b/drivers/dma-buf/dma-fence-array.c
@@ -104,7 +104,11 @@ static bool dma_fence_array_signaled(str
{
struct dma_fence_array *array = to_dma_fence_array(fence);
- return atomic_read(&array->num_pending) <= 0;
+ if (atomic_read(&array->num_pending) > 0)
+ return false;
+
+ dma_fence_array_clear_pending_error(array);
+ return true;
}
static void dma_fence_array_release(struct dma_fence *fence)
^ permalink raw reply [flat|nested] 584+ messages in thread
* [PATCH 5.10 035/563] dma_fence_array: Fix PENDING_ERROR leak in dma_fence_array_signaled()
@ 2022-01-24 18:36 ` Greg Kroah-Hartman
0 siblings, 0 replies; 584+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:36 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Chris Wilson, Sumit Semwal,
Gustavo Padovan, Christian König, linux-media, dri-devel,
linaro-mm-sig, Thomas Hellström
From: Thomas Hellström <thomas.hellstrom@linux.intel.com>
commit 95d35838880fb040ccb9fe4a48816bd0c8b62df5 upstream.
If a dma_fence_array is reported signaled by a call to
dma_fence_is_signaled(), it may leak the PENDING_ERROR status.
Fix this by clearing the PENDING_ERROR status if we return true in
dma_fence_array_signaled().
v2:
- Update Cc list, and add R-b.
Fixes: 1f70b8b812f3 ("dma-fence: Propagate errors to dma-fence-array container")
Cc: Chris Wilson <chris@chris-wilson.co.uk>
Cc: Sumit Semwal <sumit.semwal@linaro.org>
Cc: Gustavo Padovan <gustavo@padovan.org>
Cc: Christian König <christian.koenig@amd.com>
Cc: "Christian König" <christian.koenig@amd.com>
Cc: linux-media@vger.kernel.org
Cc: dri-devel@lists.freedesktop.org
Cc: linaro-mm-sig@lists.linaro.org
Cc: <stable@vger.kernel.org> # v5.4+
Signed-off-by: Thomas Hellström <thomas.hellstrom@linux.intel.com>
Reviewed-by: Christian König <christian.koenig@amd.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20211129152727.448908-1-thomas.hellstrom@linux.intel.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/dma-buf/dma-fence-array.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
--- a/drivers/dma-buf/dma-fence-array.c
+++ b/drivers/dma-buf/dma-fence-array.c
@@ -104,7 +104,11 @@ static bool dma_fence_array_signaled(str
{
struct dma_fence_array *array = to_dma_fence_array(fence);
- return atomic_read(&array->num_pending) <= 0;
+ if (atomic_read(&array->num_pending) > 0)
+ return false;
+
+ dma_fence_array_clear_pending_error(array);
+ return true;
}
static void dma_fence_array_release(struct dma_fence *fence)
^ permalink raw reply [flat|nested] 584+ messages in thread
* [PATCH 5.10 036/563] PCI: Add function 1 DMA alias quirk for Marvell 88SE9125 SATA controller
2022-01-24 18:36 [PATCH 5.10 000/563] 5.10.94-rc1 review Greg Kroah-Hartman
` (34 preceding siblings ...)
2022-01-24 18:36 ` Greg Kroah-Hartman
@ 2022-01-24 18:36 ` Greg Kroah-Hartman
2022-01-24 18:36 ` [PATCH 5.10 037/563] mm_zone: add function to check if managed dma zone exists Greg Kroah-Hartman
` (530 subsequent siblings)
566 siblings, 0 replies; 584+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:36 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Sam Bingner, Yifeng Li,
Bjorn Helgaas, Krzysztof Wilczyński
From: Yifeng Li <tomli@tomli.me>
commit e445375882883f69018aa669b67cbb37ec873406 upstream.
Like other SATA controller chips in the Marvell 88SE91xx series, the
Marvell 88SE9125 has the same DMA requester ID hardware bug that prevents
it from working under IOMMU. Add it to the list of devices that need the
quirk.
Without this patch, device initialization fails with DMA errors:
ata8: softreset failed (1st FIS failed)
DMAR: DRHD: handling fault status reg 2
DMAR: [DMA Write NO_PASID] Request device [03:00.1] fault addr 0xfffc0000 [fault reason 0x02] Present bit in context entry is clear
DMAR: DRHD: handling fault status reg 2
DMAR: [DMA Read NO_PASID] Request device [03:00.1] fault addr 0xfffc0000 [fault reason 0x02] Present bit in context entry is clear
After applying the patch, the controller can be successfully initialized:
ata8: SATA link up 1.5 Gbps (SStatus 113 SControl 330)
ata8.00: ATAPI: PIONEER BD-RW BDR-207M, 1.21, max UDMA/100
ata8.00: configured for UDMA/100
scsi 7:0:0:0: CD-ROM PIONEER BD-RW BDR-207M 1.21 PQ: 0 ANSI: 5
Link: https://lore.kernel.org/r/YahpKVR+McJVDdkD@work
Reported-by: Sam Bingner <sam@bingner.com>
Tested-by: Sam Bingner <sam@bingner.com>
Tested-by: Yifeng Li <tomli@tomli.me>
Signed-off-by: Yifeng Li <tomli@tomli.me>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Reviewed-by: Krzysztof Wilczyński <kw@linux.com>
Cc: stable@vger.kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/pci/quirks.c | 3 +++
1 file changed, 3 insertions(+)
--- a/drivers/pci/quirks.c
+++ b/drivers/pci/quirks.c
@@ -4077,6 +4077,9 @@ DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_M
quirk_dma_func1_alias);
DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_MARVELL_EXT, 0x9123,
quirk_dma_func1_alias);
+/* https://bugzilla.kernel.org/show_bug.cgi?id=42679#c136 */
+DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_MARVELL_EXT, 0x9125,
+ quirk_dma_func1_alias);
DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_MARVELL_EXT, 0x9128,
quirk_dma_func1_alias);
/* https://bugzilla.kernel.org/show_bug.cgi?id=42679#c14 */
^ permalink raw reply [flat|nested] 584+ messages in thread
* [PATCH 5.10 037/563] mm_zone: add function to check if managed dma zone exists
2022-01-24 18:36 [PATCH 5.10 000/563] 5.10.94-rc1 review Greg Kroah-Hartman
` (35 preceding siblings ...)
2022-01-24 18:36 ` [PATCH 5.10 036/563] PCI: Add function 1 DMA alias quirk for Marvell 88SE9125 SATA controller Greg Kroah-Hartman
@ 2022-01-24 18:36 ` Greg Kroah-Hartman
2022-01-24 18:36 ` [PATCH 5.10 038/563] dma/pool: create dma atomic pool only if dma zone has managed pages Greg Kroah-Hartman
` (529 subsequent siblings)
566 siblings, 0 replies; 584+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:36 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Baoquan He, David Hildenbrand,
John Donnelly, Christoph Hellwig, Christoph Lameter,
Hyeonggon Yoo, Pekka Enberg, David Rientjes, Joonsoo Kim,
Vlastimil Babka, David Laight, Borislav Petkov, Marek Szyprowski,
Robin Murphy, Andrew Morton, Linus Torvalds
From: Baoquan He <bhe@redhat.com>
commit 62b3107073646e0946bd97ff926832bafb846d17 upstream.
Patch series "Handle warning of allocation failure on DMA zone w/o
managed pages", v4.
**Problem observed:
On x86_64, when crash is triggered and entering into kdump kernel, page
allocation failure can always be seen.
---------------------------------
DMA: preallocated 128 KiB GFP_KERNEL pool for atomic allocations
swapper/0: page allocation failure: order:5, mode:0xcc1(GFP_KERNEL|GFP_DMA), nodemask=(null),cpuset=/,mems_allowed=0
CPU: 0 PID: 1 Comm: swapper/0
Call Trace:
dump_stack+0x7f/0xa1
warn_alloc.cold+0x72/0xd6
......
__alloc_pages+0x24d/0x2c0
......
dma_atomic_pool_init+0xdb/0x176
do_one_initcall+0x67/0x320
? rcu_read_lock_sched_held+0x3f/0x80
kernel_init_freeable+0x290/0x2dc
? rest_init+0x24f/0x24f
kernel_init+0xa/0x111
ret_from_fork+0x22/0x30
Mem-Info:
------------------------------------
***Root cause:
In the current kernel, it assumes that DMA zone must have managed pages
and try to request pages if CONFIG_ZONE_DMA is enabled. While this is not
always true. E.g in kdump kernel of x86_64, only low 1M is presented and
locked down at very early stage of boot, so that this low 1M won't be
added into buddy allocator to become managed pages of DMA zone. This
exception will always cause page allocation failure if page is requested
from DMA zone.
***Investigation:
This failure happens since below commit merged into linus's tree.
1a6a9044b967 x86/setup: Remove CONFIG_X86_RESERVE_LOW and reservelow= options
23721c8e92f7 x86/crash: Remove crash_reserve_low_1M()
f1d4d47c5851 x86/setup: Always reserve the first 1M of RAM
7c321eb2b843 x86/kdump: Remove the backup region handling
6f599d84231f x86/kdump: Always reserve the low 1M when the crashkernel option is specified
Before them, on x86_64, the low 640K area will be reused by kdump kernel.
So in kdump kernel, the content of low 640K area is copied into a backup
region for dumping before jumping into kdump. Then except of those firmware
reserved region in [0, 640K], the left area will be added into buddy
allocator to become available managed pages of DMA zone.
However, after above commits applied, in kdump kernel of x86_64, the low
1M is reserved by memblock, but not released to buddy allocator. So any
later page allocation requested from DMA zone will fail.
At the beginning, if crashkernel is reserved, the low 1M need be locked
down because AMD SME encrypts memory making the old backup region
mechanims impossible when switching into kdump kernel.
Later, it was also observed that there are BIOSes corrupting memory
under 1M. To solve this, in commit f1d4d47c5851, the entire region of
low 1M is always reserved after the real mode trampoline is allocated.
Besides, recently, Intel engineer mentioned their TDX (Trusted domain
extensions) which is under development in kernel also needs to lock down
the low 1M. So we can't simply revert above commits to fix the page allocation
failure from DMA zone as someone suggested.
***Solution:
Currently, only DMA atomic pool and dma-kmalloc will initialize and
request page allocation with GFP_DMA during bootup.
So only initializ DMA atomic pool when DMA zone has available managed
pages, otherwise just skip the initialization.
For dma-kmalloc(), for the time being, let's mute the warning of
allocation failure if requesting pages from DMA zone while no manged
pages. Meanwhile, change code to use dma_alloc_xx/dma_map_xx API to
replace kmalloc(GFP_DMA), or do not use GFP_DMA when calling kmalloc() if
not necessary. Christoph is posting patches to fix those under
drivers/scsi/. Finally, we can remove the need of dma-kmalloc() as people
suggested.
This patch (of 3):
In some places of the current kernel, it assumes that dma zone must have
managed pages if CONFIG_ZONE_DMA is enabled. While this is not always
true. E.g in kdump kernel of x86_64, only low 1M is presented and locked
down at very early stage of boot, so that there's no managed pages at all
in DMA zone. This exception will always cause page allocation failure if
page is requested from DMA zone.
Here add function has_managed_dma() and the relevant helper functions to
check if there's DMA zone with managed pages. It will be used in later
patches.
Link: https://lkml.kernel.org/r/20211223094435.248523-1-bhe@redhat.com
Link: https://lkml.kernel.org/r/20211223094435.248523-2-bhe@redhat.com
Fixes: 6f599d84231f ("x86/kdump: Always reserve the low 1M when the crashkernel option is specified")
Signed-off-by: Baoquan He <bhe@redhat.com>
Reviewed-by: David Hildenbrand <david@redhat.com>
Acked-by: John Donnelly <john.p.donnelly@oracle.com>
Cc: Christoph Hellwig <hch@lst.de>
Cc: Christoph Lameter <cl@linux.com>
Cc: Hyeonggon Yoo <42.hyeyoo@gmail.com>
Cc: Pekka Enberg <penberg@kernel.org>
Cc: David Rientjes <rientjes@google.com>
Cc: Joonsoo Kim <iamjoonsoo.kim@lge.com>
Cc: Vlastimil Babka <vbabka@suse.cz>
Cc: David Laight <David.Laight@ACULAB.COM>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Marek Szyprowski <m.szyprowski@samsung.com>
Cc: Robin Murphy <robin.murphy@arm.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
include/linux/mmzone.h | 9 +++++++++
mm/page_alloc.c | 15 +++++++++++++++
2 files changed, 24 insertions(+)
--- a/include/linux/mmzone.h
+++ b/include/linux/mmzone.h
@@ -938,6 +938,15 @@ static inline int is_highmem_idx(enum zo
#endif
}
+#ifdef CONFIG_ZONE_DMA
+bool has_managed_dma(void);
+#else
+static inline bool has_managed_dma(void)
+{
+ return false;
+}
+#endif
+
/**
* is_highmem - helper function to quickly check if a struct zone is a
* highmem zone or not. This is an attempt to keep references
--- a/mm/page_alloc.c
+++ b/mm/page_alloc.c
@@ -8903,3 +8903,18 @@ bool take_page_off_buddy(struct page *pa
return ret;
}
#endif
+
+#ifdef CONFIG_ZONE_DMA
+bool has_managed_dma(void)
+{
+ struct pglist_data *pgdat;
+
+ for_each_online_pgdat(pgdat) {
+ struct zone *zone = &pgdat->node_zones[ZONE_DMA];
+
+ if (managed_zone(zone))
+ return true;
+ }
+ return false;
+}
+#endif /* CONFIG_ZONE_DMA */
^ permalink raw reply [flat|nested] 584+ messages in thread
* [PATCH 5.10 038/563] dma/pool: create dma atomic pool only if dma zone has managed pages
2022-01-24 18:36 [PATCH 5.10 000/563] 5.10.94-rc1 review Greg Kroah-Hartman
` (36 preceding siblings ...)
2022-01-24 18:36 ` [PATCH 5.10 037/563] mm_zone: add function to check if managed dma zone exists Greg Kroah-Hartman
@ 2022-01-24 18:36 ` Greg Kroah-Hartman
2022-01-24 18:36 ` [PATCH 5.10 039/563] mm/page_alloc.c: do not warn allocation failure on zone DMA if no " Greg Kroah-Hartman
` (528 subsequent siblings)
566 siblings, 0 replies; 584+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:36 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Baoquan He, Christoph Hellwig,
John Donnelly, David Hildenbrand, Marek Szyprowski, Robin Murphy,
Borislav Petkov, Christoph Lameter, David Laight, David Rientjes,
Hyeonggon Yoo, Joonsoo Kim, Pekka Enberg, Vlastimil Babka,
Andrew Morton, Linus Torvalds
From: Baoquan He <bhe@redhat.com>
commit a674e48c5443d12a8a43c3ac42367aa39505d506 upstream.
Currently three dma atomic pools are initialized as long as the relevant
kernel codes are built in. While in kdump kernel of x86_64, this is not
right when trying to create atomic_pool_dma, because there's no managed
pages in DMA zone. In the case, DMA zone only has low 1M memory
presented and locked down by memblock allocator. So no pages are added
into buddy of DMA zone. Please check commit f1d4d47c5851 ("x86/setup:
Always reserve the first 1M of RAM").
Then in kdump kernel of x86_64, it always prints below failure message:
DMA: preallocated 128 KiB GFP_KERNEL pool for atomic allocations
swapper/0: page allocation failure: order:5, mode:0xcc1(GFP_KERNEL|GFP_DMA), nodemask=(null),cpuset=/,mems_allowed=0
CPU: 0 PID: 1 Comm: swapper/0 Not tainted 5.13.0-0.rc5.20210611git929d931f2b40.42.fc35.x86_64 #1
Hardware name: Dell Inc. PowerEdge R910/0P658H, BIOS 2.12.0 06/04/2018
Call Trace:
dump_stack+0x7f/0xa1
warn_alloc.cold+0x72/0xd6
__alloc_pages_slowpath.constprop.0+0xf29/0xf50
__alloc_pages+0x24d/0x2c0
alloc_page_interleave+0x13/0xb0
atomic_pool_expand+0x118/0x210
__dma_atomic_pool_init+0x45/0x93
dma_atomic_pool_init+0xdb/0x176
do_one_initcall+0x67/0x320
kernel_init_freeable+0x290/0x2dc
kernel_init+0xa/0x111
ret_from_fork+0x22/0x30
Mem-Info:
......
DMA: failed to allocate 128 KiB GFP_KERNEL|GFP_DMA pool for atomic allocation
DMA: preallocated 128 KiB GFP_KERNEL|GFP_DMA32 pool for atomic allocations
Here, let's check if DMA zone has managed pages, then create
atomic_pool_dma if yes. Otherwise just skip it.
Link: https://lkml.kernel.org/r/20211223094435.248523-3-bhe@redhat.com
Fixes: 6f599d84231f ("x86/kdump: Always reserve the low 1M when the crashkernel option is specified")
Signed-off-by: Baoquan He <bhe@redhat.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Acked-by: John Donnelly <john.p.donnelly@oracle.com>
Reviewed-by: David Hildenbrand <david@redhat.com>
Cc: Marek Szyprowski <m.szyprowski@samsung.com>
Cc: Robin Murphy <robin.murphy@arm.com>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Christoph Lameter <cl@linux.com>
Cc: David Laight <David.Laight@ACULAB.COM>
Cc: David Rientjes <rientjes@google.com>
Cc: Hyeonggon Yoo <42.hyeyoo@gmail.com>
Cc: Joonsoo Kim <iamjoonsoo.kim@lge.com>
Cc: Pekka Enberg <penberg@kernel.org>
Cc: Vlastimil Babka <vbabka@suse.cz>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
kernel/dma/pool.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/kernel/dma/pool.c
+++ b/kernel/dma/pool.c
@@ -206,7 +206,7 @@ static int __init dma_atomic_pool_init(v
GFP_KERNEL);
if (!atomic_pool_kernel)
ret = -ENOMEM;
- if (IS_ENABLED(CONFIG_ZONE_DMA)) {
+ if (has_managed_dma()) {
atomic_pool_dma = __dma_atomic_pool_init(atomic_pool_size,
GFP_KERNEL | GFP_DMA);
if (!atomic_pool_dma)
@@ -229,7 +229,7 @@ static inline struct gen_pool *dma_guess
if (prev == NULL) {
if (IS_ENABLED(CONFIG_ZONE_DMA32) && (gfp & GFP_DMA32))
return atomic_pool_dma32;
- if (IS_ENABLED(CONFIG_ZONE_DMA) && (gfp & GFP_DMA))
+ if (atomic_pool_dma && (gfp & GFP_DMA))
return atomic_pool_dma;
return atomic_pool_kernel;
}
^ permalink raw reply [flat|nested] 584+ messages in thread
* [PATCH 5.10 039/563] mm/page_alloc.c: do not warn allocation failure on zone DMA if no managed pages
2022-01-24 18:36 [PATCH 5.10 000/563] 5.10.94-rc1 review Greg Kroah-Hartman
` (37 preceding siblings ...)
2022-01-24 18:36 ` [PATCH 5.10 038/563] dma/pool: create dma atomic pool only if dma zone has managed pages Greg Kroah-Hartman
@ 2022-01-24 18:36 ` Greg Kroah-Hartman
2022-01-24 18:36 ` [PATCH 5.10 040/563] shmem: fix a race between shmem_unused_huge_shrink and shmem_evict_inode Greg Kroah-Hartman
` (527 subsequent siblings)
566 siblings, 0 replies; 584+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:36 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Baoquan He, John Donnelly,
Hyeonggon Yoo, Christoph Lameter, Pekka Enberg, David Rientjes,
Joonsoo Kim, Vlastimil Babka, Borislav Petkov, Christoph Hellwig,
David Hildenbrand, David Laight, Marek Szyprowski, Robin Murphy,
Andrew Morton, Linus Torvalds
From: Baoquan He <bhe@redhat.com>
commit c4dc63f0032c77464fbd4e7a6afc22fa6913c4a7 upstream.
In kdump kernel of x86_64, page allocation failure is observed:
kworker/u2:2: page allocation failure: order:0, mode:0xcc1(GFP_KERNEL|GFP_DMA), nodemask=(null),cpuset=/,mems_allowed=0
CPU: 0 PID: 55 Comm: kworker/u2:2 Not tainted 5.16.0-rc4+ #5
Hardware name: AMD Dinar/Dinar, BIOS RDN1505B 06/05/2013
Workqueue: events_unbound async_run_entry_fn
Call Trace:
<TASK>
dump_stack_lvl+0x48/0x5e
warn_alloc.cold+0x72/0xd6
__alloc_pages_slowpath.constprop.0+0xc69/0xcd0
__alloc_pages+0x1df/0x210
new_slab+0x389/0x4d0
___slab_alloc+0x58f/0x770
__slab_alloc.constprop.0+0x4a/0x80
kmem_cache_alloc_trace+0x24b/0x2c0
sr_probe+0x1db/0x620
......
device_add+0x405/0x920
......
__scsi_add_device+0xe5/0x100
ata_scsi_scan_host+0x97/0x1d0
async_run_entry_fn+0x30/0x130
process_one_work+0x1e8/0x3c0
worker_thread+0x50/0x3b0
? rescuer_thread+0x350/0x350
kthread+0x16b/0x190
? set_kthread_struct+0x40/0x40
ret_from_fork+0x22/0x30
</TASK>
Mem-Info:
......
The above failure happened when calling kmalloc() to allocate buffer with
GFP_DMA. It requests to allocate slab page from DMA zone while no managed
pages at all in there.
sr_probe()
--> get_capabilities()
--> buffer = kmalloc(512, GFP_KERNEL | GFP_DMA);
Because in the current kernel, dma-kmalloc will be created as long as
CONFIG_ZONE_DMA is enabled. However, kdump kernel of x86_64 doesn't have
managed pages on DMA zone since commit 6f599d84231f ("x86/kdump: Always
reserve the low 1M when the crashkernel option is specified"). The
failure can be always reproduced.
For now, let's mute the warning of allocation failure if requesting pages
from DMA zone while no managed pages.
[akpm@linux-foundation.org: fix warning]
Link: https://lkml.kernel.org/r/20211223094435.248523-4-bhe@redhat.com
Fixes: 6f599d84231f ("x86/kdump: Always reserve the low 1M when the crashkernel option is specified")
Signed-off-by: Baoquan He <bhe@redhat.com>
Acked-by: John Donnelly <john.p.donnelly@oracle.com>
Reviewed-by: Hyeonggon Yoo <42.hyeyoo@gmail.com>
Cc: Christoph Lameter <cl@linux.com>
Cc: Pekka Enberg <penberg@kernel.org>
Cc: David Rientjes <rientjes@google.com>
Cc: Joonsoo Kim <iamjoonsoo.kim@lge.com>
Cc: Vlastimil Babka <vbabka@suse.cz>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Christoph Hellwig <hch@lst.de>
Cc: David Hildenbrand <david@redhat.com>
Cc: David Laight <David.Laight@ACULAB.COM>
Cc: Marek Szyprowski <m.szyprowski@samsung.com>
Cc: Robin Murphy <robin.murphy@arm.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
mm/page_alloc.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
--- a/mm/page_alloc.c
+++ b/mm/page_alloc.c
@@ -3964,7 +3964,9 @@ void warn_alloc(gfp_t gfp_mask, nodemask
va_list args;
static DEFINE_RATELIMIT_STATE(nopage_rs, 10*HZ, 1);
- if ((gfp_mask & __GFP_NOWARN) || !__ratelimit(&nopage_rs))
+ if ((gfp_mask & __GFP_NOWARN) ||
+ !__ratelimit(&nopage_rs) ||
+ ((gfp_mask & __GFP_DMA) && !has_managed_dma()))
return;
va_start(args, fmt);
^ permalink raw reply [flat|nested] 584+ messages in thread
* [PATCH 5.10 040/563] shmem: fix a race between shmem_unused_huge_shrink and shmem_evict_inode
2022-01-24 18:36 [PATCH 5.10 000/563] 5.10.94-rc1 review Greg Kroah-Hartman
` (38 preceding siblings ...)
2022-01-24 18:36 ` [PATCH 5.10 039/563] mm/page_alloc.c: do not warn allocation failure on zone DMA if no " Greg Kroah-Hartman
@ 2022-01-24 18:36 ` Greg Kroah-Hartman
2022-01-24 18:36 ` [PATCH 5.10 041/563] drm/ttm: Put BO in its memory managers lru list Greg Kroah-Hartman
` (526 subsequent siblings)
566 siblings, 0 replies; 584+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:36 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Gang Li, Muchun Song,
Kirill A. Shutemov, Hugh Dickins, Andrew Morton, Linus Torvalds
From: Gang Li <ligang.bdlg@bytedance.com>
commit 62c9827cbb996c2c04f615ecd783ce28bcea894b upstream.
Fix a data race in commit 779750d20b93 ("shmem: split huge pages beyond
i_size under memory pressure").
Here are call traces causing race:
Call Trace 1:
shmem_unused_huge_shrink+0x3ae/0x410
? __list_lru_walk_one.isra.5+0x33/0x160
super_cache_scan+0x17c/0x190
shrink_slab.part.55+0x1ef/0x3f0
shrink_node+0x10e/0x330
kswapd+0x380/0x740
kthread+0xfc/0x130
? mem_cgroup_shrink_node+0x170/0x170
? kthread_create_on_node+0x70/0x70
ret_from_fork+0x1f/0x30
Call Trace 2:
shmem_evict_inode+0xd8/0x190
evict+0xbe/0x1c0
do_unlinkat+0x137/0x330
do_syscall_64+0x76/0x120
entry_SYSCALL_64_after_hwframe+0x3d/0xa2
A simple explanation:
Image there are 3 items in the local list (@list). In the first
traversal, A is not deleted from @list.
1) A->B->C
^
|
pos (leave)
In the second traversal, B is deleted from @list. Concurrently, A is
deleted from @list through shmem_evict_inode() since last reference
counter of inode is dropped by other thread. Then the @list is corrupted.
2) A->B->C
^ ^
| |
evict pos (drop)
We should make sure the inode is either on the global list or deleted from
any local list before iput().
Fixed by moving inodes back to global list before we put them.
[akpm@linux-foundation.org: coding style fixes]
Link: https://lkml.kernel.org/r/20211125064502.99983-1-ligang.bdlg@bytedance.com
Fixes: 779750d20b93 ("shmem: split huge pages beyond i_size under memory pressure")
Signed-off-by: Gang Li <ligang.bdlg@bytedance.com>
Reviewed-by: Muchun Song <songmuchun@bytedance.com>
Acked-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
Cc: Hugh Dickins <hughd@google.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
mm/shmem.c | 37 +++++++++++++++++++++----------------
1 file changed, 21 insertions(+), 16 deletions(-)
--- a/mm/shmem.c
+++ b/mm/shmem.c
@@ -527,7 +527,7 @@ static unsigned long shmem_unused_huge_s
struct shmem_inode_info *info;
struct page *page;
unsigned long batch = sc ? sc->nr_to_scan : 128;
- int removed = 0, split = 0;
+ int split = 0;
if (list_empty(&sbinfo->shrinklist))
return SHRINK_STOP;
@@ -542,7 +542,6 @@ static unsigned long shmem_unused_huge_s
/* inode is about to be evicted */
if (!inode) {
list_del_init(&info->shrinklist);
- removed++;
goto next;
}
@@ -550,12 +549,12 @@ static unsigned long shmem_unused_huge_s
if (round_up(inode->i_size, PAGE_SIZE) ==
round_up(inode->i_size, HPAGE_PMD_SIZE)) {
list_move(&info->shrinklist, &to_remove);
- removed++;
goto next;
}
list_move(&info->shrinklist, &list);
next:
+ sbinfo->shrinklist_len--;
if (!--batch)
break;
}
@@ -575,7 +574,7 @@ next:
inode = &info->vfs_inode;
if (nr_to_split && split >= nr_to_split)
- goto leave;
+ goto move_back;
page = find_get_page(inode->i_mapping,
(inode->i_size & HPAGE_PMD_MASK) >> PAGE_SHIFT);
@@ -589,38 +588,44 @@ next:
}
/*
- * Leave the inode on the list if we failed to lock
- * the page at this time.
+ * Move the inode on the list back to shrinklist if we failed
+ * to lock the page at this time.
*
* Waiting for the lock may lead to deadlock in the
* reclaim path.
*/
if (!trylock_page(page)) {
put_page(page);
- goto leave;
+ goto move_back;
}
ret = split_huge_page(page);
unlock_page(page);
put_page(page);
- /* If split failed leave the inode on the list */
+ /* If split failed move the inode on the list back to shrinklist */
if (ret)
- goto leave;
+ goto move_back;
split++;
drop:
list_del_init(&info->shrinklist);
- removed++;
-leave:
+ goto put;
+move_back:
+ /*
+ * Make sure the inode is either on the global list or deleted
+ * from any local list before iput() since it could be deleted
+ * in another thread once we put the inode (then the local list
+ * is corrupted).
+ */
+ spin_lock(&sbinfo->shrinklist_lock);
+ list_move(&info->shrinklist, &sbinfo->shrinklist);
+ sbinfo->shrinklist_len++;
+ spin_unlock(&sbinfo->shrinklist_lock);
+put:
iput(inode);
}
- spin_lock(&sbinfo->shrinklist_lock);
- list_splice_tail(&list, &sbinfo->shrinklist);
- sbinfo->shrinklist_len -= removed;
- spin_unlock(&sbinfo->shrinklist_lock);
-
return split;
}
^ permalink raw reply [flat|nested] 584+ messages in thread
* [PATCH 5.10 041/563] drm/ttm: Put BO in its memory managers lru list
2022-01-24 18:36 [PATCH 5.10 000/563] 5.10.94-rc1 review Greg Kroah-Hartman
` (39 preceding siblings ...)
2022-01-24 18:36 ` [PATCH 5.10 040/563] shmem: fix a race between shmem_unused_huge_shrink and shmem_evict_inode Greg Kroah-Hartman
@ 2022-01-24 18:36 ` Greg Kroah-Hartman
2022-01-24 18:36 ` [PATCH 5.10 042/563] Bluetooth: L2CAP: Fix not initializing sk_peer_pid Greg Kroah-Hartman
` (525 subsequent siblings)
566 siblings, 0 replies; 584+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:36 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Christian König, xinhui pan
From: xinhui pan <xinhui.pan@amd.com>
commit 781050b0a3164934857c300bb0bc291e38c26b6f upstream.
After we move BO to a new memory region, we should put it to
the new memory manager's lru list regardless we unlock the resv or not.
Cc: stable@vger.kernel.org
Reviewed-by: Christian König <christian.koenig@amd.com>
Signed-off-by: xinhui pan <xinhui.pan@amd.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20211110043149.57554-1-xinhui.pan@amd.com
Signed-off-by: Christian König <christian.koenig@amd.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/ttm/ttm_bo.c | 2 ++
1 file changed, 2 insertions(+)
--- a/drivers/gpu/drm/ttm/ttm_bo.c
+++ b/drivers/gpu/drm/ttm/ttm_bo.c
@@ -789,6 +789,8 @@ int ttm_mem_evict_first(struct ttm_bo_de
ret = ttm_bo_evict(bo, ctx);
if (locked)
ttm_bo_unreserve(bo);
+ else
+ ttm_bo_move_to_lru_tail_unlocked(bo);
ttm_bo_put(bo);
return ret;
^ permalink raw reply [flat|nested] 584+ messages in thread
* [PATCH 5.10 042/563] Bluetooth: L2CAP: Fix not initializing sk_peer_pid
2022-01-24 18:36 [PATCH 5.10 000/563] 5.10.94-rc1 review Greg Kroah-Hartman
` (40 preceding siblings ...)
2022-01-24 18:36 ` [PATCH 5.10 041/563] drm/ttm: Put BO in its memory managers lru list Greg Kroah-Hartman
@ 2022-01-24 18:36 ` Greg Kroah-Hartman
2022-01-24 18:36 ` [PATCH 5.10 043/563] drm/bridge: display-connector: fix an uninitialized pointer in probe() Greg Kroah-Hartman
` (524 subsequent siblings)
566 siblings, 0 replies; 584+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:36 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Luiz Augusto von Dentz,
Marcel Holtmann, Sasha Levin
From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
[ Upstream commit f5ff291098f70a70b344df1e388596755c3c8315 ]
In order to group sockets being connected using L2CAP_MODE_EXT_FLOWCTL
the pid is used but sk_peer_pid was not being initialized as it is
currently only done for af_unix.
Fixes: b48596d1dc25 ("Bluetooth: L2CAP: Add get_peer_pid callback")
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/bluetooth/l2cap_sock.c | 19 +++++++++++++++++++
1 file changed, 19 insertions(+)
diff --git a/net/bluetooth/l2cap_sock.c b/net/bluetooth/l2cap_sock.c
index 160c016a5dfb9..4574c5cb1b596 100644
--- a/net/bluetooth/l2cap_sock.c
+++ b/net/bluetooth/l2cap_sock.c
@@ -172,6 +172,21 @@ done:
return err;
}
+static void l2cap_sock_init_pid(struct sock *sk)
+{
+ struct l2cap_chan *chan = l2cap_pi(sk)->chan;
+
+ /* Only L2CAP_MODE_EXT_FLOWCTL ever need to access the PID in order to
+ * group the channels being requested.
+ */
+ if (chan->mode != L2CAP_MODE_EXT_FLOWCTL)
+ return;
+
+ spin_lock(&sk->sk_peer_lock);
+ sk->sk_peer_pid = get_pid(task_tgid(current));
+ spin_unlock(&sk->sk_peer_lock);
+}
+
static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr,
int alen, int flags)
{
@@ -243,6 +258,8 @@ static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr,
if (chan->psm && bdaddr_type_is_le(chan->src_type) && !chan->mode)
chan->mode = L2CAP_MODE_LE_FLOWCTL;
+ l2cap_sock_init_pid(sk);
+
err = l2cap_chan_connect(chan, la.l2_psm, __le16_to_cpu(la.l2_cid),
&la.l2_bdaddr, la.l2_bdaddr_type);
if (err)
@@ -298,6 +315,8 @@ static int l2cap_sock_listen(struct socket *sock, int backlog)
goto done;
}
+ l2cap_sock_init_pid(sk);
+
sk->sk_max_ack_backlog = backlog;
sk->sk_ack_backlog = 0;
--
2.34.1
^ permalink raw reply related [flat|nested] 584+ messages in thread
* [PATCH 5.10 043/563] drm/bridge: display-connector: fix an uninitialized pointer in probe()
2022-01-24 18:36 [PATCH 5.10 000/563] 5.10.94-rc1 review Greg Kroah-Hartman
` (41 preceding siblings ...)
2022-01-24 18:36 ` [PATCH 5.10 042/563] Bluetooth: L2CAP: Fix not initializing sk_peer_pid Greg Kroah-Hartman
@ 2022-01-24 18:36 ` Greg Kroah-Hartman
2022-01-24 18:36 ` [PATCH 5.10 044/563] drm: fix null-ptr-deref in drm_dev_init_release() Greg Kroah-Hartman
` (523 subsequent siblings)
566 siblings, 0 replies; 584+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:36 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dan Carpenter, Sam Ravnborg, Sasha Levin
From: Dan Carpenter <dan.carpenter@oracle.com>
[ Upstream commit 189723fbe9aca18d6f7d638c59a40288030932b5 ]
The "label" pointer is used for debug output. The code assumes that it
is either NULL or valid, but it is never set to NULL. It is either
valid or uninitialized.
Fixes: 0c275c30176b ("drm/bridge: Add bridge driver for display connectors")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Sam Ravnborg <sam@ravnborg.org>
Link: https://patchwork.freedesktop.org/patch/msgid/20211013080825.GE6010@kili
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/bridge/display-connector.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/bridge/display-connector.c b/drivers/gpu/drm/bridge/display-connector.c
index 4d278573cdb99..544a47335cac4 100644
--- a/drivers/gpu/drm/bridge/display-connector.c
+++ b/drivers/gpu/drm/bridge/display-connector.c
@@ -104,7 +104,7 @@ static int display_connector_probe(struct platform_device *pdev)
{
struct display_connector *conn;
unsigned int type;
- const char *label;
+ const char *label = NULL;
int ret;
conn = devm_kzalloc(&pdev->dev, sizeof(*conn), GFP_KERNEL);
--
2.34.1
^ permalink raw reply related [flat|nested] 584+ messages in thread
* [PATCH 5.10 044/563] drm: fix null-ptr-deref in drm_dev_init_release()
2022-01-24 18:36 [PATCH 5.10 000/563] 5.10.94-rc1 review Greg Kroah-Hartman
` (42 preceding siblings ...)
2022-01-24 18:36 ` [PATCH 5.10 043/563] drm/bridge: display-connector: fix an uninitialized pointer in probe() Greg Kroah-Hartman
@ 2022-01-24 18:36 ` Greg Kroah-Hartman
2022-01-24 18:36 ` [PATCH 5.10 045/563] drm/panel: kingdisplay-kd097d04: Delete panel on attach() failure Greg Kroah-Hartman
` (522 subsequent siblings)
566 siblings, 0 replies; 584+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:36 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hulk Robot, Wang Hai, Sam Ravnborg,
Sasha Levin
From: Wang Hai <wanghai38@huawei.com>
[ Upstream commit acf20ed020ffa4d6cc8347e8d356509b95df3cbe ]
I got a null-ptr-deref report:
[drm:drm_dev_init [drm]] *ERROR* Cannot allocate anonymous inode: -12
==================================================================
BUG: KASAN: null-ptr-deref in iput+0x3c/0x4a0
...
Call Trace:
dump_stack_lvl+0x6c/0x8b
kasan_report.cold+0x64/0xdb
__asan_load8+0x69/0x90
iput+0x3c/0x4a0
drm_dev_init_release+0x39/0xb0 [drm]
drm_managed_release+0x158/0x2d0 [drm]
drm_dev_init+0x3a7/0x4c0 [drm]
__devm_drm_dev_alloc+0x55/0xd0 [drm]
mi0283qt_probe+0x8a/0x2b5 [mi0283qt]
spi_probe+0xeb/0x130
...
entry_SYSCALL_64_after_hwframe+0x44/0xae
If drm_fs_inode_new() fails in drm_dev_init(), dev->anon_inode will point
to PTR_ERR(...) instead of NULL. This will result in null-ptr-deref when
drm_fs_inode_free(dev->anon_inode) is called.
drm_dev_init()
drm_fs_inode_new() // fail, dev->anon_inode = PTR_ERR(...)
drm_managed_release()
drm_dev_init_release()
drm_fs_inode_free() // access non-existent anon_inode
Define a temp variable and assign it to dev->anon_inode if the temp
variable is not PTR_ERR.
Fixes: 2cbf7fc6718b ("drm: Use drmm_ for drm_dev_init cleanup")
Reported-by: Hulk Robot <hulkci@huawei.com>
Signed-off-by: Wang Hai <wanghai38@huawei.com>
Signed-off-by: Sam Ravnborg <sam@ravnborg.org>
Link: https://patchwork.freedesktop.org/patch/msgid/20211013114139.4042207-1-wanghai38@huawei.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/drm_drv.c | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/drivers/gpu/drm/drm_drv.c b/drivers/gpu/drm/drm_drv.c
index cd162d406078a..006e3b896caea 100644
--- a/drivers/gpu/drm/drm_drv.c
+++ b/drivers/gpu/drm/drm_drv.c
@@ -577,6 +577,7 @@ static int drm_dev_init(struct drm_device *dev,
struct drm_driver *driver,
struct device *parent)
{
+ struct inode *inode;
int ret;
if (!drm_core_init_complete) {
@@ -613,13 +614,15 @@ static int drm_dev_init(struct drm_device *dev,
if (ret)
return ret;
- dev->anon_inode = drm_fs_inode_new();
- if (IS_ERR(dev->anon_inode)) {
- ret = PTR_ERR(dev->anon_inode);
+ inode = drm_fs_inode_new();
+ if (IS_ERR(inode)) {
+ ret = PTR_ERR(inode);
DRM_ERROR("Cannot allocate anonymous inode: %d\n", ret);
goto err;
}
+ dev->anon_inode = inode;
+
if (drm_core_check_feature(dev, DRIVER_RENDER)) {
ret = drm_minor_alloc(dev, DRM_MINOR_RENDER);
if (ret)
--
2.34.1
^ permalink raw reply related [flat|nested] 584+ messages in thread
* [PATCH 5.10 045/563] drm/panel: kingdisplay-kd097d04: Delete panel on attach() failure
2022-01-24 18:36 [PATCH 5.10 000/563] 5.10.94-rc1 review Greg Kroah-Hartman
` (43 preceding siblings ...)
2022-01-24 18:36 ` [PATCH 5.10 044/563] drm: fix null-ptr-deref in drm_dev_init_release() Greg Kroah-Hartman
@ 2022-01-24 18:36 ` Greg Kroah-Hartman
2022-01-24 18:36 ` [PATCH 5.10 046/563] drm/panel: innolux-p079zca: " Greg Kroah-Hartman
` (521 subsequent siblings)
566 siblings, 0 replies; 584+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:36 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Brian Norris, Sam Ravnborg, Sasha Levin
From: Brian Norris <briannorris@chromium.org>
[ Upstream commit 5f31dbeae8a88f31c3eb4eb526ab4807c40da241 ]
If we fail to attach (e.g., because 1 of 2 dual-DSI controllers aren't
ready), we leave a dangling drm_panel reference to freed memory. Clean
that up on failure.
Fixes: 2a994cbed6b2 ("drm/panel: Add Kingdisplay KD097D04 panel driver")
Signed-off-by: Brian Norris <briannorris@chromium.org>
Signed-off-by: Sam Ravnborg <sam@ravnborg.org>
Link: https://patchwork.freedesktop.org/patch/msgid/20210923173336.1.Icb4d9dbc1817f4e826361a4f1cea7461541668f0@changeid
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/panel/panel-kingdisplay-kd097d04.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/panel/panel-kingdisplay-kd097d04.c b/drivers/gpu/drm/panel/panel-kingdisplay-kd097d04.c
index 86e4213e8bb13..daccb1fd5fdad 100644
--- a/drivers/gpu/drm/panel/panel-kingdisplay-kd097d04.c
+++ b/drivers/gpu/drm/panel/panel-kingdisplay-kd097d04.c
@@ -406,7 +406,13 @@ static int kingdisplay_panel_probe(struct mipi_dsi_device *dsi)
if (err < 0)
return err;
- return mipi_dsi_attach(dsi);
+ err = mipi_dsi_attach(dsi);
+ if (err < 0) {
+ kingdisplay_panel_del(kingdisplay);
+ return err;
+ }
+
+ return 0;
}
static int kingdisplay_panel_remove(struct mipi_dsi_device *dsi)
--
2.34.1
^ permalink raw reply related [flat|nested] 584+ messages in thread
* [PATCH 5.10 046/563] drm/panel: innolux-p079zca: Delete panel on attach() failure
2022-01-24 18:36 [PATCH 5.10 000/563] 5.10.94-rc1 review Greg Kroah-Hartman
` (44 preceding siblings ...)
2022-01-24 18:36 ` [PATCH 5.10 045/563] drm/panel: kingdisplay-kd097d04: Delete panel on attach() failure Greg Kroah-Hartman
@ 2022-01-24 18:36 ` Greg Kroah-Hartman
2022-01-24 18:36 ` [PATCH 5.10 047/563] drm/rockchip: dsi: Fix unbalanced clock on probe error Greg Kroah-Hartman
` (520 subsequent siblings)
566 siblings, 0 replies; 584+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:36 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Brian Norris, Sam Ravnborg, Sasha Levin
From: Brian Norris <briannorris@chromium.org>
[ Upstream commit 32a267e9c057e1636e7afdd20599aa5741a73079 ]
If we fail to attach (e.g., because 1 of 2 dual-DSI controllers aren't
ready), we leave a dangling drm_panel reference to freed memory. Clean
that up on failure.
This problem exists since the driver's introduction, but is especially
relevant after refactored for dual-DSI variants.
Fixes: 14c8f2e9f8ea ("drm/panel: add Innolux P079ZCA panel driver")
Fixes: 7ad4e4636c54 ("drm/panel: p079zca: Refactor panel driver to support multiple panels")
Signed-off-by: Brian Norris <briannorris@chromium.org>
Signed-off-by: Sam Ravnborg <sam@ravnborg.org>
Link: https://patchwork.freedesktop.org/patch/msgid/20210923173336.2.I9023cf8811a3abf4964ed84eb681721d8bb489d6@changeid
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/panel/panel-innolux-p079zca.c | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/panel/panel-innolux-p079zca.c b/drivers/gpu/drm/panel/panel-innolux-p079zca.c
index aea3162253914..f194b62e290ca 100644
--- a/drivers/gpu/drm/panel/panel-innolux-p079zca.c
+++ b/drivers/gpu/drm/panel/panel-innolux-p079zca.c
@@ -484,6 +484,7 @@ static void innolux_panel_del(struct innolux_panel *innolux)
static int innolux_panel_probe(struct mipi_dsi_device *dsi)
{
const struct panel_desc *desc;
+ struct innolux_panel *innolux;
int err;
desc = of_device_get_match_data(&dsi->dev);
@@ -495,7 +496,14 @@ static int innolux_panel_probe(struct mipi_dsi_device *dsi)
if (err < 0)
return err;
- return mipi_dsi_attach(dsi);
+ err = mipi_dsi_attach(dsi);
+ if (err < 0) {
+ innolux = mipi_dsi_get_drvdata(dsi);
+ innolux_panel_del(innolux);
+ return err;
+ }
+
+ return 0;
}
static int innolux_panel_remove(struct mipi_dsi_device *dsi)
--
2.34.1
^ permalink raw reply related [flat|nested] 584+ messages in thread
* [PATCH 5.10 047/563] drm/rockchip: dsi: Fix unbalanced clock on probe error
2022-01-24 18:36 [PATCH 5.10 000/563] 5.10.94-rc1 review Greg Kroah-Hartman
` (45 preceding siblings ...)
2022-01-24 18:36 ` [PATCH 5.10 046/563] drm/panel: innolux-p079zca: " Greg Kroah-Hartman
@ 2022-01-24 18:36 ` Greg Kroah-Hartman
2022-01-24 18:36 ` [PATCH 5.10 048/563] drm/rockchip: dsi: Hold pm-runtime across bind/unbind Greg Kroah-Hartman
` (519 subsequent siblings)
566 siblings, 0 replies; 584+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:36 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Brian Norris, Chen-Yu Tsai,
Nícolas F . R . A . Prado, Heiko Stuebner, Sasha Levin
From: Brian Norris <briannorris@chromium.org>
[ Upstream commit 251888398753924059f3bb247a44153a2853137f ]
Our probe() function never enabled this clock, so we shouldn't disable
it if we fail to probe the bridge.
Noted by inspection.
Fixes: 2d4f7bdafd70 ("drm/rockchip: dsi: migrate to use dw-mipi-dsi bridge driver")
Signed-off-by: Brian Norris <briannorris@chromium.org>
Reviewed-by: Chen-Yu Tsai <wenst@chromium.org>
Tested-by: Nícolas F. R. A. Prado <nfraprado@collabora.com>
Signed-off-by: Heiko Stuebner <heiko@sntech.de>
Link: https://patchwork.freedesktop.org/patch/msgid/20210928143413.v3.3.Ie8ceefb51ab6065a1151869b6fcda41a467d4d2c@changeid
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/rockchip/dw-mipi-dsi-rockchip.c | 6 +-----
1 file changed, 1 insertion(+), 5 deletions(-)
diff --git a/drivers/gpu/drm/rockchip/dw-mipi-dsi-rockchip.c b/drivers/gpu/drm/rockchip/dw-mipi-dsi-rockchip.c
index d0c9610ad2202..433b2f459a7d9 100644
--- a/drivers/gpu/drm/rockchip/dw-mipi-dsi-rockchip.c
+++ b/drivers/gpu/drm/rockchip/dw-mipi-dsi-rockchip.c
@@ -1126,14 +1126,10 @@ static int dw_mipi_dsi_rockchip_probe(struct platform_device *pdev)
if (ret != -EPROBE_DEFER)
DRM_DEV_ERROR(dev,
"Failed to probe dw_mipi_dsi: %d\n", ret);
- goto err_clkdisable;
+ return ret;
}
return 0;
-
-err_clkdisable:
- clk_disable_unprepare(dsi->pllref_clk);
- return ret;
}
static int dw_mipi_dsi_rockchip_remove(struct platform_device *pdev)
--
2.34.1
^ permalink raw reply related [flat|nested] 584+ messages in thread
* [PATCH 5.10 048/563] drm/rockchip: dsi: Hold pm-runtime across bind/unbind
2022-01-24 18:36 [PATCH 5.10 000/563] 5.10.94-rc1 review Greg Kroah-Hartman
` (46 preceding siblings ...)
2022-01-24 18:36 ` [PATCH 5.10 047/563] drm/rockchip: dsi: Fix unbalanced clock on probe error Greg Kroah-Hartman
@ 2022-01-24 18:36 ` Greg Kroah-Hartman
2022-01-24 18:36 ` [PATCH 5.10 049/563] drm/rockchip: dsi: Disable PLL clock on bind error Greg Kroah-Hartman
` (518 subsequent siblings)
566 siblings, 0 replies; 584+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:36 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, aleksandr.o.makarov, Brian Norris,
Nícolas F . R . A . Prado, Chen-Yu Tsai, Heiko Stuebner
From: Brian Norris <briannorris@chromium.org>
commit 514db871922f103886ad4d221cf406b4fcc5e74a upstream.
In commit 43c2de1002d2 ("drm/rockchip: dsi: move all lane config except
LCDC mux to bind()"), we moved most HW configuration to bind(), but we
didn't move the runtime PM management. Therefore, depending on initial
boot state, runtime-PM workqueue delays, and other timing factors, we
may disable our power domain in between the hardware configuration
(bind()) and when we enable the display. This can cause us to lose
hardware state and fail to configure our display. For example:
dw-mipi-dsi-rockchip ff968000.mipi: failed to write command FIFO
panel-innolux-p079zca ff960000.mipi.0: failed to write command 0
or:
dw-mipi-dsi-rockchip ff968000.mipi: failed to write command FIFO
panel-kingdisplay-kd097d04 ff960000.mipi.0: failed write init cmds: -110
We should match the runtime PM to the lifetime of the bind()/unbind()
cycle.
Tested on Acer Chrometab 10 (RK3399 Gru-Scarlet), with panel drivers
built either as modules or built-in.
Side notes: it seems one is more likely to see this problem when the
panel driver is built into the kernel. I've also seen this problem
bisect down to commits that simply changed Kconfig dependencies, because
it changed the order in which driver init functions were compiled into
the kernel, and therefore the ordering and timing of built-in device
probe.
Fixes: 43c2de1002d2 ("drm/rockchip: dsi: move all lane config except LCDC mux to bind()")
Link: https://lore.kernel.org/linux-rockchip/9aedfb528600ecf871885f7293ca4207c84d16c1.camel@gmail.com/
Reported-by: <aleksandr.o.makarov@gmail.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Brian Norris <briannorris@chromium.org>
Tested-by: Nícolas F. R. A. Prado <nfraprado@collabora.com>
Reviewed-by: Chen-Yu Tsai <wenst@chromium.org>
Signed-off-by: Heiko Stuebner <heiko@sntech.de>
Link: https://patchwork.freedesktop.org/patch/msgid/20210928143413.v3.1.Ic2904d37f30013a7f3d8476203ad3733c186827e@changeid
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/rockchip/dw-mipi-dsi-rockchip.c | 37 ++++++++++++------------
1 file changed, 19 insertions(+), 18 deletions(-)
--- a/drivers/gpu/drm/rockchip/dw-mipi-dsi-rockchip.c
+++ b/drivers/gpu/drm/rockchip/dw-mipi-dsi-rockchip.c
@@ -753,10 +753,6 @@ static void dw_mipi_dsi_encoder_enable(s
if (mux < 0)
return;
- pm_runtime_get_sync(dsi->dev);
- if (dsi->slave)
- pm_runtime_get_sync(dsi->slave->dev);
-
/*
* For the RK3399, the clk of grf must be enabled before writing grf
* register. And for RK3288 or other soc, this grf_clk must be NULL,
@@ -775,20 +771,10 @@ static void dw_mipi_dsi_encoder_enable(s
clk_disable_unprepare(dsi->grf_clk);
}
-static void dw_mipi_dsi_encoder_disable(struct drm_encoder *encoder)
-{
- struct dw_mipi_dsi_rockchip *dsi = to_dsi(encoder);
-
- if (dsi->slave)
- pm_runtime_put(dsi->slave->dev);
- pm_runtime_put(dsi->dev);
-}
-
static const struct drm_encoder_helper_funcs
dw_mipi_dsi_encoder_helper_funcs = {
.atomic_check = dw_mipi_dsi_encoder_atomic_check,
.enable = dw_mipi_dsi_encoder_enable,
- .disable = dw_mipi_dsi_encoder_disable,
};
static int rockchip_dsi_drm_create_encoder(struct dw_mipi_dsi_rockchip *dsi,
@@ -918,10 +904,14 @@ static int dw_mipi_dsi_rockchip_bind(str
put_device(second);
}
+ pm_runtime_get_sync(dsi->dev);
+ if (dsi->slave)
+ pm_runtime_get_sync(dsi->slave->dev);
+
ret = clk_prepare_enable(dsi->pllref_clk);
if (ret) {
DRM_DEV_ERROR(dev, "Failed to enable pllref_clk: %d\n", ret);
- return ret;
+ goto out_pm_runtime;
}
/*
@@ -933,7 +923,7 @@ static int dw_mipi_dsi_rockchip_bind(str
ret = clk_prepare_enable(dsi->grf_clk);
if (ret) {
DRM_DEV_ERROR(dsi->dev, "Failed to enable grf_clk: %d\n", ret);
- return ret;
+ goto out_pm_runtime;
}
dw_mipi_dsi_rockchip_config(dsi);
@@ -945,16 +935,23 @@ static int dw_mipi_dsi_rockchip_bind(str
ret = rockchip_dsi_drm_create_encoder(dsi, drm_dev);
if (ret) {
DRM_DEV_ERROR(dev, "Failed to create drm encoder\n");
- return ret;
+ goto out_pm_runtime;
}
ret = dw_mipi_dsi_bind(dsi->dmd, &dsi->encoder);
if (ret) {
DRM_DEV_ERROR(dev, "Failed to bind: %d\n", ret);
- return ret;
+ goto out_pm_runtime;
}
return 0;
+
+out_pm_runtime:
+ pm_runtime_put(dsi->dev);
+ if (dsi->slave)
+ pm_runtime_put(dsi->slave->dev);
+
+ return ret;
}
static void dw_mipi_dsi_rockchip_unbind(struct device *dev,
@@ -969,6 +966,10 @@ static void dw_mipi_dsi_rockchip_unbind(
dw_mipi_dsi_unbind(dsi->dmd);
clk_disable_unprepare(dsi->pllref_clk);
+
+ pm_runtime_put(dsi->dev);
+ if (dsi->slave)
+ pm_runtime_put(dsi->slave->dev);
}
static const struct component_ops dw_mipi_dsi_rockchip_ops = {
^ permalink raw reply [flat|nested] 584+ messages in thread
* [PATCH 5.10 049/563] drm/rockchip: dsi: Disable PLL clock on bind error
2022-01-24 18:36 [PATCH 5.10 000/563] 5.10.94-rc1 review Greg Kroah-Hartman
` (47 preceding siblings ...)
2022-01-24 18:36 ` [PATCH 5.10 048/563] drm/rockchip: dsi: Hold pm-runtime across bind/unbind Greg Kroah-Hartman
@ 2022-01-24 18:36 ` Greg Kroah-Hartman
2022-01-24 18:36 ` [PATCH 5.10 050/563] drm/rockchip: dsi: Reconfigure hardware on resume() Greg Kroah-Hartman
` (517 subsequent siblings)
566 siblings, 0 replies; 584+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:36 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Brian Norris, Chen-Yu Tsai,
Nícolas F . R . A . Prado, Heiko Stuebner, Sasha Levin
From: Brian Norris <briannorris@chromium.org>
[ Upstream commit 5a614570172e1c9f59035d259dd735acd4f1c01b ]
Fix some error handling here noticed in review of other changes.
Fixes: 2d4f7bdafd70 ("drm/rockchip: dsi: migrate to use dw-mipi-dsi bridge driver")
Signed-off-by: Brian Norris <briannorris@chromium.org>
Reported-by: Chen-Yu Tsai <wenst@chromium.org>
Reviewed-by: Chen-Yu Tsai <wenst@chromium.org>
Tested-by: Nícolas F. R. A. Prado <nfraprado@collabora.com>
Signed-off-by: Heiko Stuebner <heiko@sntech.de>
Link: https://patchwork.freedesktop.org/patch/msgid/20210928143413.v3.4.I8bb7a91ecc411d56bc155763faa15f289d7fc074@changeid
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/rockchip/dw-mipi-dsi-rockchip.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/drivers/gpu/drm/rockchip/dw-mipi-dsi-rockchip.c b/drivers/gpu/drm/rockchip/dw-mipi-dsi-rockchip.c
index d3cea42dde436..6691e45230126 100644
--- a/drivers/gpu/drm/rockchip/dw-mipi-dsi-rockchip.c
+++ b/drivers/gpu/drm/rockchip/dw-mipi-dsi-rockchip.c
@@ -923,7 +923,7 @@ static int dw_mipi_dsi_rockchip_bind(struct device *dev,
ret = clk_prepare_enable(dsi->grf_clk);
if (ret) {
DRM_DEV_ERROR(dsi->dev, "Failed to enable grf_clk: %d\n", ret);
- goto out_pm_runtime;
+ goto out_pll_clk;
}
dw_mipi_dsi_rockchip_config(dsi);
@@ -935,17 +935,19 @@ static int dw_mipi_dsi_rockchip_bind(struct device *dev,
ret = rockchip_dsi_drm_create_encoder(dsi, drm_dev);
if (ret) {
DRM_DEV_ERROR(dev, "Failed to create drm encoder\n");
- goto out_pm_runtime;
+ goto out_pll_clk;
}
ret = dw_mipi_dsi_bind(dsi->dmd, &dsi->encoder);
if (ret) {
DRM_DEV_ERROR(dev, "Failed to bind: %d\n", ret);
- goto out_pm_runtime;
+ goto out_pll_clk;
}
return 0;
+out_pll_clk:
+ clk_disable_unprepare(dsi->pllref_clk);
out_pm_runtime:
pm_runtime_put(dsi->dev);
if (dsi->slave)
--
2.34.1
^ permalink raw reply related [flat|nested] 584+ messages in thread
* [PATCH 5.10 050/563] drm/rockchip: dsi: Reconfigure hardware on resume()
2022-01-24 18:36 [PATCH 5.10 000/563] 5.10.94-rc1 review Greg Kroah-Hartman
` (48 preceding siblings ...)
2022-01-24 18:36 ` [PATCH 5.10 049/563] drm/rockchip: dsi: Disable PLL clock on bind error Greg Kroah-Hartman
@ 2022-01-24 18:36 ` Greg Kroah-Hartman
2022-01-24 18:36 ` [PATCH 5.10 051/563] Bluetooth: cmtp: fix possible panic when cmtp_init_sockets() fails Greg Kroah-Hartman
` (516 subsequent siblings)
566 siblings, 0 replies; 584+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:36 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Brian Norris, Chen-Yu Tsai,
Nícolas F . R . A . Prado, Heiko Stuebner
From: Brian Norris <briannorris@chromium.org>
commit e584cdc1549932f87a2707b56bc588cfac5d89e0 upstream.
Since commit 43c2de1002d2 ("drm/rockchip: dsi: move all lane config except
LCDC mux to bind()"), we perform most HW configuration in the bind()
function. This configuration may be lost on suspend/resume, so we
need to call it again. That may lead to errors like this after system
suspend/resume:
dw-mipi-dsi-rockchip ff968000.mipi: failed to write command FIFO
panel-kingdisplay-kd097d04 ff960000.mipi.0: failed write init cmds: -110
Tested on Acer Chromebook Tab 10 (RK3399 Gru-Scarlet).
Note that early mailing list versions of this driver borrowed Rockchip's
downstream/BSP solution, to do HW configuration in mode_set() (which
*is* called at the appropriate pre-enable() times), but that was
discarded along the way. I've avoided that still, because mode_set()
documentation doesn't suggest this kind of purpose as far as I can tell.
Fixes: 43c2de1002d2 ("drm/rockchip: dsi: move all lane config except LCDC mux to bind()")
Cc: <stable@vger.kernel.org>
Signed-off-by: Brian Norris <briannorris@chromium.org>
Reviewed-by: Chen-Yu Tsai <wenst@chromium.org>
Tested-by: Nícolas F. R. A. Prado <nfraprado@collabora.com>
Signed-off-by: Heiko Stuebner <heiko@sntech.de>
Link: https://patchwork.freedesktop.org/patch/msgid/20210928143413.v3.2.I4e9d93aadb00b1ffc7d506e3186a25492bf0b732@changeid
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/rockchip/dw-mipi-dsi-rockchip.c | 37 ++++++++++++++++++++++++
1 file changed, 37 insertions(+)
--- a/drivers/gpu/drm/rockchip/dw-mipi-dsi-rockchip.c
+++ b/drivers/gpu/drm/rockchip/dw-mipi-dsi-rockchip.c
@@ -243,6 +243,8 @@ struct dw_mipi_dsi_rockchip {
struct dw_mipi_dsi *dmd;
const struct rockchip_dw_dsi_chip_data *cdata;
struct dw_mipi_dsi_plat_data pdata;
+
+ bool dsi_bound;
};
struct dphy_pll_parameter_map {
@@ -944,6 +946,8 @@ static int dw_mipi_dsi_rockchip_bind(str
goto out_pll_clk;
}
+ dsi->dsi_bound = true;
+
return 0;
out_pll_clk:
@@ -965,6 +969,8 @@ static void dw_mipi_dsi_rockchip_unbind(
if (dsi->is_slave)
return;
+ dsi->dsi_bound = false;
+
dw_mipi_dsi_unbind(dsi->dmd);
clk_disable_unprepare(dsi->pllref_clk);
@@ -1029,6 +1035,36 @@ static const struct dw_mipi_dsi_host_ops
.detach = dw_mipi_dsi_rockchip_host_detach,
};
+static int __maybe_unused dw_mipi_dsi_rockchip_resume(struct device *dev)
+{
+ struct dw_mipi_dsi_rockchip *dsi = dev_get_drvdata(dev);
+ int ret;
+
+ /*
+ * Re-configure DSI state, if we were previously initialized. We need
+ * to do this before rockchip_drm_drv tries to re-enable() any panels.
+ */
+ if (dsi->dsi_bound) {
+ ret = clk_prepare_enable(dsi->grf_clk);
+ if (ret) {
+ DRM_DEV_ERROR(dsi->dev, "Failed to enable grf_clk: %d\n", ret);
+ return ret;
+ }
+
+ dw_mipi_dsi_rockchip_config(dsi);
+ if (dsi->slave)
+ dw_mipi_dsi_rockchip_config(dsi->slave);
+
+ clk_disable_unprepare(dsi->grf_clk);
+ }
+
+ return 0;
+}
+
+static const struct dev_pm_ops dw_mipi_dsi_rockchip_pm_ops = {
+ SET_LATE_SYSTEM_SLEEP_PM_OPS(NULL, dw_mipi_dsi_rockchip_resume)
+};
+
static int dw_mipi_dsi_rockchip_probe(struct platform_device *pdev)
{
struct device *dev = &pdev->dev;
@@ -1248,6 +1284,7 @@ struct platform_driver dw_mipi_dsi_rockc
.remove = dw_mipi_dsi_rockchip_remove,
.driver = {
.of_match_table = dw_mipi_dsi_rockchip_dt_ids,
+ .pm = &dw_mipi_dsi_rockchip_pm_ops,
.name = "dw-mipi-dsi-rockchip",
},
};
^ permalink raw reply [flat|nested] 584+ messages in thread
* [PATCH 5.10 051/563] Bluetooth: cmtp: fix possible panic when cmtp_init_sockets() fails
2022-01-24 18:36 [PATCH 5.10 000/563] 5.10.94-rc1 review Greg Kroah-Hartman
` (49 preceding siblings ...)
2022-01-24 18:36 ` [PATCH 5.10 050/563] drm/rockchip: dsi: Reconfigure hardware on resume() Greg Kroah-Hartman
@ 2022-01-24 18:36 ` Greg Kroah-Hartman
2022-01-24 18:36 ` [PATCH 5.10 052/563] clk: bcm-2835: Pick the closest clock rate Greg Kroah-Hartman
` (515 subsequent siblings)
566 siblings, 0 replies; 584+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:36 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hulk Robot, Wang Hai,
Marcel Holtmann, Sasha Levin
From: Wang Hai <wanghai38@huawei.com>
[ Upstream commit 2a7ca7459d905febf519163bd9e3eed894de6bb7 ]
I got a kernel BUG report when doing fault injection test:
------------[ cut here ]------------
kernel BUG at lib/list_debug.c:45!
...
RIP: 0010:__list_del_entry_valid.cold+0x12/0x4d
...
Call Trace:
proto_unregister+0x83/0x220
cmtp_cleanup_sockets+0x37/0x40 [cmtp]
cmtp_exit+0xe/0x1f [cmtp]
do_syscall_64+0x35/0xb0
entry_SYSCALL_64_after_hwframe+0x44/0xae
If cmtp_init_sockets() in cmtp_init() fails, cmtp_init() still returns
success. This will cause a kernel bug when accessing uncreated ctmp
related data when the module exits.
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Reported-by: Hulk Robot <hulkci@huawei.com>
Signed-off-by: Wang Hai <wanghai38@huawei.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/bluetooth/cmtp/core.c | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/net/bluetooth/cmtp/core.c b/net/bluetooth/cmtp/core.c
index 0a2d78e811cf5..83eb84e8e688f 100644
--- a/net/bluetooth/cmtp/core.c
+++ b/net/bluetooth/cmtp/core.c
@@ -501,9 +501,7 @@ static int __init cmtp_init(void)
{
BT_INFO("CMTP (CAPI Emulation) ver %s", VERSION);
- cmtp_init_sockets();
-
- return 0;
+ return cmtp_init_sockets();
}
static void __exit cmtp_exit(void)
--
2.34.1
^ permalink raw reply related [flat|nested] 584+ messages in thread
* [PATCH 5.10 052/563] clk: bcm-2835: Pick the closest clock rate
2022-01-24 18:36 [PATCH 5.10 000/563] 5.10.94-rc1 review Greg Kroah-Hartman
` (50 preceding siblings ...)
2022-01-24 18:36 ` [PATCH 5.10 051/563] Bluetooth: cmtp: fix possible panic when cmtp_init_sockets() fails Greg Kroah-Hartman
@ 2022-01-24 18:36 ` Greg Kroah-Hartman
2022-01-24 18:36 ` [PATCH 5.10 053/563] clk: bcm-2835: Remove rounding up the dividers Greg Kroah-Hartman
` (514 subsequent siblings)
566 siblings, 0 replies; 584+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:36 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Maxime Ripard, Stephen Boyd,
Nicolas Saenz Julienne, Michael Stapelberg, Sasha Levin
From: Maxime Ripard <maxime@cerno.tech>
[ Upstream commit 5517357a4733d7cf7c17fc79d0530cfa47add372 ]
The driver currently tries to pick the closest rate that is lower than
the rate being requested.
This causes an issue with clk_set_min_rate() since it actively checks
for the rounded rate to be above the minimum that was just set.
Let's change the logic a bit to pick the closest rate to the requested
rate, no matter if it's actually higher or lower.
Fixes: 6d18b8adbe67 ("clk: bcm2835: Support for clock parent selection")
Signed-off-by: Maxime Ripard <maxime@cerno.tech>
Acked-by: Stephen Boyd <sboyd@kernel.org>
Reviewed-by: Nicolas Saenz Julienne <nsaenz@kernel.org>
Tested-by: Nicolas Saenz Julienne <nsaenz@kernel.org> # boot and basic functionality
Tested-by: Michael Stapelberg <michael@stapelberg.ch>
Link: https://patchwork.freedesktop.org/patch/msgid/20210922125419.4125779-2-maxime@cerno.tech
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/clk/bcm/clk-bcm2835.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/clk/bcm/clk-bcm2835.c b/drivers/clk/bcm/clk-bcm2835.c
index 1ac803e14fa3e..a919ee9c3fcb8 100644
--- a/drivers/clk/bcm/clk-bcm2835.c
+++ b/drivers/clk/bcm/clk-bcm2835.c
@@ -1217,7 +1217,7 @@ static int bcm2835_clock_determine_rate(struct clk_hw *hw,
rate = bcm2835_clock_choose_div_and_prate(hw, i, req->rate,
&div, &prate,
&avgrate);
- if (rate > best_rate && rate <= req->rate) {
+ if (abs(req->rate - rate) < abs(req->rate - best_rate)) {
best_parent = parent;
best_prate = prate;
best_rate = rate;
--
2.34.1
^ permalink raw reply related [flat|nested] 584+ messages in thread
* [PATCH 5.10 053/563] clk: bcm-2835: Remove rounding up the dividers
2022-01-24 18:36 [PATCH 5.10 000/563] 5.10.94-rc1 review Greg Kroah-Hartman
` (51 preceding siblings ...)
2022-01-24 18:36 ` [PATCH 5.10 052/563] clk: bcm-2835: Pick the closest clock rate Greg Kroah-Hartman
@ 2022-01-24 18:36 ` Greg Kroah-Hartman
2022-01-24 18:36 ` [PATCH 5.10 054/563] drm/vc4: hdmi: Set a default HSM rate Greg Kroah-Hartman
` (513 subsequent siblings)
566 siblings, 0 replies; 584+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:36 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Maxime Ripard, Stephen Boyd,
Nicolas Saenz Julienne, Michael Stapelberg, Sasha Levin
From: Maxime Ripard <maxime@cerno.tech>
[ Upstream commit 8ca011ef4af48a7af7b15afd8a4a44039dd04cea ]
The driver, once it found a divider, tries to round it up by increasing
the least significant bit of the fractional part by one when the
round_up argument is set and there's a remainder.
However, since it increases the divider it will actually reduce the
clock rate below what we were asking for, leading to issues with
clk_set_min_rate() that will complain that our rounded clock rate is
below the minimum of the rate.
Since the dividers are fairly precise already, let's remove that part so
that we can have clk_set_min_rate() working.
This is effectively a revert of 9c95b32ca093 ("clk: bcm2835: add a round
up ability to the clock divisor").
Fixes: 9c95b32ca093 ("clk: bcm2835: add a round up ability to the clock divisor")
Signed-off-by: Maxime Ripard <maxime@cerno.tech>
Acked-by: Stephen Boyd <sboyd@kernel.org>
Reviewed-by: Nicolas Saenz Julienne <nsaenz@kernel.org>
Tested-by: Nicolas Saenz Julienne <nsaenz@kernel.org> # boot and basic functionality
Tested-by: Michael Stapelberg <michael@stapelberg.ch>
Link: https://patchwork.freedesktop.org/patch/msgid/20210922125419.4125779-3-maxime@cerno.tech
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/clk/bcm/clk-bcm2835.c | 11 +++--------
1 file changed, 3 insertions(+), 8 deletions(-)
diff --git a/drivers/clk/bcm/clk-bcm2835.c b/drivers/clk/bcm/clk-bcm2835.c
index a919ee9c3fcb8..178886823b90c 100644
--- a/drivers/clk/bcm/clk-bcm2835.c
+++ b/drivers/clk/bcm/clk-bcm2835.c
@@ -933,8 +933,7 @@ static int bcm2835_clock_is_on(struct clk_hw *hw)
static u32 bcm2835_clock_choose_div(struct clk_hw *hw,
unsigned long rate,
- unsigned long parent_rate,
- bool round_up)
+ unsigned long parent_rate)
{
struct bcm2835_clock *clock = bcm2835_clock_from_hw(hw);
const struct bcm2835_clock_data *data = clock->data;
@@ -946,10 +945,6 @@ static u32 bcm2835_clock_choose_div(struct clk_hw *hw,
rem = do_div(temp, rate);
div = temp;
-
- /* Round up and mask off the unused bits */
- if (round_up && ((div & unused_frac_mask) != 0 || rem != 0))
- div += unused_frac_mask + 1;
div &= ~unused_frac_mask;
/* different clamping limits apply for a mash clock */
@@ -1080,7 +1075,7 @@ static int bcm2835_clock_set_rate(struct clk_hw *hw,
struct bcm2835_clock *clock = bcm2835_clock_from_hw(hw);
struct bcm2835_cprman *cprman = clock->cprman;
const struct bcm2835_clock_data *data = clock->data;
- u32 div = bcm2835_clock_choose_div(hw, rate, parent_rate, false);
+ u32 div = bcm2835_clock_choose_div(hw, rate, parent_rate);
u32 ctl;
spin_lock(&cprman->regs_lock);
@@ -1131,7 +1126,7 @@ static unsigned long bcm2835_clock_choose_div_and_prate(struct clk_hw *hw,
if (!(BIT(parent_idx) & data->set_rate_parent)) {
*prate = clk_hw_get_rate(parent);
- *div = bcm2835_clock_choose_div(hw, rate, *prate, true);
+ *div = bcm2835_clock_choose_div(hw, rate, *prate);
*avgrate = bcm2835_clock_rate_from_divisor(clock, *prate, *div);
--
2.34.1
^ permalink raw reply related [flat|nested] 584+ messages in thread
* [PATCH 5.10 054/563] drm/vc4: hdmi: Set a default HSM rate
2022-01-24 18:36 [PATCH 5.10 000/563] 5.10.94-rc1 review Greg Kroah-Hartman
` (52 preceding siblings ...)
2022-01-24 18:36 ` [PATCH 5.10 053/563] clk: bcm-2835: Remove rounding up the dividers Greg Kroah-Hartman
@ 2022-01-24 18:36 ` Greg Kroah-Hartman
2022-01-24 18:37 ` [PATCH 5.10 055/563] wcn36xx: ensure pairing of init_scan/finish_scan and start_scan/end_scan Greg Kroah-Hartman
` (512 subsequent siblings)
566 siblings, 0 replies; 584+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:36 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Maxime Ripard,
Nicolas Saenz Julienne, Michael Stapelberg, Sasha Levin
From: Maxime Ripard <maxime@cerno.tech>
[ Upstream commit 3e85b81591609bb794bb00cd619b20965b5b38cd ]
When the firmware doesn't setup the HSM rate (such as when booting
without an HDMI cable plugged in), its rate is 0 and thus any register
access results in a CPU stall, even though HSM is enabled.
Let's enforce a minimum rate at boot to avoid this issue.
Fixes: 4f6e3d66ac52 ("drm/vc4: Add runtime PM support to the HDMI encoder driver")
Signed-off-by: Maxime Ripard <maxime@cerno.tech>
Reviewed-by: Nicolas Saenz Julienne <nsaenz@kernel.org>
Tested-by: Nicolas Saenz Julienne <nsaenz@kernel.org>
Tested-by: Michael Stapelberg <michael@stapelberg.ch>
Link: https://patchwork.freedesktop.org/patch/msgid/20210922125419.4125779-4-maxime@cerno.tech
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/vc4/vc4_hdmi.c | 14 ++++++++++++++
1 file changed, 14 insertions(+)
diff --git a/drivers/gpu/drm/vc4/vc4_hdmi.c b/drivers/gpu/drm/vc4/vc4_hdmi.c
index ee293f061f0a8..5d5c4e9a86218 100644
--- a/drivers/gpu/drm/vc4/vc4_hdmi.c
+++ b/drivers/gpu/drm/vc4/vc4_hdmi.c
@@ -79,6 +79,7 @@
# define VC4_HD_M_SW_RST BIT(2)
# define VC4_HD_M_ENABLE BIT(0)
+#define HSM_MIN_CLOCK_FREQ 120000000
#define CEC_CLOCK_FREQ 40000
#define VC4_HSM_MID_CLOCK 149985000
@@ -1806,6 +1807,19 @@ static int vc4_hdmi_bind(struct device *dev, struct device *master, void *data)
vc4_hdmi->disable_wifi_frequencies =
of_property_read_bool(dev->of_node, "wifi-2.4ghz-coexistence");
+ /*
+ * If we boot without any cable connected to the HDMI connector,
+ * the firmware will skip the HSM initialization and leave it
+ * with a rate of 0, resulting in a bus lockup when we're
+ * accessing the registers even if it's enabled.
+ *
+ * Let's put a sensible default at runtime_resume so that we
+ * don't end up in this situation.
+ */
+ ret = clk_set_min_rate(vc4_hdmi->hsm_clock, HSM_MIN_CLOCK_FREQ);
+ if (ret)
+ goto err_put_ddc;
+
if (vc4_hdmi->variant->reset)
vc4_hdmi->variant->reset(vc4_hdmi);
--
2.34.1
^ permalink raw reply related [flat|nested] 584+ messages in thread
* [PATCH 5.10 055/563] wcn36xx: ensure pairing of init_scan/finish_scan and start_scan/end_scan
2022-01-24 18:36 [PATCH 5.10 000/563] 5.10.94-rc1 review Greg Kroah-Hartman
` (53 preceding siblings ...)
2022-01-24 18:36 ` [PATCH 5.10 054/563] drm/vc4: hdmi: Set a default HSM rate Greg Kroah-Hartman
@ 2022-01-24 18:37 ` Greg Kroah-Hartman
2022-01-24 18:37 ` [PATCH 5.10 056/563] wcn36xx: Indicate beacon not connection loss on MISSED_BEACON_IND Greg Kroah-Hartman
` (511 subsequent siblings)
566 siblings, 0 replies; 584+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:37 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Benjamin Li, Bryan ODonoghue,
Kalle Valo, Sasha Levin
From: Benjamin Li <benl@squareup.com>
[ Upstream commit 8f1ba8b0ee2679f0b3d22d2a5c1bc70c436fd872 ]
An SMD capture from the downstream prima driver on WCN3680B shows the
following command sequence for connected scans:
- init_scan_req
- start_scan_req, channel 1
- end_scan_req, channel 1
- start_scan_req, channel 2
- ...
- end_scan_req, channel 3
- finish_scan_req
- init_scan_req
- start_scan_req, channel 4
- ...
- end_scan_req, channel 6
- finish_scan_req
- ...
- end_scan_req, channel 165
- finish_scan_req
Upstream currently never calls wcn36xx_smd_end_scan, and in some cases[1]
still sends finish_scan_req twice in a row or before init_scan_req. A
typical connected scan looks like this:
- init_scan_req
- start_scan_req, channel 1
- finish_scan_req
- init_scan_req
- start_scan_req, channel 2
- ...
- start_scan_req, channel 165
- finish_scan_req
- finish_scan_req
This patch cleans up scanning so that init/finish and start/end are always
paired together and correctly nested.
- init_scan_req
- start_scan_req, channel 1
- end_scan_req, channel 1
- finish_scan_req
- init_scan_req
- start_scan_req, channel 2
- end_scan_req, channel 2
- ...
- start_scan_req, channel 165
- end_scan_req, channel 165
- finish_scan_req
Note that upstream will not do batching of 3 active-probe scans before
returning to the operating channel, and this patch does not change that.
To match downstream in this aspect, adjust IEEE80211_PROBE_DELAY and/or
the 125ms max off-channel time in ieee80211_scan_state_decision.
[1]: commit d195d7aac09b ("wcn36xx: Ensure finish scan is not requested
before start scan") addressed one case of finish_scan_req being sent
without a preceding init_scan_req (the case of the operating channel
coinciding with the first scan channel); two other cases are:
1) if SW scan is started and aborted immediately, without scanning any
channels, we send a finish_scan_req without ever sending init_scan_req,
and
2) as SW scan logic always returns us to the operating channel before
calling wcn36xx_sw_scan_complete, finish_scan_req is always sent twice
at the end of a SW scan
Fixes: 8e84c2582169 ("wcn36xx: mac80211 driver for Qualcomm WCN3660/WCN3680 hardware")
Signed-off-by: Benjamin Li <benl@squareup.com>
Tested-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/20211027170306.555535-4-benl@squareup.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/ath/wcn36xx/main.c | 34 +++++++++++++++++-----
drivers/net/wireless/ath/wcn36xx/smd.c | 4 +++
drivers/net/wireless/ath/wcn36xx/wcn36xx.h | 1 +
3 files changed, 32 insertions(+), 7 deletions(-)
diff --git a/drivers/net/wireless/ath/wcn36xx/main.c b/drivers/net/wireless/ath/wcn36xx/main.c
index 629ddfd74da1a..9aaf6f7473333 100644
--- a/drivers/net/wireless/ath/wcn36xx/main.c
+++ b/drivers/net/wireless/ath/wcn36xx/main.c
@@ -397,6 +397,7 @@ static void wcn36xx_change_opchannel(struct wcn36xx *wcn, int ch)
static int wcn36xx_config(struct ieee80211_hw *hw, u32 changed)
{
struct wcn36xx *wcn = hw->priv;
+ int ret;
wcn36xx_dbg(WCN36XX_DBG_MAC, "mac config changed 0x%08x\n", changed);
@@ -412,17 +413,31 @@ static int wcn36xx_config(struct ieee80211_hw *hw, u32 changed)
* want to receive/transmit regular data packets, then
* simply stop the scan session and exit PS mode.
*/
- wcn36xx_smd_finish_scan(wcn, HAL_SYS_MODE_SCAN,
- wcn->sw_scan_vif);
- wcn->sw_scan_channel = 0;
+ if (wcn->sw_scan_channel)
+ wcn36xx_smd_end_scan(wcn, wcn->sw_scan_channel);
+ if (wcn->sw_scan_init) {
+ wcn36xx_smd_finish_scan(wcn, HAL_SYS_MODE_SCAN,
+ wcn->sw_scan_vif);
+ }
} else if (wcn->sw_scan) {
/* A scan is ongoing, do not change the operating
* channel, but start a scan session on the channel.
*/
- wcn36xx_smd_init_scan(wcn, HAL_SYS_MODE_SCAN,
- wcn->sw_scan_vif);
+ if (wcn->sw_scan_channel)
+ wcn36xx_smd_end_scan(wcn, wcn->sw_scan_channel);
+ if (!wcn->sw_scan_init) {
+ /* This can fail if we are unable to notify the
+ * operating channel.
+ */
+ ret = wcn36xx_smd_init_scan(wcn,
+ HAL_SYS_MODE_SCAN,
+ wcn->sw_scan_vif);
+ if (ret) {
+ mutex_unlock(&wcn->conf_mutex);
+ return -EIO;
+ }
+ }
wcn36xx_smd_start_scan(wcn, ch);
- wcn->sw_scan_channel = ch;
} else {
wcn36xx_change_opchannel(wcn, ch);
}
@@ -709,7 +724,12 @@ static void wcn36xx_sw_scan_complete(struct ieee80211_hw *hw,
struct wcn36xx *wcn = hw->priv;
/* ensure that any scan session is finished */
- wcn36xx_smd_finish_scan(wcn, HAL_SYS_MODE_SCAN, wcn->sw_scan_vif);
+ if (wcn->sw_scan_channel)
+ wcn36xx_smd_end_scan(wcn, wcn->sw_scan_channel);
+ if (wcn->sw_scan_init) {
+ wcn36xx_smd_finish_scan(wcn, HAL_SYS_MODE_SCAN,
+ wcn->sw_scan_vif);
+ }
wcn->sw_scan = false;
wcn->sw_scan_opchannel = 0;
}
diff --git a/drivers/net/wireless/ath/wcn36xx/smd.c b/drivers/net/wireless/ath/wcn36xx/smd.c
index 3793907ace92e..ad312e17f7a3c 100644
--- a/drivers/net/wireless/ath/wcn36xx/smd.c
+++ b/drivers/net/wireless/ath/wcn36xx/smd.c
@@ -730,6 +730,7 @@ int wcn36xx_smd_init_scan(struct wcn36xx *wcn, enum wcn36xx_hal_sys_mode mode,
wcn36xx_err("hal_init_scan response failed err=%d\n", ret);
goto out;
}
+ wcn->sw_scan_init = true;
out:
mutex_unlock(&wcn->hal_mutex);
return ret;
@@ -760,6 +761,7 @@ int wcn36xx_smd_start_scan(struct wcn36xx *wcn, u8 scan_channel)
wcn36xx_err("hal_start_scan response failed err=%d\n", ret);
goto out;
}
+ wcn->sw_scan_channel = scan_channel;
out:
mutex_unlock(&wcn->hal_mutex);
return ret;
@@ -790,6 +792,7 @@ int wcn36xx_smd_end_scan(struct wcn36xx *wcn, u8 scan_channel)
wcn36xx_err("hal_end_scan response failed err=%d\n", ret);
goto out;
}
+ wcn->sw_scan_channel = 0;
out:
mutex_unlock(&wcn->hal_mutex);
return ret;
@@ -831,6 +834,7 @@ int wcn36xx_smd_finish_scan(struct wcn36xx *wcn,
wcn36xx_err("hal_finish_scan response failed err=%d\n", ret);
goto out;
}
+ wcn->sw_scan_init = false;
out:
mutex_unlock(&wcn->hal_mutex);
return ret;
diff --git a/drivers/net/wireless/ath/wcn36xx/wcn36xx.h b/drivers/net/wireless/ath/wcn36xx/wcn36xx.h
index 9b4dee2fc6483..5c40d0bdee245 100644
--- a/drivers/net/wireless/ath/wcn36xx/wcn36xx.h
+++ b/drivers/net/wireless/ath/wcn36xx/wcn36xx.h
@@ -231,6 +231,7 @@ struct wcn36xx {
struct cfg80211_scan_request *scan_req;
bool sw_scan;
u8 sw_scan_opchannel;
+ bool sw_scan_init;
u8 sw_scan_channel;
struct ieee80211_vif *sw_scan_vif;
struct mutex scan_lock;
--
2.34.1
^ permalink raw reply related [flat|nested] 584+ messages in thread
* [PATCH 5.10 056/563] wcn36xx: Indicate beacon not connection loss on MISSED_BEACON_IND
2022-01-24 18:36 [PATCH 5.10 000/563] 5.10.94-rc1 review Greg Kroah-Hartman
` (54 preceding siblings ...)
2022-01-24 18:37 ` [PATCH 5.10 055/563] wcn36xx: ensure pairing of init_scan/finish_scan and start_scan/end_scan Greg Kroah-Hartman
@ 2022-01-24 18:37 ` Greg Kroah-Hartman
2022-01-24 18:37 ` [PATCH 5.10 057/563] wcn36xx: Fix DMA channel enable/disable cycle Greg Kroah-Hartman
` (510 subsequent siblings)
566 siblings, 0 replies; 584+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:37 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Bryan ODonoghue, Kalle Valo, Sasha Levin
From: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
[ Upstream commit 588b45c88ae130fe373a8c50edaf54735c3f4fe3 ]
Firmware can trigger a missed beacon indication, this is not the same as a
lost signal.
Flag to Linux the missed beacon and let the WiFi stack decide for itself if
the link is up or down by sending its own probe to determine this.
We should only be signalling the link is lost when the firmware indicates
Fixes: 8e84c2582169 ("wcn36xx: mac80211 driver for Qualcomm WCN3660/WCN3680 hardware")
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/20211027232529.657764-1-bryan.odonoghue@linaro.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/ath/wcn36xx/smd.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/net/wireless/ath/wcn36xx/smd.c b/drivers/net/wireless/ath/wcn36xx/smd.c
index ad312e17f7a3c..7f00cb6f5e16b 100644
--- a/drivers/net/wireless/ath/wcn36xx/smd.c
+++ b/drivers/net/wireless/ath/wcn36xx/smd.c
@@ -2607,7 +2607,7 @@ static int wcn36xx_smd_missed_beacon_ind(struct wcn36xx *wcn,
wcn36xx_dbg(WCN36XX_DBG_HAL, "beacon missed bss_index %d\n",
tmp->bss_index);
vif = wcn36xx_priv_to_vif(tmp);
- ieee80211_connection_loss(vif);
+ ieee80211_beacon_loss(vif);
}
return 0;
}
@@ -2622,7 +2622,7 @@ static int wcn36xx_smd_missed_beacon_ind(struct wcn36xx *wcn,
wcn36xx_dbg(WCN36XX_DBG_HAL, "beacon missed bss_index %d\n",
rsp->bss_index);
vif = wcn36xx_priv_to_vif(tmp);
- ieee80211_connection_loss(vif);
+ ieee80211_beacon_loss(vif);
return 0;
}
}
--
2.34.1
^ permalink raw reply related [flat|nested] 584+ messages in thread
* [PATCH 5.10 057/563] wcn36xx: Fix DMA channel enable/disable cycle
2022-01-24 18:36 [PATCH 5.10 000/563] 5.10.94-rc1 review Greg Kroah-Hartman
` (55 preceding siblings ...)
2022-01-24 18:37 ` [PATCH 5.10 056/563] wcn36xx: Indicate beacon not connection loss on MISSED_BEACON_IND Greg Kroah-Hartman
@ 2022-01-24 18:37 ` Greg Kroah-Hartman
2022-01-24 18:37 ` [PATCH 5.10 058/563] wcn36xx: Release DMA channel descriptor allocations Greg Kroah-Hartman
` (509 subsequent siblings)
566 siblings, 0 replies; 584+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:37 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Bryan ODonoghue, Kalle Valo, Sasha Levin
From: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
[ Upstream commit 89dcb1da611d9b3ff0728502d58372fdaae9ebff ]
Right now we have a broken sequence where we enable DMA channel interrupts
which can be left enabled and never disabled if we hit an error path.
Worse still when we unload the driver, the DMA channel interrupt bits are
left intact. About the only saving grace here is that we do remember to
disable the wcnss interrupt when unload the driver.
Fixes: 8e84c2582169 ("wcn36xx: mac80211 driver for Qualcomm WCN3660/WCN3680 hardware")
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/20211105122152.1580542-2-bryan.odonoghue@linaro.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/ath/wcn36xx/dxe.c | 38 ++++++++++++++++++--------
1 file changed, 27 insertions(+), 11 deletions(-)
diff --git a/drivers/net/wireless/ath/wcn36xx/dxe.c b/drivers/net/wireless/ath/wcn36xx/dxe.c
index cf4eb0fb28151..0909d0c423cbb 100644
--- a/drivers/net/wireless/ath/wcn36xx/dxe.c
+++ b/drivers/net/wireless/ath/wcn36xx/dxe.c
@@ -272,6 +272,21 @@ static int wcn36xx_dxe_enable_ch_int(struct wcn36xx *wcn, u16 wcn_ch)
return 0;
}
+static void wcn36xx_dxe_disable_ch_int(struct wcn36xx *wcn, u16 wcn_ch)
+{
+ int reg_data = 0;
+
+ wcn36xx_dxe_read_register(wcn,
+ WCN36XX_DXE_INT_MASK_REG,
+ ®_data);
+
+ reg_data &= ~wcn_ch;
+
+ wcn36xx_dxe_write_register(wcn,
+ WCN36XX_DXE_INT_MASK_REG,
+ (int)reg_data);
+}
+
static int wcn36xx_dxe_fill_skb(struct device *dev,
struct wcn36xx_dxe_ctl *ctl,
gfp_t gfp)
@@ -869,7 +884,6 @@ int wcn36xx_dxe_init(struct wcn36xx *wcn)
WCN36XX_DXE_WQ_TX_L);
wcn36xx_dxe_read_register(wcn, WCN36XX_DXE_REG_CH_EN, ®_data);
- wcn36xx_dxe_enable_ch_int(wcn, WCN36XX_INT_MASK_CHAN_TX_L);
/***************************************/
/* Init descriptors for TX HIGH channel */
@@ -893,9 +907,6 @@ int wcn36xx_dxe_init(struct wcn36xx *wcn)
wcn36xx_dxe_read_register(wcn, WCN36XX_DXE_REG_CH_EN, ®_data);
- /* Enable channel interrupts */
- wcn36xx_dxe_enable_ch_int(wcn, WCN36XX_INT_MASK_CHAN_TX_H);
-
/***************************************/
/* Init descriptors for RX LOW channel */
/***************************************/
@@ -905,7 +916,6 @@ int wcn36xx_dxe_init(struct wcn36xx *wcn)
goto out_err_rxl_ch;
}
-
/* For RX we need to preallocated buffers */
wcn36xx_dxe_ch_alloc_skb(wcn, &wcn->dxe_rx_l_ch);
@@ -928,9 +938,6 @@ int wcn36xx_dxe_init(struct wcn36xx *wcn)
WCN36XX_DXE_REG_CTL_RX_L,
WCN36XX_DXE_CH_DEFAULT_CTL_RX_L);
- /* Enable channel interrupts */
- wcn36xx_dxe_enable_ch_int(wcn, WCN36XX_INT_MASK_CHAN_RX_L);
-
/***************************************/
/* Init descriptors for RX HIGH channel */
/***************************************/
@@ -962,15 +969,18 @@ int wcn36xx_dxe_init(struct wcn36xx *wcn)
WCN36XX_DXE_REG_CTL_RX_H,
WCN36XX_DXE_CH_DEFAULT_CTL_RX_H);
- /* Enable channel interrupts */
- wcn36xx_dxe_enable_ch_int(wcn, WCN36XX_INT_MASK_CHAN_RX_H);
-
ret = wcn36xx_dxe_request_irqs(wcn);
if (ret < 0)
goto out_err_irq;
timer_setup(&wcn->tx_ack_timer, wcn36xx_dxe_tx_timer, 0);
+ /* Enable channel interrupts */
+ wcn36xx_dxe_enable_ch_int(wcn, WCN36XX_INT_MASK_CHAN_TX_L);
+ wcn36xx_dxe_enable_ch_int(wcn, WCN36XX_INT_MASK_CHAN_TX_H);
+ wcn36xx_dxe_enable_ch_int(wcn, WCN36XX_INT_MASK_CHAN_RX_L);
+ wcn36xx_dxe_enable_ch_int(wcn, WCN36XX_INT_MASK_CHAN_RX_H);
+
return 0;
out_err_irq:
@@ -987,6 +997,12 @@ out_err_txh_ch:
void wcn36xx_dxe_deinit(struct wcn36xx *wcn)
{
+ /* Disable channel interrupts */
+ wcn36xx_dxe_disable_ch_int(wcn, WCN36XX_INT_MASK_CHAN_RX_H);
+ wcn36xx_dxe_disable_ch_int(wcn, WCN36XX_INT_MASK_CHAN_RX_L);
+ wcn36xx_dxe_disable_ch_int(wcn, WCN36XX_INT_MASK_CHAN_TX_H);
+ wcn36xx_dxe_disable_ch_int(wcn, WCN36XX_INT_MASK_CHAN_TX_L);
+
free_irq(wcn->tx_irq, wcn);
free_irq(wcn->rx_irq, wcn);
del_timer(&wcn->tx_ack_timer);
--
2.34.1
^ permalink raw reply related [flat|nested] 584+ messages in thread
* [PATCH 5.10 058/563] wcn36xx: Release DMA channel descriptor allocations
2022-01-24 18:36 [PATCH 5.10 000/563] 5.10.94-rc1 review Greg Kroah-Hartman
` (56 preceding siblings ...)
2022-01-24 18:37 ` [PATCH 5.10 057/563] wcn36xx: Fix DMA channel enable/disable cycle Greg Kroah-Hartman
@ 2022-01-24 18:37 ` Greg Kroah-Hartman
2022-01-24 18:37 ` [PATCH 5.10 059/563] wcn36xx: Put DXE block into reset before freeing memory Greg Kroah-Hartman
` (508 subsequent siblings)
566 siblings, 0 replies; 584+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:37 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Bryan ODonoghue, Kalle Valo, Sasha Levin
From: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
[ Upstream commit 3652096e5263ad67604b0323f71d133485f410e5 ]
When unloading the driver we are not releasing the DMA descriptors which we
previously allocated.
Fixes: 8e84c2582169 ("wcn36xx: mac80211 driver for Qualcomm WCN3660/WCN3680 hardware")
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/20211105122152.1580542-3-bryan.odonoghue@linaro.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/ath/wcn36xx/dxe.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/drivers/net/wireless/ath/wcn36xx/dxe.c b/drivers/net/wireless/ath/wcn36xx/dxe.c
index 0909d0c423cbb..b117d8a0f446f 100644
--- a/drivers/net/wireless/ath/wcn36xx/dxe.c
+++ b/drivers/net/wireless/ath/wcn36xx/dxe.c
@@ -1014,4 +1014,9 @@ void wcn36xx_dxe_deinit(struct wcn36xx *wcn)
wcn36xx_dxe_ch_free_skbs(wcn, &wcn->dxe_rx_l_ch);
wcn36xx_dxe_ch_free_skbs(wcn, &wcn->dxe_rx_h_ch);
+
+ wcn36xx_dxe_deinit_descs(wcn->dev, &wcn->dxe_tx_l_ch);
+ wcn36xx_dxe_deinit_descs(wcn->dev, &wcn->dxe_tx_h_ch);
+ wcn36xx_dxe_deinit_descs(wcn->dev, &wcn->dxe_rx_l_ch);
+ wcn36xx_dxe_deinit_descs(wcn->dev, &wcn->dxe_rx_h_ch);
}
--
2.34.1
^ permalink raw reply related [flat|nested] 584+ messages in thread
* [PATCH 5.10 059/563] wcn36xx: Put DXE block into reset before freeing memory
2022-01-24 18:36 [PATCH 5.10 000/563] 5.10.94-rc1 review Greg Kroah-Hartman
` (57 preceding siblings ...)
2022-01-24 18:37 ` [PATCH 5.10 058/563] wcn36xx: Release DMA channel descriptor allocations Greg Kroah-Hartman
@ 2022-01-24 18:37 ` Greg Kroah-Hartman
2022-01-24 18:37 ` [PATCH 5.10 060/563] wcn36xx: populate band before determining rate on RX Greg Kroah-Hartman
` (507 subsequent siblings)
566 siblings, 0 replies; 584+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:37 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Bryan ODonoghue, Kalle Valo, Sasha Levin
From: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
[ Upstream commit ed04ea76e69e7194f7489cebe23a32a68f39218d ]
When deiniting the DXE hardware we should reset the block to ensure there
is no spurious DMA write transaction from the downstream WCNSS to upstream
MSM at a skbuff address we will have released.
Fixes: 8e84c2582169 ("wcn36xx: mac80211 driver for Qualcomm WCN3660/WCN3680 hardware")
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/20211105122152.1580542-4-bryan.odonoghue@linaro.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/ath/wcn36xx/dxe.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/drivers/net/wireless/ath/wcn36xx/dxe.c b/drivers/net/wireless/ath/wcn36xx/dxe.c
index b117d8a0f446f..6c62ffc799a2b 100644
--- a/drivers/net/wireless/ath/wcn36xx/dxe.c
+++ b/drivers/net/wireless/ath/wcn36xx/dxe.c
@@ -997,6 +997,8 @@ out_err_txh_ch:
void wcn36xx_dxe_deinit(struct wcn36xx *wcn)
{
+ int reg_data = 0;
+
/* Disable channel interrupts */
wcn36xx_dxe_disable_ch_int(wcn, WCN36XX_INT_MASK_CHAN_RX_H);
wcn36xx_dxe_disable_ch_int(wcn, WCN36XX_INT_MASK_CHAN_RX_L);
@@ -1012,6 +1014,10 @@ void wcn36xx_dxe_deinit(struct wcn36xx *wcn)
wcn->tx_ack_skb = NULL;
}
+ /* Put the DXE block into reset before freeing memory */
+ reg_data = WCN36XX_DXE_REG_RESET;
+ wcn36xx_dxe_write_register(wcn, WCN36XX_DXE_REG_CSR_RESET, reg_data);
+
wcn36xx_dxe_ch_free_skbs(wcn, &wcn->dxe_rx_l_ch);
wcn36xx_dxe_ch_free_skbs(wcn, &wcn->dxe_rx_h_ch);
--
2.34.1
^ permalink raw reply related [flat|nested] 584+ messages in thread
* [PATCH 5.10 060/563] wcn36xx: populate band before determining rate on RX
2022-01-24 18:36 [PATCH 5.10 000/563] 5.10.94-rc1 review Greg Kroah-Hartman
` (58 preceding siblings ...)
2022-01-24 18:37 ` [PATCH 5.10 059/563] wcn36xx: Put DXE block into reset before freeing memory Greg Kroah-Hartman
@ 2022-01-24 18:37 ` Greg Kroah-Hartman
2022-01-24 18:37 ` [PATCH 5.10 061/563] wcn36xx: fix RX BD rate mapping for 5GHz legacy rates Greg Kroah-Hartman
` (506 subsequent siblings)
566 siblings, 0 replies; 584+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:37 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Benjamin Li, Loic Poulain,
Kalle Valo, Sasha Levin
From: Benjamin Li <benl@squareup.com>
[ Upstream commit c9c5608fafe4dae975c9644c7d14c51ad3b0ed73 ]
status.band is used in determination of status.rate -- for 5GHz on legacy
rates there is a linear shift between the BD descriptor's rate field and
the wcn36xx driver's rate table (wcn_5ghz_rates).
We have a special clause to populate status.band for hardware scan offload
frames. However, this block occurs after status.rate is already populated.
Correctly handle this dependency by moving the band block before the rate
block.
This patch addresses kernel warnings & missing scan results for 5GHz APs
that send their beacons/probe responses at the higher four legacy rates
(24-54 Mbps), when using hardware scan offload:
------------[ cut here ]------------
WARNING: CPU: 0 PID: 0 at net/mac80211/rx.c:4532 ieee80211_rx_napi+0x744/0x8d8
Modules linked in: wcn36xx [...]
CPU: 0 PID: 0 Comm: swapper/0 Tainted: G W 4.19.107-g73909fa #1
Hardware name: Square, Inc. T2 (all variants) (DT)
Call trace:
dump_backtrace+0x0/0x148
show_stack+0x14/0x1c
dump_stack+0xb8/0xf0
__warn+0x2ac/0x2d8
warn_slowpath_null+0x44/0x54
ieee80211_rx_napi+0x744/0x8d8
ieee80211_tasklet_handler+0xa4/0xe0
tasklet_action_common+0xe0/0x118
tasklet_action+0x20/0x28
__do_softirq+0x108/0x1ec
irq_exit+0xd4/0xd8
__handle_domain_irq+0x84/0xbc
gic_handle_irq+0x4c/0xb8
el1_irq+0xe8/0x190
lpm_cpuidle_enter+0x220/0x260
cpuidle_enter_state+0x114/0x1c0
cpuidle_enter+0x34/0x48
do_idle+0x150/0x268
cpu_startup_entry+0x20/0x24
rest_init+0xd4/0xe0
start_kernel+0x398/0x430
---[ end trace ae28cb759352b403 ]---
Fixes: 8a27ca394782 ("wcn36xx: Correct band/freq reporting on RX")
Signed-off-by: Benjamin Li <benl@squareup.com>
Tested-by: Loic Poulain <loic.poulain@linaro.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/20211104010548.1107405-2-benl@squareup.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/ath/wcn36xx/txrx.c | 37 +++++++++++++------------
1 file changed, 19 insertions(+), 18 deletions(-)
diff --git a/drivers/net/wireless/ath/wcn36xx/txrx.c b/drivers/net/wireless/ath/wcn36xx/txrx.c
index bbd7194c82e27..f76de106570d2 100644
--- a/drivers/net/wireless/ath/wcn36xx/txrx.c
+++ b/drivers/net/wireless/ath/wcn36xx/txrx.c
@@ -259,8 +259,6 @@ int wcn36xx_rx_skb(struct wcn36xx *wcn, struct sk_buff *skb)
fc = __le16_to_cpu(hdr->frame_control);
sn = IEEE80211_SEQ_TO_SN(__le16_to_cpu(hdr->seq_ctrl));
- status.freq = WCN36XX_CENTER_FREQ(wcn);
- status.band = WCN36XX_BAND(wcn);
status.mactime = 10;
status.signal = -get_rssi0(bd);
status.antenna = 1;
@@ -272,6 +270,25 @@ int wcn36xx_rx_skb(struct wcn36xx *wcn, struct sk_buff *skb)
wcn36xx_dbg(WCN36XX_DBG_RX, "status.flags=%x\n", status.flag);
+ if (bd->scan_learn) {
+ /* If packet originate from hardware scanning, extract the
+ * band/channel from bd descriptor.
+ */
+ u8 hwch = (bd->reserved0 << 4) + bd->rx_ch;
+
+ if (bd->rf_band != 1 && hwch <= sizeof(ab_rx_ch_map) && hwch >= 1) {
+ status.band = NL80211_BAND_5GHZ;
+ status.freq = ieee80211_channel_to_frequency(ab_rx_ch_map[hwch - 1],
+ status.band);
+ } else {
+ status.band = NL80211_BAND_2GHZ;
+ status.freq = ieee80211_channel_to_frequency(hwch, status.band);
+ }
+ } else {
+ status.band = WCN36XX_BAND(wcn);
+ status.freq = WCN36XX_CENTER_FREQ(wcn);
+ }
+
if (bd->rate_id < ARRAY_SIZE(wcn36xx_rate_table)) {
rate = &wcn36xx_rate_table[bd->rate_id];
status.encoding = rate->encoding;
@@ -298,22 +315,6 @@ int wcn36xx_rx_skb(struct wcn36xx *wcn, struct sk_buff *skb)
ieee80211_is_probe_resp(hdr->frame_control))
status.boottime_ns = ktime_get_boottime_ns();
- if (bd->scan_learn) {
- /* If packet originates from hardware scanning, extract the
- * band/channel from bd descriptor.
- */
- u8 hwch = (bd->reserved0 << 4) + bd->rx_ch;
-
- if (bd->rf_band != 1 && hwch <= sizeof(ab_rx_ch_map) && hwch >= 1) {
- status.band = NL80211_BAND_5GHZ;
- status.freq = ieee80211_channel_to_frequency(ab_rx_ch_map[hwch - 1],
- status.band);
- } else {
- status.band = NL80211_BAND_2GHZ;
- status.freq = ieee80211_channel_to_frequency(hwch, status.band);
- }
- }
-
memcpy(IEEE80211_SKB_RXCB(skb), &status, sizeof(status));
if (ieee80211_is_beacon(hdr->frame_control)) {
--
2.34.1
^ permalink raw reply related [flat|nested] 584+ messages in thread
* [PATCH 5.10 061/563] wcn36xx: fix RX BD rate mapping for 5GHz legacy rates
2022-01-24 18:36 [PATCH 5.10 000/563] 5.10.94-rc1 review Greg Kroah-Hartman
` (59 preceding siblings ...)
2022-01-24 18:37 ` [PATCH 5.10 060/563] wcn36xx: populate band before determining rate on RX Greg Kroah-Hartman
@ 2022-01-24 18:37 ` Greg Kroah-Hartman
2022-01-24 18:37 ` [PATCH 5.10 062/563] ath11k: Send PPDU_STATS_CFG with proper pdev mask to firmware Greg Kroah-Hartman
` (505 subsequent siblings)
566 siblings, 0 replies; 584+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:37 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Benjamin Li, Loic Poulain,
Kalle Valo, Sasha Levin
From: Benjamin Li <benl@squareup.com>
[ Upstream commit cfdf6b19e750f7de8ae71a26932f63b52e3bf74c ]
The linear mapping between the BD rate field and the driver's 5GHz
legacy rates table (wcn_5ghz_rates) does not only apply for the latter
four rates -- it applies to all eight rates.
Fixes: 6ea131acea98 ("wcn36xx: Fix warning due to bad rate_idx")
Signed-off-by: Benjamin Li <benl@squareup.com>
Tested-by: Loic Poulain <loic.poulain@linaro.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/20211104010548.1107405-3-benl@squareup.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/ath/wcn36xx/txrx.c | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/drivers/net/wireless/ath/wcn36xx/txrx.c b/drivers/net/wireless/ath/wcn36xx/txrx.c
index f76de106570d2..f33e7228a1010 100644
--- a/drivers/net/wireless/ath/wcn36xx/txrx.c
+++ b/drivers/net/wireless/ath/wcn36xx/txrx.c
@@ -237,7 +237,6 @@ int wcn36xx_rx_skb(struct wcn36xx *wcn, struct sk_buff *skb)
const struct wcn36xx_rate *rate;
struct ieee80211_hdr *hdr;
struct wcn36xx_rx_bd *bd;
- struct ieee80211_supported_band *sband;
u16 fc, sn;
/*
@@ -295,12 +294,11 @@ int wcn36xx_rx_skb(struct wcn36xx *wcn, struct sk_buff *skb)
status.enc_flags = rate->encoding_flags;
status.bw = rate->bw;
status.rate_idx = rate->mcs_or_legacy_index;
- sband = wcn->hw->wiphy->bands[status.band];
status.nss = 1;
if (status.band == NL80211_BAND_5GHZ &&
status.encoding == RX_ENC_LEGACY &&
- status.rate_idx >= sband->n_bitrates) {
+ status.rate_idx >= 4) {
/* no dsss rates in 5Ghz rates table */
status.rate_idx -= 4;
}
--
2.34.1
^ permalink raw reply related [flat|nested] 584+ messages in thread
* [PATCH 5.10 062/563] ath11k: Send PPDU_STATS_CFG with proper pdev mask to firmware
2022-01-24 18:36 [PATCH 5.10 000/563] 5.10.94-rc1 review Greg Kroah-Hartman
` (60 preceding siblings ...)
2022-01-24 18:37 ` [PATCH 5.10 061/563] wcn36xx: fix RX BD rate mapping for 5GHz legacy rates Greg Kroah-Hartman
@ 2022-01-24 18:37 ` Greg Kroah-Hartman
2022-01-24 18:37 ` [PATCH 5.10 063/563] mtd: hyperbus: rpc-if: Check return value of rpcif_sw_init() Greg Kroah-Hartman
` (504 subsequent siblings)
566 siblings, 0 replies; 584+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:37 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Sathishkumar Muruganandam,
Rameshkumar Sundaram, Jouni Malinen, Kalle Valo, Sasha Levin
From: Rameshkumar Sundaram <ramess@codeaurora.org>
[ Upstream commit 16a2c3d5406f95ef6139de52669c60a39443f5f7 ]
HTT_PPDU_STATS_CFG_PDEV_ID bit mask for target FW PPDU stats request message
was set as bit 8 to 15. Bit 8 is reserved for soc stats and pdev id starts from
bit 9. Hence change the bitmask as bit 9 to 15 and fill the proper pdev id in
the request message.
In commit 701e48a43e15 ("ath11k: add packet log support for QCA6390"), both
HTT_PPDU_STATS_CFG_PDEV_ID and pdev_mask were changed, but this pdev_mask
calculation is not valid for platforms which has multiple pdevs with 1 rxdma
per pdev, as this is writing same value(i.e. 2) for all pdevs. Hence fixed it
to consider pdev_idx as well, to make it compatible for both single and multi
pd cases.
Tested on: IPQ8074 hw2.0 AHB WLAN.HK.2.5.0.1-01092-QCAHKSWPL_SILICONZ-1
Tested on: IPQ6018 hw1.0 WLAN.HK.2.5.0.1-01067-QCAHKSWPL_SILICONZ-1
Fixes: 701e48a43e15 ("ath11k: add packet log support for QCA6390")
Co-developed-by: Sathishkumar Muruganandam <murugana@codeaurora.org>
Signed-off-by: Sathishkumar Muruganandam <murugana@codeaurora.org>
Signed-off-by: Rameshkumar Sundaram <ramess@codeaurora.org>
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/20210721212029.142388-10-jouni@codeaurora.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/ath/ath11k/dp.h | 3 ++-
drivers/net/wireless/ath/ath11k/dp_tx.c | 2 +-
2 files changed, 3 insertions(+), 2 deletions(-)
diff --git a/drivers/net/wireless/ath/ath11k/dp.h b/drivers/net/wireless/ath/ath11k/dp.h
index ee8db812589b3..c4972233149f4 100644
--- a/drivers/net/wireless/ath/ath11k/dp.h
+++ b/drivers/net/wireless/ath/ath11k/dp.h
@@ -514,7 +514,8 @@ struct htt_ppdu_stats_cfg_cmd {
} __packed;
#define HTT_PPDU_STATS_CFG_MSG_TYPE GENMASK(7, 0)
-#define HTT_PPDU_STATS_CFG_PDEV_ID GENMASK(15, 8)
+#define HTT_PPDU_STATS_CFG_SOC_STATS BIT(8)
+#define HTT_PPDU_STATS_CFG_PDEV_ID GENMASK(15, 9)
#define HTT_PPDU_STATS_CFG_TLV_TYPE_BITMASK GENMASK(31, 16)
enum htt_ppdu_stats_tag_type {
diff --git a/drivers/net/wireless/ath/ath11k/dp_tx.c b/drivers/net/wireless/ath/ath11k/dp_tx.c
index 21dfd08d3debb..092eee735da29 100644
--- a/drivers/net/wireless/ath/ath11k/dp_tx.c
+++ b/drivers/net/wireless/ath/ath11k/dp_tx.c
@@ -894,7 +894,7 @@ int ath11k_dp_tx_htt_h2t_ppdu_stats_req(struct ath11k *ar, u32 mask)
cmd->msg = FIELD_PREP(HTT_PPDU_STATS_CFG_MSG_TYPE,
HTT_H2T_MSG_TYPE_PPDU_STATS_CFG);
- pdev_mask = 1 << (i + 1);
+ pdev_mask = 1 << (ar->pdev_idx + i);
cmd->msg |= FIELD_PREP(HTT_PPDU_STATS_CFG_PDEV_ID, pdev_mask);
cmd->msg |= FIELD_PREP(HTT_PPDU_STATS_CFG_TLV_TYPE_BITMASK, mask);
--
2.34.1
^ permalink raw reply related [flat|nested] 584+ messages in thread
* [PATCH 5.10 063/563] mtd: hyperbus: rpc-if: Check return value of rpcif_sw_init()
2022-01-24 18:36 [PATCH 5.10 000/563] 5.10.94-rc1 review Greg Kroah-Hartman
` (61 preceding siblings ...)
2022-01-24 18:37 ` [PATCH 5.10 062/563] ath11k: Send PPDU_STATS_CFG with proper pdev mask to firmware Greg Kroah-Hartman
@ 2022-01-24 18:37 ` Greg Kroah-Hartman
2022-01-24 18:37 ` [PATCH 5.10 064/563] media: videobuf2: Fix the size printk format Greg Kroah-Hartman
` (503 subsequent siblings)
566 siblings, 0 replies; 584+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:37 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Lad Prabhakar, Vignesh Raghavendra,
Biju Das, Wolfram Sang, Geert Uytterhoeven, Sasha Levin
From: Lad Prabhakar <prabhakar.mahadev-lad.rj@bp.renesas.com>
[ Upstream commit 981387ed06b96908223a607f5fba6efa42728fc2 ]
rpcif_sw_init() can fail so make sure we check the return value
of it and on error exit rpcif_hb_probe() callback with error code.
Fixes: 5de15b610f78 ("mtd: hyperbus: add Renesas RPC-IF driver")
Signed-off-by: Lad Prabhakar <prabhakar.mahadev-lad.rj@bp.renesas.com>
Signed-off-by: Vignesh Raghavendra <vigneshr@ti.com>
Reviewed-by: Biju Das <biju.das.jz@bp.renesas.com>
Reviewed-by: Wolfram Sang <wsa+renesas@sang-engineering.com>
Reviewed-by: Geert Uytterhoeven <geert+renesas@glider.be>
Link: https://lore.kernel.org/r/20211025205631.21151-5-prabhakar.mahadev-lad.rj@bp.renesas.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/mtd/hyperbus/rpc-if.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/mtd/hyperbus/rpc-if.c b/drivers/mtd/hyperbus/rpc-if.c
index ecb050ba95cdf..367b0d72bf622 100644
--- a/drivers/mtd/hyperbus/rpc-if.c
+++ b/drivers/mtd/hyperbus/rpc-if.c
@@ -124,7 +124,9 @@ static int rpcif_hb_probe(struct platform_device *pdev)
if (!hyperbus)
return -ENOMEM;
- rpcif_sw_init(&hyperbus->rpc, pdev->dev.parent);
+ error = rpcif_sw_init(&hyperbus->rpc, pdev->dev.parent);
+ if (error)
+ return error;
platform_set_drvdata(pdev, hyperbus);
--
2.34.1
^ permalink raw reply related [flat|nested] 584+ messages in thread
* [PATCH 5.10 064/563] media: videobuf2: Fix the size printk format
2022-01-24 18:36 [PATCH 5.10 000/563] 5.10.94-rc1 review Greg Kroah-Hartman
` (62 preceding siblings ...)
2022-01-24 18:37 ` [PATCH 5.10 063/563] mtd: hyperbus: rpc-if: Check return value of rpcif_sw_init() Greg Kroah-Hartman
@ 2022-01-24 18:37 ` Greg Kroah-Hartman
2022-01-24 18:37 ` [PATCH 5.10 065/563] media: atomisp: add missing media_device_cleanup() in atomisp_unregister_entities() Greg Kroah-Hartman
` (502 subsequent siblings)
566 siblings, 0 replies; 584+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:37 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dillon Min, Hans Verkuil,
Mauro Carvalho Chehab, Sasha Levin
From: Dillon Min <dillon.minfei@gmail.com>
[ Upstream commit c9ee220d76775e42f35d634479c978d9350077d3 ]
Since the type of parameter size is unsigned long,
it should printk by %lu, instead of %ld, fix it.
Fixes: 7952be9b6ece ("media: drivers/media/common/videobuf2: rename from videobuf")
Signed-off-by: Dillon Min <dillon.minfei@gmail.com>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/common/videobuf2/videobuf2-dma-contig.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/drivers/media/common/videobuf2/videobuf2-dma-contig.c b/drivers/media/common/videobuf2/videobuf2-dma-contig.c
index 2f3a5996d3fc9..fe626109ef4db 100644
--- a/drivers/media/common/videobuf2/videobuf2-dma-contig.c
+++ b/drivers/media/common/videobuf2/videobuf2-dma-contig.c
@@ -150,7 +150,7 @@ static void *vb2_dc_alloc(struct device *dev, unsigned long attrs,
buf->cookie = dma_alloc_attrs(dev, size, &buf->dma_addr,
GFP_KERNEL | gfp_flags, buf->attrs);
if (!buf->cookie) {
- dev_err(dev, "dma_alloc_coherent of size %ld failed\n", size);
+ dev_err(dev, "dma_alloc_coherent of size %lu failed\n", size);
kfree(buf);
return ERR_PTR(-ENOMEM);
}
@@ -196,9 +196,9 @@ static int vb2_dc_mmap(void *buf_priv, struct vm_area_struct *vma)
vma->vm_ops->open(vma);
- pr_debug("%s: mapped dma addr 0x%08lx at 0x%08lx, size %ld\n",
- __func__, (unsigned long)buf->dma_addr, vma->vm_start,
- buf->size);
+ pr_debug("%s: mapped dma addr 0x%08lx at 0x%08lx, size %lu\n",
+ __func__, (unsigned long)buf->dma_addr, vma->vm_start,
+ buf->size);
return 0;
}
--
2.34.1
^ permalink raw reply related [flat|nested] 584+ messages in thread
* [PATCH 5.10 065/563] media: atomisp: add missing media_device_cleanup() in atomisp_unregister_entities()
2022-01-24 18:36 [PATCH 5.10 000/563] 5.10.94-rc1 review Greg Kroah-Hartman
` (63 preceding siblings ...)
2022-01-24 18:37 ` [PATCH 5.10 064/563] media: videobuf2: Fix the size printk format Greg Kroah-Hartman
@ 2022-01-24 18:37 ` Greg Kroah-Hartman
2022-01-24 18:37 ` [PATCH 5.10 066/563] media: atomisp: fix punit_ddr_dvfs_enable() argument for mrfld_power up case Greg Kroah-Hartman
` (501 subsequent siblings)
566 siblings, 0 replies; 584+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:37 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Tsuchiya Yuto, Mauro Carvalho Chehab,
Sasha Levin
From: Tsuchiya Yuto <kitakar@gmail.com>
[ Upstream commit ce3015b7212e96db426d0c36f80fd159c91155d1 ]
After the commit 9832e155f1ed ("[media] media-device: split media
initialization and registration"), calling media_device_cleanup()
is needed it seems. However, currently it is missing for the module
unload path.
Note that for the probe failure path, it is already added in
atomisp_register_entities().
This patch adds the missing call of media_device_cleanup() in
atomisp_unregister_entities().
Fixes: a49d25364dfb ("staging/atomisp: Add support for the Intel IPU v2")
Signed-off-by: Tsuchiya Yuto <kitakar@gmail.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/staging/media/atomisp/pci/atomisp_v4l2.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/staging/media/atomisp/pci/atomisp_v4l2.c b/drivers/staging/media/atomisp/pci/atomisp_v4l2.c
index fa1bd99cd6f17..d35506f643609 100644
--- a/drivers/staging/media/atomisp/pci/atomisp_v4l2.c
+++ b/drivers/staging/media/atomisp/pci/atomisp_v4l2.c
@@ -1182,6 +1182,7 @@ static void atomisp_unregister_entities(struct atomisp_device *isp)
v4l2_device_unregister(&isp->v4l2_dev);
media_device_unregister(&isp->media_dev);
+ media_device_cleanup(&isp->media_dev);
}
static int atomisp_register_entities(struct atomisp_device *isp)
--
2.34.1
^ permalink raw reply related [flat|nested] 584+ messages in thread
* [PATCH 5.10 066/563] media: atomisp: fix punit_ddr_dvfs_enable() argument for mrfld_power up case
2022-01-24 18:36 [PATCH 5.10 000/563] 5.10.94-rc1 review Greg Kroah-Hartman
` (64 preceding siblings ...)
2022-01-24 18:37 ` [PATCH 5.10 065/563] media: atomisp: add missing media_device_cleanup() in atomisp_unregister_entities() Greg Kroah-Hartman
@ 2022-01-24 18:37 ` Greg Kroah-Hartman
2022-01-24 18:37 ` [PATCH 5.10 067/563] media: atomisp: fix inverted logic in buffers_needed() Greg Kroah-Hartman
` (500 subsequent siblings)
566 siblings, 0 replies; 584+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:37 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Tsuchiya Yuto, Mauro Carvalho Chehab,
Sasha Levin
From: Tsuchiya Yuto <kitakar@gmail.com>
[ Upstream commit 5bfbf65fcca7325e4d89d289b3c286e11220e386 ]
When comparing with intel-aero atomisp [1], it looks like
punit_ddr_dvfs_enable() should take `false` as an argument on mrfld_power
up case.
Code from the intel-aero kernel [1]:
int atomisp_mrfld_power_down(struct atomisp_device *isp)
{
[...]
/*WA:Enable DVFS*/
if (IS_CHT)
punit_ddr_dvfs_enable(true);
int atomisp_mrfld_power_up(struct atomisp_device *isp)
{
[...]
/*WA for PUNIT, if DVFS enabled, ISP timeout observed*/
if (IS_CHT)
punit_ddr_dvfs_enable(false);
This patch fixes the inverted argument as per the intel-aero code, as
well as its comment. While here, fix space issues for comments in
atomisp_mrfld_power().
Note that it does not seem to be possible to unify the up/down cases for
punit_ddr_dvfs_enable(), i.e., we can't do something like the following:
if (IS_CHT)
punit_ddr_dvfs_enable(!enable);
because according to the intel-aero code [1], the DVFS is disabled
before "writing 0x0 to ISPSSPM0 bit[1:0]" and the DVFS is enabled after
"writing 0x3 to ISPSSPM0 bit[1:0]".
[1] https://github.com/intel-aero/linux-kernel/blob/a1b673258feb915268377275130c5c5df0eafc82/drivers/media/pci/atomisp/atomisp_driver/atomisp_v4l2.c#L431-L514
Fixes: 0f441fd70b1e ("media: atomisp: simplify the power down/up code")
Signed-off-by: Tsuchiya Yuto <kitakar@gmail.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/staging/media/atomisp/pci/atomisp_v4l2.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/drivers/staging/media/atomisp/pci/atomisp_v4l2.c b/drivers/staging/media/atomisp/pci/atomisp_v4l2.c
index d35506f643609..687e94e8b6ce5 100644
--- a/drivers/staging/media/atomisp/pci/atomisp_v4l2.c
+++ b/drivers/staging/media/atomisp/pci/atomisp_v4l2.c
@@ -711,15 +711,15 @@ static int atomisp_mrfld_power(struct atomisp_device *isp, bool enable)
dev_dbg(isp->dev, "IUNIT power-%s.\n", enable ? "on" : "off");
- /*WA:Enable DVFS*/
+ /* WA for P-Unit, if DVFS enabled, ISP timeout observed */
if (IS_CHT && enable)
- punit_ddr_dvfs_enable(true);
+ punit_ddr_dvfs_enable(false);
/*
* FIXME:WA for ECS28A, with this sleep, CTS
* android.hardware.camera2.cts.CameraDeviceTest#testCameraDeviceAbort
* PASS, no impact on other platforms
- */
+ */
if (IS_BYT && enable)
msleep(10);
@@ -727,7 +727,7 @@ static int atomisp_mrfld_power(struct atomisp_device *isp, bool enable)
iosf_mbi_modify(BT_MBI_UNIT_PMC, MBI_REG_READ, MRFLD_ISPSSPM0,
val, MRFLD_ISPSSPM0_ISPSSC_MASK);
- /*WA:Enable DVFS*/
+ /* WA:Enable DVFS */
if (IS_CHT && !enable)
punit_ddr_dvfs_enable(true);
--
2.34.1
^ permalink raw reply related [flat|nested] 584+ messages in thread
* [PATCH 5.10 067/563] media: atomisp: fix inverted logic in buffers_needed()
2022-01-24 18:36 [PATCH 5.10 000/563] 5.10.94-rc1 review Greg Kroah-Hartman
` (65 preceding siblings ...)
2022-01-24 18:37 ` [PATCH 5.10 066/563] media: atomisp: fix punit_ddr_dvfs_enable() argument for mrfld_power up case Greg Kroah-Hartman
@ 2022-01-24 18:37 ` Greg Kroah-Hartman
2022-01-24 18:37 ` [PATCH 5.10 068/563] media: atomisp: do not use err var when checking port validity for ISP2400 Greg Kroah-Hartman
` (499 subsequent siblings)
566 siblings, 0 replies; 584+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:37 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Tsuchiya Yuto, Mauro Carvalho Chehab,
Sasha Levin
From: Tsuchiya Yuto <kitakar@gmail.com>
[ Upstream commit e1921cd14640f0f4d1fad5eb8e448c58a536415d ]
When config.mode is IA_CSS_INPUT_MODE_BUFFERED_SENSOR, it rather needs
buffers. Fix it by inverting the return value.
Fixes: 3c0538fbad9f ("media: atomisp: get rid of most checks for ISP2401 version")
Signed-off-by: Tsuchiya Yuto <kitakar@gmail.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/staging/media/atomisp/pci/sh_css_mipi.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/drivers/staging/media/atomisp/pci/sh_css_mipi.c b/drivers/staging/media/atomisp/pci/sh_css_mipi.c
index d5ae7f0b5864b..e18c0cfb4ce3a 100644
--- a/drivers/staging/media/atomisp/pci/sh_css_mipi.c
+++ b/drivers/staging/media/atomisp/pci/sh_css_mipi.c
@@ -389,17 +389,17 @@ static bool buffers_needed(struct ia_css_pipe *pipe)
{
if (!IS_ISP2401) {
if (pipe->stream->config.mode == IA_CSS_INPUT_MODE_BUFFERED_SENSOR)
- return false;
- else
return true;
+ else
+ return false;
}
if (pipe->stream->config.mode == IA_CSS_INPUT_MODE_BUFFERED_SENSOR ||
pipe->stream->config.mode == IA_CSS_INPUT_MODE_TPG ||
pipe->stream->config.mode == IA_CSS_INPUT_MODE_PRBS)
- return false;
+ return true;
- return true;
+ return false;
}
int
--
2.34.1
^ permalink raw reply related [flat|nested] 584+ messages in thread
* [PATCH 5.10 068/563] media: atomisp: do not use err var when checking port validity for ISP2400
2022-01-24 18:36 [PATCH 5.10 000/563] 5.10.94-rc1 review Greg Kroah-Hartman
` (66 preceding siblings ...)
2022-01-24 18:37 ` [PATCH 5.10 067/563] media: atomisp: fix inverted logic in buffers_needed() Greg Kroah-Hartman
@ 2022-01-24 18:37 ` Greg Kroah-Hartman
2022-01-24 18:37 ` [PATCH 5.10 069/563] media: atomisp: fix inverted error check for ia_css_mipi_is_source_port_valid() Greg Kroah-Hartman
` (498 subsequent siblings)
566 siblings, 0 replies; 584+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:37 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Tsuchiya Yuto, Mauro Carvalho Chehab,
Sasha Levin
From: Tsuchiya Yuto <kitakar@gmail.com>
[ Upstream commit 9f6b4fa2d2dfbff4b8a57eeb39b1128a6094ee20 ]
Currently, the `port >= N_CSI_PORTS || err` checks for ISP2400 are always
evaluated as true because the err variable is set to `-EINVAL` on
declaration but the variable is never used until the evaluation.
Looking at the diff of commit 3c0538fbad9f ("media: atomisp: get rid of
most checks for ISP2401 version"), the `port >= N_CSI_PORTS` check is
for ISP2400 and the err variable check is for ISP2401. Fix this issue
by adding ISP version test there accordingly.
Fixes: 3c0538fbad9f ("media: atomisp: get rid of most checks for ISP2401 version")
Signed-off-by: Tsuchiya Yuto <kitakar@gmail.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/staging/media/atomisp/pci/sh_css_mipi.c | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/drivers/staging/media/atomisp/pci/sh_css_mipi.c b/drivers/staging/media/atomisp/pci/sh_css_mipi.c
index e18c0cfb4ce3a..34b71c1b7c1ec 100644
--- a/drivers/staging/media/atomisp/pci/sh_css_mipi.c
+++ b/drivers/staging/media/atomisp/pci/sh_css_mipi.c
@@ -446,7 +446,8 @@ allocate_mipi_frames(struct ia_css_pipe *pipe,
assert(port < N_CSI_PORTS);
- if (port >= N_CSI_PORTS || err) {
+ if ((!IS_ISP2401 && port >= N_CSI_PORTS) ||
+ (IS_ISP2401 && err)) {
ia_css_debug_dtrace(IA_CSS_DEBUG_TRACE_PRIVATE,
"allocate_mipi_frames(%p) exit: error: port is not correct (port=%d).\n",
pipe, port);
@@ -578,7 +579,8 @@ free_mipi_frames(struct ia_css_pipe *pipe) {
assert(port < N_CSI_PORTS);
- if (port >= N_CSI_PORTS || err) {
+ if ((!IS_ISP2401 && port >= N_CSI_PORTS) ||
+ (IS_ISP2401 && err)) {
ia_css_debug_dtrace(IA_CSS_DEBUG_TRACE_PRIVATE,
"free_mipi_frames(%p, %d) exit: error: pipe port is not correct.\n",
pipe, port);
@@ -690,7 +692,8 @@ send_mipi_frames(struct ia_css_pipe *pipe) {
assert(port < N_CSI_PORTS);
- if (port >= N_CSI_PORTS || err) {
+ if ((!IS_ISP2401 && port >= N_CSI_PORTS) ||
+ (IS_ISP2401 && err)) {
IA_CSS_ERROR("send_mipi_frames(%p) exit: invalid port specified (port=%d).\n",
pipe, port);
return err;
--
2.34.1
^ permalink raw reply related [flat|nested] 584+ messages in thread
* [PATCH 5.10 069/563] media: atomisp: fix inverted error check for ia_css_mipi_is_source_port_valid()
2022-01-24 18:36 [PATCH 5.10 000/563] 5.10.94-rc1 review Greg Kroah-Hartman
` (67 preceding siblings ...)
2022-01-24 18:37 ` [PATCH 5.10 068/563] media: atomisp: do not use err var when checking port validity for ISP2400 Greg Kroah-Hartman
@ 2022-01-24 18:37 ` Greg Kroah-Hartman
2022-01-24 18:37 ` [PATCH 5.10 070/563] media: atomisp: fix ifdefs in sh_css.c Greg Kroah-Hartman
` (497 subsequent siblings)
566 siblings, 0 replies; 584+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:37 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Tsuchiya Yuto, Mauro Carvalho Chehab,
Sasha Levin
From: Tsuchiya Yuto <kitakar@gmail.com>
[ Upstream commit d21ce8c2f7bf6d737b60c09f86db141b9e8e47f0 ]
The function ia_css_mipi_is_source_port_valid() returns true if the port
is valid. So, we can't use the existing err variable as is.
To fix this issue while reusing that variable, invert the return value
when assigning it to the variable.
Fixes: 3c0538fbad9f ("media: atomisp: get rid of most checks for ISP2401 version")
Signed-off-by: Tsuchiya Yuto <kitakar@gmail.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
.../staging/media/atomisp/pci/sh_css_mipi.c | 24 ++++++++++++-------
1 file changed, 15 insertions(+), 9 deletions(-)
diff --git a/drivers/staging/media/atomisp/pci/sh_css_mipi.c b/drivers/staging/media/atomisp/pci/sh_css_mipi.c
index 34b71c1b7c1ec..651eda0469b23 100644
--- a/drivers/staging/media/atomisp/pci/sh_css_mipi.c
+++ b/drivers/staging/media/atomisp/pci/sh_css_mipi.c
@@ -439,10 +439,12 @@ allocate_mipi_frames(struct ia_css_pipe *pipe,
return 0; /* AM TODO: Check */
}
- if (!IS_ISP2401)
+ if (!IS_ISP2401) {
port = (unsigned int)pipe->stream->config.source.port.port;
- else
- err = ia_css_mipi_is_source_port_valid(pipe, &port);
+ } else {
+ /* Returns true if port is valid. So, invert it */
+ err = !ia_css_mipi_is_source_port_valid(pipe, &port);
+ }
assert(port < N_CSI_PORTS);
@@ -572,10 +574,12 @@ free_mipi_frames(struct ia_css_pipe *pipe) {
return err;
}
- if (!IS_ISP2401)
+ if (!IS_ISP2401) {
port = (unsigned int)pipe->stream->config.source.port.port;
- else
- err = ia_css_mipi_is_source_port_valid(pipe, &port);
+ } else {
+ /* Returns true if port is valid. So, invert it */
+ err = !ia_css_mipi_is_source_port_valid(pipe, &port);
+ }
assert(port < N_CSI_PORTS);
@@ -685,10 +689,12 @@ send_mipi_frames(struct ia_css_pipe *pipe) {
/* TODO: AM: maybe this should be returning an error. */
}
- if (!IS_ISP2401)
+ if (!IS_ISP2401) {
port = (unsigned int)pipe->stream->config.source.port.port;
- else
- err = ia_css_mipi_is_source_port_valid(pipe, &port);
+ } else {
+ /* Returns true if port is valid. So, invert it */
+ err = !ia_css_mipi_is_source_port_valid(pipe, &port);
+ }
assert(port < N_CSI_PORTS);
--
2.34.1
^ permalink raw reply related [flat|nested] 584+ messages in thread
* [PATCH 5.10 070/563] media: atomisp: fix ifdefs in sh_css.c
2022-01-24 18:36 [PATCH 5.10 000/563] 5.10.94-rc1 review Greg Kroah-Hartman
` (68 preceding siblings ...)
2022-01-24 18:37 ` [PATCH 5.10 069/563] media: atomisp: fix inverted error check for ia_css_mipi_is_source_port_valid() Greg Kroah-Hartman
@ 2022-01-24 18:37 ` Greg Kroah-Hartman
2022-01-24 18:37 ` [PATCH 5.10 071/563] media: staging: media: atomisp: pci: Balance braces around conditional statements in file atomisp_cmd.c Greg Kroah-Hartman
` (496 subsequent siblings)
566 siblings, 0 replies; 584+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:37 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Tsuchiya Yuto, Mauro Carvalho Chehab,
Sasha Levin
From: Tsuchiya Yuto <kitakar@gmail.com>
[ Upstream commit 5a1b2725558f8a3b4cbf0504f53cffae8e163034 ]
## `if (pipe->stream->config.mode == IA_CSS_INPUT_MODE_TPG) {` case
The intel-aero atomisp has `#if defined(IS_ISP_2400_SYSTEM)` [1]. It is
to be defined in the following two places [2]:
- css/hive_isp_css_common/system_global.h
- css/css_2401_csi2p_system/system_global.h
and the former file is to be included on ISP2400 devices, too. So, it
is to be defined for both ISP2400 and ISP2401 devices.
Because the upstreamed atomisp driver now supports only ISP2400 and
ISP2401, just remove the ISP version test again. This matches the other
upstream commits like 3c0538fbad9f ("media: atomisp: get rid of most
checks for ISP2401 version").
While here, moved the comment for define GP_ISEL_TPG_MODE to the
appropriate place.
[1] https://github.com/intel-aero/linux-kernel/blob/a1b673258feb915268377275130c5c5df0eafc82/drivers/media/pci/atomisp/css/sh_css.c#L552-L558
[2] https://github.com/intel-aero/linux-kernel/search?q=IS_ISP_2400_SYSTEM
## `isys_stream_descr->polling_mode` case
This does not exist on the intel-aero atomisp. This is because it is
based on css version irci_stable_candrpv_0415_20150521_0458.
On the other hand, the upstreamed atomisp is based on the following css
version depending on the ISP version using ifdefs:
- ISP2400: irci_stable_candrpv_0415_20150521_0458
- ISP2401: irci_master_20150911_0724
The `isys_stream_descr->polling_mode` usage was added on updating css
version to irci_master_20150701_0213 [3].
So, it is not a ISP version specific thing, but css version specific
thing. Because the upstreamed atomisp driver uses irci_master_20150911_0724
for ISP2401, re-add the ISP version check for now.
I say "for now" because ISP2401 should eventually use the same css
version with ISP2400 (i.e., irci_stable_candrpv_0415_20150521_0458)
[3] https://raw.githubusercontent.com/intel/ProductionKernelQuilts/cht-m1stable-2016_ww31/uefi/cht-m1stable/patches/cam-0439-atomisp2-css2401-and-2401_legacy-irci_master_2015070.patch
("atomisp2: css2401 and 2401_legacy-irci_master_20150701_0213")
Link to Intel's Android kernel patch.
## `coord = &me->config.internal_frame_origin_bqs_on_sctbl;` case
it was added on commit 4f744a573db3 ("media: atomisp: make
sh_css_sp_init_pipeline() ISP version independent") for ISP2401. Because
the upstreamed atomisp for the ISP2401 part is based on
irci_master_20150911_0724, hence the difference.
Because the upstreamed atomisp driver uses irci_master_20150911_0724
for ISP2401, revert the test back to `if (IS_ISP2401)`.
Fixes: 27333dadef57 ("media: atomisp: adjust some code at sh_css that could be broken")
Signed-off-by: Tsuchiya Yuto <kitakar@gmail.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/staging/media/atomisp/pci/sh_css.c | 27 +++++++++-------------
1 file changed, 11 insertions(+), 16 deletions(-)
diff --git a/drivers/staging/media/atomisp/pci/sh_css.c b/drivers/staging/media/atomisp/pci/sh_css.c
index ddee04c8248d0..54a18921fbd15 100644
--- a/drivers/staging/media/atomisp/pci/sh_css.c
+++ b/drivers/staging/media/atomisp/pci/sh_css.c
@@ -527,6 +527,7 @@ ia_css_stream_input_format_bits_per_pixel(struct ia_css_stream *stream)
return bpp;
}
+/* TODO: move define to proper file in tools */
#define GP_ISEL_TPG_MODE 0x90058
#if !defined(ISP2401)
@@ -579,12 +580,8 @@ sh_css_config_input_network(struct ia_css_stream *stream) {
vblank_cycles = vblank_lines * (width + hblank_cycles);
sh_css_sp_configure_sync_gen(width, height, hblank_cycles,
vblank_cycles);
- if (!IS_ISP2401) {
- if (pipe->stream->config.mode == IA_CSS_INPUT_MODE_TPG) {
- /* TODO: move define to proper file in tools */
- ia_css_device_store_uint32(GP_ISEL_TPG_MODE, 0);
- }
- }
+ if (pipe->stream->config.mode == IA_CSS_INPUT_MODE_TPG)
+ ia_css_device_store_uint32(GP_ISEL_TPG_MODE, 0);
}
ia_css_debug_dtrace(IA_CSS_DEBUG_TRACE_PRIVATE,
"sh_css_config_input_network() leave:\n");
@@ -1019,16 +1016,14 @@ static bool sh_css_translate_stream_cfg_to_isys_stream_descr(
* ia_css_isys_stream_capture_indication() instead of
* ia_css_pipeline_sp_wait_for_isys_stream_N() as isp processing of
* capture takes longer than getting an ISYS frame
- *
- * Only 2401 relevant ??
*/
-#if 0 // FIXME: NOT USED on Yocto Aero
- isys_stream_descr->polling_mode
- = early_polling ? INPUT_SYSTEM_POLL_ON_CAPTURE_REQUEST
- : INPUT_SYSTEM_POLL_ON_WAIT_FOR_FRAME;
- ia_css_debug_dtrace(IA_CSS_DEBUG_TRACE_PRIVATE,
- "sh_css_translate_stream_cfg_to_isys_stream_descr() leave:\n");
-#endif
+ if (IS_ISP2401) {
+ isys_stream_descr->polling_mode
+ = early_polling ? INPUT_SYSTEM_POLL_ON_CAPTURE_REQUEST
+ : INPUT_SYSTEM_POLL_ON_WAIT_FOR_FRAME;
+ ia_css_debug_dtrace(IA_CSS_DEBUG_TRACE_PRIVATE,
+ "sh_css_translate_stream_cfg_to_isys_stream_descr() leave:\n");
+ }
return rc;
}
@@ -1451,7 +1446,7 @@ static void start_pipe(
assert(me); /* all callers are in this file and call with non null argument */
- if (!IS_ISP2401) {
+ if (IS_ISP2401) {
coord = &me->config.internal_frame_origin_bqs_on_sctbl;
params = me->stream->isp_params_configs;
}
--
2.34.1
^ permalink raw reply related [flat|nested] 584+ messages in thread
* [PATCH 5.10 071/563] media: staging: media: atomisp: pci: Balance braces around conditional statements in file atomisp_cmd.c
2022-01-24 18:36 [PATCH 5.10 000/563] 5.10.94-rc1 review Greg Kroah-Hartman
` (69 preceding siblings ...)
2022-01-24 18:37 ` [PATCH 5.10 070/563] media: atomisp: fix ifdefs in sh_css.c Greg Kroah-Hartman
@ 2022-01-24 18:37 ` Greg Kroah-Hartman
2022-01-24 18:37 ` [PATCH 5.10 072/563] media: atomisp: add NULL check for asd obtained from atomisp_video_pipe Greg Kroah-Hartman
` (495 subsequent siblings)
566 siblings, 0 replies; 584+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:37 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Aline Santana Cordeiro, Hans Verkuil,
Mauro Carvalho Chehab, Sasha Levin
From: Aline Santana Cordeiro <alinesantanacordeiro@gmail.com>
[ Upstream commit 0a016c35a326c6b2f558ede58ff08da7ef1da1a8 ]
Balance braces around conditional statements.
Issue detected by checkpatch.pl.
It happens in if-else statements where one of the commands
uses braces around a block of code and the other command
does not since it has just a single line of code.
Signed-off-by: Aline Santana Cordeiro <alinesantanacordeiro@gmail.com>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
.../staging/media/atomisp/pci/atomisp_cmd.c | 19 ++++++++++---------
1 file changed, 10 insertions(+), 9 deletions(-)
diff --git a/drivers/staging/media/atomisp/pci/atomisp_cmd.c b/drivers/staging/media/atomisp/pci/atomisp_cmd.c
index 592ea990d4ca4..21cd03f06291d 100644
--- a/drivers/staging/media/atomisp/pci/atomisp_cmd.c
+++ b/drivers/staging/media/atomisp/pci/atomisp_cmd.c
@@ -1138,9 +1138,10 @@ void atomisp_buf_done(struct atomisp_sub_device *asd, int error,
asd->frame_status[vb->i] =
ATOMISP_FRAME_STATUS_OK;
}
- } else
+ } else {
asd->frame_status[vb->i] =
ATOMISP_FRAME_STATUS_OK;
+ }
} else {
asd->frame_status[vb->i] = ATOMISP_FRAME_STATUS_OK;
}
@@ -4945,9 +4946,9 @@ atomisp_try_fmt_file(struct atomisp_device *isp, struct v4l2_format *f)
depth = get_pixel_depth(pixelformat);
- if (field == V4L2_FIELD_ANY)
+ if (field == V4L2_FIELD_ANY) {
field = V4L2_FIELD_NONE;
- else if (field != V4L2_FIELD_NONE) {
+ } else if (field != V4L2_FIELD_NONE) {
dev_err(isp->dev, "Wrong output field\n");
return -EINVAL;
}
@@ -6587,17 +6588,17 @@ static int atomisp_get_pipe_id(struct atomisp_video_pipe *pipe)
{
struct atomisp_sub_device *asd = pipe->asd;
- if (ATOMISP_USE_YUVPP(asd))
+ if (ATOMISP_USE_YUVPP(asd)) {
return IA_CSS_PIPE_ID_YUVPP;
- else if (asd->vfpp->val == ATOMISP_VFPP_DISABLE_SCALER)
+ } else if (asd->vfpp->val == ATOMISP_VFPP_DISABLE_SCALER) {
return IA_CSS_PIPE_ID_VIDEO;
- else if (asd->vfpp->val == ATOMISP_VFPP_DISABLE_LOWLAT)
+ } else if (asd->vfpp->val == ATOMISP_VFPP_DISABLE_LOWLAT) {
return IA_CSS_PIPE_ID_CAPTURE;
- else if (pipe == &asd->video_out_video_capture)
+ } else if (pipe == &asd->video_out_video_capture) {
return IA_CSS_PIPE_ID_VIDEO;
- else if (pipe == &asd->video_out_vf)
+ } else if (pipe == &asd->video_out_vf) {
return IA_CSS_PIPE_ID_CAPTURE;
- else if (pipe == &asd->video_out_preview) {
+ } else if (pipe == &asd->video_out_preview) {
if (asd->run_mode->val == ATOMISP_RUN_MODE_VIDEO)
return IA_CSS_PIPE_ID_VIDEO;
else
--
2.34.1
^ permalink raw reply related [flat|nested] 584+ messages in thread
* [PATCH 5.10 072/563] media: atomisp: add NULL check for asd obtained from atomisp_video_pipe
2022-01-24 18:36 [PATCH 5.10 000/563] 5.10.94-rc1 review Greg Kroah-Hartman
` (70 preceding siblings ...)
2022-01-24 18:37 ` [PATCH 5.10 071/563] media: staging: media: atomisp: pci: Balance braces around conditional statements in file atomisp_cmd.c Greg Kroah-Hartman
@ 2022-01-24 18:37 ` Greg Kroah-Hartman
2022-01-24 18:37 ` [PATCH 5.10 073/563] media: atomisp: fix enum formats logic Greg Kroah-Hartman
` (494 subsequent siblings)
566 siblings, 0 replies; 584+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:37 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Tsuchiya Yuto, Mauro Carvalho Chehab,
Sasha Levin
From: Tsuchiya Yuto <kitakar@gmail.com>
[ Upstream commit c10bcb13462e9cf43111d17f1e08b4bb4d4401b0 ]
This is almost a BUG report with RFC patch that just avoids kernel
oopses. Thus, prefixed with [BUG][RFC].
Here is the kernel log after running `v4l2-compliance -d /dev/video4`
with this patch applied:
kern :err : [25507.580392] atomisp-isp2 0000:00:03.0: can't change power state from D3cold to D0 (config space inaccessible)
kern :warn : [25507.592343] isys dma store at addr(0xcd408) val(0)
kern :err : [25507.592995] atomisp-isp2 0000:00:03.0: atomisp_queryctl(): asd is NULL, device is ATOMISP ISP ACC
kern :err : [25507.593685] atomisp-isp2 0000:00:03.0: atomisp_g_input(): asd is NULL, device is ATOMISP ISP ACC
kern :err : [25507.593719] atomisp-isp2 0000:00:03.0: atomisp_g_parm(): asd is NULL, device is ATOMISP ISP ACC
kern :err : [25507.593727] atomisp-isp2 0000:00:03.0: atomisp_queryctl(): asd is NULL, device is ATOMISP ISP ACC
[omitting 42 same messages]
kern :err : [25507.593976] atomisp-isp2 0000:00:03.0: atomisp_queryctl(): asd is NULL, device is ATOMISP ISP ACC
kern :err : [25507.594191] atomisp-isp2 0000:00:03.0: atomisp_g_input(): asd is NULL, device is ATOMISP ISP ACC
kern :err : [25507.594449] atomisp-isp2 0000:00:03.0: atomisp_queryctl(): asd is NULL, device is ATOMISP ISP ACC
[omitting 43 same messages]
kern :err : [25507.594756] atomisp-isp2 0000:00:03.0: atomisp_queryctl(): asd is NULL, device is ATOMISP ISP ACC
kern :err : [25507.594779] atomisp-isp2 0000:00:03.0: atomisp_g_ctrl(): asd is NULL, device is ATOMISP ISP ACC
kern :err : [25507.594787] atomisp-isp2 0000:00:03.0: atomisp_s_ctrl(): asd is NULL, device is ATOMISP ISP ACC
kern :err : [25507.594803] atomisp-isp2 0000:00:03.0: atomisp_camera_g_ext_ctrls(): asd is NULL, device is ATOMISP ISP ACC
kern :err : [25507.594880] atomisp-isp2 0000:00:03.0: atomisp_enum_fmt_cap(): asd is NULL, device is ATOMISP ISP ACC
kern :err : [25507.594915] atomisp-isp2 0000:00:03.0: atomisp_g_parm(): asd is NULL, device is ATOMISP ISP ACC
kern :err : [25507.595058] atomisp-isp2 0000:00:03.0: atomisp_try_fmt(): asd is NULL, device is ATOMISP ISP ACC
kern :err : [25507.595089] atomisp-isp2 0000:00:03.0: atomisp_set_fmt(): asd is NULL, device is ATOMISP ISP ACC
kern :err : [25507.595124] atomisp-isp2 0000:00:03.0: atomisp_set_fmt(): asd is NULL, device is ATOMISP ISP ACC
kern :err : [25507.595221] atomisp-isp2 0000:00:03.0: atomisp_set_fmt(): asd is NULL, device is ATOMISP ISP ACC
kern :err : [25507.595241] atomisp-isp2 0000:00:03.0: atomisp_set_fmt(): asd is NULL, device is ATOMISP ISP ACC
kern :err : [25507.601571] atomisp-isp2 0000:00:03.0: can't change power state from D3cold to D0 (config space inaccessible)
kern :warn : [25507.607496] isys dma store at addr(0xcd408) val(0)
kern :err : [25507.608604] atomisp-isp2 0000:00:03.0: atomisp_queryctl(): asd is NULL, device is ATOMISP ISP ACC
kern :err : [25507.611988] atomisp-isp2 0000:00:03.0: can't change power state from D3cold to D0 (config space inaccessible)
kern :warn : [25507.617420] isys dma store at addr(0xcd408) val(0)
kern :err : [25507.618429] atomisp-isp2 0000:00:03.0: atomisp_queryctl(): asd is NULL, device is ATOMISP ISP ACC
kern :err : [25507.618811] atomisp-isp2 0000:00:03.0: atomisp_g_parm(): asd is NULL, device is ATOMISP ISP ACC
kern :err : [25507.622193] atomisp-isp2 0000:00:03.0: can't change power state from D3cold to D0 (config space inaccessible)
kern :warn : [25507.627355] isys dma store at addr(0xcd408) val(0)
kern :err : [25507.628391] atomisp-isp2 0000:00:03.0: atomisp_queryctl(): asd is NULL, device is ATOMISP ISP ACC
kern :err : [25507.631143] atomisp-isp2 0000:00:03.0: can't change power state from D3cold to D0 (config space inaccessible)
kern :warn : [25507.635813] isys dma store at addr(0xcd408) val(0)
kern :err : [25507.636489] atomisp-isp2 0000:00:03.0: atomisp_queryctl(): asd is NULL, device is ATOMISP ISP ACC
kern :err : [25507.636504] atomisp-isp2 0000:00:03.0: atomisp_s_input(): asd is NULL, device is ATOMISP ISP ACC
kern :err : [25507.636516] atomisp-isp2 0000:00:03.0: atomisp_set_fmt(): asd is NULL, device is ATOMISP ISP ACC
kern :err : [25507.639111] atomisp-isp2 0000:00:03.0: can't change power state from D3cold to D0 (config space inaccessible)
kern :warn : [25507.646152] isys dma store at addr(0xcd408) val(0)
kern :err : [25507.646831] atomisp-isp2 0000:00:03.0: atomisp_queryctl(): asd is NULL, device is ATOMISP ISP ACC
kern :err : [25507.646847] atomisp-isp2 0000:00:03.0: atomisp_s_input(): asd is NULL, device is ATOMISP ISP ACC
kern :err : [25507.650079] atomisp-isp2 0000:00:03.0: can't change power state from D3cold to D0 (config space inaccessible)
kern :warn : [25507.657476] isys dma store at addr(0xcd408) val(0)
kern :err : [25507.658741] atomisp-isp2 0000:00:03.0: atomisp_queryctl(): asd is NULL, device is ATOMISP ISP ACC
kern :err : [25507.658759] atomisp-isp2 0000:00:03.0: atomisp_s_input(): asd is NULL, device is ATOMISP ISP ACC
kern :err : [25507.658771] atomisp-isp2 0000:00:03.0: atomisp_set_fmt(): asd is NULL, device is ATOMISP ISP ACC
kern :err : [25507.660959] atomisp-isp2 0000:00:03.0: can't change power state from D3cold to D0 (config space inaccessible)
kern :warn : [25507.666665] isys dma store at addr(0xcd408) val(0)
kern :err : [25507.667397] atomisp-isp2 0000:00:03.0: atomisp_queryctl(): asd is NULL, device is ATOMISP ISP ACC
[mchehab: fix coding style]
Signed-off-by: Tsuchiya Yuto <kitakar@gmail.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
.../staging/media/atomisp/pci/atomisp_cmd.c | 73 +++++++++++++++
.../staging/media/atomisp/pci/atomisp_fops.c | 6 ++
.../staging/media/atomisp/pci/atomisp_ioctl.c | 90 +++++++++++++++++++
3 files changed, 169 insertions(+)
diff --git a/drivers/staging/media/atomisp/pci/atomisp_cmd.c b/drivers/staging/media/atomisp/pci/atomisp_cmd.c
index 21cd03f06291d..90d50a693ce57 100644
--- a/drivers/staging/media/atomisp/pci/atomisp_cmd.c
+++ b/drivers/staging/media/atomisp/pci/atomisp_cmd.c
@@ -1715,6 +1715,12 @@ void atomisp_wdt_refresh_pipe(struct atomisp_video_pipe *pipe,
{
unsigned long next;
+ if (!pipe->asd) {
+ dev_err(pipe->isp->dev, "%s(): asd is NULL, device is %s\n",
+ __func__, pipe->vdev.name);
+ return;
+ }
+
if (delay != ATOMISP_WDT_KEEP_CURRENT_DELAY)
pipe->wdt_duration = delay;
@@ -1777,6 +1783,12 @@ void atomisp_wdt_refresh(struct atomisp_sub_device *asd, unsigned int delay)
/* ISP2401 */
void atomisp_wdt_stop_pipe(struct atomisp_video_pipe *pipe, bool sync)
{
+ if (!pipe->asd) {
+ dev_err(pipe->isp->dev, "%s(): asd is NULL, device is %s\n",
+ __func__, pipe->vdev.name);
+ return;
+ }
+
if (!atomisp_is_wdt_running(pipe))
return;
@@ -4109,6 +4121,12 @@ void atomisp_handle_parameter_and_buffer(struct atomisp_video_pipe *pipe)
unsigned long irqflags;
bool need_to_enqueue_buffer = false;
+ if (!asd) {
+ dev_err(pipe->isp->dev, "%s(): asd is NULL, device is %s\n",
+ __func__, pipe->vdev.name);
+ return;
+ }
+
if (atomisp_is_vf_pipe(pipe))
return;
@@ -4196,6 +4214,12 @@ int atomisp_set_parameters(struct video_device *vdev,
struct atomisp_css_params *css_param = &asd->params.css_param;
int ret;
+ if (!asd) {
+ dev_err(pipe->isp->dev, "%s(): asd is NULL, device is %s\n",
+ __func__, vdev->name);
+ return -EINVAL;
+ }
+
if (!asd->stream_env[ATOMISP_INPUT_STREAM_GENERAL].stream) {
dev_err(asd->isp->dev, "%s: internal error!\n", __func__);
return -EINVAL;
@@ -4856,6 +4880,12 @@ int atomisp_try_fmt(struct video_device *vdev, struct v4l2_format *f,
int source_pad = atomisp_subdev_source_pad(vdev);
int ret;
+ if (!asd) {
+ dev_err(isp->dev, "%s(): asd is NULL, device is %s\n",
+ __func__, vdev->name);
+ return -EINVAL;
+ }
+
if (!isp->inputs[asd->input_curr].camera)
return -EINVAL;
@@ -5202,6 +5232,12 @@ static int atomisp_set_fmt_to_isp(struct video_device *vdev,
const struct atomisp_in_fmt_conv *fc;
int ret, i;
+ if (!asd) {
+ dev_err(isp->dev, "%s(): asd is NULL, device is %s\n",
+ __func__, vdev->name);
+ return -EINVAL;
+ }
+
v4l2_fh_init(&fh.vfh, vdev);
isp_sink_crop = atomisp_subdev_get_rect(
@@ -5513,6 +5549,7 @@ static int atomisp_set_fmt_to_snr(struct video_device *vdev,
unsigned int dvs_env_w, unsigned int dvs_env_h)
{
struct atomisp_sub_device *asd = atomisp_to_video_pipe(vdev)->asd;
+ struct atomisp_video_pipe *pipe = atomisp_to_video_pipe(vdev);
const struct atomisp_format_bridge *format;
struct v4l2_subdev_pad_config pad_cfg;
struct v4l2_subdev_format vformat = {
@@ -5528,6 +5565,12 @@ static int atomisp_set_fmt_to_snr(struct video_device *vdev,
struct v4l2_subdev_fh fh;
int ret;
+ if (!asd) {
+ dev_err(pipe->isp->dev, "%s(): asd is NULL, device is %s\n",
+ __func__, vdev->name);
+ return -EINVAL;
+ }
+
v4l2_fh_init(&fh.vfh, vdev);
stream_index = atomisp_source_pad_to_stream_id(asd, source_pad);
@@ -5618,6 +5661,12 @@ int atomisp_set_fmt(struct video_device *vdev, struct v4l2_format *f)
struct v4l2_subdev_fh fh;
int ret;
+ if (!asd) {
+ dev_err(isp->dev, "%s(): asd is NULL, device is %s\n",
+ __func__, vdev->name);
+ return -EINVAL;
+ }
+
if (source_pad >= ATOMISP_SUBDEV_PADS_NUM)
return -EINVAL;
@@ -6051,6 +6100,12 @@ int atomisp_set_fmt_file(struct video_device *vdev, struct v4l2_format *f)
struct v4l2_subdev_fh fh;
int ret;
+ if (!asd) {
+ dev_err(isp->dev, "%s(): asd is NULL, device is %s\n",
+ __func__, vdev->name);
+ return -EINVAL;
+ }
+
v4l2_fh_init(&fh.vfh, vdev);
dev_dbg(isp->dev, "setting fmt %ux%u 0x%x for file inject\n",
@@ -6375,6 +6430,12 @@ bool atomisp_is_vf_pipe(struct atomisp_video_pipe *pipe)
{
struct atomisp_sub_device *asd = pipe->asd;
+ if (!asd) {
+ dev_err(pipe->isp->dev, "%s(): asd is NULL, device is %s\n",
+ __func__, pipe->vdev.name);
+ return false;
+ }
+
if (pipe == &asd->video_out_vf)
return true;
@@ -6588,6 +6649,12 @@ static int atomisp_get_pipe_id(struct atomisp_video_pipe *pipe)
{
struct atomisp_sub_device *asd = pipe->asd;
+ if (!asd) {
+ dev_err(pipe->isp->dev, "%s(): asd is NULL, device is %s\n",
+ __func__, pipe->vdev.name);
+ return -EINVAL;
+ }
+
if (ATOMISP_USE_YUVPP(asd)) {
return IA_CSS_PIPE_ID_YUVPP;
} else if (asd->vfpp->val == ATOMISP_VFPP_DISABLE_SCALER) {
@@ -6625,6 +6692,12 @@ int atomisp_get_invalid_frame_num(struct video_device *vdev,
struct ia_css_pipe_info p_info;
int ret;
+ if (!asd) {
+ dev_err(pipe->isp->dev, "%s(): asd is NULL, device is %s\n",
+ __func__, vdev->name);
+ return -EINVAL;
+ }
+
if (asd->isp->inputs[asd->input_curr].camera_caps->
sensor[asd->sensor_curr].stream_num > 1) {
/* External ISP */
diff --git a/drivers/staging/media/atomisp/pci/atomisp_fops.c b/drivers/staging/media/atomisp/pci/atomisp_fops.c
index f1e6b25978534..52d24c1ca0d64 100644
--- a/drivers/staging/media/atomisp/pci/atomisp_fops.c
+++ b/drivers/staging/media/atomisp/pci/atomisp_fops.c
@@ -1171,6 +1171,12 @@ static int atomisp_mmap(struct file *file, struct vm_area_struct *vma)
u32 origin_size, new_size;
int ret;
+ if (!asd) {
+ dev_err(isp->dev, "%s(): asd is NULL, device is %s\n",
+ __func__, vdev->name);
+ return -EINVAL;
+ }
+
if (!(vma->vm_flags & (VM_WRITE | VM_READ)))
return -EACCES;
diff --git a/drivers/staging/media/atomisp/pci/atomisp_ioctl.c b/drivers/staging/media/atomisp/pci/atomisp_ioctl.c
index 9da82855552de..35717a91cbd15 100644
--- a/drivers/staging/media/atomisp/pci/atomisp_ioctl.c
+++ b/drivers/staging/media/atomisp/pci/atomisp_ioctl.c
@@ -646,6 +646,12 @@ static int atomisp_g_input(struct file *file, void *fh, unsigned int *input)
struct atomisp_device *isp = video_get_drvdata(vdev);
struct atomisp_sub_device *asd = atomisp_to_video_pipe(vdev)->asd;
+ if (!asd) {
+ dev_err(isp->dev, "%s(): asd is NULL, device is %s\n",
+ __func__, vdev->name);
+ return -EINVAL;
+ }
+
rt_mutex_lock(&isp->mutex);
*input = asd->input_curr;
rt_mutex_unlock(&isp->mutex);
@@ -665,6 +671,12 @@ static int atomisp_s_input(struct file *file, void *fh, unsigned int input)
struct v4l2_subdev *motor;
int ret;
+ if (!asd) {
+ dev_err(isp->dev, "%s(): asd is NULL, device is %s\n",
+ __func__, vdev->name);
+ return -EINVAL;
+ }
+
rt_mutex_lock(&isp->mutex);
if (input >= ATOM_ISP_MAX_INPUTS || input >= isp->input_cnt) {
dev_dbg(isp->dev, "input_cnt: %d\n", isp->input_cnt);
@@ -765,6 +777,12 @@ static int atomisp_enum_fmt_cap(struct file *file, void *fh,
unsigned int i, fi = 0;
int rval;
+ if (!asd) {
+ dev_err(isp->dev, "%s(): asd is NULL, device is %s\n",
+ __func__, vdev->name);
+ return -EINVAL;
+ }
+
rt_mutex_lock(&isp->mutex);
rval = v4l2_subdev_call(isp->inputs[asd->input_curr].camera, pad,
enum_mbus_code, NULL, &code);
@@ -1027,6 +1045,12 @@ int __atomisp_reqbufs(struct file *file, void *fh,
u16 stream_id = atomisp_source_pad_to_stream_id(asd, source_pad);
int ret = 0, i = 0;
+ if (!asd) {
+ dev_err(pipe->isp->dev, "%s(): asd is NULL, device is %s\n",
+ __func__, vdev->name);
+ return -EINVAL;
+ }
+
if (req->count == 0) {
mutex_lock(&pipe->capq.vb_lock);
if (!list_empty(&pipe->capq.stream))
@@ -1154,6 +1178,12 @@ static int atomisp_qbuf(struct file *file, void *fh, struct v4l2_buffer *buf)
u32 pgnr;
int ret = 0;
+ if (!asd) {
+ dev_err(isp->dev, "%s(): asd is NULL, device is %s\n",
+ __func__, vdev->name);
+ return -EINVAL;
+ }
+
rt_mutex_lock(&isp->mutex);
if (isp->isp_fatal_error) {
ret = -EIO;
@@ -1389,6 +1419,12 @@ static int atomisp_dqbuf(struct file *file, void *fh, struct v4l2_buffer *buf)
struct atomisp_device *isp = video_get_drvdata(vdev);
int ret = 0;
+ if (!asd) {
+ dev_err(isp->dev, "%s(): asd is NULL, device is %s\n",
+ __func__, vdev->name);
+ return -EINVAL;
+ }
+
rt_mutex_lock(&isp->mutex);
if (isp->isp_fatal_error) {
@@ -1640,6 +1676,12 @@ static int atomisp_streamon(struct file *file, void *fh,
int ret = 0;
unsigned long irqflags;
+ if (!asd) {
+ dev_err(isp->dev, "%s(): asd is NULL, device is %s\n",
+ __func__, vdev->name);
+ return -EINVAL;
+ }
+
dev_dbg(isp->dev, "Start stream on pad %d for asd%d\n",
atomisp_subdev_source_pad(vdev), asd->index);
@@ -1901,6 +1943,12 @@ int __atomisp_streamoff(struct file *file, void *fh, enum v4l2_buf_type type)
unsigned long flags;
bool first_streamoff = false;
+ if (!asd) {
+ dev_err(isp->dev, "%s(): asd is NULL, device is %s\n",
+ __func__, vdev->name);
+ return -EINVAL;
+ }
+
dev_dbg(isp->dev, "Stop stream on pad %d for asd%d\n",
atomisp_subdev_source_pad(vdev), asd->index);
@@ -2150,6 +2198,12 @@ static int atomisp_g_ctrl(struct file *file, void *fh,
struct atomisp_device *isp = video_get_drvdata(vdev);
int i, ret = -EINVAL;
+ if (!asd) {
+ dev_err(isp->dev, "%s(): asd is NULL, device is %s\n",
+ __func__, vdev->name);
+ return -EINVAL;
+ }
+
for (i = 0; i < ctrls_num; i++) {
if (ci_v4l2_controls[i].id == control->id) {
ret = 0;
@@ -2229,6 +2283,12 @@ static int atomisp_s_ctrl(struct file *file, void *fh,
struct atomisp_device *isp = video_get_drvdata(vdev);
int i, ret = -EINVAL;
+ if (!asd) {
+ dev_err(isp->dev, "%s(): asd is NULL, device is %s\n",
+ __func__, vdev->name);
+ return -EINVAL;
+ }
+
for (i = 0; i < ctrls_num; i++) {
if (ci_v4l2_controls[i].id == control->id) {
ret = 0;
@@ -2310,6 +2370,12 @@ static int atomisp_queryctl(struct file *file, void *fh,
struct atomisp_sub_device *asd = atomisp_to_video_pipe(vdev)->asd;
struct atomisp_device *isp = video_get_drvdata(vdev);
+ if (!asd) {
+ dev_err(isp->dev, "%s(): asd is NULL, device is %s\n",
+ __func__, vdev->name);
+ return -EINVAL;
+ }
+
switch (qc->id) {
case V4L2_CID_FOCUS_ABSOLUTE:
case V4L2_CID_FOCUS_RELATIVE:
@@ -2355,6 +2421,12 @@ static int atomisp_camera_g_ext_ctrls(struct file *file, void *fh,
int i;
int ret = 0;
+ if (!asd) {
+ dev_err(isp->dev, "%s(): asd is NULL, device is %s\n",
+ __func__, vdev->name);
+ return -EINVAL;
+ }
+
if (!IS_ISP2401)
motor = isp->inputs[asd->input_curr].motor;
else
@@ -2466,6 +2538,12 @@ static int atomisp_camera_s_ext_ctrls(struct file *file, void *fh,
int i;
int ret = 0;
+ if (!asd) {
+ dev_err(isp->dev, "%s(): asd is NULL, device is %s\n",
+ __func__, vdev->name);
+ return -EINVAL;
+ }
+
if (!IS_ISP2401)
motor = isp->inputs[asd->input_curr].motor;
else
@@ -2591,6 +2669,12 @@ static int atomisp_g_parm(struct file *file, void *fh,
struct atomisp_sub_device *asd = atomisp_to_video_pipe(vdev)->asd;
struct atomisp_device *isp = video_get_drvdata(vdev);
+ if (!asd) {
+ dev_err(isp->dev, "%s(): asd is NULL, device is %s\n",
+ __func__, vdev->name);
+ return -EINVAL;
+ }
+
if (parm->type != V4L2_BUF_TYPE_VIDEO_CAPTURE) {
dev_err(isp->dev, "unsupported v4l2 buf type\n");
return -EINVAL;
@@ -2613,6 +2697,12 @@ static int atomisp_s_parm(struct file *file, void *fh,
int rval;
int fps;
+ if (!asd) {
+ dev_err(isp->dev, "%s(): asd is NULL, device is %s\n",
+ __func__, vdev->name);
+ return -EINVAL;
+ }
+
if (parm->type != V4L2_BUF_TYPE_VIDEO_CAPTURE) {
dev_err(isp->dev, "unsupported v4l2 buf type\n");
return -EINVAL;
--
2.34.1
^ permalink raw reply related [flat|nested] 584+ messages in thread
* [PATCH 5.10 073/563] media: atomisp: fix enum formats logic
2022-01-24 18:36 [PATCH 5.10 000/563] 5.10.94-rc1 review Greg Kroah-Hartman
` (71 preceding siblings ...)
2022-01-24 18:37 ` [PATCH 5.10 072/563] media: atomisp: add NULL check for asd obtained from atomisp_video_pipe Greg Kroah-Hartman
@ 2022-01-24 18:37 ` Greg Kroah-Hartman
2022-01-24 18:37 ` [PATCH 5.10 074/563] media: atomisp: fix uninitialized bug in gmin_get_pmic_id_and_addr() Greg Kroah-Hartman
` (493 subsequent siblings)
566 siblings, 0 replies; 584+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:37 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Mauro Carvalho Chehab, Sasha Levin
From: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
[ Upstream commit fae46cb0531b45c789e39128f676f2bafa3a7b47 ]
Changeset 374d62e7aa50 ("media: v4l2-subdev: Verify v4l2_subdev_call() pad config argument")
added an extra verification for a pads parameter for enum mbus
format code.
Such change broke atomisp, because now the V4L2 core
refuses to enum MBUS formats if the state is empty.
So, add .which field in order to select the active formats,
in order to make it work again.
While here, improve error messages.
Fixes: 374d62e7aa50 ("media: v4l2-subdev: Verify v4l2_subdev_call() pad config argument")
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
.../staging/media/atomisp/pci/atomisp_ioctl.c | 23 ++++++++++++++-----
1 file changed, 17 insertions(+), 6 deletions(-)
diff --git a/drivers/staging/media/atomisp/pci/atomisp_ioctl.c b/drivers/staging/media/atomisp/pci/atomisp_ioctl.c
index 35717a91cbd15..830df02626634 100644
--- a/drivers/staging/media/atomisp/pci/atomisp_ioctl.c
+++ b/drivers/staging/media/atomisp/pci/atomisp_ioctl.c
@@ -773,7 +773,10 @@ static int atomisp_enum_fmt_cap(struct file *file, void *fh,
struct video_device *vdev = video_devdata(file);
struct atomisp_device *isp = video_get_drvdata(vdev);
struct atomisp_sub_device *asd = atomisp_to_video_pipe(vdev)->asd;
- struct v4l2_subdev_mbus_code_enum code = { 0 };
+ struct v4l2_subdev_mbus_code_enum code = {
+ .which = V4L2_SUBDEV_FORMAT_ACTIVE,
+ };
+ struct v4l2_subdev *camera;
unsigned int i, fi = 0;
int rval;
@@ -783,14 +786,20 @@ static int atomisp_enum_fmt_cap(struct file *file, void *fh,
return -EINVAL;
}
+ camera = isp->inputs[asd->input_curr].camera;
+ if(!camera) {
+ dev_err(isp->dev, "%s(): camera is NULL, device is %s\n",
+ __func__, vdev->name);
+ return -EINVAL;
+ }
+
rt_mutex_lock(&isp->mutex);
- rval = v4l2_subdev_call(isp->inputs[asd->input_curr].camera, pad,
- enum_mbus_code, NULL, &code);
+
+ rval = v4l2_subdev_call(camera, pad, enum_mbus_code, NULL, &code);
if (rval == -ENOIOCTLCMD) {
dev_warn(isp->dev,
- "enum_mbus_code pad op not supported. Please fix your sensor driver!\n");
- // rval = v4l2_subdev_call(isp->inputs[asd->input_curr].camera,
- // video, enum_mbus_fmt, 0, &code.code);
+ "enum_mbus_code pad op not supported by %s. Please fix your sensor driver!\n",
+ camera->name);
}
rt_mutex_unlock(&isp->mutex);
@@ -820,6 +829,8 @@ static int atomisp_enum_fmt_cap(struct file *file, void *fh,
f->pixelformat = format->pixelformat;
return 0;
}
+ dev_err(isp->dev, "%s(): format for code %x not found.\n",
+ __func__, code.code);
return -EINVAL;
}
--
2.34.1
^ permalink raw reply related [flat|nested] 584+ messages in thread
* [PATCH 5.10 074/563] media: atomisp: fix uninitialized bug in gmin_get_pmic_id_and_addr()
2022-01-24 18:36 [PATCH 5.10 000/563] 5.10.94-rc1 review Greg Kroah-Hartman
` (72 preceding siblings ...)
2022-01-24 18:37 ` [PATCH 5.10 073/563] media: atomisp: fix enum formats logic Greg Kroah-Hartman
@ 2022-01-24 18:37 ` Greg Kroah-Hartman
2022-01-24 18:37 ` [PATCH 5.10 075/563] media: aspeed: fix mode-detect always time out at 2nd run Greg Kroah-Hartman
` (492 subsequent siblings)
566 siblings, 0 replies; 584+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:37 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dan Carpenter, Kieran Bingham,
Mauro Carvalho Chehab, Sasha Levin
From: Dan Carpenter <dan.carpenter@oracle.com>
[ Upstream commit cb4d67a998e97365afdf34965b069601da1dae60 ]
The "power" pointer is not initialized on the else path and that would
lead to an Oops.
Link: https://lore.kernel.org/linux-media/20211012082150.GA31086@kili
Fixes: c30f4cb2d4c7 ("media: atomisp: Refactor PMIC detection to a separate function")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Reviewed-by: Kieran Bingham <kieran.bingham+renesas@ideasonboard.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/staging/media/atomisp/pci/atomisp_gmin_platform.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/staging/media/atomisp/pci/atomisp_gmin_platform.c b/drivers/staging/media/atomisp/pci/atomisp_gmin_platform.c
index 135994d44802c..34480ca164746 100644
--- a/drivers/staging/media/atomisp/pci/atomisp_gmin_platform.c
+++ b/drivers/staging/media/atomisp/pci/atomisp_gmin_platform.c
@@ -481,7 +481,7 @@ fail:
static u8 gmin_get_pmic_id_and_addr(struct device *dev)
{
- struct i2c_client *power;
+ struct i2c_client *power = NULL;
static u8 pmic_i2c_addr;
if (pmic_id)
--
2.34.1
^ permalink raw reply related [flat|nested] 584+ messages in thread
* [PATCH 5.10 075/563] media: aspeed: fix mode-detect always time out at 2nd run
2022-01-24 18:36 [PATCH 5.10 000/563] 5.10.94-rc1 review Greg Kroah-Hartman
` (73 preceding siblings ...)
2022-01-24 18:37 ` [PATCH 5.10 074/563] media: atomisp: fix uninitialized bug in gmin_get_pmic_id_and_addr() Greg Kroah-Hartman
@ 2022-01-24 18:37 ` Greg Kroah-Hartman
2022-01-24 18:37 ` [PATCH 5.10 076/563] media: em28xx: fix memory leak in em28xx_init_dev Greg Kroah-Hartman
` (491 subsequent siblings)
566 siblings, 0 replies; 584+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:37 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jammy Huang, Paul Menzel,
Joel Stanley, Hans Verkuil, Mauro Carvalho Chehab, Sasha Levin
From: Jammy Huang <jammy_huang@aspeedtech.com>
[ Upstream commit 62cea52ad4bead0ae4be2cfe1142eb0aae0e9fbd ]
aspeed_video_get_resolution() will try to do res-detect again if the
timing got in last try is invalid. But it will always time out because
VE_SEQ_CTRL_TRIG_MODE_DET is only cleared after 1st mode-detect.
To fix the problem, just clear VE_SEQ_CTRL_TRIG_MODE_DET before setting
it in aspeed_video_enable_mode_detect().
Fixes: d2b4387f3bdf ("media: platform: Add Aspeed Video Engine driver")
Signed-off-by: Jammy Huang <jammy_huang@aspeedtech.com>
Acked-by: Paul Menzel <pmenzel@molgen.mpg.de>
Reviewed-by: Joel Stanley <joel@jms.id.au>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/platform/aspeed-video.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/drivers/media/platform/aspeed-video.c b/drivers/media/platform/aspeed-video.c
index 7bb6babdcade0..23c41c545c536 100644
--- a/drivers/media/platform/aspeed-video.c
+++ b/drivers/media/platform/aspeed-video.c
@@ -500,6 +500,10 @@ static void aspeed_video_enable_mode_detect(struct aspeed_video *video)
aspeed_video_update(video, VE_INTERRUPT_CTRL, 0,
VE_INTERRUPT_MODE_DETECT);
+ /* Disable mode detect in order to re-trigger */
+ aspeed_video_update(video, VE_SEQ_CTRL,
+ VE_SEQ_CTRL_TRIG_MODE_DET, 0);
+
/* Trigger mode detect */
aspeed_video_update(video, VE_SEQ_CTRL, 0, VE_SEQ_CTRL_TRIG_MODE_DET);
}
@@ -786,10 +790,6 @@ static void aspeed_video_get_resolution(struct aspeed_video *video)
return;
}
- /* Disable mode detect in order to re-trigger */
- aspeed_video_update(video, VE_SEQ_CTRL,
- VE_SEQ_CTRL_TRIG_MODE_DET, 0);
-
aspeed_video_check_and_set_polarity(video);
aspeed_video_enable_mode_detect(video);
--
2.34.1
^ permalink raw reply related [flat|nested] 584+ messages in thread
* [PATCH 5.10 076/563] media: em28xx: fix memory leak in em28xx_init_dev
2022-01-24 18:36 [PATCH 5.10 000/563] 5.10.94-rc1 review Greg Kroah-Hartman
` (74 preceding siblings ...)
2022-01-24 18:37 ` [PATCH 5.10 075/563] media: aspeed: fix mode-detect always time out at 2nd run Greg Kroah-Hartman
@ 2022-01-24 18:37 ` Greg Kroah-Hartman
2022-01-24 18:37 ` [PATCH 5.10 077/563] media: aspeed: Update signal status immediately to ensure sane hw state Greg Kroah-Hartman
` (490 subsequent siblings)
566 siblings, 0 replies; 584+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:37 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Pavel Skripkin, Dongliang Mu,
syzkaller, Hans Verkuil, Mauro Carvalho Chehab, Sasha Levin
From: Dongliang Mu <mudongliangabcd@gmail.com>
[ Upstream commit 22be5a10d0b24eec9e45decd15d7e6112b25f080 ]
In the em28xx_init_rev, if em28xx_audio_setup fails, this function fails
to deallocate the media_dev allocated in the em28xx_media_device_init.
Fix this by adding em28xx_unregister_media_device to free media_dev.
BTW, this patch is tested in my local syzkaller instance, and it can
prevent the memory leak from occurring again.
CC: Pavel Skripkin <paskripkin@gmail.com>
Fixes: 37ecc7b1278f ("[media] em28xx: add media controller support")
Signed-off-by: Dongliang Mu <mudongliangabcd@gmail.com>
Reported-by: syzkaller <syzkaller@googlegroups.com>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/usb/em28xx/em28xx-cards.c | 18 ++++++++++++------
1 file changed, 12 insertions(+), 6 deletions(-)
diff --git a/drivers/media/usb/em28xx/em28xx-cards.c b/drivers/media/usb/em28xx/em28xx-cards.c
index cf45cc566cbe2..87e375562dbb2 100644
--- a/drivers/media/usb/em28xx/em28xx-cards.c
+++ b/drivers/media/usb/em28xx/em28xx-cards.c
@@ -3575,8 +3575,10 @@ static int em28xx_init_dev(struct em28xx *dev, struct usb_device *udev,
if (dev->is_audio_only) {
retval = em28xx_audio_setup(dev);
- if (retval)
- return -ENODEV;
+ if (retval) {
+ retval = -ENODEV;
+ goto err_deinit_media;
+ }
em28xx_init_extension(dev);
return 0;
@@ -3595,7 +3597,7 @@ static int em28xx_init_dev(struct em28xx *dev, struct usb_device *udev,
dev_err(&dev->intf->dev,
"%s: em28xx_i2c_register bus 0 - error [%d]!\n",
__func__, retval);
- return retval;
+ goto err_deinit_media;
}
/* register i2c bus 1 */
@@ -3611,9 +3613,7 @@ static int em28xx_init_dev(struct em28xx *dev, struct usb_device *udev,
"%s: em28xx_i2c_register bus 1 - error [%d]!\n",
__func__, retval);
- em28xx_i2c_unregister(dev, 0);
-
- return retval;
+ goto err_unreg_i2c;
}
}
@@ -3621,6 +3621,12 @@ static int em28xx_init_dev(struct em28xx *dev, struct usb_device *udev,
em28xx_card_setup(dev);
return 0;
+
+err_unreg_i2c:
+ em28xx_i2c_unregister(dev, 0);
+err_deinit_media:
+ em28xx_unregister_media_device(dev);
+ return retval;
}
static int em28xx_duplicate_dev(struct em28xx *dev)
--
2.34.1
^ permalink raw reply related [flat|nested] 584+ messages in thread
* [PATCH 5.10 077/563] media: aspeed: Update signal status immediately to ensure sane hw state
2022-01-24 18:36 [PATCH 5.10 000/563] 5.10.94-rc1 review Greg Kroah-Hartman
` (75 preceding siblings ...)
2022-01-24 18:37 ` [PATCH 5.10 076/563] media: em28xx: fix memory leak in em28xx_init_dev Greg Kroah-Hartman
@ 2022-01-24 18:37 ` Greg Kroah-Hartman
2022-01-24 18:37 ` [PATCH 5.10 078/563] arm64: dts: amlogic: meson-g12: Fix GPU operating point table node name Greg Kroah-Hartman
` (489 subsequent siblings)
566 siblings, 0 replies; 584+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:37 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jammy Huang, Paul Menzel,
Hans Verkuil, Mauro Carvalho Chehab, Sasha Levin
From: Jammy Huang <jammy_huang@aspeedtech.com>
[ Upstream commit af6d1bde395cac174ee71adcd3fa43f6435c7206 ]
If res-chg, VE_INTERRUPT_MODE_DETECT_WD irq will be raised. But
v4l2_input_status won't be updated to no-signal immediately until
aspeed_video_get_resolution() in aspeed_video_resolution_work().
During the period of time, aspeed_video_start_frame() could be called
because it doesn't know signal becomes unstable now. If it goes with
aspeed_video_init_regs() of aspeed_video_irq_res_change()
simultaneously, it will mess up hw state.
To fix this problem, v4l2_input_status is updated to no-signal
immediately for VE_INTERRUPT_MODE_DETECT_WD irq.
Fixes: d2b4387f3bdf ("media: platform: Add Aspeed Video Engine driver")
Signed-off-by: Jammy Huang <jammy_huang@aspeedtech.com>
Acked-by: Paul Menzel <pmenzel@molgen.mpg.de>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/platform/aspeed-video.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/drivers/media/platform/aspeed-video.c b/drivers/media/platform/aspeed-video.c
index 23c41c545c536..debc7509c173c 100644
--- a/drivers/media/platform/aspeed-video.c
+++ b/drivers/media/platform/aspeed-video.c
@@ -556,6 +556,8 @@ static void aspeed_video_irq_res_change(struct aspeed_video *video, ulong delay)
set_bit(VIDEO_RES_CHANGE, &video->flags);
clear_bit(VIDEO_FRAME_INPRG, &video->flags);
+ video->v4l2_input_status = V4L2_IN_ST_NO_SIGNAL;
+
aspeed_video_off(video);
aspeed_video_bufs_done(video, VB2_BUF_STATE_ERROR);
@@ -1337,7 +1339,6 @@ static void aspeed_video_resolution_work(struct work_struct *work)
struct delayed_work *dwork = to_delayed_work(work);
struct aspeed_video *video = container_of(dwork, struct aspeed_video,
res_work);
- u32 input_status = video->v4l2_input_status;
aspeed_video_on(video);
@@ -1350,8 +1351,7 @@ static void aspeed_video_resolution_work(struct work_struct *work)
aspeed_video_get_resolution(video);
if (video->detected_timings.width != video->active_timings.width ||
- video->detected_timings.height != video->active_timings.height ||
- input_status != video->v4l2_input_status) {
+ video->detected_timings.height != video->active_timings.height) {
static const struct v4l2_event ev = {
.type = V4L2_EVENT_SOURCE_CHANGE,
.u.src_change.changes = V4L2_EVENT_SRC_CH_RESOLUTION,
--
2.34.1
^ permalink raw reply related [flat|nested] 584+ messages in thread
* [PATCH 5.10 078/563] arm64: dts: amlogic: meson-g12: Fix GPU operating point table node name
2022-01-24 18:36 [PATCH 5.10 000/563] 5.10.94-rc1 review Greg Kroah-Hartman
` (76 preceding siblings ...)
2022-01-24 18:37 ` [PATCH 5.10 077/563] media: aspeed: Update signal status immediately to ensure sane hw state Greg Kroah-Hartman
@ 2022-01-24 18:37 ` Greg Kroah-Hartman
2022-01-24 18:37 ` [PATCH 5.10 079/563] arm64: dts: amlogic: Fix SPI NOR flash node name for ODROID N2/N2+ Greg Kroah-Hartman
` (488 subsequent siblings)
566 siblings, 0 replies; 584+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:37 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Neil Armstrong, Alexander Stein, Sasha Levin
From: Alexander Stein <alexander.stein@mailbox.org>
[ Upstream commit bb98a6fd0b0e227cefb2ba91cea2b55455f203b7 ]
Starting with commit 94274f20f6bf ("dt-bindings: opp: Convert to DT
schema") the opp node name has a mandatory pattern. This change
fixes the dtbs_check warning:
gpu-opp-table: $nodename:0: 'gpu-opp-table' does not match
'^opp-table(-[a-z0-9]+)?$'
Put the 'gpu' part at the end to match the pattern.
Fixes: 916a0edc43f0 ("arm64: dts: amlogic: meson-g12: add the Mali OPP table and use DVFS")
Reviewed-by: Neil Armstrong <narmstrong@baylibre.com>
Signed-off-by: Alexander Stein <alexander.stein@mailbox.org>
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
Link: https://lore.kernel.org/r/20211026182813.900775-2-alexander.stein@mailbox.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/boot/dts/amlogic/meson-g12-common.dtsi | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/arm64/boot/dts/amlogic/meson-g12-common.dtsi b/arch/arm64/boot/dts/amlogic/meson-g12-common.dtsi
index 959b299344e54..7342c8a2b322d 100644
--- a/arch/arm64/boot/dts/amlogic/meson-g12-common.dtsi
+++ b/arch/arm64/boot/dts/amlogic/meson-g12-common.dtsi
@@ -52,7 +52,7 @@
secure-monitor = <&sm>;
};
- gpu_opp_table: gpu-opp-table {
+ gpu_opp_table: opp-table-gpu {
compatible = "operating-points-v2";
opp-124999998 {
--
2.34.1
^ permalink raw reply related [flat|nested] 584+ messages in thread
* [PATCH 5.10 079/563] arm64: dts: amlogic: Fix SPI NOR flash node name for ODROID N2/N2+
2022-01-24 18:36 [PATCH 5.10 000/563] 5.10.94-rc1 review Greg Kroah-Hartman
` (77 preceding siblings ...)
2022-01-24 18:37 ` [PATCH 5.10 078/563] arm64: dts: amlogic: meson-g12: Fix GPU operating point table node name Greg Kroah-Hartman
@ 2022-01-24 18:37 ` Greg Kroah-Hartman
2022-01-24 18:37 ` [PATCH 5.10 080/563] arm64: dts: meson-gxbb-wetek: fix HDMI in early boot Greg Kroah-Hartman
` (487 subsequent siblings)
566 siblings, 0 replies; 584+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:37 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Neil Armstrong, Alexander Stein, Sasha Levin
From: Alexander Stein <alexander.stein@mailbox.org>
[ Upstream commit 95d35256b564aca33fb661eac77dc94bfcffc8df ]
Fix the schema warning: "spi-flash@0: $nodename:0: 'spi-flash@0' does
not match '^flash(@.*)?$'" from jedec,spi-nor.yaml
Fixes: a084eaf3096c ("arm64: dts: meson-g12b-odroid-n2: add SPIFC controller node")
Reviewed-by: Neil Armstrong <narmstrong@baylibre.com>
Signed-off-by: Alexander Stein <alexander.stein@mailbox.org>
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
Link: https://lore.kernel.org/r/20211026182813.900775-3-alexander.stein@mailbox.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/boot/dts/amlogic/meson-g12b-odroid-n2.dtsi | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/arm64/boot/dts/amlogic/meson-g12b-odroid-n2.dtsi b/arch/arm64/boot/dts/amlogic/meson-g12b-odroid-n2.dtsi
index 59b5f39088757..b9b8cd4b5ba9d 100644
--- a/arch/arm64/boot/dts/amlogic/meson-g12b-odroid-n2.dtsi
+++ b/arch/arm64/boot/dts/amlogic/meson-g12b-odroid-n2.dtsi
@@ -543,7 +543,7 @@
pinctrl-0 = <&nor_pins>;
pinctrl-names = "default";
- mx25u64: spi-flash@0 {
+ mx25u64: flash@0 {
#address-cells = <1>;
#size-cells = <1>;
compatible = "mxicy,mx25u6435f", "jedec,spi-nor";
--
2.34.1
^ permalink raw reply related [flat|nested] 584+ messages in thread
* [PATCH 5.10 080/563] arm64: dts: meson-gxbb-wetek: fix HDMI in early boot
2022-01-24 18:36 [PATCH 5.10 000/563] 5.10.94-rc1 review Greg Kroah-Hartman
` (78 preceding siblings ...)
2022-01-24 18:37 ` [PATCH 5.10 079/563] arm64: dts: amlogic: Fix SPI NOR flash node name for ODROID N2/N2+ Greg Kroah-Hartman
@ 2022-01-24 18:37 ` Greg Kroah-Hartman
2022-01-24 18:37 ` [PATCH 5.10 081/563] arm64: dts: meson-gxbb-wetek: fix missing GPIO binding Greg Kroah-Hartman
` (486 subsequent siblings)
566 siblings, 0 replies; 584+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:37 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Christian Hewitt, Neil Armstrong,
Sasha Levin
From: Christian Hewitt <christianshewitt@gmail.com>
[ Upstream commit 8182a35868db5f053111d5d9d4da8fcb3f99259d ]
Mark the VDDIO_AO18 regulator always-on and set hdmi-supply for the hdmi_tx
node to ensure HDMI is powered in the early stages of boot.
Fixes: fb72c03e0e32 ("ARM64: dts: meson-gxbb-wetek: add a wetek specific dtsi to cleanup hub and play2")
Signed-off-by: Christian Hewitt <christianshewitt@gmail.com>
Reviewed-by: Neil Armstrong <narmstrong@baylibre.com>
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
Link: https://lore.kernel.org/r/20211012052522.30873-2-christianshewitt@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/boot/dts/amlogic/meson-gxbb-wetek.dtsi | 2 ++
1 file changed, 2 insertions(+)
diff --git a/arch/arm64/boot/dts/amlogic/meson-gxbb-wetek.dtsi b/arch/arm64/boot/dts/amlogic/meson-gxbb-wetek.dtsi
index a350fee1264d7..8e2af986cebaf 100644
--- a/arch/arm64/boot/dts/amlogic/meson-gxbb-wetek.dtsi
+++ b/arch/arm64/boot/dts/amlogic/meson-gxbb-wetek.dtsi
@@ -64,6 +64,7 @@
regulator-name = "VDDIO_AO18";
regulator-min-microvolt = <1800000>;
regulator-max-microvolt = <1800000>;
+ regulator-always-on;
};
vcc_3v3: regulator-vcc_3v3 {
@@ -161,6 +162,7 @@
status = "okay";
pinctrl-0 = <&hdmi_hpd_pins>, <&hdmi_i2c_pins>;
pinctrl-names = "default";
+ hdmi-supply = <&vddio_ao18>;
};
&hdmi_tx_tmds_port {
--
2.34.1
^ permalink raw reply related [flat|nested] 584+ messages in thread
* [PATCH 5.10 081/563] arm64: dts: meson-gxbb-wetek: fix missing GPIO binding
2022-01-24 18:36 [PATCH 5.10 000/563] 5.10.94-rc1 review Greg Kroah-Hartman
` (79 preceding siblings ...)
2022-01-24 18:37 ` [PATCH 5.10 080/563] arm64: dts: meson-gxbb-wetek: fix HDMI in early boot Greg Kroah-Hartman
@ 2022-01-24 18:37 ` Greg Kroah-Hartman
2022-01-24 18:37 ` [PATCH 5.10 082/563] fs: dlm: use sk->sk_socket instead of con->sock Greg Kroah-Hartman
` (485 subsequent siblings)
566 siblings, 0 replies; 584+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:37 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Christian Hewitt, Neil Armstrong,
Sasha Levin
From: Christian Hewitt <christianshewitt@gmail.com>
[ Upstream commit c019abb2feba3cbbd7cf7178f8e6499c4fa6fced ]
The absence of this binding appears to be harmless in Linux but it breaks
Ethernet support in mainline u-boot. So add the binding (which is present
in all other u-boot supported GXBB device-trees).
Fixes: fb72c03e0e32 ("ARM64: dts: meson-gxbb-wetek: add a wetek specific dtsi to cleanup hub and play2")
Signed-off-by: Christian Hewitt <christianshewitt@gmail.com>
Reviewed-by: Neil Armstrong <narmstrong@baylibre.com>
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
Link: https://lore.kernel.org/r/20211012052522.30873-3-christianshewitt@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/boot/dts/amlogic/meson-gxbb-wetek.dtsi | 1 +
1 file changed, 1 insertion(+)
diff --git a/arch/arm64/boot/dts/amlogic/meson-gxbb-wetek.dtsi b/arch/arm64/boot/dts/amlogic/meson-gxbb-wetek.dtsi
index 8e2af986cebaf..a4d34398da358 100644
--- a/arch/arm64/boot/dts/amlogic/meson-gxbb-wetek.dtsi
+++ b/arch/arm64/boot/dts/amlogic/meson-gxbb-wetek.dtsi
@@ -6,6 +6,7 @@
*/
#include "meson-gxbb.dtsi"
+#include <dt-bindings/gpio/gpio.h>
/ {
aliases {
--
2.34.1
^ permalink raw reply related [flat|nested] 584+ messages in thread
* [PATCH 5.10 082/563] fs: dlm: use sk->sk_socket instead of con->sock
2022-01-24 18:36 [PATCH 5.10 000/563] 5.10.94-rc1 review Greg Kroah-Hartman
` (80 preceding siblings ...)
2022-01-24 18:37 ` [PATCH 5.10 081/563] arm64: dts: meson-gxbb-wetek: fix missing GPIO binding Greg Kroah-Hartman
@ 2022-01-24 18:37 ` Greg Kroah-Hartman
2022-01-24 18:37 ` [PATCH 5.10 083/563] fs: dlm: dont call kernel_getpeername() in error_report() Greg Kroah-Hartman
` (484 subsequent siblings)
566 siblings, 0 replies; 584+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:37 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Alexander Aring, David Teigland, Sasha Levin
From: Alexander Aring <aahringo@redhat.com>
[ Upstream commit feb704bd17786c8ff52a49d7759b8ee4f3a5aaac ]
Instead of dereference "con->sock" we can get the socket structure over
"sk->sk_socket" as well. This patch will switch to this behaviour.
Signed-off-by: Alexander Aring <aahringo@redhat.com>
Signed-off-by: David Teigland <teigland@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/dlm/lowcomms.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/fs/dlm/lowcomms.c b/fs/dlm/lowcomms.c
index 0c78fdfb1f6fa..0a8645ed4b2d6 100644
--- a/fs/dlm/lowcomms.c
+++ b/fs/dlm/lowcomms.c
@@ -480,8 +480,7 @@ static void lowcomms_error_report(struct sock *sk)
goto out;
orig_report = listen_sock.sk_error_report;
- if (con->sock == NULL ||
- kernel_getpeername(con->sock, (struct sockaddr *)&saddr) < 0) {
+ if (kernel_getpeername(sk->sk_socket, (struct sockaddr *)&saddr) < 0) {
printk_ratelimited(KERN_ERR "dlm: node %d: socket error "
"sending to node %d, port %d, "
"sk_err=%d/%d\n", dlm_our_nodeid(),
--
2.34.1
^ permalink raw reply related [flat|nested] 584+ messages in thread
* [PATCH 5.10 083/563] fs: dlm: dont call kernel_getpeername() in error_report()
2022-01-24 18:36 [PATCH 5.10 000/563] 5.10.94-rc1 review Greg Kroah-Hartman
` (81 preceding siblings ...)
2022-01-24 18:37 ` [PATCH 5.10 082/563] fs: dlm: use sk->sk_socket instead of con->sock Greg Kroah-Hartman
@ 2022-01-24 18:37 ` Greg Kroah-Hartman
2022-01-24 18:37 ` [PATCH 5.10 084/563] memory: renesas-rpc-if: Return error in case devm_ioremap_resource() fails Greg Kroah-Hartman
` (483 subsequent siblings)
566 siblings, 0 replies; 584+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:37 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Bob Peterson, Alexander Aring,
David Teigland, Sasha Levin
From: Alexander Aring <aahringo@redhat.com>
[ Upstream commit 4c3d90570bcc2b338f70f61f01110268e281ca3c ]
In some cases kernel_getpeername() will held the socket lock which is
already held when the socket layer calls error_report() callback. Since
commit 9dfc685e0262 ("inet: remove races in inet{6}_getname()") this
problem becomes more likely because the socket lock will be held always.
You will see something like:
bob9-u5 login: [ 562.316860] BUG: spinlock recursion on CPU#7, swapper/7/0
[ 562.318562] lock: 0xffff8f2284720088, .magic: dead4ead, .owner: swapper/7/0, .owner_cpu: 7
[ 562.319522] CPU: 7 PID: 0 Comm: swapper/7 Not tainted 5.15.0+ #135
[ 562.320346] Hardware name: Red Hat KVM/RHEL-AV, BIOS 1.13.0-2.module+el8.3.0+7353+9de0a3cc 04/01/2014
[ 562.321277] Call Trace:
[ 562.321529] <IRQ>
[ 562.321734] dump_stack_lvl+0x33/0x42
[ 562.322282] do_raw_spin_lock+0x8b/0xc0
[ 562.322674] lock_sock_nested+0x1e/0x50
[ 562.323057] inet_getname+0x39/0x110
[ 562.323425] ? sock_def_readable+0x80/0x80
[ 562.323838] lowcomms_error_report+0x63/0x260 [dlm]
[ 562.324338] ? wait_for_completion_interruptible_timeout+0xd2/0x120
[ 562.324949] ? lock_timer_base+0x67/0x80
[ 562.325330] ? do_raw_spin_unlock+0x49/0xc0
[ 562.325735] ? _raw_spin_unlock_irqrestore+0x1e/0x40
[ 562.326218] ? del_timer+0x54/0x80
[ 562.326549] sk_error_report+0x12/0x70
[ 562.326919] tcp_validate_incoming+0x3c8/0x530
[ 562.327347] ? kvm_clock_read+0x14/0x30
[ 562.327718] ? ktime_get+0x3b/0xa0
[ 562.328055] tcp_rcv_established+0x121/0x660
[ 562.328466] tcp_v4_do_rcv+0x132/0x260
[ 562.328835] tcp_v4_rcv+0xcea/0xe20
[ 562.329173] ip_protocol_deliver_rcu+0x35/0x1f0
[ 562.329615] ip_local_deliver_finish+0x54/0x60
[ 562.330050] ip_local_deliver+0xf7/0x110
[ 562.330431] ? inet_rtm_getroute+0x211/0x840
[ 562.330848] ? ip_protocol_deliver_rcu+0x1f0/0x1f0
[ 562.331310] ip_rcv+0xe1/0xf0
[ 562.331603] ? ip_local_deliver+0x110/0x110
[ 562.332011] __netif_receive_skb_core+0x46a/0x1040
[ 562.332476] ? inet_gro_receive+0x263/0x2e0
[ 562.332885] __netif_receive_skb_list_core+0x13b/0x2c0
[ 562.333383] netif_receive_skb_list_internal+0x1c8/0x2f0
[ 562.333896] ? update_load_avg+0x7e/0x5e0
[ 562.334285] gro_normal_list.part.149+0x19/0x40
[ 562.334722] napi_complete_done+0x67/0x160
[ 562.335134] virtnet_poll+0x2ad/0x408 [virtio_net]
[ 562.335644] __napi_poll+0x28/0x140
[ 562.336012] net_rx_action+0x23d/0x300
[ 562.336414] __do_softirq+0xf2/0x2ea
[ 562.336803] irq_exit_rcu+0xc1/0xf0
[ 562.337173] common_interrupt+0xb9/0xd0
It is and was always forbidden to call kernel_getpeername() in context
of error_report(). To get rid of the problem we access the destination
address for the peer over the socket structure. While on it we fix to
print out the destination port of the inet socket.
Fixes: 1a31833d085a ("DLM: Replace nodeid_to_addr with kernel_getpeername")
Reported-by: Bob Peterson <rpeterso@redhat.com>
Signed-off-by: Alexander Aring <aahringo@redhat.com>
Signed-off-by: David Teigland <teigland@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/dlm/lowcomms.c | 42 ++++++++++++++++++++----------------------
1 file changed, 20 insertions(+), 22 deletions(-)
diff --git a/fs/dlm/lowcomms.c b/fs/dlm/lowcomms.c
index 0a8645ed4b2d6..904855fa20655 100644
--- a/fs/dlm/lowcomms.c
+++ b/fs/dlm/lowcomms.c
@@ -471,8 +471,8 @@ int dlm_lowcomms_connect_node(int nodeid)
static void lowcomms_error_report(struct sock *sk)
{
struct connection *con;
- struct sockaddr_storage saddr;
void (*orig_report)(struct sock *) = NULL;
+ struct inet_sock *inet;
read_lock_bh(&sk->sk_callback_lock);
con = sock2con(sk);
@@ -480,33 +480,31 @@ static void lowcomms_error_report(struct sock *sk)
goto out;
orig_report = listen_sock.sk_error_report;
- if (kernel_getpeername(sk->sk_socket, (struct sockaddr *)&saddr) < 0) {
- printk_ratelimited(KERN_ERR "dlm: node %d: socket error "
- "sending to node %d, port %d, "
- "sk_err=%d/%d\n", dlm_our_nodeid(),
- con->nodeid, dlm_config.ci_tcp_port,
- sk->sk_err, sk->sk_err_soft);
- } else if (saddr.ss_family == AF_INET) {
- struct sockaddr_in *sin4 = (struct sockaddr_in *)&saddr;
+ inet = inet_sk(sk);
+ switch (sk->sk_family) {
+ case AF_INET:
printk_ratelimited(KERN_ERR "dlm: node %d: socket error "
- "sending to node %d at %pI4, port %d, "
+ "sending to node %d at %pI4, dport %d, "
"sk_err=%d/%d\n", dlm_our_nodeid(),
- con->nodeid, &sin4->sin_addr.s_addr,
- dlm_config.ci_tcp_port, sk->sk_err,
+ con->nodeid, &inet->inet_daddr,
+ ntohs(inet->inet_dport), sk->sk_err,
sk->sk_err_soft);
- } else {
- struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)&saddr;
-
+ break;
+ case AF_INET6:
printk_ratelimited(KERN_ERR "dlm: node %d: socket error "
- "sending to node %d at %u.%u.%u.%u, "
- "port %d, sk_err=%d/%d\n", dlm_our_nodeid(),
- con->nodeid, sin6->sin6_addr.s6_addr32[0],
- sin6->sin6_addr.s6_addr32[1],
- sin6->sin6_addr.s6_addr32[2],
- sin6->sin6_addr.s6_addr32[3],
- dlm_config.ci_tcp_port, sk->sk_err,
+ "sending to node %d at %pI6c, "
+ "dport %d, sk_err=%d/%d\n", dlm_our_nodeid(),
+ con->nodeid, &sk->sk_v6_daddr,
+ ntohs(inet->inet_dport), sk->sk_err,
sk->sk_err_soft);
+ break;
+ default:
+ printk_ratelimited(KERN_ERR "dlm: node %d: socket error "
+ "invalid socket family %d set, "
+ "sk_err=%d/%d\n", dlm_our_nodeid(),
+ sk->sk_family, sk->sk_err, sk->sk_err_soft);
+ goto out;
}
out:
read_unlock_bh(&sk->sk_callback_lock);
--
2.34.1
^ permalink raw reply related [flat|nested] 584+ messages in thread
* [PATCH 5.10 084/563] memory: renesas-rpc-if: Return error in case devm_ioremap_resource() fails
2022-01-24 18:36 [PATCH 5.10 000/563] 5.10.94-rc1 review Greg Kroah-Hartman
` (82 preceding siblings ...)
2022-01-24 18:37 ` [PATCH 5.10 083/563] fs: dlm: dont call kernel_getpeername() in error_report() Greg Kroah-Hartman
@ 2022-01-24 18:37 ` Greg Kroah-Hartman
2022-01-24 18:37 ` [PATCH 5.10 085/563] Bluetooth: stop proccessing malicious adv data Greg Kroah-Hartman
` (482 subsequent siblings)
566 siblings, 0 replies; 584+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:37 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Lad Prabhakar, Biju Das,
Wolfram Sang, Geert Uytterhoeven, Krzysztof Kozlowski,
Sasha Levin
From: Lad Prabhakar <prabhakar.mahadev-lad.rj@bp.renesas.com>
[ Upstream commit 818fdfa89baac77a8df5a2c30f4fb798cc937aa0 ]
Make sure we return error in case devm_ioremap_resource() fails for dirmap
resource.
Fixes: ca7d8b980b67 ("memory: add Renesas RPC-IF driver")
Signed-off-by: Lad Prabhakar <prabhakar.mahadev-lad.rj@bp.renesas.com>
Reviewed-by: Biju Das <biju.das.jz@bp.renesas.com>
Reviewed-by: Wolfram Sang <wsa+renesas@sang-engineering.com>
Reviewed-by: Geert Uytterhoeven <geert+renesas@glider.be>
Link: https://lore.kernel.org/r/20211025205631.21151-6-prabhakar.mahadev-lad.rj@bp.renesas.com
Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski@canonical.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/memory/renesas-rpc-if.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/memory/renesas-rpc-if.c b/drivers/memory/renesas-rpc-if.c
index a760ab08256ff..9019121a80f53 100644
--- a/drivers/memory/renesas-rpc-if.c
+++ b/drivers/memory/renesas-rpc-if.c
@@ -245,7 +245,7 @@ int rpcif_sw_init(struct rpcif *rpc, struct device *dev)
res = platform_get_resource_byname(pdev, IORESOURCE_MEM, "dirmap");
rpc->dirmap = devm_ioremap_resource(&pdev->dev, res);
if (IS_ERR(rpc->dirmap))
- rpc->dirmap = NULL;
+ return PTR_ERR(rpc->dirmap);
rpc->size = resource_size(res);
rpc->rstc = devm_reset_control_get_exclusive(&pdev->dev, NULL);
--
2.34.1
^ permalink raw reply related [flat|nested] 584+ messages in thread
* [PATCH 5.10 085/563] Bluetooth: stop proccessing malicious adv data
2022-01-24 18:36 [PATCH 5.10 000/563] 5.10.94-rc1 review Greg Kroah-Hartman
` (83 preceding siblings ...)
2022-01-24 18:37 ` [PATCH 5.10 084/563] memory: renesas-rpc-if: Return error in case devm_ioremap_resource() fails Greg Kroah-Hartman
@ 2022-01-24 18:37 ` Greg Kroah-Hartman
2022-01-24 18:37 ` [PATCH 5.10 086/563] ath11k: Fix ETSI regd with weather radar overlap Greg Kroah-Hartman
` (481 subsequent siblings)
566 siblings, 0 replies; 584+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:37 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Pavel Skripkin, Marcel Holtmann,
Sasha Levin, syzbot+e3fcb9c4f3c2a931dc40
From: Pavel Skripkin <paskripkin@gmail.com>
[ Upstream commit 3a56ef719f0b9682afb8a86d64b2399e36faa4e6 ]
Syzbot reported slab-out-of-bounds read in hci_le_adv_report_evt(). The
problem was in missing validaion check.
We should check if data is not malicious and we can read next data block.
If we won't check ptr validness, code can read a way beyond skb->end and
it can cause problems, of course.
Fixes: e95beb414168 ("Bluetooth: hci_le_adv_report_evt code refactoring")
Reported-and-tested-by: syzbot+e3fcb9c4f3c2a931dc40@syzkaller.appspotmail.com
Signed-off-by: Pavel Skripkin <paskripkin@gmail.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/bluetooth/hci_event.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c
index 9f52145bb7b76..7ffcca9ae82a1 100644
--- a/net/bluetooth/hci_event.c
+++ b/net/bluetooth/hci_event.c
@@ -5661,7 +5661,8 @@ static void hci_le_adv_report_evt(struct hci_dev *hdev, struct sk_buff *skb)
struct hci_ev_le_advertising_info *ev = ptr;
s8 rssi;
- if (ev->length <= HCI_MAX_AD_LENGTH) {
+ if (ev->length <= HCI_MAX_AD_LENGTH &&
+ ev->data + ev->length <= skb_tail_pointer(skb)) {
rssi = ev->data[ev->length];
process_adv_report(hdev, ev->evt_type, &ev->bdaddr,
ev->bdaddr_type, NULL, 0, rssi,
@@ -5671,6 +5672,11 @@ static void hci_le_adv_report_evt(struct hci_dev *hdev, struct sk_buff *skb)
}
ptr += sizeof(*ev) + ev->length + 1;
+
+ if (ptr > (void *) skb_tail_pointer(skb) - sizeof(*ev)) {
+ bt_dev_err(hdev, "Malicious advertising data. Stopping processing");
+ break;
+ }
}
hci_dev_unlock(hdev);
--
2.34.1
^ permalink raw reply related [flat|nested] 584+ messages in thread
* [PATCH 5.10 086/563] ath11k: Fix ETSI regd with weather radar overlap
2022-01-24 18:36 [PATCH 5.10 000/563] 5.10.94-rc1 review Greg Kroah-Hartman
` (84 preceding siblings ...)
2022-01-24 18:37 ` [PATCH 5.10 085/563] Bluetooth: stop proccessing malicious adv data Greg Kroah-Hartman
@ 2022-01-24 18:37 ` Greg Kroah-Hartman
2022-01-24 18:37 ` [PATCH 5.10 087/563] ath11k: clear the keys properly via DISABLE_KEY Greg Kroah-Hartman
` (480 subsequent siblings)
566 siblings, 0 replies; 584+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:37 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Sven Eckelmann, Kalle Valo, Sasha Levin
From: Sven Eckelmann <sven@narfation.org>
[ Upstream commit 086c921a354089f209318501038d43c98d3f409f ]
Some ETSI countries have a small overlap in the wireless-regdb with an ETSI
channel (5590-5650). A good example is Australia:
country AU: DFS-ETSI
(2400 - 2483.5 @ 40), (36)
(5150 - 5250 @ 80), (23), NO-OUTDOOR, AUTO-BW
(5250 - 5350 @ 80), (20), NO-OUTDOOR, AUTO-BW, DFS
(5470 - 5600 @ 80), (27), DFS
(5650 - 5730 @ 80), (27), DFS
(5730 - 5850 @ 80), (36)
(57000 - 66000 @ 2160), (43), NO-OUTDOOR
If the firmware (or the BDF) is shipped with these rules then there is only
a 10 MHz overlap with the weather radar:
* below: 5470 - 5590
* weather radar: 5590 - 5600
* above: (none for the rule "5470 - 5600 @ 80")
There are several wrong assumption in the ath11k code:
* there is always a valid range below the weather radar
(actually: there could be no range below the weather radar range OR range
could be smaller than 20 MHz)
* intersected range in the weather radar range is valid
(actually: the range could be smaller than 20 MHz)
* range above weather radar is either empty or valid
(actually: the range could be smaller than 20 MHz)
These wrong assumption will lead in this example to a rule
(5590 - 5600 @ 20), (N/A, 27), (600000 ms), DFS, AUTO-BW
which is invalid according to is_valid_reg_rule() because the freq_diff is
only 10 MHz but the max_bandwidth is set to 20 MHz. Which results in a
rejection like:
WARNING: at backports-20210222_001-4.4.60-b157d2276/net/wireless/reg.c:3984
[...]
Call trace:
[<ffffffbffc3d2e50>] reg_get_max_bandwidth+0x300/0x3a8 [cfg80211]
[<ffffffbffc3d3d0c>] regulatory_set_wiphy_regd_sync+0x3c/0x98 [cfg80211]
[<ffffffbffc651598>] ath11k_regd_update+0x1a8/0x210 [ath11k]
[<ffffffbffc652108>] ath11k_regd_update_work+0x18/0x20 [ath11k]
[<ffffffc0000a93e0>] process_one_work+0x1f8/0x340
[<ffffffc0000a9784>] worker_thread+0x25c/0x448
[<ffffffc0000aedc8>] kthread+0xd0/0xd8
[<ffffffc000085550>] ret_from_fork+0x10/0x40
ath11k c000000.wifi: failed to perform regd update : -22
Invalid regulatory domain detected
To avoid this, the algorithm has to be changed slightly. Instead of
splitting a rule which overlaps with the weather radar range into 3 pieces
and accepting the first two parts blindly, it must actually be checked for
each piece whether it is a valid range. And only if it is valid, add it to
the output array.
When these checks are in place, the processed rules for AU would end up as
country AU: DFS-ETSI
(2400 - 2483 @ 40), (N/A, 36), (N/A)
(5150 - 5250 @ 80), (6, 23), (N/A), NO-OUTDOOR, AUTO-BW
(5250 - 5350 @ 80), (6, 20), (0 ms), NO-OUTDOOR, DFS, AUTO-BW
(5470 - 5590 @ 80), (6, 27), (0 ms), DFS, AUTO-BW
(5650 - 5730 @ 80), (6, 27), (0 ms), DFS, AUTO-BW
(5730 - 5850 @ 80), (6, 36), (N/A), AUTO-BW
and will be accepted by the wireless regulatory code.
Fixes: d5c65159f289 ("ath11k: driver for Qualcomm IEEE 802.11ax devices")
Signed-off-by: Sven Eckelmann <sven@narfation.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/20211112153116.1214421-1-sven@narfation.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/ath/ath11k/reg.c | 103 ++++++++++++++------------
1 file changed, 56 insertions(+), 47 deletions(-)
diff --git a/drivers/net/wireless/ath/ath11k/reg.c b/drivers/net/wireless/ath/ath11k/reg.c
index b8f9f34408879..e34311516b958 100644
--- a/drivers/net/wireless/ath/ath11k/reg.c
+++ b/drivers/net/wireless/ath/ath11k/reg.c
@@ -456,6 +456,9 @@ ath11k_reg_adjust_bw(u16 start_freq, u16 end_freq, u16 max_bw)
{
u16 bw;
+ if (end_freq <= start_freq)
+ return 0;
+
bw = end_freq - start_freq;
bw = min_t(u16, bw, max_bw);
@@ -463,8 +466,10 @@ ath11k_reg_adjust_bw(u16 start_freq, u16 end_freq, u16 max_bw)
bw = 80;
else if (bw >= 40 && bw < 80)
bw = 40;
- else if (bw < 40)
+ else if (bw >= 20 && bw < 40)
bw = 20;
+ else
+ bw = 0;
return bw;
}
@@ -488,73 +493,77 @@ ath11k_reg_update_weather_radar_band(struct ath11k_base *ab,
struct cur_reg_rule *reg_rule,
u8 *rule_idx, u32 flags, u16 max_bw)
{
+ u32 start_freq;
u32 end_freq;
u16 bw;
u8 i;
i = *rule_idx;
+ /* there might be situations when even the input rule must be dropped */
+ i--;
+
+ /* frequencies below weather radar */
bw = ath11k_reg_adjust_bw(reg_rule->start_freq,
ETSI_WEATHER_RADAR_BAND_LOW, max_bw);
+ if (bw > 0) {
+ i++;
- ath11k_reg_update_rule(regd->reg_rules + i, reg_rule->start_freq,
- ETSI_WEATHER_RADAR_BAND_LOW, bw,
- reg_rule->ant_gain, reg_rule->reg_power,
- flags);
+ ath11k_reg_update_rule(regd->reg_rules + i,
+ reg_rule->start_freq,
+ ETSI_WEATHER_RADAR_BAND_LOW, bw,
+ reg_rule->ant_gain, reg_rule->reg_power,
+ flags);
- ath11k_dbg(ab, ATH11K_DBG_REG,
- "\t%d. (%d - %d @ %d) (%d, %d) (%d ms) (FLAGS %d)\n",
- i + 1, reg_rule->start_freq, ETSI_WEATHER_RADAR_BAND_LOW,
- bw, reg_rule->ant_gain, reg_rule->reg_power,
- regd->reg_rules[i].dfs_cac_ms,
- flags);
-
- if (reg_rule->end_freq > ETSI_WEATHER_RADAR_BAND_HIGH)
- end_freq = ETSI_WEATHER_RADAR_BAND_HIGH;
- else
- end_freq = reg_rule->end_freq;
+ ath11k_dbg(ab, ATH11K_DBG_REG,
+ "\t%d. (%d - %d @ %d) (%d, %d) (%d ms) (FLAGS %d)\n",
+ i + 1, reg_rule->start_freq,
+ ETSI_WEATHER_RADAR_BAND_LOW, bw, reg_rule->ant_gain,
+ reg_rule->reg_power, regd->reg_rules[i].dfs_cac_ms,
+ flags);
+ }
- bw = ath11k_reg_adjust_bw(ETSI_WEATHER_RADAR_BAND_LOW, end_freq,
- max_bw);
+ /* weather radar frequencies */
+ start_freq = max_t(u32, reg_rule->start_freq,
+ ETSI_WEATHER_RADAR_BAND_LOW);
+ end_freq = min_t(u32, reg_rule->end_freq, ETSI_WEATHER_RADAR_BAND_HIGH);
- i++;
+ bw = ath11k_reg_adjust_bw(start_freq, end_freq, max_bw);
+ if (bw > 0) {
+ i++;
- ath11k_reg_update_rule(regd->reg_rules + i,
- ETSI_WEATHER_RADAR_BAND_LOW, end_freq, bw,
- reg_rule->ant_gain, reg_rule->reg_power,
- flags);
+ ath11k_reg_update_rule(regd->reg_rules + i, start_freq,
+ end_freq, bw, reg_rule->ant_gain,
+ reg_rule->reg_power, flags);
- regd->reg_rules[i].dfs_cac_ms = ETSI_WEATHER_RADAR_BAND_CAC_TIMEOUT;
+ regd->reg_rules[i].dfs_cac_ms = ETSI_WEATHER_RADAR_BAND_CAC_TIMEOUT;
- ath11k_dbg(ab, ATH11K_DBG_REG,
- "\t%d. (%d - %d @ %d) (%d, %d) (%d ms) (FLAGS %d)\n",
- i + 1, ETSI_WEATHER_RADAR_BAND_LOW, end_freq,
- bw, reg_rule->ant_gain, reg_rule->reg_power,
- regd->reg_rules[i].dfs_cac_ms,
- flags);
-
- if (end_freq == reg_rule->end_freq) {
- regd->n_reg_rules--;
- *rule_idx = i;
- return;
+ ath11k_dbg(ab, ATH11K_DBG_REG,
+ "\t%d. (%d - %d @ %d) (%d, %d) (%d ms) (FLAGS %d)\n",
+ i + 1, start_freq, end_freq, bw,
+ reg_rule->ant_gain, reg_rule->reg_power,
+ regd->reg_rules[i].dfs_cac_ms, flags);
}
+ /* frequencies above weather radar */
bw = ath11k_reg_adjust_bw(ETSI_WEATHER_RADAR_BAND_HIGH,
reg_rule->end_freq, max_bw);
+ if (bw > 0) {
+ i++;
- i++;
-
- ath11k_reg_update_rule(regd->reg_rules + i, ETSI_WEATHER_RADAR_BAND_HIGH,
- reg_rule->end_freq, bw,
- reg_rule->ant_gain, reg_rule->reg_power,
- flags);
+ ath11k_reg_update_rule(regd->reg_rules + i,
+ ETSI_WEATHER_RADAR_BAND_HIGH,
+ reg_rule->end_freq, bw,
+ reg_rule->ant_gain, reg_rule->reg_power,
+ flags);
- ath11k_dbg(ab, ATH11K_DBG_REG,
- "\t%d. (%d - %d @ %d) (%d, %d) (%d ms) (FLAGS %d)\n",
- i + 1, ETSI_WEATHER_RADAR_BAND_HIGH, reg_rule->end_freq,
- bw, reg_rule->ant_gain, reg_rule->reg_power,
- regd->reg_rules[i].dfs_cac_ms,
- flags);
+ ath11k_dbg(ab, ATH11K_DBG_REG,
+ "\t%d. (%d - %d @ %d) (%d, %d) (%d ms) (FLAGS %d)\n",
+ i + 1, ETSI_WEATHER_RADAR_BAND_HIGH,
+ reg_rule->end_freq, bw, reg_rule->ant_gain,
+ reg_rule->reg_power, regd->reg_rules[i].dfs_cac_ms,
+ flags);
+ }
*rule_idx = i;
}
--
2.34.1
^ permalink raw reply related [flat|nested] 584+ messages in thread
* [PATCH 5.10 087/563] ath11k: clear the keys properly via DISABLE_KEY
2022-01-24 18:36 [PATCH 5.10 000/563] 5.10.94-rc1 review Greg Kroah-Hartman
` (85 preceding siblings ...)
2022-01-24 18:37 ` [PATCH 5.10 086/563] ath11k: Fix ETSI regd with weather radar overlap Greg Kroah-Hartman
@ 2022-01-24 18:37 ` Greg Kroah-Hartman
2022-01-24 18:37 ` [PATCH 5.10 088/563] ath11k: reset RSN/WPA present state for open BSS Greg Kroah-Hartman
` (479 subsequent siblings)
566 siblings, 0 replies; 584+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:37 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Sven Eckelmann,
Karthikeyan Kathirvel, Kalle Valo, Sasha Levin
From: Karthikeyan Kathirvel <kathirve@codeaurora.org>
[ Upstream commit 436a4e88659842a7cf634d7cc088c8f2cc94ebf5 ]
DISABLE_KEY sets the key_len to 0, firmware will not delete the keys if
key_len is 0. Changing from security mode to open mode will cause mcast
to be still encrypted without vdev restart.
Set the proper key_len for DISABLE_KEY cmd to clear the keys in
firmware.
Tested-on: IPQ6018 hw1.0 AHB WLAN.HK.2.5.0.1-01100-QCAHKSWPL_SILICONZ-1
Fixes: d5c65159f289 ("ath11k: driver for Qualcomm IEEE 802.11ax devices")
Reported-by: Sven Eckelmann <sven@narfation.org>
Signed-off-by: Karthikeyan Kathirvel <kathirve@codeaurora.org>
[sven@narfation.org: split into separate patches, clean up commit message]
Signed-off-by: Sven Eckelmann <sven@narfation.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/20211115100441.33771-1-sven@narfation.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/ath/ath11k/mac.c | 4 +---
drivers/net/wireless/ath/ath11k/wmi.c | 3 ++-
2 files changed, 3 insertions(+), 4 deletions(-)
diff --git a/drivers/net/wireless/ath/ath11k/mac.c b/drivers/net/wireless/ath/ath11k/mac.c
index 0924bc8b35205..304e158f09751 100644
--- a/drivers/net/wireless/ath/ath11k/mac.c
+++ b/drivers/net/wireless/ath/ath11k/mac.c
@@ -2395,9 +2395,7 @@ static int ath11k_install_key(struct ath11k_vif *arvif,
return 0;
if (cmd == DISABLE_KEY) {
- /* TODO: Check if FW expects value other than NONE for del */
- /* arg.key_cipher = WMI_CIPHER_NONE; */
- arg.key_len = 0;
+ arg.key_cipher = WMI_CIPHER_NONE;
arg.key_data = NULL;
goto install;
}
diff --git a/drivers/net/wireless/ath/ath11k/wmi.c b/drivers/net/wireless/ath/ath11k/wmi.c
index e84127165d858..acf1641ce88fd 100644
--- a/drivers/net/wireless/ath/ath11k/wmi.c
+++ b/drivers/net/wireless/ath/ath11k/wmi.c
@@ -1665,7 +1665,8 @@ int ath11k_wmi_vdev_install_key(struct ath11k *ar,
tlv = (struct wmi_tlv *)(skb->data + sizeof(*cmd));
tlv->header = FIELD_PREP(WMI_TLV_TAG, WMI_TAG_ARRAY_BYTE) |
FIELD_PREP(WMI_TLV_LEN, key_len_aligned);
- memcpy(tlv->value, (u8 *)arg->key_data, key_len_aligned);
+ if (arg->key_data)
+ memcpy(tlv->value, (u8 *)arg->key_data, key_len_aligned);
ret = ath11k_wmi_cmd_send(wmi, skb, WMI_VDEV_INSTALL_KEY_CMDID);
if (ret) {
--
2.34.1
^ permalink raw reply related [flat|nested] 584+ messages in thread
* [PATCH 5.10 088/563] ath11k: reset RSN/WPA present state for open BSS
2022-01-24 18:36 [PATCH 5.10 000/563] 5.10.94-rc1 review Greg Kroah-Hartman
` (86 preceding siblings ...)
2022-01-24 18:37 ` [PATCH 5.10 087/563] ath11k: clear the keys properly via DISABLE_KEY Greg Kroah-Hartman
@ 2022-01-24 18:37 ` Greg Kroah-Hartman
2022-01-24 18:37 ` [PATCH 5.10 089/563] tee: fix put order in teedev_close_context() Greg Kroah-Hartman
` (478 subsequent siblings)
566 siblings, 0 replies; 584+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:37 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Venkateswara Naralasetty,
Sven Eckelmann, Karthikeyan Kathirvel, Kalle Valo, Sasha Levin
From: Karthikeyan Kathirvel <kathirve@codeaurora.org>
[ Upstream commit 64bc3aa02ae78b1fcb1b850e0eb1f0622002bfaa ]
The ath11k driver is caching the information about RSN/WPA IE in the
configured beacon template. The cached information is used during
associations to figure out whether 4-way PKT/2-way GTK peer flags need to
be set or not.
But the code never cleared the state when no such IE was found. This can
for example happen when moving from an WPA/RSN to an open setup. The
(seemingly connected) peer was then not able to communicate over the
link because the firmware assumed a different (encryption enabled) state
for the peer.
Tested-on: IPQ6018 hw1.0 AHB WLAN.HK.2.5.0.1-01100-QCAHKSWPL_SILICONZ-1
Fixes: 01e34233c645 ("ath11k: fix wmi peer flags in peer assoc command")
Cc: Venkateswara Naralasetty <vnaralas@codeaurora.org>
Reported-by: Sven Eckelmann <sven@narfation.org>
Signed-off-by: Karthikeyan Kathirvel <kathirve@codeaurora.org>
[sven@narfation.org: split into separate patches, clean up commit message]
Signed-off-by: Sven Eckelmann <sven@narfation.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/20211115100441.33771-2-sven@narfation.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/ath/ath11k/mac.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/drivers/net/wireless/ath/ath11k/mac.c b/drivers/net/wireless/ath/ath11k/mac.c
index 304e158f09751..b4f8494e3c707 100644
--- a/drivers/net/wireless/ath/ath11k/mac.c
+++ b/drivers/net/wireless/ath/ath11k/mac.c
@@ -792,11 +792,15 @@ static int ath11k_mac_setup_bcn_tmpl(struct ath11k_vif *arvif)
if (cfg80211_find_ie(WLAN_EID_RSN, ies, (skb_tail_pointer(bcn) - ies)))
arvif->rsnie_present = true;
+ else
+ arvif->rsnie_present = false;
if (cfg80211_find_vendor_ie(WLAN_OUI_MICROSOFT,
WLAN_OUI_TYPE_MICROSOFT_WPA,
ies, (skb_tail_pointer(bcn) - ies)))
arvif->wpaie_present = true;
+ else
+ arvif->wpaie_present = false;
ret = ath11k_wmi_bcn_tmpl(ar, arvif->vdev_id, &offs, bcn);
--
2.34.1
^ permalink raw reply related [flat|nested] 584+ messages in thread
* [PATCH 5.10 089/563] tee: fix put order in teedev_close_context()
2022-01-24 18:36 [PATCH 5.10 000/563] 5.10.94-rc1 review Greg Kroah-Hartman
` (87 preceding siblings ...)
2022-01-24 18:37 ` [PATCH 5.10 088/563] ath11k: reset RSN/WPA present state for open BSS Greg Kroah-Hartman
@ 2022-01-24 18:37 ` Greg Kroah-Hartman
2022-01-24 18:37 ` [PATCH 5.10 090/563] fs: dlm: fix build with CONFIG_IPV6 disabled Greg Kroah-Hartman
` (477 subsequent siblings)
566 siblings, 0 replies; 584+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:37 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Sumit Garg, Jens Wiklander, Sasha Levin
From: Jens Wiklander <jens.wiklander@linaro.org>
[ Upstream commit f18397ab3ae23e8e43bba9986e66af6d4497f2ad ]
Prior to this patch was teedev_close_context() calling tee_device_put()
before teedev_ctx_put() leading to teedev_ctx_release() accessing
ctx->teedev just after the reference counter was decreased on the
teedev. Fix this by calling teedev_ctx_put() before tee_device_put().
Fixes: 217e0250cccb ("tee: use reference counting for tee_context")
Reviewed-by: Sumit Garg <sumit.garg@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/tee/tee_core.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/tee/tee_core.c b/drivers/tee/tee_core.c
index 6ade4a5c48407..dfc239c64ce3c 100644
--- a/drivers/tee/tee_core.c
+++ b/drivers/tee/tee_core.c
@@ -98,8 +98,10 @@ void teedev_ctx_put(struct tee_context *ctx)
static void teedev_close_context(struct tee_context *ctx)
{
- tee_device_put(ctx->teedev);
+ struct tee_device *teedev = ctx->teedev;
+
teedev_ctx_put(ctx);
+ tee_device_put(teedev);
}
static int tee_open(struct inode *inode, struct file *filp)
--
2.34.1
^ permalink raw reply related [flat|nested] 584+ messages in thread
* [PATCH 5.10 090/563] fs: dlm: fix build with CONFIG_IPV6 disabled
2022-01-24 18:36 [PATCH 5.10 000/563] 5.10.94-rc1 review Greg Kroah-Hartman
` (88 preceding siblings ...)
2022-01-24 18:37 ` [PATCH 5.10 089/563] tee: fix put order in teedev_close_context() Greg Kroah-Hartman
@ 2022-01-24 18:37 ` Greg Kroah-Hartman
2022-01-24 18:37 ` [PATCH 5.10 091/563] drm/vboxvideo: fix a NULL vs IS_ERR() check Greg Kroah-Hartman
` (476 subsequent siblings)
566 siblings, 0 replies; 584+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:37 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, kernel test robot, Alexander Aring,
David Teigland, Sasha Levin
From: Alexander Aring <aahringo@redhat.com>
[ Upstream commit 1b9beda83e27a0c2cd75d1cb743c297c7b36c844 ]
This patch will surround the AF_INET6 case in sk_error_report() of dlm
with a #if IS_ENABLED(CONFIG_IPV6). The field sk->sk_v6_daddr is not
defined when CONFIG_IPV6 is disabled. If CONFIG_IPV6 is disabled, the
socket creation with AF_INET6 should already fail because a runtime
check if AF_INET6 is registered. However if there is the possibility
that AF_INET6 is set as sk_family the sk_error_report() callback will
print then an invalid family type error.
Reported-by: kernel test robot <lkp@intel.com>
Fixes: 4c3d90570bcc ("fs: dlm: don't call kernel_getpeername() in error_report()")
Signed-off-by: Alexander Aring <aahringo@redhat.com>
Signed-off-by: David Teigland <teigland@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/dlm/lowcomms.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/fs/dlm/lowcomms.c b/fs/dlm/lowcomms.c
index 904855fa20655..68b765369c928 100644
--- a/fs/dlm/lowcomms.c
+++ b/fs/dlm/lowcomms.c
@@ -491,6 +491,7 @@ static void lowcomms_error_report(struct sock *sk)
ntohs(inet->inet_dport), sk->sk_err,
sk->sk_err_soft);
break;
+#if IS_ENABLED(CONFIG_IPV6)
case AF_INET6:
printk_ratelimited(KERN_ERR "dlm: node %d: socket error "
"sending to node %d at %pI6c, "
@@ -499,6 +500,7 @@ static void lowcomms_error_report(struct sock *sk)
ntohs(inet->inet_dport), sk->sk_err,
sk->sk_err_soft);
break;
+#endif
default:
printk_ratelimited(KERN_ERR "dlm: node %d: socket error "
"invalid socket family %d set, "
--
2.34.1
^ permalink raw reply related [flat|nested] 584+ messages in thread
* [PATCH 5.10 091/563] drm/vboxvideo: fix a NULL vs IS_ERR() check
2022-01-24 18:36 [PATCH 5.10 000/563] 5.10.94-rc1 review Greg Kroah-Hartman
` (89 preceding siblings ...)
2022-01-24 18:37 ` [PATCH 5.10 090/563] fs: dlm: fix build with CONFIG_IPV6 disabled Greg Kroah-Hartman
@ 2022-01-24 18:37 ` Greg Kroah-Hartman
2022-01-24 18:37 ` [PATCH 5.10 092/563] arm64: dts: renesas: cat875: Add rx/tx delays Greg Kroah-Hartman
` (475 subsequent siblings)
566 siblings, 0 replies; 584+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:37 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dan Carpenter, Hans de Goede, Sasha Levin
From: Dan Carpenter <dan.carpenter@oracle.com>
[ Upstream commit cebbb5c46d0cb0615fd0c62dea9b44273d0a9780 ]
The devm_gen_pool_create() function never returns NULL, it returns
error pointers.
Fixes: 4cc9b565454b ("drm/vboxvideo: Use devm_gen_pool_create")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Reviewed-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20211118111233.GA1147@kili
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/vboxvideo/vbox_main.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/gpu/drm/vboxvideo/vbox_main.c b/drivers/gpu/drm/vboxvideo/vbox_main.c
index d68d9bad76747..c5ea880d17b29 100644
--- a/drivers/gpu/drm/vboxvideo/vbox_main.c
+++ b/drivers/gpu/drm/vboxvideo/vbox_main.c
@@ -123,8 +123,8 @@ int vbox_hw_init(struct vbox_private *vbox)
/* Create guest-heap mem-pool use 2^4 = 16 byte chunks */
vbox->guest_pool = devm_gen_pool_create(vbox->ddev.dev, 4, -1,
"vboxvideo-accel");
- if (!vbox->guest_pool)
- return -ENOMEM;
+ if (IS_ERR(vbox->guest_pool))
+ return PTR_ERR(vbox->guest_pool);
ret = gen_pool_add_virt(vbox->guest_pool,
(unsigned long)vbox->guest_heap,
--
2.34.1
^ permalink raw reply related [flat|nested] 584+ messages in thread
* [PATCH 5.10 092/563] arm64: dts: renesas: cat875: Add rx/tx delays
2022-01-24 18:36 [PATCH 5.10 000/563] 5.10.94-rc1 review Greg Kroah-Hartman
` (90 preceding siblings ...)
2022-01-24 18:37 ` [PATCH 5.10 091/563] drm/vboxvideo: fix a NULL vs IS_ERR() check Greg Kroah-Hartman
@ 2022-01-24 18:37 ` Greg Kroah-Hartman
2022-01-24 18:37 ` [PATCH 5.10 093/563] media: dmxdev: fix UAF when dvb_register_device() fails Greg Kroah-Hartman
` (474 subsequent siblings)
566 siblings, 0 replies; 584+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:37 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Biju Das, Geert Uytterhoeven, Sasha Levin
From: Biju Das <biju.das.jz@bp.renesas.com>
[ Upstream commit e1a9faddffe7e555304dc2e3284c84fbee0679ee ]
The CAT875 sub board from Silicon Linux uses a Realtek PHY.
The phy driver commit bbc4d71d63549bcd003 ("net: phy: realtek: fix
rtl8211e rx/tx delay config") introduced NFS mount failures. Now it
needs both rx/tx delays for the NFS mount to work.
This patch fixes the NFS mount failure issue by adding "rgmii-id" mode
to the avb device node.
Signed-off-by: Biju Das <biju.das.jz@bp.renesas.com>
Fixes: bbc4d71d63549bcd ("net: phy: realtek: fix rtl8211e rx/tx delay config")
Link: https://lore.kernel.org/r/20211115142830.12651-1-biju.das.jz@bp.renesas.com
Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/boot/dts/renesas/cat875.dtsi | 1 +
1 file changed, 1 insertion(+)
diff --git a/arch/arm64/boot/dts/renesas/cat875.dtsi b/arch/arm64/boot/dts/renesas/cat875.dtsi
index 801ea54b027c4..20f8adc635e72 100644
--- a/arch/arm64/boot/dts/renesas/cat875.dtsi
+++ b/arch/arm64/boot/dts/renesas/cat875.dtsi
@@ -18,6 +18,7 @@
pinctrl-names = "default";
renesas,no-ether-link;
phy-handle = <&phy0>;
+ phy-mode = "rgmii-id";
status = "okay";
phy0: ethernet-phy@0 {
--
2.34.1
^ permalink raw reply related [flat|nested] 584+ messages in thread
* [PATCH 5.10 093/563] media: dmxdev: fix UAF when dvb_register_device() fails
2022-01-24 18:36 [PATCH 5.10 000/563] 5.10.94-rc1 review Greg Kroah-Hartman
` (91 preceding siblings ...)
2022-01-24 18:37 ` [PATCH 5.10 092/563] arm64: dts: renesas: cat875: Add rx/tx delays Greg Kroah-Hartman
@ 2022-01-24 18:37 ` Greg Kroah-Hartman
2022-01-24 18:37 ` [PATCH 5.10 094/563] crypto: qce - fix uaf on qce_ahash_register_one Greg Kroah-Hartman
` (473 subsequent siblings)
566 siblings, 0 replies; 584+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:37 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hulk Robot, Wang Hai,
Mauro Carvalho Chehab, Sasha Levin
From: Wang Hai <wanghai38@huawei.com>
[ Upstream commit ab599eb11882f834951c436cc080c3455ba32b9b ]
I got a use-after-free report:
dvbdev: dvb_register_device: failed to create device dvb1.dvr0 (-12)
...
==================================================================
BUG: KASAN: use-after-free in dvb_dmxdev_release+0xce/0x2f0
...
Call Trace:
dump_stack_lvl+0x6c/0x8b
print_address_description.constprop.0+0x48/0x70
kasan_report.cold+0x82/0xdb
__asan_load4+0x6b/0x90
dvb_dmxdev_release+0xce/0x2f0
...
Allocated by task 7666:
kasan_save_stack+0x23/0x50
__kasan_kmalloc+0x83/0xa0
kmem_cache_alloc_trace+0x22e/0x470
dvb_register_device+0x12f/0x980
dvb_dmxdev_init+0x1f3/0x230
...
Freed by task 7666:
kasan_save_stack+0x23/0x50
kasan_set_track+0x20/0x30
kasan_set_free_info+0x24/0x40
__kasan_slab_free+0xf2/0x130
kfree+0xd1/0x5c0
dvb_register_device.cold+0x1ac/0x1fa
dvb_dmxdev_init+0x1f3/0x230
...
When dvb_register_device() in dvb_dmxdev_init() fails, dvb_dmxdev_init()
does not return a failure, and the memory pointed to by dvbdev or
dvr_dvbdev is invalid at this point. If they are used subsequently, it
will result in UFA or null-ptr-deref.
If dvb_register_device() in dvb_dmxdev_init() fails, fix the bug by making
dvb_dmxdev_init() return an error as well.
Link: https://lore.kernel.org/linux-media/20211015085741.1203283-1-wanghai38@huawei.com
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Reported-by: Hulk Robot <hulkci@huawei.com>
Signed-off-by: Wang Hai <wanghai38@huawei.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/dvb-core/dmxdev.c | 18 +++++++++++++++---
1 file changed, 15 insertions(+), 3 deletions(-)
diff --git a/drivers/media/dvb-core/dmxdev.c b/drivers/media/dvb-core/dmxdev.c
index f14a872d12687..e58cb8434dafe 100644
--- a/drivers/media/dvb-core/dmxdev.c
+++ b/drivers/media/dvb-core/dmxdev.c
@@ -1413,7 +1413,7 @@ static const struct dvb_device dvbdev_dvr = {
};
int dvb_dmxdev_init(struct dmxdev *dmxdev, struct dvb_adapter *dvb_adapter)
{
- int i;
+ int i, ret;
if (dmxdev->demux->open(dmxdev->demux) < 0)
return -EUSERS;
@@ -1432,14 +1432,26 @@ int dvb_dmxdev_init(struct dmxdev *dmxdev, struct dvb_adapter *dvb_adapter)
DMXDEV_STATE_FREE);
}
- dvb_register_device(dvb_adapter, &dmxdev->dvbdev, &dvbdev_demux, dmxdev,
+ ret = dvb_register_device(dvb_adapter, &dmxdev->dvbdev, &dvbdev_demux, dmxdev,
DVB_DEVICE_DEMUX, dmxdev->filternum);
- dvb_register_device(dvb_adapter, &dmxdev->dvr_dvbdev, &dvbdev_dvr,
+ if (ret < 0)
+ goto err_register_dvbdev;
+
+ ret = dvb_register_device(dvb_adapter, &dmxdev->dvr_dvbdev, &dvbdev_dvr,
dmxdev, DVB_DEVICE_DVR, dmxdev->filternum);
+ if (ret < 0)
+ goto err_register_dvr_dvbdev;
dvb_ringbuffer_init(&dmxdev->dvr_buffer, NULL, 8192);
return 0;
+
+err_register_dvr_dvbdev:
+ dvb_unregister_device(dmxdev->dvbdev);
+err_register_dvbdev:
+ vfree(dmxdev->filter);
+ dmxdev->filter = NULL;
+ return ret;
}
EXPORT_SYMBOL(dvb_dmxdev_init);
--
2.34.1
^ permalink raw reply related [flat|nested] 584+ messages in thread
* [PATCH 5.10 094/563] crypto: qce - fix uaf on qce_ahash_register_one
2022-01-24 18:36 [PATCH 5.10 000/563] 5.10.94-rc1 review Greg Kroah-Hartman
` (92 preceding siblings ...)
2022-01-24 18:37 ` [PATCH 5.10 093/563] media: dmxdev: fix UAF when dvb_register_device() fails Greg Kroah-Hartman
@ 2022-01-24 18:37 ` Greg Kroah-Hartman
2022-01-24 18:37 ` [PATCH 5.10 095/563] crypto: qce - fix uaf on qce_skcipher_register_one Greg Kroah-Hartman
` (472 subsequent siblings)
566 siblings, 0 replies; 584+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:37 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Chengfeng Ye, Thara Gopinath,
Herbert Xu, Sasha Levin
From: Chengfeng Ye <cyeaa@connect.ust.hk>
[ Upstream commit b4cb4d31631912842eb7dce02b4350cbb7562d5e ]
Pointer base points to sub field of tmpl, it
is dereferenced after tmpl is freed. Fix
this by accessing base before free tmpl.
Fixes: ec8f5d8f ("crypto: qce - Qualcomm crypto engine driver")
Signed-off-by: Chengfeng Ye <cyeaa@connect.ust.hk>
Acked-by: Thara Gopinath <thara.gopinath@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/crypto/qce/sha.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/crypto/qce/sha.c b/drivers/crypto/qce/sha.c
index 87be96a0b0bba..8b4e79d882af4 100644
--- a/drivers/crypto/qce/sha.c
+++ b/drivers/crypto/qce/sha.c
@@ -533,8 +533,8 @@ static int qce_ahash_register_one(const struct qce_ahash_def *def,
ret = crypto_register_ahash(alg);
if (ret) {
- kfree(tmpl);
dev_err(qce->dev, "%s registration failed\n", base->cra_name);
+ kfree(tmpl);
return ret;
}
--
2.34.1
^ permalink raw reply related [flat|nested] 584+ messages in thread
* [PATCH 5.10 095/563] crypto: qce - fix uaf on qce_skcipher_register_one
2022-01-24 18:36 [PATCH 5.10 000/563] 5.10.94-rc1 review Greg Kroah-Hartman
` (93 preceding siblings ...)
2022-01-24 18:37 ` [PATCH 5.10 094/563] crypto: qce - fix uaf on qce_ahash_register_one Greg Kroah-Hartman
@ 2022-01-24 18:37 ` Greg Kroah-Hartman
2022-01-24 18:37 ` [PATCH 5.10 096/563] mtd: hyperbus: rpc-if: fix bug in rpcif_hb_remove Greg Kroah-Hartman
` (471 subsequent siblings)
566 siblings, 0 replies; 584+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:37 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Chengfeng Ye, Thara Gopinath,
Herbert Xu, Sasha Levin
From: Chengfeng Ye <cyeaa@connect.ust.hk>
[ Upstream commit e9c195aaeed1b45c9012adbe29dedb6031e85aa8 ]
Pointer alg points to sub field of tmpl, it
is dereferenced after tmpl is freed. Fix
this by accessing alg before free tmpl.
Fixes: ec8f5d8f ("crypto: qce - Qualcomm crypto engine driver")
Signed-off-by: Chengfeng Ye <cyeaa@connect.ust.hk>
Acked-by: Thara Gopinath <thara.gopinath@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/crypto/qce/skcipher.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/crypto/qce/skcipher.c b/drivers/crypto/qce/skcipher.c
index d8053789c8828..89c7fc3efbd71 100644
--- a/drivers/crypto/qce/skcipher.c
+++ b/drivers/crypto/qce/skcipher.c
@@ -433,8 +433,8 @@ static int qce_skcipher_register_one(const struct qce_skcipher_def *def,
ret = crypto_register_skcipher(alg);
if (ret) {
- kfree(tmpl);
dev_err(qce->dev, "%s registration failed\n", alg->base.cra_name);
+ kfree(tmpl);
return ret;
}
--
2.34.1
^ permalink raw reply related [flat|nested] 584+ messages in thread
* [PATCH 5.10 096/563] mtd: hyperbus: rpc-if: fix bug in rpcif_hb_remove
2022-01-24 18:36 [PATCH 5.10 000/563] 5.10.94-rc1 review Greg Kroah-Hartman
` (94 preceding siblings ...)
2022-01-24 18:37 ` [PATCH 5.10 095/563] crypto: qce - fix uaf on qce_skcipher_register_one Greg Kroah-Hartman
@ 2022-01-24 18:37 ` Greg Kroah-Hartman
2022-01-24 18:37 ` [PATCH 5.10 097/563] ARM: dts: stm32: fix dtbs_check warning on ili9341 dts binding on stm32f429 disco Greg Kroah-Hartman
` (470 subsequent siblings)
566 siblings, 0 replies; 584+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:37 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, George G. Davis, Vignesh Raghavendra,
Sasha Levin
From: George G. Davis <davis.george@siemens.com>
[ Upstream commit baaf965f94308301d2dc554d72a87d7432cd5ce6 ]
The following KASAN BUG is observed when testing the rpc-if driver on
rcar-gen3:
root@rcar-gen3:~# modprobe -r rpc-if
[ 101.930146] ==================================================================
[ 101.937408] BUG: KASAN: slab-out-of-bounds in __lock_acquire+0x518/0x25d0
[ 101.944240] Read of size 8 at addr ffff0004c5be2750 by task modprobe/664
[ 101.950959]
[ 101.952466] CPU: 2 PID: 664 Comm: modprobe Not tainted 5.14.0-rc1-00342-g1a1464d7aa31 #1
[ 101.960578] Hardware name: Renesas H3ULCB board based on r8a77951 (DT)
[ 101.967120] Call trace:
[ 101.969580] dump_backtrace+0x0/0x2c0
[ 101.973275] show_stack+0x1c/0x30
[ 101.976616] dump_stack_lvl+0x9c/0xd8
[ 101.980301] print_address_description.constprop.0+0x74/0x2b8
[ 101.986071] kasan_report+0x1f4/0x26c
[ 101.989757] __asan_load8+0x98/0xd4
[ 101.993266] __lock_acquire+0x518/0x25d0
[ 101.997215] lock_acquire.part.0+0x18c/0x360
[ 102.001506] lock_acquire+0x74/0x90
[ 102.005013] _raw_spin_lock_irq+0x98/0x130
[ 102.009131] __pm_runtime_disable+0x30/0x210
[ 102.013427] rpcif_hb_remove+0x5c/0x70 [rpc_if]
[ 102.018001] platform_remove+0x40/0x80
[ 102.021771] __device_release_driver+0x234/0x350
[ 102.026412] driver_detach+0x158/0x20c
[ 102.030179] bus_remove_driver+0xa0/0x140
[ 102.034212] driver_unregister+0x48/0x80
[ 102.038153] platform_driver_unregister+0x18/0x24
[ 102.042879] rpcif_platform_driver_exit+0x1c/0x34 [rpc_if]
[ 102.048400] __arm64_sys_delete_module+0x210/0x310
[ 102.053212] invoke_syscall+0x60/0x190
[ 102.056986] el0_svc_common+0x12c/0x144
[ 102.060844] do_el0_svc+0x88/0xac
[ 102.064181] el0_svc+0x24/0x3c
[ 102.067257] el0t_64_sync_handler+0x1a8/0x1b0
[ 102.071634] el0t_64_sync+0x198/0x19c
[ 102.075315]
[ 102.076815] Allocated by task 628:
[ 102.080781]
[ 102.082280] Last potentially related work creation:
[ 102.087524]
[ 102.089022] The buggy address belongs to the object at ffff0004c5be2000
[ 102.089022] which belongs to the cache kmalloc-2k of size 2048
[ 102.101555] The buggy address is located 1872 bytes inside of
[ 102.101555] 2048-byte region [ffff0004c5be2000, ffff0004c5be2800)
[ 102.113486] The buggy address belongs to the page:
[ 102.118409]
[ 102.119908] Memory state around the buggy address:
[ 102.124711] ffff0004c5be2600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 102.131947] ffff0004c5be2680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 102.139181] >ffff0004c5be2700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 102.146412] ^
[ 102.152257] ffff0004c5be2780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 102.159491] ffff0004c5be2800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 102.166723] ==================================================================
The above bug is caused by use of the wrong pointer in the
rpcif_disable_rpm() call. Fix the bug by using the correct pointer.
Fixes: 5de15b610f78 ("mtd: hyperbus: add Renesas RPC-IF driver")
Signed-off-by: George G. Davis <davis.george@siemens.com>
Signed-off-by: Vignesh Raghavendra <vigneshr@ti.com>
Link: https://lore.kernel.org/r/20210716204935.25859-1-george_davis@mentor.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/mtd/hyperbus/rpc-if.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/mtd/hyperbus/rpc-if.c b/drivers/mtd/hyperbus/rpc-if.c
index 367b0d72bf622..dc164c18f8429 100644
--- a/drivers/mtd/hyperbus/rpc-if.c
+++ b/drivers/mtd/hyperbus/rpc-if.c
@@ -152,9 +152,9 @@ static int rpcif_hb_remove(struct platform_device *pdev)
{
struct rpcif_hyperbus *hyperbus = platform_get_drvdata(pdev);
int error = hyperbus_unregister_device(&hyperbus->hbdev);
- struct rpcif *rpc = dev_get_drvdata(pdev->dev.parent);
- rpcif_disable_rpm(rpc);
+ rpcif_disable_rpm(&hyperbus->rpc);
+
return error;
}
--
2.34.1
^ permalink raw reply related [flat|nested] 584+ messages in thread
* [PATCH 5.10 097/563] ARM: dts: stm32: fix dtbs_check warning on ili9341 dts binding on stm32f429 disco
2022-01-24 18:36 [PATCH 5.10 000/563] 5.10.94-rc1 review Greg Kroah-Hartman
` (95 preceding siblings ...)
2022-01-24 18:37 ` [PATCH 5.10 096/563] mtd: hyperbus: rpc-if: fix bug in rpcif_hb_remove Greg Kroah-Hartman
@ 2022-01-24 18:37 ` Greg Kroah-Hartman
2022-01-24 18:37 ` [PATCH 5.10 098/563] crypto: qat - fix spelling mistake: "messge" -> "message" Greg Kroah-Hartman
` (469 subsequent siblings)
566 siblings, 0 replies; 584+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:37 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dillon Min, kernel test robot,
Linus Walleij, Alexandre Torgue, Sasha Levin
From: Dillon Min <dillon.minfei@gmail.com>
[ Upstream commit b046049e59dca5e5830dc75ed16acf7657a95161 ]
Since the compatible string defined from ilitek,ili9341.yaml is
"st,sf-tc240t-9370-t", "ilitek,ili9341"
so, append "ilitek,ili9341" to avoid the below dtbs_check warning.
arch/arm/boot/dts/stm32f429-disco.dt.yaml: display@1: compatible:
['st,sf-tc240t-9370-t'] is too short
Fixes: a726e2f000ec ("ARM: dts: stm32: enable ltdc binding with ili9341, gyro l3gd20 on stm32429-disco board")
Signed-off-by: Dillon Min <dillon.minfei@gmail.com>
Reported-by: kernel test robot <lkp@intel.com>
Reviewed-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Alexandre Torgue <alexandre.torgue@foss.st.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/boot/dts/stm32f429-disco.dts | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/arm/boot/dts/stm32f429-disco.dts b/arch/arm/boot/dts/stm32f429-disco.dts
index 075ac57d0bf4a..6435e099c6326 100644
--- a/arch/arm/boot/dts/stm32f429-disco.dts
+++ b/arch/arm/boot/dts/stm32f429-disco.dts
@@ -192,7 +192,7 @@
display: display@1{
/* Connect panel-ilitek-9341 to ltdc */
- compatible = "st,sf-tc240t-9370-t";
+ compatible = "st,sf-tc240t-9370-t", "ilitek,ili9341";
reg = <1>;
spi-3wire;
spi-max-frequency = <10000000>;
--
2.34.1
^ permalink raw reply related [flat|nested] 584+ messages in thread
* [PATCH 5.10 098/563] crypto: qat - fix spelling mistake: "messge" -> "message"
2022-01-24 18:36 [PATCH 5.10 000/563] 5.10.94-rc1 review Greg Kroah-Hartman
` (96 preceding siblings ...)
2022-01-24 18:37 ` [PATCH 5.10 097/563] ARM: dts: stm32: fix dtbs_check warning on ili9341 dts binding on stm32f429 disco Greg Kroah-Hartman
@ 2022-01-24 18:37 ` Greg Kroah-Hartman
2022-01-24 18:37 ` [PATCH 5.10 099/563] crypto: qat - remove unnecessary collision prevention step in PFVF Greg Kroah-Hartman
` (468 subsequent siblings)
566 siblings, 0 replies; 584+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:37 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Bhaskar Chowdhury, Giovanni Cabiddu,
Herbert Xu, Sasha Levin
From: Bhaskar Chowdhury <unixbhaskar@gmail.com>
[ Upstream commit f17a25cb1776c5712e950aaf326528ae652a086c ]
Trivial fix to spelling mistake in adf_pf2vf_msg.c and adf_vf2pf_msg.c.
s/messge/message/
Signed-off-by: Bhaskar Chowdhury <unixbhaskar@gmail.com>
Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/crypto/qat/qat_common/adf_pf2vf_msg.c | 2 +-
drivers/crypto/qat/qat_common/adf_vf2pf_msg.c | 4 ++--
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/drivers/crypto/qat/qat_common/adf_pf2vf_msg.c b/drivers/crypto/qat/qat_common/adf_pf2vf_msg.c
index d7ca222f0df18..e3da97286980e 100644
--- a/drivers/crypto/qat/qat_common/adf_pf2vf_msg.c
+++ b/drivers/crypto/qat/qat_common/adf_pf2vf_msg.c
@@ -176,7 +176,7 @@ out:
* @msg: Message to send
* @vf_nr: VF number to which the message will be sent
*
- * Function sends a messge from the PF to a VF
+ * Function sends a message from the PF to a VF
*
* Return: 0 on success, error code otherwise.
*/
diff --git a/drivers/crypto/qat/qat_common/adf_vf2pf_msg.c b/drivers/crypto/qat/qat_common/adf_vf2pf_msg.c
index 54b738da829d8..3e25fac051b25 100644
--- a/drivers/crypto/qat/qat_common/adf_vf2pf_msg.c
+++ b/drivers/crypto/qat/qat_common/adf_vf2pf_msg.c
@@ -8,7 +8,7 @@
* adf_vf2pf_notify_init() - send init msg to PF
* @accel_dev: Pointer to acceleration VF device.
*
- * Function sends an init messge from the VF to a PF
+ * Function sends an init message from the VF to a PF
*
* Return: 0 on success, error code otherwise.
*/
@@ -31,7 +31,7 @@ EXPORT_SYMBOL_GPL(adf_vf2pf_notify_init);
* adf_vf2pf_notify_shutdown() - send shutdown msg to PF
* @accel_dev: Pointer to acceleration VF device.
*
- * Function sends a shutdown messge from the VF to a PF
+ * Function sends a shutdown message from the VF to a PF
*
* Return: void
*/
--
2.34.1
^ permalink raw reply related [flat|nested] 584+ messages in thread
* [PATCH 5.10 099/563] crypto: qat - remove unnecessary collision prevention step in PFVF
2022-01-24 18:36 [PATCH 5.10 000/563] 5.10.94-rc1 review Greg Kroah-Hartman
` (97 preceding siblings ...)
2022-01-24 18:37 ` [PATCH 5.10 098/563] crypto: qat - fix spelling mistake: "messge" -> "message" Greg Kroah-Hartman
@ 2022-01-24 18:37 ` Greg Kroah-Hartman
2022-01-24 18:37 ` [PATCH 5.10 100/563] crypto: qat - make pfvf send message direction agnostic Greg Kroah-Hartman
` (467 subsequent siblings)
566 siblings, 0 replies; 584+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:37 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Marco Chiappero, Giovanni Cabiddu,
Herbert Xu, Sasha Levin
From: Marco Chiappero <marco.chiappero@intel.com>
[ Upstream commit e17f49bb244a281fe39bfdad0306a38b3a02e7bf ]
The initial version of the PFVF protocol included an initial "carrier
sensing" to get ownership of the channel.
Collisions can happen anyway, the extra wait and test does not prevent
collisions, it instead slows the communication down, so remove it.
Signed-off-by: Marco Chiappero <marco.chiappero@intel.com>
Reviewed-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/crypto/qat/qat_common/adf_pf2vf_msg.c | 20 +------------------
1 file changed, 1 insertion(+), 19 deletions(-)
diff --git a/drivers/crypto/qat/qat_common/adf_pf2vf_msg.c b/drivers/crypto/qat/qat_common/adf_pf2vf_msg.c
index e3da97286980e..d1dbf6216de57 100644
--- a/drivers/crypto/qat/qat_common/adf_pf2vf_msg.c
+++ b/drivers/crypto/qat/qat_common/adf_pf2vf_msg.c
@@ -120,28 +120,10 @@ static int __adf_iov_putmsg(struct adf_accel_dev *accel_dev, u32 msg, u8 vf_nr)
goto out;
}
- /* Attempt to get ownership of PF2VF CSR */
msg &= ~local_in_use_mask;
msg |= local_in_use_pattern;
- ADF_CSR_WR(pmisc_bar_addr, pf2vf_offset, msg);
- /* Wait in case remote func also attempting to get ownership */
- msleep(ADF_IOV_MSG_COLLISION_DETECT_DELAY);
-
- val = ADF_CSR_RD(pmisc_bar_addr, pf2vf_offset);
- if ((val & local_in_use_mask) != local_in_use_pattern) {
- dev_dbg(&GET_DEV(accel_dev),
- "PF2VF CSR in use by remote - collision detected\n");
- ret = -EBUSY;
- goto out;
- }
-
- /*
- * This function now owns the PV2VF CSR. The IN_USE_BY pattern must
- * remain in the PF2VF CSR for all writes including ACK from remote
- * until this local function relinquishes the CSR. Send the message
- * by interrupting the remote.
- */
+ /* Attempt to get ownership of the PF2VF CSR */
ADF_CSR_WR(pmisc_bar_addr, pf2vf_offset, msg | int_bit);
/* Wait for confirmation from remote func it received the message */
--
2.34.1
^ permalink raw reply related [flat|nested] 584+ messages in thread
* [PATCH 5.10 100/563] crypto: qat - make pfvf send message direction agnostic
2022-01-24 18:36 [PATCH 5.10 000/563] 5.10.94-rc1 review Greg Kroah-Hartman
` (98 preceding siblings ...)
2022-01-24 18:37 ` [PATCH 5.10 099/563] crypto: qat - remove unnecessary collision prevention step in PFVF Greg Kroah-Hartman
@ 2022-01-24 18:37 ` Greg Kroah-Hartman
2022-01-24 18:37 ` [PATCH 5.10 101/563] crypto: qat - fix undetected PFVF timeout in ACK loop Greg Kroah-Hartman
` (466 subsequent siblings)
566 siblings, 0 replies; 584+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:37 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Marco Chiappero, Giovanni Cabiddu,
Herbert Xu, Sasha Levin
From: Marco Chiappero <marco.chiappero@intel.com>
[ Upstream commit 6e680f94bc31d0fd0ff01123c964d895ea8040fa ]
The functions adf_iov_putmsg() and __adf_iov_putmsg() are shared by both
PF and VF. Any logging or documentation should not refer to any specific
direction.
Make comments and log messages direction agnostic by replacing PF2VF
with PFVF. Also fix the wording for some related comments.
Signed-off-by: Marco Chiappero <marco.chiappero@intel.com>
Co-developed-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/crypto/qat/qat_common/adf_pf2vf_msg.c | 15 ++++++++-------
1 file changed, 8 insertions(+), 7 deletions(-)
diff --git a/drivers/crypto/qat/qat_common/adf_pf2vf_msg.c b/drivers/crypto/qat/qat_common/adf_pf2vf_msg.c
index d1dbf6216de57..7b34273d18937 100644
--- a/drivers/crypto/qat/qat_common/adf_pf2vf_msg.c
+++ b/drivers/crypto/qat/qat_common/adf_pf2vf_msg.c
@@ -111,11 +111,11 @@ static int __adf_iov_putmsg(struct adf_accel_dev *accel_dev, u32 msg, u8 vf_nr)
mutex_lock(lock);
- /* Check if PF2VF CSR is in use by remote function */
+ /* Check if the PFVF CSR is in use by remote function */
val = ADF_CSR_RD(pmisc_bar_addr, pf2vf_offset);
if ((val & remote_in_use_mask) == remote_in_use_pattern) {
dev_dbg(&GET_DEV(accel_dev),
- "PF2VF CSR in use by remote function\n");
+ "PFVF CSR in use by remote function\n");
ret = -EBUSY;
goto out;
}
@@ -123,7 +123,7 @@ static int __adf_iov_putmsg(struct adf_accel_dev *accel_dev, u32 msg, u8 vf_nr)
msg &= ~local_in_use_mask;
msg |= local_in_use_pattern;
- /* Attempt to get ownership of the PF2VF CSR */
+ /* Attempt to get ownership of the PFVF CSR */
ADF_CSR_WR(pmisc_bar_addr, pf2vf_offset, msg | int_bit);
/* Wait for confirmation from remote func it received the message */
@@ -145,7 +145,7 @@ static int __adf_iov_putmsg(struct adf_accel_dev *accel_dev, u32 msg, u8 vf_nr)
ret = -EIO;
}
- /* Finished with PF2VF CSR; relinquish it and leave msg in CSR */
+ /* Finished with the PFVF CSR; relinquish it and leave msg in CSR */
ADF_CSR_WR(pmisc_bar_addr, pf2vf_offset, val & ~local_in_use_mask);
out:
mutex_unlock(lock);
@@ -153,12 +153,13 @@ out:
}
/**
- * adf_iov_putmsg() - send PF2VF message
+ * adf_iov_putmsg() - send PFVF message
* @accel_dev: Pointer to acceleration device.
* @msg: Message to send
- * @vf_nr: VF number to which the message will be sent
+ * @vf_nr: VF number to which the message will be sent if on PF, ignored
+ * otherwise
*
- * Function sends a message from the PF to a VF
+ * Function sends a message through the PFVF channel
*
* Return: 0 on success, error code otherwise.
*/
--
2.34.1
^ permalink raw reply related [flat|nested] 584+ messages in thread
* [PATCH 5.10 101/563] crypto: qat - fix undetected PFVF timeout in ACK loop
2022-01-24 18:36 [PATCH 5.10 000/563] 5.10.94-rc1 review Greg Kroah-Hartman
` (99 preceding siblings ...)
2022-01-24 18:37 ` [PATCH 5.10 100/563] crypto: qat - make pfvf send message direction agnostic Greg Kroah-Hartman
@ 2022-01-24 18:37 ` Greg Kroah-Hartman
2022-01-24 18:37 ` [PATCH 5.10 102/563] ath11k: Use host CE parameters for CE interrupts configuration Greg Kroah-Hartman
` (465 subsequent siblings)
566 siblings, 0 replies; 584+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:37 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Giovanni Cabiddu, Marco Chiappero,
Herbert Xu, Sasha Levin
From: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
[ Upstream commit 5002200b4fedd7e90e4fbc2e5c42a4b3351df814 ]
If the remote function did not ACK the reception of a message, the
function __adf_iov_putmsg() could detect it as a collision.
This was due to the fact that the collision and the timeout checks after
the ACK loop were in the wrong order. The timeout must be checked at the
end of the loop, so fix by swapping the order of the two checks.
Fixes: 9b768e8a3909 ("crypto: qat - detect PFVF collision after ACK")
Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
Co-developed-by: Marco Chiappero <marco.chiappero@intel.com>
Signed-off-by: Marco Chiappero <marco.chiappero@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/crypto/qat/qat_common/adf_pf2vf_msg.c | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/drivers/crypto/qat/qat_common/adf_pf2vf_msg.c b/drivers/crypto/qat/qat_common/adf_pf2vf_msg.c
index 7b34273d18937..74afafc84c716 100644
--- a/drivers/crypto/qat/qat_common/adf_pf2vf_msg.c
+++ b/drivers/crypto/qat/qat_common/adf_pf2vf_msg.c
@@ -132,6 +132,12 @@ static int __adf_iov_putmsg(struct adf_accel_dev *accel_dev, u32 msg, u8 vf_nr)
val = ADF_CSR_RD(pmisc_bar_addr, pf2vf_offset);
} while ((val & int_bit) && (count++ < ADF_IOV_MSG_ACK_MAX_RETRY));
+ if (val & int_bit) {
+ dev_dbg(&GET_DEV(accel_dev), "ACK not received from remote\n");
+ val &= ~int_bit;
+ ret = -EIO;
+ }
+
if (val != msg) {
dev_dbg(&GET_DEV(accel_dev),
"Collision - PFVF CSR overwritten by remote function\n");
@@ -139,12 +145,6 @@ static int __adf_iov_putmsg(struct adf_accel_dev *accel_dev, u32 msg, u8 vf_nr)
goto out;
}
- if (val & int_bit) {
- dev_dbg(&GET_DEV(accel_dev), "ACK not received from remote\n");
- val &= ~int_bit;
- ret = -EIO;
- }
-
/* Finished with the PFVF CSR; relinquish it and leave msg in CSR */
ADF_CSR_WR(pmisc_bar_addr, pf2vf_offset, val & ~local_in_use_mask);
out:
--
2.34.1
^ permalink raw reply related [flat|nested] 584+ messages in thread
* [PATCH 5.10 102/563] ath11k: Use host CE parameters for CE interrupts configuration
2022-01-24 18:36 [PATCH 5.10 000/563] 5.10.94-rc1 review Greg Kroah-Hartman
` (100 preceding siblings ...)
2022-01-24 18:37 ` [PATCH 5.10 101/563] crypto: qat - fix undetected PFVF timeout in ACK loop Greg Kroah-Hartman
@ 2022-01-24 18:37 ` Greg Kroah-Hartman
2022-01-24 18:37 ` [PATCH 5.10 103/563] arm64: dts: ti: k3-j721e: correct cache-sets info Greg Kroah-Hartman
` (464 subsequent siblings)
566 siblings, 0 replies; 584+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:37 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Anilkumar Kolli, Kalle Valo, Sasha Levin
From: Anilkumar Kolli <akolli@codeaurora.org>
[ Upstream commit b689f091aafd1a874b2f88137934276ab0fca480 ]
CE interrupt configuration uses host ce parameters to assign/free
interrupts. Use host ce parameters to enable/disable interrupts.
This patch fixes below BUG,
BUG: KASAN: global-out-of-bounds in 0xffffffbffdfb035c at addr
ffffffbffde6eeac
Read of size 4 by task kworker/u8:2/132
Address belongs to variable ath11k_core_qmi_firmware_ready+0x1b0/0x5bc [ath11k]
OOB is due to ath11k_ahb_ce_irqs_enable() iterates ce_count(which is 12)
times and accessing 12th element in target_ce_config
(which has only 11 elements) from ath11k_ahb_ce_irq_enable().
With this change host ce configs are used to enable/disable interrupts.
Tested-on: IPQ8074 hw2.0 AHB WLAN.HK.2.5.0.1-00471-QCAHKSWPL_SILICONZ-1
Fixes: 967c1d1131fa ("ath11k: move target ce configs to hw_params")
Signed-off-by: Anilkumar Kolli <akolli@codeaurora.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/1637249558-12793-1-git-send-email-akolli@codeaurora.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/ath/ath11k/ahb.c | 16 ++++++++--------
1 file changed, 8 insertions(+), 8 deletions(-)
diff --git a/drivers/net/wireless/ath/ath11k/ahb.c b/drivers/net/wireless/ath/ath11k/ahb.c
index 430723c64adce..e8cca58e18ffc 100644
--- a/drivers/net/wireless/ath/ath11k/ahb.c
+++ b/drivers/net/wireless/ath/ath11k/ahb.c
@@ -206,13 +206,13 @@ static void ath11k_ahb_clearbit32(struct ath11k_base *ab, u8 bit, u32 offset)
static void ath11k_ahb_ce_irq_enable(struct ath11k_base *ab, u16 ce_id)
{
- const struct ce_pipe_config *ce_config;
+ const struct ce_attr *ce_attr;
- ce_config = &ab->hw_params.target_ce_config[ce_id];
- if (__le32_to_cpu(ce_config->pipedir) & PIPEDIR_OUT)
+ ce_attr = &ab->hw_params.host_ce_config[ce_id];
+ if (ce_attr->src_nentries)
ath11k_ahb_setbit32(ab, ce_id, CE_HOST_IE_ADDRESS);
- if (__le32_to_cpu(ce_config->pipedir) & PIPEDIR_IN) {
+ if (ce_attr->dest_nentries) {
ath11k_ahb_setbit32(ab, ce_id, CE_HOST_IE_2_ADDRESS);
ath11k_ahb_setbit32(ab, ce_id + CE_HOST_IE_3_SHIFT,
CE_HOST_IE_3_ADDRESS);
@@ -221,13 +221,13 @@ static void ath11k_ahb_ce_irq_enable(struct ath11k_base *ab, u16 ce_id)
static void ath11k_ahb_ce_irq_disable(struct ath11k_base *ab, u16 ce_id)
{
- const struct ce_pipe_config *ce_config;
+ const struct ce_attr *ce_attr;
- ce_config = &ab->hw_params.target_ce_config[ce_id];
- if (__le32_to_cpu(ce_config->pipedir) & PIPEDIR_OUT)
+ ce_attr = &ab->hw_params.host_ce_config[ce_id];
+ if (ce_attr->src_nentries)
ath11k_ahb_clearbit32(ab, ce_id, CE_HOST_IE_ADDRESS);
- if (__le32_to_cpu(ce_config->pipedir) & PIPEDIR_IN) {
+ if (ce_attr->dest_nentries) {
ath11k_ahb_clearbit32(ab, ce_id, CE_HOST_IE_2_ADDRESS);
ath11k_ahb_clearbit32(ab, ce_id + CE_HOST_IE_3_SHIFT,
CE_HOST_IE_3_ADDRESS);
--
2.34.1
^ permalink raw reply related [flat|nested] 584+ messages in thread
* [PATCH 5.10 103/563] arm64: dts: ti: k3-j721e: correct cache-sets info
2022-01-24 18:36 [PATCH 5.10 000/563] 5.10.94-rc1 review Greg Kroah-Hartman
` (101 preceding siblings ...)
2022-01-24 18:37 ` [PATCH 5.10 102/563] ath11k: Use host CE parameters for CE interrupts configuration Greg Kroah-Hartman
@ 2022-01-24 18:37 ` Greg Kroah-Hartman
2022-01-24 18:37 ` [PATCH 5.10 104/563] tty: serial: atmel: Check return code of dmaengine_submit() Greg Kroah-Hartman
` (463 subsequent siblings)
566 siblings, 0 replies; 584+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:37 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Peng Fan, Nishanth Menon,
Vignesh Raghavendra, Sasha Levin
From: Peng Fan <peng.fan@nxp.com>
[ Upstream commit 7a0df1f969c14939f60a7f9a6af72adcc314675f ]
A72 Cluster has 48KB Icache, 32KB Dcache and 1MB L2 Cache
- ICache is 3-way set-associative
- Dcache is 2-way set-associative
- Line size are 64bytes
So correct the cache-sets info.
Fixes: 2d87061e70dea ("arm64: dts: ti: Add Support for J721E SoC")
Signed-off-by: Peng Fan <peng.fan@nxp.com>
Reviewed-by: Nishanth Menon <nm@ti.com>
Signed-off-by: Vignesh Raghavendra <vigneshr@ti.com>
Link: https://lore.kernel.org/r/20211112063155.3485777-1-peng.fan@oss.nxp.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/boot/dts/ti/k3-j721e.dtsi | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/arch/arm64/boot/dts/ti/k3-j721e.dtsi b/arch/arm64/boot/dts/ti/k3-j721e.dtsi
index cc483f7344af3..d1ef9fbe4981d 100644
--- a/arch/arm64/boot/dts/ti/k3-j721e.dtsi
+++ b/arch/arm64/boot/dts/ti/k3-j721e.dtsi
@@ -61,7 +61,7 @@
i-cache-sets = <256>;
d-cache-size = <0x8000>;
d-cache-line-size = <64>;
- d-cache-sets = <128>;
+ d-cache-sets = <256>;
next-level-cache = <&L2_0>;
};
@@ -75,7 +75,7 @@
i-cache-sets = <256>;
d-cache-size = <0x8000>;
d-cache-line-size = <64>;
- d-cache-sets = <128>;
+ d-cache-sets = <256>;
next-level-cache = <&L2_0>;
};
};
--
2.34.1
^ permalink raw reply related [flat|nested] 584+ messages in thread
* [PATCH 5.10 104/563] tty: serial: atmel: Check return code of dmaengine_submit()
2022-01-24 18:36 [PATCH 5.10 000/563] 5.10.94-rc1 review Greg Kroah-Hartman
` (102 preceding siblings ...)
2022-01-24 18:37 ` [PATCH 5.10 103/563] arm64: dts: ti: k3-j721e: correct cache-sets info Greg Kroah-Hartman
@ 2022-01-24 18:37 ` Greg Kroah-Hartman
2022-01-24 18:37 ` [PATCH 5.10 105/563] tty: serial: atmel: Call dma_async_issue_pending() Greg Kroah-Hartman
` (462 subsequent siblings)
566 siblings, 0 replies; 584+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:37 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Tudor Ambarus, Richard Genoud, Sasha Levin
From: Tudor Ambarus <tudor.ambarus@microchip.com>
[ Upstream commit 1e67bd2b8cb90b66e89562598e9c2046246832d3 ]
The tx_submit() method of struct dma_async_tx_descriptor is entitled
to do sanity checks and return errors if encountered. It's not the
case for the DMA controller drivers that this client is using
(at_h/xdmac), because they currently don't do sanity checks and always
return a positive cookie at tx_submit() method. In case the controller
drivers will implement sanity checks and return errors, print a message
so that the client will be informed that something went wrong at
tx_submit() level.
Fixes: 08f738be88bb ("serial: at91: add tx dma support")
Signed-off-by: Tudor Ambarus <tudor.ambarus@microchip.com>
Acked-by: Richard Genoud <richard.genoud@gmail.com>
Link: https://lore.kernel.org/r/20211125090028.786832-3-tudor.ambarus@microchip.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/tty/serial/atmel_serial.c | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/drivers/tty/serial/atmel_serial.c b/drivers/tty/serial/atmel_serial.c
index a24e5c2b30bc9..396fe8c51f93b 100644
--- a/drivers/tty/serial/atmel_serial.c
+++ b/drivers/tty/serial/atmel_serial.c
@@ -1004,6 +1004,11 @@ static void atmel_tx_dma(struct uart_port *port)
desc->callback = atmel_complete_tx_dma;
desc->callback_param = atmel_port;
atmel_port->cookie_tx = dmaengine_submit(desc);
+ if (dma_submit_error(atmel_port->cookie_tx)) {
+ dev_err(port->dev, "dma_submit_error %d\n",
+ atmel_port->cookie_tx);
+ return;
+ }
}
if (uart_circ_chars_pending(xmit) < WAKEUP_CHARS)
@@ -1264,6 +1269,11 @@ static int atmel_prepare_rx_dma(struct uart_port *port)
desc->callback_param = port;
atmel_port->desc_rx = desc;
atmel_port->cookie_rx = dmaengine_submit(desc);
+ if (dma_submit_error(atmel_port->cookie_rx)) {
+ dev_err(port->dev, "dma_submit_error %d\n",
+ atmel_port->cookie_rx);
+ goto chan_err;
+ }
return 0;
--
2.34.1
^ permalink raw reply related [flat|nested] 584+ messages in thread
* [PATCH 5.10 105/563] tty: serial: atmel: Call dma_async_issue_pending()
2022-01-24 18:36 [PATCH 5.10 000/563] 5.10.94-rc1 review Greg Kroah-Hartman
` (103 preceding siblings ...)
2022-01-24 18:37 ` [PATCH 5.10 104/563] tty: serial: atmel: Check return code of dmaengine_submit() Greg Kroah-Hartman
@ 2022-01-24 18:37 ` Greg Kroah-Hartman
2022-01-24 18:37 ` [PATCH 5.10 106/563] mfd: atmel-flexcom: Remove #ifdef CONFIG_PM_SLEEP Greg Kroah-Hartman
` (461 subsequent siblings)
566 siblings, 0 replies; 584+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:37 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Tudor Ambarus, Sasha Levin
From: Tudor Ambarus <tudor.ambarus@microchip.com>
[ Upstream commit 4f4b9b5895614eb2e2b5f4cab7858f44bd113e1b ]
The driver wrongly assummed that tx_submit() will start the transfer,
which is not the case, now that the at_xdmac driver is fixed. tx_submit
is supposed to push the current transaction descriptor to a pending queue,
waiting for issue_pending to be called. issue_pending must start the
transfer, not tx_submit.
Fixes: 34df42f59a60 ("serial: at91: add rx dma support")
Fixes: 08f738be88bb ("serial: at91: add tx dma support")
Signed-off-by: Tudor Ambarus <tudor.ambarus@microchip.com>
Link: https://lore.kernel.org/r/20211125090028.786832-4-tudor.ambarus@microchip.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/tty/serial/atmel_serial.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/drivers/tty/serial/atmel_serial.c b/drivers/tty/serial/atmel_serial.c
index 396fe8c51f93b..602065bfc9bb8 100644
--- a/drivers/tty/serial/atmel_serial.c
+++ b/drivers/tty/serial/atmel_serial.c
@@ -1009,6 +1009,8 @@ static void atmel_tx_dma(struct uart_port *port)
atmel_port->cookie_tx);
return;
}
+
+ dma_async_issue_pending(chan);
}
if (uart_circ_chars_pending(xmit) < WAKEUP_CHARS)
@@ -1275,6 +1277,8 @@ static int atmel_prepare_rx_dma(struct uart_port *port)
goto chan_err;
}
+ dma_async_issue_pending(atmel_port->chan_rx);
+
return 0;
chan_err:
--
2.34.1
^ permalink raw reply related [flat|nested] 584+ messages in thread
* [PATCH 5.10 106/563] mfd: atmel-flexcom: Remove #ifdef CONFIG_PM_SLEEP
2022-01-24 18:36 [PATCH 5.10 000/563] 5.10.94-rc1 review Greg Kroah-Hartman
` (104 preceding siblings ...)
2022-01-24 18:37 ` [PATCH 5.10 105/563] tty: serial: atmel: Call dma_async_issue_pending() Greg Kroah-Hartman
@ 2022-01-24 18:37 ` Greg Kroah-Hartman
2022-01-24 18:37 ` [PATCH 5.10 107/563] mfd: atmel-flexcom: Use .resume_noirq Greg Kroah-Hartman
` (460 subsequent siblings)
566 siblings, 0 replies; 584+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:37 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Claudiu Beznea, Nicolas Ferre,
Lee Jones, Sasha Levin
From: Claudiu Beznea <claudiu.beznea@microchip.com>
[ Upstream commit 8c0fad75dcaa650e3f3145a2c35847bc6a65cb7f ]
Remove compilation flag and use __maybe_unused and pm_ptr instead.
Signed-off-by: Claudiu Beznea <claudiu.beznea@microchip.com>
Acked-by: Nicolas Ferre <nicolas.ferre@microchip.com>
Signed-off-by: Lee Jones <lee.jones@linaro.org>
Link: https://lore.kernel.org/r/20211028135138.3481166-2-claudiu.beznea@microchip.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/mfd/atmel-flexcom.c | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/drivers/mfd/atmel-flexcom.c b/drivers/mfd/atmel-flexcom.c
index d2f5c073fdf31..962f66dc8813e 100644
--- a/drivers/mfd/atmel-flexcom.c
+++ b/drivers/mfd/atmel-flexcom.c
@@ -87,8 +87,7 @@ static const struct of_device_id atmel_flexcom_of_match[] = {
};
MODULE_DEVICE_TABLE(of, atmel_flexcom_of_match);
-#ifdef CONFIG_PM_SLEEP
-static int atmel_flexcom_resume(struct device *dev)
+static int __maybe_unused atmel_flexcom_resume(struct device *dev)
{
struct atmel_flexcom *ddata = dev_get_drvdata(dev);
int err;
@@ -105,7 +104,6 @@ static int atmel_flexcom_resume(struct device *dev)
return 0;
}
-#endif
static SIMPLE_DEV_PM_OPS(atmel_flexcom_pm_ops, NULL,
atmel_flexcom_resume);
@@ -114,7 +112,7 @@ static struct platform_driver atmel_flexcom_driver = {
.probe = atmel_flexcom_probe,
.driver = {
.name = "atmel_flexcom",
- .pm = &atmel_flexcom_pm_ops,
+ .pm = pm_ptr(&atmel_flexcom_pm_ops),
.of_match_table = atmel_flexcom_of_match,
},
};
--
2.34.1
^ permalink raw reply related [flat|nested] 584+ messages in thread
* [PATCH 5.10 107/563] mfd: atmel-flexcom: Use .resume_noirq
2022-01-24 18:36 [PATCH 5.10 000/563] 5.10.94-rc1 review Greg Kroah-Hartman
` (105 preceding siblings ...)
2022-01-24 18:37 ` [PATCH 5.10 106/563] mfd: atmel-flexcom: Remove #ifdef CONFIG_PM_SLEEP Greg Kroah-Hartman
@ 2022-01-24 18:37 ` Greg Kroah-Hartman
2022-01-24 18:37 ` [PATCH 5.10 108/563] media: rcar-csi2: Correct the selection of hsfreqrange Greg Kroah-Hartman
` (459 subsequent siblings)
566 siblings, 0 replies; 584+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:37 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Claudiu Beznea, Codrin Ciubotariu,
Nicolas Ferre, Lee Jones, Sasha Levin
From: Claudiu Beznea <claudiu.beznea@microchip.com>
[ Upstream commit 5d051cf94fd5834a1513aa77e542c49fd973988a ]
Flexcom IP embeds 3 other IPs: usart, i2c, spi and selects the operation
mode (usart, i2c, spi) via mode register (FLEX_MR). On i2c bus there might
be connected critical devices (like PMIC) which on suspend/resume should
be suspended/resumed at the end/beginning. i2c uses
.suspend_noirq/.resume_noirq for this kind of purposes. Align flexcom
to use .resume_noirq as it should be resumed before the embedded IPs.
Otherwise the embedded devices might behave badly.
Fixes: 7fdec11015c3 ("atmel_flexcom: Support resuming after a chip reset")
Signed-off-by: Claudiu Beznea <claudiu.beznea@microchip.com>
Tested-by: Codrin Ciubotariu <codrin.ciubotariu@microchip.com>
Acked-by: Nicolas Ferre <nicolas.ferre@microchip.com>
Signed-off-by: Lee Jones <lee.jones@linaro.org>
Link: https://lore.kernel.org/r/20211028135138.3481166-3-claudiu.beznea@microchip.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/mfd/atmel-flexcom.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/drivers/mfd/atmel-flexcom.c b/drivers/mfd/atmel-flexcom.c
index 962f66dc8813e..559eb4d352b68 100644
--- a/drivers/mfd/atmel-flexcom.c
+++ b/drivers/mfd/atmel-flexcom.c
@@ -87,7 +87,7 @@ static const struct of_device_id atmel_flexcom_of_match[] = {
};
MODULE_DEVICE_TABLE(of, atmel_flexcom_of_match);
-static int __maybe_unused atmel_flexcom_resume(struct device *dev)
+static int __maybe_unused atmel_flexcom_resume_noirq(struct device *dev)
{
struct atmel_flexcom *ddata = dev_get_drvdata(dev);
int err;
@@ -105,8 +105,9 @@ static int __maybe_unused atmel_flexcom_resume(struct device *dev)
return 0;
}
-static SIMPLE_DEV_PM_OPS(atmel_flexcom_pm_ops, NULL,
- atmel_flexcom_resume);
+static const struct dev_pm_ops atmel_flexcom_pm_ops = {
+ .resume_noirq = atmel_flexcom_resume_noirq,
+};
static struct platform_driver atmel_flexcom_driver = {
.probe = atmel_flexcom_probe,
--
2.34.1
^ permalink raw reply related [flat|nested] 584+ messages in thread
* [PATCH 5.10 108/563] media: rcar-csi2: Correct the selection of hsfreqrange
2022-01-24 18:36 [PATCH 5.10 000/563] 5.10.94-rc1 review Greg Kroah-Hartman
` (106 preceding siblings ...)
2022-01-24 18:37 ` [PATCH 5.10 107/563] mfd: atmel-flexcom: Use .resume_noirq Greg Kroah-Hartman
@ 2022-01-24 18:37 ` Greg Kroah-Hartman
2022-01-24 18:37 ` [PATCH 5.10 109/563] media: imx-pxp: Initialize the spinlock prior to using it Greg Kroah-Hartman
` (458 subsequent siblings)
566 siblings, 0 replies; 584+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:37 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Suresh Udipi, Kazuyoshi Akiyama,
Michael Rodin, Niklas Söderlund, Hans Verkuil,
Mauro Carvalho Chehab, Sasha Levin
From: Suresh Udipi <sudipi@jp.adit-jv.com>
[ Upstream commit cee44d4fbacbbdfe62697ec94e76c6e4f726c5df ]
hsfreqrange should be chosen based on the calculated mbps which
is closer to the default bit rate and within the range as per
table[1]. But current calculation always selects first value which
is greater than or equal to the calculated mbps which may lead
to chosing a wrong range in some cases.
For example for 360 mbps for H3/M3N
Existing logic selects
Calculated value 360Mbps : Default 400Mbps Range [368.125 -433.125 mbps]
This hsfreqrange is out of range.
The logic is changed to get the default value which is closest to the
calculated value [1]
Calculated value 360Mbps : Default 350Mbps Range [320.625 -380.625 mpbs]
[1] specs r19uh0105ej0200-r-car-3rd-generation.pdf [Table 25.9]
Please note that According to Renesas in Table 25.9 the range for
220 default value is corrected as below
|Range (Mbps) | Default Bit rate (Mbps) |
-----------------------------------------------
| 197.125-244.125 | 220 |
-----------------------------------------------
Fixes: 769afd212b16 ("media: rcar-csi2: add Renesas R-Car MIPI CSI-2 receiver driver")
Signed-off-by: Suresh Udipi <sudipi@jp.adit-jv.com>
Signed-off-by: Kazuyoshi Akiyama <akiyama@nds-osk.co.jp>
Signed-off-by: Michael Rodin <mrodin@de.adit-jv.com>
Reviewed-by: Niklas Söderlund <niklas.soderlund+renesas@ragnatech.se>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/platform/rcar-vin/rcar-csi2.c | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/drivers/media/platform/rcar-vin/rcar-csi2.c b/drivers/media/platform/rcar-vin/rcar-csi2.c
index d2d87a204e918..6fb8efcb40444 100644
--- a/drivers/media/platform/rcar-vin/rcar-csi2.c
+++ b/drivers/media/platform/rcar-vin/rcar-csi2.c
@@ -436,16 +436,23 @@ static int rcsi2_wait_phy_start(struct rcar_csi2 *priv,
static int rcsi2_set_phypll(struct rcar_csi2 *priv, unsigned int mbps)
{
const struct rcsi2_mbps_reg *hsfreq;
+ const struct rcsi2_mbps_reg *hsfreq_prev = NULL;
- for (hsfreq = priv->info->hsfreqrange; hsfreq->mbps != 0; hsfreq++)
+ for (hsfreq = priv->info->hsfreqrange; hsfreq->mbps != 0; hsfreq++) {
if (hsfreq->mbps >= mbps)
break;
+ hsfreq_prev = hsfreq;
+ }
if (!hsfreq->mbps) {
dev_err(priv->dev, "Unsupported PHY speed (%u Mbps)", mbps);
return -ERANGE;
}
+ if (hsfreq_prev &&
+ ((mbps - hsfreq_prev->mbps) <= (hsfreq->mbps - mbps)))
+ hsfreq = hsfreq_prev;
+
rcsi2_write(priv, PHYPLL_REG, PHYPLL_HSFREQRANGE(hsfreq->reg));
return 0;
--
2.34.1
^ permalink raw reply related [flat|nested] 584+ messages in thread
* [PATCH 5.10 109/563] media: imx-pxp: Initialize the spinlock prior to using it
2022-01-24 18:36 [PATCH 5.10 000/563] 5.10.94-rc1 review Greg Kroah-Hartman
` (107 preceding siblings ...)
2022-01-24 18:37 ` [PATCH 5.10 108/563] media: rcar-csi2: Correct the selection of hsfreqrange Greg Kroah-Hartman
@ 2022-01-24 18:37 ` Greg Kroah-Hartman
2022-01-24 18:37 ` [PATCH 5.10 110/563] media: si470x-i2c: fix possible memory leak in si470x_i2c_probe() Greg Kroah-Hartman
` (457 subsequent siblings)
566 siblings, 0 replies; 584+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:37 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Fabio Estevam, Philipp Zabel,
Hans Verkuil, Mauro Carvalho Chehab, Sasha Levin
From: Fabio Estevam <festevam@denx.de>
[ Upstream commit ed2f97ad4b21072f849cf4ae6645d1f2b1d3f550 ]
After devm_request_threaded_irq() is called there is a chance that an
interrupt may occur before the spinlock is initialized, which will trigger
a kernel oops.
To prevent that, move the initialization of the spinlock prior to
requesting the interrupts.
Fixes: 51abcf7fdb70 ("media: imx-pxp: add i.MX Pixel Pipeline driver")
Signed-off-by: Fabio Estevam <festevam@denx.de>
Reviewed-by: Philipp Zabel <p.zabel@pengutronix.de>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/platform/imx-pxp.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/media/platform/imx-pxp.c b/drivers/media/platform/imx-pxp.c
index 08d76eb05ed1a..62356adebc39e 100644
--- a/drivers/media/platform/imx-pxp.c
+++ b/drivers/media/platform/imx-pxp.c
@@ -1664,6 +1664,8 @@ static int pxp_probe(struct platform_device *pdev)
if (irq < 0)
return irq;
+ spin_lock_init(&dev->irqlock);
+
ret = devm_request_threaded_irq(&pdev->dev, irq, NULL, pxp_irq_handler,
IRQF_ONESHOT, dev_name(&pdev->dev), dev);
if (ret < 0) {
@@ -1681,8 +1683,6 @@ static int pxp_probe(struct platform_device *pdev)
goto err_clk;
}
- spin_lock_init(&dev->irqlock);
-
ret = v4l2_device_register(&pdev->dev, &dev->v4l2_dev);
if (ret)
goto err_clk;
--
2.34.1
^ permalink raw reply related [flat|nested] 584+ messages in thread
* [PATCH 5.10 110/563] media: si470x-i2c: fix possible memory leak in si470x_i2c_probe()
2022-01-24 18:36 [PATCH 5.10 000/563] 5.10.94-rc1 review Greg Kroah-Hartman
` (108 preceding siblings ...)
2022-01-24 18:37 ` [PATCH 5.10 109/563] media: imx-pxp: Initialize the spinlock prior to using it Greg Kroah-Hartman
@ 2022-01-24 18:37 ` Greg Kroah-Hartman
2022-01-24 18:37 ` [PATCH 5.10 111/563] media: mtk-vcodec: call v4l2_m2m_ctx_release first when file is released Greg Kroah-Hartman
` (456 subsequent siblings)
566 siblings, 0 replies; 584+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:37 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hulk Robot, Yang Yingliang,
Hans Verkuil, Mauro Carvalho Chehab, Sasha Levin
From: Yang Yingliang <yangyingliang@huawei.com>
[ Upstream commit ef054e345ed8c79ce1121a3599b5a2dfd78e57a0 ]
n the 'radio->hdl.error' error handling, ctrl handler allocated by
v4l2_ctrl_new_std() does not released, and caused memory leak as
follows:
unreferenced object 0xffff888033d54200 (size 256):
comm "i2c-si470x-19", pid 909, jiffies 4294914203 (age 8.072s)
hex dump (first 32 bytes):
e8 69 11 03 80 88 ff ff 00 46 d5 33 80 88 ff ff .i.......F.3....
10 42 d5 33 80 88 ff ff 10 42 d5 33 80 88 ff ff .B.3.....B.3....
backtrace:
[<00000000086bd4ed>] __kmalloc_node+0x1eb/0x360
[<00000000bdb68871>] kvmalloc_node+0x66/0x120
[<00000000fac74e4c>] v4l2_ctrl_new+0x7b9/0x1c60 [videodev]
[<00000000693bf940>] v4l2_ctrl_new_std+0x19b/0x270 [videodev]
[<00000000c0cb91bc>] si470x_i2c_probe+0x2d3/0x9a0 [radio_si470x_i2c]
[<0000000056a6f01f>] i2c_device_probe+0x4d8/0xbe0
Fix the error handling path to avoid memory leak.
Reported-by: Hulk Robot <hulkci@huawei.com>
Fixes: 8c081b6f9a9b ("media: radio: Critical v4l2 registration...")
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/radio/si470x/radio-si470x-i2c.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/drivers/media/radio/si470x/radio-si470x-i2c.c b/drivers/media/radio/si470x/radio-si470x-i2c.c
index a972c0705ac79..76d39e2e87706 100644
--- a/drivers/media/radio/si470x/radio-si470x-i2c.c
+++ b/drivers/media/radio/si470x/radio-si470x-i2c.c
@@ -368,7 +368,7 @@ static int si470x_i2c_probe(struct i2c_client *client)
if (radio->hdl.error) {
retval = radio->hdl.error;
dev_err(&client->dev, "couldn't register control\n");
- goto err_dev;
+ goto err_all;
}
/* video device initialization */
@@ -463,7 +463,6 @@ static int si470x_i2c_probe(struct i2c_client *client)
return 0;
err_all:
v4l2_ctrl_handler_free(&radio->hdl);
-err_dev:
v4l2_device_unregister(&radio->v4l2_dev);
err_initial:
return retval;
--
2.34.1
^ permalink raw reply related [flat|nested] 584+ messages in thread
* [PATCH 5.10 111/563] media: mtk-vcodec: call v4l2_m2m_ctx_release first when file is released
2022-01-24 18:36 [PATCH 5.10 000/563] 5.10.94-rc1 review Greg Kroah-Hartman
` (109 preceding siblings ...)
2022-01-24 18:37 ` [PATCH 5.10 110/563] media: si470x-i2c: fix possible memory leak in si470x_i2c_probe() Greg Kroah-Hartman
@ 2022-01-24 18:37 ` Greg Kroah-Hartman
2022-01-24 18:37 ` [PATCH 5.10 112/563] media: coda: fix CODA960 JPEG encoder buffer overflow Greg Kroah-Hartman
` (455 subsequent siblings)
566 siblings, 0 replies; 584+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:37 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dafna Hirschfeld, Hans Verkuil,
Mauro Carvalho Chehab, Sasha Levin
From: Dafna Hirschfeld <dafna.hirschfeld@collabora.com>
[ Upstream commit 9f89c881bffbdffe4060ffaef3489a2830a6dd9c ]
The func v4l2_m2m_ctx_release waits for currently running jobs
to finish and then stop streaming both queues and frees the buffers.
All this should be done before the call to mtk_vcodec_enc_release
which frees the encoder handler. This fixes null-pointer dereference bug:
[ 638.028076] Mem abort info:
[ 638.030932] ESR = 0x96000004
[ 638.033978] EC = 0x25: DABT (current EL), IL = 32 bits
[ 638.039293] SET = 0, FnV = 0
[ 638.042338] EA = 0, S1PTW = 0
[ 638.045474] FSC = 0x04: level 0 translation fault
[ 638.050349] Data abort info:
[ 638.053224] ISV = 0, ISS = 0x00000004
[ 638.057055] CM = 0, WnR = 0
[ 638.060018] user pgtable: 4k pages, 48-bit VAs, pgdp=000000012b6db000
[ 638.066485] [00000000000001a0] pgd=0000000000000000, p4d=0000000000000000
[ 638.073277] Internal error: Oops: 96000004 [#1] SMP
[ 638.078145] Modules linked in: rfkill mtk_vcodec_dec mtk_vcodec_enc uvcvideo mtk_mdp mtk_vcodec_common videobuf2_dma_contig v4l2_h264 cdc_ether v4l2_mem2mem videobuf2_vmalloc usbnet videobuf2_memops videobuf2_v4l2 r8152 videobuf2_common videodev cros_ec_sensors cros_ec_sensors_core industrialio_triggered_buffer kfifo_buf elan_i2c elants_i2c sbs_battery mc cros_usbpd_charger cros_ec_chardev cros_usbpd_logger crct10dif_ce mtk_vpu fuse ip_tables x_tables ipv6
[ 638.118583] CPU: 0 PID: 212 Comm: kworker/u8:5 Not tainted 5.15.0-06427-g58a1d4dcfc74-dirty #109
[ 638.127357] Hardware name: Google Elm (DT)
[ 638.131444] Workqueue: mtk-vcodec-enc mtk_venc_worker [mtk_vcodec_enc]
[ 638.137974] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)
[ 638.144925] pc : vp8_enc_encode+0x34/0x2b0 [mtk_vcodec_enc]
[ 638.150493] lr : venc_if_encode+0xac/0x1b0 [mtk_vcodec_enc]
[ 638.156060] sp : ffff8000124d3c40
[ 638.159364] x29: ffff8000124d3c40 x28: 0000000000000000 x27: 0000000000000000
[ 638.166493] x26: 0000000000000000 x25: ffff0000e7f252d0 x24: ffff8000124d3d58
[ 638.173621] x23: ffff8000124d3d58 x22: ffff8000124d3d60 x21: 0000000000000001
[ 638.180750] x20: ffff80001137e000 x19: 0000000000000000 x18: 0000000000000001
[ 638.187878] x17: 000000040044ffff x16: 00400032b5503510 x15: 0000000000000000
[ 638.195006] x14: ffff8000118536c0 x13: ffff8000ee1da000 x12: 0000000030d4d91d
[ 638.202134] x11: 0000000000000000 x10: 0000000000000980 x9 : ffff8000124d3b20
[ 638.209262] x8 : ffff0000c18d4ea0 x7 : ffff0000c18d44c0 x6 : ffff0000c18d44c0
[ 638.216391] x5 : ffff80000904a3b0 x4 : ffff8000124d3d58 x3 : ffff8000124d3d60
[ 638.223519] x2 : ffff8000124d3d78 x1 : 0000000000000001 x0 : ffff80001137efb8
[ 638.230648] Call trace:
[ 638.233084] vp8_enc_encode+0x34/0x2b0 [mtk_vcodec_enc]
[ 638.238304] venc_if_encode+0xac/0x1b0 [mtk_vcodec_enc]
[ 638.243525] mtk_venc_worker+0x110/0x250 [mtk_vcodec_enc]
[ 638.248918] process_one_work+0x1f8/0x498
[ 638.252923] worker_thread+0x140/0x538
[ 638.256664] kthread+0x148/0x158
[ 638.259884] ret_from_fork+0x10/0x20
[ 638.263455] Code: f90023f9 2a0103f5 aa0303f6 aa0403f8 (f940d277)
[ 638.269538] ---[ end trace e374fc10f8e181f5 ]---
[gst-master] root@debian:~/gst-build# [ 638.019193] Unable to handle kernel NULL pointer dereference at virtual address 00000000000001a0
Fixes: 4e855a6efa547 ("[media] vcodec: mediatek: Add Mediatek V4L2 Video Encoder Driver")
Signed-off-by: Dafna Hirschfeld <dafna.hirschfeld@collabora.com>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/platform/mtk-vcodec/mtk_vcodec_enc_drv.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/media/platform/mtk-vcodec/mtk_vcodec_enc_drv.c b/drivers/media/platform/mtk-vcodec/mtk_vcodec_enc_drv.c
index 219c2c5b78efc..5f93bc670edb2 100644
--- a/drivers/media/platform/mtk-vcodec/mtk_vcodec_enc_drv.c
+++ b/drivers/media/platform/mtk-vcodec/mtk_vcodec_enc_drv.c
@@ -237,11 +237,11 @@ static int fops_vcodec_release(struct file *file)
mtk_v4l2_debug(1, "[%d] encoder", ctx->id);
mutex_lock(&dev->dev_mutex);
+ v4l2_m2m_ctx_release(ctx->m2m_ctx);
mtk_vcodec_enc_release(ctx);
v4l2_fh_del(&ctx->fh);
v4l2_fh_exit(&ctx->fh);
v4l2_ctrl_handler_free(&ctx->ctrl_hdl);
- v4l2_m2m_ctx_release(ctx->m2m_ctx);
list_del_init(&ctx->list);
kfree(ctx);
--
2.34.1
^ permalink raw reply related [flat|nested] 584+ messages in thread
* [PATCH 5.10 112/563] media: coda: fix CODA960 JPEG encoder buffer overflow
2022-01-24 18:36 [PATCH 5.10 000/563] 5.10.94-rc1 review Greg Kroah-Hartman
` (110 preceding siblings ...)
2022-01-24 18:37 ` [PATCH 5.10 111/563] media: mtk-vcodec: call v4l2_m2m_ctx_release first when file is released Greg Kroah-Hartman
@ 2022-01-24 18:37 ` Greg Kroah-Hartman
2022-01-24 18:37 ` [PATCH 5.10 113/563] media: venus: pm_helpers: Control core power domain manually Greg Kroah-Hartman
` (454 subsequent siblings)
566 siblings, 0 replies; 584+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:37 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Martin Weber, Philipp Zabel,
Hans Verkuil, Mauro Carvalho Chehab, Sasha Levin
From: Philipp Zabel <p.zabel@pengutronix.de>
[ Upstream commit 1a59cd88f55068710f6549bee548846661673780 ]
Stop the CODA960 JPEG encoder from overflowing capture buffers.
The bitstream buffer overflow interrupt doesn't seem to be connected,
so this has to be handled via timeout instead.
Reported-by: Martin Weber <martin.weber@br-automation.com>
Fixes: 96f6f62c4656 ("media: coda: jpeg: add CODA960 JPEG encoder support")
Tested-by: Martin Weber <martin.weber@br-automation.com>
Signed-off-by: Philipp Zabel <p.zabel@pengutronix.de>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/platform/coda/coda-common.c | 8 +++++---
drivers/media/platform/coda/coda-jpeg.c | 21 ++++++++++++++++++++-
2 files changed, 25 insertions(+), 4 deletions(-)
diff --git a/drivers/media/platform/coda/coda-common.c b/drivers/media/platform/coda/coda-common.c
index 87a2c706f7477..1eed69d29149f 100644
--- a/drivers/media/platform/coda/coda-common.c
+++ b/drivers/media/platform/coda/coda-common.c
@@ -1537,11 +1537,13 @@ static void coda_pic_run_work(struct work_struct *work)
if (!wait_for_completion_timeout(&ctx->completion,
msecs_to_jiffies(1000))) {
- dev_err(dev->dev, "CODA PIC_RUN timeout\n");
+ if (ctx->use_bit) {
+ dev_err(dev->dev, "CODA PIC_RUN timeout\n");
- ctx->hold = true;
+ ctx->hold = true;
- coda_hw_reset(ctx);
+ coda_hw_reset(ctx);
+ }
if (ctx->ops->run_timeout)
ctx->ops->run_timeout(ctx);
diff --git a/drivers/media/platform/coda/coda-jpeg.c b/drivers/media/platform/coda/coda-jpeg.c
index b11cfbe166dd3..a72f4655e5ad5 100644
--- a/drivers/media/platform/coda/coda-jpeg.c
+++ b/drivers/media/platform/coda/coda-jpeg.c
@@ -1127,7 +1127,8 @@ static int coda9_jpeg_prepare_encode(struct coda_ctx *ctx)
coda_write(dev, 0, CODA9_REG_JPEG_GBU_BT_PTR);
coda_write(dev, 0, CODA9_REG_JPEG_GBU_WD_PTR);
coda_write(dev, 0, CODA9_REG_JPEG_GBU_BBSR);
- coda_write(dev, 0, CODA9_REG_JPEG_BBC_STRM_CTRL);
+ coda_write(dev, BIT(31) | ((end_addr - start_addr - header_len) / 256),
+ CODA9_REG_JPEG_BBC_STRM_CTRL);
coda_write(dev, 0, CODA9_REG_JPEG_GBU_CTRL);
coda_write(dev, 0, CODA9_REG_JPEG_GBU_FF_RPTR);
coda_write(dev, 127, CODA9_REG_JPEG_GBU_BBER);
@@ -1257,6 +1258,23 @@ static void coda9_jpeg_finish_encode(struct coda_ctx *ctx)
coda_hw_reset(ctx);
}
+static void coda9_jpeg_encode_timeout(struct coda_ctx *ctx)
+{
+ struct coda_dev *dev = ctx->dev;
+ u32 end_addr, wr_ptr;
+
+ /* Handle missing BBC overflow interrupt via timeout */
+ end_addr = coda_read(dev, CODA9_REG_JPEG_BBC_END_ADDR);
+ wr_ptr = coda_read(dev, CODA9_REG_JPEG_BBC_WR_PTR);
+ if (wr_ptr >= end_addr - 256) {
+ v4l2_err(&dev->v4l2_dev, "JPEG too large for capture buffer\n");
+ coda9_jpeg_finish_encode(ctx);
+ return;
+ }
+
+ coda_hw_reset(ctx);
+}
+
static void coda9_jpeg_release(struct coda_ctx *ctx)
{
int i;
@@ -1276,6 +1294,7 @@ const struct coda_context_ops coda9_jpeg_encode_ops = {
.start_streaming = coda9_jpeg_start_encoding,
.prepare_run = coda9_jpeg_prepare_encode,
.finish_run = coda9_jpeg_finish_encode,
+ .run_timeout = coda9_jpeg_encode_timeout,
.release = coda9_jpeg_release,
};
--
2.34.1
^ permalink raw reply related [flat|nested] 584+ messages in thread
* [PATCH 5.10 113/563] media: venus: pm_helpers: Control core power domain manually
2022-01-24 18:36 [PATCH 5.10 000/563] 5.10.94-rc1 review Greg Kroah-Hartman
` (111 preceding siblings ...)
2022-01-24 18:37 ` [PATCH 5.10 112/563] media: coda: fix CODA960 JPEG encoder buffer overflow Greg Kroah-Hartman
@ 2022-01-24 18:37 ` Greg Kroah-Hartman
2022-01-24 18:37 ` [PATCH 5.10 114/563] media: venus: core, venc, vdec: Fix probe dependency error Greg Kroah-Hartman
` (453 subsequent siblings)
566 siblings, 0 replies; 584+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:37 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Fritz Koenig, Stanimir Varbanov,
Mauro Carvalho Chehab, Sasha Levin
From: Stanimir Varbanov <stanimir.varbanov@linaro.org>
[ Upstream commit a76f43a490542ecb8c57176730b6eb665d716139 ]
Presently we use device_link to control core power domain. But this
leads to issues because the genpd doesn't guarantee synchronous on/off
for supplier devices. Switch to manually control by pmruntime calls.
Tested-by: Fritz Koenig <frkoenig@chromium.org>
Signed-off-by: Stanimir Varbanov <stanimir.varbanov@linaro.org>
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/platform/qcom/venus/core.h | 2 --
.../media/platform/qcom/venus/pm_helpers.c | 36 ++++++++++---------
2 files changed, 19 insertions(+), 19 deletions(-)
diff --git a/drivers/media/platform/qcom/venus/core.h b/drivers/media/platform/qcom/venus/core.h
index 05c9fbd51f0c0..f2a0ef9ee884e 100644
--- a/drivers/media/platform/qcom/venus/core.h
+++ b/drivers/media/platform/qcom/venus/core.h
@@ -123,7 +123,6 @@ struct venus_caps {
* @clks: an array of struct clk pointers
* @vcodec0_clks: an array of vcodec0 struct clk pointers
* @vcodec1_clks: an array of vcodec1 struct clk pointers
- * @pd_dl_venus: pmdomain device-link for venus domain
* @pmdomains: an array of pmdomains struct device pointers
* @vdev_dec: a reference to video device structure for decoder instances
* @vdev_enc: a reference to video device structure for encoder instances
@@ -161,7 +160,6 @@ struct venus_core {
struct icc_path *cpucfg_path;
struct opp_table *opp_table;
bool has_opp_table;
- struct device_link *pd_dl_venus;
struct device *pmdomains[VIDC_PMDOMAINS_NUM_MAX];
struct device_link *opp_dl_venus;
struct device *opp_pmdomain;
diff --git a/drivers/media/platform/qcom/venus/pm_helpers.c b/drivers/media/platform/qcom/venus/pm_helpers.c
index 2946547a0df4a..bce9a370015fb 100644
--- a/drivers/media/platform/qcom/venus/pm_helpers.c
+++ b/drivers/media/platform/qcom/venus/pm_helpers.c
@@ -773,13 +773,6 @@ static int vcodec_domains_get(struct device *dev)
core->pmdomains[i] = pd;
}
- core->pd_dl_venus = device_link_add(dev, core->pmdomains[0],
- DL_FLAG_PM_RUNTIME |
- DL_FLAG_STATELESS |
- DL_FLAG_RPM_ACTIVE);
- if (!core->pd_dl_venus)
- return -ENODEV;
-
skip_pmdomains:
if (!core->has_opp_table)
return 0;
@@ -806,14 +799,12 @@ skip_pmdomains:
opp_dl_add_err:
dev_pm_opp_detach_genpd(core->opp_table);
opp_attach_err:
- if (core->pd_dl_venus) {
- device_link_del(core->pd_dl_venus);
- for (i = 0; i < res->vcodec_pmdomains_num; i++) {
- if (IS_ERR_OR_NULL(core->pmdomains[i]))
- continue;
- dev_pm_domain_detach(core->pmdomains[i], true);
- }
+ for (i = 0; i < res->vcodec_pmdomains_num; i++) {
+ if (IS_ERR_OR_NULL(core->pmdomains[i]))
+ continue;
+ dev_pm_domain_detach(core->pmdomains[i], true);
}
+
return ret;
}
@@ -826,9 +817,6 @@ static void vcodec_domains_put(struct device *dev)
if (!res->vcodec_pmdomains_num)
goto skip_pmdomains;
- if (core->pd_dl_venus)
- device_link_del(core->pd_dl_venus);
-
for (i = 0; i < res->vcodec_pmdomains_num; i++) {
if (IS_ERR_OR_NULL(core->pmdomains[i]))
continue;
@@ -916,16 +904,30 @@ static void core_put_v4(struct device *dev)
static int core_power_v4(struct device *dev, int on)
{
struct venus_core *core = dev_get_drvdata(dev);
+ struct device *pmctrl = core->pmdomains[0];
int ret = 0;
if (on == POWER_ON) {
+ if (pmctrl) {
+ ret = pm_runtime_get_sync(pmctrl);
+ if (ret < 0) {
+ pm_runtime_put_noidle(pmctrl);
+ return ret;
+ }
+ }
+
ret = core_clks_enable(core);
+ if (ret < 0 && pmctrl)
+ pm_runtime_put_sync(pmctrl);
} else {
/* Drop the performance state vote */
if (core->opp_pmdomain)
dev_pm_opp_set_rate(dev, 0);
core_clks_disable(core);
+
+ if (pmctrl)
+ pm_runtime_put_sync(pmctrl);
}
return ret;
--
2.34.1
^ permalink raw reply related [flat|nested] 584+ messages in thread
* [PATCH 5.10 114/563] media: venus: core, venc, vdec: Fix probe dependency error
2022-01-24 18:36 [PATCH 5.10 000/563] 5.10.94-rc1 review Greg Kroah-Hartman
` (112 preceding siblings ...)
2022-01-24 18:37 ` [PATCH 5.10 113/563] media: venus: pm_helpers: Control core power domain manually Greg Kroah-Hartman
@ 2022-01-24 18:37 ` Greg Kroah-Hartman
2022-01-24 18:38 ` [PATCH 5.10 115/563] media: venus: core: Fix a potential NULL pointer dereference in an error handling path Greg Kroah-Hartman
` (452 subsequent siblings)
566 siblings, 0 replies; 584+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:37 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dmitry Baryshkov, Bryan ODonoghue,
Stanimir Varbanov, Mauro Carvalho Chehab, Sasha Levin
From: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
[ Upstream commit 08b1cf474b7f72750adebe0f0a35f8e9a3eb75f6 ]
Commit aaaa93eda64b ("media] media: venus: venc: add video encoder files")
is the last in a series of three commits to add core.c vdec.c and venc.c
adding core, encoder and decoder.
The encoder and decoder check for core drvdata as set and return -EPROBE_DEFER
if it has not been set, however both the encoder and decoder rely on
core.v4l2_dev as valid.
core.v4l2_dev will not be valid until v4l2_device_register() has completed
in core.c's probe().
Normally this is never seen however, Dmitry reported the following
backtrace when compiling drivers and firmware directly into a kernel image.
[ 5.259968] Hardware name: Qualcomm Technologies, Inc. Robotics RB5 (DT)
[ 5.269850] sd 0:0:0:3: [sdd] Optimal transfer size 524288 bytes
[ 5.275505] Workqueue: events deferred_probe_work_func
[ 5.275513] pstate: 60400005 (nZCv daif +PAN -UAO -TCO BTYPE=--)
[ 5.441211] usb 2-1: new SuperSpeedPlus Gen 2 USB device number 2 using xhci-hcd
[ 5.442486] pc : refcount_warn_saturate+0x140/0x148
[ 5.493756] hub 2-1:1.0: USB hub found
[ 5.496266] lr : refcount_warn_saturate+0x140/0x148
[ 5.500982] hub 2-1:1.0: 4 ports detected
[ 5.503440] sp : ffff80001067b730
[ 5.503442] x29: ffff80001067b730
[ 5.592660] usb 1-1: new high-speed USB device number 2 using xhci-hcd
[ 5.598478] x28: ffff6c6bc1c379b8
[ 5.598480] x27: ffffa5c673852960 x26: ffffa5c673852000
[ 5.598484] x25: ffff6c6bc1c37800 x24: 0000000000000001
[ 5.810652] x23: 0000000000000000 x22: ffffa5c673bc7118
[ 5.813777] hub 1-1:1.0: USB hub found
[ 5.816108] x21: ffffa5c674440000 x20: 0000000000000001
[ 5.820846] hub 1-1:1.0: 4 ports detected
[ 5.825415] x19: ffffa5c6744f4000 x18: ffffffffffffffff
[ 5.825418] x17: 0000000000000000 x16: 0000000000000000
[ 5.825421] x15: 00000a4810c193ba x14: 0000000000000000
[ 5.825424] x13: 00000000000002b8 x12: 000000000000f20a
[ 5.825427] x11: 000000000000f20a x10: 0000000000000038
[ 5.845447] usb 2-1.1: new SuperSpeed Gen 1 USB device number 3 using xhci-hcd
[ 5.845904]
[ 5.845905] x9 : 0000000000000000 x8 : ffff6c6d36fae780
[ 5.871208] x7 : ffff6c6d36faf240 x6 : 0000000000000000
[ 5.876664] x5 : 0000000000000004 x4 : 0000000000000085
[ 5.882121] x3 : 0000000000000119 x2 : ffffa5c6741ef478
[ 5.887578] x1 : 3acbb3926faf5f00 x0 : 0000000000000000
[ 5.893036] Call trace:
[ 5.895551] refcount_warn_saturate+0x140/0x148
[ 5.900202] __video_register_device+0x64c/0xd10
[ 5.904944] venc_probe+0xc4/0x148
[ 5.908444] platform_probe+0x68/0xe0
[ 5.912210] really_probe+0x118/0x3e0
[ 5.915977] driver_probe_device+0x5c/0xc0
[ 5.920187] __device_attach_driver+0x98/0xb8
[ 5.924661] bus_for_each_drv+0x68/0xd0
[ 5.928604] __device_attach+0xec/0x148
[ 5.932547] device_initial_probe+0x14/0x20
[ 5.936845] bus_probe_device+0x9c/0xa8
[ 5.940788] device_add+0x3e8/0x7c8
[ 5.944376] of_device_add+0x4c/0x60
[ 5.948056] of_platform_device_create_pdata+0xbc/0x140
[ 5.953425] of_platform_bus_create+0x17c/0x3c0
[ 5.958078] of_platform_populate+0x80/0x110
[ 5.962463] venus_probe+0x2ec/0x4d8
[ 5.966143] platform_probe+0x68/0xe0
[ 5.969907] really_probe+0x118/0x3e0
[ 5.973674] driver_probe_device+0x5c/0xc0
[ 5.977882] __device_attach_driver+0x98/0xb8
[ 5.982356] bus_for_each_drv+0x68/0xd0
[ 5.986298] __device_attach+0xec/0x148
[ 5.990242] device_initial_probe+0x14/0x20
[ 5.994539] bus_probe_device+0x9c/0xa8
[ 5.998481] deferred_probe_work_func+0x74/0xb0
[ 6.003132] process_one_work+0x1e8/0x360
[ 6.007254] worker_thread+0x208/0x478
[ 6.011106] kthread+0x150/0x158
[ 6.014431] ret_from_fork+0x10/0x30
[ 6.018111] ---[ end trace f074246b1ecdb466 ]---
This patch fixes by
- Only setting drvdata after v4l2_device_register() completes
- Moving v4l2_device_register() so that suspend/reume in core::probe()
stays as-is
- Changes pm_ops->core_function() to take struct venus_core not struct
device
- Minimal rework of v4l2_device_*register in probe/remove
Reported-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Signed-off-by: Stanimir Varbanov <stanimir.varbanov@linaro.org>
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/platform/qcom/venus/core.c | 30 +++++++++++--------
.../media/platform/qcom/venus/pm_helpers.c | 30 ++++++++-----------
.../media/platform/qcom/venus/pm_helpers.h | 7 +++--
3 files changed, 34 insertions(+), 33 deletions(-)
diff --git a/drivers/media/platform/qcom/venus/core.c b/drivers/media/platform/qcom/venus/core.c
index 58ddebbb84468..bad553bf9f304 100644
--- a/drivers/media/platform/qcom/venus/core.c
+++ b/drivers/media/platform/qcom/venus/core.c
@@ -222,7 +222,6 @@ static int venus_probe(struct platform_device *pdev)
return -ENOMEM;
core->dev = dev;
- platform_set_drvdata(pdev, core);
r = platform_get_resource(pdev, IORESOURCE_MEM, 0);
core->base = devm_ioremap_resource(dev, r);
@@ -252,7 +251,7 @@ static int venus_probe(struct platform_device *pdev)
return -ENODEV;
if (core->pm_ops->core_get) {
- ret = core->pm_ops->core_get(dev);
+ ret = core->pm_ops->core_get(core);
if (ret)
return ret;
}
@@ -277,6 +276,12 @@ static int venus_probe(struct platform_device *pdev)
if (ret)
goto err_core_put;
+ ret = v4l2_device_register(dev, &core->v4l2_dev);
+ if (ret)
+ goto err_core_deinit;
+
+ platform_set_drvdata(pdev, core);
+
pm_runtime_enable(dev);
ret = pm_runtime_get_sync(dev);
@@ -311,10 +316,6 @@ static int venus_probe(struct platform_device *pdev)
if (ret)
goto err_venus_shutdown;
- ret = v4l2_device_register(dev, &core->v4l2_dev);
- if (ret)
- goto err_core_deinit;
-
ret = pm_runtime_put_sync(dev);
if (ret) {
pm_runtime_get_noresume(dev);
@@ -327,8 +328,6 @@ static int venus_probe(struct platform_device *pdev)
err_dev_unregister:
v4l2_device_unregister(&core->v4l2_dev);
-err_core_deinit:
- hfi_core_deinit(core, false);
err_venus_shutdown:
venus_shutdown(core);
err_runtime_disable:
@@ -336,9 +335,11 @@ err_runtime_disable:
pm_runtime_set_suspended(dev);
pm_runtime_disable(dev);
hfi_destroy(core);
+err_core_deinit:
+ hfi_core_deinit(core, false);
err_core_put:
if (core->pm_ops->core_put)
- core->pm_ops->core_put(dev);
+ core->pm_ops->core_put(core);
return ret;
}
@@ -364,11 +365,14 @@ static int venus_remove(struct platform_device *pdev)
pm_runtime_disable(dev);
if (pm_ops->core_put)
- pm_ops->core_put(dev);
+ pm_ops->core_put(core);
+
+ v4l2_device_unregister(&core->v4l2_dev);
hfi_destroy(core);
v4l2_device_unregister(&core->v4l2_dev);
+
mutex_destroy(&core->pm_lock);
mutex_destroy(&core->lock);
venus_dbgfs_deinit(core);
@@ -387,7 +391,7 @@ static __maybe_unused int venus_runtime_suspend(struct device *dev)
return ret;
if (pm_ops->core_power) {
- ret = pm_ops->core_power(dev, POWER_OFF);
+ ret = pm_ops->core_power(core, POWER_OFF);
if (ret)
return ret;
}
@@ -405,7 +409,7 @@ static __maybe_unused int venus_runtime_suspend(struct device *dev)
err_video_path:
icc_set_bw(core->cpucfg_path, kbps_to_icc(1000), 0);
err_cpucfg_path:
- pm_ops->core_power(dev, POWER_ON);
+ pm_ops->core_power(core, POWER_ON);
return ret;
}
@@ -425,7 +429,7 @@ static __maybe_unused int venus_runtime_resume(struct device *dev)
return ret;
if (pm_ops->core_power) {
- ret = pm_ops->core_power(dev, POWER_ON);
+ ret = pm_ops->core_power(core, POWER_ON);
if (ret)
return ret;
}
diff --git a/drivers/media/platform/qcom/venus/pm_helpers.c b/drivers/media/platform/qcom/venus/pm_helpers.c
index bce9a370015fb..63095d70f8d82 100644
--- a/drivers/media/platform/qcom/venus/pm_helpers.c
+++ b/drivers/media/platform/qcom/venus/pm_helpers.c
@@ -276,16 +276,13 @@ set_freq:
return 0;
}
-static int core_get_v1(struct device *dev)
+static int core_get_v1(struct venus_core *core)
{
- struct venus_core *core = dev_get_drvdata(dev);
-
return core_clks_get(core);
}
-static int core_power_v1(struct device *dev, int on)
+static int core_power_v1(struct venus_core *core, int on)
{
- struct venus_core *core = dev_get_drvdata(dev);
int ret = 0;
if (on == POWER_ON)
@@ -752,12 +749,12 @@ static int venc_power_v4(struct device *dev, int on)
return ret;
}
-static int vcodec_domains_get(struct device *dev)
+static int vcodec_domains_get(struct venus_core *core)
{
int ret;
struct opp_table *opp_table;
struct device **opp_virt_dev;
- struct venus_core *core = dev_get_drvdata(dev);
+ struct device *dev = core->dev;
const struct venus_resources *res = core->res;
struct device *pd;
unsigned int i;
@@ -808,9 +805,8 @@ opp_attach_err:
return ret;
}
-static void vcodec_domains_put(struct device *dev)
+static void vcodec_domains_put(struct venus_core *core)
{
- struct venus_core *core = dev_get_drvdata(dev);
const struct venus_resources *res = core->res;
unsigned int i;
@@ -833,9 +829,9 @@ skip_pmdomains:
dev_pm_opp_detach_genpd(core->opp_table);
}
-static int core_get_v4(struct device *dev)
+static int core_get_v4(struct venus_core *core)
{
- struct venus_core *core = dev_get_drvdata(dev);
+ struct device *dev = core->dev;
const struct venus_resources *res = core->res;
int ret;
@@ -874,7 +870,7 @@ static int core_get_v4(struct device *dev)
}
}
- ret = vcodec_domains_get(dev);
+ ret = vcodec_domains_get(core);
if (ret) {
if (core->has_opp_table)
dev_pm_opp_of_remove_table(dev);
@@ -885,14 +881,14 @@ static int core_get_v4(struct device *dev)
return 0;
}
-static void core_put_v4(struct device *dev)
+static void core_put_v4(struct venus_core *core)
{
- struct venus_core *core = dev_get_drvdata(dev);
+ struct device *dev = core->dev;
if (legacy_binding)
return;
- vcodec_domains_put(dev);
+ vcodec_domains_put(core);
if (core->has_opp_table)
dev_pm_opp_of_remove_table(dev);
@@ -901,9 +897,9 @@ static void core_put_v4(struct device *dev)
}
-static int core_power_v4(struct device *dev, int on)
+static int core_power_v4(struct venus_core *core, int on)
{
- struct venus_core *core = dev_get_drvdata(dev);
+ struct device *dev = core->dev;
struct device *pmctrl = core->pmdomains[0];
int ret = 0;
diff --git a/drivers/media/platform/qcom/venus/pm_helpers.h b/drivers/media/platform/qcom/venus/pm_helpers.h
index aa2f6afa23544..a492c50c5543c 100644
--- a/drivers/media/platform/qcom/venus/pm_helpers.h
+++ b/drivers/media/platform/qcom/venus/pm_helpers.h
@@ -4,14 +4,15 @@
#define __VENUS_PM_HELPERS_H__
struct device;
+struct venus_core;
#define POWER_ON 1
#define POWER_OFF 0
struct venus_pm_ops {
- int (*core_get)(struct device *dev);
- void (*core_put)(struct device *dev);
- int (*core_power)(struct device *dev, int on);
+ int (*core_get)(struct venus_core *core);
+ void (*core_put)(struct venus_core *core);
+ int (*core_power)(struct venus_core *core, int on);
int (*vdec_get)(struct device *dev);
void (*vdec_put)(struct device *dev);
--
2.34.1
^ permalink raw reply related [flat|nested] 584+ messages in thread
* [PATCH 5.10 115/563] media: venus: core: Fix a potential NULL pointer dereference in an error handling path
2022-01-24 18:36 [PATCH 5.10 000/563] 5.10.94-rc1 review Greg Kroah-Hartman
` (113 preceding siblings ...)
2022-01-24 18:37 ` [PATCH 5.10 114/563] media: venus: core, venc, vdec: Fix probe dependency error Greg Kroah-Hartman
@ 2022-01-24 18:38 ` Greg Kroah-Hartman
2022-01-24 18:38 ` [PATCH 5.10 116/563] media: venus: core: Fix a resource leak in the error handling path of venus_probe() Greg Kroah-Hartman
` (451 subsequent siblings)
566 siblings, 0 replies; 584+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:38 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Christophe JAILLET,
Stanimir Varbanov, Mauro Carvalho Chehab, Sasha Levin
From: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
[ Upstream commit e4debea9be7d5db52bc6a565a4c02c3c6560d093 ]
The normal path of the function makes the assumption that
'pm_ops->core_power' may be NULL.
We should make the same assumption in the error handling path or a NULL
pointer dereference may occur.
Add the missing test before calling 'pm_ops->core_power'
Fixes: 9e8efdb57879 ("media: venus: core: vote for video-mem path")
Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Signed-off-by: Stanimir Varbanov <stanimir.varbanov@linaro.org>
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/platform/qcom/venus/core.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/media/platform/qcom/venus/core.c b/drivers/media/platform/qcom/venus/core.c
index bad553bf9f304..791ed1b1bbbd3 100644
--- a/drivers/media/platform/qcom/venus/core.c
+++ b/drivers/media/platform/qcom/venus/core.c
@@ -409,7 +409,8 @@ static __maybe_unused int venus_runtime_suspend(struct device *dev)
err_video_path:
icc_set_bw(core->cpucfg_path, kbps_to_icc(1000), 0);
err_cpucfg_path:
- pm_ops->core_power(core, POWER_ON);
+ if (pm_ops->core_power)
+ pm_ops->core_power(core, POWER_ON);
return ret;
}
--
2.34.1
^ permalink raw reply related [flat|nested] 584+ messages in thread
* [PATCH 5.10 116/563] media: venus: core: Fix a resource leak in the error handling path of venus_probe()
2022-01-24 18:36 [PATCH 5.10 000/563] 5.10.94-rc1 review Greg Kroah-Hartman
` (114 preceding siblings ...)
2022-01-24 18:38 ` [PATCH 5.10 115/563] media: venus: core: Fix a potential NULL pointer dereference in an error handling path Greg Kroah-Hartman
@ 2022-01-24 18:38 ` Greg Kroah-Hartman
2022-01-24 18:38 ` [PATCH 5.10 117/563] thermal/drivers/imx: Implement runtime PM support Greg Kroah-Hartman
` (450 subsequent siblings)
566 siblings, 0 replies; 584+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:38 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Christophe JAILLET,
Stanimir Varbanov, Mauro Carvalho Chehab, Sasha Levin
From: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
[ Upstream commit 8cc7a1b2aca067397a016cdb971a5e6ad9b640c7 ]
A successful 'of_platform_populate()' call should be balanced by a
corresponding 'of_platform_depopulate()' call in the error handling path
of the probe, as already done in the remove function.
A successful 'venus_firmware_init()' call should be balanced by a
corresponding 'venus_firmware_deinit()' call in the error handling path
of the probe, as already done in the remove function.
Update the error handling path accordingly.
Fixes: f9799fcce4bb ("media: venus: firmware: register separate platform_device for firmware loader")
Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Signed-off-by: Stanimir Varbanov <stanimir.varbanov@linaro.org>
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/platform/qcom/venus/core.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/drivers/media/platform/qcom/venus/core.c b/drivers/media/platform/qcom/venus/core.c
index 791ed1b1bbbd3..1d621f7769035 100644
--- a/drivers/media/platform/qcom/venus/core.c
+++ b/drivers/media/platform/qcom/venus/core.c
@@ -294,11 +294,11 @@ static int venus_probe(struct platform_device *pdev)
ret = venus_firmware_init(core);
if (ret)
- goto err_runtime_disable;
+ goto err_of_depopulate;
ret = venus_boot(core);
if (ret)
- goto err_runtime_disable;
+ goto err_firmware_deinit;
ret = hfi_core_resume(core, true);
if (ret)
@@ -330,6 +330,10 @@ err_dev_unregister:
v4l2_device_unregister(&core->v4l2_dev);
err_venus_shutdown:
venus_shutdown(core);
+err_firmware_deinit:
+ venus_firmware_deinit(core);
+err_of_depopulate:
+ of_platform_depopulate(dev);
err_runtime_disable:
pm_runtime_put_noidle(dev);
pm_runtime_set_suspended(dev);
--
2.34.1
^ permalink raw reply related [flat|nested] 584+ messages in thread
* [PATCH 5.10 117/563] thermal/drivers/imx: Implement runtime PM support
2022-01-24 18:36 [PATCH 5.10 000/563] 5.10.94-rc1 review Greg Kroah-Hartman
` (115 preceding siblings ...)
2022-01-24 18:38 ` [PATCH 5.10 116/563] media: venus: core: Fix a resource leak in the error handling path of venus_probe() Greg Kroah-Hartman
@ 2022-01-24 18:38 ` Greg Kroah-Hartman
2022-01-24 18:38 ` [PATCH 5.10 118/563] netfilter: bridge: add support for pppoe filtering Greg Kroah-Hartman
` (449 subsequent siblings)
566 siblings, 0 replies; 584+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:38 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Oleksij Rempel, Petr Beneš,
Daniel Lezcano, Sasha Levin
From: Oleksij Rempel <o.rempel@pengutronix.de>
[ Upstream commit 4cf2ddf16e175ee18c5c29865c32da7d6269cf44 ]
Starting with commit d92ed2c9d3ff ("thermal: imx: Use driver's local
data to decide whether to run a measurement") this driver stared using
irq_enabled flag to make decision to power on/off the thermal
core. This triggered a regression, where after reaching critical
temperature, alarm IRQ handler set irq_enabled to false, disabled
thermal core and was not able read temperature and disable cooling
sequence.
In case the cooling device is "CPU/GPU freq", the system will run with
reduce performance until next reboot.
To solve this issue, we need to move all parts implementing hand made
runtime power management and let it handle actual runtime PM framework.
Fixes: d92ed2c9d3ff ("thermal: imx: Use driver's local data to decide whether to run a measurement")
Signed-off-by: Oleksij Rempel <o.rempel@pengutronix.de>
Tested-by: Petr Beneš <petr.benes@ysoft.com>
Link: https://lore.kernel.org/r/20211117103426.81813-1-o.rempel@pengutronix.de
Signed-off-by: Daniel Lezcano <daniel.lezcano@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/thermal/imx_thermal.c | 145 +++++++++++++++++++++-------------
1 file changed, 91 insertions(+), 54 deletions(-)
diff --git a/drivers/thermal/imx_thermal.c b/drivers/thermal/imx_thermal.c
index 2c7473d86a59b..16663373b6829 100644
--- a/drivers/thermal/imx_thermal.c
+++ b/drivers/thermal/imx_thermal.c
@@ -15,6 +15,7 @@
#include <linux/regmap.h>
#include <linux/thermal.h>
#include <linux/nvmem-consumer.h>
+#include <linux/pm_runtime.h>
#define REG_SET 0x4
#define REG_CLR 0x8
@@ -194,6 +195,7 @@ static struct thermal_soc_data thermal_imx7d_data = {
};
struct imx_thermal_data {
+ struct device *dev;
struct cpufreq_policy *policy;
struct thermal_zone_device *tz;
struct thermal_cooling_device *cdev;
@@ -252,44 +254,15 @@ static int imx_get_temp(struct thermal_zone_device *tz, int *temp)
const struct thermal_soc_data *soc_data = data->socdata;
struct regmap *map = data->tempmon;
unsigned int n_meas;
- bool wait, run_measurement;
u32 val;
+ int ret;
- run_measurement = !data->irq_enabled;
- if (!run_measurement) {
- /* Check if a measurement is currently in progress */
- regmap_read(map, soc_data->temp_data, &val);
- wait = !(val & soc_data->temp_valid_mask);
- } else {
- /*
- * Every time we measure the temperature, we will power on the
- * temperature sensor, enable measurements, take a reading,
- * disable measurements, power off the temperature sensor.
- */
- regmap_write(map, soc_data->sensor_ctrl + REG_CLR,
- soc_data->power_down_mask);
- regmap_write(map, soc_data->sensor_ctrl + REG_SET,
- soc_data->measure_temp_mask);
-
- wait = true;
- }
-
- /*
- * According to the temp sensor designers, it may require up to ~17us
- * to complete a measurement.
- */
- if (wait)
- usleep_range(20, 50);
+ ret = pm_runtime_resume_and_get(data->dev);
+ if (ret < 0)
+ return ret;
regmap_read(map, soc_data->temp_data, &val);
- if (run_measurement) {
- regmap_write(map, soc_data->sensor_ctrl + REG_CLR,
- soc_data->measure_temp_mask);
- regmap_write(map, soc_data->sensor_ctrl + REG_SET,
- soc_data->power_down_mask);
- }
-
if ((val & soc_data->temp_valid_mask) == 0) {
dev_dbg(&tz->device, "temp measurement never finished\n");
return -EAGAIN;
@@ -328,6 +301,8 @@ static int imx_get_temp(struct thermal_zone_device *tz, int *temp)
enable_irq(data->irq);
}
+ pm_runtime_put(data->dev);
+
return 0;
}
@@ -335,24 +310,16 @@ static int imx_change_mode(struct thermal_zone_device *tz,
enum thermal_device_mode mode)
{
struct imx_thermal_data *data = tz->devdata;
- struct regmap *map = data->tempmon;
- const struct thermal_soc_data *soc_data = data->socdata;
if (mode == THERMAL_DEVICE_ENABLED) {
- regmap_write(map, soc_data->sensor_ctrl + REG_CLR,
- soc_data->power_down_mask);
- regmap_write(map, soc_data->sensor_ctrl + REG_SET,
- soc_data->measure_temp_mask);
+ pm_runtime_get(data->dev);
if (!data->irq_enabled) {
data->irq_enabled = true;
enable_irq(data->irq);
}
} else {
- regmap_write(map, soc_data->sensor_ctrl + REG_CLR,
- soc_data->measure_temp_mask);
- regmap_write(map, soc_data->sensor_ctrl + REG_SET,
- soc_data->power_down_mask);
+ pm_runtime_put(data->dev);
if (data->irq_enabled) {
disable_irq(data->irq);
@@ -393,6 +360,11 @@ static int imx_set_trip_temp(struct thermal_zone_device *tz, int trip,
int temp)
{
struct imx_thermal_data *data = tz->devdata;
+ int ret;
+
+ ret = pm_runtime_resume_and_get(data->dev);
+ if (ret < 0)
+ return ret;
/* do not allow changing critical threshold */
if (trip == IMX_TRIP_CRITICAL)
@@ -406,6 +378,8 @@ static int imx_set_trip_temp(struct thermal_zone_device *tz, int trip,
imx_set_alarm_temp(data, temp);
+ pm_runtime_put(data->dev);
+
return 0;
}
@@ -681,6 +655,8 @@ static int imx_thermal_probe(struct platform_device *pdev)
if (!data)
return -ENOMEM;
+ data->dev = &pdev->dev;
+
map = syscon_regmap_lookup_by_phandle(pdev->dev.of_node, "fsl,tempmon");
if (IS_ERR(map)) {
ret = PTR_ERR(map);
@@ -800,6 +776,16 @@ static int imx_thermal_probe(struct platform_device *pdev)
data->socdata->power_down_mask);
regmap_write(map, data->socdata->sensor_ctrl + REG_SET,
data->socdata->measure_temp_mask);
+ /* After power up, we need a delay before first access can be done. */
+ usleep_range(20, 50);
+
+ /* the core was configured and enabled just before */
+ pm_runtime_set_active(&pdev->dev);
+ pm_runtime_enable(data->dev);
+
+ ret = pm_runtime_resume_and_get(data->dev);
+ if (ret < 0)
+ goto disable_runtime_pm;
data->irq_enabled = true;
ret = thermal_zone_device_enable(data->tz);
@@ -814,10 +800,15 @@ static int imx_thermal_probe(struct platform_device *pdev)
goto thermal_zone_unregister;
}
+ pm_runtime_put(data->dev);
+
return 0;
thermal_zone_unregister:
thermal_zone_device_unregister(data->tz);
+disable_runtime_pm:
+ pm_runtime_put_noidle(data->dev);
+ pm_runtime_disable(data->dev);
clk_disable:
clk_disable_unprepare(data->thermal_clk);
legacy_cleanup:
@@ -829,13 +820,9 @@ legacy_cleanup:
static int imx_thermal_remove(struct platform_device *pdev)
{
struct imx_thermal_data *data = platform_get_drvdata(pdev);
- struct regmap *map = data->tempmon;
- /* Disable measurements */
- regmap_write(map, data->socdata->sensor_ctrl + REG_SET,
- data->socdata->power_down_mask);
- if (!IS_ERR(data->thermal_clk))
- clk_disable_unprepare(data->thermal_clk);
+ pm_runtime_put_noidle(data->dev);
+ pm_runtime_disable(data->dev);
thermal_zone_device_unregister(data->tz);
imx_thermal_unregister_legacy_cooling(data);
@@ -858,29 +845,79 @@ static int __maybe_unused imx_thermal_suspend(struct device *dev)
ret = thermal_zone_device_disable(data->tz);
if (ret)
return ret;
+
+ return pm_runtime_force_suspend(data->dev);
+}
+
+static int __maybe_unused imx_thermal_resume(struct device *dev)
+{
+ struct imx_thermal_data *data = dev_get_drvdata(dev);
+ int ret;
+
+ ret = pm_runtime_force_resume(data->dev);
+ if (ret)
+ return ret;
+ /* Enabled thermal sensor after resume */
+ return thermal_zone_device_enable(data->tz);
+}
+
+static int __maybe_unused imx_thermal_runtime_suspend(struct device *dev)
+{
+ struct imx_thermal_data *data = dev_get_drvdata(dev);
+ const struct thermal_soc_data *socdata = data->socdata;
+ struct regmap *map = data->tempmon;
+ int ret;
+
+ ret = regmap_write(map, socdata->sensor_ctrl + REG_CLR,
+ socdata->measure_temp_mask);
+ if (ret)
+ return ret;
+
+ ret = regmap_write(map, socdata->sensor_ctrl + REG_SET,
+ socdata->power_down_mask);
+ if (ret)
+ return ret;
+
clk_disable_unprepare(data->thermal_clk);
return 0;
}
-static int __maybe_unused imx_thermal_resume(struct device *dev)
+static int __maybe_unused imx_thermal_runtime_resume(struct device *dev)
{
struct imx_thermal_data *data = dev_get_drvdata(dev);
+ const struct thermal_soc_data *socdata = data->socdata;
+ struct regmap *map = data->tempmon;
int ret;
ret = clk_prepare_enable(data->thermal_clk);
if (ret)
return ret;
- /* Enabled thermal sensor after resume */
- ret = thermal_zone_device_enable(data->tz);
+
+ ret = regmap_write(map, socdata->sensor_ctrl + REG_CLR,
+ socdata->power_down_mask);
+ if (ret)
+ return ret;
+
+ ret = regmap_write(map, socdata->sensor_ctrl + REG_SET,
+ socdata->measure_temp_mask);
if (ret)
return ret;
+ /*
+ * According to the temp sensor designers, it may require up to ~17us
+ * to complete a measurement.
+ */
+ usleep_range(20, 50);
+
return 0;
}
-static SIMPLE_DEV_PM_OPS(imx_thermal_pm_ops,
- imx_thermal_suspend, imx_thermal_resume);
+static const struct dev_pm_ops imx_thermal_pm_ops = {
+ SET_SYSTEM_SLEEP_PM_OPS(imx_thermal_suspend, imx_thermal_resume)
+ SET_RUNTIME_PM_OPS(imx_thermal_runtime_suspend,
+ imx_thermal_runtime_resume, NULL)
+};
static struct platform_driver imx_thermal = {
.driver = {
--
2.34.1
^ permalink raw reply related [flat|nested] 584+ messages in thread
* [PATCH 5.10 118/563] netfilter: bridge: add support for pppoe filtering
2022-01-24 18:36 [PATCH 5.10 000/563] 5.10.94-rc1 review Greg Kroah-Hartman
` (116 preceding siblings ...)
2022-01-24 18:38 ` [PATCH 5.10 117/563] thermal/drivers/imx: Implement runtime PM support Greg Kroah-Hartman
@ 2022-01-24 18:38 ` Greg Kroah-Hartman
2022-01-24 18:38 ` [PATCH 5.10 119/563] arm64: dts: qcom: msm8916: fix MMC controller aliases Greg Kroah-Hartman
` (448 subsequent siblings)
566 siblings, 0 replies; 584+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:38 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Florian Westphal, Pablo Neira Ayuso,
Sasha Levin, Amish Chana
From: Florian Westphal <fw@strlen.de>
[ Upstream commit 28b78ecffea8078d81466b2e01bb5a154509f1ba ]
This makes 'bridge-nf-filter-pppoe-tagged' sysctl work for
bridged traffic.
Looking at the original commit it doesn't appear this ever worked:
static unsigned int br_nf_post_routing(unsigned int hook, struct sk_buff **pskb,
[..]
if (skb->protocol == htons(ETH_P_8021Q)) {
skb_pull(skb, VLAN_HLEN);
skb->network_header += VLAN_HLEN;
+ } else if (skb->protocol == htons(ETH_P_PPP_SES)) {
+ skb_pull(skb, PPPOE_SES_HLEN);
+ skb->network_header += PPPOE_SES_HLEN;
}
[..]
NF_HOOK(... POST_ROUTING, ...)
... but the adjusted offsets are never restored.
The alternative would be to rip this code out for good,
but otoh we'd have to keep this anyway for the vlan handling
(which works because vlan tag info is in the skb, not the packet
payload).
Reported-and-tested-by: Amish Chana <amish@3g.co.za>
Fixes: 516299d2f5b6f97 ("[NETFILTER]: bridge-nf: filter bridged IPv4/IPv6 encapsulated in pppoe traffic")
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/bridge/br_netfilter_hooks.c | 7 +++----
1 file changed, 3 insertions(+), 4 deletions(-)
diff --git a/net/bridge/br_netfilter_hooks.c b/net/bridge/br_netfilter_hooks.c
index 8edfb98ae1d58..68c0d0f928908 100644
--- a/net/bridge/br_netfilter_hooks.c
+++ b/net/bridge/br_netfilter_hooks.c
@@ -743,6 +743,9 @@ static int br_nf_dev_queue_xmit(struct net *net, struct sock *sk, struct sk_buff
if (nf_bridge->frag_max_size && nf_bridge->frag_max_size < mtu)
mtu = nf_bridge->frag_max_size;
+ nf_bridge_update_protocol(skb);
+ nf_bridge_push_encap_header(skb);
+
if (skb_is_gso(skb) || skb->len + mtu_reserved <= mtu) {
nf_bridge_info_free(skb);
return br_dev_queue_push_xmit(net, sk, skb);
@@ -760,8 +763,6 @@ static int br_nf_dev_queue_xmit(struct net *net, struct sock *sk, struct sk_buff
IPCB(skb)->frag_max_size = nf_bridge->frag_max_size;
- nf_bridge_update_protocol(skb);
-
data = this_cpu_ptr(&brnf_frag_data_storage);
if (skb_vlan_tag_present(skb)) {
@@ -789,8 +790,6 @@ static int br_nf_dev_queue_xmit(struct net *net, struct sock *sk, struct sk_buff
IP6CB(skb)->frag_max_size = nf_bridge->frag_max_size;
- nf_bridge_update_protocol(skb);
-
data = this_cpu_ptr(&brnf_frag_data_storage);
data->encap_size = nf_bridge_encap_header_len(skb);
data->size = ETH_HLEN + data->encap_size;
--
2.34.1
^ permalink raw reply related [flat|nested] 584+ messages in thread
* [PATCH 5.10 119/563] arm64: dts: qcom: msm8916: fix MMC controller aliases
2022-01-24 18:36 [PATCH 5.10 000/563] 5.10.94-rc1 review Greg Kroah-Hartman
` (117 preceding siblings ...)
2022-01-24 18:38 ` [PATCH 5.10 118/563] netfilter: bridge: add support for pppoe filtering Greg Kroah-Hartman
@ 2022-01-24 18:38 ` Greg Kroah-Hartman
2022-01-24 18:38 ` [PATCH 5.10 120/563] cgroup: Trace event cgroup id fields should be u64 Greg Kroah-Hartman
` (447 subsequent siblings)
566 siblings, 0 replies; 584+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:38 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dmitry Baryshkov, Bjorn Andersson,
Sasha Levin
From: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
[ Upstream commit b0293c19d42f6d6951c2fab9a47fed50baf2c14d ]
Change sdhcN aliases to mmcN to make them actually work. Currently the
board uses non-standard aliases sdhcN, which do not work, resulting in
mmc0 and mmc1 hosts randomly changing indices between boots.
Fixes: c4da5a561627 ("arm64: dts: qcom: Add msm8916 sdhci configuration nodes")
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org>
Link: https://lore.kernel.org/r/20211201020559.1611890-1-dmitry.baryshkov@linaro.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/boot/dts/qcom/msm8916.dtsi | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/arch/arm64/boot/dts/qcom/msm8916.dtsi b/arch/arm64/boot/dts/qcom/msm8916.dtsi
index b1ffc056eea0b..291276a38d7cd 100644
--- a/arch/arm64/boot/dts/qcom/msm8916.dtsi
+++ b/arch/arm64/boot/dts/qcom/msm8916.dtsi
@@ -18,8 +18,8 @@
#size-cells = <2>;
aliases {
- sdhc1 = &sdhc_1; /* SDC1 eMMC slot */
- sdhc2 = &sdhc_2; /* SDC2 SD card slot */
+ mmc0 = &sdhc_1; /* SDC1 eMMC slot */
+ mmc1 = &sdhc_2; /* SDC2 SD card slot */
};
chosen { };
--
2.34.1
^ permalink raw reply related [flat|nested] 584+ messages in thread
* [PATCH 5.10 120/563] cgroup: Trace event cgroup id fields should be u64
2022-01-24 18:36 [PATCH 5.10 000/563] 5.10.94-rc1 review Greg Kroah-Hartman
` (118 preceding siblings ...)
2022-01-24 18:38 ` [PATCH 5.10 119/563] arm64: dts: qcom: msm8916: fix MMC controller aliases Greg Kroah-Hartman
@ 2022-01-24 18:38 ` Greg Kroah-Hartman
2022-01-24 18:38 ` [PATCH 5.10 121/563] ACPI: EC: Rework flushing of EC work while suspended to idle Greg Kroah-Hartman
` (446 subsequent siblings)
566 siblings, 0 replies; 584+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:38 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, William Kucharski,
Steven Rostedt (VMware),
Tejun Heo, Sasha Levin
From: William Kucharski <william.kucharski@oracle.com>
[ Upstream commit e14da77113bb890d7bf9e5d17031bdd476a7ce5e ]
Various trace event fields that store cgroup IDs were declared as
ints, but cgroup_id(() returns a u64 and the structures and associated
TP_printk() calls were not updated to reflect this.
Fixes: 743210386c03 ("cgroup: use cgrp->kn->id as the cgroup ID")
Signed-off-by: William Kucharski <william.kucharski@oracle.com>
Reviewed-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
Signed-off-by: Tejun Heo <tj@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/trace/events/cgroup.h | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/include/trace/events/cgroup.h b/include/trace/events/cgroup.h
index 7f42a3de59e6b..dd7d7c9efecdf 100644
--- a/include/trace/events/cgroup.h
+++ b/include/trace/events/cgroup.h
@@ -59,8 +59,8 @@ DECLARE_EVENT_CLASS(cgroup,
TP_STRUCT__entry(
__field( int, root )
- __field( int, id )
__field( int, level )
+ __field( u64, id )
__string( path, path )
),
@@ -71,7 +71,7 @@ DECLARE_EVENT_CLASS(cgroup,
__assign_str(path, path);
),
- TP_printk("root=%d id=%d level=%d path=%s",
+ TP_printk("root=%d id=%llu level=%d path=%s",
__entry->root, __entry->id, __entry->level, __get_str(path))
);
@@ -126,8 +126,8 @@ DECLARE_EVENT_CLASS(cgroup_migrate,
TP_STRUCT__entry(
__field( int, dst_root )
- __field( int, dst_id )
__field( int, dst_level )
+ __field( u64, dst_id )
__field( int, pid )
__string( dst_path, path )
__string( comm, task->comm )
@@ -142,7 +142,7 @@ DECLARE_EVENT_CLASS(cgroup_migrate,
__assign_str(comm, task->comm);
),
- TP_printk("dst_root=%d dst_id=%d dst_level=%d dst_path=%s pid=%d comm=%s",
+ TP_printk("dst_root=%d dst_id=%llu dst_level=%d dst_path=%s pid=%d comm=%s",
__entry->dst_root, __entry->dst_id, __entry->dst_level,
__get_str(dst_path), __entry->pid, __get_str(comm))
);
@@ -171,8 +171,8 @@ DECLARE_EVENT_CLASS(cgroup_event,
TP_STRUCT__entry(
__field( int, root )
- __field( int, id )
__field( int, level )
+ __field( u64, id )
__string( path, path )
__field( int, val )
),
@@ -185,7 +185,7 @@ DECLARE_EVENT_CLASS(cgroup_event,
__entry->val = val;
),
- TP_printk("root=%d id=%d level=%d path=%s val=%d",
+ TP_printk("root=%d id=%llu level=%d path=%s val=%d",
__entry->root, __entry->id, __entry->level, __get_str(path),
__entry->val)
);
--
2.34.1
^ permalink raw reply related [flat|nested] 584+ messages in thread
* [PATCH 5.10 121/563] ACPI: EC: Rework flushing of EC work while suspended to idle
2022-01-24 18:36 [PATCH 5.10 000/563] 5.10.94-rc1 review Greg Kroah-Hartman
` (119 preceding siblings ...)
2022-01-24 18:38 ` [PATCH 5.10 120/563] cgroup: Trace event cgroup id fields should be u64 Greg Kroah-Hartman
@ 2022-01-24 18:38 ` Greg Kroah-Hartman
2022-01-24 18:38 ` [PATCH 5.10 122/563] thermal/drivers/imx8mm: Enable ADC when enabling monitor Greg Kroah-Hartman
` (445 subsequent siblings)
566 siblings, 0 replies; 584+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:38 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Rafael J. Wysocki, Sasha Levin
From: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
[ Upstream commit 4a9af6cac050dce2e895ec3205c4615383ad9112 ]
The flushing of pending work in the EC driver uses drain_workqueue()
to flush the event handling work that can requeue itself via
advance_transaction(), but this is problematic, because that
work may also be requeued from the query workqueue.
Namely, if an EC transaction is carried out during the execution of
a query handler, it involves calling advance_transaction() which
may queue up the event handling work again. This causes the kernel
to complain about attempts to add a work item to the EC event
workqueue while it is being drained and worst-case it may cause a
valid event to be skipped.
To avoid this problem, introduce two new counters, events_in_progress
and queries_in_progress, incremented when a work item is queued on
the event workqueue or the query workqueue, respectively, and
decremented at the end of the corresponding work function, and make
acpi_ec_dispatch_gpe() the workqueues in a loop until the both of
these counters are zero (or system wakeup is pending) instead of
calling acpi_ec_flush_work().
At the same time, change __acpi_ec_flush_work() to call
flush_workqueue() instead of drain_workqueue() to flush the event
workqueue.
While at it, use the observation that the work item queued in
acpi_ec_query() cannot be pending at that time, because it is used
only once, to simplify the code in there.
Additionally, clean up a comment in acpi_ec_query() and adjust white
space in acpi_ec_event_processor().
Fixes: f0ac20c3f613 ("ACPI: EC: Fix flushing of pending work")
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/acpi/ec.c | 57 +++++++++++++++++++++++++++++++----------
drivers/acpi/internal.h | 2 ++
2 files changed, 45 insertions(+), 14 deletions(-)
diff --git a/drivers/acpi/ec.c b/drivers/acpi/ec.c
index be3e0921a6c00..3f2e5ea9ab6b7 100644
--- a/drivers/acpi/ec.c
+++ b/drivers/acpi/ec.c
@@ -166,6 +166,7 @@ struct acpi_ec_query {
struct transaction transaction;
struct work_struct work;
struct acpi_ec_query_handler *handler;
+ struct acpi_ec *ec;
};
static int acpi_ec_query(struct acpi_ec *ec, u8 *data);
@@ -469,6 +470,7 @@ static void acpi_ec_submit_query(struct acpi_ec *ec)
ec_dbg_evt("Command(%s) submitted/blocked",
acpi_ec_cmd_string(ACPI_EC_COMMAND_QUERY));
ec->nr_pending_queries++;
+ ec->events_in_progress++;
queue_work(ec_wq, &ec->work);
}
}
@@ -535,7 +537,7 @@ static void acpi_ec_enable_event(struct acpi_ec *ec)
#ifdef CONFIG_PM_SLEEP
static void __acpi_ec_flush_work(void)
{
- drain_workqueue(ec_wq); /* flush ec->work */
+ flush_workqueue(ec_wq); /* flush ec->work */
flush_workqueue(ec_query_wq); /* flush queries */
}
@@ -1116,7 +1118,7 @@ void acpi_ec_remove_query_handler(struct acpi_ec *ec, u8 query_bit)
}
EXPORT_SYMBOL_GPL(acpi_ec_remove_query_handler);
-static struct acpi_ec_query *acpi_ec_create_query(u8 *pval)
+static struct acpi_ec_query *acpi_ec_create_query(struct acpi_ec *ec, u8 *pval)
{
struct acpi_ec_query *q;
struct transaction *t;
@@ -1124,11 +1126,13 @@ static struct acpi_ec_query *acpi_ec_create_query(u8 *pval)
q = kzalloc(sizeof (struct acpi_ec_query), GFP_KERNEL);
if (!q)
return NULL;
+
INIT_WORK(&q->work, acpi_ec_event_processor);
t = &q->transaction;
t->command = ACPI_EC_COMMAND_QUERY;
t->rdata = pval;
t->rlen = 1;
+ q->ec = ec;
return q;
}
@@ -1145,13 +1149,21 @@ static void acpi_ec_event_processor(struct work_struct *work)
{
struct acpi_ec_query *q = container_of(work, struct acpi_ec_query, work);
struct acpi_ec_query_handler *handler = q->handler;
+ struct acpi_ec *ec = q->ec;
ec_dbg_evt("Query(0x%02x) started", handler->query_bit);
+
if (handler->func)
handler->func(handler->data);
else if (handler->handle)
acpi_evaluate_object(handler->handle, NULL, NULL, NULL);
+
ec_dbg_evt("Query(0x%02x) stopped", handler->query_bit);
+
+ spin_lock_irq(&ec->lock);
+ ec->queries_in_progress--;
+ spin_unlock_irq(&ec->lock);
+
acpi_ec_delete_query(q);
}
@@ -1161,7 +1173,7 @@ static int acpi_ec_query(struct acpi_ec *ec, u8 *data)
int result;
struct acpi_ec_query *q;
- q = acpi_ec_create_query(&value);
+ q = acpi_ec_create_query(ec, &value);
if (!q)
return -ENOMEM;
@@ -1183,19 +1195,20 @@ static int acpi_ec_query(struct acpi_ec *ec, u8 *data)
}
/*
- * It is reported that _Qxx are evaluated in a parallel way on
- * Windows:
+ * It is reported that _Qxx are evaluated in a parallel way on Windows:
* https://bugzilla.kernel.org/show_bug.cgi?id=94411
*
- * Put this log entry before schedule_work() in order to make
- * it appearing before any other log entries occurred during the
- * work queue execution.
+ * Put this log entry before queue_work() to make it appear in the log
+ * before any other messages emitted during workqueue handling.
*/
ec_dbg_evt("Query(0x%02x) scheduled", value);
- if (!queue_work(ec_query_wq, &q->work)) {
- ec_dbg_evt("Query(0x%02x) overlapped", value);
- result = -EBUSY;
- }
+
+ spin_lock_irq(&ec->lock);
+
+ ec->queries_in_progress++;
+ queue_work(ec_query_wq, &q->work);
+
+ spin_unlock_irq(&ec->lock);
err_exit:
if (result)
@@ -1253,6 +1266,10 @@ static void acpi_ec_event_handler(struct work_struct *work)
ec_dbg_evt("Event stopped");
acpi_ec_check_event(ec);
+
+ spin_lock_irqsave(&ec->lock, flags);
+ ec->events_in_progress--;
+ spin_unlock_irqrestore(&ec->lock, flags);
}
static void acpi_ec_handle_interrupt(struct acpi_ec *ec)
@@ -2034,6 +2051,7 @@ void acpi_ec_set_gpe_wake_mask(u8 action)
bool acpi_ec_dispatch_gpe(void)
{
+ bool work_in_progress;
u32 ret;
if (!first_ec)
@@ -2054,8 +2072,19 @@ bool acpi_ec_dispatch_gpe(void)
if (ret == ACPI_INTERRUPT_HANDLED)
pm_pr_dbg("ACPI EC GPE dispatched\n");
- /* Flush the event and query workqueues. */
- acpi_ec_flush_work();
+ /* Drain EC work. */
+ do {
+ acpi_ec_flush_work();
+
+ pm_pr_dbg("ACPI EC work flushed\n");
+
+ spin_lock_irq(&first_ec->lock);
+
+ work_in_progress = first_ec->events_in_progress +
+ first_ec->queries_in_progress > 0;
+
+ spin_unlock_irq(&first_ec->lock);
+ } while (work_in_progress && !pm_wakeup_pending());
return false;
}
diff --git a/drivers/acpi/internal.h b/drivers/acpi/internal.h
index a958ad60a3394..125e4901c9b47 100644
--- a/drivers/acpi/internal.h
+++ b/drivers/acpi/internal.h
@@ -184,6 +184,8 @@ struct acpi_ec {
struct work_struct work;
unsigned long timestamp;
unsigned long nr_pending_queries;
+ unsigned int events_in_progress;
+ unsigned int queries_in_progress;
bool busy_polling;
unsigned int polling_guard;
};
--
2.34.1
^ permalink raw reply related [flat|nested] 584+ messages in thread
* [PATCH 5.10 122/563] thermal/drivers/imx8mm: Enable ADC when enabling monitor
2022-01-24 18:36 [PATCH 5.10 000/563] 5.10.94-rc1 review Greg Kroah-Hartman
` (120 preceding siblings ...)
2022-01-24 18:38 ` [PATCH 5.10 121/563] ACPI: EC: Rework flushing of EC work while suspended to idle Greg Kroah-Hartman
@ 2022-01-24 18:38 ` Greg Kroah-Hartman
2022-01-24 18:38 ` [PATCH 5.10 123/563] drm/amdgpu: Fix a NULL pointer dereference in amdgpu_connector_lcd_native_mode() Greg Kroah-Hartman
` (444 subsequent siblings)
566 siblings, 0 replies; 584+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:38 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Paul Gerber, Alexander Stein,
Daniel Lezcano, Sasha Levin
From: Paul Gerber <Paul.Gerber@tq-group.com>
[ Upstream commit 3de89d8842a2b5d3dd22ebf97dd561ae0a330948 ]
The i.MX 8MP has a ADC_PD bit in the TMU_TER register that controls the
operating mode of the ADC:
* 0 means normal operating mode
* 1 means power down mode
When enabling/disabling the TMU, the ADC operating mode must be set
accordingly.
i.MX 8M Mini & Nano are lacking this bit.
Signed-off-by: Paul Gerber <Paul.Gerber@tq-group.com>
Signed-off-by: Alexander Stein <alexander.stein@ew.tq-group.com>
Fixes: 2b8f1f0337c5 ("thermal: imx8mm: Add i.MX8MP support")
Link: https://lore.kernel.org/r/20211122114225.196280-1-alexander.stein@ew.tq-group.com
Signed-off-by: Daniel Lezcano <daniel.lezcano@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/thermal/imx8mm_thermal.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/thermal/imx8mm_thermal.c b/drivers/thermal/imx8mm_thermal.c
index a1e4f9bb4cb01..0f4cabd2a8c62 100644
--- a/drivers/thermal/imx8mm_thermal.c
+++ b/drivers/thermal/imx8mm_thermal.c
@@ -21,6 +21,7 @@
#define TPS 0x4
#define TRITSR 0x20 /* TMU immediate temp */
+#define TER_ADC_PD BIT(30)
#define TER_EN BIT(31)
#define TRITSR_TEMP0_VAL_MASK 0xff
#define TRITSR_TEMP1_VAL_MASK 0xff0000
@@ -113,6 +114,8 @@ static void imx8mm_tmu_enable(struct imx8mm_tmu *tmu, bool enable)
val = readl_relaxed(tmu->base + TER);
val = enable ? (val | TER_EN) : (val & ~TER_EN);
+ if (tmu->socdata->version == TMU_VER2)
+ val = enable ? (val & ~TER_ADC_PD) : (val | TER_ADC_PD);
writel_relaxed(val, tmu->base + TER);
}
--
2.34.1
^ permalink raw reply related [flat|nested] 584+ messages in thread
* [PATCH 5.10 123/563] drm/amdgpu: Fix a NULL pointer dereference in amdgpu_connector_lcd_native_mode()
2022-01-24 18:36 [PATCH 5.10 000/563] 5.10.94-rc1 review Greg Kroah-Hartman
` (121 preceding siblings ...)
2022-01-24 18:38 ` [PATCH 5.10 122/563] thermal/drivers/imx8mm: Enable ADC when enabling monitor Greg Kroah-Hartman
@ 2022-01-24 18:38 ` Greg Kroah-Hartman
2022-01-24 18:38 ` [PATCH 5.10 124/563] drm/radeon/radeon_kms: Fix a NULL pointer dereference in radeon_driver_open_kms() Greg Kroah-Hartman
` (443 subsequent siblings)
566 siblings, 0 replies; 584+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:38 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Zhou Qingyang, Alex Deucher, Sasha Levin
From: Zhou Qingyang <zhou1615@umn.edu>
[ Upstream commit b220110e4cd442156f36e1d9b4914bb9e87b0d00 ]
In amdgpu_connector_lcd_native_mode(), the return value of
drm_mode_duplicate() is assigned to mode, and there is a dereference
of it in amdgpu_connector_lcd_native_mode(), which will lead to a NULL
pointer dereference on failure of drm_mode_duplicate().
Fix this bug add a check of mode.
This bug was found by a static analyzer. The analysis employs
differential checking to identify inconsistent security operations
(e.g., checks or kfrees) between two code paths and confirms that the
inconsistent operations are not recovered in the current function or
the callers, so they constitute bugs.
Note that, as a bug found by static analysis, it can be a false
positive or hard to trigger. Multiple researchers have cross-reviewed
the bug.
Builds with CONFIG_DRM_AMDGPU=m show no new warnings, and
our static analyzer no longer warns about this code.
Fixes: d38ceaf99ed0 ("drm/amdgpu: add core driver (v4)")
Signed-off-by: Zhou Qingyang <zhou1615@umn.edu>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/amd/amdgpu/amdgpu_connectors.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_connectors.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_connectors.c
index 0de66f59adb8a..df1f9b88a53f9 100644
--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_connectors.c
+++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_connectors.c
@@ -387,6 +387,9 @@ amdgpu_connector_lcd_native_mode(struct drm_encoder *encoder)
native_mode->vdisplay != 0 &&
native_mode->clock != 0) {
mode = drm_mode_duplicate(dev, native_mode);
+ if (!mode)
+ return NULL;
+
mode->type = DRM_MODE_TYPE_PREFERRED | DRM_MODE_TYPE_DRIVER;
drm_mode_set_name(mode);
@@ -401,6 +404,9 @@ amdgpu_connector_lcd_native_mode(struct drm_encoder *encoder)
* simpler.
*/
mode = drm_cvt_mode(dev, native_mode->hdisplay, native_mode->vdisplay, 60, true, false, false);
+ if (!mode)
+ return NULL;
+
mode->type = DRM_MODE_TYPE_PREFERRED | DRM_MODE_TYPE_DRIVER;
DRM_DEBUG_KMS("Adding cvt approximation of native panel mode %s\n", mode->name);
}
--
2.34.1
^ permalink raw reply related [flat|nested] 584+ messages in thread
* [PATCH 5.10 124/563] drm/radeon/radeon_kms: Fix a NULL pointer dereference in radeon_driver_open_kms()
2022-01-24 18:36 [PATCH 5.10 000/563] 5.10.94-rc1 review Greg Kroah-Hartman
` (122 preceding siblings ...)
2022-01-24 18:38 ` [PATCH 5.10 123/563] drm/amdgpu: Fix a NULL pointer dereference in amdgpu_connector_lcd_native_mode() Greg Kroah-Hartman
@ 2022-01-24 18:38 ` Greg Kroah-Hartman
2022-01-24 18:38 ` [PATCH 5.10 125/563] arm64: dts: ti: k3-j7200: Fix the L2 cache sets Greg Kroah-Hartman
` (442 subsequent siblings)
566 siblings, 0 replies; 584+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:38 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Christian König, Zhou Qingyang,
Alex Deucher, Sasha Levin
From: Zhou Qingyang <zhou1615@umn.edu>
[ Upstream commit ab50cb9df8896b39aae65c537a30de2c79c19735 ]
In radeon_driver_open_kms(), radeon_vm_bo_add() is assigned to
vm->ib_bo_va and passes and used in radeon_vm_bo_set_addr(). In
radeon_vm_bo_set_addr(), there is a dereference of vm->ib_bo_va,
which could lead to a NULL pointer dereference on failure of
radeon_vm_bo_add().
Fix this bug by adding a check of vm->ib_bo_va.
This bug was found by a static analyzer. The analysis employs
differential checking to identify inconsistent security operations
(e.g., checks or kfrees) between two code paths and confirms that the
inconsistent operations are not recovered in the current function or
the callers, so they constitute bugs.
Note that, as a bug found by static analysis, it can be a false
positive or hard to trigger. Multiple researchers have cross-reviewed
the bug.
Builds with CONFIG_DRM_RADEON=m show no new warnings,
and our static analyzer no longer warns about this code.
Fixes: cc9e67e3d700 ("drm/radeon: fix VM IB handling")
Reviewed-by: Christian König <christian.koenig@amd.com>
Signed-off-by: Zhou Qingyang <zhou1615@umn.edu>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/radeon/radeon_kms.c | 36 ++++++++++++++++-------------
1 file changed, 20 insertions(+), 16 deletions(-)
diff --git a/drivers/gpu/drm/radeon/radeon_kms.c b/drivers/gpu/drm/radeon/radeon_kms.c
index 8c0a572940e82..204634b239283 100644
--- a/drivers/gpu/drm/radeon/radeon_kms.c
+++ b/drivers/gpu/drm/radeon/radeon_kms.c
@@ -634,6 +634,8 @@ void radeon_driver_lastclose_kms(struct drm_device *dev)
int radeon_driver_open_kms(struct drm_device *dev, struct drm_file *file_priv)
{
struct radeon_device *rdev = dev->dev_private;
+ struct radeon_fpriv *fpriv;
+ struct radeon_vm *vm;
int r;
file_priv->driver_priv = NULL;
@@ -646,8 +648,6 @@ int radeon_driver_open_kms(struct drm_device *dev, struct drm_file *file_priv)
/* new gpu have virtual address space support */
if (rdev->family >= CHIP_CAYMAN) {
- struct radeon_fpriv *fpriv;
- struct radeon_vm *vm;
fpriv = kzalloc(sizeof(*fpriv), GFP_KERNEL);
if (unlikely(!fpriv)) {
@@ -658,35 +658,39 @@ int radeon_driver_open_kms(struct drm_device *dev, struct drm_file *file_priv)
if (rdev->accel_working) {
vm = &fpriv->vm;
r = radeon_vm_init(rdev, vm);
- if (r) {
- kfree(fpriv);
- goto out_suspend;
- }
+ if (r)
+ goto out_fpriv;
r = radeon_bo_reserve(rdev->ring_tmp_bo.bo, false);
- if (r) {
- radeon_vm_fini(rdev, vm);
- kfree(fpriv);
- goto out_suspend;
- }
+ if (r)
+ goto out_vm_fini;
/* map the ib pool buffer read only into
* virtual address space */
vm->ib_bo_va = radeon_vm_bo_add(rdev, vm,
rdev->ring_tmp_bo.bo);
+ if (!vm->ib_bo_va) {
+ r = -ENOMEM;
+ goto out_vm_fini;
+ }
+
r = radeon_vm_bo_set_addr(rdev, vm->ib_bo_va,
RADEON_VA_IB_OFFSET,
RADEON_VM_PAGE_READABLE |
RADEON_VM_PAGE_SNOOPED);
- if (r) {
- radeon_vm_fini(rdev, vm);
- kfree(fpriv);
- goto out_suspend;
- }
+ if (r)
+ goto out_vm_fini;
}
file_priv->driver_priv = fpriv;
}
+ if (!r)
+ goto out_suspend;
+
+out_vm_fini:
+ radeon_vm_fini(rdev, vm);
+out_fpriv:
+ kfree(fpriv);
out_suspend:
pm_runtime_mark_last_busy(dev->dev);
pm_runtime_put_autosuspend(dev->dev);
--
2.34.1
^ permalink raw reply related [flat|nested] 584+ messages in thread
* [PATCH 5.10 125/563] arm64: dts: ti: k3-j7200: Fix the L2 cache sets
2022-01-24 18:36 [PATCH 5.10 000/563] 5.10.94-rc1 review Greg Kroah-Hartman
` (123 preceding siblings ...)
2022-01-24 18:38 ` [PATCH 5.10 124/563] drm/radeon/radeon_kms: Fix a NULL pointer dereference in radeon_driver_open_kms() Greg Kroah-Hartman
@ 2022-01-24 18:38 ` Greg Kroah-Hartman
2022-01-24 18:38 ` [PATCH 5.10 126/563] arm64: dts: ti: k3-j721e: " Greg Kroah-Hartman
` (441 subsequent siblings)
566 siblings, 0 replies; 584+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:38 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Peng Fan, Nishanth Menon,
Pratyush Yadav, Vignesh Raghavendra, Sasha Levin
From: Nishanth Menon <nm@ti.com>
[ Upstream commit d0c826106f3fc11ff97285102b576b65576654ae ]
A72's L2 cache[1] on J7200[2] is 1MB. A72's L2 is fixed line length of
64 bytes and 16-way set-associative cache structure.
1MB of L2 / 64 (line length) = 16384 ways
16384 ways / 16 = 1024 sets
Fix the l2 cache-sets.
[1] https://developer.arm.com/documentation/100095/0003/Level-2-Memory-System/About-the-L2-memory-system
[2] https://www.ti.com/lit/pdf/spruiu1
Fixes: d361ed88455f ("arm64: dts: ti: Add support for J7200 SoC")
Reported-by: Peng Fan <peng.fan@nxp.com>
Signed-off-by: Nishanth Menon <nm@ti.com>
Reviewed-by: Pratyush Yadav <p.yadav@ti.com>
Signed-off-by: Vignesh Raghavendra <vigneshr@ti.com>
Link: https://lore.kernel.org/r/20211113043638.4358-1-nm@ti.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/boot/dts/ti/k3-j7200.dtsi | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/arm64/boot/dts/ti/k3-j7200.dtsi b/arch/arm64/boot/dts/ti/k3-j7200.dtsi
index 66169bcf7c9a4..081b8f3d44c44 100644
--- a/arch/arm64/boot/dts/ti/k3-j7200.dtsi
+++ b/arch/arm64/boot/dts/ti/k3-j7200.dtsi
@@ -84,7 +84,7 @@
cache-level = <2>;
cache-size = <0x100000>;
cache-line-size = <64>;
- cache-sets = <2048>;
+ cache-sets = <1024>;
next-level-cache = <&msmc_l3>;
};
--
2.34.1
^ permalink raw reply related [flat|nested] 584+ messages in thread
* [PATCH 5.10 126/563] arm64: dts: ti: k3-j721e: Fix the L2 cache sets
2022-01-24 18:36 [PATCH 5.10 000/563] 5.10.94-rc1 review Greg Kroah-Hartman
` (124 preceding siblings ...)
2022-01-24 18:38 ` [PATCH 5.10 125/563] arm64: dts: ti: k3-j7200: Fix the L2 cache sets Greg Kroah-Hartman
@ 2022-01-24 18:38 ` Greg Kroah-Hartman
2022-01-24 18:38 ` [PATCH 5.10 127/563] arm64: dts: ti: k3-j7200: Correct the d-cache-sets info Greg Kroah-Hartman
` (440 subsequent siblings)
566 siblings, 0 replies; 584+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:38 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Peng Fan, Nishanth Menon,
Pratyush Yadav, Vignesh Raghavendra, Sasha Levin
From: Nishanth Menon <nm@ti.com>
[ Upstream commit e9ba3a5bc6fdc2c796c69fdaf5ed6c9957cf9f9d ]
A72's L2 cache[1] on J721e[2] is 1MB. A72's L2 is fixed line length of
64 bytes and 16-way set-associative cache structure.
1MB of L2 / 64 (line length) = 16384 ways
16384 ways / 16 = 1024 sets
Fix the l2 cache-sets.
[1] https://developer.arm.com/documentation/100095/0003/Level-2-Memory-System/About-the-L2-memory-system
[2] http://www.ti.com/lit/pdf/spruil1
Fixes: 2d87061e70de ("arm64: dts: ti: Add Support for J721E SoC")
Reported-by: Peng Fan <peng.fan@nxp.com>
Signed-off-by: Nishanth Menon <nm@ti.com>
Reviewed-by: Pratyush Yadav <p.yadav@ti.com>
Signed-off-by: Vignesh Raghavendra <vigneshr@ti.com>
Link: https://lore.kernel.org/r/20211113043639.4413-1-nm@ti.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/boot/dts/ti/k3-j721e.dtsi | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/arm64/boot/dts/ti/k3-j721e.dtsi b/arch/arm64/boot/dts/ti/k3-j721e.dtsi
index d1ef9fbe4981d..a199227327ed2 100644
--- a/arch/arm64/boot/dts/ti/k3-j721e.dtsi
+++ b/arch/arm64/boot/dts/ti/k3-j721e.dtsi
@@ -85,7 +85,7 @@
cache-level = <2>;
cache-size = <0x100000>;
cache-line-size = <64>;
- cache-sets = <2048>;
+ cache-sets = <1024>;
next-level-cache = <&msmc_l3>;
};
--
2.34.1
^ permalink raw reply related [flat|nested] 584+ messages in thread
* [PATCH 5.10 127/563] arm64: dts: ti: k3-j7200: Correct the d-cache-sets info
2022-01-24 18:36 [PATCH 5.10 000/563] 5.10.94-rc1 review Greg Kroah-Hartman
` (125 preceding siblings ...)
2022-01-24 18:38 ` [PATCH 5.10 126/563] arm64: dts: ti: k3-j721e: " Greg Kroah-Hartman
@ 2022-01-24 18:38 ` Greg Kroah-Hartman
2022-01-24 18:38 ` [PATCH 5.10 128/563] tty: serial: uartlite: allow 64 bit address Greg Kroah-Hartman
` (439 subsequent siblings)
566 siblings, 0 replies; 584+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:38 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Peng Fan, Nishanth Menon,
Pratyush Yadav, Kishon Vijay Abraham I, Vignesh Raghavendra,
Sasha Levin
From: Nishanth Menon <nm@ti.com>
[ Upstream commit a172c86931709d6663318609d71a811333bdf4b0 ]
A72 Cluster (chapter 1.3.1 [1]) has 48KB Icache, 32KB Dcache and 1MB L2 Cache
- ICache is 3-way set-associative
- Dcache is 2-way set-associative
- Line size are 64bytes
32KB (Dcache)/64 (fixed line length of 64 bytes) = 512 ways
512 ways / 2 (Dcache is 2-way per set) = 256 sets.
So, correct the d-cache-sets info.
[1] https://www.ti.com/lit/pdf/spruiu1
Fixes: d361ed88455f ("arm64: dts: ti: Add support for J7200 SoC")
Reported-by: Peng Fan <peng.fan@nxp.com>
Signed-off-by: Nishanth Menon <nm@ti.com>
Reviewed-by: Pratyush Yadav <p.yadav@ti.com>
Reviewed-by: Kishon Vijay Abraham I <kishon@ti.com>
Signed-off-by: Vignesh Raghavendra <vigneshr@ti.com>
Link: https://lore.kernel.org/r/20211113042640.30955-1-nm@ti.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/boot/dts/ti/k3-j7200.dtsi | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/arch/arm64/boot/dts/ti/k3-j7200.dtsi b/arch/arm64/boot/dts/ti/k3-j7200.dtsi
index 081b8f3d44c44..03a9623f0f956 100644
--- a/arch/arm64/boot/dts/ti/k3-j7200.dtsi
+++ b/arch/arm64/boot/dts/ti/k3-j7200.dtsi
@@ -60,7 +60,7 @@
i-cache-sets = <256>;
d-cache-size = <0x8000>;
d-cache-line-size = <64>;
- d-cache-sets = <128>;
+ d-cache-sets = <256>;
next-level-cache = <&L2_0>;
};
@@ -74,7 +74,7 @@
i-cache-sets = <256>;
d-cache-size = <0x8000>;
d-cache-line-size = <64>;
- d-cache-sets = <128>;
+ d-cache-sets = <256>;
next-level-cache = <&L2_0>;
};
};
--
2.34.1
^ permalink raw reply related [flat|nested] 584+ messages in thread
* [PATCH 5.10 128/563] tty: serial: uartlite: allow 64 bit address
2022-01-24 18:36 [PATCH 5.10 000/563] 5.10.94-rc1 review Greg Kroah-Hartman
` (126 preceding siblings ...)
2022-01-24 18:38 ` [PATCH 5.10 127/563] arm64: dts: ti: k3-j7200: Correct the d-cache-sets info Greg Kroah-Hartman
@ 2022-01-24 18:38 ` Greg Kroah-Hartman
2022-01-24 18:38 ` [PATCH 5.10 129/563] serial: amba-pl011: do not request memory region twice Greg Kroah-Hartman
` (438 subsequent siblings)
566 siblings, 0 replies; 584+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:38 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Lizhi Hou, Sasha Levin
From: Lizhi Hou <lizhi.hou@xilinx.com>
[ Upstream commit 3672fb65155530b5eea6225685c75329b6debec3 ]
The base address of uartlite registers could be 64 bit address which is from
device resource. When ulite_probe() calls ulite_assign(), this 64 bit
address is casted to 32-bit. The fix is to replace "u32" type with
"phys_addr_t" type for the base address in ulite_assign() argument list.
Fixes: 8fa7b6100693 ("[POWERPC] Uartlite: Separate the bus binding from the driver proper")
Signed-off-by: Lizhi Hou <lizhi.hou@xilinx.com>
Link: https://lore.kernel.org/r/20211129202302.1319033-1-lizhi.hou@xilinx.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/tty/serial/uartlite.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/tty/serial/uartlite.c b/drivers/tty/serial/uartlite.c
index 7081ab322b402..48923cd8c07d1 100644
--- a/drivers/tty/serial/uartlite.c
+++ b/drivers/tty/serial/uartlite.c
@@ -615,7 +615,7 @@ static struct uart_driver ulite_uart_driver = {
*
* Returns: 0 on success, <0 otherwise
*/
-static int ulite_assign(struct device *dev, int id, u32 base, int irq,
+static int ulite_assign(struct device *dev, int id, phys_addr_t base, int irq,
struct uartlite_data *pdata)
{
struct uart_port *port;
--
2.34.1
^ permalink raw reply related [flat|nested] 584+ messages in thread
* [PATCH 5.10 129/563] serial: amba-pl011: do not request memory region twice
2022-01-24 18:36 [PATCH 5.10 000/563] 5.10.94-rc1 review Greg Kroah-Hartman
` (127 preceding siblings ...)
2022-01-24 18:38 ` [PATCH 5.10 128/563] tty: serial: uartlite: allow 64 bit address Greg Kroah-Hartman
@ 2022-01-24 18:38 ` Greg Kroah-Hartman
2022-01-24 18:38 ` [PATCH 5.10 130/563] floppy: Fix hang in watchdog when disk is ejected Greg Kroah-Hartman
` (437 subsequent siblings)
566 siblings, 0 replies; 584+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:38 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Lino Sanfilippo, Sasha Levin
From: Lino Sanfilippo <LinoSanfilippo@gmx.de>
[ Upstream commit d1180405c7b5c7a1c6bde79d5fc24fe931430737 ]
With commit 3873e2d7f63a ("drivers: PL011: refactor pl011_probe()") the
function devm_ioremap() called from pl011_setup_port() was replaced with
devm_ioremap_resource(). Since this function not only remaps but also
requests the ports io memory region it now collides with the .config_port()
callback which requests the same region at uart port registration.
Since devm_ioremap_resource() already claims the memory successfully, the
request in .config_port() fails.
Later at uart port deregistration the attempt to release the unclaimed
memory also fails. The failure results in a “Trying to free nonexistent
resource" warning.
Fix these issues by removing the callbacks that implement the redundant
memory allocation/release. Also make sure that changing the drivers io
memory base address via TIOCSSERIAL is not allowed any more.
Fixes: 3873e2d7f63a ("drivers: PL011: refactor pl011_probe()")
Signed-off-by: Lino Sanfilippo <LinoSanfilippo@gmx.de>
Link: https://lore.kernel.org/r/20211129174238.8333-1-LinoSanfilippo@gmx.de
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/tty/serial/amba-pl011.c | 27 +++------------------------
1 file changed, 3 insertions(+), 24 deletions(-)
diff --git a/drivers/tty/serial/amba-pl011.c b/drivers/tty/serial/amba-pl011.c
index b3cddcdcbdad0..61183e7ff0097 100644
--- a/drivers/tty/serial/amba-pl011.c
+++ b/drivers/tty/serial/amba-pl011.c
@@ -2083,32 +2083,13 @@ static const char *pl011_type(struct uart_port *port)
return uap->port.type == PORT_AMBA ? uap->type : NULL;
}
-/*
- * Release the memory region(s) being used by 'port'
- */
-static void pl011_release_port(struct uart_port *port)
-{
- release_mem_region(port->mapbase, SZ_4K);
-}
-
-/*
- * Request the memory region(s) being used by 'port'
- */
-static int pl011_request_port(struct uart_port *port)
-{
- return request_mem_region(port->mapbase, SZ_4K, "uart-pl011")
- != NULL ? 0 : -EBUSY;
-}
-
/*
* Configure/autoconfigure the port.
*/
static void pl011_config_port(struct uart_port *port, int flags)
{
- if (flags & UART_CONFIG_TYPE) {
+ if (flags & UART_CONFIG_TYPE)
port->type = PORT_AMBA;
- pl011_request_port(port);
- }
}
/*
@@ -2123,6 +2104,8 @@ static int pl011_verify_port(struct uart_port *port, struct serial_struct *ser)
ret = -EINVAL;
if (ser->baud_base < 9600)
ret = -EINVAL;
+ if (port->mapbase != (unsigned long) ser->iomem_base)
+ ret = -EINVAL;
return ret;
}
@@ -2140,8 +2123,6 @@ static const struct uart_ops amba_pl011_pops = {
.flush_buffer = pl011_dma_flush_buffer,
.set_termios = pl011_set_termios,
.type = pl011_type,
- .release_port = pl011_release_port,
- .request_port = pl011_request_port,
.config_port = pl011_config_port,
.verify_port = pl011_verify_port,
#ifdef CONFIG_CONSOLE_POLL
@@ -2171,8 +2152,6 @@ static const struct uart_ops sbsa_uart_pops = {
.shutdown = sbsa_uart_shutdown,
.set_termios = sbsa_uart_set_termios,
.type = pl011_type,
- .release_port = pl011_release_port,
- .request_port = pl011_request_port,
.config_port = pl011_config_port,
.verify_port = pl011_verify_port,
#ifdef CONFIG_CONSOLE_POLL
--
2.34.1
^ permalink raw reply related [flat|nested] 584+ messages in thread
* [PATCH 5.10 130/563] floppy: Fix hang in watchdog when disk is ejected
2022-01-24 18:36 [PATCH 5.10 000/563] 5.10.94-rc1 review Greg Kroah-Hartman
` (128 preceding siblings ...)
2022-01-24 18:38 ` [PATCH 5.10 129/563] serial: amba-pl011: do not request memory region twice Greg Kroah-Hartman
@ 2022-01-24 18:38 ` Greg Kroah-Hartman
2022-01-24 18:38 ` [PATCH 5.10 131/563] staging: rtl8192e: return error code from rtllib_softmac_init() Greg Kroah-Hartman
` (436 subsequent siblings)
566 siblings, 0 replies; 584+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:38 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Tasos Sahanidis, Denis Efremov,
Jens Axboe, Sasha Levin
From: Tasos Sahanidis <tasos@tasossah.com>
[ Upstream commit fb48febce7e30baed94dd791e19521abd2c3fd83 ]
When the watchdog detects a disk change, it calls cancel_activity(),
which in turn tries to cancel the fd_timer delayed work.
In the above scenario, fd_timer_fn is set to fd_watchdog(), meaning
it is trying to cancel its own work.
This results in a hang as cancel_delayed_work_sync() is waiting for the
watchdog (itself) to return, which never happens.
This can be reproduced relatively consistently by attempting to read a
broken floppy, and ejecting it while IO is being attempted and retried.
To resolve this, this patch calls cancel_delayed_work() instead, which
cancels the work without waiting for the watchdog to return and finish.
Before this regression was introduced, the code in this section used
del_timer(), and not del_timer_sync() to delete the watchdog timer.
Link: https://lore.kernel.org/r/399e486c-6540-db27-76aa-7a271b061f76@tasossah.com
Fixes: 070ad7e793dc ("floppy: convert to delayed work and single-thread wq")
Signed-off-by: Tasos Sahanidis <tasos@tasossah.com>
Signed-off-by: Denis Efremov <efremov@linux.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/block/floppy.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/block/floppy.c b/drivers/block/floppy.c
index 7df79ae6b0a1e..eb4f841902aee 100644
--- a/drivers/block/floppy.c
+++ b/drivers/block/floppy.c
@@ -1015,7 +1015,7 @@ static DECLARE_DELAYED_WORK(fd_timer, fd_timer_workfn);
static void cancel_activity(void)
{
do_floppy = NULL;
- cancel_delayed_work_sync(&fd_timer);
+ cancel_delayed_work(&fd_timer);
cancel_work_sync(&floppy_work);
}
--
2.34.1
^ permalink raw reply related [flat|nested] 584+ messages in thread
* [PATCH 5.10 131/563] staging: rtl8192e: return error code from rtllib_softmac_init()
2022-01-24 18:36 [PATCH 5.10 000/563] 5.10.94-rc1 review Greg Kroah-Hartman
` (129 preceding siblings ...)
2022-01-24 18:38 ` [PATCH 5.10 130/563] floppy: Fix hang in watchdog when disk is ejected Greg Kroah-Hartman
@ 2022-01-24 18:38 ` Greg Kroah-Hartman
2022-01-24 18:38 ` [PATCH 5.10 132/563] staging: rtl8192e: rtllib_module: fix error handle case in alloc_rtllib() Greg Kroah-Hartman
` (435 subsequent siblings)
566 siblings, 0 replies; 584+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:38 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dan Carpenter, Pavel Skripkin,
Yang Yingliang, Sasha Levin
From: Yang Yingliang <yangyingliang@huawei.com>
[ Upstream commit 68bf78ff59a0891eb1239948e94ce10f73a9dd30 ]
If it fails to allocate 'dot11d_info', rtllib_softmac_init()
should return error code. And remove unneccessary error message.
Fixes: 94a799425eee ("From: wlanfae <wlanfae@realtek.com>")
Reviewed-by: Dan Carpenter <dan.carpenter@oracle.com>
Reviewed-by: Pavel Skripkin <paskripkin@gmail.com>
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
Link: https://lore.kernel.org/r/20211202030704.2425621-2-yangyingliang@huawei.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/staging/rtl8192e/rtllib.h | 2 +-
drivers/staging/rtl8192e/rtllib_softmac.c | 6 ++++--
2 files changed, 5 insertions(+), 3 deletions(-)
diff --git a/drivers/staging/rtl8192e/rtllib.h b/drivers/staging/rtl8192e/rtllib.h
index 4cabaf21c1ca0..367db4acc7852 100644
--- a/drivers/staging/rtl8192e/rtllib.h
+++ b/drivers/staging/rtl8192e/rtllib.h
@@ -1982,7 +1982,7 @@ void rtllib_softmac_xmit(struct rtllib_txb *txb, struct rtllib_device *ieee);
void rtllib_stop_send_beacons(struct rtllib_device *ieee);
void notify_wx_assoc_event(struct rtllib_device *ieee);
void rtllib_start_ibss(struct rtllib_device *ieee);
-void rtllib_softmac_init(struct rtllib_device *ieee);
+int rtllib_softmac_init(struct rtllib_device *ieee);
void rtllib_softmac_free(struct rtllib_device *ieee);
void rtllib_disassociate(struct rtllib_device *ieee);
void rtllib_stop_scan(struct rtllib_device *ieee);
diff --git a/drivers/staging/rtl8192e/rtllib_softmac.c b/drivers/staging/rtl8192e/rtllib_softmac.c
index 2c752ba5a802a..e8e72f79ca007 100644
--- a/drivers/staging/rtl8192e/rtllib_softmac.c
+++ b/drivers/staging/rtl8192e/rtllib_softmac.c
@@ -2953,7 +2953,7 @@ void rtllib_start_protocol(struct rtllib_device *ieee)
}
}
-void rtllib_softmac_init(struct rtllib_device *ieee)
+int rtllib_softmac_init(struct rtllib_device *ieee)
{
int i;
@@ -2964,7 +2964,8 @@ void rtllib_softmac_init(struct rtllib_device *ieee)
ieee->seq_ctrl[i] = 0;
ieee->dot11d_info = kzalloc(sizeof(struct rt_dot11d_info), GFP_ATOMIC);
if (!ieee->dot11d_info)
- netdev_err(ieee->dev, "Can't alloc memory for DOT11D\n");
+ return -ENOMEM;
+
ieee->LinkDetectInfo.SlotIndex = 0;
ieee->LinkDetectInfo.SlotNum = 2;
ieee->LinkDetectInfo.NumRecvBcnInPeriod = 0;
@@ -3030,6 +3031,7 @@ void rtllib_softmac_init(struct rtllib_device *ieee)
tasklet_setup(&ieee->ps_task, rtllib_sta_ps);
+ return 0;
}
void rtllib_softmac_free(struct rtllib_device *ieee)
--
2.34.1
^ permalink raw reply related [flat|nested] 584+ messages in thread
* [PATCH 5.10 132/563] staging: rtl8192e: rtllib_module: fix error handle case in alloc_rtllib()
2022-01-24 18:36 [PATCH 5.10 000/563] 5.10.94-rc1 review Greg Kroah-Hartman
` (130 preceding siblings ...)
2022-01-24 18:38 ` [PATCH 5.10 131/563] staging: rtl8192e: return error code from rtllib_softmac_init() Greg Kroah-Hartman
@ 2022-01-24 18:38 ` Greg Kroah-Hartman
2022-01-24 18:38 ` [PATCH 5.10 133/563] Bluetooth: btmtksdio: fix resume failure Greg Kroah-Hartman
` (434 subsequent siblings)
566 siblings, 0 replies; 584+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:38 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dan Carpenter, Pavel Skripkin,
Yang Yingliang, Sasha Levin
From: Yang Yingliang <yangyingliang@huawei.com>
[ Upstream commit e730cd57ac2dfe94bca0f14a3be8e1b21de41a9c ]
Some variables are leaked in the error handling in alloc_rtllib(), free
the variables in the error path.
Fixes: 94a799425eee ("From: wlanfae <wlanfae@realtek.com>")
Reviewed-by: Dan Carpenter <dan.carpenter@oracle.com>
Reviewed-by: Pavel Skripkin <paskripkin@gmail.com>
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
Link: https://lore.kernel.org/r/20211202030704.2425621-3-yangyingliang@huawei.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/staging/rtl8192e/rtllib_module.c | 16 ++++++++++++----
1 file changed, 12 insertions(+), 4 deletions(-)
diff --git a/drivers/staging/rtl8192e/rtllib_module.c b/drivers/staging/rtl8192e/rtllib_module.c
index 64d9feee1f392..f00ac94b2639b 100644
--- a/drivers/staging/rtl8192e/rtllib_module.c
+++ b/drivers/staging/rtl8192e/rtllib_module.c
@@ -88,7 +88,7 @@ struct net_device *alloc_rtllib(int sizeof_priv)
err = rtllib_networks_allocate(ieee);
if (err) {
pr_err("Unable to allocate beacon storage: %d\n", err);
- goto failed;
+ goto free_netdev;
}
rtllib_networks_initialize(ieee);
@@ -121,11 +121,13 @@ struct net_device *alloc_rtllib(int sizeof_priv)
ieee->hwsec_active = 0;
memset(ieee->swcamtable, 0, sizeof(struct sw_cam_table) * 32);
- rtllib_softmac_init(ieee);
+ err = rtllib_softmac_init(ieee);
+ if (err)
+ goto free_crypt_info;
ieee->pHTInfo = kzalloc(sizeof(struct rt_hi_throughput), GFP_KERNEL);
if (!ieee->pHTInfo)
- return NULL;
+ goto free_softmac;
HTUpdateDefaultSetting(ieee);
HTInitializeHTInfo(ieee);
@@ -141,8 +143,14 @@ struct net_device *alloc_rtllib(int sizeof_priv)
return dev;
- failed:
+free_softmac:
+ rtllib_softmac_free(ieee);
+free_crypt_info:
+ lib80211_crypt_info_free(&ieee->crypt_info);
+ rtllib_networks_free(ieee);
+free_netdev:
free_netdev(dev);
+
return NULL;
}
EXPORT_SYMBOL(alloc_rtllib);
--
2.34.1
^ permalink raw reply related [flat|nested] 584+ messages in thread
* [PATCH 5.10 133/563] Bluetooth: btmtksdio: fix resume failure
2022-01-24 18:36 [PATCH 5.10 000/563] 5.10.94-rc1 review Greg Kroah-Hartman
` (131 preceding siblings ...)
2022-01-24 18:38 ` [PATCH 5.10 132/563] staging: rtl8192e: rtllib_module: fix error handle case in alloc_rtllib() Greg Kroah-Hartman
@ 2022-01-24 18:38 ` Greg Kroah-Hartman
2022-01-24 18:38 ` [PATCH 5.10 134/563] sched/fair: Fix detection of per-CPU kthreads waking a task Greg Kroah-Hartman
` (433 subsequent siblings)
566 siblings, 0 replies; 584+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:38 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Mark-yw Chen, Sean Wang,
Marcel Holtmann, Sasha Levin
From: Sean Wang <sean.wang@mediatek.com>
[ Upstream commit 561ae1d46a8ddcbc13162d5771f5ed6c8249e730 ]
btmtksdio have to rely on MMC_PM_KEEP_POWER in pm_flags to avoid that
SDIO power is being shut off during the device is in suspend. That fixes
the SDIO command fails to access the bus after the device is resumed.
Fixes: 7f3c563c575e7 ("Bluetooth: btmtksdio: Add runtime PM support to SDIO based Bluetooth")
Co-developed-by: Mark-yw Chen <mark-yw.chen@mediatek.com>
Signed-off-by: Mark-yw Chen <mark-yw.chen@mediatek.com>
Signed-off-by: Sean Wang <sean.wang@mediatek.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/bluetooth/btmtksdio.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/bluetooth/btmtksdio.c b/drivers/bluetooth/btmtksdio.c
index 5f9f027956317..74856a5862162 100644
--- a/drivers/bluetooth/btmtksdio.c
+++ b/drivers/bluetooth/btmtksdio.c
@@ -1042,6 +1042,8 @@ static int btmtksdio_runtime_suspend(struct device *dev)
if (!bdev)
return 0;
+ sdio_set_host_pm_flags(func, MMC_PM_KEEP_POWER);
+
sdio_claim_host(bdev->func);
sdio_writel(bdev->func, C_FW_OWN_REQ_SET, MTK_REG_CHLPCR, &err);
--
2.34.1
^ permalink raw reply related [flat|nested] 584+ messages in thread
* [PATCH 5.10 134/563] sched/fair: Fix detection of per-CPU kthreads waking a task
2022-01-24 18:36 [PATCH 5.10 000/563] 5.10.94-rc1 review Greg Kroah-Hartman
` (132 preceding siblings ...)
2022-01-24 18:38 ` [PATCH 5.10 133/563] Bluetooth: btmtksdio: fix resume failure Greg Kroah-Hartman
@ 2022-01-24 18:38 ` Greg Kroah-Hartman
2022-01-24 18:38 ` [PATCH 5.10 135/563] sched/fair: Fix per-CPU kthread and wakee stacking for asym CPU capacity Greg Kroah-Hartman
` (432 subsequent siblings)
566 siblings, 0 replies; 584+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:38 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Vincent Donnefort,
Peter Zijlstra (Intel),
Vincent Guittot, Valentin Schneider, Sasha Levin
From: Vincent Donnefort <vincent.donnefort@arm.com>
[ Upstream commit 8b4e74ccb582797f6f0b0a50372ebd9fd2372a27 ]
select_idle_sibling() has a special case for tasks woken up by a per-CPU
kthread, where the selected CPU is the previous one. However, the current
condition for this exit path is incomplete. A task can wake up from an
interrupt context (e.g. hrtimer), while a per-CPU kthread is running. A
such scenario would spuriously trigger the special case described above.
Also, a recent change made the idle task like a regular per-CPU kthread,
hence making that situation more likely to happen
(is_per_cpu_kthread(swapper) being true now).
Checking for task context makes sure select_idle_sibling() will not
interpret a wake up from any other context as a wake up by a per-CPU
kthread.
Fixes: 52262ee567ad ("sched/fair: Allow a per-CPU kthread waking a task to stack on the same CPU, to fix XFS performance regression")
Signed-off-by: Vincent Donnefort <vincent.donnefort@arm.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Reviewed-by: Vincent Guittot <vincent.guittot@linaro.org>
Reviewed-by: Valentin Schneider <valentin.schneider@arm.com>
Link: https://lore.kernel.org/r/20211201143450.479472-1-vincent.donnefort@arm.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/sched/fair.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/kernel/sched/fair.c b/kernel/sched/fair.c
index c004e3b89c324..a7589552be5fc 100644
--- a/kernel/sched/fair.c
+++ b/kernel/sched/fair.c
@@ -6284,6 +6284,7 @@ static int select_idle_sibling(struct task_struct *p, int prev, int target)
* pattern is IO completions.
*/
if (is_per_cpu_kthread(current) &&
+ in_task() &&
prev == smp_processor_id() &&
this_rq()->nr_running <= 1) {
return prev;
--
2.34.1
^ permalink raw reply related [flat|nested] 584+ messages in thread
* [PATCH 5.10 135/563] sched/fair: Fix per-CPU kthread and wakee stacking for asym CPU capacity
2022-01-24 18:36 [PATCH 5.10 000/563] 5.10.94-rc1 review Greg Kroah-Hartman
` (133 preceding siblings ...)
2022-01-24 18:38 ` [PATCH 5.10 134/563] sched/fair: Fix detection of per-CPU kthreads waking a task Greg Kroah-Hartman
@ 2022-01-24 18:38 ` Greg Kroah-Hartman
2022-01-24 18:38 ` [PATCH 5.10 136/563] bpf: Adjust BTF log size limit Greg Kroah-Hartman
` (431 subsequent siblings)
566 siblings, 0 replies; 584+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:38 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Vincent Donnefort,
Peter Zijlstra (Intel),
Valentin Schneider, Dietmar Eggemann, Sasha Levin
From: Vincent Donnefort <vincent.donnefort@arm.com>
[ Upstream commit 014ba44e8184e1acf93e0cbb7089ee847802f8f0 ]
select_idle_sibling() has a special case for tasks woken up by a per-CPU
kthread where the selected CPU is the previous one. For asymmetric CPU
capacity systems, the assumption was that the wakee couldn't have a
bigger utilization during task placement than it used to have during the
last activation. That was not considering uclamp.min which can completely
change between two task activations and as a consequence mandates the
fitness criterion asym_fits_capacity(), even for the exit path described
above.
Fixes: b4c9c9f15649 ("sched/fair: Prefer prev cpu in asymmetric wakeup path")
Signed-off-by: Vincent Donnefort <vincent.donnefort@arm.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Reviewed-by: Valentin Schneider <valentin.schneider@arm.com>
Reviewed-by: Dietmar Eggemann <dietmar.eggemann@arm.com>
Link: https://lkml.kernel.org/r/20211129173115.4006346-1-vincent.donnefort@arm.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/sched/fair.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/kernel/sched/fair.c b/kernel/sched/fair.c
index a7589552be5fc..2a33cb5a10e59 100644
--- a/kernel/sched/fair.c
+++ b/kernel/sched/fair.c
@@ -6286,7 +6286,8 @@ static int select_idle_sibling(struct task_struct *p, int prev, int target)
if (is_per_cpu_kthread(current) &&
in_task() &&
prev == smp_processor_id() &&
- this_rq()->nr_running <= 1) {
+ this_rq()->nr_running <= 1 &&
+ asym_fits_capacity(task_util, prev)) {
return prev;
}
--
2.34.1
^ permalink raw reply related [flat|nested] 584+ messages in thread
* [PATCH 5.10 136/563] bpf: Adjust BTF log size limit.
2022-01-24 18:36 [PATCH 5.10 000/563] 5.10.94-rc1 review Greg Kroah-Hartman
` (134 preceding siblings ...)
2022-01-24 18:38 ` [PATCH 5.10 135/563] sched/fair: Fix per-CPU kthread and wakee stacking for asym CPU capacity Greg Kroah-Hartman
@ 2022-01-24 18:38 ` Greg Kroah-Hartman
2022-01-24 18:38 ` [PATCH 5.10 137/563] bpf: Disallow BPF_LOG_KERNEL log level for bpf(BPF_BTF_LOAD) Greg Kroah-Hartman
` (430 subsequent siblings)
566 siblings, 0 replies; 584+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:38 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Alexei Starovoitov, Andrii Nakryiko,
Sasha Levin
From: Alexei Starovoitov <ast@kernel.org>
[ Upstream commit c5a2d43e998a821701029f23e25b62f9188e93ff ]
Make BTF log size limit to be the same as the verifier log size limit.
Otherwise tools that progressively increase log size and use the same log
for BTF loading and program loading will be hitting hard to debug EINVAL.
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
Link: https://lore.kernel.org/bpf/20211201181040.23337-7-alexei.starovoitov@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/bpf/btf.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/kernel/bpf/btf.c b/kernel/bpf/btf.c
index aaf2fbaa0cc76..72534a6f4b96e 100644
--- a/kernel/bpf/btf.c
+++ b/kernel/bpf/btf.c
@@ -4135,7 +4135,7 @@ static struct btf *btf_parse(void __user *btf_data, u32 btf_data_size,
log->len_total = log_size;
/* log attributes have to be sane */
- if (log->len_total < 128 || log->len_total > UINT_MAX >> 8 ||
+ if (log->len_total < 128 || log->len_total > UINT_MAX >> 2 ||
!log->level || !log->ubuf) {
err = -EINVAL;
goto errout;
--
2.34.1
^ permalink raw reply related [flat|nested] 584+ messages in thread
* [PATCH 5.10 137/563] bpf: Disallow BPF_LOG_KERNEL log level for bpf(BPF_BTF_LOAD)
2022-01-24 18:36 [PATCH 5.10 000/563] 5.10.94-rc1 review Greg Kroah-Hartman
` (135 preceding siblings ...)
2022-01-24 18:38 ` [PATCH 5.10 136/563] bpf: Adjust BTF log size limit Greg Kroah-Hartman
@ 2022-01-24 18:38 ` Greg Kroah-Hartman
2022-01-24 18:38 ` [PATCH 5.10 138/563] bpf: Remove config check to enable bpf support for branch records Greg Kroah-Hartman
` (429 subsequent siblings)
566 siblings, 0 replies; 584+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:38 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hou Tao, Alexei Starovoitov,
Yonghong Song, Martin KaFai Lau, Sasha Levin
From: Hou Tao <houtao1@huawei.com>
[ Upstream commit 866de407444398bc8140ea70de1dba5f91cc34ac ]
BPF_LOG_KERNEL is only used internally, so disallow bpf_btf_load()
to set log level as BPF_LOG_KERNEL. The same checking has already
been done in bpf_check(), so factor out a helper to check the
validity of log attributes and use it in both places.
Fixes: 8580ac9404f6 ("bpf: Process in-kernel BTF")
Signed-off-by: Hou Tao <houtao1@huawei.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Acked-by: Yonghong Song <yhs@fb.com>
Acked-by: Martin KaFai Lau <kafai@fb.com>
Link: https://lore.kernel.org/bpf/20211203053001.740945-1-houtao1@huawei.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/linux/bpf_verifier.h | 7 +++++++
kernel/bpf/btf.c | 3 +--
kernel/bpf/verifier.c | 6 +++---
3 files changed, 11 insertions(+), 5 deletions(-)
diff --git a/include/linux/bpf_verifier.h b/include/linux/bpf_verifier.h
index 6e330ff2f28df..391bc1480dfb1 100644
--- a/include/linux/bpf_verifier.h
+++ b/include/linux/bpf_verifier.h
@@ -367,6 +367,13 @@ static inline bool bpf_verifier_log_needed(const struct bpf_verifier_log *log)
log->level == BPF_LOG_KERNEL);
}
+static inline bool
+bpf_verifier_log_attr_valid(const struct bpf_verifier_log *log)
+{
+ return log->len_total >= 128 && log->len_total <= UINT_MAX >> 2 &&
+ log->level && log->ubuf && !(log->level & ~BPF_LOG_MASK);
+}
+
#define BPF_MAX_SUBPROGS 256
struct bpf_subprog_info {
diff --git a/kernel/bpf/btf.c b/kernel/bpf/btf.c
index 72534a6f4b96e..dc497eaf22663 100644
--- a/kernel/bpf/btf.c
+++ b/kernel/bpf/btf.c
@@ -4135,8 +4135,7 @@ static struct btf *btf_parse(void __user *btf_data, u32 btf_data_size,
log->len_total = log_size;
/* log attributes have to be sane */
- if (log->len_total < 128 || log->len_total > UINT_MAX >> 2 ||
- !log->level || !log->ubuf) {
+ if (!bpf_verifier_log_attr_valid(log)) {
err = -EINVAL;
goto errout;
}
diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
index b43c9de34a2c2..c623c3e549210 100644
--- a/kernel/bpf/verifier.c
+++ b/kernel/bpf/verifier.c
@@ -12349,11 +12349,11 @@ int bpf_check(struct bpf_prog **prog, union bpf_attr *attr,
log->ubuf = (char __user *) (unsigned long) attr->log_buf;
log->len_total = attr->log_size;
- ret = -EINVAL;
/* log attributes have to be sane */
- if (log->len_total < 128 || log->len_total > UINT_MAX >> 2 ||
- !log->level || !log->ubuf || log->level & ~BPF_LOG_MASK)
+ if (!bpf_verifier_log_attr_valid(log)) {
+ ret = -EINVAL;
goto err_unlock;
+ }
}
if (IS_ERR(btf_vmlinux)) {
--
2.34.1
^ permalink raw reply related [flat|nested] 584+ messages in thread
* [PATCH 5.10 138/563] bpf: Remove config check to enable bpf support for branch records
2022-01-24 18:36 [PATCH 5.10 000/563] 5.10.94-rc1 review Greg Kroah-Hartman
` (136 preceding siblings ...)
2022-01-24 18:38 ` [PATCH 5.10 137/563] bpf: Disallow BPF_LOG_KERNEL log level for bpf(BPF_BTF_LOAD) Greg Kroah-Hartman
@ 2022-01-24 18:38 ` Greg Kroah-Hartman
2022-01-25 19:27 ` Pavel Machek
2022-01-24 18:38 ` [PATCH 5.10 139/563] arm64: lib: Annotate {clear, copy}_page() as position-independent Greg Kroah-Hartman
` (428 subsequent siblings)
566 siblings, 1 reply; 584+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:38 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Peter Zijlstra, Kajol Jain,
Daniel Borkmann, Sasha Levin
From: Kajol Jain <kjain@linux.ibm.com>
[ Upstream commit db52f57211b4e45f0ebb274e2c877b211dc18591 ]
Branch data available to BPF programs can be very useful to get stack traces
out of userspace application.
Commit fff7b64355ea ("bpf: Add bpf_read_branch_records() helper") added BPF
support to capture branch records in x86. Enable this feature also for other
architectures as well by removing checks specific to x86.
If an architecture doesn't support branch records, bpf_read_branch_records()
still has appropriate checks and it will return an -EINVAL in that scenario.
Based on UAPI helper doc in include/uapi/linux/bpf.h, unsupported architectures
should return -ENOENT in such case. Hence, update the appropriate check to
return -ENOENT instead.
Selftest 'perf_branches' result on power9 machine which has the branch stacks
support:
- Before this patch:
[command]# ./test_progs -t perf_branches
#88/1 perf_branches/perf_branches_hw:FAIL
#88/2 perf_branches/perf_branches_no_hw:OK
#88 perf_branches:FAIL
Summary: 0/1 PASSED, 0 SKIPPED, 1 FAILED
- After this patch:
[command]# ./test_progs -t perf_branches
#88/1 perf_branches/perf_branches_hw:OK
#88/2 perf_branches/perf_branches_no_hw:OK
#88 perf_branches:OK
Summary: 1/2 PASSED, 0 SKIPPED, 0 FAILED
Selftest 'perf_branches' result on power9 machine which doesn't have branch
stack report:
- After this patch:
[command]# ./test_progs -t perf_branches
#88/1 perf_branches/perf_branches_hw:SKIP
#88/2 perf_branches/perf_branches_no_hw:OK
#88 perf_branches:OK
Summary: 1/1 PASSED, 1 SKIPPED, 0 FAILED
Fixes: fff7b64355eac ("bpf: Add bpf_read_branch_records() helper")
Suggested-by: Peter Zijlstra <peterz@infradead.org>
Signed-off-by: Kajol Jain <kjain@linux.ibm.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Link: https://lore.kernel.org/bpf/20211206073315.77432-1-kjain@linux.ibm.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/trace/bpf_trace.c | 6 +-----
1 file changed, 1 insertion(+), 5 deletions(-)
diff --git a/kernel/trace/bpf_trace.c b/kernel/trace/bpf_trace.c
index ba644760f5076..a9e074769881f 100644
--- a/kernel/trace/bpf_trace.c
+++ b/kernel/trace/bpf_trace.c
@@ -1517,9 +1517,6 @@ static const struct bpf_func_proto bpf_perf_prog_read_value_proto = {
BPF_CALL_4(bpf_read_branch_records, struct bpf_perf_event_data_kern *, ctx,
void *, buf, u32, size, u64, flags)
{
-#ifndef CONFIG_X86
- return -ENOENT;
-#else
static const u32 br_entry_size = sizeof(struct perf_branch_entry);
struct perf_branch_stack *br_stack = ctx->data->br_stack;
u32 to_copy;
@@ -1528,7 +1525,7 @@ BPF_CALL_4(bpf_read_branch_records, struct bpf_perf_event_data_kern *, ctx,
return -EINVAL;
if (unlikely(!br_stack))
- return -EINVAL;
+ return -ENOENT;
if (flags & BPF_F_GET_BRANCH_RECORDS_SIZE)
return br_stack->nr * br_entry_size;
@@ -1540,7 +1537,6 @@ BPF_CALL_4(bpf_read_branch_records, struct bpf_perf_event_data_kern *, ctx,
memcpy(buf, br_stack->entries, to_copy);
return to_copy;
-#endif
}
static const struct bpf_func_proto bpf_read_branch_records_proto = {
--
2.34.1
^ permalink raw reply related [flat|nested] 584+ messages in thread
* [PATCH 5.10 139/563] arm64: lib: Annotate {clear, copy}_page() as position-independent
2022-01-24 18:36 [PATCH 5.10 000/563] 5.10.94-rc1 review Greg Kroah-Hartman
` (137 preceding siblings ...)
2022-01-24 18:38 ` [PATCH 5.10 138/563] bpf: Remove config check to enable bpf support for branch records Greg Kroah-Hartman
@ 2022-01-24 18:38 ` Greg Kroah-Hartman
2022-01-24 18:38 ` [PATCH 5.10 140/563] arm64: clear_page() shouldnt use DC ZVA when DCZID_EL0.DZP == 1 Greg Kroah-Hartman
` (427 subsequent siblings)
566 siblings, 0 replies; 584+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:38 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Will Deacon, Quentin Perret,
Marc Zyngier, Sasha Levin
From: Will Deacon <will@kernel.org>
[ Upstream commit 8d9902055c57548bb342dc3ca78caa21e9643024 ]
clear_page() and copy_page() are suitable for use outside of the kernel
address space, so annotate them as position-independent code.
Signed-off-by: Will Deacon <will@kernel.org>
Signed-off-by: Quentin Perret <qperret@google.com>
Signed-off-by: Marc Zyngier <maz@kernel.org>
Link: https://lore.kernel.org/r/20210319100146.1149909-2-qperret@google.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/lib/clear_page.S | 4 ++--
arch/arm64/lib/copy_page.S | 4 ++--
2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/arch/arm64/lib/clear_page.S b/arch/arm64/lib/clear_page.S
index 073acbf02a7c8..b84b179edba3a 100644
--- a/arch/arm64/lib/clear_page.S
+++ b/arch/arm64/lib/clear_page.S
@@ -14,7 +14,7 @@
* Parameters:
* x0 - dest
*/
-SYM_FUNC_START(clear_page)
+SYM_FUNC_START_PI(clear_page)
mrs x1, dczid_el0
and w1, w1, #0xf
mov x2, #4
@@ -25,5 +25,5 @@ SYM_FUNC_START(clear_page)
tst x0, #(PAGE_SIZE - 1)
b.ne 1b
ret
-SYM_FUNC_END(clear_page)
+SYM_FUNC_END_PI(clear_page)
EXPORT_SYMBOL(clear_page)
diff --git a/arch/arm64/lib/copy_page.S b/arch/arm64/lib/copy_page.S
index e7a793961408d..29144f4cd4492 100644
--- a/arch/arm64/lib/copy_page.S
+++ b/arch/arm64/lib/copy_page.S
@@ -17,7 +17,7 @@
* x0 - dest
* x1 - src
*/
-SYM_FUNC_START(copy_page)
+SYM_FUNC_START_PI(copy_page)
alternative_if ARM64_HAS_NO_HW_PREFETCH
// Prefetch three cache lines ahead.
prfm pldl1strm, [x1, #128]
@@ -75,5 +75,5 @@ alternative_else_nop_endif
stnp x16, x17, [x0, #112 - 256]
ret
-SYM_FUNC_END(copy_page)
+SYM_FUNC_END_PI(copy_page)
EXPORT_SYMBOL(copy_page)
--
2.34.1
^ permalink raw reply related [flat|nested] 584+ messages in thread
* [PATCH 5.10 140/563] arm64: clear_page() shouldnt use DC ZVA when DCZID_EL0.DZP == 1
2022-01-24 18:36 [PATCH 5.10 000/563] 5.10.94-rc1 review Greg Kroah-Hartman
` (138 preceding siblings ...)
2022-01-24 18:38 ` [PATCH 5.10 139/563] arm64: lib: Annotate {clear, copy}_page() as position-independent Greg Kroah-Hartman
@ 2022-01-24 18:38 ` Greg Kroah-Hartman
2022-01-24 18:38 ` [PATCH 5.10 141/563] media: dib8000: Fix a memleak in dib8000_init() Greg Kroah-Hartman
` (426 subsequent siblings)
566 siblings, 0 replies; 584+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:38 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Reiji Watanabe, Robin Murphy,
Catalin Marinas, Sasha Levin
From: Reiji Watanabe <reijiw@google.com>
[ Upstream commit f0616abd4e67143b45b04b565839148458857347 ]
Currently, clear_page() uses DC ZVA instruction unconditionally. But it
should make sure that DCZID_EL0.DZP, which indicates whether or not use
of DC ZVA instruction is prohibited, is zero when using the instruction.
Use STNP instead when DCZID_EL0.DZP == 1.
Fixes: f27bb139c387 ("arm64: Miscellaneous library functions")
Signed-off-by: Reiji Watanabe <reijiw@google.com>
Reviewed-by: Robin Murphy <robin.murphy@arm.com>
Link: https://lore.kernel.org/r/20211206004736.1520989-2-reijiw@google.com
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/lib/clear_page.S | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/arch/arm64/lib/clear_page.S b/arch/arm64/lib/clear_page.S
index b84b179edba3a..1fd5d790ab800 100644
--- a/arch/arm64/lib/clear_page.S
+++ b/arch/arm64/lib/clear_page.S
@@ -16,6 +16,7 @@
*/
SYM_FUNC_START_PI(clear_page)
mrs x1, dczid_el0
+ tbnz x1, #4, 2f /* Branch if DC ZVA is prohibited */
and w1, w1, #0xf
mov x2, #4
lsl x1, x2, x1
@@ -25,5 +26,14 @@ SYM_FUNC_START_PI(clear_page)
tst x0, #(PAGE_SIZE - 1)
b.ne 1b
ret
+
+2: stnp xzr, xzr, [x0]
+ stnp xzr, xzr, [x0, #16]
+ stnp xzr, xzr, [x0, #32]
+ stnp xzr, xzr, [x0, #48]
+ add x0, x0, #64
+ tst x0, #(PAGE_SIZE - 1)
+ b.ne 2b
+ ret
SYM_FUNC_END_PI(clear_page)
EXPORT_SYMBOL(clear_page)
--
2.34.1
^ permalink raw reply related [flat|nested] 584+ messages in thread
* [PATCH 5.10 141/563] media: dib8000: Fix a memleak in dib8000_init()
2022-01-24 18:36 [PATCH 5.10 000/563] 5.10.94-rc1 review Greg Kroah-Hartman
` (139 preceding siblings ...)
2022-01-24 18:38 ` [PATCH 5.10 140/563] arm64: clear_page() shouldnt use DC ZVA when DCZID_EL0.DZP == 1 Greg Kroah-Hartman
@ 2022-01-24 18:38 ` Greg Kroah-Hartman
2022-01-24 18:38 ` [PATCH 5.10 142/563] media: saa7146: mxb: Fix a NULL pointer dereference in mxb_attach() Greg Kroah-Hartman
` (425 subsequent siblings)
566 siblings, 0 replies; 584+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:38 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Zhou Qingyang, Hans Verkuil,
Mauro Carvalho Chehab, Sasha Levin
From: Zhou Qingyang <zhou1615@umn.edu>
[ Upstream commit 8dbdcc7269a83305ee9d677b75064d3530a48ee2 ]
In dib8000_init(), the variable fe is not freed or passed out on the
failure of dib8000_identify(&state->i2c), which could lead to a memleak.
Fix this bug by adding a kfree of fe in the error path.
This bug was found by a static analyzer. The analysis employs
differential checking to identify inconsistent security operations
(e.g., checks or kfrees) between two code paths and confirms that the
inconsistent operations are not recovered in the current function or
the callers, so they constitute bugs.
Note that, as a bug found by static analysis, it can be a false
positive or hard to trigger. Multiple researchers have cross-reviewed
the bug.
Builds with CONFIG_DVB_DIB8000=m show no new warnings,
and our static analyzer no longer warns about this code.
Fixes: 77e2c0f5d471 ("V4L/DVB (12900): DiB8000: added support for DiBcom ISDB-T/ISDB-Tsb demodulator DiB8000")
Signed-off-by: Zhou Qingyang <zhou1615@umn.edu>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/dvb-frontends/dib8000.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/media/dvb-frontends/dib8000.c b/drivers/media/dvb-frontends/dib8000.c
index bb02354a48b81..d67f2dd997d06 100644
--- a/drivers/media/dvb-frontends/dib8000.c
+++ b/drivers/media/dvb-frontends/dib8000.c
@@ -4473,8 +4473,10 @@ static struct dvb_frontend *dib8000_init(struct i2c_adapter *i2c_adap, u8 i2c_ad
state->timf_default = cfg->pll->timf;
- if (dib8000_identify(&state->i2c) == 0)
+ if (dib8000_identify(&state->i2c) == 0) {
+ kfree(fe);
goto error;
+ }
dibx000_init_i2c_master(&state->i2c_master, DIB8000, state->i2c.adap, state->i2c.addr);
--
2.34.1
^ permalink raw reply related [flat|nested] 584+ messages in thread
* [PATCH 5.10 142/563] media: saa7146: mxb: Fix a NULL pointer dereference in mxb_attach()
2022-01-24 18:36 [PATCH 5.10 000/563] 5.10.94-rc1 review Greg Kroah-Hartman
` (140 preceding siblings ...)
2022-01-24 18:38 ` [PATCH 5.10 141/563] media: dib8000: Fix a memleak in dib8000_init() Greg Kroah-Hartman
@ 2022-01-24 18:38 ` Greg Kroah-Hartman
2022-01-24 18:38 ` [PATCH 5.10 143/563] media: si2157: Fix "warm" tuner state detection Greg Kroah-Hartman
` (424 subsequent siblings)
566 siblings, 0 replies; 584+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:38 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Zhou Qingyang, Hans Verkuil,
Mauro Carvalho Chehab, Sasha Levin
From: Zhou Qingyang <zhou1615@umn.edu>
[ Upstream commit 0407c49ebe330333478440157c640fffd986f41b ]
In mxb_attach(dev, info), saa7146_vv_init() is called to allocate a
new memory for dev->vv_data. saa7146_vv_release() will be called on
failure of mxb_probe(dev). There is a dereference of dev->vv_data
in saa7146_vv_release(), which could lead to a NULL pointer dereference
on failure of saa7146_vv_init().
Fix this bug by adding a check of saa7146_vv_init().
This bug was found by a static analyzer. The analysis employs
differential checking to identify inconsistent security operations
(e.g., checks or kfrees) between two code paths and confirms that the
inconsistent operations are not recovered in the current function or
the callers, so they constitute bugs.
Note that, as a bug found by static analysis, it can be a false
positive or hard to trigger. Multiple researchers have cross-reviewed
the bug.
Builds with CONFIG_VIDEO_MXB=m show no new warnings,
and our static analyzer no longer warns about this code.
Fixes: 03b1930efd3c ("V4L/DVB: saa7146: fix regression of the av7110/budget-av driver")
Signed-off-by: Zhou Qingyang <zhou1615@umn.edu>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/pci/saa7146/mxb.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/drivers/media/pci/saa7146/mxb.c b/drivers/media/pci/saa7146/mxb.c
index 73fc901ecf3db..bf0b9b0914cd5 100644
--- a/drivers/media/pci/saa7146/mxb.c
+++ b/drivers/media/pci/saa7146/mxb.c
@@ -683,10 +683,16 @@ static struct saa7146_ext_vv vv_data;
static int mxb_attach(struct saa7146_dev *dev, struct saa7146_pci_extension_data *info)
{
struct mxb *mxb;
+ int ret;
DEB_EE("dev:%p\n", dev);
- saa7146_vv_init(dev, &vv_data);
+ ret = saa7146_vv_init(dev, &vv_data);
+ if (ret) {
+ ERR("Error in saa7146_vv_init()");
+ return ret;
+ }
+
if (mxb_probe(dev)) {
saa7146_vv_release(dev);
return -1;
--
2.34.1
^ permalink raw reply related [flat|nested] 584+ messages in thread
* [PATCH 5.10 143/563] media: si2157: Fix "warm" tuner state detection
2022-01-24 18:36 [PATCH 5.10 000/563] 5.10.94-rc1 review Greg Kroah-Hartman
` (141 preceding siblings ...)
2022-01-24 18:38 ` [PATCH 5.10 142/563] media: saa7146: mxb: Fix a NULL pointer dereference in mxb_attach() Greg Kroah-Hartman
@ 2022-01-24 18:38 ` Greg Kroah-Hartman
2022-01-24 18:38 ` [PATCH 5.10 144/563] wireless: iwlwifi: Fix a double free in iwl_txq_dyn_alloc_dma Greg Kroah-Hartman
` (423 subsequent siblings)
566 siblings, 0 replies; 584+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:38 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Robert Schlabbach,
Mauro Carvalho Chehab, Sasha Levin
From: Robert Schlabbach <robert_s@gmx.net>
[ Upstream commit a6441ea29cb2c9314654e093a1cd8020b9b851c8 ]
Commit e955f959ac52 ("media: si2157: Better check for running tuner in
init") completely broke the "warm" tuner detection of the si2157 driver
due to a simple endian error: The Si2157 CRYSTAL_TRIM property code is
0x0402 and needs to be transmitted LSB first. However, it was inserted
MSB first, causing the warm detection to always fail and spam the kernel
log with tuner initialization messages each time the DVB frontend
device was closed and reopened:
[ 312.215682] si2157 16-0060: found a 'Silicon Labs Si2157-A30'
[ 312.264334] si2157 16-0060: firmware version: 3.0.5
[ 342.248593] si2157 16-0060: found a 'Silicon Labs Si2157-A30'
[ 342.295743] si2157 16-0060: firmware version: 3.0.5
[ 372.328574] si2157 16-0060: found a 'Silicon Labs Si2157-A30'
[ 372.385035] si2157 16-0060: firmware version: 3.0.5
Also, the reinitializations were observed disturb _other_ tuners on
multi-tuner cards such as the Hauppauge WinTV-QuadHD, leading to missed
or errored packets when one of the other DVB frontend devices on that
card was opened.
Fix the order of the property code bytes to make the warm detection work
again, also reducing the tuner initialization message in the kernel log
to once per power-on, as well as fixing the interference with other
tuners.
Link: https://lore.kernel.org/linux-media/trinity-2a86eb9d-6264-4387-95e1-ba7b79a4050f-1638392923493@3c-app-gmx-bap03
Fixes: e955f959ac52 ("media: si2157: Better check for running tuner in init")
Reported-by: Robert Schlabbach <robert_s@gmx.net>
Signed-off-by: Robert Schlabbach <robert_s@gmx.net>
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/tuners/si2157.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/media/tuners/si2157.c b/drivers/media/tuners/si2157.c
index fefb2625f6558..75ddf7ed1faff 100644
--- a/drivers/media/tuners/si2157.c
+++ b/drivers/media/tuners/si2157.c
@@ -90,7 +90,7 @@ static int si2157_init(struct dvb_frontend *fe)
dev_dbg(&client->dev, "\n");
/* Try to get Xtal trim property, to verify tuner still running */
- memcpy(cmd.args, "\x15\x00\x04\x02", 4);
+ memcpy(cmd.args, "\x15\x00\x02\x04", 4);
cmd.wlen = 4;
cmd.rlen = 4;
ret = si2157_cmd_execute(client, &cmd);
--
2.34.1
^ permalink raw reply related [flat|nested] 584+ messages in thread
* [PATCH 5.10 144/563] wireless: iwlwifi: Fix a double free in iwl_txq_dyn_alloc_dma
2022-01-24 18:36 [PATCH 5.10 000/563] 5.10.94-rc1 review Greg Kroah-Hartman
` (142 preceding siblings ...)
2022-01-24 18:38 ` [PATCH 5.10 143/563] media: si2157: Fix "warm" tuner state detection Greg Kroah-Hartman
@ 2022-01-24 18:38 ` Greg Kroah-Hartman
2022-01-24 18:38 ` [PATCH 5.10 145/563] sched/rt: Try to restart rt period timer when rt runtime exceeded Greg Kroah-Hartman
` (422 subsequent siblings)
566 siblings, 0 replies; 584+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:38 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Lv Yunlong, Luca Coelho, Sasha Levin
From: Lv Yunlong <lyl2019@mail.ustc.edu.cn>
[ Upstream commit f973795a8d19cbf3d03807704eb7c6ff65788d5a ]
In iwl_txq_dyn_alloc_dma, txq->tfds is freed at first time by:
iwl_txq_alloc()->goto err_free_tfds->dma_free_coherent(). But
it forgot to set txq->tfds to NULL.
Then the txq->tfds is freed again in iwl_txq_dyn_alloc_dma by:
goto error->iwl_txq_gen2_free_memory()->dma_free_coherent().
My patch sets txq->tfds to NULL after the first free to avoid the
double free.
Fixes: 0cd1ad2d7fd41 ("iwlwifi: move all bus-independent TX functions to common code")
Signed-off-by: Lv Yunlong <lyl2019@mail.ustc.edu.cn>
Link: https://lore.kernel.org/r/20210403054755.4781-1-lyl2019@mail.ustc.edu.cn
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/intel/iwlwifi/queue/tx.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/net/wireless/intel/iwlwifi/queue/tx.c b/drivers/net/wireless/intel/iwlwifi/queue/tx.c
index 9181221a2434d..0136df00ff6a6 100644
--- a/drivers/net/wireless/intel/iwlwifi/queue/tx.c
+++ b/drivers/net/wireless/intel/iwlwifi/queue/tx.c
@@ -1148,6 +1148,7 @@ int iwl_txq_alloc(struct iwl_trans *trans, struct iwl_txq *txq, int slots_num,
return 0;
err_free_tfds:
dma_free_coherent(trans->dev, tfd_sz, txq->tfds, txq->dma_addr);
+ txq->tfds = NULL;
error:
if (txq->entries && cmd_queue)
for (i = 0; i < slots_num; i++)
--
2.34.1
^ permalink raw reply related [flat|nested] 584+ messages in thread
* [PATCH 5.10 145/563] sched/rt: Try to restart rt period timer when rt runtime exceeded
2022-01-24 18:36 [PATCH 5.10 000/563] 5.10.94-rc1 review Greg Kroah-Hartman
` (143 preceding siblings ...)
2022-01-24 18:38 ` [PATCH 5.10 144/563] wireless: iwlwifi: Fix a double free in iwl_txq_dyn_alloc_dma Greg Kroah-Hartman
@ 2022-01-24 18:38 ` Greg Kroah-Hartman
2022-01-24 18:38 ` [PATCH 5.10 146/563] drm/msm/dp: displayPort driver need algorithm rational Greg Kroah-Hartman
` (421 subsequent siblings)
566 siblings, 0 replies; 584+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:38 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hulk Robot, Li Hua,
Peter Zijlstra (Intel),
Sasha Levin
From: Li Hua <hucool.lihua@huawei.com>
[ Upstream commit 9b58e976b3b391c0cf02e038d53dd0478ed3013c ]
When rt_runtime is modified from -1 to a valid control value, it may
cause the task to be throttled all the time. Operations like the following
will trigger the bug. E.g:
1. echo -1 > /proc/sys/kernel/sched_rt_runtime_us
2. Run a FIFO task named A that executes while(1)
3. echo 950000 > /proc/sys/kernel/sched_rt_runtime_us
When rt_runtime is -1, The rt period timer will not be activated when task
A enqueued. And then the task will be throttled after setting rt_runtime to
950,000. The task will always be throttled because the rt period timer is
not activated.
Fixes: d0b27fa77854 ("sched: rt-group: synchonised bandwidth period")
Reported-by: Hulk Robot <hulkci@huawei.com>
Signed-off-by: Li Hua <hucool.lihua@huawei.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Link: https://lkml.kernel.org/r/20211203033618.11895-1-hucool.lihua@huawei.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/sched/rt.c | 23 ++++++++++++++++++-----
1 file changed, 18 insertions(+), 5 deletions(-)
diff --git a/kernel/sched/rt.c b/kernel/sched/rt.c
index b5cf418e2e3fe..41b14d9242039 100644
--- a/kernel/sched/rt.c
+++ b/kernel/sched/rt.c
@@ -52,11 +52,8 @@ void init_rt_bandwidth(struct rt_bandwidth *rt_b, u64 period, u64 runtime)
rt_b->rt_period_timer.function = sched_rt_period_timer;
}
-static void start_rt_bandwidth(struct rt_bandwidth *rt_b)
+static inline void do_start_rt_bandwidth(struct rt_bandwidth *rt_b)
{
- if (!rt_bandwidth_enabled() || rt_b->rt_runtime == RUNTIME_INF)
- return;
-
raw_spin_lock(&rt_b->rt_runtime_lock);
if (!rt_b->rt_period_active) {
rt_b->rt_period_active = 1;
@@ -75,6 +72,14 @@ static void start_rt_bandwidth(struct rt_bandwidth *rt_b)
raw_spin_unlock(&rt_b->rt_runtime_lock);
}
+static void start_rt_bandwidth(struct rt_bandwidth *rt_b)
+{
+ if (!rt_bandwidth_enabled() || rt_b->rt_runtime == RUNTIME_INF)
+ return;
+
+ do_start_rt_bandwidth(rt_b);
+}
+
void init_rt_rq(struct rt_rq *rt_rq)
{
struct rt_prio_array *array;
@@ -1022,13 +1027,17 @@ static void update_curr_rt(struct rq *rq)
for_each_sched_rt_entity(rt_se) {
struct rt_rq *rt_rq = rt_rq_of_se(rt_se);
+ int exceeded;
if (sched_rt_runtime(rt_rq) != RUNTIME_INF) {
raw_spin_lock(&rt_rq->rt_runtime_lock);
rt_rq->rt_time += delta_exec;
- if (sched_rt_runtime_exceeded(rt_rq))
+ exceeded = sched_rt_runtime_exceeded(rt_rq);
+ if (exceeded)
resched_curr(rq);
raw_spin_unlock(&rt_rq->rt_runtime_lock);
+ if (exceeded)
+ do_start_rt_bandwidth(sched_rt_bandwidth(rt_rq));
}
}
}
@@ -2727,8 +2736,12 @@ static int sched_rt_global_validate(void)
static void sched_rt_do_global(void)
{
+ unsigned long flags;
+
+ raw_spin_lock_irqsave(&def_rt_bandwidth.rt_runtime_lock, flags);
def_rt_bandwidth.rt_runtime = global_rt_runtime();
def_rt_bandwidth.rt_period = ns_to_ktime(global_rt_period());
+ raw_spin_unlock_irqrestore(&def_rt_bandwidth.rt_runtime_lock, flags);
}
int sched_rt_handler(struct ctl_table *table, int write, void *buffer,
--
2.34.1
^ permalink raw reply related [flat|nested] 584+ messages in thread
* [PATCH 5.10 146/563] drm/msm/dp: displayPort driver need algorithm rational
2022-01-24 18:36 [PATCH 5.10 000/563] 5.10.94-rc1 review Greg Kroah-Hartman
` (144 preceding siblings ...)
2022-01-24 18:38 ` [PATCH 5.10 145/563] sched/rt: Try to restart rt period timer when rt runtime exceeded Greg Kroah-Hartman
@ 2022-01-24 18:38 ` Greg Kroah-Hartman
2022-01-24 18:38 ` [PATCH 5.10 147/563] rcu/exp: Mark current CPU as exp-QS in IPI loop second pass Greg Kroah-Hartman
` (420 subsequent siblings)
566 siblings, 0 replies; 584+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:38 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, kernelbot, Jackie Liu,
Dmitry Baryshkov, Rob Clark, Sasha Levin
From: Jackie Liu <liuyun01@kylinos.cn>
[ Upstream commit 53d22794711ad630f40d59dd726bd260d77d585f ]
Let's select RATIONAL with dp driver. avoid like:
[...]
x86_64-linux-gnu-ld: drivers/gpu/drm/msm/dp/dp_catalog.o: in function `dp_catalog_ctrl_config_msa':
dp_catalog.c:(.text+0x57e): undefined reference to `rational_best_approximation'
Fixes: c943b4948b58 ("drm/msm/dp: add displayPort driver support")
Reported-by: kernelbot <kernel-bot@kylinos.cn>
Signed-off-by: Jackie Liu <liuyun01@kylinos.cn>
Link: https://lore.kernel.org/r/20211110070950.3355597-2-liu.yun@linux.dev
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Signed-off-by: Rob Clark <robdclark@chromium.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/msm/Kconfig | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/gpu/drm/msm/Kconfig b/drivers/gpu/drm/msm/Kconfig
index dabb4a1ccdcf7..1aad34b5ffd7f 100644
--- a/drivers/gpu/drm/msm/Kconfig
+++ b/drivers/gpu/drm/msm/Kconfig
@@ -60,6 +60,7 @@ config DRM_MSM_HDMI_HDCP
config DRM_MSM_DP
bool "Enable DisplayPort support in MSM DRM driver"
depends on DRM_MSM
+ select RATIONAL
default y
help
Compile in support for DP driver in MSM DRM driver. DP external
--
2.34.1
^ permalink raw reply related [flat|nested] 584+ messages in thread
* [PATCH 5.10 147/563] rcu/exp: Mark current CPU as exp-QS in IPI loop second pass
2022-01-24 18:36 [PATCH 5.10 000/563] 5.10.94-rc1 review Greg Kroah-Hartman
` (145 preceding siblings ...)
2022-01-24 18:38 ` [PATCH 5.10 146/563] drm/msm/dp: displayPort driver need algorithm rational Greg Kroah-Hartman
@ 2022-01-24 18:38 ` Greg Kroah-Hartman
2022-01-24 18:38 ` [PATCH 5.10 148/563] mwifiex: Fix possible ABBA deadlock Greg Kroah-Hartman
` (419 subsequent siblings)
566 siblings, 0 replies; 584+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:38 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Neeraj Upadhyay, Frederic Weisbecker,
Uladzislau Rezki, Boqun Feng, Josh Triplett, Joel Fernandes,
Paul E. McKenney, Sasha Levin
From: Frederic Weisbecker <frederic@kernel.org>
[ Upstream commit 81f6d49cce2d2fe507e3fddcc4a6db021d9c2e7b ]
Expedited RCU grace periods invoke sync_rcu_exp_select_node_cpus(), which
takes two passes over the leaf rcu_node structure's CPUs. The first
pass gathers up the current CPU and CPUs that are in dynticks idle mode.
The workqueue will report a quiescent state on their behalf later.
The second pass sends IPIs to the rest of the CPUs, but excludes the
current CPU, incorrectly assuming it has been included in the first
pass's list of CPUs.
Unfortunately the current CPU may have changed between the first and
second pass, due to the fact that the various rcu_node structures'
->lock fields have been dropped, thus momentarily enabling preemption.
This means that if the second pass's CPU was not on the first pass's
list, it will be ignored completely. There will be no IPI sent to
it, and there will be no reporting of quiescent states on its behalf.
Unfortunately, the expedited grace period will nevertheless be waiting
for that CPU to report a quiescent state, but with that CPU having no
reason to believe that such a report is needed.
The result will be an expedited grace period stall.
Fix this by no longer excluding the current CPU from consideration during
the second pass.
Fixes: b9ad4d6ed18e ("rcu: Avoid self-IPI in sync_rcu_exp_select_node_cpus()")
Reviewed-by: Neeraj Upadhyay <quic_neeraju@quicinc.com>
Signed-off-by: Frederic Weisbecker <frederic@kernel.org>
Cc: Uladzislau Rezki <urezki@gmail.com>
Cc: Neeraj Upadhyay <quic_neeraju@quicinc.com>
Cc: Boqun Feng <boqun.feng@gmail.com>
Cc: Josh Triplett <josh@joshtriplett.org>
Cc: Joel Fernandes <joel@joelfernandes.org>
Signed-off-by: Paul E. McKenney <paulmck@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/rcu/tree_exp.h | 1 +
1 file changed, 1 insertion(+)
diff --git a/kernel/rcu/tree_exp.h b/kernel/rcu/tree_exp.h
index 0ffe185c1f46a..0dc16345e668c 100644
--- a/kernel/rcu/tree_exp.h
+++ b/kernel/rcu/tree_exp.h
@@ -387,6 +387,7 @@ retry_ipi:
continue;
}
if (get_cpu() == cpu) {
+ mask_ofl_test |= mask;
put_cpu();
continue;
}
--
2.34.1
^ permalink raw reply related [flat|nested] 584+ messages in thread
* [PATCH 5.10 148/563] mwifiex: Fix possible ABBA deadlock
2022-01-24 18:36 [PATCH 5.10 000/563] 5.10.94-rc1 review Greg Kroah-Hartman
` (146 preceding siblings ...)
2022-01-24 18:38 ` [PATCH 5.10 147/563] rcu/exp: Mark current CPU as exp-QS in IPI loop second pass Greg Kroah-Hartman
@ 2022-01-24 18:38 ` Greg Kroah-Hartman
2022-01-24 18:38 ` [PATCH 5.10 149/563] xfrm: fix a small bug in xfrm_sa_len() Greg Kroah-Hartman
` (418 subsequent siblings)
566 siblings, 0 replies; 584+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:38 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Douglas Anderson, TOTE Robot,
Brian Norris, Kalle Valo, Sasha Levin
From: Brian Norris <briannorris@chromium.org>
[ Upstream commit 1b8bb8919ef81bfc8873d223b9361f1685f2106d ]
Quoting Jia-Ju Bai <baijiaju1990@gmail.com>:
mwifiex_dequeue_tx_packet()
spin_lock_bh(&priv->wmm.ra_list_spinlock); --> Line 1432 (Lock A)
mwifiex_send_addba()
spin_lock_bh(&priv->sta_list_spinlock); --> Line 608 (Lock B)
mwifiex_process_sta_tx_pause()
spin_lock_bh(&priv->sta_list_spinlock); --> Line 398 (Lock B)
mwifiex_update_ralist_tx_pause()
spin_lock_bh(&priv->wmm.ra_list_spinlock); --> Line 941 (Lock A)
Similar report for mwifiex_process_uap_tx_pause().
While the locking expectations in this driver are a bit unclear, the
Fixed commit only intended to protect the sta_ptr, so we can drop the
lock as soon as we're done with it.
IIUC, this deadlock cannot actually happen, because command event
processing (which calls mwifiex_process_sta_tx_pause()) is
sequentialized with TX packet processing (e.g.,
mwifiex_dequeue_tx_packet()) via the main loop (mwifiex_main_process()).
But it's good not to leave this potential issue lurking.
Fixes: f0f7c2275fb9 ("mwifiex: minor cleanups w/ sta_list_spinlock in cfg80211.c")
Cc: Douglas Anderson <dianders@chromium.org>
Reported-by: TOTE Robot <oslab@tsinghua.edu.cn>
Link: https://lore.kernel.org/linux-wireless/0e495b14-efbb-e0da-37bd-af6bd677ee2c@gmail.com/
Signed-off-by: Brian Norris <briannorris@chromium.org>
Reviewed-by: Douglas Anderson <dianders@chromium.org>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/YaV0pllJ5p/EuUat@google.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/marvell/mwifiex/sta_event.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/drivers/net/wireless/marvell/mwifiex/sta_event.c b/drivers/net/wireless/marvell/mwifiex/sta_event.c
index bc79ca4cb803c..753458628f86a 100644
--- a/drivers/net/wireless/marvell/mwifiex/sta_event.c
+++ b/drivers/net/wireless/marvell/mwifiex/sta_event.c
@@ -364,10 +364,12 @@ static void mwifiex_process_uap_tx_pause(struct mwifiex_private *priv,
sta_ptr = mwifiex_get_sta_entry(priv, tp->peermac);
if (sta_ptr && sta_ptr->tx_pause != tp->tx_pause) {
sta_ptr->tx_pause = tp->tx_pause;
+ spin_unlock_bh(&priv->sta_list_spinlock);
mwifiex_update_ralist_tx_pause(priv, tp->peermac,
tp->tx_pause);
+ } else {
+ spin_unlock_bh(&priv->sta_list_spinlock);
}
- spin_unlock_bh(&priv->sta_list_spinlock);
}
}
@@ -399,11 +401,13 @@ static void mwifiex_process_sta_tx_pause(struct mwifiex_private *priv,
sta_ptr = mwifiex_get_sta_entry(priv, tp->peermac);
if (sta_ptr && sta_ptr->tx_pause != tp->tx_pause) {
sta_ptr->tx_pause = tp->tx_pause;
+ spin_unlock_bh(&priv->sta_list_spinlock);
mwifiex_update_ralist_tx_pause(priv,
tp->peermac,
tp->tx_pause);
+ } else {
+ spin_unlock_bh(&priv->sta_list_spinlock);
}
- spin_unlock_bh(&priv->sta_list_spinlock);
}
}
}
--
2.34.1
^ permalink raw reply related [flat|nested] 584+ messages in thread
* [PATCH 5.10 149/563] xfrm: fix a small bug in xfrm_sa_len()
2022-01-24 18:36 [PATCH 5.10 000/563] 5.10.94-rc1 review Greg Kroah-Hartman
` (147 preceding siblings ...)
2022-01-24 18:38 ` [PATCH 5.10 148/563] mwifiex: Fix possible ABBA deadlock Greg Kroah-Hartman
@ 2022-01-24 18:38 ` Greg Kroah-Hartman
2022-01-24 18:38 ` [PATCH 5.10 150/563] x86/uaccess: Move variable into switch case statement Greg Kroah-Hartman
` (417 subsequent siblings)
566 siblings, 0 replies; 584+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:38 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Eric Dumazet, Steffen Klassert, Sasha Levin
From: Eric Dumazet <edumazet@google.com>
[ Upstream commit 7770a39d7c63faec6c4f33666d49a8cb664d0482 ]
copy_user_offload() will actually push a struct struct xfrm_user_offload,
which is different than (struct xfrm_state *)->xso
(struct xfrm_state_offload)
Fixes: d77e38e612a01 ("xfrm: Add an IPsec hardware offloading API")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/xfrm/xfrm_user.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c
index 6f97665b632ed..97f7ebf5324e7 100644
--- a/net/xfrm/xfrm_user.c
+++ b/net/xfrm/xfrm_user.c
@@ -2898,7 +2898,7 @@ static inline unsigned int xfrm_sa_len(struct xfrm_state *x)
if (x->props.extra_flags)
l += nla_total_size(sizeof(x->props.extra_flags));
if (x->xso.dev)
- l += nla_total_size(sizeof(x->xso));
+ l += nla_total_size(sizeof(struct xfrm_user_offload));
if (x->props.smark.v | x->props.smark.m) {
l += nla_total_size(sizeof(x->props.smark.v));
l += nla_total_size(sizeof(x->props.smark.m));
--
2.34.1
^ permalink raw reply related [flat|nested] 584+ messages in thread
* [PATCH 5.10 150/563] x86/uaccess: Move variable into switch case statement
2022-01-24 18:36 [PATCH 5.10 000/563] 5.10.94-rc1 review Greg Kroah-Hartman
` (148 preceding siblings ...)
2022-01-24 18:38 ` [PATCH 5.10 149/563] xfrm: fix a small bug in xfrm_sa_len() Greg Kroah-Hartman
@ 2022-01-24 18:38 ` Greg Kroah-Hartman
2022-01-24 18:38 ` [PATCH 5.10 151/563] selftests: clone3: clone3: add case CLONE3_ARGS_NO_TEST Greg Kroah-Hartman
` (416 subsequent siblings)
566 siblings, 0 replies; 584+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:38 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Kees Cook, Dave Hansen,
Borislav Petkov, Sasha Levin
From: Kees Cook <keescook@chromium.org>
[ Upstream commit 61646ca83d3889696f2772edaff122dd96a2935e ]
When building with automatic stack variable initialization, GCC 12
complains about variables defined outside of switch case statements.
Move the variable into the case that uses it, which silences the warning:
./arch/x86/include/asm/uaccess.h:317:23: warning: statement will never be executed [-Wswitch-unreachable]
317 | unsigned char x_u8__; \
| ^~~~~~
Fixes: 865c50e1d279 ("x86/uaccess: utilize CONFIG_CC_HAS_ASM_GOTO_OUTPUT")
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com>
Signed-off-by: Borislav Petkov <bp@suse.de>
Link: https://lkml.kernel.org/r/20211209043456.1377875-1-keescook@chromium.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/x86/include/asm/uaccess.h | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/arch/x86/include/asm/uaccess.h b/arch/x86/include/asm/uaccess.h
index 5c95d242f38d7..bb1430283c726 100644
--- a/arch/x86/include/asm/uaccess.h
+++ b/arch/x86/include/asm/uaccess.h
@@ -314,11 +314,12 @@ do { \
do { \
__chk_user_ptr(ptr); \
switch (size) { \
- unsigned char x_u8__; \
- case 1: \
+ case 1: { \
+ unsigned char x_u8__; \
__get_user_asm(x_u8__, ptr, "b", "=q", label); \
(x) = x_u8__; \
break; \
+ } \
case 2: \
__get_user_asm(x, ptr, "w", "=r", label); \
break; \
--
2.34.1
^ permalink raw reply related [flat|nested] 584+ messages in thread
* [PATCH 5.10 151/563] selftests: clone3: clone3: add case CLONE3_ARGS_NO_TEST
2022-01-24 18:36 [PATCH 5.10 000/563] 5.10.94-rc1 review Greg Kroah-Hartman
` (149 preceding siblings ...)
2022-01-24 18:38 ` [PATCH 5.10 150/563] x86/uaccess: Move variable into switch case statement Greg Kroah-Hartman
@ 2022-01-24 18:38 ` Greg Kroah-Hartman
2022-01-24 18:38 ` [PATCH 5.10 152/563] selftests: harness: avoid false negatives if test has no ASSERTs Greg Kroah-Hartman
` (415 subsequent siblings)
566 siblings, 0 replies; 584+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:38 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Anders Roxell, Christian Brauner,
Shuah Khan, Sasha Levin
From: Anders Roxell <anders.roxell@linaro.org>
[ Upstream commit a531b0c23c0fc68ad758cc31a74cf612a4dafeb0 ]
Building selftests/clone3 with clang warns about enumeration not handled
in switch case:
clone3.c:54:10: warning: enumeration value 'CLONE3_ARGS_NO_TEST' not handled in switch [-Wswitch]
switch (test_mode) {
^
Add the missing switch case with a comment.
Fixes: 17a810699c18 ("selftests: add tests for clone3()")
Signed-off-by: Anders Roxell <anders.roxell@linaro.org>
Acked-by: Christian Brauner <christian.brauner@ubuntu.com>
Signed-off-by: Shuah Khan <skhan@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/testing/selftests/clone3/clone3.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/tools/testing/selftests/clone3/clone3.c b/tools/testing/selftests/clone3/clone3.c
index 42be3b9258301..076cf4325f783 100644
--- a/tools/testing/selftests/clone3/clone3.c
+++ b/tools/testing/selftests/clone3/clone3.c
@@ -52,6 +52,12 @@ static int call_clone3(uint64_t flags, size_t size, enum test_mode test_mode)
size = sizeof(struct __clone_args);
switch (test_mode) {
+ case CLONE3_ARGS_NO_TEST:
+ /*
+ * Uses default 'flags' and 'SIGCHLD'
+ * assignment.
+ */
+ break;
case CLONE3_ARGS_ALL_0:
args.flags = 0;
args.exit_signal = 0;
--
2.34.1
^ permalink raw reply related [flat|nested] 584+ messages in thread
* [PATCH 5.10 152/563] selftests: harness: avoid false negatives if test has no ASSERTs
2022-01-24 18:36 [PATCH 5.10 000/563] 5.10.94-rc1 review Greg Kroah-Hartman
` (150 preceding siblings ...)
2022-01-24 18:38 ` [PATCH 5.10 151/563] selftests: clone3: clone3: add case CLONE3_ARGS_NO_TEST Greg Kroah-Hartman
@ 2022-01-24 18:38 ` Greg Kroah-Hartman
2022-01-24 18:38 ` [PATCH 5.10 153/563] crypto: stm32 - Fix last sparse warning in stm32_cryp_check_ctr_counter Greg Kroah-Hartman
` (414 subsequent siblings)
566 siblings, 0 replies; 584+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:38 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jakub Kicinski, Shuah Khan, Sasha Levin
From: Jakub Kicinski <kuba@kernel.org>
[ Upstream commit 3abedf4646fdc0036fcb8ebbc3b600667167fafe ]
Test can fail either immediately when ASSERT() failed or at the
end if one or more EXPECT() was not met. The exact return code
is decided based on the number of successful ASSERT()s.
If test has no ASSERT()s, however, the return code will be 0,
as if the test did not fail. Start counting ASSERT()s from 1.
Fixes: 369130b63178 ("selftests: Enhance kselftest_harness.h to print which assert failed")
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Shuah Khan <skhan@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/testing/selftests/kselftest_harness.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tools/testing/selftests/kselftest_harness.h b/tools/testing/selftests/kselftest_harness.h
index edce85420d193..5ecb9718e1616 100644
--- a/tools/testing/selftests/kselftest_harness.h
+++ b/tools/testing/selftests/kselftest_harness.h
@@ -965,7 +965,7 @@ void __run_test(struct __fixture_metadata *f,
t->passed = 1;
t->skip = 0;
t->trigger = 0;
- t->step = 0;
+ t->step = 1;
t->no_print = 0;
memset(t->results->reason, 0, sizeof(t->results->reason));
--
2.34.1
^ permalink raw reply related [flat|nested] 584+ messages in thread
* [PATCH 5.10 153/563] crypto: stm32 - Fix last sparse warning in stm32_cryp_check_ctr_counter
2022-01-24 18:36 [PATCH 5.10 000/563] 5.10.94-rc1 review Greg Kroah-Hartman
` (151 preceding siblings ...)
2022-01-24 18:38 ` [PATCH 5.10 152/563] selftests: harness: avoid false negatives if test has no ASSERTs Greg Kroah-Hartman
@ 2022-01-24 18:38 ` Greg Kroah-Hartman
2022-01-24 18:38 ` [PATCH 5.10 154/563] crypto: stm32/cryp - fix CTR counter carry Greg Kroah-Hartman
` (413 subsequent siblings)
566 siblings, 0 replies; 584+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:38 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, kernel test robot, Herbert Xu, Sasha Levin
From: Herbert Xu <herbert@gondor.apana.org.au>
[ Upstream commit 81064c96d88180ad6995d52419e94a78968308a2 ]
This patch changes the cast in stm32_cryp_check_ctr_counter from
u32 to __be32 to match the prototype of stm32_cryp_hw_write_iv
correctly.
Reported-by: kernel test robot <lkp@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/crypto/stm32/stm32-cryp.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/crypto/stm32/stm32-cryp.c b/drivers/crypto/stm32/stm32-cryp.c
index 7999b26a16ed0..7389a0536ff02 100644
--- a/drivers/crypto/stm32/stm32-cryp.c
+++ b/drivers/crypto/stm32/stm32-cryp.c
@@ -1229,7 +1229,7 @@ static void stm32_cryp_check_ctr_counter(struct stm32_cryp *cryp)
cr = stm32_cryp_read(cryp, CRYP_CR);
stm32_cryp_write(cryp, CRYP_CR, cr & ~CR_CRYPEN);
- stm32_cryp_hw_write_iv(cryp, (u32 *)cryp->last_ctr);
+ stm32_cryp_hw_write_iv(cryp, (__be32 *)cryp->last_ctr);
stm32_cryp_write(cryp, CRYP_CR, cr);
}
--
2.34.1
^ permalink raw reply related [flat|nested] 584+ messages in thread
* [PATCH 5.10 154/563] crypto: stm32/cryp - fix CTR counter carry
2022-01-24 18:36 [PATCH 5.10 000/563] 5.10.94-rc1 review Greg Kroah-Hartman
` (152 preceding siblings ...)
2022-01-24 18:38 ` [PATCH 5.10 153/563] crypto: stm32 - Fix last sparse warning in stm32_cryp_check_ctr_counter Greg Kroah-Hartman
@ 2022-01-24 18:38 ` Greg Kroah-Hartman
2022-01-24 18:38 ` [PATCH 5.10 155/563] crypto: stm32/cryp - fix xts and race condition in crypto_engine requests Greg Kroah-Hartman
` (412 subsequent siblings)
566 siblings, 0 replies; 584+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:38 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Nicolas Toromanoff, Herbert Xu, Sasha Levin
From: Nicolas Toromanoff <nicolas.toromanoff@foss.st.com>
[ Upstream commit 41c76690b0990efacd15d35cfb4e77318cd80ebb ]
STM32 CRYP hardware doesn't manage CTR counter bigger than max U32, as
a workaround, at each block the current IV is saved, if the saved IV
lower u32 is 0xFFFFFFFF, the full IV is manually incremented, and set
in hardware.
Fixes: bbb2832620ac ("crypto: stm32 - Fix sparse warnings")
Signed-off-by: Nicolas Toromanoff <nicolas.toromanoff@foss.st.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/crypto/stm32/stm32-cryp.c | 27 +++++++++++++--------------
1 file changed, 13 insertions(+), 14 deletions(-)
diff --git a/drivers/crypto/stm32/stm32-cryp.c b/drivers/crypto/stm32/stm32-cryp.c
index 7389a0536ff02..d13b262b36252 100644
--- a/drivers/crypto/stm32/stm32-cryp.c
+++ b/drivers/crypto/stm32/stm32-cryp.c
@@ -163,7 +163,7 @@ struct stm32_cryp {
struct scatter_walk in_walk;
struct scatter_walk out_walk;
- u32 last_ctr[4];
+ __be32 last_ctr[4];
u32 gcm_ctr;
};
@@ -1217,27 +1217,26 @@ static void stm32_cryp_check_ctr_counter(struct stm32_cryp *cryp)
{
u32 cr;
- if (unlikely(cryp->last_ctr[3] == 0xFFFFFFFF)) {
- cryp->last_ctr[3] = 0;
- cryp->last_ctr[2]++;
- if (!cryp->last_ctr[2]) {
- cryp->last_ctr[1]++;
- if (!cryp->last_ctr[1])
- cryp->last_ctr[0]++;
- }
+ if (unlikely(cryp->last_ctr[3] == cpu_to_be32(0xFFFFFFFF))) {
+ /*
+ * In this case, we need to increment manually the ctr counter,
+ * as HW doesn't handle the U32 carry.
+ */
+ crypto_inc((u8 *)cryp->last_ctr, sizeof(cryp->last_ctr));
cr = stm32_cryp_read(cryp, CRYP_CR);
stm32_cryp_write(cryp, CRYP_CR, cr & ~CR_CRYPEN);
- stm32_cryp_hw_write_iv(cryp, (__be32 *)cryp->last_ctr);
+ stm32_cryp_hw_write_iv(cryp, cryp->last_ctr);
stm32_cryp_write(cryp, CRYP_CR, cr);
}
- cryp->last_ctr[0] = stm32_cryp_read(cryp, CRYP_IV0LR);
- cryp->last_ctr[1] = stm32_cryp_read(cryp, CRYP_IV0RR);
- cryp->last_ctr[2] = stm32_cryp_read(cryp, CRYP_IV1LR);
- cryp->last_ctr[3] = stm32_cryp_read(cryp, CRYP_IV1RR);
+ /* The IV registers are BE */
+ cryp->last_ctr[0] = cpu_to_be32(stm32_cryp_read(cryp, CRYP_IV0LR));
+ cryp->last_ctr[1] = cpu_to_be32(stm32_cryp_read(cryp, CRYP_IV0RR));
+ cryp->last_ctr[2] = cpu_to_be32(stm32_cryp_read(cryp, CRYP_IV1LR));
+ cryp->last_ctr[3] = cpu_to_be32(stm32_cryp_read(cryp, CRYP_IV1RR));
}
static bool stm32_cryp_irq_read_data(struct stm32_cryp *cryp)
--
2.34.1
^ permalink raw reply related [flat|nested] 584+ messages in thread
* [PATCH 5.10 155/563] crypto: stm32/cryp - fix xts and race condition in crypto_engine requests
2022-01-24 18:36 [PATCH 5.10 000/563] 5.10.94-rc1 review Greg Kroah-Hartman
` (153 preceding siblings ...)
2022-01-24 18:38 ` [PATCH 5.10 154/563] crypto: stm32/cryp - fix CTR counter carry Greg Kroah-Hartman
@ 2022-01-24 18:38 ` Greg Kroah-Hartman
2022-01-24 18:38 ` [PATCH 5.10 156/563] crypto: stm32/cryp - check early input data Greg Kroah-Hartman
` (411 subsequent siblings)
566 siblings, 0 replies; 584+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:38 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Nicolas Toromanoff, Herbert Xu, Sasha Levin
From: Nicolas Toromanoff <nicolas.toromanoff@foss.st.com>
[ Upstream commit d703c7a994ee34b7fa89baf21631fca0aa9f17fc ]
Don't erase key:
If key is erased before the crypto_finalize_.*_request() call, some
pending process will run with a key={ 0 }.
Moreover if the key is reset at end of request, it breaks xts chaining
mode, as for last xts block (in case input len is not a multiple of
block) a new AES request is started without calling again set_key().
Fixes: 9e054ec21ef8 ("crypto: stm32 - Support for STM32 CRYP crypto module")
Signed-off-by: Nicolas Toromanoff <nicolas.toromanoff@foss.st.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/crypto/stm32/stm32-cryp.c | 2 --
1 file changed, 2 deletions(-)
diff --git a/drivers/crypto/stm32/stm32-cryp.c b/drivers/crypto/stm32/stm32-cryp.c
index d13b262b36252..e2bcc4f98b0ae 100644
--- a/drivers/crypto/stm32/stm32-cryp.c
+++ b/drivers/crypto/stm32/stm32-cryp.c
@@ -674,8 +674,6 @@ static void stm32_cryp_finish_req(struct stm32_cryp *cryp, int err)
else
crypto_finalize_skcipher_request(cryp->engine, cryp->req,
err);
-
- memset(cryp->ctx->key, 0, cryp->ctx->keylen);
}
static int stm32_cryp_cpu_start(struct stm32_cryp *cryp)
--
2.34.1
^ permalink raw reply related [flat|nested] 584+ messages in thread
* [PATCH 5.10 156/563] crypto: stm32/cryp - check early input data
2022-01-24 18:36 [PATCH 5.10 000/563] 5.10.94-rc1 review Greg Kroah-Hartman
` (154 preceding siblings ...)
2022-01-24 18:38 ` [PATCH 5.10 155/563] crypto: stm32/cryp - fix xts and race condition in crypto_engine requests Greg Kroah-Hartman
@ 2022-01-24 18:38 ` Greg Kroah-Hartman
2022-01-24 18:38 ` [PATCH 5.10 157/563] crypto: stm32/cryp - fix double pm exit Greg Kroah-Hartman
` (410 subsequent siblings)
566 siblings, 0 replies; 584+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:38 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Nicolas Toromanoff, Herbert Xu, Sasha Levin
From: Nicolas Toromanoff <nicolas.toromanoff@foss.st.com>
[ Upstream commit 39e6e699c7fb92bdb2617b596ca4a4ea35c5d2a7 ]
Some auto tests failed because driver wasn't returning the expected
error with some input size/iv value/tag size.
Now:
Return 0 early for empty buffer. (We don't need to start the engine for
an empty input buffer).
Accept any valid authsize for gcm(aes).
Return -EINVAL if iv for ccm(aes) is invalid.
Return -EINVAL if buffer size is a not a multiple of algorithm block size.
Fixes: 9e054ec21ef8 ("crypto: stm32 - Support for STM32 CRYP crypto module")
Signed-off-by: Nicolas Toromanoff <nicolas.toromanoff@foss.st.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/crypto/stm32/stm32-cryp.c | 114 +++++++++++++++++++++++++++++-
1 file changed, 113 insertions(+), 1 deletion(-)
diff --git a/drivers/crypto/stm32/stm32-cryp.c b/drivers/crypto/stm32/stm32-cryp.c
index e2bcc4f98b0ae..fd7fb73a4d450 100644
--- a/drivers/crypto/stm32/stm32-cryp.c
+++ b/drivers/crypto/stm32/stm32-cryp.c
@@ -799,7 +799,20 @@ static int stm32_cryp_aes_aead_setkey(struct crypto_aead *tfm, const u8 *key,
static int stm32_cryp_aes_gcm_setauthsize(struct crypto_aead *tfm,
unsigned int authsize)
{
- return authsize == AES_BLOCK_SIZE ? 0 : -EINVAL;
+ switch (authsize) {
+ case 4:
+ case 8:
+ case 12:
+ case 13:
+ case 14:
+ case 15:
+ case 16:
+ break;
+ default:
+ return -EINVAL;
+ }
+
+ return 0;
}
static int stm32_cryp_aes_ccm_setauthsize(struct crypto_aead *tfm,
@@ -823,31 +836,61 @@ static int stm32_cryp_aes_ccm_setauthsize(struct crypto_aead *tfm,
static int stm32_cryp_aes_ecb_encrypt(struct skcipher_request *req)
{
+ if (req->cryptlen % AES_BLOCK_SIZE)
+ return -EINVAL;
+
+ if (req->cryptlen == 0)
+ return 0;
+
return stm32_cryp_crypt(req, FLG_AES | FLG_ECB | FLG_ENCRYPT);
}
static int stm32_cryp_aes_ecb_decrypt(struct skcipher_request *req)
{
+ if (req->cryptlen % AES_BLOCK_SIZE)
+ return -EINVAL;
+
+ if (req->cryptlen == 0)
+ return 0;
+
return stm32_cryp_crypt(req, FLG_AES | FLG_ECB);
}
static int stm32_cryp_aes_cbc_encrypt(struct skcipher_request *req)
{
+ if (req->cryptlen % AES_BLOCK_SIZE)
+ return -EINVAL;
+
+ if (req->cryptlen == 0)
+ return 0;
+
return stm32_cryp_crypt(req, FLG_AES | FLG_CBC | FLG_ENCRYPT);
}
static int stm32_cryp_aes_cbc_decrypt(struct skcipher_request *req)
{
+ if (req->cryptlen % AES_BLOCK_SIZE)
+ return -EINVAL;
+
+ if (req->cryptlen == 0)
+ return 0;
+
return stm32_cryp_crypt(req, FLG_AES | FLG_CBC);
}
static int stm32_cryp_aes_ctr_encrypt(struct skcipher_request *req)
{
+ if (req->cryptlen == 0)
+ return 0;
+
return stm32_cryp_crypt(req, FLG_AES | FLG_CTR | FLG_ENCRYPT);
}
static int stm32_cryp_aes_ctr_decrypt(struct skcipher_request *req)
{
+ if (req->cryptlen == 0)
+ return 0;
+
return stm32_cryp_crypt(req, FLG_AES | FLG_CTR);
}
@@ -861,53 +904,122 @@ static int stm32_cryp_aes_gcm_decrypt(struct aead_request *req)
return stm32_cryp_aead_crypt(req, FLG_AES | FLG_GCM);
}
+static inline int crypto_ccm_check_iv(const u8 *iv)
+{
+ /* 2 <= L <= 8, so 1 <= L' <= 7. */
+ if (iv[0] < 1 || iv[0] > 7)
+ return -EINVAL;
+
+ return 0;
+}
+
static int stm32_cryp_aes_ccm_encrypt(struct aead_request *req)
{
+ int err;
+
+ err = crypto_ccm_check_iv(req->iv);
+ if (err)
+ return err;
+
return stm32_cryp_aead_crypt(req, FLG_AES | FLG_CCM | FLG_ENCRYPT);
}
static int stm32_cryp_aes_ccm_decrypt(struct aead_request *req)
{
+ int err;
+
+ err = crypto_ccm_check_iv(req->iv);
+ if (err)
+ return err;
+
return stm32_cryp_aead_crypt(req, FLG_AES | FLG_CCM);
}
static int stm32_cryp_des_ecb_encrypt(struct skcipher_request *req)
{
+ if (req->cryptlen % DES_BLOCK_SIZE)
+ return -EINVAL;
+
+ if (req->cryptlen == 0)
+ return 0;
+
return stm32_cryp_crypt(req, FLG_DES | FLG_ECB | FLG_ENCRYPT);
}
static int stm32_cryp_des_ecb_decrypt(struct skcipher_request *req)
{
+ if (req->cryptlen % DES_BLOCK_SIZE)
+ return -EINVAL;
+
+ if (req->cryptlen == 0)
+ return 0;
+
return stm32_cryp_crypt(req, FLG_DES | FLG_ECB);
}
static int stm32_cryp_des_cbc_encrypt(struct skcipher_request *req)
{
+ if (req->cryptlen % DES_BLOCK_SIZE)
+ return -EINVAL;
+
+ if (req->cryptlen == 0)
+ return 0;
+
return stm32_cryp_crypt(req, FLG_DES | FLG_CBC | FLG_ENCRYPT);
}
static int stm32_cryp_des_cbc_decrypt(struct skcipher_request *req)
{
+ if (req->cryptlen % DES_BLOCK_SIZE)
+ return -EINVAL;
+
+ if (req->cryptlen == 0)
+ return 0;
+
return stm32_cryp_crypt(req, FLG_DES | FLG_CBC);
}
static int stm32_cryp_tdes_ecb_encrypt(struct skcipher_request *req)
{
+ if (req->cryptlen % DES_BLOCK_SIZE)
+ return -EINVAL;
+
+ if (req->cryptlen == 0)
+ return 0;
+
return stm32_cryp_crypt(req, FLG_TDES | FLG_ECB | FLG_ENCRYPT);
}
static int stm32_cryp_tdes_ecb_decrypt(struct skcipher_request *req)
{
+ if (req->cryptlen % DES_BLOCK_SIZE)
+ return -EINVAL;
+
+ if (req->cryptlen == 0)
+ return 0;
+
return stm32_cryp_crypt(req, FLG_TDES | FLG_ECB);
}
static int stm32_cryp_tdes_cbc_encrypt(struct skcipher_request *req)
{
+ if (req->cryptlen % DES_BLOCK_SIZE)
+ return -EINVAL;
+
+ if (req->cryptlen == 0)
+ return 0;
+
return stm32_cryp_crypt(req, FLG_TDES | FLG_CBC | FLG_ENCRYPT);
}
static int stm32_cryp_tdes_cbc_decrypt(struct skcipher_request *req)
{
+ if (req->cryptlen % DES_BLOCK_SIZE)
+ return -EINVAL;
+
+ if (req->cryptlen == 0)
+ return 0;
+
return stm32_cryp_crypt(req, FLG_TDES | FLG_CBC);
}
--
2.34.1
^ permalink raw reply related [flat|nested] 584+ messages in thread
* [PATCH 5.10 157/563] crypto: stm32/cryp - fix double pm exit
2022-01-24 18:36 [PATCH 5.10 000/563] 5.10.94-rc1 review Greg Kroah-Hartman
` (155 preceding siblings ...)
2022-01-24 18:38 ` [PATCH 5.10 156/563] crypto: stm32/cryp - check early input data Greg Kroah-Hartman
@ 2022-01-24 18:38 ` Greg Kroah-Hartman
2022-01-24 18:38 ` [PATCH 5.10 158/563] crypto: stm32/cryp - fix lrw chaining mode Greg Kroah-Hartman
` (409 subsequent siblings)
566 siblings, 0 replies; 584+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:38 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Marek Vasut, Nicolas Toromanoff,
Herbert Xu, Sasha Levin
From: Nicolas Toromanoff <nicolas.toromanoff@foss.st.com>
[ Upstream commit 6c12e742785bf9333faf60bfb96575bdd763448e ]
Delete extraneous lines in probe error handling code: pm was
disabled twice.
Fixes: 65f9aa36ee47 ("crypto: stm32/cryp - Add power management support")
Reported-by: Marek Vasut <marex@denx.de>
Signed-off-by: Nicolas Toromanoff <nicolas.toromanoff@foss.st.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/crypto/stm32/stm32-cryp.c | 2 --
1 file changed, 2 deletions(-)
diff --git a/drivers/crypto/stm32/stm32-cryp.c b/drivers/crypto/stm32/stm32-cryp.c
index fd7fb73a4d450..061db567908ae 100644
--- a/drivers/crypto/stm32/stm32-cryp.c
+++ b/drivers/crypto/stm32/stm32-cryp.c
@@ -2134,8 +2134,6 @@ err_engine1:
list_del(&cryp->list);
spin_unlock(&cryp_list.lock);
- pm_runtime_disable(dev);
- pm_runtime_put_noidle(dev);
pm_runtime_disable(dev);
pm_runtime_put_noidle(dev);
--
2.34.1
^ permalink raw reply related [flat|nested] 584+ messages in thread
* [PATCH 5.10 158/563] crypto: stm32/cryp - fix lrw chaining mode
2022-01-24 18:36 [PATCH 5.10 000/563] 5.10.94-rc1 review Greg Kroah-Hartman
` (156 preceding siblings ...)
2022-01-24 18:38 ` [PATCH 5.10 157/563] crypto: stm32/cryp - fix double pm exit Greg Kroah-Hartman
@ 2022-01-24 18:38 ` Greg Kroah-Hartman
2022-01-24 18:38 ` [PATCH 5.10 159/563] crypto: stm32/cryp - fix bugs and crash in tests Greg Kroah-Hartman
` (408 subsequent siblings)
566 siblings, 0 replies; 584+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:38 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Nicolas Toromanoff, Herbert Xu, Sasha Levin
From: Nicolas Toromanoff <nicolas.toromanoff@foss.st.com>
[ Upstream commit fa97dc2d48b476ea98199d808d3248d285987e99 ]
This fixes the lrw autotest if lrw uses the CRYP as the AES block cipher
provider (as ecb(aes)). At end of request, CRYP should not update the IV
in case of ECB chaining mode. Indeed the ECB chaining mode never uses
the IV, but the software LRW chaining mode uses the IV field as
a counter and due to the (unexpected) update done by CRYP while the AES
block process, the counter get a wrong value when the IV overflow.
Fixes: 5f49f18d27cd ("crypto: stm32/cryp - update to return iv_out")
Signed-off-by: Nicolas Toromanoff <nicolas.toromanoff@foss.st.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/crypto/stm32/stm32-cryp.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/crypto/stm32/stm32-cryp.c b/drivers/crypto/stm32/stm32-cryp.c
index 061db567908ae..9943836a5c25c 100644
--- a/drivers/crypto/stm32/stm32-cryp.c
+++ b/drivers/crypto/stm32/stm32-cryp.c
@@ -644,7 +644,7 @@ static void stm32_cryp_finish_req(struct stm32_cryp *cryp, int err)
/* Phase 4 : output tag */
err = stm32_cryp_read_auth_tag(cryp);
- if (!err && (!(is_gcm(cryp) || is_ccm(cryp))))
+ if (!err && (!(is_gcm(cryp) || is_ccm(cryp) || is_ecb(cryp))))
stm32_cryp_get_iv(cryp);
if (cryp->sgs_copied) {
--
2.34.1
^ permalink raw reply related [flat|nested] 584+ messages in thread
* [PATCH 5.10 159/563] crypto: stm32/cryp - fix bugs and crash in tests
2022-01-24 18:36 [PATCH 5.10 000/563] 5.10.94-rc1 review Greg Kroah-Hartman
` (157 preceding siblings ...)
2022-01-24 18:38 ` [PATCH 5.10 158/563] crypto: stm32/cryp - fix lrw chaining mode Greg Kroah-Hartman
@ 2022-01-24 18:38 ` Greg Kroah-Hartman
2022-01-24 18:38 ` [PATCH 5.10 160/563] crypto: stm32 - Revert broken pm_runtime_resume_and_get changes Greg Kroah-Hartman
` (407 subsequent siblings)
566 siblings, 0 replies; 584+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:38 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Marek Vasut, Nicolas Toromanoff,
Herbert Xu, Sasha Levin
From: Nicolas Toromanoff <nicolas.toromanoff@foss.st.com>
[ Upstream commit 4b898d5cfa4d9a0ad5bc82cb5eafdc092394c6a9 ]
Extra crypto manager auto test were crashing or failling due
to 2 reasons:
- block in a dead loop (dues to issues in cipher end process management)
- crash due to read/write unmapped memory (this crash was also reported
when using openssl afalg engine)
Rework interrupt management, interrupts are masked as soon as they are
no more used: if input buffer is fully consumed, "Input FIFO not full"
interrupt is masked and if output buffer is full, "Output FIFO not
empty" interrupt is masked.
And crypto request finish when input *and* outpout buffer are fully
read/write.
About the crash due to unmapped memory, using scatterwalk_copychunks()
that will map and copy each block fix the issue.
Using this api and copying full block will also fix unaligned data
access, avoid early copy of in/out buffer, and make useless the extra
alignment constraint.
Fixes: 9e054ec21ef8 ("crypto: stm32 - Support for STM32 CRYP crypto module")
Reported-by: Marek Vasut <marex@denx.de>
Signed-off-by: Nicolas Toromanoff <nicolas.toromanoff@foss.st.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/crypto/stm32/stm32-cryp.c | 790 +++++++++---------------------
1 file changed, 243 insertions(+), 547 deletions(-)
diff --git a/drivers/crypto/stm32/stm32-cryp.c b/drivers/crypto/stm32/stm32-cryp.c
index 9943836a5c25c..cd57c5bae3ce9 100644
--- a/drivers/crypto/stm32/stm32-cryp.c
+++ b/drivers/crypto/stm32/stm32-cryp.c
@@ -37,7 +37,6 @@
/* Mode mask = bits [15..0] */
#define FLG_MODE_MASK GENMASK(15, 0)
/* Bit [31..16] status */
-#define FLG_CCM_PADDED_WA BIT(16)
/* Registers */
#define CRYP_CR 0x00000000
@@ -105,8 +104,6 @@
/* Misc */
#define AES_BLOCK_32 (AES_BLOCK_SIZE / sizeof(u32))
#define GCM_CTR_INIT 2
-#define _walked_in (cryp->in_walk.offset - cryp->in_sg->offset)
-#define _walked_out (cryp->out_walk.offset - cryp->out_sg->offset)
#define CRYP_AUTOSUSPEND_DELAY 50
struct stm32_cryp_caps {
@@ -144,21 +141,11 @@ struct stm32_cryp {
size_t authsize;
size_t hw_blocksize;
- size_t total_in;
- size_t total_in_save;
- size_t total_out;
- size_t total_out_save;
+ size_t payload_in;
+ size_t header_in;
+ size_t payload_out;
- struct scatterlist *in_sg;
struct scatterlist *out_sg;
- struct scatterlist *out_sg_save;
-
- struct scatterlist in_sgl;
- struct scatterlist out_sgl;
- bool sgs_copied;
-
- int in_sg_len;
- int out_sg_len;
struct scatter_walk in_walk;
struct scatter_walk out_walk;
@@ -262,6 +249,7 @@ static inline int stm32_cryp_wait_output(struct stm32_cryp *cryp)
}
static int stm32_cryp_read_auth_tag(struct stm32_cryp *cryp);
+static void stm32_cryp_finish_req(struct stm32_cryp *cryp, int err);
static struct stm32_cryp *stm32_cryp_find_dev(struct stm32_cryp_ctx *ctx)
{
@@ -283,103 +271,6 @@ static struct stm32_cryp *stm32_cryp_find_dev(struct stm32_cryp_ctx *ctx)
return cryp;
}
-static int stm32_cryp_check_aligned(struct scatterlist *sg, size_t total,
- size_t align)
-{
- int len = 0;
-
- if (!total)
- return 0;
-
- if (!IS_ALIGNED(total, align))
- return -EINVAL;
-
- while (sg) {
- if (!IS_ALIGNED(sg->offset, sizeof(u32)))
- return -EINVAL;
-
- if (!IS_ALIGNED(sg->length, align))
- return -EINVAL;
-
- len += sg->length;
- sg = sg_next(sg);
- }
-
- if (len != total)
- return -EINVAL;
-
- return 0;
-}
-
-static int stm32_cryp_check_io_aligned(struct stm32_cryp *cryp)
-{
- int ret;
-
- ret = stm32_cryp_check_aligned(cryp->in_sg, cryp->total_in,
- cryp->hw_blocksize);
- if (ret)
- return ret;
-
- ret = stm32_cryp_check_aligned(cryp->out_sg, cryp->total_out,
- cryp->hw_blocksize);
-
- return ret;
-}
-
-static void sg_copy_buf(void *buf, struct scatterlist *sg,
- unsigned int start, unsigned int nbytes, int out)
-{
- struct scatter_walk walk;
-
- if (!nbytes)
- return;
-
- scatterwalk_start(&walk, sg);
- scatterwalk_advance(&walk, start);
- scatterwalk_copychunks(buf, &walk, nbytes, out);
- scatterwalk_done(&walk, out, 0);
-}
-
-static int stm32_cryp_copy_sgs(struct stm32_cryp *cryp)
-{
- void *buf_in, *buf_out;
- int pages, total_in, total_out;
-
- if (!stm32_cryp_check_io_aligned(cryp)) {
- cryp->sgs_copied = 0;
- return 0;
- }
-
- total_in = ALIGN(cryp->total_in, cryp->hw_blocksize);
- pages = total_in ? get_order(total_in) : 1;
- buf_in = (void *)__get_free_pages(GFP_ATOMIC, pages);
-
- total_out = ALIGN(cryp->total_out, cryp->hw_blocksize);
- pages = total_out ? get_order(total_out) : 1;
- buf_out = (void *)__get_free_pages(GFP_ATOMIC, pages);
-
- if (!buf_in || !buf_out) {
- dev_err(cryp->dev, "Can't allocate pages when unaligned\n");
- cryp->sgs_copied = 0;
- return -EFAULT;
- }
-
- sg_copy_buf(buf_in, cryp->in_sg, 0, cryp->total_in, 0);
-
- sg_init_one(&cryp->in_sgl, buf_in, total_in);
- cryp->in_sg = &cryp->in_sgl;
- cryp->in_sg_len = 1;
-
- sg_init_one(&cryp->out_sgl, buf_out, total_out);
- cryp->out_sg_save = cryp->out_sg;
- cryp->out_sg = &cryp->out_sgl;
- cryp->out_sg_len = 1;
-
- cryp->sgs_copied = 1;
-
- return 0;
-}
-
static void stm32_cryp_hw_write_iv(struct stm32_cryp *cryp, __be32 *iv)
{
if (!iv)
@@ -481,16 +372,99 @@ static int stm32_cryp_gcm_init(struct stm32_cryp *cryp, u32 cfg)
/* Wait for end of processing */
ret = stm32_cryp_wait_enable(cryp);
- if (ret)
+ if (ret) {
dev_err(cryp->dev, "Timeout (gcm init)\n");
+ return ret;
+ }
- return ret;
+ /* Prepare next phase */
+ if (cryp->areq->assoclen) {
+ cfg |= CR_PH_HEADER;
+ stm32_cryp_write(cryp, CRYP_CR, cfg);
+ } else if (stm32_cryp_get_input_text_len(cryp)) {
+ cfg |= CR_PH_PAYLOAD;
+ stm32_cryp_write(cryp, CRYP_CR, cfg);
+ }
+
+ return 0;
+}
+
+static void stm32_crypt_gcmccm_end_header(struct stm32_cryp *cryp)
+{
+ u32 cfg;
+ int err;
+
+ /* Check if whole header written */
+ if (!cryp->header_in) {
+ /* Wait for completion */
+ err = stm32_cryp_wait_busy(cryp);
+ if (err) {
+ dev_err(cryp->dev, "Timeout (gcm/ccm header)\n");
+ stm32_cryp_write(cryp, CRYP_IMSCR, 0);
+ stm32_cryp_finish_req(cryp, err);
+ return;
+ }
+
+ if (stm32_cryp_get_input_text_len(cryp)) {
+ /* Phase 3 : payload */
+ cfg = stm32_cryp_read(cryp, CRYP_CR);
+ cfg &= ~CR_CRYPEN;
+ stm32_cryp_write(cryp, CRYP_CR, cfg);
+
+ cfg &= ~CR_PH_MASK;
+ cfg |= CR_PH_PAYLOAD | CR_CRYPEN;
+ stm32_cryp_write(cryp, CRYP_CR, cfg);
+ } else {
+ /*
+ * Phase 4 : tag.
+ * Nothing to read, nothing to write, caller have to
+ * end request
+ */
+ }
+ }
+}
+
+static void stm32_cryp_write_ccm_first_header(struct stm32_cryp *cryp)
+{
+ unsigned int i;
+ size_t written;
+ size_t len;
+ u32 alen = cryp->areq->assoclen;
+ u32 block[AES_BLOCK_32] = {0};
+ u8 *b8 = (u8 *)block;
+
+ if (alen <= 65280) {
+ /* Write first u32 of B1 */
+ b8[0] = (alen >> 8) & 0xFF;
+ b8[1] = alen & 0xFF;
+ len = 2;
+ } else {
+ /* Build the two first u32 of B1 */
+ b8[0] = 0xFF;
+ b8[1] = 0xFE;
+ b8[2] = (alen & 0xFF000000) >> 24;
+ b8[3] = (alen & 0x00FF0000) >> 16;
+ b8[4] = (alen & 0x0000FF00) >> 8;
+ b8[5] = alen & 0x000000FF;
+ len = 6;
+ }
+
+ written = min_t(size_t, AES_BLOCK_SIZE - len, alen);
+
+ scatterwalk_copychunks((char *)block + len, &cryp->in_walk, written, 0);
+ for (i = 0; i < AES_BLOCK_32; i++)
+ stm32_cryp_write(cryp, CRYP_DIN, block[i]);
+
+ cryp->header_in -= written;
+
+ stm32_crypt_gcmccm_end_header(cryp);
}
static int stm32_cryp_ccm_init(struct stm32_cryp *cryp, u32 cfg)
{
int ret;
- u8 iv[AES_BLOCK_SIZE], b0[AES_BLOCK_SIZE];
+ u32 iv_32[AES_BLOCK_32], b0_32[AES_BLOCK_32];
+ u8 *iv = (u8 *)iv_32, *b0 = (u8 *)b0_32;
__be32 *bd;
u32 *d;
unsigned int i, textlen;
@@ -531,17 +505,30 @@ static int stm32_cryp_ccm_init(struct stm32_cryp *cryp, u32 cfg)
/* Wait for end of processing */
ret = stm32_cryp_wait_enable(cryp);
- if (ret)
+ if (ret) {
dev_err(cryp->dev, "Timeout (ccm init)\n");
+ return ret;
+ }
- return ret;
+ /* Prepare next phase */
+ if (cryp->areq->assoclen) {
+ cfg |= CR_PH_HEADER | CR_CRYPEN;
+ stm32_cryp_write(cryp, CRYP_CR, cfg);
+
+ /* Write first (special) block (may move to next phase [payload]) */
+ stm32_cryp_write_ccm_first_header(cryp);
+ } else if (stm32_cryp_get_input_text_len(cryp)) {
+ cfg |= CR_PH_PAYLOAD;
+ stm32_cryp_write(cryp, CRYP_CR, cfg);
+ }
+
+ return 0;
}
static int stm32_cryp_hw_init(struct stm32_cryp *cryp)
{
int ret;
u32 cfg, hw_mode;
-
pm_runtime_resume_and_get(cryp->dev);
/* Disable interrupt */
@@ -605,16 +592,6 @@ static int stm32_cryp_hw_init(struct stm32_cryp *cryp)
if (ret)
return ret;
- /* Phase 2 : header (authenticated data) */
- if (cryp->areq->assoclen) {
- cfg |= CR_PH_HEADER;
- } else if (stm32_cryp_get_input_text_len(cryp)) {
- cfg |= CR_PH_PAYLOAD;
- stm32_cryp_write(cryp, CRYP_CR, cfg);
- } else {
- cfg |= CR_PH_INIT;
- }
-
break;
case CR_DES_CBC:
@@ -633,8 +610,6 @@ static int stm32_cryp_hw_init(struct stm32_cryp *cryp)
stm32_cryp_write(cryp, CRYP_CR, cfg);
- cryp->flags &= ~FLG_CCM_PADDED_WA;
-
return 0;
}
@@ -647,25 +622,6 @@ static void stm32_cryp_finish_req(struct stm32_cryp *cryp, int err)
if (!err && (!(is_gcm(cryp) || is_ccm(cryp) || is_ecb(cryp))))
stm32_cryp_get_iv(cryp);
- if (cryp->sgs_copied) {
- void *buf_in, *buf_out;
- int pages, len;
-
- buf_in = sg_virt(&cryp->in_sgl);
- buf_out = sg_virt(&cryp->out_sgl);
-
- sg_copy_buf(buf_out, cryp->out_sg_save, 0,
- cryp->total_out_save, 1);
-
- len = ALIGN(cryp->total_in_save, cryp->hw_blocksize);
- pages = len ? get_order(len) : 1;
- free_pages((unsigned long)buf_in, pages);
-
- len = ALIGN(cryp->total_out_save, cryp->hw_blocksize);
- pages = len ? get_order(len) : 1;
- free_pages((unsigned long)buf_out, pages);
- }
-
pm_runtime_mark_last_busy(cryp->dev);
pm_runtime_put_autosuspend(cryp->dev);
@@ -1029,6 +985,7 @@ static int stm32_cryp_prepare_req(struct skcipher_request *req,
struct stm32_cryp_ctx *ctx;
struct stm32_cryp *cryp;
struct stm32_cryp_reqctx *rctx;
+ struct scatterlist *in_sg;
int ret;
if (!req && !areq)
@@ -1054,76 +1011,55 @@ static int stm32_cryp_prepare_req(struct skcipher_request *req,
if (req) {
cryp->req = req;
cryp->areq = NULL;
- cryp->total_in = req->cryptlen;
- cryp->total_out = cryp->total_in;
+ cryp->header_in = 0;
+ cryp->payload_in = req->cryptlen;
+ cryp->payload_out = req->cryptlen;
+ cryp->authsize = 0;
} else {
/*
* Length of input and output data:
* Encryption case:
- * INPUT = AssocData || PlainText
+ * INPUT = AssocData || PlainText
* <- assoclen -> <- cryptlen ->
- * <------- total_in ----------->
*
- * OUTPUT = AssocData || CipherText || AuthTag
- * <- assoclen -> <- cryptlen -> <- authsize ->
- * <---------------- total_out ----------------->
+ * OUTPUT = AssocData || CipherText || AuthTag
+ * <- assoclen -> <-- cryptlen --> <- authsize ->
*
* Decryption case:
- * INPUT = AssocData || CipherText || AuthTag
- * <- assoclen -> <--------- cryptlen --------->
- * <- authsize ->
- * <---------------- total_in ------------------>
+ * INPUT = AssocData || CipherTex || AuthTag
+ * <- assoclen ---> <---------- cryptlen ---------->
*
- * OUTPUT = AssocData || PlainText
- * <- assoclen -> <- crypten - authsize ->
- * <---------- total_out ----------------->
+ * OUTPUT = AssocData || PlainText
+ * <- assoclen -> <- cryptlen - authsize ->
*/
cryp->areq = areq;
cryp->req = NULL;
cryp->authsize = crypto_aead_authsize(crypto_aead_reqtfm(areq));
- cryp->total_in = areq->assoclen + areq->cryptlen;
- if (is_encrypt(cryp))
- /* Append auth tag to output */
- cryp->total_out = cryp->total_in + cryp->authsize;
- else
- /* No auth tag in output */
- cryp->total_out = cryp->total_in - cryp->authsize;
+ if (is_encrypt(cryp)) {
+ cryp->payload_in = areq->cryptlen;
+ cryp->header_in = areq->assoclen;
+ cryp->payload_out = areq->cryptlen;
+ } else {
+ cryp->payload_in = areq->cryptlen - cryp->authsize;
+ cryp->header_in = areq->assoclen;
+ cryp->payload_out = cryp->payload_in;
+ }
}
- cryp->total_in_save = cryp->total_in;
- cryp->total_out_save = cryp->total_out;
+ in_sg = req ? req->src : areq->src;
+ scatterwalk_start(&cryp->in_walk, in_sg);
- cryp->in_sg = req ? req->src : areq->src;
cryp->out_sg = req ? req->dst : areq->dst;
- cryp->out_sg_save = cryp->out_sg;
-
- cryp->in_sg_len = sg_nents_for_len(cryp->in_sg, cryp->total_in);
- if (cryp->in_sg_len < 0) {
- dev_err(cryp->dev, "Cannot get in_sg_len\n");
- ret = cryp->in_sg_len;
- return ret;
- }
-
- cryp->out_sg_len = sg_nents_for_len(cryp->out_sg, cryp->total_out);
- if (cryp->out_sg_len < 0) {
- dev_err(cryp->dev, "Cannot get out_sg_len\n");
- ret = cryp->out_sg_len;
- return ret;
- }
-
- ret = stm32_cryp_copy_sgs(cryp);
- if (ret)
- return ret;
-
- scatterwalk_start(&cryp->in_walk, cryp->in_sg);
scatterwalk_start(&cryp->out_walk, cryp->out_sg);
if (is_gcm(cryp) || is_ccm(cryp)) {
/* In output, jump after assoc data */
- scatterwalk_advance(&cryp->out_walk, cryp->areq->assoclen);
- cryp->total_out -= cryp->areq->assoclen;
+ scatterwalk_copychunks(NULL, &cryp->out_walk, cryp->areq->assoclen, 2);
}
+ if (is_ctr(cryp))
+ memset(cryp->last_ctr, 0, sizeof(cryp->last_ctr));
+
ret = stm32_cryp_hw_init(cryp);
return ret;
}
@@ -1171,8 +1107,7 @@ static int stm32_cryp_aead_one_req(struct crypto_engine *engine, void *areq)
if (!cryp)
return -ENODEV;
- if (unlikely(!cryp->areq->assoclen &&
- !stm32_cryp_get_input_text_len(cryp))) {
+ if (unlikely(!cryp->payload_in && !cryp->header_in)) {
/* No input data to process: get tag and finish */
stm32_cryp_finish_req(cryp, 0);
return 0;
@@ -1181,43 +1116,10 @@ static int stm32_cryp_aead_one_req(struct crypto_engine *engine, void *areq)
return stm32_cryp_cpu_start(cryp);
}
-static u32 *stm32_cryp_next_out(struct stm32_cryp *cryp, u32 *dst,
- unsigned int n)
-{
- scatterwalk_advance(&cryp->out_walk, n);
-
- if (unlikely(cryp->out_sg->length == _walked_out)) {
- cryp->out_sg = sg_next(cryp->out_sg);
- if (cryp->out_sg) {
- scatterwalk_start(&cryp->out_walk, cryp->out_sg);
- return (sg_virt(cryp->out_sg) + _walked_out);
- }
- }
-
- return (u32 *)((u8 *)dst + n);
-}
-
-static u32 *stm32_cryp_next_in(struct stm32_cryp *cryp, u32 *src,
- unsigned int n)
-{
- scatterwalk_advance(&cryp->in_walk, n);
-
- if (unlikely(cryp->in_sg->length == _walked_in)) {
- cryp->in_sg = sg_next(cryp->in_sg);
- if (cryp->in_sg) {
- scatterwalk_start(&cryp->in_walk, cryp->in_sg);
- return (sg_virt(cryp->in_sg) + _walked_in);
- }
- }
-
- return (u32 *)((u8 *)src + n);
-}
-
static int stm32_cryp_read_auth_tag(struct stm32_cryp *cryp)
{
- u32 cfg, size_bit, *dst, d32;
- u8 *d8;
- unsigned int i, j;
+ u32 cfg, size_bit;
+ unsigned int i;
int ret = 0;
/* Update Config */
@@ -1240,7 +1142,7 @@ static int stm32_cryp_read_auth_tag(struct stm32_cryp *cryp)
stm32_cryp_write(cryp, CRYP_DIN, size_bit);
size_bit = is_encrypt(cryp) ? cryp->areq->cryptlen :
- cryp->areq->cryptlen - AES_BLOCK_SIZE;
+ cryp->areq->cryptlen - cryp->authsize;
size_bit *= 8;
if (cryp->caps->swap_final)
size_bit = (__force u32)cpu_to_be32(size_bit);
@@ -1249,11 +1151,9 @@ static int stm32_cryp_read_auth_tag(struct stm32_cryp *cryp)
stm32_cryp_write(cryp, CRYP_DIN, size_bit);
} else {
/* CCM: write CTR0 */
- u8 iv[AES_BLOCK_SIZE];
- u32 *iv32 = (u32 *)iv;
- __be32 *biv;
-
- biv = (void *)iv;
+ u32 iv32[AES_BLOCK_32];
+ u8 *iv = (u8 *)iv32;
+ __be32 *biv = (__be32 *)iv32;
memcpy(iv, cryp->areq->iv, AES_BLOCK_SIZE);
memset(iv + AES_BLOCK_SIZE - 1 - iv[0], 0, iv[0] + 1);
@@ -1275,39 +1175,18 @@ static int stm32_cryp_read_auth_tag(struct stm32_cryp *cryp)
}
if (is_encrypt(cryp)) {
+ u32 out_tag[AES_BLOCK_32];
+
/* Get and write tag */
- dst = sg_virt(cryp->out_sg) + _walked_out;
+ for (i = 0; i < AES_BLOCK_32; i++)
+ out_tag[i] = stm32_cryp_read(cryp, CRYP_DOUT);
- for (i = 0; i < AES_BLOCK_32; i++) {
- if (cryp->total_out >= sizeof(u32)) {
- /* Read a full u32 */
- *dst = stm32_cryp_read(cryp, CRYP_DOUT);
-
- dst = stm32_cryp_next_out(cryp, dst,
- sizeof(u32));
- cryp->total_out -= sizeof(u32);
- } else if (!cryp->total_out) {
- /* Empty fifo out (data from input padding) */
- stm32_cryp_read(cryp, CRYP_DOUT);
- } else {
- /* Read less than an u32 */
- d32 = stm32_cryp_read(cryp, CRYP_DOUT);
- d8 = (u8 *)&d32;
-
- for (j = 0; j < cryp->total_out; j++) {
- *((u8 *)dst) = *(d8++);
- dst = stm32_cryp_next_out(cryp, dst, 1);
- }
- cryp->total_out = 0;
- }
- }
+ scatterwalk_copychunks(out_tag, &cryp->out_walk, cryp->authsize, 1);
} else {
/* Get and check tag */
u32 in_tag[AES_BLOCK_32], out_tag[AES_BLOCK_32];
- scatterwalk_map_and_copy(in_tag, cryp->in_sg,
- cryp->total_in_save - cryp->authsize,
- cryp->authsize, 0);
+ scatterwalk_copychunks(in_tag, &cryp->in_walk, cryp->authsize, 0);
for (i = 0; i < AES_BLOCK_32; i++)
out_tag[i] = stm32_cryp_read(cryp, CRYP_DOUT);
@@ -1349,92 +1228,37 @@ static void stm32_cryp_check_ctr_counter(struct stm32_cryp *cryp)
cryp->last_ctr[3] = cpu_to_be32(stm32_cryp_read(cryp, CRYP_IV1RR));
}
-static bool stm32_cryp_irq_read_data(struct stm32_cryp *cryp)
+static void stm32_cryp_irq_read_data(struct stm32_cryp *cryp)
{
- unsigned int i, j;
- u32 d32, *dst;
- u8 *d8;
- size_t tag_size;
-
- /* Do no read tag now (if any) */
- if (is_encrypt(cryp) && (is_gcm(cryp) || is_ccm(cryp)))
- tag_size = cryp->authsize;
- else
- tag_size = 0;
-
- dst = sg_virt(cryp->out_sg) + _walked_out;
-
- for (i = 0; i < cryp->hw_blocksize / sizeof(u32); i++) {
- if (likely(cryp->total_out - tag_size >= sizeof(u32))) {
- /* Read a full u32 */
- *dst = stm32_cryp_read(cryp, CRYP_DOUT);
+ unsigned int i;
+ u32 block[AES_BLOCK_32];
- dst = stm32_cryp_next_out(cryp, dst, sizeof(u32));
- cryp->total_out -= sizeof(u32);
- } else if (cryp->total_out == tag_size) {
- /* Empty fifo out (data from input padding) */
- d32 = stm32_cryp_read(cryp, CRYP_DOUT);
- } else {
- /* Read less than an u32 */
- d32 = stm32_cryp_read(cryp, CRYP_DOUT);
- d8 = (u8 *)&d32;
-
- for (j = 0; j < cryp->total_out - tag_size; j++) {
- *((u8 *)dst) = *(d8++);
- dst = stm32_cryp_next_out(cryp, dst, 1);
- }
- cryp->total_out = tag_size;
- }
- }
+ for (i = 0; i < cryp->hw_blocksize / sizeof(u32); i++)
+ block[i] = stm32_cryp_read(cryp, CRYP_DOUT);
- return !(cryp->total_out - tag_size) || !cryp->total_in;
+ scatterwalk_copychunks(block, &cryp->out_walk, min_t(size_t, cryp->hw_blocksize,
+ cryp->payload_out), 1);
+ cryp->payload_out -= min_t(size_t, cryp->hw_blocksize,
+ cryp->payload_out);
}
static void stm32_cryp_irq_write_block(struct stm32_cryp *cryp)
{
- unsigned int i, j;
- u32 *src;
- u8 d8[4];
- size_t tag_size;
-
- /* Do no write tag (if any) */
- if (is_decrypt(cryp) && (is_gcm(cryp) || is_ccm(cryp)))
- tag_size = cryp->authsize;
- else
- tag_size = 0;
-
- src = sg_virt(cryp->in_sg) + _walked_in;
+ unsigned int i;
+ u32 block[AES_BLOCK_32] = {0};
- for (i = 0; i < cryp->hw_blocksize / sizeof(u32); i++) {
- if (likely(cryp->total_in - tag_size >= sizeof(u32))) {
- /* Write a full u32 */
- stm32_cryp_write(cryp, CRYP_DIN, *src);
+ scatterwalk_copychunks(block, &cryp->in_walk, min_t(size_t, cryp->hw_blocksize,
+ cryp->payload_in), 0);
+ for (i = 0; i < cryp->hw_blocksize / sizeof(u32); i++)
+ stm32_cryp_write(cryp, CRYP_DIN, block[i]);
- src = stm32_cryp_next_in(cryp, src, sizeof(u32));
- cryp->total_in -= sizeof(u32);
- } else if (cryp->total_in == tag_size) {
- /* Write padding data */
- stm32_cryp_write(cryp, CRYP_DIN, 0);
- } else {
- /* Write less than an u32 */
- memset(d8, 0, sizeof(u32));
- for (j = 0; j < cryp->total_in - tag_size; j++) {
- d8[j] = *((u8 *)src);
- src = stm32_cryp_next_in(cryp, src, 1);
- }
-
- stm32_cryp_write(cryp, CRYP_DIN, *(u32 *)d8);
- cryp->total_in = tag_size;
- }
- }
+ cryp->payload_in -= min_t(size_t, cryp->hw_blocksize, cryp->payload_in);
}
static void stm32_cryp_irq_write_gcm_padded_data(struct stm32_cryp *cryp)
{
int err;
- u32 cfg, tmp[AES_BLOCK_32];
- size_t total_in_ori = cryp->total_in;
- struct scatterlist *out_sg_ori = cryp->out_sg;
+ u32 cfg, block[AES_BLOCK_32] = {0};
unsigned int i;
/* 'Special workaround' procedure described in the datasheet */
@@ -1459,18 +1283,25 @@ static void stm32_cryp_irq_write_gcm_padded_data(struct stm32_cryp *cryp)
/* b) pad and write the last block */
stm32_cryp_irq_write_block(cryp);
- cryp->total_in = total_in_ori;
+ /* wait end of process */
err = stm32_cryp_wait_output(cryp);
if (err) {
- dev_err(cryp->dev, "Timeout (write gcm header)\n");
+ dev_err(cryp->dev, "Timeout (write gcm last data)\n");
return stm32_cryp_finish_req(cryp, err);
}
/* c) get and store encrypted data */
- stm32_cryp_irq_read_data(cryp);
- scatterwalk_map_and_copy(tmp, out_sg_ori,
- cryp->total_in_save - total_in_ori,
- total_in_ori, 0);
+ /*
+ * Same code as stm32_cryp_irq_read_data(), but we want to store
+ * block value
+ */
+ for (i = 0; i < cryp->hw_blocksize / sizeof(u32); i++)
+ block[i] = stm32_cryp_read(cryp, CRYP_DOUT);
+
+ scatterwalk_copychunks(block, &cryp->out_walk, min_t(size_t, cryp->hw_blocksize,
+ cryp->payload_out), 1);
+ cryp->payload_out -= min_t(size_t, cryp->hw_blocksize,
+ cryp->payload_out);
/* d) change mode back to AES GCM */
cfg &= ~CR_ALGO_MASK;
@@ -1483,19 +1314,13 @@ static void stm32_cryp_irq_write_gcm_padded_data(struct stm32_cryp *cryp)
stm32_cryp_write(cryp, CRYP_CR, cfg);
/* f) write padded data */
- for (i = 0; i < AES_BLOCK_32; i++) {
- if (cryp->total_in)
- stm32_cryp_write(cryp, CRYP_DIN, tmp[i]);
- else
- stm32_cryp_write(cryp, CRYP_DIN, 0);
-
- cryp->total_in -= min_t(size_t, sizeof(u32), cryp->total_in);
- }
+ for (i = 0; i < AES_BLOCK_32; i++)
+ stm32_cryp_write(cryp, CRYP_DIN, block[i]);
/* g) Empty fifo out */
err = stm32_cryp_wait_output(cryp);
if (err) {
- dev_err(cryp->dev, "Timeout (write gcm header)\n");
+ dev_err(cryp->dev, "Timeout (write gcm padded data)\n");
return stm32_cryp_finish_req(cryp, err);
}
@@ -1508,16 +1333,14 @@ static void stm32_cryp_irq_write_gcm_padded_data(struct stm32_cryp *cryp)
static void stm32_cryp_irq_set_npblb(struct stm32_cryp *cryp)
{
- u32 cfg, payload_bytes;
+ u32 cfg;
/* disable ip, set NPBLB and reneable ip */
cfg = stm32_cryp_read(cryp, CRYP_CR);
cfg &= ~CR_CRYPEN;
stm32_cryp_write(cryp, CRYP_CR, cfg);
- payload_bytes = is_decrypt(cryp) ? cryp->total_in - cryp->authsize :
- cryp->total_in;
- cfg |= (cryp->hw_blocksize - payload_bytes) << CR_NBPBL_SHIFT;
+ cfg |= (cryp->hw_blocksize - cryp->payload_in) << CR_NBPBL_SHIFT;
cfg |= CR_CRYPEN;
stm32_cryp_write(cryp, CRYP_CR, cfg);
}
@@ -1526,13 +1349,11 @@ static void stm32_cryp_irq_write_ccm_padded_data(struct stm32_cryp *cryp)
{
int err = 0;
u32 cfg, iv1tmp;
- u32 cstmp1[AES_BLOCK_32], cstmp2[AES_BLOCK_32], tmp[AES_BLOCK_32];
- size_t last_total_out, total_in_ori = cryp->total_in;
- struct scatterlist *out_sg_ori = cryp->out_sg;
+ u32 cstmp1[AES_BLOCK_32], cstmp2[AES_BLOCK_32];
+ u32 block[AES_BLOCK_32] = {0};
unsigned int i;
/* 'Special workaround' procedure described in the datasheet */
- cryp->flags |= FLG_CCM_PADDED_WA;
/* a) disable ip */
stm32_cryp_write(cryp, CRYP_IMSCR, 0);
@@ -1562,7 +1383,7 @@ static void stm32_cryp_irq_write_ccm_padded_data(struct stm32_cryp *cryp)
/* b) pad and write the last block */
stm32_cryp_irq_write_block(cryp);
- cryp->total_in = total_in_ori;
+ /* wait end of process */
err = stm32_cryp_wait_output(cryp);
if (err) {
dev_err(cryp->dev, "Timeout (wite ccm padded data)\n");
@@ -1570,13 +1391,16 @@ static void stm32_cryp_irq_write_ccm_padded_data(struct stm32_cryp *cryp)
}
/* c) get and store decrypted data */
- last_total_out = cryp->total_out;
- stm32_cryp_irq_read_data(cryp);
+ /*
+ * Same code as stm32_cryp_irq_read_data(), but we want to store
+ * block value
+ */
+ for (i = 0; i < cryp->hw_blocksize / sizeof(u32); i++)
+ block[i] = stm32_cryp_read(cryp, CRYP_DOUT);
- memset(tmp, 0, sizeof(tmp));
- scatterwalk_map_and_copy(tmp, out_sg_ori,
- cryp->total_out_save - last_total_out,
- last_total_out, 0);
+ scatterwalk_copychunks(block, &cryp->out_walk, min_t(size_t, cryp->hw_blocksize,
+ cryp->payload_out), 1);
+ cryp->payload_out -= min_t(size_t, cryp->hw_blocksize, cryp->payload_out);
/* d) Load again CRYP_CSGCMCCMxR */
for (i = 0; i < ARRAY_SIZE(cstmp2); i++)
@@ -1593,10 +1417,10 @@ static void stm32_cryp_irq_write_ccm_padded_data(struct stm32_cryp *cryp)
stm32_cryp_write(cryp, CRYP_CR, cfg);
/* g) XOR and write padded data */
- for (i = 0; i < ARRAY_SIZE(tmp); i++) {
- tmp[i] ^= cstmp1[i];
- tmp[i] ^= cstmp2[i];
- stm32_cryp_write(cryp, CRYP_DIN, tmp[i]);
+ for (i = 0; i < ARRAY_SIZE(block); i++) {
+ block[i] ^= cstmp1[i];
+ block[i] ^= cstmp2[i];
+ stm32_cryp_write(cryp, CRYP_DIN, block[i]);
}
/* h) wait for completion */
@@ -1610,30 +1434,34 @@ static void stm32_cryp_irq_write_ccm_padded_data(struct stm32_cryp *cryp)
static void stm32_cryp_irq_write_data(struct stm32_cryp *cryp)
{
- if (unlikely(!cryp->total_in)) {
+ if (unlikely(!cryp->payload_in)) {
dev_warn(cryp->dev, "No more data to process\n");
return;
}
- if (unlikely(cryp->total_in < AES_BLOCK_SIZE &&
+ if (unlikely(cryp->payload_in < AES_BLOCK_SIZE &&
(stm32_cryp_get_hw_mode(cryp) == CR_AES_GCM) &&
is_encrypt(cryp))) {
/* Padding for AES GCM encryption */
- if (cryp->caps->padding_wa)
+ if (cryp->caps->padding_wa) {
/* Special case 1 */
- return stm32_cryp_irq_write_gcm_padded_data(cryp);
+ stm32_cryp_irq_write_gcm_padded_data(cryp);
+ return;
+ }
/* Setting padding bytes (NBBLB) */
stm32_cryp_irq_set_npblb(cryp);
}
- if (unlikely((cryp->total_in - cryp->authsize < AES_BLOCK_SIZE) &&
+ if (unlikely((cryp->payload_in < AES_BLOCK_SIZE) &&
(stm32_cryp_get_hw_mode(cryp) == CR_AES_CCM) &&
is_decrypt(cryp))) {
/* Padding for AES CCM decryption */
- if (cryp->caps->padding_wa)
+ if (cryp->caps->padding_wa) {
/* Special case 2 */
- return stm32_cryp_irq_write_ccm_padded_data(cryp);
+ stm32_cryp_irq_write_ccm_padded_data(cryp);
+ return;
+ }
/* Setting padding bytes (NBBLB) */
stm32_cryp_irq_set_npblb(cryp);
@@ -1645,192 +1473,60 @@ static void stm32_cryp_irq_write_data(struct stm32_cryp *cryp)
stm32_cryp_irq_write_block(cryp);
}
-static void stm32_cryp_irq_write_gcm_header(struct stm32_cryp *cryp)
+static void stm32_cryp_irq_write_gcmccm_header(struct stm32_cryp *cryp)
{
- int err;
- unsigned int i, j;
- u32 cfg, *src;
-
- src = sg_virt(cryp->in_sg) + _walked_in;
-
- for (i = 0; i < AES_BLOCK_32; i++) {
- stm32_cryp_write(cryp, CRYP_DIN, *src);
-
- src = stm32_cryp_next_in(cryp, src, sizeof(u32));
- cryp->total_in -= min_t(size_t, sizeof(u32), cryp->total_in);
-
- /* Check if whole header written */
- if ((cryp->total_in_save - cryp->total_in) ==
- cryp->areq->assoclen) {
- /* Write padding if needed */
- for (j = i + 1; j < AES_BLOCK_32; j++)
- stm32_cryp_write(cryp, CRYP_DIN, 0);
-
- /* Wait for completion */
- err = stm32_cryp_wait_busy(cryp);
- if (err) {
- dev_err(cryp->dev, "Timeout (gcm header)\n");
- return stm32_cryp_finish_req(cryp, err);
- }
-
- if (stm32_cryp_get_input_text_len(cryp)) {
- /* Phase 3 : payload */
- cfg = stm32_cryp_read(cryp, CRYP_CR);
- cfg &= ~CR_CRYPEN;
- stm32_cryp_write(cryp, CRYP_CR, cfg);
-
- cfg &= ~CR_PH_MASK;
- cfg |= CR_PH_PAYLOAD;
- cfg |= CR_CRYPEN;
- stm32_cryp_write(cryp, CRYP_CR, cfg);
- } else {
- /* Phase 4 : tag */
- stm32_cryp_write(cryp, CRYP_IMSCR, 0);
- stm32_cryp_finish_req(cryp, 0);
- }
-
- break;
- }
-
- if (!cryp->total_in)
- break;
- }
-}
+ unsigned int i;
+ u32 block[AES_BLOCK_32] = {0};
+ size_t written;
-static void stm32_cryp_irq_write_ccm_header(struct stm32_cryp *cryp)
-{
- int err;
- unsigned int i = 0, j, k;
- u32 alen, cfg, *src;
- u8 d8[4];
-
- src = sg_virt(cryp->in_sg) + _walked_in;
- alen = cryp->areq->assoclen;
-
- if (!_walked_in) {
- if (cryp->areq->assoclen <= 65280) {
- /* Write first u32 of B1 */
- d8[0] = (alen >> 8) & 0xFF;
- d8[1] = alen & 0xFF;
- d8[2] = *((u8 *)src);
- src = stm32_cryp_next_in(cryp, src, 1);
- d8[3] = *((u8 *)src);
- src = stm32_cryp_next_in(cryp, src, 1);
-
- stm32_cryp_write(cryp, CRYP_DIN, *(u32 *)d8);
- i++;
-
- cryp->total_in -= min_t(size_t, 2, cryp->total_in);
- } else {
- /* Build the two first u32 of B1 */
- d8[0] = 0xFF;
- d8[1] = 0xFE;
- d8[2] = alen & 0xFF000000;
- d8[3] = alen & 0x00FF0000;
-
- stm32_cryp_write(cryp, CRYP_DIN, *(u32 *)d8);
- i++;
-
- d8[0] = alen & 0x0000FF00;
- d8[1] = alen & 0x000000FF;
- d8[2] = *((u8 *)src);
- src = stm32_cryp_next_in(cryp, src, 1);
- d8[3] = *((u8 *)src);
- src = stm32_cryp_next_in(cryp, src, 1);
-
- stm32_cryp_write(cryp, CRYP_DIN, *(u32 *)d8);
- i++;
-
- cryp->total_in -= min_t(size_t, 2, cryp->total_in);
- }
- }
+ written = min_t(size_t, AES_BLOCK_SIZE, cryp->header_in);
- /* Write next u32 */
- for (; i < AES_BLOCK_32; i++) {
- /* Build an u32 */
- memset(d8, 0, sizeof(u32));
- for (k = 0; k < sizeof(u32); k++) {
- d8[k] = *((u8 *)src);
- src = stm32_cryp_next_in(cryp, src, 1);
-
- cryp->total_in -= min_t(size_t, 1, cryp->total_in);
- if ((cryp->total_in_save - cryp->total_in) == alen)
- break;
- }
+ scatterwalk_copychunks(block, &cryp->in_walk, written, 0);
+ for (i = 0; i < AES_BLOCK_32; i++)
+ stm32_cryp_write(cryp, CRYP_DIN, block[i]);
- stm32_cryp_write(cryp, CRYP_DIN, *(u32 *)d8);
-
- if ((cryp->total_in_save - cryp->total_in) == alen) {
- /* Write padding if needed */
- for (j = i + 1; j < AES_BLOCK_32; j++)
- stm32_cryp_write(cryp, CRYP_DIN, 0);
-
- /* Wait for completion */
- err = stm32_cryp_wait_busy(cryp);
- if (err) {
- dev_err(cryp->dev, "Timeout (ccm header)\n");
- return stm32_cryp_finish_req(cryp, err);
- }
-
- if (stm32_cryp_get_input_text_len(cryp)) {
- /* Phase 3 : payload */
- cfg = stm32_cryp_read(cryp, CRYP_CR);
- cfg &= ~CR_CRYPEN;
- stm32_cryp_write(cryp, CRYP_CR, cfg);
-
- cfg &= ~CR_PH_MASK;
- cfg |= CR_PH_PAYLOAD;
- cfg |= CR_CRYPEN;
- stm32_cryp_write(cryp, CRYP_CR, cfg);
- } else {
- /* Phase 4 : tag */
- stm32_cryp_write(cryp, CRYP_IMSCR, 0);
- stm32_cryp_finish_req(cryp, 0);
- }
+ cryp->header_in -= written;
- break;
- }
- }
+ stm32_crypt_gcmccm_end_header(cryp);
}
static irqreturn_t stm32_cryp_irq_thread(int irq, void *arg)
{
struct stm32_cryp *cryp = arg;
u32 ph;
+ u32 it_mask = stm32_cryp_read(cryp, CRYP_IMSCR);
if (cryp->irq_status & MISR_OUT)
/* Output FIFO IRQ: read data */
- if (unlikely(stm32_cryp_irq_read_data(cryp))) {
- /* All bytes processed, finish */
- stm32_cryp_write(cryp, CRYP_IMSCR, 0);
- stm32_cryp_finish_req(cryp, 0);
- return IRQ_HANDLED;
- }
+ stm32_cryp_irq_read_data(cryp);
if (cryp->irq_status & MISR_IN) {
- if (is_gcm(cryp)) {
- ph = stm32_cryp_read(cryp, CRYP_CR) & CR_PH_MASK;
- if (unlikely(ph == CR_PH_HEADER))
- /* Write Header */
- stm32_cryp_irq_write_gcm_header(cryp);
- else
- /* Input FIFO IRQ: write data */
- stm32_cryp_irq_write_data(cryp);
- cryp->gcm_ctr++;
- } else if (is_ccm(cryp)) {
+ if (is_gcm(cryp) || is_ccm(cryp)) {
ph = stm32_cryp_read(cryp, CRYP_CR) & CR_PH_MASK;
if (unlikely(ph == CR_PH_HEADER))
/* Write Header */
- stm32_cryp_irq_write_ccm_header(cryp);
+ stm32_cryp_irq_write_gcmccm_header(cryp);
else
/* Input FIFO IRQ: write data */
stm32_cryp_irq_write_data(cryp);
+ if (is_gcm(cryp))
+ cryp->gcm_ctr++;
} else {
/* Input FIFO IRQ: write data */
stm32_cryp_irq_write_data(cryp);
}
}
+ /* Mask useless interrupts */
+ if (!cryp->payload_in && !cryp->header_in)
+ it_mask &= ~IMSCR_IN;
+ if (!cryp->payload_out)
+ it_mask &= ~IMSCR_OUT;
+ stm32_cryp_write(cryp, CRYP_IMSCR, it_mask);
+
+ if (!cryp->payload_in && !cryp->header_in && !cryp->payload_out)
+ stm32_cryp_finish_req(cryp, 0);
+
return IRQ_HANDLED;
}
@@ -1851,7 +1547,7 @@ static struct skcipher_alg crypto_algs[] = {
.base.cra_flags = CRYPTO_ALG_ASYNC,
.base.cra_blocksize = AES_BLOCK_SIZE,
.base.cra_ctxsize = sizeof(struct stm32_cryp_ctx),
- .base.cra_alignmask = 0xf,
+ .base.cra_alignmask = 0,
.base.cra_module = THIS_MODULE,
.init = stm32_cryp_init_tfm,
@@ -1868,7 +1564,7 @@ static struct skcipher_alg crypto_algs[] = {
.base.cra_flags = CRYPTO_ALG_ASYNC,
.base.cra_blocksize = AES_BLOCK_SIZE,
.base.cra_ctxsize = sizeof(struct stm32_cryp_ctx),
- .base.cra_alignmask = 0xf,
+ .base.cra_alignmask = 0,
.base.cra_module = THIS_MODULE,
.init = stm32_cryp_init_tfm,
@@ -1886,7 +1582,7 @@ static struct skcipher_alg crypto_algs[] = {
.base.cra_flags = CRYPTO_ALG_ASYNC,
.base.cra_blocksize = 1,
.base.cra_ctxsize = sizeof(struct stm32_cryp_ctx),
- .base.cra_alignmask = 0xf,
+ .base.cra_alignmask = 0,
.base.cra_module = THIS_MODULE,
.init = stm32_cryp_init_tfm,
@@ -1904,7 +1600,7 @@ static struct skcipher_alg crypto_algs[] = {
.base.cra_flags = CRYPTO_ALG_ASYNC,
.base.cra_blocksize = DES_BLOCK_SIZE,
.base.cra_ctxsize = sizeof(struct stm32_cryp_ctx),
- .base.cra_alignmask = 0xf,
+ .base.cra_alignmask = 0,
.base.cra_module = THIS_MODULE,
.init = stm32_cryp_init_tfm,
@@ -1921,7 +1617,7 @@ static struct skcipher_alg crypto_algs[] = {
.base.cra_flags = CRYPTO_ALG_ASYNC,
.base.cra_blocksize = DES_BLOCK_SIZE,
.base.cra_ctxsize = sizeof(struct stm32_cryp_ctx),
- .base.cra_alignmask = 0xf,
+ .base.cra_alignmask = 0,
.base.cra_module = THIS_MODULE,
.init = stm32_cryp_init_tfm,
@@ -1939,7 +1635,7 @@ static struct skcipher_alg crypto_algs[] = {
.base.cra_flags = CRYPTO_ALG_ASYNC,
.base.cra_blocksize = DES_BLOCK_SIZE,
.base.cra_ctxsize = sizeof(struct stm32_cryp_ctx),
- .base.cra_alignmask = 0xf,
+ .base.cra_alignmask = 0,
.base.cra_module = THIS_MODULE,
.init = stm32_cryp_init_tfm,
@@ -1956,7 +1652,7 @@ static struct skcipher_alg crypto_algs[] = {
.base.cra_flags = CRYPTO_ALG_ASYNC,
.base.cra_blocksize = DES_BLOCK_SIZE,
.base.cra_ctxsize = sizeof(struct stm32_cryp_ctx),
- .base.cra_alignmask = 0xf,
+ .base.cra_alignmask = 0,
.base.cra_module = THIS_MODULE,
.init = stm32_cryp_init_tfm,
@@ -1986,7 +1682,7 @@ static struct aead_alg aead_algs[] = {
.cra_flags = CRYPTO_ALG_ASYNC,
.cra_blocksize = 1,
.cra_ctxsize = sizeof(struct stm32_cryp_ctx),
- .cra_alignmask = 0xf,
+ .cra_alignmask = 0,
.cra_module = THIS_MODULE,
},
},
@@ -2006,7 +1702,7 @@ static struct aead_alg aead_algs[] = {
.cra_flags = CRYPTO_ALG_ASYNC,
.cra_blocksize = 1,
.cra_ctxsize = sizeof(struct stm32_cryp_ctx),
- .cra_alignmask = 0xf,
+ .cra_alignmask = 0,
.cra_module = THIS_MODULE,
},
},
--
2.34.1
^ permalink raw reply related [flat|nested] 584+ messages in thread
* [PATCH 5.10 160/563] crypto: stm32 - Revert broken pm_runtime_resume_and_get changes
2022-01-24 18:36 [PATCH 5.10 000/563] 5.10.94-rc1 review Greg Kroah-Hartman
` (158 preceding siblings ...)
2022-01-24 18:38 ` [PATCH 5.10 159/563] crypto: stm32/cryp - fix bugs and crash in tests Greg Kroah-Hartman
@ 2022-01-24 18:38 ` Greg Kroah-Hartman
2022-01-24 18:38 ` [PATCH 5.10 161/563] ath11k: Fix deleting uninitialized kernel timer during fragment cache flush Greg Kroah-Hartman
` (406 subsequent siblings)
566 siblings, 0 replies; 584+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:38 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Heiner Kallweit, Herbert Xu,
Rafael J. Wysocki, Sasha Levin
From: Herbert Xu <herbert@gondor.apana.org.au>
[ Upstream commit 3d6b661330a7954d8136df98160d525eb04dcd6a ]
We should not call pm_runtime_resume_and_get where the reference
count is expected to be incremented unconditionally. This patch
reverts these calls to the original unconditional get_sync call.
Reported-by: Heiner Kallweit <hkallweit1@gmail.com>
Fixes: 747bf30fd944 ("crypto: stm32/cryp - Fix PM reference leak...")
Fixes: 1cb3ad701970 ("crypto: stm32/hash - Fix PM reference leak...")
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Acked-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/crypto/stm32/stm32-cryp.c | 3 ++-
drivers/crypto/stm32/stm32-hash.c | 6 +++---
2 files changed, 5 insertions(+), 4 deletions(-)
diff --git a/drivers/crypto/stm32/stm32-cryp.c b/drivers/crypto/stm32/stm32-cryp.c
index cd57c5bae3ce9..81eb136b6c11d 100644
--- a/drivers/crypto/stm32/stm32-cryp.c
+++ b/drivers/crypto/stm32/stm32-cryp.c
@@ -529,7 +529,8 @@ static int stm32_cryp_hw_init(struct stm32_cryp *cryp)
{
int ret;
u32 cfg, hw_mode;
- pm_runtime_resume_and_get(cryp->dev);
+
+ pm_runtime_get_sync(cryp->dev);
/* Disable interrupt */
stm32_cryp_write(cryp, CRYP_IMSCR, 0);
diff --git a/drivers/crypto/stm32/stm32-hash.c b/drivers/crypto/stm32/stm32-hash.c
index ff5362da118d8..16bb52836b28d 100644
--- a/drivers/crypto/stm32/stm32-hash.c
+++ b/drivers/crypto/stm32/stm32-hash.c
@@ -812,7 +812,7 @@ static void stm32_hash_finish_req(struct ahash_request *req, int err)
static int stm32_hash_hw_init(struct stm32_hash_dev *hdev,
struct stm32_hash_request_ctx *rctx)
{
- pm_runtime_resume_and_get(hdev->dev);
+ pm_runtime_get_sync(hdev->dev);
if (!(HASH_FLAGS_INIT & hdev->flags)) {
stm32_hash_write(hdev, HASH_CR, HASH_CR_INIT);
@@ -961,7 +961,7 @@ static int stm32_hash_export(struct ahash_request *req, void *out)
u32 *preg;
unsigned int i;
- pm_runtime_resume_and_get(hdev->dev);
+ pm_runtime_get_sync(hdev->dev);
while ((stm32_hash_read(hdev, HASH_SR) & HASH_SR_BUSY))
cpu_relax();
@@ -999,7 +999,7 @@ static int stm32_hash_import(struct ahash_request *req, const void *in)
preg = rctx->hw_context;
- pm_runtime_resume_and_get(hdev->dev);
+ pm_runtime_get_sync(hdev->dev);
stm32_hash_write(hdev, HASH_IMR, *preg++);
stm32_hash_write(hdev, HASH_STR, *preg++);
--
2.34.1
^ permalink raw reply related [flat|nested] 584+ messages in thread
* [PATCH 5.10 161/563] ath11k: Fix deleting uninitialized kernel timer during fragment cache flush
2022-01-24 18:36 [PATCH 5.10 000/563] 5.10.94-rc1 review Greg Kroah-Hartman
` (159 preceding siblings ...)
2022-01-24 18:38 ` [PATCH 5.10 160/563] crypto: stm32 - Revert broken pm_runtime_resume_and_get changes Greg Kroah-Hartman
@ 2022-01-24 18:38 ` Greg Kroah-Hartman
2022-01-24 18:38 ` [PATCH 5.10 162/563] ARM: dts: gemini: NAS4220-B: fis-index-block with 128 KiB sectors Greg Kroah-Hartman
` (405 subsequent siblings)
566 siblings, 0 replies; 584+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:38 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Rameshkumar Sundaram, Kalle Valo,
Sasha Levin
From: Rameshkumar Sundaram <quic_ramess@quicinc.com>
[ Upstream commit ba53ee7f7f38cf0592b8be1dcdabaf8f7535f8c1 ]
frag_timer will be created & initialized for stations when
they associate and will be deleted during every key installation
while flushing old fragments.
For AP interface self peer will be created and Group keys
will be installed for this peer, but there will be no real
Station entry & hence frag_timer won't be created and
initialized, deleting such uninitialized kernel timers causes below
warnings and backtraces printed with CONFIG_DEBUG_OBJECTS_TIMERS
enabled.
[ 177.828008] ODEBUG: assert_init not available (active state 0) object type: timer_list hint: 0x0
[ 177.836833] WARNING: CPU: 3 PID: 188 at lib/debugobjects.c:508 debug_print_object+0xb0/0xf0
[ 177.845185] Modules linked in: ath11k_pci ath11k qmi_helpers qrtr_mhi qrtr ns mhi
[ 177.852679] CPU: 3 PID: 188 Comm: hostapd Not tainted 5.14.0-rc3-32919-g4034139e1838-dirty #14
[ 177.865805] pstate: 60000005 (nZCv daif -PAN -UAO -TCO BTYPE=--)
[ 177.871804] pc : debug_print_object+0xb0/0xf0
[ 177.876155] lr : debug_print_object+0xb0/0xf0
[ 177.880505] sp : ffffffc01169b5a0
[ 177.883810] x29: ffffffc01169b5a0 x28: ffffff80081c2320 x27: ffffff80081c4078
[ 177.890942] x26: ffffff8003fe8f28 x25: ffffff8003de9890 x24: ffffffc01134d738
[ 177.898075] x23: ffffffc010948f20 x22: ffffffc010b2d2e0 x21: ffffffc01169b628
[ 177.905206] x20: ffffffc01134d700 x19: ffffffc010c80d98 x18: 00000000000003f6
[ 177.912339] x17: 203a657079742074 x16: 63656a626f202930 x15: 0000000000000152
[ 177.919471] x14: 0000000000000152 x13: 00000000ffffffea x12: ffffffc010d732e0
[ 177.926603] x11: 0000000000000003 x10: ffffffc010d432a0 x9 : ffffffc010d432f8
[ 177.933735] x8 : 000000000002ffe8 x7 : c0000000ffffdfff x6 : 0000000000000001
[ 177.940866] x5 : 0000000000000000 x4 : 0000000000000000 x3 : 00000000ffffffff
[ 177.947997] x2 : ffffffc010c93240 x1 : ffffff80023624c0 x0 : 0000000000000054
[ 177.955130] Call trace:
[ 177.957567] debug_print_object+0xb0/0xf0
[ 177.961570] debug_object_assert_init+0x124/0x178
[ 177.966269] try_to_del_timer_sync+0x1c/0x70
[ 177.970536] del_timer_sync+0x30/0x50
[ 177.974192] ath11k_peer_frags_flush+0x34/0x68 [ath11k]
[ 177.979439] ath11k_mac_op_set_key+0x1e4/0x338 [ath11k]
[ 177.984673] ieee80211_key_enable_hw_accel+0xc8/0x3d0
[ 177.989722] ieee80211_key_replace+0x360/0x740
[ 177.994160] ieee80211_key_link+0x16c/0x210
[ 177.998337] ieee80211_add_key+0x138/0x338
[ 178.002426] nl80211_new_key+0xfc/0x258
[ 178.006257] genl_family_rcv_msg_doit.isra.17+0xd8/0x120
[ 178.011565] genl_rcv_msg+0xd8/0x1c8
[ 178.015134] netlink_rcv_skb+0x38/0xf8
[ 178.018877] genl_rcv+0x34/0x48
[ 178.022012] netlink_unicast+0x174/0x230
[ 178.025928] netlink_sendmsg+0x188/0x388
[ 178.029845] ____sys_sendmsg+0x218/0x250
[ 178.033763] ___sys_sendmsg+0x68/0x90
[ 178.037418] __sys_sendmsg+0x44/0x88
[ 178.040988] __arm64_sys_sendmsg+0x20/0x28
[ 178.045077] invoke_syscall.constprop.5+0x54/0xe0
[ 178.049776] do_el0_svc+0x74/0xc0
[ 178.053084] el0_svc+0x10/0x18
[ 178.056133] el0t_64_sync_handler+0x88/0xb0
[ 178.060310] el0t_64_sync+0x148/0x14c
[ 178.063966] ---[ end trace 8a5cf0bf9d34a058 ]---
Add changes to not to delete frag timer for peers during
group key installation.
Tested on: IPQ8074 hw2.0 AHB WLAN.HK.2.5.0.1-01092-QCAHKSWPL_SILICONZ-1
Fixes: c3944a562102 ("ath11k: Clear the fragment cache during key install")
Signed-off-by: Rameshkumar Sundaram <quic_ramess@quicinc.com>
Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com>
Link: https://lore.kernel.org/r/1639071421-25078-1-git-send-email-quic_ramess@quicinc.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/ath/ath11k/mac.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/wireless/ath/ath11k/mac.c b/drivers/net/wireless/ath/ath11k/mac.c
index b4f8494e3c707..835ce805b63ec 100644
--- a/drivers/net/wireless/ath/ath11k/mac.c
+++ b/drivers/net/wireless/ath/ath11k/mac.c
@@ -2531,7 +2531,7 @@ static int ath11k_mac_op_set_key(struct ieee80211_hw *hw, enum set_key_cmd cmd,
/* flush the fragments cache during key (re)install to
* ensure all frags in the new frag list belong to the same key.
*/
- if (peer && cmd == SET_KEY)
+ if (peer && sta && cmd == SET_KEY)
ath11k_peer_frags_flush(ar, peer);
spin_unlock_bh(&ab->base_lock);
--
2.34.1
^ permalink raw reply related [flat|nested] 584+ messages in thread
* [PATCH 5.10 162/563] ARM: dts: gemini: NAS4220-B: fis-index-block with 128 KiB sectors
2022-01-24 18:36 [PATCH 5.10 000/563] 5.10.94-rc1 review Greg Kroah-Hartman
` (160 preceding siblings ...)
2022-01-24 18:38 ` [PATCH 5.10 161/563] ath11k: Fix deleting uninitialized kernel timer during fragment cache flush Greg Kroah-Hartman
@ 2022-01-24 18:38 ` Greg Kroah-Hartman
2022-01-24 18:38 ` [PATCH 5.10 163/563] media: dw2102: Fix use after free Greg Kroah-Hartman
` (404 subsequent siblings)
566 siblings, 0 replies; 584+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:38 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Steven Maddox, Christian Lamparter,
Linus Walleij, Arnd Bergmann, Sasha Levin
From: Christian Lamparter <chunkeey@gmail.com>
[ Upstream commit 4754eab7e5a78bdefe7a960c5c260c95ebbb5fa6 ]
Steven Maddox reported in the OpenWrt bugzilla, that his
RaidSonic IB-NAS4220-B was no longer booting with the new
OpenWrt 21.02 (uses linux 5.10's device-tree). However, it was
working with the previous OpenWrt 19.07 series (uses 4.14).
|[ 5.548038] No RedBoot partition table detected in 30000000.flash
|[ 5.618553] Searching for RedBoot partition table in 30000000.flash at offset 0x0
|[ 5.739093] No RedBoot partition table detected in 30000000.flash
|...
|[ 7.039504] Waiting for root device /dev/mtdblock3...
The provided bootlog shows that the RedBoot partition parser was
looking for the partition table "at offset 0x0". Which is strange
since the comment in the device-tree says it should be at 0xfe0000.
Further digging on the internet led to a review site that took
some useful PCB pictures of their review unit back in February 2009.
Their picture shows a Spansion S29GL128N11TFI01 flash chip.
>From Spansion's Datasheet:
"S29GL128N: One hundred twenty-eight 64 Kword (128 Kbyte) sectors"
Steven also provided a "cat /sys/class/mtd/mtd0/erasesize" from his
unit: "131072".
With the 128 KiB Sector/Erasesize in mind. This patch changes the
fis-index-block property to (0xfe0000 / 0x20000) = 0x7f.
Fixes: b5a923f8c739 ("ARM: dts: gemini: Switch to redboot partition parsing")
Reported-by: Steven Maddox <s.maddox@lantizia.me.uk>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Tested-by: Steven Maddox <s.maddox@lantizia.me.uk>
Link: https://lore.kernel.org/r/20211206004334.4169408-1-linus.walleij@linaro.org'
Bugzilla: https://bugs.openwrt.org/index.php?do=details&task_id=4137
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/boot/dts/gemini-nas4220b.dts | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/arm/boot/dts/gemini-nas4220b.dts b/arch/arm/boot/dts/gemini-nas4220b.dts
index 13112a8a5dd88..6544c730340fa 100644
--- a/arch/arm/boot/dts/gemini-nas4220b.dts
+++ b/arch/arm/boot/dts/gemini-nas4220b.dts
@@ -84,7 +84,7 @@
partitions {
compatible = "redboot-fis";
/* Eraseblock at 0xfe0000 */
- fis-index-block = <0x1fc>;
+ fis-index-block = <0x7f>;
};
};
--
2.34.1
^ permalink raw reply related [flat|nested] 584+ messages in thread
* [PATCH 5.10 163/563] media: dw2102: Fix use after free
2022-01-24 18:36 [PATCH 5.10 000/563] 5.10.94-rc1 review Greg Kroah-Hartman
` (161 preceding siblings ...)
2022-01-24 18:38 ` [PATCH 5.10 162/563] ARM: dts: gemini: NAS4220-B: fis-index-block with 128 KiB sectors Greg Kroah-Hartman
@ 2022-01-24 18:38 ` Greg Kroah-Hartman
2022-01-24 18:38 ` [PATCH 5.10 164/563] media: msi001: fix possible null-ptr-deref in msi001_probe() Greg Kroah-Hartman
` (403 subsequent siblings)
566 siblings, 0 replies; 584+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:38 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Anton Vasilyev,
Mauro Carvalho Chehab, Sasha Levin
From: Anton Vasilyev <vasilyev@ispras.ru>
[ Upstream commit 589a9f0eb799f77de2c09583bf5bad221fa5d685 ]
dvb_usb_device_init stores parts of properties at d->props
and d->desc and uses it on dvb_usb_device_exit.
Free of properties on module probe leads to use after free.
Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=204597
The patch makes properties static instead of allocated on heap to prevent
memleak and use after free.
Also fixes s421_properties.devices initialization to have 2 element
instead of 6 copied from p7500_properties.
[mchehab: fix function call alignments]
Link: https://lore.kernel.org/linux-media/20190822104147.4420-1-vasilyev@ispras.ru
Signed-off-by: Anton Vasilyev <vasilyev@ispras.ru>
Fixes: 299c7007e936 ("media: dw2102: Fix memleak on sequence of probes")
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/usb/dvb-usb/dw2102.c | 338 ++++++++++++++++++-----------
1 file changed, 215 insertions(+), 123 deletions(-)
diff --git a/drivers/media/usb/dvb-usb/dw2102.c b/drivers/media/usb/dvb-usb/dw2102.c
index a27a684403252..aa929db56db1f 100644
--- a/drivers/media/usb/dvb-usb/dw2102.c
+++ b/drivers/media/usb/dvb-usb/dw2102.c
@@ -2148,46 +2148,153 @@ static struct dvb_usb_device_properties s6x0_properties = {
}
};
-static const struct dvb_usb_device_description d1100 = {
- "Prof 1100 USB ",
- {&dw2102_table[PROF_1100], NULL},
- {NULL},
-};
+static struct dvb_usb_device_properties p1100_properties = {
+ .caps = DVB_USB_IS_AN_I2C_ADAPTER,
+ .usb_ctrl = DEVICE_SPECIFIC,
+ .size_of_priv = sizeof(struct dw2102_state),
+ .firmware = P1100_FIRMWARE,
+ .no_reconnect = 1,
-static const struct dvb_usb_device_description d660 = {
- "TeVii S660 USB",
- {&dw2102_table[TEVII_S660], NULL},
- {NULL},
-};
+ .i2c_algo = &s6x0_i2c_algo,
+ .rc.core = {
+ .rc_interval = 150,
+ .rc_codes = RC_MAP_TBS_NEC,
+ .module_name = "dw2102",
+ .allowed_protos = RC_PROTO_BIT_NEC,
+ .rc_query = prof_rc_query,
+ },
-static const struct dvb_usb_device_description d480_1 = {
- "TeVii S480.1 USB",
- {&dw2102_table[TEVII_S480_1], NULL},
- {NULL},
+ .generic_bulk_ctrl_endpoint = 0x81,
+ .num_adapters = 1,
+ .download_firmware = dw2102_load_firmware,
+ .read_mac_address = s6x0_read_mac_address,
+ .adapter = {
+ {
+ .num_frontends = 1,
+ .fe = {{
+ .frontend_attach = stv0288_frontend_attach,
+ .stream = {
+ .type = USB_BULK,
+ .count = 8,
+ .endpoint = 0x82,
+ .u = {
+ .bulk = {
+ .buffersize = 4096,
+ }
+ }
+ },
+ } },
+ }
+ },
+ .num_device_descs = 1,
+ .devices = {
+ {"Prof 1100 USB ",
+ {&dw2102_table[PROF_1100], NULL},
+ {NULL},
+ },
+ }
};
-static const struct dvb_usb_device_description d480_2 = {
- "TeVii S480.2 USB",
- {&dw2102_table[TEVII_S480_2], NULL},
- {NULL},
-};
+static struct dvb_usb_device_properties s660_properties = {
+ .caps = DVB_USB_IS_AN_I2C_ADAPTER,
+ .usb_ctrl = DEVICE_SPECIFIC,
+ .size_of_priv = sizeof(struct dw2102_state),
+ .firmware = S660_FIRMWARE,
+ .no_reconnect = 1,
-static const struct dvb_usb_device_description d7500 = {
- "Prof 7500 USB DVB-S2",
- {&dw2102_table[PROF_7500], NULL},
- {NULL},
-};
+ .i2c_algo = &s6x0_i2c_algo,
+ .rc.core = {
+ .rc_interval = 150,
+ .rc_codes = RC_MAP_TEVII_NEC,
+ .module_name = "dw2102",
+ .allowed_protos = RC_PROTO_BIT_NEC,
+ .rc_query = dw2102_rc_query,
+ },
-static const struct dvb_usb_device_description d421 = {
- "TeVii S421 PCI",
- {&dw2102_table[TEVII_S421], NULL},
- {NULL},
+ .generic_bulk_ctrl_endpoint = 0x81,
+ .num_adapters = 1,
+ .download_firmware = dw2102_load_firmware,
+ .read_mac_address = s6x0_read_mac_address,
+ .adapter = {
+ {
+ .num_frontends = 1,
+ .fe = {{
+ .frontend_attach = ds3000_frontend_attach,
+ .stream = {
+ .type = USB_BULK,
+ .count = 8,
+ .endpoint = 0x82,
+ .u = {
+ .bulk = {
+ .buffersize = 4096,
+ }
+ }
+ },
+ } },
+ }
+ },
+ .num_device_descs = 3,
+ .devices = {
+ {"TeVii S660 USB",
+ {&dw2102_table[TEVII_S660], NULL},
+ {NULL},
+ },
+ {"TeVii S480.1 USB",
+ {&dw2102_table[TEVII_S480_1], NULL},
+ {NULL},
+ },
+ {"TeVii S480.2 USB",
+ {&dw2102_table[TEVII_S480_2], NULL},
+ {NULL},
+ },
+ }
};
-static const struct dvb_usb_device_description d632 = {
- "TeVii S632 USB",
- {&dw2102_table[TEVII_S632], NULL},
- {NULL},
+static struct dvb_usb_device_properties p7500_properties = {
+ .caps = DVB_USB_IS_AN_I2C_ADAPTER,
+ .usb_ctrl = DEVICE_SPECIFIC,
+ .size_of_priv = sizeof(struct dw2102_state),
+ .firmware = P7500_FIRMWARE,
+ .no_reconnect = 1,
+
+ .i2c_algo = &s6x0_i2c_algo,
+ .rc.core = {
+ .rc_interval = 150,
+ .rc_codes = RC_MAP_TBS_NEC,
+ .module_name = "dw2102",
+ .allowed_protos = RC_PROTO_BIT_NEC,
+ .rc_query = prof_rc_query,
+ },
+
+ .generic_bulk_ctrl_endpoint = 0x81,
+ .num_adapters = 1,
+ .download_firmware = dw2102_load_firmware,
+ .read_mac_address = s6x0_read_mac_address,
+ .adapter = {
+ {
+ .num_frontends = 1,
+ .fe = {{
+ .frontend_attach = prof_7500_frontend_attach,
+ .stream = {
+ .type = USB_BULK,
+ .count = 8,
+ .endpoint = 0x82,
+ .u = {
+ .bulk = {
+ .buffersize = 4096,
+ }
+ }
+ },
+ } },
+ }
+ },
+ .num_device_descs = 1,
+ .devices = {
+ {"Prof 7500 USB DVB-S2",
+ {&dw2102_table[PROF_7500], NULL},
+ {NULL},
+ },
+ }
};
static struct dvb_usb_device_properties su3000_properties = {
@@ -2267,6 +2374,59 @@ static struct dvb_usb_device_properties su3000_properties = {
}
};
+static struct dvb_usb_device_properties s421_properties = {
+ .caps = DVB_USB_IS_AN_I2C_ADAPTER,
+ .usb_ctrl = DEVICE_SPECIFIC,
+ .size_of_priv = sizeof(struct dw2102_state),
+ .power_ctrl = su3000_power_ctrl,
+ .num_adapters = 1,
+ .identify_state = su3000_identify_state,
+ .i2c_algo = &su3000_i2c_algo,
+
+ .rc.core = {
+ .rc_interval = 150,
+ .rc_codes = RC_MAP_SU3000,
+ .module_name = "dw2102",
+ .allowed_protos = RC_PROTO_BIT_RC5,
+ .rc_query = su3000_rc_query,
+ },
+
+ .read_mac_address = su3000_read_mac_address,
+
+ .generic_bulk_ctrl_endpoint = 0x01,
+
+ .adapter = {
+ {
+ .num_frontends = 1,
+ .fe = {{
+ .streaming_ctrl = su3000_streaming_ctrl,
+ .frontend_attach = m88rs2000_frontend_attach,
+ .stream = {
+ .type = USB_BULK,
+ .count = 8,
+ .endpoint = 0x82,
+ .u = {
+ .bulk = {
+ .buffersize = 4096,
+ }
+ }
+ }
+ } },
+ }
+ },
+ .num_device_descs = 2,
+ .devices = {
+ { "TeVii S421 PCI",
+ { &dw2102_table[TEVII_S421], NULL },
+ { NULL },
+ },
+ { "TeVii S632 USB",
+ { &dw2102_table[TEVII_S632], NULL },
+ { NULL },
+ },
+ }
+};
+
static struct dvb_usb_device_properties t220_properties = {
.caps = DVB_USB_IS_AN_I2C_ADAPTER,
.usb_ctrl = DEVICE_SPECIFIC,
@@ -2384,101 +2544,33 @@ static struct dvb_usb_device_properties tt_s2_4600_properties = {
static int dw2102_probe(struct usb_interface *intf,
const struct usb_device_id *id)
{
- int retval = -ENOMEM;
- struct dvb_usb_device_properties *p1100;
- struct dvb_usb_device_properties *s660;
- struct dvb_usb_device_properties *p7500;
- struct dvb_usb_device_properties *s421;
-
- p1100 = kmemdup(&s6x0_properties,
- sizeof(struct dvb_usb_device_properties), GFP_KERNEL);
- if (!p1100)
- goto err0;
-
- /* copy default structure */
- /* fill only different fields */
- p1100->firmware = P1100_FIRMWARE;
- p1100->devices[0] = d1100;
- p1100->rc.core.rc_query = prof_rc_query;
- p1100->rc.core.rc_codes = RC_MAP_TBS_NEC;
- p1100->adapter->fe[0].frontend_attach = stv0288_frontend_attach;
-
- s660 = kmemdup(&s6x0_properties,
- sizeof(struct dvb_usb_device_properties), GFP_KERNEL);
- if (!s660)
- goto err1;
-
- s660->firmware = S660_FIRMWARE;
- s660->num_device_descs = 3;
- s660->devices[0] = d660;
- s660->devices[1] = d480_1;
- s660->devices[2] = d480_2;
- s660->adapter->fe[0].frontend_attach = ds3000_frontend_attach;
-
- p7500 = kmemdup(&s6x0_properties,
- sizeof(struct dvb_usb_device_properties), GFP_KERNEL);
- if (!p7500)
- goto err2;
-
- p7500->firmware = P7500_FIRMWARE;
- p7500->devices[0] = d7500;
- p7500->rc.core.rc_query = prof_rc_query;
- p7500->rc.core.rc_codes = RC_MAP_TBS_NEC;
- p7500->adapter->fe[0].frontend_attach = prof_7500_frontend_attach;
-
-
- s421 = kmemdup(&su3000_properties,
- sizeof(struct dvb_usb_device_properties), GFP_KERNEL);
- if (!s421)
- goto err3;
-
- s421->num_device_descs = 2;
- s421->devices[0] = d421;
- s421->devices[1] = d632;
- s421->adapter->fe[0].frontend_attach = m88rs2000_frontend_attach;
-
- if (0 == dvb_usb_device_init(intf, &dw2102_properties,
- THIS_MODULE, NULL, adapter_nr) ||
- 0 == dvb_usb_device_init(intf, &dw2104_properties,
- THIS_MODULE, NULL, adapter_nr) ||
- 0 == dvb_usb_device_init(intf, &dw3101_properties,
- THIS_MODULE, NULL, adapter_nr) ||
- 0 == dvb_usb_device_init(intf, &s6x0_properties,
- THIS_MODULE, NULL, adapter_nr) ||
- 0 == dvb_usb_device_init(intf, p1100,
- THIS_MODULE, NULL, adapter_nr) ||
- 0 == dvb_usb_device_init(intf, s660,
- THIS_MODULE, NULL, adapter_nr) ||
- 0 == dvb_usb_device_init(intf, p7500,
- THIS_MODULE, NULL, adapter_nr) ||
- 0 == dvb_usb_device_init(intf, s421,
- THIS_MODULE, NULL, adapter_nr) ||
- 0 == dvb_usb_device_init(intf, &su3000_properties,
- THIS_MODULE, NULL, adapter_nr) ||
- 0 == dvb_usb_device_init(intf, &t220_properties,
- THIS_MODULE, NULL, adapter_nr) ||
- 0 == dvb_usb_device_init(intf, &tt_s2_4600_properties,
- THIS_MODULE, NULL, adapter_nr)) {
-
- /* clean up copied properties */
- kfree(s421);
- kfree(p7500);
- kfree(s660);
- kfree(p1100);
+ if (!(dvb_usb_device_init(intf, &dw2102_properties,
+ THIS_MODULE, NULL, adapter_nr) &&
+ dvb_usb_device_init(intf, &dw2104_properties,
+ THIS_MODULE, NULL, adapter_nr) &&
+ dvb_usb_device_init(intf, &dw3101_properties,
+ THIS_MODULE, NULL, adapter_nr) &&
+ dvb_usb_device_init(intf, &s6x0_properties,
+ THIS_MODULE, NULL, adapter_nr) &&
+ dvb_usb_device_init(intf, &p1100_properties,
+ THIS_MODULE, NULL, adapter_nr) &&
+ dvb_usb_device_init(intf, &s660_properties,
+ THIS_MODULE, NULL, adapter_nr) &&
+ dvb_usb_device_init(intf, &p7500_properties,
+ THIS_MODULE, NULL, adapter_nr) &&
+ dvb_usb_device_init(intf, &s421_properties,
+ THIS_MODULE, NULL, adapter_nr) &&
+ dvb_usb_device_init(intf, &su3000_properties,
+ THIS_MODULE, NULL, adapter_nr) &&
+ dvb_usb_device_init(intf, &t220_properties,
+ THIS_MODULE, NULL, adapter_nr) &&
+ dvb_usb_device_init(intf, &tt_s2_4600_properties,
+ THIS_MODULE, NULL, adapter_nr))) {
return 0;
}
- retval = -ENODEV;
- kfree(s421);
-err3:
- kfree(p7500);
-err2:
- kfree(s660);
-err1:
- kfree(p1100);
-err0:
- return retval;
+ return -ENODEV;
}
static void dw2102_disconnect(struct usb_interface *intf)
--
2.34.1
^ permalink raw reply related [flat|nested] 584+ messages in thread
* [PATCH 5.10 164/563] media: msi001: fix possible null-ptr-deref in msi001_probe()
2022-01-24 18:36 [PATCH 5.10 000/563] 5.10.94-rc1 review Greg Kroah-Hartman
` (162 preceding siblings ...)
2022-01-24 18:38 ` [PATCH 5.10 163/563] media: dw2102: Fix use after free Greg Kroah-Hartman
@ 2022-01-24 18:38 ` Greg Kroah-Hartman
2022-01-24 18:38 ` [PATCH 5.10 165/563] media: coda/imx-vdoa: Handle dma_set_coherent_mask error codes Greg Kroah-Hartman
` (402 subsequent siblings)
566 siblings, 0 replies; 584+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:38 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hulk Robot, Wang Hai,
Mauro Carvalho Chehab, Sasha Levin
From: Wang Hai <wanghai38@huawei.com>
[ Upstream commit 3d5831a40d3464eea158180eb12cbd81c5edfb6a ]
I got a null-ptr-deref report:
BUG: kernel NULL pointer dereference, address: 0000000000000060
...
RIP: 0010:v4l2_ctrl_auto_cluster+0x57/0x270
...
Call Trace:
msi001_probe+0x13b/0x24b [msi001]
spi_probe+0xeb/0x130
...
do_syscall_64+0x35/0xb0
In msi001_probe(), if the creation of control for bandwidth_auto
fails, there will be a null-ptr-deref issue when it is used in
v4l2_ctrl_auto_cluster().
Check dev->hdl.error before v4l2_ctrl_auto_cluster() to fix this bug.
Link: https://lore.kernel.org/linux-media/20211026112348.2878040-1-wanghai38@huawei.com
Fixes: 93203dd6c7c4 ("[media] msi001: Mirics MSi001 silicon tuner driver")
Reported-by: Hulk Robot <hulkci@huawei.com>
Signed-off-by: Wang Hai <wanghai38@huawei.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/tuners/msi001.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/drivers/media/tuners/msi001.c b/drivers/media/tuners/msi001.c
index 78e6fd600d8ef..44247049a3190 100644
--- a/drivers/media/tuners/msi001.c
+++ b/drivers/media/tuners/msi001.c
@@ -442,6 +442,13 @@ static int msi001_probe(struct spi_device *spi)
V4L2_CID_RF_TUNER_BANDWIDTH_AUTO, 0, 1, 1, 1);
dev->bandwidth = v4l2_ctrl_new_std(&dev->hdl, &msi001_ctrl_ops,
V4L2_CID_RF_TUNER_BANDWIDTH, 200000, 8000000, 1, 200000);
+ if (dev->hdl.error) {
+ ret = dev->hdl.error;
+ dev_err(&spi->dev, "Could not initialize controls\n");
+ /* control init failed, free handler */
+ goto err_ctrl_handler_free;
+ }
+
v4l2_ctrl_auto_cluster(2, &dev->bandwidth_auto, 0, false);
dev->lna_gain = v4l2_ctrl_new_std(&dev->hdl, &msi001_ctrl_ops,
V4L2_CID_RF_TUNER_LNA_GAIN, 0, 1, 1, 1);
--
2.34.1
^ permalink raw reply related [flat|nested] 584+ messages in thread
* [PATCH 5.10 165/563] media: coda/imx-vdoa: Handle dma_set_coherent_mask error codes
2022-01-24 18:36 [PATCH 5.10 000/563] 5.10.94-rc1 review Greg Kroah-Hartman
` (163 preceding siblings ...)
2022-01-24 18:38 ` [PATCH 5.10 164/563] media: msi001: fix possible null-ptr-deref in msi001_probe() Greg Kroah-Hartman
@ 2022-01-24 18:38 ` Greg Kroah-Hartman
2022-01-24 18:38 ` [PATCH 5.10 166/563] ath11k: Fix a NULL pointer dereference in ath11k_mac_op_hw_scan() Greg Kroah-Hartman
` (401 subsequent siblings)
566 siblings, 0 replies; 584+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:38 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jiasheng Jiang,
Mauro Carvalho Chehab, Sasha Levin
From: Jiasheng Jiang <jiasheng@iscas.ac.cn>
[ Upstream commit 43f0633f89947df57fe0b5025bdd741768007708 ]
The return value of dma_set_coherent_mask() is not always 0.
To catch the exception in case that dma is not support the mask.
Link: https://lore.kernel.org/linux-media/20211206022201.1639460-1-jiasheng@iscas.ac.cn
Fixes: b0444f18e0b1 ("[media] coda: add i.MX6 VDOA driver")
Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/platform/coda/imx-vdoa.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/drivers/media/platform/coda/imx-vdoa.c b/drivers/media/platform/coda/imx-vdoa.c
index 8bc0d83718193..dd6e2e320264e 100644
--- a/drivers/media/platform/coda/imx-vdoa.c
+++ b/drivers/media/platform/coda/imx-vdoa.c
@@ -287,7 +287,11 @@ static int vdoa_probe(struct platform_device *pdev)
struct resource *res;
int ret;
- dma_set_coherent_mask(&pdev->dev, DMA_BIT_MASK(32));
+ ret = dma_set_coherent_mask(&pdev->dev, DMA_BIT_MASK(32));
+ if (ret) {
+ dev_err(&pdev->dev, "DMA enable failed\n");
+ return ret;
+ }
vdoa = devm_kzalloc(&pdev->dev, sizeof(*vdoa), GFP_KERNEL);
if (!vdoa)
--
2.34.1
^ permalink raw reply related [flat|nested] 584+ messages in thread
* [PATCH 5.10 166/563] ath11k: Fix a NULL pointer dereference in ath11k_mac_op_hw_scan()
2022-01-24 18:36 [PATCH 5.10 000/563] 5.10.94-rc1 review Greg Kroah-Hartman
` (164 preceding siblings ...)
2022-01-24 18:38 ` [PATCH 5.10 165/563] media: coda/imx-vdoa: Handle dma_set_coherent_mask error codes Greg Kroah-Hartman
@ 2022-01-24 18:38 ` Greg Kroah-Hartman
2022-01-24 18:38 ` [PATCH 5.10 167/563] arm64: dts: qcom: c630: Fix soundcard setup Greg Kroah-Hartman
` (400 subsequent siblings)
566 siblings, 0 replies; 584+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:38 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Zhou Qingyang, Kalle Valo, Sasha Levin
From: Zhou Qingyang <zhou1615@umn.edu>
[ Upstream commit eccd25136386a04ebf46a64f3a34e8e0fab6d9e1 ]
In ath11k_mac_op_hw_scan(), the return value of kzalloc() is directly
used in memcpy(), which may lead to a NULL pointer dereference on
failure of kzalloc().
Fix this bug by adding a check of arg.extraie.ptr.
This bug was found by a static analyzer. The analysis employs
differential checking to identify inconsistent security operations
(e.g., checks or kfrees) between two code paths and confirms that the
inconsistent operations are not recovered in the current function or
the callers, so they constitute bugs.
Note that, as a bug found by static analysis, it can be a false
positive or hard to trigger. Multiple researchers have cross-reviewed
the bug.
Builds with CONFIG_ATH11K=m show no new warnings, and our static
analyzer no longer warns about this code.
Fixes: d5c65159f289 ("ath11k: driver for Qualcomm IEEE 802.11ax devices")
Signed-off-by: Zhou Qingyang <zhou1615@umn.edu>
Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com>
Link: https://lore.kernel.org/r/20211202155348.71315-1-zhou1615@umn.edu
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/ath/ath11k/mac.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/drivers/net/wireless/ath/ath11k/mac.c b/drivers/net/wireless/ath/ath11k/mac.c
index 835ce805b63ec..18e841e1a016d 100644
--- a/drivers/net/wireless/ath/ath11k/mac.c
+++ b/drivers/net/wireless/ath/ath11k/mac.c
@@ -2320,9 +2320,12 @@ static int ath11k_mac_op_hw_scan(struct ieee80211_hw *hw,
arg.scan_id = ATH11K_SCAN_ID;
if (req->ie_len) {
+ arg.extraie.ptr = kmemdup(req->ie, req->ie_len, GFP_KERNEL);
+ if (!arg.extraie.ptr) {
+ ret = -ENOMEM;
+ goto exit;
+ }
arg.extraie.len = req->ie_len;
- arg.extraie.ptr = kzalloc(req->ie_len, GFP_KERNEL);
- memcpy(arg.extraie.ptr, req->ie, req->ie_len);
}
if (req->n_ssids) {
--
2.34.1
^ permalink raw reply related [flat|nested] 584+ messages in thread
* [PATCH 5.10 167/563] arm64: dts: qcom: c630: Fix soundcard setup
2022-01-24 18:36 [PATCH 5.10 000/563] 5.10.94-rc1 review Greg Kroah-Hartman
` (165 preceding siblings ...)
2022-01-24 18:38 ` [PATCH 5.10 166/563] ath11k: Fix a NULL pointer dereference in ath11k_mac_op_hw_scan() Greg Kroah-Hartman
@ 2022-01-24 18:38 ` Greg Kroah-Hartman
2022-01-24 18:38 ` [PATCH 5.10 168/563] arm64: dts: qcom: ipq6018: Fix gpio-ranges property Greg Kroah-Hartman
` (399 subsequent siblings)
566 siblings, 0 replies; 584+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:38 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Srinivas Kandagatla,
Steev Klimaszewski, Bjorn Andersson, Sasha Levin
From: Srinivas Kandagatla <srinivas.kandagatla@linaro.org>
[ Upstream commit c02b360ca67ebeb9de07b47b2fe53f964c2561d1 ]
Currently Soundcard has 1 rx device for headset and SoundWire Speaker Playback.
This setup has issues, ex if we try to play on headset the audio stream is
also sent to SoundWire Speakers and we will hear sound in both headsets and speakers.
Make a separate device for Speakers and Headset so that the streams are
different and handled properly.
Fixes: 45021d35fcb2 ("arm64: dts: qcom: c630: Enable audio support")
Signed-off-by: Srinivas Kandagatla <srinivas.kandagatla@linaro.org>
Tested-by: Steev Klimaszewski <steev@kali.org>
Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org>
Link: https://lore.kernel.org/r/20211209175342.20386-2-srinivas.kandagatla@linaro.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
.../boot/dts/qcom/sdm850-lenovo-yoga-c630.dts | 27 +++++++++++++++++++
1 file changed, 27 insertions(+)
diff --git a/arch/arm64/boot/dts/qcom/sdm850-lenovo-yoga-c630.dts b/arch/arm64/boot/dts/qcom/sdm850-lenovo-yoga-c630.dts
index ad6561843ba28..e080c317b5e3d 100644
--- a/arch/arm64/boot/dts/qcom/sdm850-lenovo-yoga-c630.dts
+++ b/arch/arm64/boot/dts/qcom/sdm850-lenovo-yoga-c630.dts
@@ -365,6 +365,10 @@
dai@1 {
reg = <1>;
};
+
+ dai@2 {
+ reg = <2>;
+ };
};
&sound {
@@ -377,6 +381,7 @@
"SpkrLeft IN", "SPK1 OUT",
"SpkrRight IN", "SPK2 OUT",
"MM_DL1", "MultiMedia1 Playback",
+ "MM_DL3", "MultiMedia3 Playback",
"MultiMedia2 Capture", "MM_UL2";
mm1-dai-link {
@@ -393,6 +398,13 @@
};
};
+ mm3-dai-link {
+ link-name = "MultiMedia3";
+ cpu {
+ sound-dai = <&q6asmdai MSM_FRONTEND_DAI_MULTIMEDIA3>;
+ };
+ };
+
slim-dai-link {
link-name = "SLIM Playback";
cpu {
@@ -422,6 +434,21 @@
sound-dai = <&wcd9340 1>;
};
};
+
+ slim-wcd-dai-link {
+ link-name = "SLIM WCD Playback";
+ cpu {
+ sound-dai = <&q6afedai SLIMBUS_1_RX>;
+ };
+
+ platform {
+ sound-dai = <&q6routing>;
+ };
+
+ codec {
+ sound-dai = <&wcd9340 2>;
+ };
+ };
};
&tlmm {
--
2.34.1
^ permalink raw reply related [flat|nested] 584+ messages in thread
* [PATCH 5.10 168/563] arm64: dts: qcom: ipq6018: Fix gpio-ranges property
2022-01-24 18:36 [PATCH 5.10 000/563] 5.10.94-rc1 review Greg Kroah-Hartman
` (166 preceding siblings ...)
2022-01-24 18:38 ` [PATCH 5.10 167/563] arm64: dts: qcom: c630: Fix soundcard setup Greg Kroah-Hartman
@ 2022-01-24 18:38 ` Greg Kroah-Hartman
2022-01-24 18:38 ` [PATCH 5.10 169/563] drm/msm/dpu: fix safe status debugfs file Greg Kroah-Hartman
` (398 subsequent siblings)
566 siblings, 0 replies; 584+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:38 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Sricharan R, Baruch Siach,
Bryan ODonoghue, Bjorn Andersson, Sasha Levin
From: Baruch Siach <baruch@tkos.co.il>
[ Upstream commit 72cb4c48a46a7cfa58eb5842c0d3672ddd5bd9ad ]
There must be three parameters in gpio-ranges property. Fixes this not
very helpful error message:
OF: /soc/pinctrl@1000000: (null) = 3 found 3
Fixes: 1e8277854b49 ("arm64: dts: Add ipq6018 SoC and CP01 board support")
Cc: Sricharan R <sricharan@codeaurora.org>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Tested-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org>
Link: https://lore.kernel.org/r/8a744cfd96aff5754bfdcf7298d208ddca5b319a.1638862030.git.baruch@tkos.co.il
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/boot/dts/qcom/ipq6018.dtsi | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/arm64/boot/dts/qcom/ipq6018.dtsi b/arch/arm64/boot/dts/qcom/ipq6018.dtsi
index 9cb8f7a052df9..2a1f03cdb52c7 100644
--- a/arch/arm64/boot/dts/qcom/ipq6018.dtsi
+++ b/arch/arm64/boot/dts/qcom/ipq6018.dtsi
@@ -221,7 +221,7 @@
interrupts = <GIC_SPI 208 IRQ_TYPE_LEVEL_HIGH>;
gpio-controller;
#gpio-cells = <2>;
- gpio-ranges = <&tlmm 0 80>;
+ gpio-ranges = <&tlmm 0 0 80>;
interrupt-controller;
#interrupt-cells = <2>;
--
2.34.1
^ permalink raw reply related [flat|nested] 584+ messages in thread
* [PATCH 5.10 169/563] drm/msm/dpu: fix safe status debugfs file
2022-01-24 18:36 [PATCH 5.10 000/563] 5.10.94-rc1 review Greg Kroah-Hartman
` (167 preceding siblings ...)
2022-01-24 18:38 ` [PATCH 5.10 168/563] arm64: dts: qcom: ipq6018: Fix gpio-ranges property Greg Kroah-Hartman
@ 2022-01-24 18:38 ` Greg Kroah-Hartman
2022-01-24 18:38 ` [PATCH 5.10 170/563] drm/bridge: ti-sn65dsi86: Set max register for regmap Greg Kroah-Hartman
` (397 subsequent siblings)
566 siblings, 0 replies; 584+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:38 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dmitry Baryshkov, Abhinav Kumar,
Rob Clark, Sasha Levin
From: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
[ Upstream commit f31b0e24d31e18b4503eeaf0032baeacc0beaff6 ]
Make safe_status debugfs fs file actually return safe status rather than
danger status data.
Fixes: 25fdd5933e4c ("drm/msm: Add SDM845 DPU support")
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Reviewed-by: Abhinav Kumar <quic_abhinavk@quicinc.com>
Link: https://lore.kernel.org/r/20211201222633.2476780-3-dmitry.baryshkov@linaro.org
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Signed-off-by: Rob Clark <robdclark@chromium.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/msm/disp/dpu1/dpu_kms.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/gpu/drm/msm/disp/dpu1/dpu_kms.c b/drivers/gpu/drm/msm/disp/dpu1/dpu_kms.c
index b4a2e8eb35dd2..08e082d0443af 100644
--- a/drivers/gpu/drm/msm/disp/dpu1/dpu_kms.c
+++ b/drivers/gpu/drm/msm/disp/dpu1/dpu_kms.c
@@ -71,8 +71,8 @@ static int _dpu_danger_signal_status(struct seq_file *s,
&status);
} else {
seq_puts(s, "\nSafe signal status:\n");
- if (kms->hw_mdp->ops.get_danger_status)
- kms->hw_mdp->ops.get_danger_status(kms->hw_mdp,
+ if (kms->hw_mdp->ops.get_safe_status)
+ kms->hw_mdp->ops.get_safe_status(kms->hw_mdp,
&status);
}
pm_runtime_put_sync(&kms->pdev->dev);
--
2.34.1
^ permalink raw reply related [flat|nested] 584+ messages in thread
* [PATCH 5.10 170/563] drm/bridge: ti-sn65dsi86: Set max register for regmap
2022-01-24 18:36 [PATCH 5.10 000/563] 5.10.94-rc1 review Greg Kroah-Hartman
` (168 preceding siblings ...)
2022-01-24 18:38 ` [PATCH 5.10 169/563] drm/msm/dpu: fix safe status debugfs file Greg Kroah-Hartman
@ 2022-01-24 18:38 ` Greg Kroah-Hartman
2022-01-24 18:38 ` Greg Kroah-Hartman
` (396 subsequent siblings)
566 siblings, 0 replies; 584+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:38 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Rob Clark, Douglas Anderson,
Laurent Pinchart, Stephen Boyd, Robert Foss, Sasha Levin
From: Stephen Boyd <swboyd@chromium.org>
[ Upstream commit 0b665d4af35837f0a0ae63135b84a3c187c1db3b ]
Set the maximum register to 0xff so we can dump the registers for this
device in debugfs.
Fixes: a095f15c00e2 ("drm/bridge: add support for sn65dsi86 bridge driver")
Cc: Rob Clark <robdclark@chromium.org>
Cc: Douglas Anderson <dianders@chromium.org>
Cc: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Signed-off-by: Stephen Boyd <swboyd@chromium.org>
Reviewed-by: Robert Foss <robert.foss@linaro.org>
Signed-off-by: Robert Foss <robert.foss@linaro.org>
Link: https://patchwork.freedesktop.org/patch/msgid/20211215002529.382383-1-swboyd@chromium.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/bridge/ti-sn65dsi86.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/gpu/drm/bridge/ti-sn65dsi86.c b/drivers/gpu/drm/bridge/ti-sn65dsi86.c
index ecdf9b01340f5..1a58481037b3f 100644
--- a/drivers/gpu/drm/bridge/ti-sn65dsi86.c
+++ b/drivers/gpu/drm/bridge/ti-sn65dsi86.c
@@ -171,6 +171,7 @@ static const struct regmap_config ti_sn_bridge_regmap_config = {
.val_bits = 8,
.volatile_table = &ti_sn_bridge_volatile_table,
.cache_type = REGCACHE_NONE,
+ .max_register = 0xFF,
};
static void ti_sn_bridge_write_u16(struct ti_sn_bridge *pdata,
--
2.34.1
^ permalink raw reply related [flat|nested] 584+ messages in thread
* [PATCH 5.10 171/563] drm/tegra: vic: Fix DMA API misuse
2022-01-24 18:36 [PATCH 5.10 000/563] 5.10.94-rc1 review Greg Kroah-Hartman
@ 2022-01-24 18:38 ` Greg Kroah-Hartman
2022-01-24 18:36 ` [PATCH 5.10 002/563] HID: uhid: Fix worker destroying device without any protection Greg Kroah-Hartman
` (565 subsequent siblings)
566 siblings, 0 replies; 584+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:38 UTC (permalink / raw)
To: linux-kernel
Cc: Sasha Levin, Greg Kroah-Hartman, dri-devel, Mikko Perttunen,
Thierry Reding, stable, Thierry Reding, Robin Murphy,
Christoph Hellwig
From: Robin Murphy <robin.murphy@arm.com>
[ Upstream commit 5566174cb10a5167d59b0793871cab7990b149b8 ]
Upon failure, dma_alloc_coherent() returns NULL. If that does happen,
passing some uninitialised stack contents to dma_mapping_error() - which
belongs to a different API in the first place - has precious little
chance of detecting it.
Also include the correct header, because the fragile transitive
inclusion currently providing it is going to break soon.
Fixes: 20e7dce255e9 ("drm/tegra: Remove memory allocation from Falcon library")
CC: Thierry Reding <thierry.reding@gmail.com>
CC: Mikko Perttunen <mperttunen@nvidia.com>
CC: dri-devel@lists.freedesktop.org
Signed-off-by: Robin Murphy <robin.murphy@arm.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Thierry Reding <treding@nvidia.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/tegra/vic.c | 7 +++----
1 file changed, 3 insertions(+), 4 deletions(-)
diff --git a/drivers/gpu/drm/tegra/vic.c b/drivers/gpu/drm/tegra/vic.c
index b77f726303d89..ec0e4d8f0aade 100644
--- a/drivers/gpu/drm/tegra/vic.c
+++ b/drivers/gpu/drm/tegra/vic.c
@@ -5,6 +5,7 @@
#include <linux/clk.h>
#include <linux/delay.h>
+#include <linux/dma-mapping.h>
#include <linux/host1x.h>
#include <linux/iommu.h>
#include <linux/module.h>
@@ -265,10 +266,8 @@ static int vic_load_firmware(struct vic *vic)
if (!client->group) {
virt = dma_alloc_coherent(vic->dev, size, &iova, GFP_KERNEL);
-
- err = dma_mapping_error(vic->dev, iova);
- if (err < 0)
- return err;
+ if (!virt)
+ return -ENOMEM;
} else {
virt = tegra_drm_alloc(tegra, size, &iova);
}
--
2.34.1
^ permalink raw reply related [flat|nested] 584+ messages in thread
* [PATCH 5.10 171/563] drm/tegra: vic: Fix DMA API misuse
@ 2022-01-24 18:38 ` Greg Kroah-Hartman
0 siblings, 0 replies; 584+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:38 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Thierry Reding, Mikko Perttunen,
dri-devel, Robin Murphy, Christoph Hellwig, Thierry Reding,
Sasha Levin
From: Robin Murphy <robin.murphy@arm.com>
[ Upstream commit 5566174cb10a5167d59b0793871cab7990b149b8 ]
Upon failure, dma_alloc_coherent() returns NULL. If that does happen,
passing some uninitialised stack contents to dma_mapping_error() - which
belongs to a different API in the first place - has precious little
chance of detecting it.
Also include the correct header, because the fragile transitive
inclusion currently providing it is going to break soon.
Fixes: 20e7dce255e9 ("drm/tegra: Remove memory allocation from Falcon library")
CC: Thierry Reding <thierry.reding@gmail.com>
CC: Mikko Perttunen <mperttunen@nvidia.com>
CC: dri-devel@lists.freedesktop.org
Signed-off-by: Robin Murphy <robin.murphy@arm.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Thierry Reding <treding@nvidia.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/tegra/vic.c | 7 +++----
1 file changed, 3 insertions(+), 4 deletions(-)
diff --git a/drivers/gpu/drm/tegra/vic.c b/drivers/gpu/drm/tegra/vic.c
index b77f726303d89..ec0e4d8f0aade 100644
--- a/drivers/gpu/drm/tegra/vic.c
+++ b/drivers/gpu/drm/tegra/vic.c
@@ -5,6 +5,7 @@
#include <linux/clk.h>
#include <linux/delay.h>
+#include <linux/dma-mapping.h>
#include <linux/host1x.h>
#include <linux/iommu.h>
#include <linux/module.h>
@@ -265,10 +266,8 @@ static int vic_load_firmware(struct vic *vic)
if (!client->group) {
virt = dma_alloc_coherent(vic->dev, size, &iova, GFP_KERNEL);
-
- err = dma_mapping_error(vic->dev, iova);
- if (err < 0)
- return err;
+ if (!virt)
+ return -ENOMEM;
} else {
virt = tegra_drm_alloc(tegra, size, &iova);
}
--
2.34.1
^ permalink raw reply related [flat|nested] 584+ messages in thread
* [PATCH 5.10 172/563] media: hantro: Fix probe func error path
2022-01-24 18:36 [PATCH 5.10 000/563] 5.10.94-rc1 review Greg Kroah-Hartman
` (170 preceding siblings ...)
2022-01-24 18:38 ` Greg Kroah-Hartman
@ 2022-01-24 18:38 ` Greg Kroah-Hartman
2022-01-24 18:38 ` [PATCH 5.10 173/563] xfrm: interface with if_id 0 should return error Greg Kroah-Hartman
` (394 subsequent siblings)
566 siblings, 0 replies; 584+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:38 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jernej Skrabec,
Andrzej Pietrasiewicz, Ezequiel Garcia, Hans Verkuil,
Mauro Carvalho Chehab, Sasha Levin
From: Jernej Skrabec <jernej.skrabec@gmail.com>
[ Upstream commit 37af43b250fda6162005d47bf7c959c70d52b107 ]
If clocks for some reason couldn't be enabled, probe function returns
immediately, without disabling PM. This obviously leaves PM ref counters
unbalanced.
Fix that by jumping to appropriate error path, so effects of PM functions
are reversed.
Fixes: 775fec69008d ("media: add Rockchip VPU JPEG encoder driver")
Signed-off-by: Jernej Skrabec <jernej.skrabec@gmail.com>
Acked-by: Andrzej Pietrasiewicz <andrzej.p@collabora.com>
Reviewed-by: Ezequiel Garcia <ezequiel@vanguardiasur.com.ar>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/staging/media/hantro/hantro_drv.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/staging/media/hantro/hantro_drv.c b/drivers/staging/media/hantro/hantro_drv.c
index 7749ca9a8ebbf..bc97ec0a7e4af 100644
--- a/drivers/staging/media/hantro/hantro_drv.c
+++ b/drivers/staging/media/hantro/hantro_drv.c
@@ -829,7 +829,7 @@ static int hantro_probe(struct platform_device *pdev)
ret = clk_bulk_prepare(vpu->variant->num_clocks, vpu->clocks);
if (ret) {
dev_err(&pdev->dev, "Failed to prepare clocks\n");
- return ret;
+ goto err_pm_disable;
}
ret = v4l2_device_register(&pdev->dev, &vpu->v4l2_dev);
@@ -885,6 +885,7 @@ err_v4l2_unreg:
v4l2_device_unregister(&vpu->v4l2_dev);
err_clk_unprepare:
clk_bulk_unprepare(vpu->variant->num_clocks, vpu->clocks);
+err_pm_disable:
pm_runtime_dont_use_autosuspend(vpu->dev);
pm_runtime_disable(vpu->dev);
return ret;
--
2.34.1
^ permalink raw reply related [flat|nested] 584+ messages in thread
* [PATCH 5.10 173/563] xfrm: interface with if_id 0 should return error
2022-01-24 18:36 [PATCH 5.10 000/563] 5.10.94-rc1 review Greg Kroah-Hartman
` (171 preceding siblings ...)
2022-01-24 18:38 ` [PATCH 5.10 172/563] media: hantro: Fix probe func error path Greg Kroah-Hartman
@ 2022-01-24 18:38 ` Greg Kroah-Hartman
2022-01-26 21:59 ` Pavel Machek
2022-01-24 18:38 ` [PATCH 5.10 174/563] xfrm: state and policy should fail if XFRMA_IF_ID 0 Greg Kroah-Hartman
` (393 subsequent siblings)
566 siblings, 1 reply; 584+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:38 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Antony Antony, Eyal Birger,
Steffen Klassert, Sasha Levin
From: Antony Antony <antony.antony@secunet.com>
[ Upstream commit 8dce43919566f06e865f7e8949f5c10d8c2493f5 ]
xfrm interface if_id = 0 would cause xfrm policy lookup errors since
Commit 9f8550e4bd9d.
Now explicitly fail to create an xfrm interface when if_id = 0
With this commit:
ip link add ipsec0 type xfrm dev lo if_id 0
Error: if_id must be non zero.
v1->v2 change:
- add Fixes: tag
Fixes: 9f8550e4bd9d ("xfrm: fix disable_xfrm sysctl when used on xfrm interfaces")
Signed-off-by: Antony Antony <antony.antony@secunet.com>
Reviewed-by: Eyal Birger <eyal.birger@gmail.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/xfrm/xfrm_interface.c | 14 ++++++++++++--
1 file changed, 12 insertions(+), 2 deletions(-)
diff --git a/net/xfrm/xfrm_interface.c b/net/xfrm/xfrm_interface.c
index e9ce23343f5ca..e1fae61a5bb90 100644
--- a/net/xfrm/xfrm_interface.c
+++ b/net/xfrm/xfrm_interface.c
@@ -643,11 +643,16 @@ static int xfrmi_newlink(struct net *src_net, struct net_device *dev,
struct netlink_ext_ack *extack)
{
struct net *net = dev_net(dev);
- struct xfrm_if_parms p;
+ struct xfrm_if_parms p = {};
struct xfrm_if *xi;
int err;
xfrmi_netlink_parms(data, &p);
+ if (!p.if_id) {
+ NL_SET_ERR_MSG(extack, "if_id must be non zero");
+ return -EINVAL;
+ }
+
xi = xfrmi_locate(net, &p);
if (xi)
return -EEXIST;
@@ -672,7 +677,12 @@ static int xfrmi_changelink(struct net_device *dev, struct nlattr *tb[],
{
struct xfrm_if *xi = netdev_priv(dev);
struct net *net = xi->net;
- struct xfrm_if_parms p;
+ struct xfrm_if_parms p = {};
+
+ if (!p.if_id) {
+ NL_SET_ERR_MSG(extack, "if_id must be non zero");
+ return -EINVAL;
+ }
xfrmi_netlink_parms(data, &p);
xi = xfrmi_locate(net, &p);
--
2.34.1
^ permalink raw reply related [flat|nested] 584+ messages in thread
* [PATCH 5.10 174/563] xfrm: state and policy should fail if XFRMA_IF_ID 0
2022-01-24 18:36 [PATCH 5.10 000/563] 5.10.94-rc1 review Greg Kroah-Hartman
` (172 preceding siblings ...)
2022-01-24 18:38 ` [PATCH 5.10 173/563] xfrm: interface with if_id 0 should return error Greg Kroah-Hartman
@ 2022-01-24 18:38 ` Greg Kroah-Hartman
2022-01-24 18:39 ` [PATCH 5.10 175/563] ARM: 9159/1: decompressor: Avoid UNPREDICTABLE NOP encoding Greg Kroah-Hartman
` (392 subsequent siblings)
566 siblings, 0 replies; 584+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:38 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Antony Antony, Steffen Klassert, Sasha Levin
From: Antony Antony <antony.antony@secunet.com>
[ Upstream commit 68ac0f3810e76a853b5f7b90601a05c3048b8b54 ]
xfrm ineterface does not allow xfrm if_id = 0
fail to create or update xfrm state and policy.
With this commit:
ip xfrm policy add src 192.0.2.1 dst 192.0.2.2 dir out if_id 0
RTNETLINK answers: Invalid argument
ip xfrm state add src 192.0.2.1 dst 192.0.2.2 proto esp spi 1 \
reqid 1 mode tunnel aead 'rfc4106(gcm(aes))' \
0x1111111111111111111111111111111111111111 96 if_id 0
RTNETLINK answers: Invalid argument
v1->v2 change:
- add Fixes: tag
Fixes: 9f8550e4bd9d ("xfrm: fix disable_xfrm sysctl when used on xfrm interfaces")
Signed-off-by: Antony Antony <antony.antony@secunet.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/xfrm/xfrm_user.c | 21 ++++++++++++++++++---
1 file changed, 18 insertions(+), 3 deletions(-)
diff --git a/net/xfrm/xfrm_user.c b/