* [PATCH 4.19 000/338] 4.19.238-rc1 review
@ 2022-04-14 13:08 Greg Kroah-Hartman
2022-04-14 13:08 ` [PATCH 4.19 001/338] USB: serial: pl2303: add IBM device IDs Greg Kroah-Hartman
` (343 more replies)
0 siblings, 344 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:08 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, torvalds, akpm, linux, shuah,
patches, lkft-triage, pavel, jonathanh, f.fainelli,
sudipm.mukherjee, slade
This is the start of the stable review cycle for the 4.19.238 release.
There are 338 patches in this series, all will be posted as a response
to this one. If anyone has any issues with these being applied, please
let me know.
Responses should be made by Sat, 16 Apr 2022 11:07:54 +0000.
Anything received after that time might be too late.
The whole patch series can be found in one patch at:
https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.19.238-rc1.gz
or in the git tree and branch at:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.19.y
and the diffstat can be found below.
thanks,
greg k-h
-------------
Pseudo-Shortlog of commits:
Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Linux 4.19.238-rc1
Felix Kuehling <Felix.Kuehling@amd.com>
drm/amdkfd: Use drm_priv to pass VM from KFD to amdgpu
Bas Nieuwenhuizen <bas@basnieuwenhuizen.nl>
drm/amdgpu: Check if fd really is an amdgpu fd.
Xin Long <lucien.xin@gmail.com>
xfrm: policy: match with both mark and mask on user interfaces
Tejun Heo <tj@kernel.org>
selftests: cgroup: Test open-time cgroup namespace usage for migration checks
Tejun Heo <tj@kernel.org>
selftests: cgroup: Test open-time credential usage for migration checks
Tejun Heo <tj@kernel.org>
selftests: cgroup: Make cg_create() use 0755 for permission instead of 0644
Tejun Heo <tj@kernel.org>
cgroup: Use open-time cgroup namespace for process migration perm checks
Tejun Heo <tj@kernel.org>
cgroup: Allocate cgroup_file_ctx for kernfs_open_file->priv
Tejun Heo <tj@kernel.org>
cgroup: Use open-time credentials for process migraton perm checks
Waiman Long <longman@redhat.com>
mm/sparsemem: fix 'mem_section' will never be NULL gcc 12 warning
Fangrui Song <maskray@google.com>
arm64: module: remove (NOLOAD) from linker script
Peter Xu <peterx@redhat.com>
mm: don't skip swap entry even if zap_details specified
Vinod Koul <vkoul@kernel.org>
dmaengine: Revert "dmaengine: shdma: Fix runtime PM imbalance on error"
Arnaldo Carvalho de Melo <acme@redhat.com>
tools build: Use $(shell ) instead of `` to get embedded libperl's ccopts
Arnaldo Carvalho de Melo <acme@redhat.com>
tools build: Filter out options and warnings not supported by clang
Marc Zyngier <maz@kernel.org>
irqchip/gic-v3: Fix GICR_CTLR.RWP polling
Xiaomeng Tong <xiam0nd.tong@gmail.com>
perf: qcom_l2_pmu: fix an incorrect NULL check on list iterator
Christian Lamparter <chunkeey@gmail.com>
ata: sata_dwc_460ex: Fix crash due to OOB write
Guo Ren <guoren@linux.alibaba.com>
arm64: patch_text: Fixup last cpu should be master
Ethan Lien <ethanlien@synology.com>
btrfs: fix qgroup reserve overflow the qgroup limit
Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
x86/speculation: Restore speculation related MSRs during S3 resume
Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
x86/pm: Save the MSR validity status at context setup
Miaohe Lin <linmiaohe@huawei.com>
mm/mempolicy: fix mpol_new leak in shared_policy_replace
Paolo Bonzini <pbonzini@redhat.com>
mmmremap.c: avoid pointless invalidate_range_start/end on mremap(old_size=0)
Wolfram Sang <wsa+renesas@sang-engineering.com>
mmc: renesas_sdhi: don't overwrite TAP settings when HS400 tuning is complete
Pali Rohár <pali@kernel.org>
Revert "mmc: sdhci-xenon: fix annoying 1.8V regulator warning"
Lv Yunlong <lyl2019@mail.ustc.edu.cn>
drbd: Fix five use after free bugs in get_initial_state
Kamal Dasu <kdasu.kdev@gmail.com>
spi: bcm-qspi: fix MSPI only access with bcm_qspi_exec_mem_op()
Jamie Bainbridge <jamie.bainbridge@gmail.com>
qede: confirm skb is allocated before using
Eric Dumazet <edumazet@google.com>
rxrpc: fix a race in rxrpc_exit_net()
Ilya Maximets <i.maximets@ovn.org>
net: openvswitch: don't send internal clone attribute to the userspace.
José Expósito <jose.exposito89@gmail.com>
drm/imx: Fix memory leak in imx_pd_connector_get_modes
Chen-Yu Tsai <wens@csie.org>
net: stmmac: Fix unset max_speed difference between DT and non-DT platforms
Christophe JAILLET <christophe.jaillet@wanadoo.fr>
scsi: zorro7xx: Fix a resource leak in zorro7xx_remove_one()
Guilherme G. Piccoli <gpiccoli@igalia.com>
Drivers: hv: vmbus: Fix potential crash on module unload
Dan Carpenter <dan.carpenter@oracle.com>
drm/amdgpu: fix off by one in amdgpu_gfx_kiq_acquire()
James Morse <james.morse@arm.com>
KVM: arm64: Check arm64_get_bp_hardening_data() didn't return NULL
Mauricio Faria de Oliveira <mfo@canonical.com>
mm: fix race between MADV_FREE reclaim and blkdev direct IO read
Willem de Bruijn <willemb@google.com>
net: add missing SOF_TIMESTAMPING_OPT_ID support
Helge Deller <deller@gmx.de>
parisc: Fix CPU affinity for Lasi, WAX and Dino chips
Haimin Zhang <tcs_kernel@tencent.com>
jfs: prevent NULL deref in diFree
Randy Dunlap <rdunlap@infradead.org>
virtio_console: eliminate anonymous module_init & module_exit
Jiri Slaby <jslaby@suse.cz>
serial: samsung_tty: do not unlock port->lock for uart_write_wakeup()
NeilBrown <neilb@suse.de>
NFS: swap-out must always use STABLE writes.
NeilBrown <neilb@suse.de>
NFS: swap IO handling is slightly different for O_DIRECT IO
NeilBrown <neilb@suse.de>
SUNRPC/call_alloc: async tasks mustn't block waiting for memory
Maxime Ripard <maxime@cerno.tech>
clk: Enforce that disjoints limits are invalid
Dongli Zhang <dongli.zhang@oracle.com>
xen: delay xen_hvm_init_time_ops() if kdump is boot on vcpu>=32
Trond Myklebust <trond.myklebust@hammerspace.com>
NFSv4: Protect the state recovery thread against direct reclaim
Lucas Denefle <lucas.denefle@converge.io>
w1: w1_therm: fixes w1_seq for ds28ea00 sensors
Qinghua Jin <qhjin.dev@gmail.com>
minix: fix bug when opening a file with O_DIRECT
Randy Dunlap <rdunlap@infradead.org>
init/main.c: return 1 from handled __setup() functions
Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Bluetooth: Fix use after free in hci_send_acl
Max Filippov <jcmvbkbc@gmail.com>
xtensa: fix DTC warning unit_address_format
H. Nikolaus Schaller <hns@goldelico.com>
usb: dwc3: omap: fix "unbalanced disables for smps10_out1" on omap5evm
Jianglei Nie <niejianglei2021@163.com>
scsi: libfc: Fix use after free in fc_exch_abts_resp()
Alexander Lobakin <alobakin@pm.me>
MIPS: fix fortify panic when copying asm exception handlers
Michael Chan <michael.chan@broadcom.com>
bnxt_en: Eliminate unintended link toggle during FW reset
Sven Eckelmann <sven@narfation.org>
macvtap: advertise link netns via netlink
Dust Li <dust.li@linux.alibaba.com>
net/smc: correct settings of RMB window update limit
Randy Dunlap <rdunlap@infradead.org>
scsi: aha152x: Fix aha152x_setup() __setup handler return value
Damien Le Moal <damien.lemoal@opensource.wdc.com>
scsi: pm8001: Fix pm8001_mpi_task_abort_resp()
Alex Deucher <alexander.deucher@amd.com>
drm/amdkfd: make CRAT table missing message informational only
Jordy Zomer <jordy@jordyzomer.github.io>
dm ioctl: prevent potential spectre v1 gadget
Ido Schimmel <idosch@nvidia.com>
ipv4: Invalidate neighbour for broadcast address upon address addition
Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
PCI: pciehp: Add Qualcomm quirk for Command Completed erratum
Neal Liu <neal_liu@aspeedtech.com>
usb: ehci: add pci device support for Aspeed platforms
Zhou Guanghui <zhouguanghui1@huawei.com>
iommu/arm-smmu-v3: fix event handling soft lockup
Pali Rohár <pali@kernel.org>
PCI: aardvark: Fix support for MSI interrupts
Sourabh Jain <sourabhjain@linux.ibm.com>
powerpc: Set crashkernel offset to mid of RMA region
Evgeny Boger <boger@wirenboard.com>
power: supply: axp20x_battery: properly report current when discharging
Yang Guang <yang.guang5@zte.com.cn>
scsi: bfa: Replace snprintf() with sysfs_emit()
Yang Guang <yang.guang5@zte.com.cn>
scsi: mvsas: Replace snprintf() with sysfs_emit()
Maxim Kiselev <bigunclemax@gmail.com>
powerpc: dts: t104xrdb: fix phy type for FMAN 4/5
Yang Guang <yang.guang5@zte.com.cn>
ptp: replace snprintf with sysfs_emit
Xin Xiong <xiongx18@fudan.edu.cn>
drm/amd/amdgpu/amdgpu_cs: fix refcount leak of a dma_fence obj
Zekun Shen <bruceshenzk@gmail.com>
ath5k: fix OOB in ath5k_eeprom_read_pcal_info_5111
Anisse Astier <anisse@astier.eu>
drm: Add orientation quirk for GPD Win Max
Jim Mattson <jmattson@google.com>
KVM: x86/svm: Clear reserved bits written to PerfEvtSeln MSRs
Randy Dunlap <rdunlap@infradead.org>
ARM: 9187/1: JIVE: fix return value of __setup handler
Fangrui Song <maskray@google.com>
riscv module: remove (NOLOAD)
Jiasheng Jiang <jiasheng@iscas.ac.cn>
rtc: wm8350: Handle error for wm8350_register_irq
Zhihao Cheng <chengzhihao1@huawei.com>
ubifs: Rectify space amount budget for mkdir/tmpfile operations
Vitaly Kuznetsov <vkuznets@redhat.com>
KVM: x86: Forbid VMM to set SYNIC/STIMER MSRs when SynIC wasn't activated
Martin Varghese <martin.varghese@nokia.com>
openvswitch: Fixed nd target mask field in the flow dump.
Anton Ivanov <anton.ivanov@cambridgegreys.com>
um: Fix uml_mconsole stop/go
Kuldeep Singh <singh.kuldeep87k@gmail.com>
ARM: dts: spear13xx: Update SPI dma properties
Kuldeep Singh <singh.kuldeep87k@gmail.com>
ARM: dts: spear1340: Update serial node properties
Amadeusz Sławiński <amadeuszx.slawinski@linux.intel.com>
ASoC: topology: Allow TLV control to be either read or write
Zhihao Cheng <chengzhihao1@huawei.com>
ubi: fastmap: Return error code if memory allocation fails in add_aeb()
Hengqi Chen <hengqi.chen@gmail.com>
bpf: Fix comment for helper bpf_current_task_under_cgroup()
Randy Dunlap <rdunlap@infradead.org>
mm/usercopy: return 1 from hardened_usercopy __setup() handler
Randy Dunlap <rdunlap@infradead.org>
mm/memcontrol: return 1 from cgroup.memory __setup() handler
Randy Dunlap <rdunlap@infradead.org>
mm/mmap: return 1 from stack_guard_gap __setup() handler
Rafael J. Wysocki <rafael.j.wysocki@intel.com>
ACPI: CPPC: Avoid out of bounds access when parsing _CPC data
Baokun Li <libaokun1@huawei.com>
ubi: Fix race condition between ctrl_cdev_ioctl and ubi_cdev_ioctl
Chen-Yu Tsai <wenst@chromium.org>
pinctrl: pinconf-generic: Print arguments for bias-pull-*
Andrew Price <anprice@redhat.com>
gfs2: Make sure FITRIM minlen is rounded up to fs block size
Pavel Skripkin <paskripkin@gmail.com>
can: mcba_usb: properly check endpoint type
Hangyu Hua <hbh25y@gmail.com>
can: mcba_usb: mcba_usb_start_xmit(): fix double dev_kfree_skb in error path
Baokun Li <libaokun1@huawei.com>
ubifs: rename_whiteout: correct old_dir size computing
Zhihao Cheng <chengzhihao1@huawei.com>
ubifs: Fix read out-of-bounds in ubifs_wbuf_write_nolock()
Zhihao Cheng <chengzhihao1@huawei.com>
ubifs: setflags: Make dirtied_ino_d 8 bytes aligned
Zhihao Cheng <chengzhihao1@huawei.com>
ubifs: Add missing iput if do_tmpfile() failed in rename whiteout
Zhihao Cheng <chengzhihao1@huawei.com>
ubifs: Fix deadlock in concurrent rename whiteout and inode writeback
Zhihao Cheng <chengzhihao1@huawei.com>
ubifs: rename_whiteout: Fix double free for whiteout_ui->data
Li RongQing <lirongqing@baidu.com>
KVM: x86: fix sending PV IPI
David Matlack <dmatlack@google.com>
KVM: Prevent module exit until all VMs are freed
Manish Rangankar <mrangankar@marvell.com>
scsi: qla2xxx: Use correct feature type field during RFF_ID processing
Quinn Tran <qutran@marvell.com>
scsi: qla2xxx: Reduce false trigger to login
Quinn Tran <qutran@marvell.com>
scsi: qla2xxx: Fix hang due to session stuck
Quinn Tran <qutran@marvell.com>
scsi: qla2xxx: Fix incorrect reporting of task management failure
Saurav Kashyap <skashyap@marvell.com>
scsi: qla2xxx: Suppress a kernel complaint in qla_create_qpair()
Joe Carnuccio <joe.carnuccio@cavium.com>
scsi: qla2xxx: Check for firmware dump already collected
Nilesh Javali <njavali@marvell.com>
scsi: qla2xxx: Fix warning for missing error code
Quinn Tran <qutran@marvell.com>
scsi: qla2xxx: Fix stuck session in gpdb
Anders Roxell <anders.roxell@linaro.org>
powerpc: Fix build errors with newer binutils
Anders Roxell <anders.roxell@linaro.org>
powerpc/lib/sstep: Fix build errors with newer binutils
Anders Roxell <anders.roxell@linaro.org>
powerpc/lib/sstep: Fix 'sthcx' instruction
Ulf Hansson <ulf.hansson@linaro.org>
mmc: host: Return an error when ->enable_sdio_irq() ops is missing
Dongliang Mu <mudongliangabcd@gmail.com>
media: hdpvr: initialize dev->worker at hdpvr_register_videodev
Pavel Skripkin <paskripkin@gmail.com>
media: Revert "media: em28xx: add missing em28xx_close_extension"
Zheyu Ma <zheyuma97@gmail.com>
video: fbdev: sm712fb: Fix crash in smtcfb_write()
Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
ARM: mmp: Fix failure to remove sram device
Richard Leitner <richard.leitner@skidata.com>
ARM: tegra: tamonten: Fix I2C3 pad setting
Daniel González Cabanelas <dgcbueu@gmail.com>
media: cx88-mpeg: clear interrupt status register before streaming video
Shengjiu Wang <shengjiu.wang@nxp.com>
ASoC: soc-core: skip zero num_dai component in searching dai name
Jing Yao <yao.jing2@zte.com.cn>
video: fbdev: udlfb: replace snprintf in show functions with sysfs_emit
Jing Yao <yao.jing2@zte.com.cn>
video: fbdev: omapfb: panel-tpo-td043mtea1: Use sysfs_emit() instead of snprintf()
Jing Yao <yao.jing2@zte.com.cn>
video: fbdev: omapfb: panel-dsi-cm: Use sysfs_emit() instead of snprintf()
Ard Biesheuvel <ardb@kernel.org>
ARM: ftrace: avoid redundant loads or clobbering IP
Richard Schleich <rs@noreya.tech>
ARM: dts: bcm2837: Add the missing L1/L2 cache information
David Heidelberg <david@ixit.cz>
ARM: dts: qcom: fix gic_irq_domain_translate warnings for msm8960
Yang Guang <yang.guang5@zte.com.cn>
video: fbdev: omapfb: acx565akm: replace snprintf with sysfs_emit
George Kennedy <george.kennedy@oracle.com>
video: fbdev: cirrusfb: check pixclock to avoid divide by zero
Evgeny Novikov <novikov@ispras.ru>
video: fbdev: w100fb: Reset global state
Tim Gardner <tim.gardner@canonical.com>
video: fbdev: nvidiafb: Use strscpy() to prevent buffer overflow
Dongliang Mu <mudongliangabcd@gmail.com>
ntfs: add sanity check on allocation size
Theodore Ts'o <tytso@mit.edu>
ext4: don't BUG if someone dirty pages without asking ext4 first
Minghao Chi <chi.minghao@zte.com.cn>
spi: tegra20: Use of_device_get_match_data()
Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
PM: core: keep irq flags in device_pm_check_callbacks()
Darren Hart <darren@os.amperecomputing.com>
ACPI/APEI: Limit printable size of BERT table data
Paolo Valente <paolo.valente@linaro.org>
Revert "Revert "block, bfq: honor already-setup queue merges""
Paul Menzel <pmenzel@molgen.mpg.de>
lib/raid6/test/Makefile: Use $(pound) instead of \# for Make 4.3
Rafael J. Wysocki <rafael.j.wysocki@intel.com>
ACPICA: Avoid walking the ACPI Namespace if it is not there
Zhang Wensheng <zhangwensheng5@huawei.com>
bfq: fix use-after-free in bfq_dispatch_request
Souptick Joarder (HPE) <jrdr.linux@gmail.com>
irqchip/nvic: Release nvic_base upon failure
Marc Zyngier <maz@kernel.org>
irqchip/qcom-pdc: Fix broken locking
Casey Schaufler <casey@schaufler-ca.com>
Fix incorrect type in assignment of ipv6 port for audit
Chaitanya Kulkarni <kch@nvidia.com>
loop: use sysfs_emit() in the sysfs xxx show()
Christian Göttsche <cgzones@googlemail.com>
selinux: use correct type for context length
Dan Carpenter <dan.carpenter@oracle.com>
lib/test: use after free in register_test_dev_kmod()
Trond Myklebust <trond.myklebust@hammerspace.com>
NFSv4/pNFS: Fix another issue with a list iterator pointing to the head
Duoming Zhou <duoming@zju.edu.cn>
net/x25: Fix null-ptr-deref caused by x25_disconnect
Tom Rix <trix@redhat.com>
qlcnic: dcb: default to returning -EOPNOTSUPP
Florian Fainelli <f.fainelli@gmail.com>
net: phy: broadcom: Fix brcm_fet_config_init()
Juergen Gross <jgross@suse.com>
xen: fix is_xen_pmu()
Konrad Dybcio <konrad.dybcio@somainline.org>
clk: qcom: gcc-msm8994: Fix gpll4 width
Pablo Neira Ayuso <pablo@netfilter.org>
netfilter: nf_conntrack_tcp: preserve liberal flag in tcp options
Pavel Skripkin <paskripkin@gmail.com>
jfs: fix divide error in dbNextAG
Randy Dunlap <rdunlap@infradead.org>
kgdbts: fix return value of __setup handler
Randy Dunlap <rdunlap@infradead.org>
kgdboc: fix return value of __setup handler
Randy Dunlap <rdunlap@infradead.org>
tty: hvc: fix return value of __setup handler
Miaoqian Lin <linmq006@gmail.com>
pinctrl/rockchip: Add missing of_node_put() in rockchip_pinctrl_probe
Miaoqian Lin <linmq006@gmail.com>
pinctrl: nomadik: Add missing of_node_put() in nmk_pinctrl_probe
Miaoqian Lin <linmq006@gmail.com>
pinctrl: mediatek: Fix missing of_node_put() in mtk_pctrl_init
Alexey Khoroshilov <khoroshilov@ispras.ru>
NFS: remove unneeded check in decode_devicenotify_args()
Miaoqian Lin <linmq006@gmail.com>
clk: tegra: tegra124-emc: Fix missing put_device() call in emc_ensure_emc_driver
Jonathan Neuschäfer <j.neuschaefer@gmx.net>
clk: clps711x: Terminate clk_div_table with sentinel element
Jonathan Neuschäfer <j.neuschaefer@gmx.net>
clk: loongson1: Terminate clk_div_table with sentinel element
Jonathan Neuschäfer <j.neuschaefer@gmx.net>
clk: actions: Terminate clk_div_table with sentinel element
Miaoqian Lin <linmq006@gmail.com>
remoteproc: qcom_wcnss: Add missing of_node_put() in wcnss_alloc_memory_region
Taniya Das <tdas@codeaurora.org>
clk: qcom: clk-rcg2: Update the frac table for pixel clock
Randy Dunlap <rdunlap@infradead.org>
dma-debug: fix return value of __setup handlers
Jiasheng Jiang <jiasheng@iscas.ac.cn>
iio: adc: Add check for devm_request_threaded_irq
Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
serial: 8250: Fix race condition in RTS-after-send handling
Andy Shevchenko <andriy.shevchenko@linux.intel.com>
serial: 8250_mid: Balance reference count for PCI DMA device
Dirk Buchwalder <buchwalder@posteo.de>
clk: qcom: ipq8074: Use floor ops for SDCC1 clock
Jonathan Cameron <Jonathan.Cameron@huawei.com>
staging:iio:adc:ad7280a: Fix handing of device address bit reversing.
Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
pwm: lpc18xx-sct: Initialize driver data and hardware before pwmchip_add()
Jiri Slaby <jslaby@suse.cz>
mxser: fix xmit_buf leak in activate when LSR == 0xff
Miaoqian Lin <linmq006@gmail.com>
mfd: asic3: Add missing iounmap() on error asic3_mfd_probe
Jakub Kicinski <kuba@kernel.org>
tcp: ensure PMTU updates are processed during fastopen
Jeremy Linton <jeremy.linton@arm.com>
net: bcmgenet: Use stronger register read/writes to assure ordering
Hangbin Liu <liuhangbin@gmail.com>
selftests/bpf/test_lirc_mode2.sh: Exit with proper code
Peter Rosin <peda@axentia.se>
i2c: mux: demux-pinctrl: do not deactivate a master that is not active
Petr Machata <petrm@nvidia.com>
af_netlink: Fix shift out of bounds in group mask calculation
Dan Carpenter <dan.carpenter@oracle.com>
USB: storage: ums-realtek: fix error code in rts51x_read_mem()
Xin Xiong <xiongx18@fudan.edu.cn>
mtd: rawnand: atmel: fix refcount issue in atmel_nand_controller_init
Randy Dunlap <rdunlap@infradead.org>
MIPS: RB532: fix return value of __setup handler
Oliver Hartkopp <socketcan@hartkopp.net>
vxcan: enable local echo for sent CAN frames
Jiasheng Jiang <jiasheng@iscas.ac.cn>
mfd: mc13xxx: Add check for mc13xxx_irq_request
Jakob Koschel <jakobkoschel@gmail.com>
powerpc/sysdev: fix incorrect use to determine if list is empty
Mark Tomlinson <mark.tomlinson@alliedtelesis.co.nz>
PCI: Reduce warnings on possible RW1C corruption
Jiasheng Jiang <jiasheng@iscas.ac.cn>
power: supply: wm8350-power: Add missing free in free_charger_irq
Jiasheng Jiang <jiasheng@iscas.ac.cn>
power: supply: wm8350-power: Handle error for wm8350_register_irq
Robert Hancock <robert.hancock@calian.com>
i2c: xiic: Make bus names unique
Anssi Hannula <anssi.hannula@bitwise.fi>
hv_balloon: rate-limit "Unhandled message" warning
Hou Wenlong <houwenlong.hwl@antgroup.com>
KVM: x86/emulator: Defer not-present segment check in __load_segment_descriptor()
Zhenzhong Duan <zhenzhong.duan@intel.com>
KVM: x86: Fix emulation in writing cr8
Michael Ellerman <mpe@ellerman.id.au>
powerpc/Makefile: Don't pass -mcpu=powerpc64 when building 32-bit
Nishanth Menon <nm@ti.com>
drm/bridge: cdns-dsi: Make sure to to create proper aliases for dt
Hans de Goede <hdegoede@redhat.com>
power: supply: bq24190_charger: Fix bq24190_vbus_is_enabled() wrong false return
Miaoqian Lin <linmq006@gmail.com>
drm/tegra: Fix reference leak in tegra_dsi_ganged_probe
Zhang Yi <yi.zhang@huawei.com>
ext2: correct max file size computing
Randy Dunlap <rdunlap@infradead.org>
TOMOYO: fix __setup handlers return values
Damien Le Moal <damien.lemoal@opensource.wdc.com>
scsi: pm8001: Fix abort all task initialization
Damien Le Moal <damien.lemoal@opensource.wdc.com>
scsi: pm8001: Fix payload initialization in pm80xx_set_thermal_config()
Damien Le Moal <damien.lemoal@opensource.wdc.com>
scsi: pm8001: Fix command initialization in pm8001_chip_ssp_tm_req()
Damien Le Moal <damien.lemoal@opensource.wdc.com>
scsi: pm8001: Fix command initialization in pm80XX_send_read_log()
Aashish Sharma <shraash@google.com>
dm crypt: fix get_key_size compiler warning if !CONFIG_KEYS
Colin Ian King <colin.king@canonical.com>
iwlwifi: Fix -EIO error code that is never returned
Dmitry Torokhov <dmitry.torokhov@gmail.com>
HID: i2c-hid: fix GET/SET_REPORT for unnumbered reports
Miaoqian Lin <linmq006@gmail.com>
power: supply: ab8500: Fix memory leak in ab8500_fg_sysfs_init
Jiasheng Jiang <jiasheng@iscas.ac.cn>
ray_cs: Check ioremap return value
Miaoqian Lin <linmq006@gmail.com>
power: reset: gemini-poweroff: Fix IRQ check in gemini_poweroff_probe
Fabiano Rosas <farosas@linux.ibm.com>
KVM: PPC: Fix vmx/vsx mixup in mmio emulation
Pavel Skripkin <paskripkin@gmail.com>
ath9k_htc: fix uninit value bugs
Zhou Qingyang <zhou1615@umn.edu>
drm/amd/display: Fix a NULL pointer dereference in amdgpu_dm_connector_add_common_modes()
Maxime Ripard <maxime@cerno.tech>
drm/edid: Don't clear formats if using deep color
Jiasheng Jiang <jiasheng@iscas.ac.cn>
mtd: onenand: Check for error irq
Pavel Skripkin <paskripkin@gmail.com>
Bluetooth: hci_serdev: call init_rwsem() before p->open()
Wen Gong <quic_wgong@quicinc.com>
ath10k: fix memory overwrite of the WoWLAN wakeup packet pattern
Miaoqian Lin <linmq006@gmail.com>
drm/bridge: Fix free wrong object in sii8620_init_rcp_input_dev
Jiasheng Jiang <jiasheng@iscas.ac.cn>
mmc: davinci_mmc: Handle error for clk_enable
Miaoqian Lin <linmq006@gmail.com>
ASoC: msm8916-wcd-digital: Fix missing clk_disable_unprepare() in msm8916_wcd_digital_probe
Wang Wensheng <wangwensheng4@huawei.com>
ASoC: imx-es8328: Fix error return code in imx_es8328_probe()
Miaoqian Lin <linmq006@gmail.com>
ASoC: mxs: Fix error handling in mxs_sgtl5000_probe
Codrin Ciubotariu <codrin.ciubotariu@microchip.com>
ASoC: dmaengine: do not use a NULL prepare_slave_config() callback
Miaoqian Lin <linmq006@gmail.com>
video: fbdev: omapfb: Add missing of_node_put() in dvic_probe_of
Jiasheng Jiang <jiasheng@iscas.ac.cn>
ASoC: fsi: Add check for clk_enable
Jiasheng Jiang <jiasheng@iscas.ac.cn>
ASoC: wm8350: Handle error for wm8350_register_irq
Miaoqian Lin <linmq006@gmail.com>
ASoC: atmel: Add missing of_node_put() in at91sam9g20ek_audio_probe
Dafna Hirschfeld <dafna.hirschfeld@collabora.com>
media: stk1160: If start stream fails, return buffers with VB2_BUF_STATE_QUEUED
Takashi Sakamoto <o-takashi@sakamocchi.jp>
ALSA: firewire-lib: fix uninitialized flag for AV/C deferred transaction
Jia-Ju Bai <baijiaju1990@gmail.com>
memory: emif: check the pointer temp in get_device_details()
Jiasheng Jiang <jiasheng@iscas.ac.cn>
memory: emif: Add check for setup_interrupts
Jiasheng Jiang <jiasheng@iscas.ac.cn>
ASoC: atmel_ssc_dai: Handle errors for clk_enable
Jiasheng Jiang <jiasheng@iscas.ac.cn>
ASoC: mxs-saif: Handle errors for clk_enable
Randy Dunlap <rdunlap@infradead.org>
printk: fix return value of printk.devkmsg __setup handler
Frank Wunderlich <frank-w@public-files.de>
arm64: dts: broadcom: Fix sata nodename
Kuldeep Singh <singh.kuldeep87k@gmail.com>
arm64: dts: ns2: Fix spi-cpol and spi-cpha property
Jiasheng Jiang <jiasheng@iscas.ac.cn>
ALSA: spi: Add check for clk_enable()
Jiasheng Jiang <jiasheng@iscas.ac.cn>
ASoC: ti: davinci-i2s: Add check for clk_enable()
Jia-Ju Bai <baijiaju1990@gmail.com>
ASoC: rt5663: check the return value of devm_kzalloc() in rt5663_parse_dp()
Dan Carpenter <dan.carpenter@oracle.com>
media: usb: go7007: s2250-board: fix leak in probe()
Dongliang Mu <mudongliangabcd@gmail.com>
media: em28xx: initialize refcount before kref_get
Miaoqian Lin <linmq006@gmail.com>
soc: ti: wkup_m3_ipc: Fix IRQ check in wkup_m3_ipc_probe
Pavel Kubelun <be.dissent@gmail.com>
ARM: dts: qcom: ipq4019: fix sleep clock
Dan Carpenter <dan.carpenter@oracle.com>
video: fbdev: fbcvt.c: fix printing in fb_cvt_print_name()
Wang Hai <wanghai38@huawei.com>
video: fbdev: smscufx: Fix null-ptr-deref in ufx_usb_probe()
Miaoqian Lin <linmq006@gmail.com>
media: coda: Fix missing put_device() call in coda_get_vdoa_data
Adrian Hunter <adrian.hunter@intel.com>
perf/x86/intel/pt: Fix address filter config for 32-bit kernel
Adrian Hunter <adrian.hunter@intel.com>
perf/core: Fix address filter parser for multiple filters
Bharata B Rao <bharata@amd.com>
sched/debug: Remove mpol_get/put and task_lock/unlock from sched_show_numa
Randy Dunlap <rdunlap@infradead.org>
clocksource: acpi_pm: fix return value of __setup handler
Brandon Wyman <bjwyman@gmail.com>
hwmon: (pmbus) Add Vin unit off handling
Dāvis Mosāns <davispuh@gmail.com>
crypto: ccp - ccp_dmaengine_unregister release dma channels
Randy Dunlap <rdunlap@infradead.org>
ACPI: APEI: fix return value of __setup handlers
Guillaume Ranquet <granquet@baylibre.com>
clocksource/drivers/timer-of: Check return value of of_iomap in timer_of_base_init()
Petr Vorel <pvorel@suse.cz>
crypto: vmx - add missing dependencies
Claudiu Beznea <claudiu.beznea@microchip.com>
hwrng: atmel - disable trng on failure path
Randy Dunlap <rdunlap@infradead.org>
PM: suspend: fix return value of __setup handler
Randy Dunlap <rdunlap@infradead.org>
PM: hibernate: fix __setup handler error handling
Eric Biggers <ebiggers@google.com>
block: don't delete queue kobject before its children
Armin Wolf <W_Armin@gmx.de>
hwmon: (sch56xx-common) Replace WDOG_ACTIVE with WDOG_HW_RUNNING
Patrick Rudolph <patrick.rudolph@9elements.com>
hwmon: (pmbus) Add mutex to regulator ops
Andy Shevchenko <andriy.shevchenko@linux.intel.com>
spi: pxa2xx-pci: Balance reference count for PCI DMA device
Muhammad Usama Anjum <usama.anjum@collabora.com>
selftests/x86: Add validity check and allow field splitting
Miaoqian Lin <linmq006@gmail.com>
spi: tegra114: Add missing IRQ check in tegra_spi_probe
Tomas Paukrt <tomaspaukrt@email.cz>
crypto: mxs-dcp - Fix scatterlist processing
Herbert Xu <herbert@gondor.apana.org.au>
crypto: authenc - Fix sleep in atomic context in decrypt_tail
kernel test robot <lkp@intel.com>
regulator: qcom_smd: fix for_each_child.cocci warnings
Liguang Zhang <zhangliguang@linux.alibaba.com>
PCI: pciehp: Clear cmd_busy bit in polling mode
Hector Martin <marcan@marcan.st>
brcmfmac: pcie: Replace brcmf_pcie_copy_mem_todev with memcpy_toio
Hector Martin <marcan@marcan.st>
brcmfmac: firmware: Allocate space for default boardrev in nvram
Johan Hovold <johan@kernel.org>
media: davinci: vpif: fix unbalanced runtime PM get
Maciej W. Rozycki <macro@orcam.me.uk>
DEC: Limit PMAX memory probing to R3k systems
Dirk Müller <dmueller@suse.de>
lib/raid6/test: fix multiple definition linking error
Srinivas Pandruvada <srinivas.pandruvada@linux.intel.com>
thermal: int340x: Increase bitmap size
Colin Ian King <colin.i.king@gmail.com>
carl9170: fix missing bit-wise or operator for tx_params
Krzysztof Kozlowski <krzysztof.kozlowski@canonical.com>
ARM: dts: exynos: add missing HDMI supplies on SMDK5420
Krzysztof Kozlowski <krzysztof.kozlowski@canonical.com>
ARM: dts: exynos: add missing HDMI supplies on SMDK5250
Krzysztof Kozlowski <krzysztof.kozlowski@canonical.com>
ARM: dts: exynos: fix UART3 pins configuration in Exynos5250
Tudor Ambarus <tudor.ambarus@microchip.com>
ARM: dts: at91: sama5d2: Fix PMERRLOC resource size
Michael Schmitz <schmitzmic@gmail.com>
video: fbdev: atari: Atari 2 bpp (STe) palette bugfix
Helge Deller <deller@gmx.de>
video: fbdev: sm712fb: Fix crash in smtcfb_read()
Cooper Chiou <cooper.chiou@intel.com>
drm/edid: check basic audio support on CEA extension block
Tejun Heo <tj@kernel.org>
block: don't merge across cgroup boundaries if blkcg is enabled
Duoming Zhou <duoming@zju.edu.cn>
drivers: hamradio: 6pack: fix UAF bug caused by mod_timer()
Sakari Ailus <sakari.ailus@linux.intel.com>
ACPI: properties: Consistently return -ENOENT if there are no more references
Andreas Gruenbacher <agruenba@redhat.com>
powerpc/kvm: Fix kvm_use_magic_page
Lars Ellenberg <lars.ellenberg@linbit.com>
drbd: fix potential silent data corruption
Rik van Riel <riel@surriel.com>
mm,hwpoison: unmap poisoned page before invalidation
Kai-Heng Feng <kai.heng.feng@canonical.com>
ALSA: hda/realtek: Fix audio regression on Mi Notebook Pro 2020
Xiaomeng Tong <xiam0nd.tong@gmail.com>
ALSA: cs4236: fix an incorrect NULL check on list iterator
José Expósito <jose.exposito89@gmail.com>
Revert "Input: clear BTN_RIGHT/MIDDLE on buttonpads"
Manish Chopra <manishc@marvell.com>
qed: validate and restrict untrusted VFs vlan promisc mode
Manish Chopra <manishc@marvell.com>
qed: display VF trust config
Damien Le Moal <damien.lemoal@opensource.wdc.com>
scsi: libsas: Fix sas_ata_qc_issue() handling of NCQ NON DATA commands
Hugh Dickins <hughd@google.com>
mempolicy: mbind_range() set_policy() after vma_merge()
Rik van Riel <riel@surriel.com>
mm: invalidate hwpoison page cache page in fault path
Alistair Popple <apopple@nvidia.com>
mm/pages_alloc.c: don't create ZONE_MOVABLE beyond the end of a node
Baokun Li <libaokun1@huawei.com>
jffs2: fix memory leak in jffs2_scan_medium
Baokun Li <libaokun1@huawei.com>
jffs2: fix memory leak in jffs2_do_mount_fs
Baokun Li <libaokun1@huawei.com>
jffs2: fix use-after-free in jffs2_clear_xattr_subsystem
Hangyu Hua <hbh25y@gmail.com>
can: ems_usb: ems_usb_start_xmit(): fix double dev_kfree_skb() in error path
Krzysztof Kozlowski <krzysztof.kozlowski@canonical.com>
pinctrl: samsung: drop pin banks references on error paths
Chao Yu <chao@kernel.org>
f2fs: fix to unlock page correctly in error path of is_alive()
Dan Carpenter <dan.carpenter@oracle.com>
NFSD: prevent integer overflow on 32 bit systems
Dan Carpenter <dan.carpenter@oracle.com>
NFSD: prevent underflow in nfssvc_decode_writeargs()
NeilBrown <neilb@suse.de>
SUNRPC: avoid race between mod_timer() and del_timer_sync()
Bagas Sanjaya <bagasdotme@gmail.com>
Documentation: update stable tree link
Bagas Sanjaya <bagasdotme@gmail.com>
Documentation: add link to stable release candidate tree
Jann Horn <jannh@google.com>
ptrace: Check PTRACE_O_SUSPEND_SECCOMP permission on PTRACE_SEIZE
Kunihiko Hayashi <hayashi.kunihiko@socionext.com>
clk: uniphier: Fix fixed-rate initialization
Liam Beguin <liambeguin@gmail.com>
iio: inkern: make a best effort on offset calculation
Liam Beguin <liambeguin@gmail.com>
iio: inkern: apply consumer scale when no channel scale is available
Liam Beguin <liambeguin@gmail.com>
iio: inkern: apply consumer scale on IIO_VAL_INT cases
Liam Beguin <liambeguin@gmail.com>
iio: afe: rescale: use s64 for temporary scale calculations
James Clark <james.clark@arm.com>
coresight: Fix TRCCONFIGR.QE sysfs interface
Mathias Nyman <mathias.nyman@linux.intel.com>
xhci: make xhci_handshake timeout for xhci_reset() adjustable
Alan Stern <stern@rowland.harvard.edu>
USB: usb-storage: Fix use of bitfields for hardware data in ene_ub6250.c
Xie Yongji <xieyongji@bytedance.com>
virtio-blk: Use blk_validate_block_size() to validate block size
Xie Yongji <xieyongji@bytedance.com>
block: Add a helper to validate the block size
Lino Sanfilippo <LinoSanfilippo@gmx.de>
tpm: fix reference counting for struct tpm_chip
Miklos Szeredi <mszeredi@redhat.com>
fuse: fix pipe buffer lifetime for direct_io
Haimin Zhang <tcs_kernel@tencent.com>
af_key: add __GFP_ZERO flag for compose_sadb_supported in function pfkey_register
Biju Das <biju.das.jz@bp.renesas.com>
spi: Fix erroneous sgs value with min_t()
Minghao Chi (CGEL ZTE) <chi.minghao@zte.com.cn>
net:mcf8390: Use platform_get_irq() to get the interrupt
Biju Das <biju.das.jz@bp.renesas.com>
spi: Fix invalid sgs value
Zheyu Ma <zheyuma97@gmail.com>
ethernet: sun: Free the coherent when failing in probing
Michael S. Tsirkin <mst@redhat.com>
virtio_console: break out of buf poll on remove
Lina Wang <lina.wang@mediatek.com>
xfrm: fix tunnel model fragmentation behavior
Yajun Deng <yajun.deng@linux.dev>
netdevice: add the case if dev is NULL
Randy Dunlap <rdunlap@infradead.org>
hv: utils: add PTP_1588_CLOCK to Kconfig to fix build
Johan Hovold <johan@kernel.org>
USB: serial: simple: add Nokia phone driver
Eddie James <eajames@linux.ibm.com>
USB: serial: pl2303: add IBM device IDs
-------------
Diffstat:
Documentation/process/stable-kernel-rules.rst | 11 +-
Makefile | 4 +-
arch/arm/boot/dts/bcm2837.dtsi | 49 ++++++
arch/arm/boot/dts/exynos5250-pinctrl.dtsi | 2 +-
arch/arm/boot/dts/exynos5250-smdk5250.dts | 3 +
arch/arm/boot/dts/exynos5420-smdk5420.dts | 3 +
arch/arm/boot/dts/qcom-ipq4019.dtsi | 3 +-
arch/arm/boot/dts/qcom-msm8960.dtsi | 8 +-
arch/arm/boot/dts/sama5d2.dtsi | 2 +-
arch/arm/boot/dts/spear1340.dtsi | 6 +-
arch/arm/boot/dts/spear13xx.dtsi | 6 +-
arch/arm/boot/dts/tegra20-tamonten.dtsi | 6 +-
arch/arm/kernel/entry-ftrace.S | 51 +++----
arch/arm/mach-mmp/sram.c | 22 +--
arch/arm/mach-s3c24xx/mach-jive.c | 6 +-
.../arm64/boot/dts/broadcom/northstar2/ns2-svk.dts | 8 +-
arch/arm64/boot/dts/broadcom/northstar2/ns2.dtsi | 2 +-
arch/arm64/include/asm/kvm_mmu.h | 3 +-
arch/arm64/kernel/insn.c | 4 +-
arch/arm64/kernel/module.lds | 6 +-
arch/mips/dec/prom/Makefile | 2 +-
arch/mips/include/asm/dec/prom.h | 15 +-
arch/mips/include/asm/setup.h | 2 +-
arch/mips/kernel/traps.c | 22 +--
arch/mips/rb532/devices.c | 6 +-
arch/powerpc/Makefile | 2 +-
arch/powerpc/boot/dts/fsl/t104xrdb.dtsi | 4 +-
arch/powerpc/include/asm/io.h | 40 ++++-
arch/powerpc/include/asm/uaccess.h | 3 +
arch/powerpc/kernel/kvm.c | 2 +-
arch/powerpc/kernel/machine_kexec.c | 15 +-
arch/powerpc/kernel/rtas.c | 6 +
arch/powerpc/kvm/powerpc.c | 4 +-
arch/powerpc/lib/sstep.c | 8 +-
arch/powerpc/platforms/powernv/rng.c | 6 +-
arch/powerpc/sysdev/fsl_gtm.c | 4 +-
arch/riscv/kernel/module.lds | 6 +-
arch/um/drivers/mconsole_kern.c | 3 +-
arch/x86/events/intel/pt.c | 2 +-
arch/x86/kernel/kvm.c | 2 +-
arch/x86/kvm/emulate.c | 14 +-
arch/x86/kvm/hyperv.c | 17 ++-
arch/x86/kvm/lapic.c | 5 +-
arch/x86/kvm/pmu_amd.c | 8 +-
arch/x86/power/cpu.c | 21 ++-
arch/x86/xen/pmu.c | 10 +-
arch/x86/xen/pmu.h | 3 +-
arch/x86/xen/smp_hvm.c | 6 +
arch/x86/xen/smp_pv.c | 2 +-
arch/x86/xen/time.c | 24 ++-
arch/xtensa/boot/dts/xtfpga-flash-128m.dtsi | 8 +-
arch/xtensa/boot/dts/xtfpga-flash-16m.dtsi | 8 +-
arch/xtensa/boot/dts/xtfpga-flash-4m.dtsi | 4 +-
block/bfq-iosched.c | 31 ++--
block/blk-merge.c | 12 ++
block/blk-sysfs.c | 8 +-
crypto/authenc.c | 2 +-
drivers/acpi/acpica/nswalk.c | 3 +
drivers/acpi/apei/bert.c | 10 +-
drivers/acpi/apei/erst.c | 2 +-
drivers/acpi/apei/hest.c | 2 +-
drivers/acpi/cppc_acpi.c | 5 +
drivers/acpi/property.c | 2 +-
drivers/ata/sata_dwc_460ex.c | 6 +-
drivers/base/power/main.c | 6 +-
drivers/block/drbd/drbd_int.h | 8 +-
drivers/block/drbd/drbd_nl.c | 41 +++--
drivers/block/drbd/drbd_req.c | 3 +-
drivers/block/drbd/drbd_state.c | 18 +--
drivers/block/drbd/drbd_state_change.h | 8 +-
drivers/block/loop.c | 10 +-
drivers/block/virtio_blk.c | 12 +-
drivers/bluetooth/hci_serdev.c | 3 +-
drivers/char/hw_random/atmel-rng.c | 1 +
drivers/char/tpm/tpm-chip.c | 46 +-----
drivers/char/tpm/tpm.h | 2 +
drivers/char/tpm/tpm2-space.c | 65 ++++++++
drivers/char/virtio_console.c | 15 +-
drivers/clk/actions/owl-s700.c | 1 +
drivers/clk/actions/owl-s900.c | 2 +-
drivers/clk/clk-clps711x.c | 2 +
drivers/clk/clk.c | 24 +++
drivers/clk/loongson1/clk-loongson1c.c | 1 +
drivers/clk/qcom/clk-rcg2.c | 1 +
drivers/clk/qcom/gcc-ipq8074.c | 2 +-
drivers/clk/qcom/gcc-msm8994.c | 1 +
drivers/clk/tegra/clk-emc.c | 1 +
drivers/clk/uniphier/clk-uniphier-fixed-rate.c | 1 +
drivers/clocksource/acpi_pm.c | 6 +-
drivers/clocksource/timer-of.c | 6 +-
drivers/crypto/ccp/ccp-dmaengine.c | 16 ++
drivers/crypto/mxs-dcp.c | 2 +-
drivers/crypto/vmx/Kconfig | 4 +
drivers/dma/sh/shdma-base.c | 4 +-
drivers/gpu/drm/amd/amdgpu/amdgpu.h | 2 +
drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gpuvm.c | 10 +-
drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c | 1 +
drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 16 ++
drivers/gpu/drm/amd/amdgpu/amdgpu_gfx.c | 2 +-
drivers/gpu/drm/amd/amdgpu/amdgpu_sched.c | 10 +-
drivers/gpu/drm/amd/amdkfd/kfd_crat.c | 2 +-
drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 3 +
drivers/gpu/drm/bridge/cdns-dsi.c | 1 +
drivers/gpu/drm/bridge/sil-sii8620.c | 2 +-
drivers/gpu/drm/drm_edid.c | 11 +-
drivers/gpu/drm/drm_panel_orientation_quirks.c | 6 +
drivers/gpu/drm/imx/parallel-display.c | 4 +-
drivers/gpu/drm/tegra/dsi.c | 4 +-
drivers/hid/i2c-hid/i2c-hid-core.c | 32 +++-
drivers/hv/Kconfig | 1 +
drivers/hv/hv_balloon.c | 2 +-
drivers/hv/vmbus_drv.c | 9 +-
drivers/hwmon/pmbus/pmbus.h | 1 +
drivers/hwmon/pmbus/pmbus_core.c | 18 ++-
drivers/hwmon/sch56xx-common.c | 2 +-
.../hwtracing/coresight/coresight-etm4x-sysfs.c | 8 +-
drivers/i2c/busses/i2c-xiic.c | 3 +-
drivers/i2c/muxes/i2c-demux-pinctrl.c | 5 +-
drivers/iio/adc/twl6030-gpadc.c | 2 +
drivers/iio/afe/iio-rescale.c | 8 +-
drivers/iio/inkern.c | 40 +++--
drivers/input/input.c | 6 -
drivers/iommu/arm-smmu-v3.c | 1 +
drivers/irqchip/irq-gic-v3.c | 8 +-
drivers/irqchip/irq-nvic.c | 2 +
drivers/irqchip/qcom-pdc.c | 5 +-
drivers/md/dm-crypt.c | 2 +-
drivers/md/dm-ioctl.c | 2 +
drivers/media/pci/cx88/cx88-mpeg.c | 3 +
drivers/media/platform/coda/coda-common.c | 1 +
drivers/media/platform/davinci/vpif.c | 1 +
drivers/media/usb/em28xx/em28xx-cards.c | 13 +-
drivers/media/usb/go7007/s2250-board.c | 10 +-
drivers/media/usb/hdpvr/hdpvr-video.c | 4 +-
drivers/media/usb/stk1160/stk1160-core.c | 2 +-
drivers/media/usb/stk1160/stk1160-v4l.c | 10 +-
drivers/media/usb/stk1160/stk1160.h | 2 +-
drivers/memory/emif.c | 8 +-
drivers/mfd/asic3.c | 10 +-
drivers/mfd/mc13xxx-core.c | 4 +-
drivers/misc/kgdbts.c | 4 +-
drivers/mmc/core/host.c | 15 +-
drivers/mmc/host/davinci_mmc.c | 6 +-
drivers/mmc/host/renesas_sdhi_core.c | 4 +-
drivers/mmc/host/sdhci-xenon.c | 10 --
drivers/mtd/nand/onenand/generic.c | 7 +-
drivers/mtd/nand/raw/atmel/nand-controller.c | 14 +-
drivers/mtd/ubi/build.c | 9 +-
drivers/mtd/ubi/fastmap.c | 28 ++--
drivers/mtd/ubi/vmt.c | 8 +-
drivers/net/can/usb/ems_usb.c | 1 -
drivers/net/can/usb/mcba_usb.c | 27 ++--
drivers/net/can/vxcan.c | 2 +-
drivers/net/ethernet/8390/mcf8390.c | 10 +-
drivers/net/ethernet/broadcom/bnxt/bnxt_ethtool.c | 4 +-
drivers/net/ethernet/broadcom/genet/bcmgenet.c | 4 +-
drivers/net/ethernet/qlogic/qed/qed_sriov.c | 29 +++-
drivers/net/ethernet/qlogic/qed/qed_sriov.h | 1 +
drivers/net/ethernet/qlogic/qede/qede_fp.c | 3 +
drivers/net/ethernet/qlogic/qlcnic/qlcnic_dcb.h | 10 +-
.../net/ethernet/stmicro/stmmac/stmmac_platform.c | 3 +-
drivers/net/ethernet/sun/sunhme.c | 6 +-
drivers/net/hamradio/6pack.c | 4 +-
drivers/net/macvtap.c | 6 +
drivers/net/phy/broadcom.c | 21 +++
drivers/net/wireless/ath/ath10k/wow.c | 7 +-
drivers/net/wireless/ath/ath5k/eeprom.c | 3 +
drivers/net/wireless/ath/ath9k/htc_hst.c | 5 +
drivers/net/wireless/ath/carl9170/main.c | 2 +-
.../broadcom/brcm80211/brcmfmac/firmware.c | 2 +
.../wireless/broadcom/brcm80211/brcmfmac/pcie.c | 48 +-----
drivers/net/wireless/intel/iwlwifi/dvm/mac80211.c | 2 +-
drivers/net/wireless/ray_cs.c | 6 +
drivers/parisc/dino.c | 41 ++++-
drivers/parisc/gsc.c | 31 ++++
drivers/parisc/gsc.h | 1 +
drivers/parisc/lasi.c | 7 +-
drivers/parisc/wax.c | 7 +-
drivers/pci/access.c | 9 +-
drivers/pci/controller/pci-aardvark.c | 16 +-
drivers/pci/hotplug/pciehp_hpc.c | 4 +
drivers/perf/qcom_l2_pmu.c | 6 +-
drivers/pinctrl/mediatek/pinctrl-mtk-common.c | 2 +
drivers/pinctrl/nomadik/pinctrl-nomadik.c | 4 +-
drivers/pinctrl/pinconf-generic.c | 6 +-
drivers/pinctrl/pinctrl-rockchip.c | 2 +
drivers/pinctrl/samsung/pinctrl-samsung.c | 30 +++-
drivers/power/reset/gemini-poweroff.c | 4 +-
drivers/power/supply/ab8500_fg.c | 4 +-
drivers/power/supply/axp20x_battery.c | 13 +-
drivers/power/supply/bq24190_charger.c | 7 +-
drivers/power/supply/wm8350_power.c | 97 ++++++++++--
drivers/ptp/ptp_sysfs.c | 4 +-
drivers/pwm/pwm-lpc18xx-sct.c | 20 ++-
drivers/regulator/qcom_smd-regulator.c | 4 +-
drivers/remoteproc/qcom_wcnss.c | 1 +
drivers/rtc/rtc-wm8350.c | 11 +-
drivers/scsi/aha152x.c | 6 +-
drivers/scsi/bfa/bfad_attr.c | 26 ++--
drivers/scsi/libfc/fc_exch.c | 1 +
drivers/scsi/libsas/sas_ata.c | 2 +-
drivers/scsi/mvsas/mv_init.c | 4 +-
drivers/scsi/pm8001/pm8001_hwi.c | 13 +-
drivers/scsi/pm8001/pm80xx_hwi.c | 11 +-
drivers/scsi/qla2xxx/qla_def.h | 4 +
drivers/scsi/qla2xxx/qla_gs.c | 5 +-
drivers/scsi/qla2xxx/qla_init.c | 40 ++++-
drivers/scsi/qla2xxx/qla_isr.c | 1 +
drivers/scsi/qla2xxx/qla_target.c | 1 +
drivers/scsi/zorro7xx.c | 2 +
drivers/soc/ti/wkup_m3_ipc.c | 4 +-
drivers/spi/spi-bcm-qspi.c | 4 +-
drivers/spi/spi-pxa2xx-pci.c | 17 ++-
drivers/spi/spi-tegra114.c | 4 +
drivers/spi/spi-tegra20-slink.c | 8 +-
drivers/spi/spi.c | 4 +-
drivers/staging/iio/adc/ad7280a.c | 4 +-
drivers/thermal/int340x_thermal/int3400_thermal.c | 2 +-
drivers/tty/hvc/hvc_iucv.c | 4 +-
drivers/tty/mxser.c | 15 +-
drivers/tty/serial/8250/8250_mid.c | 19 ++-
drivers/tty/serial/8250/8250_port.c | 12 ++
drivers/tty/serial/kgdboc.c | 6 +-
drivers/tty/serial/samsung.c | 5 +-
drivers/usb/dwc3/dwc3-omap.c | 2 +-
drivers/usb/host/ehci-pci.c | 9 ++
drivers/usb/host/xhci-hub.c | 2 +-
drivers/usb/host/xhci-mem.c | 2 +-
drivers/usb/host/xhci.c | 20 ++-
drivers/usb/host/xhci.h | 7 +-
drivers/usb/serial/Kconfig | 1 +
drivers/usb/serial/pl2303.c | 1 +
drivers/usb/serial/pl2303.h | 3 +
drivers/usb/serial/usb-serial-simple.c | 7 +
drivers/usb/storage/ene_ub6250.c | 155 ++++++++++---------
drivers/usb/storage/realtek_cr.c | 2 +-
drivers/video/fbdev/atafb.c | 12 +-
drivers/video/fbdev/cirrusfb.c | 16 +-
drivers/video/fbdev/core/fbcvt.c | 53 +++----
drivers/video/fbdev/nvidia/nv_i2c.c | 2 +-
.../fbdev/omap2/omapfb/displays/connector-dvi.c | 1 +
.../fbdev/omap2/omapfb/displays/panel-dsi-cm.c | 8 +-
.../omap2/omapfb/displays/panel-sony-acx565akm.c | 2 +-
.../omap2/omapfb/displays/panel-tpo-td043mtea1.c | 4 +-
drivers/video/fbdev/sm712fb.c | 46 ++----
drivers/video/fbdev/smscufx.c | 3 +-
drivers/video/fbdev/udlfb.c | 8 +-
drivers/video/fbdev/w100fb.c | 15 +-
drivers/w1/slaves/w1_therm.c | 8 +-
fs/btrfs/extent_io.h | 2 +-
fs/ext2/super.c | 6 +-
fs/ext4/inode.c | 25 +++
fs/f2fs/gc.c | 4 +-
fs/fuse/dev.c | 12 +-
fs/fuse/file.c | 1 +
fs/fuse/fuse_i.h | 2 +
fs/gfs2/rgrp.c | 3 +-
fs/jffs2/build.c | 4 +-
fs/jffs2/fs.c | 2 +-
fs/jffs2/scan.c | 6 +-
fs/jfs/inode.c | 3 +-
fs/jfs/jfs_dmap.c | 7 +
fs/minix/inode.c | 3 +-
fs/nfs/callback_proc.c | 27 ++--
fs/nfs/callback_xdr.c | 4 -
fs/nfs/direct.c | 48 ++++--
fs/nfs/file.c | 4 +-
fs/nfs/nfs4state.c | 12 ++
fs/nfs/pnfs.c | 11 ++
fs/nfs/pnfs.h | 2 +
fs/nfsd/nfsproc.c | 2 +-
fs/nfsd/xdr.h | 2 +-
fs/ntfs/inode.c | 4 +
fs/ubifs/dir.c | 44 ++++--
fs/ubifs/io.c | 34 ++++-
fs/ubifs/ioctl.c | 2 +-
include/linux/blk-cgroup.h | 17 +++
include/linux/blkdev.h | 8 +
include/linux/mmzone.h | 11 +-
include/linux/netdevice.h | 6 +-
include/linux/nfs_fs.h | 8 +-
include/linux/pci.h | 1 +
include/linux/sunrpc/xdr.h | 2 +
include/net/arp.h | 1 +
include/net/sock.h | 25 ++-
include/net/xfrm.h | 11 +-
include/uapi/linux/bpf.h | 4 +-
init/main.c | 6 +-
kernel/cgroup/cgroup-internal.h | 19 +++
kernel/cgroup/cgroup-v1.c | 33 ++--
kernel/cgroup/cgroup.c | 81 +++++++---
kernel/dma/debug.c | 4 +-
kernel/events/core.c | 3 +
kernel/power/hibernate.c | 2 +-
kernel/power/suspend_test.c | 8 +-
kernel/printk/printk.c | 6 +-
kernel/ptrace.c | 47 ++++--
kernel/sched/debug.c | 10 --
lib/raid6/test/Makefile | 4 +-
lib/raid6/test/test.c | 1 -
lib/test_kmod.c | 1 +
mm/memcontrol.c | 2 +-
mm/memory.c | 42 ++++--
mm/mempolicy.c | 9 +-
mm/mmap.c | 2 +-
mm/mremap.c | 3 +
mm/page_alloc.c | 9 +-
mm/rmap.c | 25 ++-
mm/usercopy.c | 5 +-
net/bluetooth/hci_event.c | 3 +-
net/can/raw.c | 2 +-
net/ipv4/arp.c | 9 +-
net/ipv4/fib_frontend.c | 5 +-
net/ipv4/raw.c | 2 +-
net/ipv4/tcp_output.c | 5 +-
net/ipv6/raw.c | 2 +-
net/ipv6/xfrm6_output.c | 16 ++
net/key/af_key.c | 6 +-
net/netfilter/nf_conntrack_proto_tcp.c | 17 ++-
net/netlink/af_netlink.c | 2 +
net/openvswitch/actions.c | 2 +-
net/openvswitch/flow_netlink.c | 8 +-
net/packet/af_packet.c | 6 +-
net/rxrpc/net_ns.c | 2 +-
net/smc/smc_core.c | 2 +-
net/sunrpc/sched.c | 4 +-
net/sunrpc/xprt.c | 7 +
net/sunrpc/xprtrdma/transport.c | 4 +-
net/x25/af_x25.c | 11 +-
net/xfrm/xfrm_interface.c | 5 +-
net/xfrm/xfrm_policy.c | 32 ++--
net/xfrm/xfrm_user.c | 18 ++-
security/selinux/xfrm.c | 2 +-
security/smack/smack_lsm.c | 2 +-
security/tomoyo/load_policy.c | 4 +-
sound/firewire/fcp.c | 4 +-
sound/isa/cs423x/cs4236.c | 8 +-
sound/pci/hda/patch_realtek.c | 4 +-
sound/soc/atmel/atmel_ssc_dai.c | 5 +-
sound/soc/atmel/sam9g20_wm8731.c | 1 +
sound/soc/codecs/msm8916-wcd-digital.c | 5 +-
sound/soc/codecs/rt5663.c | 2 +
sound/soc/codecs/wm8350.c | 28 +++-
sound/soc/davinci/davinci-i2s.c | 5 +-
sound/soc/fsl/imx-es8328.c | 1 +
sound/soc/mxs/mxs-saif.c | 5 +-
sound/soc/mxs/mxs-sgtl5000.c | 3 +
sound/soc/sh/fsi.c | 19 ++-
sound/soc/soc-core.c | 2 +-
sound/soc/soc-generic-dmaengine-pcm.c | 6 +-
sound/soc/soc-topology.c | 3 +-
sound/spi/at73c213.c | 27 +++-
tools/build/feature/Makefile | 9 +-
tools/include/uapi/linux/bpf.h | 4 +-
tools/perf/Makefile.config | 3 +
tools/testing/selftests/bpf/test_lirc_mode2.sh | 5 +-
tools/testing/selftests/cgroup/cgroup_util.c | 2 +-
tools/testing/selftests/cgroup/test_core.c | 167 +++++++++++++++++++++
tools/testing/selftests/x86/check_cc.sh | 2 +-
virt/kvm/kvm_main.c | 13 ++
360 files changed, 2494 insertions(+), 1147 deletions(-)
^ permalink raw reply [flat|nested] 364+ messages in thread
* [PATCH 4.19 001/338] USB: serial: pl2303: add IBM device IDs
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
@ 2022-04-14 13:08 ` Greg Kroah-Hartman
2022-04-14 13:08 ` [PATCH 4.19 002/338] USB: serial: simple: add Nokia phone driver Greg Kroah-Hartman
` (342 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:08 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Eddie James, Joel Stanley, Johan Hovold
From: Eddie James <eajames@linux.ibm.com>
commit e1d15646565b284e9ef2433234d6cfdaf66695f1 upstream.
IBM manufactures a PL2303 device for UPS communications. Add the vendor
and product IDs so that the PL2303 driver binds to the device.
Signed-off-by: Eddie James <eajames@linux.ibm.com>
Signed-off-by: Joel Stanley <joel@jms.id.au>
Signed-off-by: Eddie James <eajames@linux.ibm.com>
Link: https://lore.kernel.org/r/20220301224446.21236-1-eajames@linux.ibm.com
Cc: stable@vger.kernel.org
[ johan: amend the SoB chain ]
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/serial/pl2303.c | 1 +
drivers/usb/serial/pl2303.h | 3 +++
2 files changed, 4 insertions(+)
--- a/drivers/usb/serial/pl2303.c
+++ b/drivers/usb/serial/pl2303.c
@@ -110,6 +110,7 @@ static const struct usb_device_id id_tab
{ USB_DEVICE(ADLINK_VENDOR_ID, ADLINK_ND6530GC_PRODUCT_ID) },
{ USB_DEVICE(SMART_VENDOR_ID, SMART_PRODUCT_ID) },
{ USB_DEVICE(AT_VENDOR_ID, AT_VTKIT3_PRODUCT_ID) },
+ { USB_DEVICE(IBM_VENDOR_ID, IBM_PRODUCT_ID) },
{ } /* Terminating entry */
};
--- a/drivers/usb/serial/pl2303.h
+++ b/drivers/usb/serial/pl2303.h
@@ -29,6 +29,9 @@
#define ATEN_PRODUCT_UC232B 0x2022
#define ATEN_PRODUCT_ID2 0x2118
+#define IBM_VENDOR_ID 0x04b3
+#define IBM_PRODUCT_ID 0x4016
+
#define IODATA_VENDOR_ID 0x04bb
#define IODATA_PRODUCT_ID 0x0a03
#define IODATA_PRODUCT_ID_RSAQ5 0x0a0e
^ permalink raw reply [flat|nested] 364+ messages in thread
* [PATCH 4.19 002/338] USB: serial: simple: add Nokia phone driver
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
2022-04-14 13:08 ` [PATCH 4.19 001/338] USB: serial: pl2303: add IBM device IDs Greg Kroah-Hartman
@ 2022-04-14 13:08 ` Greg Kroah-Hartman
2022-04-14 13:08 ` [PATCH 4.19 003/338] hv: utils: add PTP_1588_CLOCK to Kconfig to fix build Greg Kroah-Hartman
` (341 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:08 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Johan Hovold
From: Johan Hovold <johan@kernel.org>
commit c4b9c570965f75d0d55e639747f1e5ccdad2fae0 upstream.
Add a new "simple" driver for certain Nokia phones, including Nokia 130
(RM-1035) which exposes two serial ports in "charging only" mode:
Bus 001 Device 009: ID 0421:069a Nokia Mobile Phones 130 [RM-1035] (Charging only)
Device Descriptor:
bLength 18
bDescriptorType 1
bcdUSB 2.00
bDeviceClass 0
bDeviceSubClass 0
bDeviceProtocol 0
bMaxPacketSize0 8
idVendor 0x0421 Nokia Mobile Phones
idProduct 0x069a 130 [RM-1035] (Charging only)
bcdDevice 1.00
iManufacturer 1 Nokia
iProduct 2 Nokia 130 (RM-1035)
iSerial 0
bNumConfigurations 1
Configuration Descriptor:
bLength 9
bDescriptorType 2
wTotalLength 0x0037
bNumInterfaces 2
bConfigurationValue 1
iConfiguration 0
bmAttributes 0x80
(Bus Powered)
MaxPower 500mA
Interface Descriptor:
bLength 9
bDescriptorType 4
bInterfaceNumber 0
bAlternateSetting 0
bNumEndpoints 2
bInterfaceClass 255 Vendor Specific Class
bInterfaceSubClass 255 Vendor Specific Subclass
bInterfaceProtocol 255 Vendor Specific Protocol
iInterface 0
Endpoint Descriptor:
bLength 7
bDescriptorType 5
bEndpointAddress 0x81 EP 1 IN
bmAttributes 2
Transfer Type Bulk
Synch Type None
Usage Type Data
wMaxPacketSize 0x0040 1x 64 bytes
bInterval 0
Endpoint Descriptor:
bLength 7
bDescriptorType 5
bEndpointAddress 0x01 EP 1 OUT
bmAttributes 2
Transfer Type Bulk
Synch Type None
Usage Type Data
wMaxPacketSize 0x0040 1x 64 bytes
bInterval 0
Interface Descriptor:
bLength 9
bDescriptorType 4
bInterfaceNumber 1
bAlternateSetting 0
bNumEndpoints 2
bInterfaceClass 255 Vendor Specific Class
bInterfaceSubClass 255 Vendor Specific Subclass
bInterfaceProtocol 255 Vendor Specific Protocol
iInterface 0
Endpoint Descriptor:
bLength 7
bDescriptorType 5
bEndpointAddress 0x82 EP 2 IN
bmAttributes 2
Transfer Type Bulk
Synch Type None
Usage Type Data
wMaxPacketSize 0x0040 1x 64 bytes
bInterval 0
Endpoint Descriptor:
bLength 7
bDescriptorType 5
bEndpointAddress 0x02 EP 2 OUT
bmAttributes 2
Transfer Type Bulk
Synch Type None
Usage Type Data
wMaxPacketSize 0x0040 1x 64 bytes
bInterval 0
Device Status: 0x0000
(Bus Powered)
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/20220228084919.10656-1-johan@kernel.org
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/serial/Kconfig | 1 +
drivers/usb/serial/usb-serial-simple.c | 7 +++++++
2 files changed, 8 insertions(+)
--- a/drivers/usb/serial/Kconfig
+++ b/drivers/usb/serial/Kconfig
@@ -65,6 +65,7 @@ config USB_SERIAL_SIMPLE
- Libtransistor USB console
- a number of Motorola phones
- Motorola Tetra devices
+ - Nokia mobile phones
- Novatel Wireless GPS receivers
- Siemens USB/MPI adapter.
- ViVOtech ViVOpay USB device.
--- a/drivers/usb/serial/usb-serial-simple.c
+++ b/drivers/usb/serial/usb-serial-simple.c
@@ -91,6 +91,11 @@ DEVICE(moto_modem, MOTO_IDS);
{ USB_DEVICE(0x0cad, 0x9016) } /* TPG2200 */
DEVICE(motorola_tetra, MOTOROLA_TETRA_IDS);
+/* Nokia mobile phone driver */
+#define NOKIA_IDS() \
+ { USB_DEVICE(0x0421, 0x069a) } /* Nokia 130 (RM-1035) */
+DEVICE(nokia, NOKIA_IDS);
+
/* Novatel Wireless GPS driver */
#define NOVATEL_IDS() \
{ USB_DEVICE(0x09d7, 0x0100) } /* NovAtel FlexPack GPS */
@@ -123,6 +128,7 @@ static struct usb_serial_driver * const
&vivopay_device,
&moto_modem_device,
&motorola_tetra_device,
+ &nokia_device,
&novatel_gps_device,
&hp4x_device,
&suunto_device,
@@ -140,6 +146,7 @@ static const struct usb_device_id id_tab
VIVOPAY_IDS(),
MOTO_IDS(),
MOTOROLA_TETRA_IDS(),
+ NOKIA_IDS(),
NOVATEL_IDS(),
HP4X_IDS(),
SUUNTO_IDS(),
^ permalink raw reply [flat|nested] 364+ messages in thread
* [PATCH 4.19 003/338] hv: utils: add PTP_1588_CLOCK to Kconfig to fix build
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
2022-04-14 13:08 ` [PATCH 4.19 001/338] USB: serial: pl2303: add IBM device IDs Greg Kroah-Hartman
2022-04-14 13:08 ` [PATCH 4.19 002/338] USB: serial: simple: add Nokia phone driver Greg Kroah-Hartman
@ 2022-04-14 13:08 ` Greg Kroah-Hartman
2022-04-14 16:02 ` Randy Dunlap
2022-04-14 13:08 ` [PATCH 4.19 004/338] netdevice: add the case if dev is NULL Greg Kroah-Hartman
` (340 subsequent siblings)
343 siblings, 1 reply; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:08 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Randy Dunlap, kernel test robot,
Arnd Bergmann, K. Y. Srinivasan, Haiyang Zhang,
Stephen Hemminger, Wei Liu, Dexuan Cui, linux-hyperv,
Michael Kelley, Petr Štetiar
From: Randy Dunlap <rdunlap@infradead.org>
commit 1dc2f2b81a6a9895da59f3915760f6c0c3074492 upstream.
The hyperv utilities use PTP clock interfaces and should depend a
a kconfig symbol such that they will be built as a loadable module or
builtin so that linker errors do not happen.
Prevents these build errors:
ld: drivers/hv/hv_util.o: in function `hv_timesync_deinit':
hv_util.c:(.text+0x37d): undefined reference to `ptp_clock_unregister'
ld: drivers/hv/hv_util.o: in function `hv_timesync_init':
hv_util.c:(.text+0x738): undefined reference to `ptp_clock_register'
Fixes: 3716a49a81ba ("hv_utils: implement Hyper-V PTP source")
Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
Reported-by: kernel test robot <lkp@intel.com>
Cc: Arnd Bergmann <arnd@arndb.de>
Cc: "K. Y. Srinivasan" <kys@microsoft.com>
Cc: Haiyang Zhang <haiyangz@microsoft.com>
Cc: Stephen Hemminger <sthemmin@microsoft.com>
Cc: Wei Liu <wei.liu@kernel.org>
Cc: Dexuan Cui <decui@microsoft.com>
Cc: linux-hyperv@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Reviewed-by: Michael Kelley <mikelley@microsoft.com>
Link: https://lore.kernel.org/r/20211126023316.25184-1-rdunlap@infradead.org
Signed-off-by: Wei Liu <wei.liu@kernel.org>
Cc: Petr Štetiar <ynezz@true.cz>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/hv/Kconfig | 1 +
1 file changed, 1 insertion(+)
--- a/drivers/hv/Kconfig
+++ b/drivers/hv/Kconfig
@@ -16,6 +16,7 @@ config HYPERV_TSCPAGE
config HYPERV_UTILS
tristate "Microsoft Hyper-V Utilities driver"
depends on HYPERV && CONNECTOR && NLS
+ depends on PTP_1588_CLOCK_OPTIONAL
help
Select this option to enable the Hyper-V Utilities.
^ permalink raw reply [flat|nested] 364+ messages in thread
* [PATCH 4.19 004/338] netdevice: add the case if dev is NULL
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (2 preceding siblings ...)
2022-04-14 13:08 ` [PATCH 4.19 003/338] hv: utils: add PTP_1588_CLOCK to Kconfig to fix build Greg Kroah-Hartman
@ 2022-04-14 13:08 ` Greg Kroah-Hartman
2022-04-14 13:08 ` [PATCH 4.19 005/338] xfrm: fix tunnel model fragmentation behavior Greg Kroah-Hartman
` (339 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:08 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Yajun Deng, David S. Miller, Pavel Machek
From: Yajun Deng <yajun.deng@linux.dev>
commit b37a466837393af72fe8bcb8f1436410f3f173f3 upstream.
Add the case if dev is NULL in dev_{put, hold}, so the caller doesn't
need to care whether dev is NULL or not.
Signed-off-by: Yajun Deng <yajun.deng@linux.dev>
Signed-off-by: David S. Miller <davem@davemloft.net>
Cc: Pavel Machek <pavel@denx.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
include/linux/netdevice.h | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
--- a/include/linux/netdevice.h
+++ b/include/linux/netdevice.h
@@ -3674,7 +3674,8 @@ void netdev_run_todo(void);
*/
static inline void dev_put(struct net_device *dev)
{
- this_cpu_dec(*dev->pcpu_refcnt);
+ if (dev)
+ this_cpu_dec(*dev->pcpu_refcnt);
}
/**
@@ -3685,7 +3686,8 @@ static inline void dev_put(struct net_de
*/
static inline void dev_hold(struct net_device *dev)
{
- this_cpu_inc(*dev->pcpu_refcnt);
+ if (dev)
+ this_cpu_inc(*dev->pcpu_refcnt);
}
/* Carrier loss detection, dial on demand. The functions netif_carrier_on
^ permalink raw reply [flat|nested] 364+ messages in thread
* [PATCH 4.19 005/338] xfrm: fix tunnel model fragmentation behavior
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (3 preceding siblings ...)
2022-04-14 13:08 ` [PATCH 4.19 004/338] netdevice: add the case if dev is NULL Greg Kroah-Hartman
@ 2022-04-14 13:08 ` Greg Kroah-Hartman
2022-04-14 13:08 ` [PATCH 4.19 006/338] virtio_console: break out of buf poll on remove Greg Kroah-Hartman
` (338 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:08 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Lina Wang, Steffen Klassert, Sasha Levin
From: Lina Wang <lina.wang@mediatek.com>
[ Upstream commit 4ff2980b6bd2aa6b4ded3ce3b7c0ccfab29980af ]
in tunnel mode, if outer interface(ipv4) is less, it is easily to let
inner IPV6 mtu be less than 1280. If so, a Packet Too Big ICMPV6 message
is received. When send again, packets are fragmentized with 1280, they
are still rejected with ICMPV6(Packet Too Big) by xfrmi_xmit2().
According to RFC4213 Section3.2.2:
if (IPv4 path MTU - 20) is less than 1280
if packet is larger than 1280 bytes
Send ICMPv6 "packet too big" with MTU=1280
Drop packet
else
Encapsulate but do not set the Don't Fragment
flag in the IPv4 header. The resulting IPv4
packet might be fragmented by the IPv4 layer
on the encapsulator or by some router along
the IPv4 path.
endif
else
if packet is larger than (IPv4 path MTU - 20)
Send ICMPv6 "packet too big" with
MTU = (IPv4 path MTU - 20).
Drop packet.
else
Encapsulate and set the Don't Fragment flag
in the IPv4 header.
endif
endif
Packets should be fragmentized with ipv4 outer interface, so change it.
After it is fragemtized with ipv4, there will be double fragmenation.
No.48 & No.51 are ipv6 fragment packets, No.48 is double fragmentized,
then tunneled with IPv4(No.49& No.50), which obey spec. And received peer
cannot decrypt it rightly.
48 2002::10 2002::11 1296(length) IPv6 fragment (off=0 more=y ident=0xa20da5bc nxt=50)
49 0x0000 (0) 2002::10 2002::11 1304 IPv6 fragment (off=0 more=y ident=0x7448042c nxt=44)
50 0x0000 (0) 2002::10 2002::11 200 ESP (SPI=0x00035000)
51 2002::10 2002::11 180 Echo (ping) request
52 0x56dc 2002::10 2002::11 248 IPv6 fragment (off=1232 more=n ident=0xa20da5bc nxt=50)
xfrm6_noneed_fragment has fixed above issues. Finally, it acted like below:
1 0x6206 192.168.1.138 192.168.1.1 1316 Fragmented IP protocol (proto=Encap Security Payload 50, off=0, ID=6206) [Reassembled in #2]
2 0x6206 2002::10 2002::11 88 IPv6 fragment (off=0 more=y ident=0x1f440778 nxt=50)
3 0x0000 2002::10 2002::11 248 ICMPv6 Echo (ping) request
Signed-off-by: Lina Wang <lina.wang@mediatek.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/ipv6/xfrm6_output.c | 16 ++++++++++++++++
net/xfrm/xfrm_interface.c | 5 ++++-
2 files changed, 20 insertions(+), 1 deletion(-)
diff --git a/net/ipv6/xfrm6_output.c b/net/ipv6/xfrm6_output.c
index b5941c9475f3..fbcec4827071 100644
--- a/net/ipv6/xfrm6_output.c
+++ b/net/ipv6/xfrm6_output.c
@@ -142,6 +142,19 @@ static int __xfrm6_output_finish(struct net *net, struct sock *sk, struct sk_buf
return x->outer_mode->afinfo->output_finish(sk, skb);
}
+static int xfrm6_noneed_fragment(struct sk_buff *skb)
+{
+ struct frag_hdr *fh;
+ u8 prevhdr = ipv6_hdr(skb)->nexthdr;
+
+ if (prevhdr != NEXTHDR_FRAGMENT)
+ return 0;
+ fh = (struct frag_hdr *)(skb->data + sizeof(struct ipv6hdr));
+ if (fh->nexthdr == NEXTHDR_ESP || fh->nexthdr == NEXTHDR_AUTH)
+ return 1;
+ return 0;
+}
+
static int __xfrm6_output(struct net *net, struct sock *sk, struct sk_buff *skb)
{
struct dst_entry *dst = skb_dst(skb);
@@ -170,6 +183,9 @@ static int __xfrm6_output(struct net *net, struct sock *sk, struct sk_buff *skb)
xfrm6_local_rxpmtu(skb, mtu);
kfree_skb(skb);
return -EMSGSIZE;
+ } else if (toobig && xfrm6_noneed_fragment(skb)) {
+ skb->ignore_df = 1;
+ goto skip_frag;
} else if (!skb->ignore_df && toobig && skb->sk) {
xfrm_local_error(skb, mtu);
kfree_skb(skb);
diff --git a/net/xfrm/xfrm_interface.c b/net/xfrm/xfrm_interface.c
index 1ae8caca28a0..3c642328a117 100644
--- a/net/xfrm/xfrm_interface.c
+++ b/net/xfrm/xfrm_interface.c
@@ -300,7 +300,10 @@ xfrmi_xmit2(struct sk_buff *skb, struct net_device *dev, struct flowi *fl)
if (mtu < IPV6_MIN_MTU)
mtu = IPV6_MIN_MTU;
- icmpv6_ndo_send(skb, ICMPV6_PKT_TOOBIG, 0, mtu);
+ if (skb->len > 1280)
+ icmpv6_ndo_send(skb, ICMPV6_PKT_TOOBIG, 0, mtu);
+ else
+ goto xmit;
} else {
if (!(ip_hdr(skb)->frag_off & htons(IP_DF)))
goto xmit;
--
2.34.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 006/338] virtio_console: break out of buf poll on remove
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (4 preceding siblings ...)
2022-04-14 13:08 ` [PATCH 4.19 005/338] xfrm: fix tunnel model fragmentation behavior Greg Kroah-Hartman
@ 2022-04-14 13:08 ` Greg Kroah-Hartman
2022-04-14 13:08 ` [PATCH 4.19 007/338] ethernet: sun: Free the coherent when failing in probing Greg Kroah-Hartman
` (337 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:08 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Michael S. Tsirkin, Sasha Levin
From: Michael S. Tsirkin <mst@redhat.com>
[ Upstream commit 0e7174b9d5877130fec41fb4a16e0c2ee4958d44 ]
A common pattern for device reset is currently:
vdev->config->reset(vdev);
.. cleanup ..
reset prevents new interrupts from arriving and waits for interrupt
handlers to finish.
However if - as is common - the handler queues a work request which is
flushed during the cleanup stage, we have code adding buffers / trying
to get buffers while device is reset. Not good.
This was reproduced by running
modprobe virtio_console
modprobe -r virtio_console
in a loop.
Fix this up by calling virtio_break_device + flush before reset.
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1786239
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/char/virtio_console.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/drivers/char/virtio_console.c b/drivers/char/virtio_console.c
index cdf441942bae..ac0b84afabe7 100644
--- a/drivers/char/virtio_console.c
+++ b/drivers/char/virtio_console.c
@@ -1985,6 +1985,13 @@ static void virtcons_remove(struct virtio_device *vdev)
list_del(&portdev->list);
spin_unlock_irq(&pdrvdata_lock);
+ /* Device is going away, exit any polling for buffers */
+ virtio_break_device(vdev);
+ if (use_multiport(portdev))
+ flush_work(&portdev->control_work);
+ else
+ flush_work(&portdev->config_work);
+
/* Disable interrupts for vqs */
vdev->config->reset(vdev);
/* Finish up work that's lined up */
--
2.34.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 007/338] ethernet: sun: Free the coherent when failing in probing
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (5 preceding siblings ...)
2022-04-14 13:08 ` [PATCH 4.19 006/338] virtio_console: break out of buf poll on remove Greg Kroah-Hartman
@ 2022-04-14 13:08 ` Greg Kroah-Hartman
2022-04-14 13:08 ` [PATCH 4.19 008/338] spi: Fix invalid sgs value Greg Kroah-Hartman
` (336 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:08 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Zheyu Ma, Andrew Lunn,
David S. Miller, Sasha Levin
From: Zheyu Ma <zheyuma97@gmail.com>
[ Upstream commit bb77bd31c281f70ec77c9c4f584950a779e05cf8 ]
When the driver fails to register net device, it should free the DMA
region first, and then do other cleanup.
Signed-off-by: Zheyu Ma <zheyuma97@gmail.com>
Reviewed-by: Andrew Lunn <andrew@lunn.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/sun/sunhme.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/sun/sunhme.c b/drivers/net/ethernet/sun/sunhme.c
index 06da2f59fcbf..882908e74cc9 100644
--- a/drivers/net/ethernet/sun/sunhme.c
+++ b/drivers/net/ethernet/sun/sunhme.c
@@ -3164,7 +3164,7 @@ static int happy_meal_pci_probe(struct pci_dev *pdev,
if (err) {
printk(KERN_ERR "happymeal(PCI): Cannot register net device, "
"aborting.\n");
- goto err_out_iounmap;
+ goto err_out_free_coherent;
}
pci_set_drvdata(pdev, hp);
@@ -3197,6 +3197,10 @@ static int happy_meal_pci_probe(struct pci_dev *pdev,
return 0;
+err_out_free_coherent:
+ dma_free_coherent(hp->dma_dev, PAGE_SIZE,
+ hp->happy_block, hp->hblock_dvma);
+
err_out_iounmap:
iounmap(hp->gregs);
--
2.34.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 008/338] spi: Fix invalid sgs value
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (6 preceding siblings ...)
2022-04-14 13:08 ` [PATCH 4.19 007/338] ethernet: sun: Free the coherent when failing in probing Greg Kroah-Hartman
@ 2022-04-14 13:08 ` Greg Kroah-Hartman
2022-04-14 13:08 ` [PATCH 4.19 009/338] net:mcf8390: Use platform_get_irq() to get the interrupt Greg Kroah-Hartman
` (335 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:08 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Biju Das, Lad Prabhakar,
Geert Uytterhoeven, Mark Brown, Sasha Levin
From: Biju Das <biju.das.jz@bp.renesas.com>
[ Upstream commit 1a4e53d2fc4f68aa654ad96d13ad042e1a8e8a7d ]
max_seg_size is unsigned int and it can have a value up to 2^32
(for eg:-RZ_DMAC driver sets dma_set_max_seg_size as U32_MAX)
When this value is used in min_t() as an integer type, it becomes
-1 and the value of sgs becomes 0.
Fix this issue by replacing the 'int' data type with 'unsigned int'
in min_t().
Signed-off-by: Biju Das <biju.das.jz@bp.renesas.com>
Reviewed-by: Lad Prabhakar <prabhakar.mahadev-lad.rj@bp.renesas.com>
Reviewed-by: Geert Uytterhoeven <geert+renesas@glider.be>
Link: https://lore.kernel.org/r/20220307184843.9994-1-biju.das.jz@bp.renesas.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/spi/spi.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/spi/spi.c b/drivers/spi/spi.c
index 49f592e433a8..518c8e0eef7f 100644
--- a/drivers/spi/spi.c
+++ b/drivers/spi/spi.c
@@ -779,10 +779,10 @@ int spi_map_buf(struct spi_controller *ctlr, struct device *dev,
int i, ret;
if (vmalloced_buf || kmap_buf) {
- desc_len = min_t(int, max_seg_size, PAGE_SIZE);
+ desc_len = min_t(unsigned int, max_seg_size, PAGE_SIZE);
sgs = DIV_ROUND_UP(len + offset_in_page(buf), desc_len);
} else if (virt_addr_valid(buf)) {
- desc_len = min_t(int, max_seg_size, ctlr->max_dma_len);
+ desc_len = min_t(unsigned int, max_seg_size, ctlr->max_dma_len);
sgs = DIV_ROUND_UP(len, desc_len);
} else {
return -EINVAL;
--
2.34.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 009/338] net:mcf8390: Use platform_get_irq() to get the interrupt
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (7 preceding siblings ...)
2022-04-14 13:08 ` [PATCH 4.19 008/338] spi: Fix invalid sgs value Greg Kroah-Hartman
@ 2022-04-14 13:08 ` Greg Kroah-Hartman
2022-04-14 13:08 ` [PATCH 4.19 010/338] spi: Fix erroneous sgs value with min_t() Greg Kroah-Hartman
` (334 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:08 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Zeal Robot, Minghao Chi (CGEL ZTE),
David S. Miller, Sasha Levin
From: Minghao Chi (CGEL ZTE) <chi.minghao@zte.com.cn>
[ Upstream commit 2a760554dcba450d3ad61b32375b50ed6d59a87c ]
It is not recommened to use platform_get_resource(pdev, IORESOURCE_IRQ)
for requesting IRQ's resources any more, as they can be not ready yet in
case of DT-booting.
platform_get_irq() instead is a recommended way for getting IRQ even if
it was not retrieved earlier.
It also makes code simpler because we're getting "int" value right away
and no conversion from resource to int is required.
Reported-by: Zeal Robot <zealci@zte.com.cn>
Signed-off-by: Minghao Chi (CGEL ZTE) <chi.minghao@zte.com.cn>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/8390/mcf8390.c | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/drivers/net/ethernet/8390/mcf8390.c b/drivers/net/ethernet/8390/mcf8390.c
index 4ad8031ab669..065fdbe66c42 100644
--- a/drivers/net/ethernet/8390/mcf8390.c
+++ b/drivers/net/ethernet/8390/mcf8390.c
@@ -406,12 +406,12 @@ static int mcf8390_init(struct net_device *dev)
static int mcf8390_probe(struct platform_device *pdev)
{
struct net_device *dev;
- struct resource *mem, *irq;
+ struct resource *mem;
resource_size_t msize;
- int ret;
+ int ret, irq;
- irq = platform_get_resource(pdev, IORESOURCE_IRQ, 0);
- if (irq == NULL) {
+ irq = platform_get_irq(pdev, 0);
+ if (irq < 0) {
dev_err(&pdev->dev, "no IRQ specified?\n");
return -ENXIO;
}
@@ -434,7 +434,7 @@ static int mcf8390_probe(struct platform_device *pdev)
SET_NETDEV_DEV(dev, &pdev->dev);
platform_set_drvdata(pdev, dev);
- dev->irq = irq->start;
+ dev->irq = irq;
dev->base_addr = mem->start;
ret = mcf8390_init(dev);
--
2.34.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 010/338] spi: Fix erroneous sgs value with min_t()
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (8 preceding siblings ...)
2022-04-14 13:08 ` [PATCH 4.19 009/338] net:mcf8390: Use platform_get_irq() to get the interrupt Greg Kroah-Hartman
@ 2022-04-14 13:08 ` Greg Kroah-Hartman
2022-04-14 13:08 ` [PATCH 4.19 011/338] af_key: add __GFP_ZERO flag for compose_sadb_supported in function pfkey_register Greg Kroah-Hartman
` (333 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:08 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Linus Torvalds, Geert Uytterhoeven,
Biju Das, Lad Prabhakar, Mark Brown, Sasha Levin
From: Biju Das <biju.das.jz@bp.renesas.com>
[ Upstream commit ebc4cb43ea5ada3db46c80156fca58a54b9bbca8 ]
While computing sgs in spi_map_buf(), the data type
used in min_t() for max_seg_size is 'unsigned int' where
as that of ctlr->max_dma_len is 'size_t'.
min_t(unsigned int,x,y) gives wrong results if one of x/y is
'size_t'
Consider the below examples on a 64-bit machine (ie size_t is
64-bits, and unsigned int is 32-bit).
case 1) min_t(unsigned int, 5, 0x100000001);
case 2) min_t(size_t, 5, 0x100000001);
Case 1 returns '1', where as case 2 returns '5'. As you can see
the result from case 1 is wrong.
This patch fixes the above issue by using the data type of the
parameters that are used in min_t with maximum data length.
Fixes: commit 1a4e53d2fc4f68aa ("spi: Fix invalid sgs value")
Reported-by: Linus Torvalds <torvalds@linux-foundation.org>
Suggested-by: Geert Uytterhoeven <geert+renesas@glider.be>
Signed-off-by: Biju Das <biju.das.jz@bp.renesas.com>
Reviewed-by: Lad Prabhakar <prabhakar.mahadev-lad.rj@bp.renesas.com>
Link: https://lore.kernel.org/r/20220316175317.465-1-biju.das.jz@bp.renesas.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/spi/spi.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/spi/spi.c b/drivers/spi/spi.c
index 518c8e0eef7f..3bcd6f178f73 100644
--- a/drivers/spi/spi.c
+++ b/drivers/spi/spi.c
@@ -779,10 +779,10 @@ int spi_map_buf(struct spi_controller *ctlr, struct device *dev,
int i, ret;
if (vmalloced_buf || kmap_buf) {
- desc_len = min_t(unsigned int, max_seg_size, PAGE_SIZE);
+ desc_len = min_t(unsigned long, max_seg_size, PAGE_SIZE);
sgs = DIV_ROUND_UP(len + offset_in_page(buf), desc_len);
} else if (virt_addr_valid(buf)) {
- desc_len = min_t(unsigned int, max_seg_size, ctlr->max_dma_len);
+ desc_len = min_t(size_t, max_seg_size, ctlr->max_dma_len);
sgs = DIV_ROUND_UP(len, desc_len);
} else {
return -EINVAL;
--
2.34.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 011/338] af_key: add __GFP_ZERO flag for compose_sadb_supported in function pfkey_register
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (9 preceding siblings ...)
2022-04-14 13:08 ` [PATCH 4.19 010/338] spi: Fix erroneous sgs value with min_t() Greg Kroah-Hartman
@ 2022-04-14 13:08 ` Greg Kroah-Hartman
2022-04-14 13:08 ` [PATCH 4.19 012/338] fuse: fix pipe buffer lifetime for direct_io Greg Kroah-Hartman
` (332 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:08 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, TCS Robot, Haimin Zhang,
Steffen Klassert, Sasha Levin
From: Haimin Zhang <tcs_kernel@tencent.com>
[ Upstream commit 9a564bccb78a76740ea9d75a259942df8143d02c ]
Add __GFP_ZERO flag for compose_sadb_supported in function pfkey_register
to initialize the buffer of supp_skb to fix a kernel-info-leak issue.
1) Function pfkey_register calls compose_sadb_supported to request
a sk_buff. 2) compose_sadb_supported calls alloc_sbk to allocate
a sk_buff, but it doesn't zero it. 3) If auth_len is greater 0, then
compose_sadb_supported treats the memory as a struct sadb_supported and
begins to initialize. But it just initializes the field sadb_supported_len
and field sadb_supported_exttype without field sadb_supported_reserved.
Reported-by: TCS Robot <tcs_robot@tencent.com>
Signed-off-by: Haimin Zhang <tcs_kernel@tencent.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/key/af_key.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/key/af_key.c b/net/key/af_key.c
index 388910cf0978..03266e1f5913 100644
--- a/net/key/af_key.c
+++ b/net/key/af_key.c
@@ -1709,7 +1709,7 @@ static int pfkey_register(struct sock *sk, struct sk_buff *skb, const struct sad
xfrm_probe_algs();
- supp_skb = compose_sadb_supported(hdr, GFP_KERNEL);
+ supp_skb = compose_sadb_supported(hdr, GFP_KERNEL | __GFP_ZERO);
if (!supp_skb) {
if (hdr->sadb_msg_satype != SADB_SATYPE_UNSPEC)
pfk->registered &= ~(1<<hdr->sadb_msg_satype);
--
2.34.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 012/338] fuse: fix pipe buffer lifetime for direct_io
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (10 preceding siblings ...)
2022-04-14 13:08 ` [PATCH 4.19 011/338] af_key: add __GFP_ZERO flag for compose_sadb_supported in function pfkey_register Greg Kroah-Hartman
@ 2022-04-14 13:08 ` Greg Kroah-Hartman
2022-04-14 13:08 ` [PATCH 4.19 013/338] tpm: fix reference counting for struct tpm_chip Greg Kroah-Hartman
` (331 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:08 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jann Horn, Miklos Szeredi, Zach OKeefe
From: Miklos Szeredi <mszeredi@redhat.com>
commit 0c4bcfdecb1ac0967619ee7ff44871d93c08c909 upstream.
In FOPEN_DIRECT_IO mode, fuse_file_write_iter() calls
fuse_direct_write_iter(), which normally calls fuse_direct_io(), which then
imports the write buffer with fuse_get_user_pages(), which uses
iov_iter_get_pages() to grab references to userspace pages instead of
actually copying memory.
On the filesystem device side, these pages can then either be read to
userspace (via fuse_dev_read()), or splice()d over into a pipe using
fuse_dev_splice_read() as pipe buffers with &nosteal_pipe_buf_ops.
This is wrong because after fuse_dev_do_read() unlocks the FUSE request,
the userspace filesystem can mark the request as completed, causing write()
to return. At that point, the userspace filesystem should no longer have
access to the pipe buffer.
Fix by copying pages coming from the user address space to new pipe
buffers.
Reported-by: Jann Horn <jannh@google.com>
Fixes: c3021629a0d8 ("fuse: support splice() reading from fuse device")
Cc: <stable@vger.kernel.org>
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
Signed-off-by: Zach O'Keefe <zokeefe@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/fuse/dev.c | 12 +++++++++++-
fs/fuse/file.c | 1 +
fs/fuse/fuse_i.h | 2 ++
3 files changed, 14 insertions(+), 1 deletion(-)
--- a/fs/fuse/dev.c
+++ b/fs/fuse/dev.c
@@ -999,7 +999,17 @@ static int fuse_copy_page(struct fuse_co
while (count) {
if (cs->write && cs->pipebufs && page) {
- return fuse_ref_page(cs, page, offset, count);
+ /*
+ * Can't control lifetime of pipe buffers, so always
+ * copy user pages.
+ */
+ if (cs->req->user_pages) {
+ err = fuse_copy_fill(cs);
+ if (err)
+ return err;
+ } else {
+ return fuse_ref_page(cs, page, offset, count);
+ }
} else if (!cs->len) {
if (cs->move_pages && page &&
offset == 0 && count == PAGE_SIZE) {
--- a/fs/fuse/file.c
+++ b/fs/fuse/file.c
@@ -1329,6 +1329,7 @@ static int fuse_get_user_pages(struct fu
(PAGE_SIZE - ret) & (PAGE_SIZE - 1);
}
+ req->user_pages = true;
if (write)
req->in.argpages = 1;
else
--- a/fs/fuse/fuse_i.h
+++ b/fs/fuse/fuse_i.h
@@ -313,6 +313,8 @@ struct fuse_req {
/** refcount */
refcount_t count;
+ bool user_pages;
+
/** Unique ID for the interrupt request */
u64 intr_unique;
^ permalink raw reply [flat|nested] 364+ messages in thread
* [PATCH 4.19 013/338] tpm: fix reference counting for struct tpm_chip
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (11 preceding siblings ...)
2022-04-14 13:08 ` [PATCH 4.19 012/338] fuse: fix pipe buffer lifetime for direct_io Greg Kroah-Hartman
@ 2022-04-14 13:08 ` Greg Kroah-Hartman
2022-04-14 13:08 ` [PATCH 4.19 014/338] block: Add a helper to validate the block size Greg Kroah-Hartman
` (330 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:08 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jason Gunthorpe, Lino Sanfilippo,
Stefan Berger, Jason Gunthorpe, Jarkko Sakkinen
From: Lino Sanfilippo <LinoSanfilippo@gmx.de>
commit 7e0438f83dc769465ee663bb5dcf8cc154940712 upstream.
The following sequence of operations results in a refcount warning:
1. Open device /dev/tpmrm.
2. Remove module tpm_tis_spi.
3. Write a TPM command to the file descriptor opened at step 1.
------------[ cut here ]------------
WARNING: CPU: 3 PID: 1161 at lib/refcount.c:25 kobject_get+0xa0/0xa4
refcount_t: addition on 0; use-after-free.
Modules linked in: tpm_tis_spi tpm_tis_core tpm mdio_bcm_unimac brcmfmac
sha256_generic libsha256 sha256_arm hci_uart btbcm bluetooth cfg80211 vc4
brcmutil ecdh_generic ecc snd_soc_core crc32_arm_ce libaes
raspberrypi_hwmon ac97_bus snd_pcm_dmaengine bcm2711_thermal snd_pcm
snd_timer genet snd phy_generic soundcore [last unloaded: spi_bcm2835]
CPU: 3 PID: 1161 Comm: hold_open Not tainted 5.10.0ls-main-dirty #2
Hardware name: BCM2711
[<c0410c3c>] (unwind_backtrace) from [<c040b580>] (show_stack+0x10/0x14)
[<c040b580>] (show_stack) from [<c1092174>] (dump_stack+0xc4/0xd8)
[<c1092174>] (dump_stack) from [<c0445a30>] (__warn+0x104/0x108)
[<c0445a30>] (__warn) from [<c0445aa8>] (warn_slowpath_fmt+0x74/0xb8)
[<c0445aa8>] (warn_slowpath_fmt) from [<c08435d0>] (kobject_get+0xa0/0xa4)
[<c08435d0>] (kobject_get) from [<bf0a715c>] (tpm_try_get_ops+0x14/0x54 [tpm])
[<bf0a715c>] (tpm_try_get_ops [tpm]) from [<bf0a7d6c>] (tpm_common_write+0x38/0x60 [tpm])
[<bf0a7d6c>] (tpm_common_write [tpm]) from [<c05a7ac0>] (vfs_write+0xc4/0x3c0)
[<c05a7ac0>] (vfs_write) from [<c05a7ee4>] (ksys_write+0x58/0xcc)
[<c05a7ee4>] (ksys_write) from [<c04001a0>] (ret_fast_syscall+0x0/0x4c)
Exception stack(0xc226bfa8 to 0xc226bff0)
bfa0: 00000000 000105b4 00000003 beafe664 00000014 00000000
bfc0: 00000000 000105b4 000103f8 00000004 00000000 00000000 b6f9c000 beafe684
bfe0: 0000006c beafe648 0001056c b6eb6944
---[ end trace d4b8409def9b8b1f ]---
The reason for this warning is the attempt to get the chip->dev reference
in tpm_common_write() although the reference counter is already zero.
Since commit 8979b02aaf1d ("tpm: Fix reference count to main device") the
extra reference used to prevent a premature zero counter is never taken,
because the required TPM_CHIP_FLAG_TPM2 flag is never set.
Fix this by moving the TPM 2 character device handling from
tpm_chip_alloc() to tpm_add_char_device() which is called at a later point
in time when the flag has been set in case of TPM2.
Commit fdc915f7f719 ("tpm: expose spaces via a device link /dev/tpmrm<n>")
already introduced function tpm_devs_release() to release the extra
reference but did not implement the required put on chip->devs that results
in the call of this function.
Fix this by putting chip->devs in tpm_chip_unregister().
Finally move the new implementation for the TPM 2 handling into a new
function to avoid multiple checks for the TPM_CHIP_FLAG_TPM2 flag in the
good case and error cases.
Cc: stable@vger.kernel.org
Fixes: fdc915f7f719 ("tpm: expose spaces via a device link /dev/tpmrm<n>")
Fixes: 8979b02aaf1d ("tpm: Fix reference count to main device")
Co-developed-by: Jason Gunthorpe <jgg@ziepe.ca>
Signed-off-by: Jason Gunthorpe <jgg@ziepe.ca>
Signed-off-by: Lino Sanfilippo <LinoSanfilippo@gmx.de>
Tested-by: Stefan Berger <stefanb@linux.ibm.com>
Reviewed-by: Jason Gunthorpe <jgg@nvidia.com>
Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/char/tpm/tpm-chip.c | 46 +++++------------------------
drivers/char/tpm/tpm.h | 2 +
drivers/char/tpm/tpm2-space.c | 65 ++++++++++++++++++++++++++++++++++++++++++
3 files changed, 75 insertions(+), 38 deletions(-)
--- a/drivers/char/tpm/tpm-chip.c
+++ b/drivers/char/tpm/tpm-chip.c
@@ -163,14 +163,6 @@ static void tpm_dev_release(struct devic
kfree(chip);
}
-static void tpm_devs_release(struct device *dev)
-{
- struct tpm_chip *chip = container_of(dev, struct tpm_chip, devs);
-
- /* release the master device reference */
- put_device(&chip->dev);
-}
-
/**
* tpm_class_shutdown() - prepare the TPM device for loss of power.
* @dev: device to which the chip is associated.
@@ -234,7 +226,6 @@ struct tpm_chip *tpm_chip_alloc(struct d
chip->dev_num = rc;
device_initialize(&chip->dev);
- device_initialize(&chip->devs);
chip->dev.class = tpm_class;
chip->dev.class->shutdown_pre = tpm_class_shutdown;
@@ -242,39 +233,20 @@ struct tpm_chip *tpm_chip_alloc(struct d
chip->dev.parent = pdev;
chip->dev.groups = chip->groups;
- chip->devs.parent = pdev;
- chip->devs.class = tpmrm_class;
- chip->devs.release = tpm_devs_release;
- /* get extra reference on main device to hold on
- * behalf of devs. This holds the chip structure
- * while cdevs is in use. The corresponding put
- * is in the tpm_devs_release (TPM2 only)
- */
- if (chip->flags & TPM_CHIP_FLAG_TPM2)
- get_device(&chip->dev);
-
if (chip->dev_num == 0)
chip->dev.devt = MKDEV(MISC_MAJOR, TPM_MINOR);
else
chip->dev.devt = MKDEV(MAJOR(tpm_devt), chip->dev_num);
- chip->devs.devt =
- MKDEV(MAJOR(tpm_devt), chip->dev_num + TPM_NUM_DEVICES);
-
rc = dev_set_name(&chip->dev, "tpm%d", chip->dev_num);
if (rc)
goto out;
- rc = dev_set_name(&chip->devs, "tpmrm%d", chip->dev_num);
- if (rc)
- goto out;
if (!pdev)
chip->flags |= TPM_CHIP_FLAG_VIRTUAL;
cdev_init(&chip->cdev, &tpm_fops);
- cdev_init(&chip->cdevs, &tpmrm_fops);
chip->cdev.owner = THIS_MODULE;
- chip->cdevs.owner = THIS_MODULE;
rc = tpm2_init_space(&chip->work_space, TPM2_SPACE_BUFFER_SIZE);
if (rc) {
@@ -286,7 +258,6 @@ struct tpm_chip *tpm_chip_alloc(struct d
return chip;
out:
- put_device(&chip->devs);
put_device(&chip->dev);
return ERR_PTR(rc);
}
@@ -335,14 +306,9 @@ static int tpm_add_char_device(struct tp
}
if (chip->flags & TPM_CHIP_FLAG_TPM2) {
- rc = cdev_device_add(&chip->cdevs, &chip->devs);
- if (rc) {
- dev_err(&chip->devs,
- "unable to cdev_device_add() %s, major %d, minor %d, err=%d\n",
- dev_name(&chip->devs), MAJOR(chip->devs.devt),
- MINOR(chip->devs.devt), rc);
- return rc;
- }
+ rc = tpm_devs_add(chip);
+ if (rc)
+ goto err_del_cdev;
}
/* Make the chip available. */
@@ -350,6 +316,10 @@ static int tpm_add_char_device(struct tp
idr_replace(&dev_nums_idr, chip, chip->dev_num);
mutex_unlock(&idr_lock);
+ return 0;
+
+err_del_cdev:
+ cdev_device_del(&chip->cdev, &chip->dev);
return rc;
}
@@ -508,7 +478,7 @@ void tpm_chip_unregister(struct tpm_chip
hwrng_unregister(&chip->hwrng);
tpm_bios_log_teardown(chip);
if (chip->flags & TPM_CHIP_FLAG_TPM2)
- cdev_device_del(&chip->cdevs, &chip->devs);
+ tpm_devs_remove(chip);
tpm_del_char_device(chip);
}
EXPORT_SYMBOL_GPL(tpm_chip_unregister);
--- a/drivers/char/tpm/tpm.h
+++ b/drivers/char/tpm/tpm.h
@@ -605,6 +605,8 @@ int tpm2_prepare_space(struct tpm_chip *
u8 *cmd);
int tpm2_commit_space(struct tpm_chip *chip, struct tpm_space *space,
u32 cc, u8 *buf, size_t *bufsiz);
+int tpm_devs_add(struct tpm_chip *chip);
+void tpm_devs_remove(struct tpm_chip *chip);
void tpm_bios_log_setup(struct tpm_chip *chip);
void tpm_bios_log_teardown(struct tpm_chip *chip);
--- a/drivers/char/tpm/tpm2-space.c
+++ b/drivers/char/tpm/tpm2-space.c
@@ -536,3 +536,68 @@ int tpm2_commit_space(struct tpm_chip *c
return 0;
}
+
+/*
+ * Put the reference to the main device.
+ */
+static void tpm_devs_release(struct device *dev)
+{
+ struct tpm_chip *chip = container_of(dev, struct tpm_chip, devs);
+
+ /* release the master device reference */
+ put_device(&chip->dev);
+}
+
+/*
+ * Remove the device file for exposed TPM spaces and release the device
+ * reference. This may also release the reference to the master device.
+ */
+void tpm_devs_remove(struct tpm_chip *chip)
+{
+ cdev_device_del(&chip->cdevs, &chip->devs);
+ put_device(&chip->devs);
+}
+
+/*
+ * Add a device file to expose TPM spaces. Also take a reference to the
+ * main device.
+ */
+int tpm_devs_add(struct tpm_chip *chip)
+{
+ int rc;
+
+ device_initialize(&chip->devs);
+ chip->devs.parent = chip->dev.parent;
+ chip->devs.class = tpmrm_class;
+
+ /*
+ * Get extra reference on main device to hold on behalf of devs.
+ * This holds the chip structure while cdevs is in use. The
+ * corresponding put is in the tpm_devs_release.
+ */
+ get_device(&chip->dev);
+ chip->devs.release = tpm_devs_release;
+ chip->devs.devt = MKDEV(MAJOR(tpm_devt), chip->dev_num + TPM_NUM_DEVICES);
+ cdev_init(&chip->cdevs, &tpmrm_fops);
+ chip->cdevs.owner = THIS_MODULE;
+
+ rc = dev_set_name(&chip->devs, "tpmrm%d", chip->dev_num);
+ if (rc)
+ goto err_put_devs;
+
+ rc = cdev_device_add(&chip->cdevs, &chip->devs);
+ if (rc) {
+ dev_err(&chip->devs,
+ "unable to cdev_device_add() %s, major %d, minor %d, err=%d\n",
+ dev_name(&chip->devs), MAJOR(chip->devs.devt),
+ MINOR(chip->devs.devt), rc);
+ goto err_put_devs;
+ }
+
+ return 0;
+
+err_put_devs:
+ put_device(&chip->devs);
+
+ return rc;
+}
^ permalink raw reply [flat|nested] 364+ messages in thread
* [PATCH 4.19 014/338] block: Add a helper to validate the block size
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (12 preceding siblings ...)
2022-04-14 13:08 ` [PATCH 4.19 013/338] tpm: fix reference counting for struct tpm_chip Greg Kroah-Hartman
@ 2022-04-14 13:08 ` Greg Kroah-Hartman
2022-04-14 13:08 ` [PATCH 4.19 015/338] virtio-blk: Use blk_validate_block_size() to validate " Greg Kroah-Hartman
` (329 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:08 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Xie Yongji, Jens Axboe, Lee Jones
From: Xie Yongji <xieyongji@bytedance.com>
commit 570b1cac477643cbf01a45fa5d018430a1fddbce upstream.
There are some duplicated codes to validate the block
size in block drivers. This limitation actually comes
from block layer, so this patch tries to add a new block
layer helper for that.
Signed-off-by: Xie Yongji <xieyongji@bytedance.com>
Link: https://lore.kernel.org/r/20211026144015.188-2-xieyongji@bytedance.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Lee Jones <lee.jones@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
include/linux/blkdev.h | 8 ++++++++
1 file changed, 8 insertions(+)
--- a/include/linux/blkdev.h
+++ b/include/linux/blkdev.h
@@ -56,6 +56,14 @@ struct blk_stat_callback;
*/
#define BLKCG_MAX_POLS 5
+static inline int blk_validate_block_size(unsigned int bsize)
+{
+ if (bsize < 512 || bsize > PAGE_SIZE || !is_power_of_2(bsize))
+ return -EINVAL;
+
+ return 0;
+}
+
typedef void (rq_end_io_fn)(struct request *, blk_status_t);
#define BLK_RL_SYNCFULL (1U << 0)
^ permalink raw reply [flat|nested] 364+ messages in thread
* [PATCH 4.19 015/338] virtio-blk: Use blk_validate_block_size() to validate block size
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (13 preceding siblings ...)
2022-04-14 13:08 ` [PATCH 4.19 014/338] block: Add a helper to validate the block size Greg Kroah-Hartman
@ 2022-04-14 13:08 ` Greg Kroah-Hartman
2022-04-14 13:08 ` [PATCH 4.19 016/338] USB: usb-storage: Fix use of bitfields for hardware data in ene_ub6250.c Greg Kroah-Hartman
` (328 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:08 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Xie Yongji, Michael S. Tsirkin,
Jens Axboe, Lee Jones
From: Xie Yongji <xieyongji@bytedance.com>
commit 57a13a5b8157d9a8606490aaa1b805bafe6c37e1 upstream.
The block layer can't support a block size larger than
page size yet. And a block size that's too small or
not a power of two won't work either. If a misconfigured
device presents an invalid block size in configuration space,
it will result in the kernel crash something like below:
[ 506.154324] BUG: kernel NULL pointer dereference, address: 0000000000000008
[ 506.160416] RIP: 0010:create_empty_buffers+0x24/0x100
[ 506.174302] Call Trace:
[ 506.174651] create_page_buffers+0x4d/0x60
[ 506.175207] block_read_full_page+0x50/0x380
[ 506.175798] ? __mod_lruvec_page_state+0x60/0xa0
[ 506.176412] ? __add_to_page_cache_locked+0x1b2/0x390
[ 506.177085] ? blkdev_direct_IO+0x4a0/0x4a0
[ 506.177644] ? scan_shadow_nodes+0x30/0x30
[ 506.178206] ? lru_cache_add+0x42/0x60
[ 506.178716] do_read_cache_page+0x695/0x740
[ 506.179278] ? read_part_sector+0xe0/0xe0
[ 506.179821] read_part_sector+0x36/0xe0
[ 506.180337] adfspart_check_ICS+0x32/0x320
[ 506.180890] ? snprintf+0x45/0x70
[ 506.181350] ? read_part_sector+0xe0/0xe0
[ 506.181906] bdev_disk_changed+0x229/0x5c0
[ 506.182483] blkdev_get_whole+0x6d/0x90
[ 506.183013] blkdev_get_by_dev+0x122/0x2d0
[ 506.183562] device_add_disk+0x39e/0x3c0
[ 506.184472] virtblk_probe+0x3f8/0x79b [virtio_blk]
[ 506.185461] virtio_dev_probe+0x15e/0x1d0 [virtio]
So let's use a block layer helper to validate the block size.
Signed-off-by: Xie Yongji <xieyongji@bytedance.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Link: https://lore.kernel.org/r/20211026144015.188-5-xieyongji@bytedance.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Lee Jones <lee.jones@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/block/virtio_blk.c | 12 ++++++++++--
1 file changed, 10 insertions(+), 2 deletions(-)
--- a/drivers/block/virtio_blk.c
+++ b/drivers/block/virtio_blk.c
@@ -849,9 +849,17 @@ static int virtblk_probe(struct virtio_d
err = virtio_cread_feature(vdev, VIRTIO_BLK_F_BLK_SIZE,
struct virtio_blk_config, blk_size,
&blk_size);
- if (!err)
+ if (!err) {
+ err = blk_validate_block_size(blk_size);
+ if (err) {
+ dev_err(&vdev->dev,
+ "virtio_blk: invalid block size: 0x%x\n",
+ blk_size);
+ goto out_free_tags;
+ }
+
blk_queue_logical_block_size(q, blk_size);
- else
+ } else
blk_size = queue_logical_block_size(q);
/* Use topology information if available */
^ permalink raw reply [flat|nested] 364+ messages in thread
* [PATCH 4.19 016/338] USB: usb-storage: Fix use of bitfields for hardware data in ene_ub6250.c
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (14 preceding siblings ...)
2022-04-14 13:08 ` [PATCH 4.19 015/338] virtio-blk: Use blk_validate_block_size() to validate " Greg Kroah-Hartman
@ 2022-04-14 13:08 ` Greg Kroah-Hartman
2022-04-14 13:08 ` [PATCH 4.19 017/338] xhci: make xhci_handshake timeout for xhci_reset() adjustable Greg Kroah-Hartman
` (327 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:08 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Alan Stern
From: Alan Stern <stern@rowland.harvard.edu>
commit 1892bf90677abcad7f06e897e308f5c3e3618dd4 upstream.
The kernel test robot found a problem with the ene_ub6250 subdriver in
usb-storage: It uses structures containing bitfields to represent
hardware bits in its SD_STATUS, MS_STATUS, and SM_STATUS bytes. This
is not safe; it presumes a particular bit ordering and it assumes the
compiler will not insert padding, neither of which is guaranteed.
This patch fixes the problem by changing the structures to simple u8
values, with the bitfields replaced by bitmask constants.
CC: <stable@vger.kernel.org>
Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
Link: https://lore.kernel.org/r/YjOcbuU106UpJ/V8@rowland.harvard.edu
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/storage/ene_ub6250.c | 153 +++++++++++++++++++--------------------
1 file changed, 75 insertions(+), 78 deletions(-)
--- a/drivers/usb/storage/ene_ub6250.c
+++ b/drivers/usb/storage/ene_ub6250.c
@@ -236,36 +236,33 @@ static struct us_unusual_dev ene_ub6250_
#define memstick_logaddr(logadr1, logadr0) ((((u16)(logadr1)) << 8) | (logadr0))
-struct SD_STATUS {
- u8 Insert:1;
- u8 Ready:1;
- u8 MediaChange:1;
- u8 IsMMC:1;
- u8 HiCapacity:1;
- u8 HiSpeed:1;
- u8 WtP:1;
- u8 Reserved:1;
-};
-
-struct MS_STATUS {
- u8 Insert:1;
- u8 Ready:1;
- u8 MediaChange:1;
- u8 IsMSPro:1;
- u8 IsMSPHG:1;
- u8 Reserved1:1;
- u8 WtP:1;
- u8 Reserved2:1;
-};
-
-struct SM_STATUS {
- u8 Insert:1;
- u8 Ready:1;
- u8 MediaChange:1;
- u8 Reserved:3;
- u8 WtP:1;
- u8 IsMS:1;
-};
+/* SD_STATUS bits */
+#define SD_Insert BIT(0)
+#define SD_Ready BIT(1)
+#define SD_MediaChange BIT(2)
+#define SD_IsMMC BIT(3)
+#define SD_HiCapacity BIT(4)
+#define SD_HiSpeed BIT(5)
+#define SD_WtP BIT(6)
+ /* Bit 7 reserved */
+
+/* MS_STATUS bits */
+#define MS_Insert BIT(0)
+#define MS_Ready BIT(1)
+#define MS_MediaChange BIT(2)
+#define MS_IsMSPro BIT(3)
+#define MS_IsMSPHG BIT(4)
+ /* Bit 5 reserved */
+#define MS_WtP BIT(6)
+ /* Bit 7 reserved */
+
+/* SM_STATUS bits */
+#define SM_Insert BIT(0)
+#define SM_Ready BIT(1)
+#define SM_MediaChange BIT(2)
+ /* Bits 3-5 reserved */
+#define SM_WtP BIT(6)
+#define SM_IsMS BIT(7)
struct ms_bootblock_cis {
u8 bCistplDEVICE[6]; /* 0 */
@@ -436,9 +433,9 @@ struct ene_ub6250_info {
u8 *bbuf;
/* for 6250 code */
- struct SD_STATUS SD_Status;
- struct MS_STATUS MS_Status;
- struct SM_STATUS SM_Status;
+ u8 SD_Status;
+ u8 MS_Status;
+ u8 SM_Status;
/* ----- SD Control Data ---------------- */
/*SD_REGISTER SD_Regs; */
@@ -601,7 +598,7 @@ static int sd_scsi_test_unit_ready(struc
{
struct ene_ub6250_info *info = (struct ene_ub6250_info *) us->extra;
- if (info->SD_Status.Insert && info->SD_Status.Ready)
+ if ((info->SD_Status & SD_Insert) && (info->SD_Status & SD_Ready))
return USB_STOR_TRANSPORT_GOOD;
else {
ene_sd_init(us);
@@ -621,7 +618,7 @@ static int sd_scsi_mode_sense(struct us_
0x0b, 0x00, 0x80, 0x08, 0x00, 0x00,
0x71, 0xc0, 0x00, 0x00, 0x02, 0x00 };
- if (info->SD_Status.WtP)
+ if (info->SD_Status & SD_WtP)
usb_stor_set_xfer_buf(mediaWP, 12, srb);
else
usb_stor_set_xfer_buf(mediaNoWP, 12, srb);
@@ -640,9 +637,9 @@ static int sd_scsi_read_capacity(struct
struct ene_ub6250_info *info = (struct ene_ub6250_info *) us->extra;
usb_stor_dbg(us, "sd_scsi_read_capacity\n");
- if (info->SD_Status.HiCapacity) {
+ if (info->SD_Status & SD_HiCapacity) {
bl_len = 0x200;
- if (info->SD_Status.IsMMC)
+ if (info->SD_Status & SD_IsMMC)
bl_num = info->HC_C_SIZE-1;
else
bl_num = (info->HC_C_SIZE + 1) * 1024 - 1;
@@ -692,7 +689,7 @@ static int sd_scsi_read(struct us_data *
return USB_STOR_TRANSPORT_ERROR;
}
- if (info->SD_Status.HiCapacity)
+ if (info->SD_Status & SD_HiCapacity)
bnByte = bn;
/* set up the command wrapper */
@@ -732,7 +729,7 @@ static int sd_scsi_write(struct us_data
return USB_STOR_TRANSPORT_ERROR;
}
- if (info->SD_Status.HiCapacity)
+ if (info->SD_Status & SD_HiCapacity)
bnByte = bn;
/* set up the command wrapper */
@@ -1454,7 +1451,7 @@ static int ms_scsi_test_unit_ready(struc
struct ene_ub6250_info *info = (struct ene_ub6250_info *)(us->extra);
/* pr_info("MS_SCSI_Test_Unit_Ready\n"); */
- if (info->MS_Status.Insert && info->MS_Status.Ready) {
+ if ((info->MS_Status & MS_Insert) && (info->MS_Status & MS_Ready)) {
return USB_STOR_TRANSPORT_GOOD;
} else {
ene_ms_init(us);
@@ -1474,7 +1471,7 @@ static int ms_scsi_mode_sense(struct us_
0x0b, 0x00, 0x80, 0x08, 0x00, 0x00,
0x71, 0xc0, 0x00, 0x00, 0x02, 0x00 };
- if (info->MS_Status.WtP)
+ if (info->MS_Status & MS_WtP)
usb_stor_set_xfer_buf(mediaWP, 12, srb);
else
usb_stor_set_xfer_buf(mediaNoWP, 12, srb);
@@ -1493,7 +1490,7 @@ static int ms_scsi_read_capacity(struct
usb_stor_dbg(us, "ms_scsi_read_capacity\n");
bl_len = 0x200;
- if (info->MS_Status.IsMSPro)
+ if (info->MS_Status & MS_IsMSPro)
bl_num = info->MSP_TotalBlock - 1;
else
bl_num = info->MS_Lib.NumberOfLogBlock * info->MS_Lib.blockSize * 2 - 1;
@@ -1648,7 +1645,7 @@ static int ms_scsi_read(struct us_data *
if (bn > info->bl_num)
return USB_STOR_TRANSPORT_ERROR;
- if (info->MS_Status.IsMSPro) {
+ if (info->MS_Status & MS_IsMSPro) {
result = ene_load_bincode(us, MSP_RW_PATTERN);
if (result != USB_STOR_XFER_GOOD) {
usb_stor_dbg(us, "Load MPS RW pattern Fail !!\n");
@@ -1749,7 +1746,7 @@ static int ms_scsi_write(struct us_data
if (bn > info->bl_num)
return USB_STOR_TRANSPORT_ERROR;
- if (info->MS_Status.IsMSPro) {
+ if (info->MS_Status & MS_IsMSPro) {
result = ene_load_bincode(us, MSP_RW_PATTERN);
if (result != USB_STOR_XFER_GOOD) {
pr_info("Load MSP RW pattern Fail !!\n");
@@ -1857,12 +1854,12 @@ static int ene_get_card_status(struct us
tmpreg = (u16) reg4b;
reg4b = *(u32 *)(&buf[0x14]);
- if (info->SD_Status.HiCapacity && !info->SD_Status.IsMMC)
+ if ((info->SD_Status & SD_HiCapacity) && !(info->SD_Status & SD_IsMMC))
info->HC_C_SIZE = (reg4b >> 8) & 0x3fffff;
info->SD_C_SIZE = ((tmpreg & 0x03) << 10) | (u16)(reg4b >> 22);
info->SD_C_SIZE_MULT = (u8)(reg4b >> 7) & 0x07;
- if (info->SD_Status.HiCapacity && info->SD_Status.IsMMC)
+ if ((info->SD_Status & SD_HiCapacity) && (info->SD_Status & SD_IsMMC))
info->HC_C_SIZE = *(u32 *)(&buf[0x100]);
if (info->SD_READ_BL_LEN > SD_BLOCK_LEN) {
@@ -2074,6 +2071,7 @@ static int ene_ms_init(struct us_data *u
u16 MSP_BlockSize, MSP_UserAreaBlocks;
struct ene_ub6250_info *info = (struct ene_ub6250_info *) us->extra;
u8 *bbuf = info->bbuf;
+ unsigned int s;
printk(KERN_INFO "transport --- ENE_MSInit\n");
@@ -2098,15 +2096,16 @@ static int ene_ms_init(struct us_data *u
return USB_STOR_TRANSPORT_ERROR;
}
/* the same part to test ENE */
- info->MS_Status = *(struct MS_STATUS *) bbuf;
+ info->MS_Status = bbuf[0];
- if (info->MS_Status.Insert && info->MS_Status.Ready) {
- printk(KERN_INFO "Insert = %x\n", info->MS_Status.Insert);
- printk(KERN_INFO "Ready = %x\n", info->MS_Status.Ready);
- printk(KERN_INFO "IsMSPro = %x\n", info->MS_Status.IsMSPro);
- printk(KERN_INFO "IsMSPHG = %x\n", info->MS_Status.IsMSPHG);
- printk(KERN_INFO "WtP= %x\n", info->MS_Status.WtP);
- if (info->MS_Status.IsMSPro) {
+ s = info->MS_Status;
+ if ((s & MS_Insert) && (s & MS_Ready)) {
+ printk(KERN_INFO "Insert = %x\n", !!(s & MS_Insert));
+ printk(KERN_INFO "Ready = %x\n", !!(s & MS_Ready));
+ printk(KERN_INFO "IsMSPro = %x\n", !!(s & MS_IsMSPro));
+ printk(KERN_INFO "IsMSPHG = %x\n", !!(s & MS_IsMSPHG));
+ printk(KERN_INFO "WtP= %x\n", !!(s & MS_WtP));
+ if (s & MS_IsMSPro) {
MSP_BlockSize = (bbuf[6] << 8) | bbuf[7];
MSP_UserAreaBlocks = (bbuf[10] << 8) | bbuf[11];
info->MSP_TotalBlock = MSP_BlockSize * MSP_UserAreaBlocks;
@@ -2167,17 +2166,17 @@ static int ene_sd_init(struct us_data *u
return USB_STOR_TRANSPORT_ERROR;
}
- info->SD_Status = *(struct SD_STATUS *) bbuf;
- if (info->SD_Status.Insert && info->SD_Status.Ready) {
- struct SD_STATUS *s = &info->SD_Status;
+ info->SD_Status = bbuf[0];
+ if ((info->SD_Status & SD_Insert) && (info->SD_Status & SD_Ready)) {
+ unsigned int s = info->SD_Status;
ene_get_card_status(us, bbuf);
- usb_stor_dbg(us, "Insert = %x\n", s->Insert);
- usb_stor_dbg(us, "Ready = %x\n", s->Ready);
- usb_stor_dbg(us, "IsMMC = %x\n", s->IsMMC);
- usb_stor_dbg(us, "HiCapacity = %x\n", s->HiCapacity);
- usb_stor_dbg(us, "HiSpeed = %x\n", s->HiSpeed);
- usb_stor_dbg(us, "WtP = %x\n", s->WtP);
+ usb_stor_dbg(us, "Insert = %x\n", !!(s & SD_Insert));
+ usb_stor_dbg(us, "Ready = %x\n", !!(s & SD_Ready));
+ usb_stor_dbg(us, "IsMMC = %x\n", !!(s & SD_IsMMC));
+ usb_stor_dbg(us, "HiCapacity = %x\n", !!(s & SD_HiCapacity));
+ usb_stor_dbg(us, "HiSpeed = %x\n", !!(s & SD_HiSpeed));
+ usb_stor_dbg(us, "WtP = %x\n", !!(s & SD_WtP));
} else {
usb_stor_dbg(us, "SD Card Not Ready --- %x\n", bbuf[0]);
return USB_STOR_TRANSPORT_ERROR;
@@ -2199,14 +2198,14 @@ static int ene_init(struct us_data *us)
misc_reg03 = bbuf[0];
if (misc_reg03 & 0x01) {
- if (!info->SD_Status.Ready) {
+ if (!(info->SD_Status & SD_Ready)) {
result = ene_sd_init(us);
if (result != USB_STOR_XFER_GOOD)
return USB_STOR_TRANSPORT_ERROR;
}
}
if (misc_reg03 & 0x02) {
- if (!info->MS_Status.Ready) {
+ if (!(info->MS_Status & MS_Ready)) {
result = ene_ms_init(us);
if (result != USB_STOR_XFER_GOOD)
return USB_STOR_TRANSPORT_ERROR;
@@ -2305,14 +2304,14 @@ static int ene_transport(struct scsi_cmn
/*US_DEBUG(usb_stor_show_command(us, srb)); */
scsi_set_resid(srb, 0);
- if (unlikely(!(info->SD_Status.Ready || info->MS_Status.Ready)))
+ if (unlikely(!(info->SD_Status & SD_Ready) || (info->MS_Status & MS_Ready)))
result = ene_init(us);
if (result == USB_STOR_XFER_GOOD) {
result = USB_STOR_TRANSPORT_ERROR;
- if (info->SD_Status.Ready)
+ if (info->SD_Status & SD_Ready)
result = sd_scsi_irp(us, srb);
- if (info->MS_Status.Ready)
+ if (info->MS_Status & MS_Ready)
result = ms_scsi_irp(us, srb);
}
return result;
@@ -2376,7 +2375,6 @@ static int ene_ub6250_probe(struct usb_i
static int ene_ub6250_resume(struct usb_interface *iface)
{
- u8 tmp = 0;
struct us_data *us = usb_get_intfdata(iface);
struct ene_ub6250_info *info = (struct ene_ub6250_info *)(us->extra);
@@ -2388,17 +2386,16 @@ static int ene_ub6250_resume(struct usb_
mutex_unlock(&us->dev_mutex);
info->Power_IsResum = true;
- /*info->SD_Status.Ready = 0; */
- info->SD_Status = *(struct SD_STATUS *)&tmp;
- info->MS_Status = *(struct MS_STATUS *)&tmp;
- info->SM_Status = *(struct SM_STATUS *)&tmp;
+ /* info->SD_Status &= ~SD_Ready; */
+ info->SD_Status = 0;
+ info->MS_Status = 0;
+ info->SM_Status = 0;
return 0;
}
static int ene_ub6250_reset_resume(struct usb_interface *iface)
{
- u8 tmp = 0;
struct us_data *us = usb_get_intfdata(iface);
struct ene_ub6250_info *info = (struct ene_ub6250_info *)(us->extra);
@@ -2410,10 +2407,10 @@ static int ene_ub6250_reset_resume(struc
* the device
*/
info->Power_IsResum = true;
- /*info->SD_Status.Ready = 0; */
- info->SD_Status = *(struct SD_STATUS *)&tmp;
- info->MS_Status = *(struct MS_STATUS *)&tmp;
- info->SM_Status = *(struct SM_STATUS *)&tmp;
+ /* info->SD_Status &= ~SD_Ready; */
+ info->SD_Status = 0;
+ info->MS_Status = 0;
+ info->SM_Status = 0;
return 0;
}
^ permalink raw reply [flat|nested] 364+ messages in thread
* [PATCH 4.19 017/338] xhci: make xhci_handshake timeout for xhci_reset() adjustable
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (15 preceding siblings ...)
2022-04-14 13:08 ` [PATCH 4.19 016/338] USB: usb-storage: Fix use of bitfields for hardware data in ene_ub6250.c Greg Kroah-Hartman
@ 2022-04-14 13:08 ` Greg Kroah-Hartman
2022-04-14 13:08 ` [PATCH 4.19 018/338] coresight: Fix TRCCONFIGR.QE sysfs interface Greg Kroah-Hartman
` (326 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:08 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Sergey Shtylyov, Pavan Kondeti,
Mathias Nyman
From: Mathias Nyman <mathias.nyman@linux.intel.com>
commit 14073ce951b5919da450022c050772902f24f054 upstream.
xhci_reset() timeout was increased from 250ms to 10 seconds in order to
give Renesas 720201 xHC enough time to get ready in probe.
xhci_reset() is called with interrupts disabled in other places, and
waiting for 10 seconds there is not acceptable.
Add a timeout parameter to xhci_reset(), and adjust it back to 250ms
when called from xhci_stop() or xhci_shutdown() where interrupts are
disabled, and successful reset isn't that critical.
This solves issues when deactivating host mode on platforms like SM8450.
For now don't change the timeout if xHC is reset in xhci_resume().
No issues are reported for it, and we need the reset to succeed.
Locking around that reset needs to be revisited later.
Additionally change the signed integer timeout parameter in
xhci_handshake() to a u64 to match the timeout value we pass to
readl_poll_timeout_atomic()
Fixes: 22ceac191211 ("xhci: Increase reset timeout for Renesas 720201 host.")
Cc: stable@vger.kernel.org
Reported-by: Sergey Shtylyov <s.shtylyov@omp.ru>
Reported-by: Pavan Kondeti <quic_pkondeti@quicinc.com>
Tested-by: Pavan Kondeti <quic_pkondeti@quicinc.com>
Signed-off-by: Mathias Nyman <mathias.nyman@linux.intel.com>
Link: https://lore.kernel.org/r/20220303110903.1662404-2-mathias.nyman@linux.intel.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/host/xhci-hub.c | 2 +-
drivers/usb/host/xhci-mem.c | 2 +-
drivers/usb/host/xhci.c | 20 +++++++++-----------
drivers/usb/host/xhci.h | 7 +++++--
4 files changed, 16 insertions(+), 15 deletions(-)
--- a/drivers/usb/host/xhci-hub.c
+++ b/drivers/usb/host/xhci-hub.c
@@ -670,7 +670,7 @@ static int xhci_exit_test_mode(struct xh
}
pm_runtime_allow(xhci_to_hcd(xhci)->self.controller);
xhci->test_mode = 0;
- return xhci_reset(xhci);
+ return xhci_reset(xhci, XHCI_RESET_SHORT_USEC);
}
void xhci_set_link_state(struct xhci_hcd *xhci, struct xhci_port *port,
--- a/drivers/usb/host/xhci-mem.c
+++ b/drivers/usb/host/xhci-mem.c
@@ -2595,7 +2595,7 @@ int xhci_mem_init(struct xhci_hcd *xhci,
fail:
xhci_halt(xhci);
- xhci_reset(xhci);
+ xhci_reset(xhci, XHCI_RESET_SHORT_USEC);
xhci_mem_cleanup(xhci);
return -ENOMEM;
}
--- a/drivers/usb/host/xhci.c
+++ b/drivers/usb/host/xhci.c
@@ -66,7 +66,7 @@ static bool td_on_ring(struct xhci_td *t
* handshake done). There are two failure modes: "usec" have passed (major
* hardware flakeout), or the register reads as all-ones (hardware removed).
*/
-int xhci_handshake(void __iomem *ptr, u32 mask, u32 done, int usec)
+int xhci_handshake(void __iomem *ptr, u32 mask, u32 done, u64 timeout_us)
{
u32 result;
int ret;
@@ -74,7 +74,7 @@ int xhci_handshake(void __iomem *ptr, u3
ret = readl_poll_timeout_atomic(ptr, result,
(result & mask) == done ||
result == U32_MAX,
- 1, usec);
+ 1, timeout_us);
if (result == U32_MAX) /* card removed */
return -ENODEV;
@@ -163,7 +163,7 @@ int xhci_start(struct xhci_hcd *xhci)
* Transactions will be terminated immediately, and operational registers
* will be set to their defaults.
*/
-int xhci_reset(struct xhci_hcd *xhci)
+int xhci_reset(struct xhci_hcd *xhci, u64 timeout_us)
{
u32 command;
u32 state;
@@ -196,8 +196,7 @@ int xhci_reset(struct xhci_hcd *xhci)
if (xhci->quirks & XHCI_INTEL_HOST)
udelay(1000);
- ret = xhci_handshake(&xhci->op_regs->command,
- CMD_RESET, 0, 10 * 1000 * 1000);
+ ret = xhci_handshake(&xhci->op_regs->command, CMD_RESET, 0, timeout_us);
if (ret)
return ret;
@@ -210,8 +209,7 @@ int xhci_reset(struct xhci_hcd *xhci)
* xHCI cannot write to any doorbells or operational registers other
* than status until the "Controller Not Ready" flag is cleared.
*/
- ret = xhci_handshake(&xhci->op_regs->status,
- STS_CNR, 0, 10 * 1000 * 1000);
+ ret = xhci_handshake(&xhci->op_regs->status, STS_CNR, 0, timeout_us);
for (i = 0; i < 2; i++) {
xhci->bus_state[i].port_c_suspend = 0;
@@ -731,7 +729,7 @@ static void xhci_stop(struct usb_hcd *hc
xhci->xhc_state |= XHCI_STATE_HALTED;
xhci->cmd_ring_state = CMD_RING_STATE_STOPPED;
xhci_halt(xhci);
- xhci_reset(xhci);
+ xhci_reset(xhci, XHCI_RESET_SHORT_USEC);
spin_unlock_irq(&xhci->lock);
xhci_cleanup_msix(xhci);
@@ -784,7 +782,7 @@ void xhci_shutdown(struct usb_hcd *hcd)
xhci_halt(xhci);
/* Workaround for spurious wakeups at shutdown with HSW */
if (xhci->quirks & XHCI_SPURIOUS_WAKEUP)
- xhci_reset(xhci);
+ xhci_reset(xhci, XHCI_RESET_SHORT_USEC);
spin_unlock_irq(&xhci->lock);
xhci_cleanup_msix(xhci);
@@ -1162,7 +1160,7 @@ int xhci_resume(struct xhci_hcd *xhci, b
xhci_dbg(xhci, "Stop HCD\n");
xhci_halt(xhci);
xhci_zero_64b_regs(xhci);
- retval = xhci_reset(xhci);
+ retval = xhci_reset(xhci, XHCI_RESET_LONG_USEC);
spin_unlock_irq(&xhci->lock);
if (retval)
return retval;
@@ -5190,7 +5188,7 @@ int xhci_gen_setup(struct usb_hcd *hcd,
xhci_dbg(xhci, "Resetting HCD\n");
/* Reset the internal HC memory state and registers. */
- retval = xhci_reset(xhci);
+ retval = xhci_reset(xhci, XHCI_RESET_LONG_USEC);
if (retval)
return retval;
xhci_dbg(xhci, "Reset complete\n");
--- a/drivers/usb/host/xhci.h
+++ b/drivers/usb/host/xhci.h
@@ -226,6 +226,9 @@ struct xhci_op_regs {
#define CMD_ETE (1 << 14)
/* bits 15:31 are reserved (and should be preserved on writes). */
+#define XHCI_RESET_LONG_USEC (10 * 1000 * 1000)
+#define XHCI_RESET_SHORT_USEC (250 * 1000)
+
/* IMAN - Interrupt Management Register */
#define IMAN_IE (1 << 1)
#define IMAN_IP (1 << 0)
@@ -2057,11 +2060,11 @@ void xhci_free_container_ctx(struct xhci
/* xHCI host controller glue */
typedef void (*xhci_get_quirks_t)(struct device *, struct xhci_hcd *);
-int xhci_handshake(void __iomem *ptr, u32 mask, u32 done, int usec);
+int xhci_handshake(void __iomem *ptr, u32 mask, u32 done, u64 timeout_us);
void xhci_quiesce(struct xhci_hcd *xhci);
int xhci_halt(struct xhci_hcd *xhci);
int xhci_start(struct xhci_hcd *xhci);
-int xhci_reset(struct xhci_hcd *xhci);
+int xhci_reset(struct xhci_hcd *xhci, u64 timeout_us);
int xhci_run(struct usb_hcd *hcd);
int xhci_gen_setup(struct usb_hcd *hcd, xhci_get_quirks_t get_quirks);
void xhci_shutdown(struct usb_hcd *hcd);
^ permalink raw reply [flat|nested] 364+ messages in thread
* [PATCH 4.19 018/338] coresight: Fix TRCCONFIGR.QE sysfs interface
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (16 preceding siblings ...)
2022-04-14 13:08 ` [PATCH 4.19 017/338] xhci: make xhci_handshake timeout for xhci_reset() adjustable Greg Kroah-Hartman
@ 2022-04-14 13:08 ` Greg Kroah-Hartman
2022-04-14 13:08 ` [PATCH 4.19 019/338] iio: afe: rescale: use s64 for temporary scale calculations Greg Kroah-Hartman
` (325 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:08 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, James Clark, Mike Leach,
Mathieu Poirier, Suzuki K Poulose
From: James Clark <james.clark@arm.com>
commit ea75a342aed5ed72c87f38fbe0df2f5df7eae374 upstream.
It's impossible to program a valid value for TRCCONFIGR.QE
when TRCIDR0.QSUPP==0b10. In that case the following is true:
Q element support is implemented, and only supports Q elements without
instruction counts. TRCCONFIGR.QE can only take the values 0b00 or 0b11.
Currently the low bit of QSUPP is checked to see if the low bit of QE can
be written to, but as you can see when QSUPP==0b10 the low bit is cleared
making it impossible to ever write the only valid value of 0b11 to QE.
0b10 would be written instead, which is a reserved QE value even for all
values of QSUPP.
The fix is to allow writing the low bit of QE for any non zero value of
QSUPP.
This change also ensures that the low bit is always set, even when the
user attempts to only set the high bit.
Signed-off-by: James Clark <james.clark@arm.com>
Reviewed-by: Mike Leach <mike.leach@linaro.org>
Fixes: d8c66962084f ("coresight-etm4x: Controls pertaining to the reset, mode, pe and events")
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/20220120113047.2839622-2-james.clark@arm.com
Signed-off-by: Mathieu Poirier <mathieu.poirier@linaro.org>
Signed-off-by: Suzuki K Poulose <suzuki.poulose@arm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/hwtracing/coresight/coresight-etm4x-sysfs.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
--- a/drivers/hwtracing/coresight/coresight-etm4x-sysfs.c
+++ b/drivers/hwtracing/coresight/coresight-etm4x-sysfs.c
@@ -367,8 +367,12 @@ static ssize_t mode_store(struct device
mode = ETM_MODE_QELEM(config->mode);
/* start by clearing QE bits */
config->cfg &= ~(BIT(13) | BIT(14));
- /* if supported, Q elements with instruction counts are enabled */
- if ((mode & BIT(0)) && (drvdata->q_support & BIT(0)))
+ /*
+ * if supported, Q elements with instruction counts are enabled.
+ * Always set the low bit for any requested mode. Valid combos are
+ * 0b00, 0b01 and 0b11.
+ */
+ if (mode && drvdata->q_support)
config->cfg |= BIT(13);
/*
* if supported, Q elements with and without instruction
^ permalink raw reply [flat|nested] 364+ messages in thread
* [PATCH 4.19 019/338] iio: afe: rescale: use s64 for temporary scale calculations
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (17 preceding siblings ...)
2022-04-14 13:08 ` [PATCH 4.19 018/338] coresight: Fix TRCCONFIGR.QE sysfs interface Greg Kroah-Hartman
@ 2022-04-14 13:08 ` Greg Kroah-Hartman
2022-04-14 13:08 ` [PATCH 4.19 020/338] iio: inkern: apply consumer scale on IIO_VAL_INT cases Greg Kroah-Hartman
` (324 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:08 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Liam Beguin, Peter Rosin,
Andy Shevchenko, Stable, Jonathan Cameron
From: Liam Beguin <liambeguin@gmail.com>
commit 51593106b608ae4247cc8da928813347da16d025 upstream.
All four scaling coefficients can take signed values.
Make tmp a signed 64-bit integer and switch to div_s64() to preserve
signs during 64-bit divisions.
Fixes: 8b74816b5a9a ("iio: afe: rescale: new driver")
Signed-off-by: Liam Beguin <liambeguin@gmail.com>
Reviewed-by: Peter Rosin <peda@axentia.se>
Reviewed-by: Andy Shevchenko <andy.shevchenko@gmail.com>
Link: https://lore.kernel.org/r/20220108205319.2046348-5-liambeguin@gmail.com
Cc: <Stable@vger.kernel.org>
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/iio/afe/iio-rescale.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
--- a/drivers/iio/afe/iio-rescale.c
+++ b/drivers/iio/afe/iio-rescale.c
@@ -38,7 +38,7 @@ static int rescale_read_raw(struct iio_d
int *val, int *val2, long mask)
{
struct rescale *rescale = iio_priv(indio_dev);
- unsigned long long tmp;
+ s64 tmp;
int ret;
switch (mask) {
@@ -59,10 +59,10 @@ static int rescale_read_raw(struct iio_d
*val2 = rescale->denominator;
return IIO_VAL_FRACTIONAL;
case IIO_VAL_FRACTIONAL_LOG2:
- tmp = *val * 1000000000LL;
- do_div(tmp, rescale->denominator);
+ tmp = (s64)*val * 1000000000LL;
+ tmp = div_s64(tmp, rescale->denominator);
tmp *= rescale->numerator;
- do_div(tmp, 1000000000LL);
+ tmp = div_s64(tmp, 1000000000LL);
*val = tmp;
return ret;
default:
^ permalink raw reply [flat|nested] 364+ messages in thread
* [PATCH 4.19 020/338] iio: inkern: apply consumer scale on IIO_VAL_INT cases
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (18 preceding siblings ...)
2022-04-14 13:08 ` [PATCH 4.19 019/338] iio: afe: rescale: use s64 for temporary scale calculations Greg Kroah-Hartman
@ 2022-04-14 13:08 ` Greg Kroah-Hartman
2022-04-14 13:08 ` [PATCH 4.19 021/338] iio: inkern: apply consumer scale when no channel scale is available Greg Kroah-Hartman
` (323 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:08 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Liam Beguin, Peter Rosin,
Andy Shevchenko, Stable, Jonathan Cameron
From: Liam Beguin <liambeguin@gmail.com>
commit 1bca97ff95c732a516ebb68da72814194980e0a5 upstream.
When a consumer calls iio_read_channel_processed() and the channel has
an integer scale, the scale channel scale is applied and the processed
value is returned as expected.
On the other hand, if the consumer calls iio_convert_raw_to_processed()
the scaling factor requested by the consumer is not applied.
This for example causes the consumer to process mV when expecting uV.
Make sure to always apply the scaling factor requested by the consumer.
Fixes: 48e44ce0f881 ("iio:inkern: Add function to read the processed value")
Signed-off-by: Liam Beguin <liambeguin@gmail.com>
Reviewed-by: Peter Rosin <peda@axentia.se>
Reviewed-by: Andy Shevchenko <andy.shevchenko@gmail.com>
Link: https://lore.kernel.org/r/20220108205319.2046348-2-liambeguin@gmail.com
Cc: <Stable@vger.kernel.org>
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/iio/inkern.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/iio/inkern.c
+++ b/drivers/iio/inkern.c
@@ -612,7 +612,7 @@ static int iio_convert_raw_to_processed_
switch (scale_type) {
case IIO_VAL_INT:
- *processed = raw64 * scale_val;
+ *processed = raw64 * scale_val * scale;
break;
case IIO_VAL_INT_PLUS_MICRO:
if (scale_val2 < 0)
^ permalink raw reply [flat|nested] 364+ messages in thread
* [PATCH 4.19 021/338] iio: inkern: apply consumer scale when no channel scale is available
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (19 preceding siblings ...)
2022-04-14 13:08 ` [PATCH 4.19 020/338] iio: inkern: apply consumer scale on IIO_VAL_INT cases Greg Kroah-Hartman
@ 2022-04-14 13:08 ` Greg Kroah-Hartman
2022-04-14 13:08 ` [PATCH 4.19 022/338] iio: inkern: make a best effort on offset calculation Greg Kroah-Hartman
` (322 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:08 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Liam Beguin, Peter Rosin,
Andy Shevchenko, Stable, Jonathan Cameron
From: Liam Beguin <liambeguin@gmail.com>
commit 14b457fdde38de594a4bc4bd9075019319d978da upstream.
When a consumer calls iio_read_channel_processed() and no channel scale
is available, it's assumed that the scale is one and the raw value is
returned as expected.
On the other hand, if the consumer calls iio_convert_raw_to_processed()
the scaling factor requested by the consumer is not applied.
This for example causes the consumer to process mV when expecting uV.
Make sure to always apply the scaling factor requested by the consumer.
Fixes: adc8ec5ff183 ("iio: inkern: pass through raw values if no scaling")
Signed-off-by: Liam Beguin <liambeguin@gmail.com>
Reviewed-by: Peter Rosin <peda@axentia.se>
Reviewed-by: Andy Shevchenko <andy.shevchenko@gmail.com>
Link: https://lore.kernel.org/r/20220108205319.2046348-3-liambeguin@gmail.com
Cc: <Stable@vger.kernel.org>
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/iio/inkern.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
--- a/drivers/iio/inkern.c
+++ b/drivers/iio/inkern.c
@@ -603,10 +603,10 @@ static int iio_convert_raw_to_processed_
IIO_CHAN_INFO_SCALE);
if (scale_type < 0) {
/*
- * Just pass raw values as processed if no scaling is
- * available.
+ * If no channel scaling is available apply consumer scale to
+ * raw value and return.
*/
- *processed = raw;
+ *processed = raw * scale;
return 0;
}
^ permalink raw reply [flat|nested] 364+ messages in thread
* [PATCH 4.19 022/338] iio: inkern: make a best effort on offset calculation
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (20 preceding siblings ...)
2022-04-14 13:08 ` [PATCH 4.19 021/338] iio: inkern: apply consumer scale when no channel scale is available Greg Kroah-Hartman
@ 2022-04-14 13:08 ` Greg Kroah-Hartman
2022-04-14 13:08 ` [PATCH 4.19 023/338] clk: uniphier: Fix fixed-rate initialization Greg Kroah-Hartman
` (321 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:08 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Liam Beguin, Peter Rosin,
Andy Shevchenko, Stable, Jonathan Cameron
From: Liam Beguin <liambeguin@gmail.com>
commit ca85123354e1a65a22170286387b4791997fe864 upstream.
iio_convert_raw_to_processed_unlocked() assumes the offset is an
integer. Make a best effort to get a valid offset value for fractional
cases without breaking implicit truncations.
Fixes: 48e44ce0f881 ("iio:inkern: Add function to read the processed value")
Signed-off-by: Liam Beguin <liambeguin@gmail.com>
Reviewed-by: Peter Rosin <peda@axentia.se>
Reviewed-by: Andy Shevchenko <andy.shevchenko@gmail.com>
Link: https://lore.kernel.org/r/20220108205319.2046348-4-liambeguin@gmail.com
Cc: <Stable@vger.kernel.org>
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/iio/inkern.c | 32 +++++++++++++++++++++++++++-----
1 file changed, 27 insertions(+), 5 deletions(-)
--- a/drivers/iio/inkern.c
+++ b/drivers/iio/inkern.c
@@ -591,13 +591,35 @@ EXPORT_SYMBOL_GPL(iio_read_channel_avera
static int iio_convert_raw_to_processed_unlocked(struct iio_channel *chan,
int raw, int *processed, unsigned int scale)
{
- int scale_type, scale_val, scale_val2, offset;
+ int scale_type, scale_val, scale_val2;
+ int offset_type, offset_val, offset_val2;
s64 raw64 = raw;
- int ret;
- ret = iio_channel_read(chan, &offset, NULL, IIO_CHAN_INFO_OFFSET);
- if (ret >= 0)
- raw64 += offset;
+ offset_type = iio_channel_read(chan, &offset_val, &offset_val2,
+ IIO_CHAN_INFO_OFFSET);
+ if (offset_type >= 0) {
+ switch (offset_type) {
+ case IIO_VAL_INT:
+ break;
+ case IIO_VAL_INT_PLUS_MICRO:
+ case IIO_VAL_INT_PLUS_NANO:
+ /*
+ * Both IIO_VAL_INT_PLUS_MICRO and IIO_VAL_INT_PLUS_NANO
+ * implicitely truncate the offset to it's integer form.
+ */
+ break;
+ case IIO_VAL_FRACTIONAL:
+ offset_val /= offset_val2;
+ break;
+ case IIO_VAL_FRACTIONAL_LOG2:
+ offset_val >>= offset_val2;
+ break;
+ default:
+ return -EINVAL;
+ }
+
+ raw64 += offset_val;
+ }
scale_type = iio_channel_read(chan, &scale_val, &scale_val2,
IIO_CHAN_INFO_SCALE);
^ permalink raw reply [flat|nested] 364+ messages in thread
* [PATCH 4.19 023/338] clk: uniphier: Fix fixed-rate initialization
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (21 preceding siblings ...)
2022-04-14 13:08 ` [PATCH 4.19 022/338] iio: inkern: make a best effort on offset calculation Greg Kroah-Hartman
@ 2022-04-14 13:08 ` Greg Kroah-Hartman
2022-04-14 13:08 ` [PATCH 4.19 024/338] ptrace: Check PTRACE_O_SUSPEND_SECCOMP permission on PTRACE_SEIZE Greg Kroah-Hartman
` (320 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:08 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Kunihiko Hayashi, Stephen Boyd
From: Kunihiko Hayashi <hayashi.kunihiko@socionext.com>
commit ca85a66710a8a1f6b0719397225c3e9ee0abb692 upstream.
Fixed-rate clocks in UniPhier don't have any parent clocks, however,
initial data "init.flags" isn't initialized, so it might be determined
that there is a parent clock for fixed-rate clock.
This sets init.flags to zero as initialization.
Cc: <stable@vger.kernel.org>
Fixes: 734d82f4a678 ("clk: uniphier: add core support code for UniPhier clock driver")
Signed-off-by: Kunihiko Hayashi <hayashi.kunihiko@socionext.com>
Link: https://lore.kernel.org/r/1646808918-30899-1-git-send-email-hayashi.kunihiko@socionext.com
Signed-off-by: Stephen Boyd <sboyd@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/clk/uniphier/clk-uniphier-fixed-rate.c | 1 +
1 file changed, 1 insertion(+)
--- a/drivers/clk/uniphier/clk-uniphier-fixed-rate.c
+++ b/drivers/clk/uniphier/clk-uniphier-fixed-rate.c
@@ -33,6 +33,7 @@ struct clk_hw *uniphier_clk_register_fix
init.name = name;
init.ops = &clk_fixed_rate_ops;
+ init.flags = 0;
init.parent_names = NULL;
init.num_parents = 0;
^ permalink raw reply [flat|nested] 364+ messages in thread
* [PATCH 4.19 024/338] ptrace: Check PTRACE_O_SUSPEND_SECCOMP permission on PTRACE_SEIZE
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (22 preceding siblings ...)
2022-04-14 13:08 ` [PATCH 4.19 023/338] clk: uniphier: Fix fixed-rate initialization Greg Kroah-Hartman
@ 2022-04-14 13:08 ` Greg Kroah-Hartman
2022-04-14 13:08 ` [PATCH 4.19 025/338] Documentation: add link to stable release candidate tree Greg Kroah-Hartman
` (319 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:08 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, stable, Jann Horn, Eric W. Biederman
From: Jann Horn <jannh@google.com>
commit ee1fee900537b5d9560e9f937402de5ddc8412f3 upstream.
Setting PTRACE_O_SUSPEND_SECCOMP is supposed to be a highly privileged
operation because it allows the tracee to completely bypass all seccomp
filters on kernels with CONFIG_CHECKPOINT_RESTORE=y. It is only supposed to
be settable by a process with global CAP_SYS_ADMIN, and only if that
process is not subject to any seccomp filters at all.
However, while these permission checks were done on the PTRACE_SETOPTIONS
path, they were missing on the PTRACE_SEIZE path, which also sets
user-specified ptrace flags.
Move the permissions checks out into a helper function and let both
ptrace_attach() and ptrace_setoptions() call it.
Cc: stable@kernel.org
Fixes: 13c4a90119d2 ("seccomp: add ptrace options for suspend/resume")
Signed-off-by: Jann Horn <jannh@google.com>
Link: https://lkml.kernel.org/r/20220319010838.1386861-1-jannh@google.com
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
kernel/ptrace.c | 47 ++++++++++++++++++++++++++++++++---------------
1 file changed, 32 insertions(+), 15 deletions(-)
--- a/kernel/ptrace.c
+++ b/kernel/ptrace.c
@@ -364,6 +364,26 @@ bool ptrace_may_access(struct task_struc
return !err;
}
+static int check_ptrace_options(unsigned long data)
+{
+ if (data & ~(unsigned long)PTRACE_O_MASK)
+ return -EINVAL;
+
+ if (unlikely(data & PTRACE_O_SUSPEND_SECCOMP)) {
+ if (!IS_ENABLED(CONFIG_CHECKPOINT_RESTORE) ||
+ !IS_ENABLED(CONFIG_SECCOMP))
+ return -EINVAL;
+
+ if (!capable(CAP_SYS_ADMIN))
+ return -EPERM;
+
+ if (seccomp_mode(¤t->seccomp) != SECCOMP_MODE_DISABLED ||
+ current->ptrace & PT_SUSPEND_SECCOMP)
+ return -EPERM;
+ }
+ return 0;
+}
+
static int ptrace_attach(struct task_struct *task, long request,
unsigned long addr,
unsigned long flags)
@@ -375,8 +395,16 @@ static int ptrace_attach(struct task_str
if (seize) {
if (addr != 0)
goto out;
+ /*
+ * This duplicates the check in check_ptrace_options() because
+ * ptrace_attach() and ptrace_setoptions() have historically
+ * used different error codes for unknown ptrace options.
+ */
if (flags & ~(unsigned long)PTRACE_O_MASK)
goto out;
+ retval = check_ptrace_options(flags);
+ if (retval)
+ return retval;
flags = PT_PTRACED | PT_SEIZED | (flags << PT_OPT_FLAG_SHIFT);
} else {
flags = PT_PTRACED;
@@ -649,22 +677,11 @@ int ptrace_writedata(struct task_struct
static int ptrace_setoptions(struct task_struct *child, unsigned long data)
{
unsigned flags;
+ int ret;
- if (data & ~(unsigned long)PTRACE_O_MASK)
- return -EINVAL;
-
- if (unlikely(data & PTRACE_O_SUSPEND_SECCOMP)) {
- if (!IS_ENABLED(CONFIG_CHECKPOINT_RESTORE) ||
- !IS_ENABLED(CONFIG_SECCOMP))
- return -EINVAL;
-
- if (!capable(CAP_SYS_ADMIN))
- return -EPERM;
-
- if (seccomp_mode(¤t->seccomp) != SECCOMP_MODE_DISABLED ||
- current->ptrace & PT_SUSPEND_SECCOMP)
- return -EPERM;
- }
+ ret = check_ptrace_options(data);
+ if (ret)
+ return ret;
/* Avoid intermediate state when all opts are cleared */
flags = child->ptrace;
^ permalink raw reply [flat|nested] 364+ messages in thread
* [PATCH 4.19 025/338] Documentation: add link to stable release candidate tree
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (23 preceding siblings ...)
2022-04-14 13:08 ` [PATCH 4.19 024/338] ptrace: Check PTRACE_O_SUSPEND_SECCOMP permission on PTRACE_SEIZE Greg Kroah-Hartman
@ 2022-04-14 13:08 ` Greg Kroah-Hartman
2022-04-14 13:08 ` [PATCH 4.19 026/338] Documentation: update stable tree link Greg Kroah-Hartman
` (318 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:08 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Sasha Levin, Jonathan Corbet, Bagas Sanjaya
From: Bagas Sanjaya <bagasdotme@gmail.com>
commit 587d39b260c4d090166314d64be70b1f6a26b0b5 upstream.
There is also stable release candidate tree. Mention it, however with a
warning that the tree is for testing purposes.
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Sasha Levin <sashal@kernel.org>
Cc: Jonathan Corbet <corbet@lwn.net>
Cc: stable@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Bagas Sanjaya <bagasdotme@gmail.com>
Link: https://lore.kernel.org/r/20220314113329.485372-5-bagasdotme@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
Documentation/process/stable-kernel-rules.rst | 9 +++++++++
1 file changed, 9 insertions(+)
--- a/Documentation/process/stable-kernel-rules.rst
+++ b/Documentation/process/stable-kernel-rules.rst
@@ -176,6 +176,15 @@ Trees
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git
+ - The release candidate of all stable kernel versions can be found at:
+
+ https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git/
+
+ .. warning::
+ The -stable-rc tree is a snapshot in time of the stable-queue tree and
+ will change frequently, hence will be rebased often. It should only be
+ used for testing purposes (e.g. to be consumed by CI systems).
+
Review committee
----------------
^ permalink raw reply [flat|nested] 364+ messages in thread
* [PATCH 4.19 026/338] Documentation: update stable tree link
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (24 preceding siblings ...)
2022-04-14 13:08 ` [PATCH 4.19 025/338] Documentation: add link to stable release candidate tree Greg Kroah-Hartman
@ 2022-04-14 13:08 ` Greg Kroah-Hartman
2022-04-14 13:08 ` [PATCH 4.19 027/338] SUNRPC: avoid race between mod_timer() and del_timer_sync() Greg Kroah-Hartman
` (317 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:08 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Sasha Levin, Jonathan Corbet, Bagas Sanjaya
From: Bagas Sanjaya <bagasdotme@gmail.com>
commit 555d44932c67e617d89bc13c81c7efac5b51fcfa upstream.
The link to stable tree is redirected to
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git. Update
accordingly.
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Sasha Levin <sashal@kernel.org>
Cc: Jonathan Corbet <corbet@lwn.net>
Cc: stable@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Bagas Sanjaya <bagasdotme@gmail.com>
Link: https://lore.kernel.org/r/20220314113329.485372-6-bagasdotme@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
Documentation/process/stable-kernel-rules.rst | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/Documentation/process/stable-kernel-rules.rst
+++ b/Documentation/process/stable-kernel-rules.rst
@@ -174,7 +174,7 @@ Trees
- The finalized and tagged releases of all stable kernels can be found
in separate branches per version at:
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git
+ https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- The release candidate of all stable kernel versions can be found at:
^ permalink raw reply [flat|nested] 364+ messages in thread
* [PATCH 4.19 027/338] SUNRPC: avoid race between mod_timer() and del_timer_sync()
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (25 preceding siblings ...)
2022-04-14 13:08 ` [PATCH 4.19 026/338] Documentation: update stable tree link Greg Kroah-Hartman
@ 2022-04-14 13:08 ` Greg Kroah-Hartman
2022-04-14 13:08 ` [PATCH 4.19 028/338] NFSD: prevent underflow in nfssvc_decode_writeargs() Greg Kroah-Hartman
` (316 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:08 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, NeilBrown, Trond Myklebust
From: NeilBrown <neilb@suse.de>
commit 3848e96edf4788f772d83990022fa7023a233d83 upstream.
xprt_destory() claims XPRT_LOCKED and then calls del_timer_sync().
Both xprt_unlock_connect() and xprt_release() call
->release_xprt()
which drops XPRT_LOCKED and *then* xprt_schedule_autodisconnect()
which calls mod_timer().
This may result in mod_timer() being called *after* del_timer_sync().
When this happens, the timer may fire long after the xprt has been freed,
and run_timer_softirq() will probably crash.
The pairing of ->release_xprt() and xprt_schedule_autodisconnect() is
always called under ->transport_lock. So if we take ->transport_lock to
call del_timer_sync(), we can be sure that mod_timer() will run first
(if it runs at all).
Cc: stable@vger.kernel.org
Signed-off-by: NeilBrown <neilb@suse.de>
Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/sunrpc/xprt.c | 7 +++++++
1 file changed, 7 insertions(+)
--- a/net/sunrpc/xprt.c
+++ b/net/sunrpc/xprt.c
@@ -1545,7 +1545,14 @@ static void xprt_destroy(struct rpc_xprt
*/
wait_on_bit_lock(&xprt->state, XPRT_LOCKED, TASK_UNINTERRUPTIBLE);
+ /*
+ * xprt_schedule_autodisconnect() can run after XPRT_LOCKED
+ * is cleared. We use ->transport_lock to ensure the mod_timer()
+ * can only run *before* del_time_sync(), never after.
+ */
+ spin_lock(&xprt->transport_lock);
del_timer_sync(&xprt->timer);
+ spin_unlock(&xprt->transport_lock);
/*
* Destroy sockets etc from the system workqueue so they can
^ permalink raw reply [flat|nested] 364+ messages in thread
* [PATCH 4.19 028/338] NFSD: prevent underflow in nfssvc_decode_writeargs()
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (26 preceding siblings ...)
2022-04-14 13:08 ` [PATCH 4.19 027/338] SUNRPC: avoid race between mod_timer() and del_timer_sync() Greg Kroah-Hartman
@ 2022-04-14 13:08 ` Greg Kroah-Hartman
2022-04-14 13:08 ` [PATCH 4.19 029/338] NFSD: prevent integer overflow on 32 bit systems Greg Kroah-Hartman
` (315 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:08 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Dan Carpenter, Chuck Lever
From: Dan Carpenter <dan.carpenter@oracle.com>
commit 184416d4b98509fb4c3d8fc3d6dc1437896cc159 upstream.
Smatch complains:
fs/nfsd/nfsxdr.c:341 nfssvc_decode_writeargs()
warn: no lower bound on 'args->len'
Change the type to unsigned to prevent this issue.
Cc: stable@vger.kernel.org
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/nfsd/nfsproc.c | 2 +-
fs/nfsd/xdr.h | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
--- a/fs/nfsd/nfsproc.c
+++ b/fs/nfsd/nfsproc.c
@@ -228,7 +228,7 @@ nfsd_proc_write(struct svc_rqst *rqstp)
unsigned long cnt = argp->len;
unsigned int nvecs;
- dprintk("nfsd: WRITE %s %d bytes at %d\n",
+ dprintk("nfsd: WRITE %s %u bytes at %d\n",
SVCFH_fmt(&argp->fh),
argp->len, argp->offset);
--- a/fs/nfsd/xdr.h
+++ b/fs/nfsd/xdr.h
@@ -33,7 +33,7 @@ struct nfsd_readargs {
struct nfsd_writeargs {
svc_fh fh;
__u32 offset;
- int len;
+ __u32 len;
struct kvec first;
};
^ permalink raw reply [flat|nested] 364+ messages in thread
* [PATCH 4.19 029/338] NFSD: prevent integer overflow on 32 bit systems
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (27 preceding siblings ...)
2022-04-14 13:08 ` [PATCH 4.19 028/338] NFSD: prevent underflow in nfssvc_decode_writeargs() Greg Kroah-Hartman
@ 2022-04-14 13:08 ` Greg Kroah-Hartman
2022-04-14 13:08 ` [PATCH 4.19 030/338] f2fs: fix to unlock page correctly in error path of is_alive() Greg Kroah-Hartman
` (314 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:08 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Dan Carpenter, Chuck Lever
From: Dan Carpenter <dan.carpenter@oracle.com>
commit 23a9dbbe0faf124fc4c139615633b9d12a3a89ef upstream.
On a 32 bit system, the "len * sizeof(*p)" operation can have an
integer overflow.
Cc: stable@vger.kernel.org
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
include/linux/sunrpc/xdr.h | 2 ++
1 file changed, 2 insertions(+)
--- a/include/linux/sunrpc/xdr.h
+++ b/include/linux/sunrpc/xdr.h
@@ -509,6 +509,8 @@ xdr_stream_decode_uint32_array(struct xd
if (unlikely(xdr_stream_decode_u32(xdr, &len) < 0))
return -EBADMSG;
+ if (len > SIZE_MAX / sizeof(*p))
+ return -EBADMSG;
p = xdr_inline_decode(xdr, len * sizeof(*p));
if (unlikely(!p))
return -EBADMSG;
^ permalink raw reply [flat|nested] 364+ messages in thread
* [PATCH 4.19 030/338] f2fs: fix to unlock page correctly in error path of is_alive()
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (28 preceding siblings ...)
2022-04-14 13:08 ` [PATCH 4.19 029/338] NFSD: prevent integer overflow on 32 bit systems Greg Kroah-Hartman
@ 2022-04-14 13:08 ` Greg Kroah-Hartman
2022-04-14 13:08 ` [PATCH 4.19 031/338] pinctrl: samsung: drop pin banks references on error paths Greg Kroah-Hartman
` (313 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:08 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Pavel Machek, Chao Yu, Jaegeuk Kim
From: Chao Yu <chao@kernel.org>
commit 6d18762ed5cd549fde74fd0e05d4d87bac5a3beb upstream.
As Pavel Machek reported in below link [1]:
After commit 77900c45ee5c ("f2fs: fix to do sanity check in is_alive()"),
node page should be unlock via calling f2fs_put_page() in the error path
of is_alive(), otherwise, f2fs may hang when it tries to lock the node
page, fix it.
[1] https://lore.kernel.org/stable/20220124203637.GA19321@duo.ucw.cz/
Fixes: 77900c45ee5c ("f2fs: fix to do sanity check in is_alive()")
Cc: <stable@vger.kernel.org>
Reported-by: Pavel Machek <pavel@denx.de>
Signed-off-by: Pavel Machek <pavel@denx.de>
Signed-off-by: Chao Yu <chao@kernel.org>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/f2fs/gc.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
--- a/fs/f2fs/gc.c
+++ b/fs/f2fs/gc.c
@@ -589,8 +589,10 @@ static bool is_alive(struct f2fs_sb_info
set_sbi_flag(sbi, SBI_NEED_FSCK);
}
- if (f2fs_check_nid_range(sbi, dni->ino))
+ if (f2fs_check_nid_range(sbi, dni->ino)) {
+ f2fs_put_page(node_page, 1);
return false;
+ }
*nofs = ofs_of_node(node_page);
source_blkaddr = datablock_addr(NULL, node_page, ofs_in_node);
^ permalink raw reply [flat|nested] 364+ messages in thread
* [PATCH 4.19 031/338] pinctrl: samsung: drop pin banks references on error paths
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (29 preceding siblings ...)
2022-04-14 13:08 ` [PATCH 4.19 030/338] f2fs: fix to unlock page correctly in error path of is_alive() Greg Kroah-Hartman
@ 2022-04-14 13:08 ` Greg Kroah-Hartman
2022-04-14 13:08 ` [PATCH 4.19 032/338] can: ems_usb: ems_usb_start_xmit(): fix double dev_kfree_skb() in error path Greg Kroah-Hartman
` (312 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:08 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Krzysztof Kozlowski, Sam Protsenko,
Chanho Park
From: Krzysztof Kozlowski <krzysztof.kozlowski@canonical.com>
commit 50ebd19e3585b9792e994cfa8cbee8947fe06371 upstream.
The driver iterates over its devicetree children with
for_each_child_of_node() and stores for later found node pointer. This
has to be put in error paths to avoid leak during re-probing.
Fixes: ab663789d697 ("pinctrl: samsung: Match pin banks with their device nodes")
Cc: <stable@vger.kernel.org>
Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski@canonical.com>
Reviewed-by: Sam Protsenko <semen.protsenko@linaro.org>
Reviewed-by: Chanho Park <chanho61.park@samsung.com>
Link: https://lore.kernel.org/r/20220111201426.326777-2-krzysztof.kozlowski@canonical.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/pinctrl/samsung/pinctrl-samsung.c | 30 +++++++++++++++++++++++-------
1 file changed, 23 insertions(+), 7 deletions(-)
--- a/drivers/pinctrl/samsung/pinctrl-samsung.c
+++ b/drivers/pinctrl/samsung/pinctrl-samsung.c
@@ -1002,6 +1002,16 @@ samsung_pinctrl_get_soc_data_for_of_alia
return &(of_data->ctrl[id]);
}
+static void samsung_banks_of_node_put(struct samsung_pinctrl_drv_data *d)
+{
+ struct samsung_pin_bank *bank;
+ unsigned int i;
+
+ bank = d->pin_banks;
+ for (i = 0; i < d->nr_banks; ++i, ++bank)
+ of_node_put(bank->of_node);
+}
+
/* retrieve the soc specific data */
static const struct samsung_pin_ctrl *
samsung_pinctrl_get_soc_data(struct samsung_pinctrl_drv_data *d,
@@ -1116,19 +1126,19 @@ static int samsung_pinctrl_probe(struct
if (ctrl->retention_data) {
drvdata->retention_ctrl = ctrl->retention_data->init(drvdata,
ctrl->retention_data);
- if (IS_ERR(drvdata->retention_ctrl))
- return PTR_ERR(drvdata->retention_ctrl);
+ if (IS_ERR(drvdata->retention_ctrl)) {
+ ret = PTR_ERR(drvdata->retention_ctrl);
+ goto err_put_banks;
+ }
}
ret = samsung_pinctrl_register(pdev, drvdata);
if (ret)
- return ret;
+ goto err_put_banks;
ret = samsung_gpiolib_register(pdev, drvdata);
- if (ret) {
- samsung_pinctrl_unregister(pdev, drvdata);
- return ret;
- }
+ if (ret)
+ goto err_unregister;
if (ctrl->eint_gpio_init)
ctrl->eint_gpio_init(drvdata);
@@ -1138,6 +1148,12 @@ static int samsung_pinctrl_probe(struct
platform_set_drvdata(pdev, drvdata);
return 0;
+
+err_unregister:
+ samsung_pinctrl_unregister(pdev, drvdata);
+err_put_banks:
+ samsung_banks_of_node_put(drvdata);
+ return ret;
}
/**
^ permalink raw reply [flat|nested] 364+ messages in thread
* [PATCH 4.19 032/338] can: ems_usb: ems_usb_start_xmit(): fix double dev_kfree_skb() in error path
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (30 preceding siblings ...)
2022-04-14 13:08 ` [PATCH 4.19 031/338] pinctrl: samsung: drop pin banks references on error paths Greg Kroah-Hartman
@ 2022-04-14 13:08 ` Greg Kroah-Hartman
2022-04-14 13:08 ` [PATCH 4.19 033/338] jffs2: fix use-after-free in jffs2_clear_xattr_subsystem Greg Kroah-Hartman
` (311 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:08 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Sebastian Haas, Hangyu Hua,
Marc Kleine-Budde
From: Hangyu Hua <hbh25y@gmail.com>
commit c70222752228a62135cee3409dccefd494a24646 upstream.
There is no need to call dev_kfree_skb() when usb_submit_urb() fails
beacause can_put_echo_skb() deletes the original skb and
can_free_echo_skb() deletes the cloned skb.
Link: https://lore.kernel.org/all/20220228083639.38183-1-hbh25y@gmail.com
Fixes: 702171adeed3 ("ems_usb: Added support for EMS CPC-USB/ARM7 CAN/USB interface")
Cc: stable@vger.kernel.org
Cc: Sebastian Haas <haas@ems-wuensche.com>
Signed-off-by: Hangyu Hua <hbh25y@gmail.com>
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/can/usb/ems_usb.c | 1 -
1 file changed, 1 deletion(-)
--- a/drivers/net/can/usb/ems_usb.c
+++ b/drivers/net/can/usb/ems_usb.c
@@ -835,7 +835,6 @@ static netdev_tx_t ems_usb_start_xmit(st
usb_unanchor_urb(urb);
usb_free_coherent(dev->udev, size, buf, urb->transfer_dma);
- dev_kfree_skb(skb);
atomic_dec(&dev->active_tx_urbs);
^ permalink raw reply [flat|nested] 364+ messages in thread
* [PATCH 4.19 033/338] jffs2: fix use-after-free in jffs2_clear_xattr_subsystem
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (31 preceding siblings ...)
2022-04-14 13:08 ` [PATCH 4.19 032/338] can: ems_usb: ems_usb_start_xmit(): fix double dev_kfree_skb() in error path Greg Kroah-Hartman
@ 2022-04-14 13:08 ` Greg Kroah-Hartman
2022-04-14 13:08 ` [PATCH 4.19 034/338] jffs2: fix memory leak in jffs2_do_mount_fs Greg Kroah-Hartman
` (310 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:08 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hulk Robot, Baokun Li, Richard Weinberger
From: Baokun Li <libaokun1@huawei.com>
commit 4c7c44ee1650677fbe89d86edbad9497b7679b5c upstream.
When we mount a jffs2 image, assume that the first few blocks of
the image are normal and contain at least one xattr-related inode,
but the next block is abnormal. As a result, an error is returned
in jffs2_scan_eraseblock(). jffs2_clear_xattr_subsystem() is then
called in jffs2_build_filesystem() and then again in
jffs2_do_fill_super().
Finally we can observe the following report:
==================================================================
BUG: KASAN: use-after-free in jffs2_clear_xattr_subsystem+0x95/0x6ac
Read of size 8 at addr ffff8881243384e0 by task mount/719
Call Trace:
dump_stack+0x115/0x16b
jffs2_clear_xattr_subsystem+0x95/0x6ac
jffs2_do_fill_super+0x84f/0xc30
jffs2_fill_super+0x2ea/0x4c0
mtd_get_sb+0x254/0x400
mtd_get_sb_by_nr+0x4f/0xd0
get_tree_mtd+0x498/0x840
jffs2_get_tree+0x25/0x30
vfs_get_tree+0x8d/0x2e0
path_mount+0x50f/0x1e50
do_mount+0x107/0x130
__se_sys_mount+0x1c5/0x2f0
__x64_sys_mount+0xc7/0x160
do_syscall_64+0x45/0x70
entry_SYSCALL_64_after_hwframe+0x44/0xa9
Allocated by task 719:
kasan_save_stack+0x23/0x60
__kasan_kmalloc.constprop.0+0x10b/0x120
kasan_slab_alloc+0x12/0x20
kmem_cache_alloc+0x1c0/0x870
jffs2_alloc_xattr_ref+0x2f/0xa0
jffs2_scan_medium.cold+0x3713/0x4794
jffs2_do_mount_fs.cold+0xa7/0x2253
jffs2_do_fill_super+0x383/0xc30
jffs2_fill_super+0x2ea/0x4c0
[...]
Freed by task 719:
kmem_cache_free+0xcc/0x7b0
jffs2_free_xattr_ref+0x78/0x98
jffs2_clear_xattr_subsystem+0xa1/0x6ac
jffs2_do_mount_fs.cold+0x5e6/0x2253
jffs2_do_fill_super+0x383/0xc30
jffs2_fill_super+0x2ea/0x4c0
[...]
The buggy address belongs to the object at ffff8881243384b8
which belongs to the cache jffs2_xattr_ref of size 48
The buggy address is located 40 bytes inside of
48-byte region [ffff8881243384b8, ffff8881243384e8)
[...]
==================================================================
The triggering of the BUG is shown in the following stack:
-----------------------------------------------------------
jffs2_fill_super
jffs2_do_fill_super
jffs2_do_mount_fs
jffs2_build_filesystem
jffs2_scan_medium
jffs2_scan_eraseblock <--- ERROR
jffs2_clear_xattr_subsystem <--- free
jffs2_clear_xattr_subsystem <--- free again
-----------------------------------------------------------
An error is returned in jffs2_do_mount_fs(). If the error is returned
by jffs2_sum_init(), the jffs2_clear_xattr_subsystem() does not need to
be executed. If the error is returned by jffs2_build_filesystem(), the
jffs2_clear_xattr_subsystem() also does not need to be executed again.
So move jffs2_clear_xattr_subsystem() from 'out_inohash' to 'out_root'
to fix this UAF problem.
Fixes: aa98d7cf59b5 ("[JFFS2][XATTR] XATTR support on JFFS2 (version. 5)")
Cc: stable@vger.kernel.org
Reported-by: Hulk Robot <hulkci@huawei.com>
Signed-off-by: Baokun Li <libaokun1@huawei.com>
Signed-off-by: Richard Weinberger <richard@nod.at>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/jffs2/fs.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/fs/jffs2/fs.c
+++ b/fs/jffs2/fs.c
@@ -597,8 +597,8 @@ out_root:
jffs2_free_ino_caches(c);
jffs2_free_raw_node_refs(c);
kvfree(c->blocks);
- out_inohash:
jffs2_clear_xattr_subsystem(c);
+ out_inohash:
kfree(c->inocache_list);
out_wbuf:
jffs2_flash_cleanup(c);
^ permalink raw reply [flat|nested] 364+ messages in thread
* [PATCH 4.19 034/338] jffs2: fix memory leak in jffs2_do_mount_fs
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (32 preceding siblings ...)
2022-04-14 13:08 ` [PATCH 4.19 033/338] jffs2: fix use-after-free in jffs2_clear_xattr_subsystem Greg Kroah-Hartman
@ 2022-04-14 13:08 ` Greg Kroah-Hartman
2022-04-14 13:08 ` [PATCH 4.19 035/338] jffs2: fix memory leak in jffs2_scan_medium Greg Kroah-Hartman
` (309 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:08 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Baokun Li, Richard Weinberger
From: Baokun Li <libaokun1@huawei.com>
commit d051cef784de4d54835f6b6836d98a8f6935772c upstream.
If jffs2_build_filesystem() in jffs2_do_mount_fs() returns an error,
we can observe the following kmemleak report:
--------------------------------------------
unreferenced object 0xffff88811b25a640 (size 64):
comm "mount", pid 691, jiffies 4294957728 (age 71.952s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace:
[<ffffffffa493be24>] kmem_cache_alloc_trace+0x584/0x880
[<ffffffffa5423a06>] jffs2_sum_init+0x86/0x130
[<ffffffffa5400e58>] jffs2_do_mount_fs+0x798/0xac0
[<ffffffffa540acf3>] jffs2_do_fill_super+0x383/0xc30
[<ffffffffa540c00a>] jffs2_fill_super+0x2ea/0x4c0
[...]
unreferenced object 0xffff88812c760000 (size 65536):
comm "mount", pid 691, jiffies 4294957728 (age 71.952s)
hex dump (first 32 bytes):
bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb ................
bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb ................
backtrace:
[<ffffffffa493a449>] __kmalloc+0x6b9/0x910
[<ffffffffa5423a57>] jffs2_sum_init+0xd7/0x130
[<ffffffffa5400e58>] jffs2_do_mount_fs+0x798/0xac0
[<ffffffffa540acf3>] jffs2_do_fill_super+0x383/0xc30
[<ffffffffa540c00a>] jffs2_fill_super+0x2ea/0x4c0
[...]
--------------------------------------------
This is because the resources allocated in jffs2_sum_init() are not
released. Call jffs2_sum_exit() to release these resources to solve
the problem.
Fixes: e631ddba5887 ("[JFFS2] Add erase block summary support (mount time improvement)")
Cc: stable@vger.kernel.org
Signed-off-by: Baokun Li <libaokun1@huawei.com>
Signed-off-by: Richard Weinberger <richard@nod.at>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/jffs2/build.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
--- a/fs/jffs2/build.c
+++ b/fs/jffs2/build.c
@@ -415,13 +415,15 @@ int jffs2_do_mount_fs(struct jffs2_sb_in
jffs2_free_ino_caches(c);
jffs2_free_raw_node_refs(c);
ret = -EIO;
- goto out_free;
+ goto out_sum_exit;
}
jffs2_calc_trigger_levels(c);
return 0;
+ out_sum_exit:
+ jffs2_sum_exit(c);
out_free:
kvfree(c->blocks);
^ permalink raw reply [flat|nested] 364+ messages in thread
* [PATCH 4.19 035/338] jffs2: fix memory leak in jffs2_scan_medium
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (33 preceding siblings ...)
2022-04-14 13:08 ` [PATCH 4.19 034/338] jffs2: fix memory leak in jffs2_do_mount_fs Greg Kroah-Hartman
@ 2022-04-14 13:08 ` Greg Kroah-Hartman
2022-04-14 13:08 ` [PATCH 4.19 036/338] mm/pages_alloc.c: dont create ZONE_MOVABLE beyond the end of a node Greg Kroah-Hartman
` (308 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:08 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Baokun Li, Richard Weinberger
From: Baokun Li <libaokun1@huawei.com>
commit 9cdd3128874f5fe759e2c4e1360ab7fb96a8d1df upstream.
If an error is returned in jffs2_scan_eraseblock() and some memory
has been added to the jffs2_summary *s, we can observe the following
kmemleak report:
--------------------------------------------
unreferenced object 0xffff88812b889c40 (size 64):
comm "mount", pid 692, jiffies 4294838325 (age 34.288s)
hex dump (first 32 bytes):
40 48 b5 14 81 88 ff ff 01 e0 31 00 00 00 50 00 @H........1...P.
00 00 01 00 00 00 01 00 00 00 02 00 00 00 09 08 ................
backtrace:
[<ffffffffae93a3a3>] __kmalloc+0x613/0x910
[<ffffffffaf423b9c>] jffs2_sum_add_dirent_mem+0x5c/0xa0
[<ffffffffb0f3afa8>] jffs2_scan_medium.cold+0x36e5/0x4794
[<ffffffffb0f3dbe1>] jffs2_do_mount_fs.cold+0xa7/0x2267
[<ffffffffaf40acf3>] jffs2_do_fill_super+0x383/0xc30
[<ffffffffaf40c00a>] jffs2_fill_super+0x2ea/0x4c0
[<ffffffffb0315d64>] mtd_get_sb+0x254/0x400
[<ffffffffb0315f5f>] mtd_get_sb_by_nr+0x4f/0xd0
[<ffffffffb0316478>] get_tree_mtd+0x498/0x840
[<ffffffffaf40bd15>] jffs2_get_tree+0x25/0x30
[<ffffffffae9f358d>] vfs_get_tree+0x8d/0x2e0
[<ffffffffaea7a98f>] path_mount+0x50f/0x1e50
[<ffffffffaea7c3d7>] do_mount+0x107/0x130
[<ffffffffaea7c5c5>] __se_sys_mount+0x1c5/0x2f0
[<ffffffffaea7c917>] __x64_sys_mount+0xc7/0x160
[<ffffffffb10142f5>] do_syscall_64+0x45/0x70
unreferenced object 0xffff888114b54840 (size 32):
comm "mount", pid 692, jiffies 4294838325 (age 34.288s)
hex dump (first 32 bytes):
c0 75 b5 14 81 88 ff ff 02 e0 02 00 00 00 02 00 .u..............
00 00 84 00 00 00 44 00 00 00 6b 6b 6b 6b 6b a5 ......D...kkkkk.
backtrace:
[<ffffffffae93be24>] kmem_cache_alloc_trace+0x584/0x880
[<ffffffffaf423b04>] jffs2_sum_add_inode_mem+0x54/0x90
[<ffffffffb0f3bd44>] jffs2_scan_medium.cold+0x4481/0x4794
[...]
unreferenced object 0xffff888114b57280 (size 32):
comm "mount", pid 692, jiffies 4294838393 (age 34.357s)
hex dump (first 32 bytes):
10 d5 6c 11 81 88 ff ff 08 e0 05 00 00 00 01 00 ..l.............
00 00 38 02 00 00 28 00 00 00 6b 6b 6b 6b 6b a5 ..8...(...kkkkk.
backtrace:
[<ffffffffae93be24>] kmem_cache_alloc_trace+0x584/0x880
[<ffffffffaf423c34>] jffs2_sum_add_xattr_mem+0x54/0x90
[<ffffffffb0f3a24f>] jffs2_scan_medium.cold+0x298c/0x4794
[...]
unreferenced object 0xffff8881116cd510 (size 16):
comm "mount", pid 692, jiffies 4294838395 (age 34.355s)
hex dump (first 16 bytes):
00 00 00 00 00 00 00 00 09 e0 60 02 00 00 6b a5 ..........`...k.
backtrace:
[<ffffffffae93be24>] kmem_cache_alloc_trace+0x584/0x880
[<ffffffffaf423cc4>] jffs2_sum_add_xref_mem+0x54/0x90
[<ffffffffb0f3b2e3>] jffs2_scan_medium.cold+0x3a20/0x4794
[...]
--------------------------------------------
Therefore, we should call jffs2_sum_reset_collected(s) on exit to
release the memory added in s. In addition, a new tag "out_buf" is
added to prevent the NULL pointer reference caused by s being NULL.
(thanks to Zhang Yi for this analysis)
Fixes: e631ddba5887 ("[JFFS2] Add erase block summary support (mount time improvement)")
Cc: stable@vger.kernel.org
Co-developed-with: Zhihao Cheng <chengzhihao1@huawei.com>
Signed-off-by: Baokun Li <libaokun1@huawei.com>
Signed-off-by: Richard Weinberger <richard@nod.at>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/jffs2/scan.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
--- a/fs/jffs2/scan.c
+++ b/fs/jffs2/scan.c
@@ -136,7 +136,7 @@ int jffs2_scan_medium(struct jffs2_sb_in
if (!s) {
JFFS2_WARNING("Can't allocate memory for summary\n");
ret = -ENOMEM;
- goto out;
+ goto out_buf;
}
}
@@ -274,13 +274,15 @@ int jffs2_scan_medium(struct jffs2_sb_in
}
ret = 0;
out:
+ jffs2_sum_reset_collected(s);
+ kfree(s);
+ out_buf:
if (buf_size)
kfree(flashbuf);
#ifndef __ECOS
else
mtd_unpoint(c->mtd, 0, c->mtd->size);
#endif
- kfree(s);
return ret;
}
^ permalink raw reply [flat|nested] 364+ messages in thread
* [PATCH 4.19 036/338] mm/pages_alloc.c: dont create ZONE_MOVABLE beyond the end of a node
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (34 preceding siblings ...)
2022-04-14 13:08 ` [PATCH 4.19 035/338] jffs2: fix memory leak in jffs2_scan_medium Greg Kroah-Hartman
@ 2022-04-14 13:08 ` Greg Kroah-Hartman
2022-04-14 13:09 ` [PATCH 4.19 037/338] mm: invalidate hwpoison page cache page in fault path Greg Kroah-Hartman
` (307 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:08 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Alistair Popple, David Hildenbrand,
Mel Gorman, John Hubbard, Zi Yan, Anshuman Khandual,
Oscar Salvador, Andrew Morton, Linus Torvalds
From: Alistair Popple <apopple@nvidia.com>
commit ddbc84f3f595cf1fc8234a191193b5d20ad43938 upstream.
ZONE_MOVABLE uses the remaining memory in each node. Its starting pfn
is also aligned to MAX_ORDER_NR_PAGES. It is possible for the remaining
memory in a node to be less than MAX_ORDER_NR_PAGES, meaning there is
not enough room for ZONE_MOVABLE on that node.
Unfortunately this condition is not checked for. This leads to
zone_movable_pfn[] getting set to a pfn greater than the last pfn in a
node.
calculate_node_totalpages() then sets zone->present_pages to be greater
than zone->spanned_pages which is invalid, as spanned_pages represents
the maximum number of pages in a zone assuming no holes.
Subsequently it is possible free_area_init_core() will observe a zone of
size zero with present pages. In this case it will skip setting up the
zone, including the initialisation of free_lists[].
However populated_zone() checks zone->present_pages to see if a zone has
memory available. This is used by iterators such as
walk_zones_in_node(). pagetypeinfo_showfree() uses this to walk the
free_list of each zone in each node, which are assumed to be initialised
due to the zone not being empty.
As free_area_init_core() never initialised the free_lists[] this results
in the following kernel crash when trying to read /proc/pagetypeinfo:
BUG: kernel NULL pointer dereference, address: 0000000000000000
#PF: supervisor read access in kernel mode
#PF: error_code(0x0000) - not-present page
PGD 0 P4D 0
Oops: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC NOPTI
CPU: 0 PID: 456 Comm: cat Not tainted 5.16.0 #461
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.14.0-2 04/01/2014
RIP: 0010:pagetypeinfo_show+0x163/0x460
Code: 9e 82 e8 80 57 0e 00 49 8b 06 b9 01 00 00 00 4c 39 f0 75 16 e9 65 02 00 00 48 83 c1 01 48 81 f9 a0 86 01 00 0f 84 48 02 00 00 <48> 8b 00 4c 39 f0 75 e7 48 c7 c2 80 a2 e2 82 48 c7 c6 79 ef e3 82
RSP: 0018:ffffc90001c4bd10 EFLAGS: 00010003
RAX: 0000000000000000 RBX: ffff88801105f638 RCX: 0000000000000001
RDX: 0000000000000001 RSI: 000000000000068b RDI: ffff8880163dc68b
RBP: ffffc90001c4bd90 R08: 0000000000000001 R09: ffff8880163dc67e
R10: 656c6261766f6d6e R11: 6c6261766f6d6e55 R12: ffff88807ffb4a00
R13: ffff88807ffb49f8 R14: ffff88807ffb4580 R15: ffff88807ffb3000
FS: 00007f9c83eff5c0(0000) GS:ffff88807dc00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000000 CR3: 0000000013c8e000 CR4: 0000000000350ef0
Call Trace:
seq_read_iter+0x128/0x460
proc_reg_read_iter+0x51/0x80
new_sync_read+0x113/0x1a0
vfs_read+0x136/0x1d0
ksys_read+0x70/0xf0
__x64_sys_read+0x1a/0x20
do_syscall_64+0x3b/0xc0
entry_SYSCALL_64_after_hwframe+0x44/0xae
Fix this by checking that the aligned zone_movable_pfn[] does not exceed
the end of the node, and if it does skip creating a movable zone on this
node.
Link: https://lkml.kernel.org/r/20220215025831.2113067-1-apopple@nvidia.com
Fixes: 2a1e274acf0b ("Create the ZONE_MOVABLE zone")
Signed-off-by: Alistair Popple <apopple@nvidia.com>
Acked-by: David Hildenbrand <david@redhat.com>
Acked-by: Mel Gorman <mgorman@techsingularity.net>
Cc: John Hubbard <jhubbard@nvidia.com>
Cc: Zi Yan <ziy@nvidia.com>
Cc: Anshuman Khandual <anshuman.khandual@arm.com>
Cc: Oscar Salvador <osalvador@suse.de>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
mm/page_alloc.c | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
--- a/mm/page_alloc.c
+++ b/mm/page_alloc.c
@@ -6855,10 +6855,17 @@ restart:
out2:
/* Align start of ZONE_MOVABLE on all nids to MAX_ORDER_NR_PAGES */
- for (nid = 0; nid < MAX_NUMNODES; nid++)
+ for (nid = 0; nid < MAX_NUMNODES; nid++) {
+ unsigned long start_pfn, end_pfn;
+
zone_movable_pfn[nid] =
roundup(zone_movable_pfn[nid], MAX_ORDER_NR_PAGES);
+ get_pfn_range_for_nid(nid, &start_pfn, &end_pfn);
+ if (zone_movable_pfn[nid] >= end_pfn)
+ zone_movable_pfn[nid] = 0;
+ }
+
out:
/* restore the node_state */
node_states[N_MEMORY] = saved_node_state;
^ permalink raw reply [flat|nested] 364+ messages in thread
* [PATCH 4.19 037/338] mm: invalidate hwpoison page cache page in fault path
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (35 preceding siblings ...)
2022-04-14 13:08 ` [PATCH 4.19 036/338] mm/pages_alloc.c: dont create ZONE_MOVABLE beyond the end of a node Greg Kroah-Hartman
@ 2022-04-14 13:09 ` Greg Kroah-Hartman
2022-04-14 13:09 ` [PATCH 4.19 038/338] mempolicy: mbind_range() set_policy() after vma_merge() Greg Kroah-Hartman
` (306 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:09 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Rik van Riel, Miaohe Lin,
Naoya Horiguchi, Oscar Salvador, John Hubbard, Mel Gorman,
Johannes Weiner, Matthew Wilcox, Andrew Morton, Linus Torvalds
From: Rik van Riel <riel@surriel.com>
commit e53ac7374e64dede04d745ff0e70ff5048378d1f upstream.
Sometimes the page offlining code can leave behind a hwpoisoned clean
page cache page. This can lead to programs being killed over and over
and over again as they fault in the hwpoisoned page, get killed, and
then get re-spawned by whatever wanted to run them.
This is particularly embarrassing when the page was offlined due to
having too many corrected memory errors. Now we are killing tasks due
to them trying to access memory that probably isn't even corrupted.
This problem can be avoided by invalidating the page from the page fault
handler, which already has a branch for dealing with these kinds of
pages. With this patch we simply pretend the page fault was successful
if the page was invalidated, return to userspace, incur another page
fault, read in the file from disk (to a new memory page), and then
everything works again.
Link: https://lkml.kernel.org/r/20220212213740.423efcea@imladris.surriel.com
Signed-off-by: Rik van Riel <riel@surriel.com>
Reviewed-by: Miaohe Lin <linmiaohe@huawei.com>
Acked-by: Naoya Horiguchi <naoya.horiguchi@nec.com>
Reviewed-by: Oscar Salvador <osalvador@suse.de>
Cc: John Hubbard <jhubbard@nvidia.com>
Cc: Mel Gorman <mgorman@suse.de>
Cc: Johannes Weiner <hannes@cmpxchg.org>
Cc: Matthew Wilcox <willy@infradead.org>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
mm/memory.c | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
--- a/mm/memory.c
+++ b/mm/memory.c
@@ -3416,11 +3416,16 @@ static vm_fault_t __do_fault(struct vm_f
return ret;
if (unlikely(PageHWPoison(vmf->page))) {
- if (ret & VM_FAULT_LOCKED)
+ vm_fault_t poisonret = VM_FAULT_HWPOISON;
+ if (ret & VM_FAULT_LOCKED) {
+ /* Retry if a clean page was removed from the cache. */
+ if (invalidate_inode_page(vmf->page))
+ poisonret = 0;
unlock_page(vmf->page);
+ }
put_page(vmf->page);
vmf->page = NULL;
- return VM_FAULT_HWPOISON;
+ return poisonret;
}
if (unlikely(!(ret & VM_FAULT_LOCKED)))
^ permalink raw reply [flat|nested] 364+ messages in thread
* [PATCH 4.19 038/338] mempolicy: mbind_range() set_policy() after vma_merge()
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (36 preceding siblings ...)
2022-04-14 13:09 ` [PATCH 4.19 037/338] mm: invalidate hwpoison page cache page in fault path Greg Kroah-Hartman
@ 2022-04-14 13:09 ` Greg Kroah-Hartman
2022-04-14 13:09 ` [PATCH 4.19 039/338] scsi: libsas: Fix sas_ata_qc_issue() handling of NCQ NON DATA commands Greg Kroah-Hartman
` (305 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:09 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hugh Dickins, Oleg Nesterov,
Liam R. Howlett, Vlastimil Babka, Andrew Morton, Linus Torvalds
From: Hugh Dickins <hughd@google.com>
commit 4e0906008cdb56381638aa17d9c32734eae6d37a upstream.
v2.6.34 commit 9d8cebd4bcd7 ("mm: fix mbind vma merge problem") introduced
vma_merge() to mbind_range(); but unlike madvise, mlock and mprotect, it
put a "continue" to next vma where its precedents go to update flags on
current vma before advancing: that left vma with the wrong setting in the
infamous vma_merge() case 8.
v3.10 commit 1444f92c8498 ("mm: merging memory blocks resets mempolicy")
tried to fix that in vma_adjust(), without fully understanding the issue.
v3.11 commit 3964acd0dbec ("mm: mempolicy: fix mbind_range() &&
vma_adjust() interaction") reverted that, and went about the fix in the
right way, but chose to optimize out an unnecessary mpol_dup() with a
prior mpol_equal() test. But on tmpfs, that also pessimized out the vital
call to its ->set_policy(), leaving the new mbind unenforced.
The user visible effect was that the pages got allocated on the local
node (happened to be 0), after the mbind() caller had specifically
asked for them to be allocated on node 1. There was not any page
migration involved in the case reported: the pages simply got allocated
on the wrong node.
Just delete that optimization now (though it could be made conditional on
vma not having a set_policy). Also remove the "next" variable: it turned
out to be blameless, but also pointless.
Link: https://lkml.kernel.org/r/319e4db9-64ae-4bca-92f0-ade85d342ff@google.com
Fixes: 3964acd0dbec ("mm: mempolicy: fix mbind_range() && vma_adjust() interaction")
Signed-off-by: Hugh Dickins <hughd@google.com>
Acked-by: Oleg Nesterov <oleg@redhat.com>
Reviewed-by: Liam R. Howlett <Liam.Howlett@oracle.com>
Cc: Vlastimil Babka <vbabka@suse.cz>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
mm/mempolicy.c | 8 +-------
1 file changed, 1 insertion(+), 7 deletions(-)
--- a/mm/mempolicy.c
+++ b/mm/mempolicy.c
@@ -732,7 +732,6 @@ static int vma_replace_policy(struct vm_
static int mbind_range(struct mm_struct *mm, unsigned long start,
unsigned long end, struct mempolicy *new_pol)
{
- struct vm_area_struct *next;
struct vm_area_struct *prev;
struct vm_area_struct *vma;
int err = 0;
@@ -748,8 +747,7 @@ static int mbind_range(struct mm_struct
if (start > vma->vm_start)
prev = vma;
- for (; vma && vma->vm_start < end; prev = vma, vma = next) {
- next = vma->vm_next;
+ for (; vma && vma->vm_start < end; prev = vma, vma = vma->vm_next) {
vmstart = max(start, vma->vm_start);
vmend = min(end, vma->vm_end);
@@ -763,10 +761,6 @@ static int mbind_range(struct mm_struct
new_pol, vma->vm_userfaultfd_ctx);
if (prev) {
vma = prev;
- next = vma->vm_next;
- if (mpol_equal(vma_policy(vma), new_pol))
- continue;
- /* vma_merge() joined vma && vma->next, case 8 */
goto replace;
}
if (vma->vm_start != vmstart) {
^ permalink raw reply [flat|nested] 364+ messages in thread
* [PATCH 4.19 039/338] scsi: libsas: Fix sas_ata_qc_issue() handling of NCQ NON DATA commands
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (37 preceding siblings ...)
2022-04-14 13:09 ` [PATCH 4.19 038/338] mempolicy: mbind_range() set_policy() after vma_merge() Greg Kroah-Hartman
@ 2022-04-14 13:09 ` Greg Kroah-Hartman
2022-04-14 13:09 ` [PATCH 4.19 040/338] qed: display VF trust config Greg Kroah-Hartman
` (304 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:09 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, John Garry, Jack Wang,
Damien Le Moal, Martin K. Petersen
From: Damien Le Moal <damien.lemoal@opensource.wdc.com>
commit 8454563e4c2aafbfb81a383ab423ea8b9b430a25 upstream.
To detect for the DMA_NONE (no data transfer) DMA direction,
sas_ata_qc_issue() tests if the command protocol is ATA_PROT_NODATA. This
test does not include the ATA_CMD_NCQ_NON_DATA command as this command
protocol is defined as ATA_PROT_NCQ_NODATA (equal to ATA_PROT_FLAG_NCQ) and
not as ATA_PROT_NODATA.
To include both NCQ and non-NCQ commands when testing for the DMA_NONE DMA
direction, use "!ata_is_data()".
Link: https://lore.kernel.org/r/20220220031810.738362-2-damien.lemoal@opensource.wdc.com
Fixes: 176ddd89171d ("scsi: libsas: Reset num_scatter if libata marks qc as NODATA")
Cc: stable@vger.kernel.org
Reviewed-by: John Garry <john.garry@huawei.com>
Reviewed-by: Jack Wang <jinpu.wang@ionos.com>
Signed-off-by: Damien Le Moal <damien.lemoal@opensource.wdc.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/scsi/libsas/sas_ata.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/scsi/libsas/sas_ata.c
+++ b/drivers/scsi/libsas/sas_ata.c
@@ -216,7 +216,7 @@ static unsigned int sas_ata_qc_issue(str
task->total_xfer_len = qc->nbytes;
task->num_scatter = qc->n_elem;
task->data_dir = qc->dma_dir;
- } else if (qc->tf.protocol == ATA_PROT_NODATA) {
+ } else if (!ata_is_data(qc->tf.protocol)) {
task->data_dir = DMA_NONE;
} else {
for_each_sg(qc->sg, sg, qc->n_elem, si)
^ permalink raw reply [flat|nested] 364+ messages in thread
* [PATCH 4.19 040/338] qed: display VF trust config
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (38 preceding siblings ...)
2022-04-14 13:09 ` [PATCH 4.19 039/338] scsi: libsas: Fix sas_ata_qc_issue() handling of NCQ NON DATA commands Greg Kroah-Hartman
@ 2022-04-14 13:09 ` Greg Kroah-Hartman
2022-04-14 13:09 ` [PATCH 4.19 041/338] qed: validate and restrict untrusted VFs vlan promisc mode Greg Kroah-Hartman
` (303 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:09 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Manish Chopra, Ariel Elior, David S. Miller
From: Manish Chopra <manishc@marvell.com>
commit 4e6e6bec7440b9b76f312f28b1f4e944eebb3abc upstream.
Driver does support SR-IOV VFs trust configuration but
it does not display it when queried via ip link utility.
Cc: stable@vger.kernel.org
Fixes: f990c82c385b ("qed*: Add support for ndo_set_vf_trust")
Signed-off-by: Manish Chopra <manishc@marvell.com>
Signed-off-by: Ariel Elior <aelior@marvell.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/ethernet/qlogic/qed/qed_sriov.c | 1 +
1 file changed, 1 insertion(+)
--- a/drivers/net/ethernet/qlogic/qed/qed_sriov.c
+++ b/drivers/net/ethernet/qlogic/qed/qed_sriov.c
@@ -4709,6 +4709,7 @@ static int qed_get_vf_config(struct qed_
tx_rate = vf_info->tx_rate;
ivi->max_tx_rate = tx_rate ? tx_rate : link.speed;
ivi->min_tx_rate = qed_iov_get_vf_min_rate(hwfn, vf_id);
+ ivi->trusted = vf_info->is_trusted_request;
return 0;
}
^ permalink raw reply [flat|nested] 364+ messages in thread
* [PATCH 4.19 041/338] qed: validate and restrict untrusted VFs vlan promisc mode
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (39 preceding siblings ...)
2022-04-14 13:09 ` [PATCH 4.19 040/338] qed: display VF trust config Greg Kroah-Hartman
@ 2022-04-14 13:09 ` Greg Kroah-Hartman
2022-04-14 13:09 ` [PATCH 4.19 042/338] Revert "Input: clear BTN_RIGHT/MIDDLE on buttonpads" Greg Kroah-Hartman
` (302 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:09 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Manish Chopra, Ariel Elior, David S. Miller
From: Manish Chopra <manishc@marvell.com>
commit cbcc44db2cf7b836896733acc0e5ea966136ed22 upstream.
Today when VFs are put in promiscuous mode, they can request PF
to configure device for them to receive all VLANs traffic regardless
of what vlan is configured by the PF (via ip link) and PF allows this
config request regardless of whether VF is trusted or not.
>From security POV, when VLAN is configured for VF through PF (via ip link),
honour such config requests from VF only when they are configured to be
trusted, otherwise restrict such VFs vlan promisc mode config.
Cc: stable@vger.kernel.org
Fixes: f990c82c385b ("qed*: Add support for ndo_set_vf_trust")
Signed-off-by: Manish Chopra <manishc@marvell.com>
Signed-off-by: Ariel Elior <aelior@marvell.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/ethernet/qlogic/qed/qed_sriov.c | 28 ++++++++++++++++++++++++++--
drivers/net/ethernet/qlogic/qed/qed_sriov.h | 1 +
2 files changed, 27 insertions(+), 2 deletions(-)
--- a/drivers/net/ethernet/qlogic/qed/qed_sriov.c
+++ b/drivers/net/ethernet/qlogic/qed/qed_sriov.c
@@ -3002,12 +3002,16 @@ static int qed_iov_pre_update_vport(stru
u8 mask = QED_ACCEPT_UCAST_UNMATCHED | QED_ACCEPT_MCAST_UNMATCHED;
struct qed_filter_accept_flags *flags = ¶ms->accept_flags;
struct qed_public_vf_info *vf_info;
+ u16 tlv_mask;
+
+ tlv_mask = BIT(QED_IOV_VP_UPDATE_ACCEPT_PARAM) |
+ BIT(QED_IOV_VP_UPDATE_ACCEPT_ANY_VLAN);
/* Untrusted VFs can't even be trusted to know that fact.
* Simply indicate everything is configured fine, and trace
* configuration 'behind their back'.
*/
- if (!(*tlvs & BIT(QED_IOV_VP_UPDATE_ACCEPT_PARAM)))
+ if (!(*tlvs & tlv_mask))
return 0;
vf_info = qed_iov_get_public_vf_info(hwfn, vfid, true);
@@ -3024,6 +3028,13 @@ static int qed_iov_pre_update_vport(stru
flags->tx_accept_filter &= ~mask;
}
+ if (params->update_accept_any_vlan_flg) {
+ vf_info->accept_any_vlan = params->accept_any_vlan;
+
+ if (vf_info->forced_vlan && !vf_info->is_trusted_configured)
+ params->accept_any_vlan = false;
+ }
+
return 0;
}
@@ -5140,6 +5151,12 @@ static void qed_iov_handle_trust_change(
params.update_ctl_frame_check = 1;
params.mac_chk_en = !vf_info->is_trusted_configured;
+ params.update_accept_any_vlan_flg = 0;
+
+ if (vf_info->accept_any_vlan && vf_info->forced_vlan) {
+ params.update_accept_any_vlan_flg = 1;
+ params.accept_any_vlan = vf_info->accept_any_vlan;
+ }
if (vf_info->rx_accept_mode & mask) {
flags->update_rx_mode_config = 1;
@@ -5155,13 +5172,20 @@ static void qed_iov_handle_trust_change(
if (!vf_info->is_trusted_configured) {
flags->rx_accept_filter &= ~mask;
flags->tx_accept_filter &= ~mask;
+ params.accept_any_vlan = false;
}
if (flags->update_rx_mode_config ||
flags->update_tx_mode_config ||
- params.update_ctl_frame_check)
+ params.update_ctl_frame_check ||
+ params.update_accept_any_vlan_flg) {
+ DP_VERBOSE(hwfn, QED_MSG_IOV,
+ "vport update config for %s VF[abs 0x%x rel 0x%x]\n",
+ vf_info->is_trusted_configured ? "trusted" : "untrusted",
+ vf->abs_vf_id, vf->relative_vf_id);
qed_sp_vport_update(hwfn, ¶ms,
QED_SPQ_MODE_EBLOCK, NULL);
+ }
}
}
--- a/drivers/net/ethernet/qlogic/qed/qed_sriov.h
+++ b/drivers/net/ethernet/qlogic/qed/qed_sriov.h
@@ -88,6 +88,7 @@ struct qed_public_vf_info {
bool is_trusted_request;
u8 rx_accept_mode;
u8 tx_accept_mode;
+ bool accept_any_vlan;
};
struct qed_iov_vf_init_params {
^ permalink raw reply [flat|nested] 364+ messages in thread
* [PATCH 4.19 042/338] Revert "Input: clear BTN_RIGHT/MIDDLE on buttonpads"
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (40 preceding siblings ...)
2022-04-14 13:09 ` [PATCH 4.19 041/338] qed: validate and restrict untrusted VFs vlan promisc mode Greg Kroah-Hartman
@ 2022-04-14 13:09 ` Greg Kroah-Hartman
2022-04-14 13:09 ` [PATCH 4.19 043/338] ALSA: cs4236: fix an incorrect NULL check on list iterator Greg Kroah-Hartman
` (301 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:09 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, José Expósito,
Hans de Goede, Peter Hutterer, Benjamin Tissoires,
Dmitry Torokhov
From: José Expósito <jose.exposito89@gmail.com>
commit 8b188fba75195745026e11d408e4a7e94e01d701 upstream.
This reverts commit 37ef4c19b4c659926ce65a7ac709ceaefb211c40.
The touchpad present in the Dell Precision 7550 and 7750 laptops
reports a HID_DG_BUTTONTYPE of type MT_BUTTONTYPE_CLICKPAD. However,
the device is not a clickpad, it is a touchpad with physical buttons.
In order to fix this issue, a quirk for the device was introduced in
libinput [1] [2] to disable the INPUT_PROP_BUTTONPAD property:
[Precision 7x50 Touchpad]
MatchBus=i2c
MatchUdevType=touchpad
MatchDMIModalias=dmi:*svnDellInc.:pnPrecision7?50*
AttrInputPropDisable=INPUT_PROP_BUTTONPAD
However, because of the change introduced in 37ef4c19b4 ("Input: clear
BTN_RIGHT/MIDDLE on buttonpads") the BTN_RIGHT key bit is not mapped
anymore breaking the device right click button and making impossible to
workaround it in user space.
In order to avoid breakage on other present or future devices, revert
the patch causing the issue.
Signed-off-by: José Expósito <jose.exposito89@gmail.com>
Reviewed-by: Hans de Goede <hdegoede@redhat.com>
Acked-by: Peter Hutterer <peter.hutterer@who-t.net>
Acked-by: Benjamin Tissoires <benjamin.tissoires@redhat.com>
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/20220321184404.20025-1-jose.exposito89@gmail.com
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/input/input.c | 6 ------
1 file changed, 6 deletions(-)
--- a/drivers/input/input.c
+++ b/drivers/input/input.c
@@ -2118,12 +2118,6 @@ int input_register_device(struct input_d
/* KEY_RESERVED is not supposed to be transmitted to userspace. */
__clear_bit(KEY_RESERVED, dev->keybit);
- /* Buttonpads should not map BTN_RIGHT and/or BTN_MIDDLE. */
- if (test_bit(INPUT_PROP_BUTTONPAD, dev->propbit)) {
- __clear_bit(BTN_RIGHT, dev->keybit);
- __clear_bit(BTN_MIDDLE, dev->keybit);
- }
-
/* Make sure that bitmasks not mentioned in dev->evbit are clean. */
input_cleanse_bitmasks(dev);
^ permalink raw reply [flat|nested] 364+ messages in thread
* [PATCH 4.19 043/338] ALSA: cs4236: fix an incorrect NULL check on list iterator
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (41 preceding siblings ...)
2022-04-14 13:09 ` [PATCH 4.19 042/338] Revert "Input: clear BTN_RIGHT/MIDDLE on buttonpads" Greg Kroah-Hartman
@ 2022-04-14 13:09 ` Greg Kroah-Hartman
2022-04-14 13:09 ` [PATCH 4.19 044/338] ALSA: hda/realtek: Fix audio regression on Mi Notebook Pro 2020 Greg Kroah-Hartman
` (300 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:09 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Xiaomeng Tong, Takashi Iwai
From: Xiaomeng Tong <xiam0nd.tong@gmail.com>
commit 0112f822f8a6d8039c94e0bc9b264d7ffc5d4704 upstream.
The bug is here:
err = snd_card_cs423x_pnp(dev, card->private_data, pdev, cdev);
The list iterator value 'cdev' will *always* be set and non-NULL
by list_for_each_entry(), so it is incorrect to assume that the
iterator value will be NULL if the list is empty or no element
is found.
To fix the bug, use a new variable 'iter' as the list iterator,
while use the original variable 'cdev' as a dedicated pointer
to point to the found element. And snd_card_cs423x_pnp() itself
has NULL check for cdev.
Cc: stable@vger.kernel.org
Fixes: c2b73d1458014 ("ALSA: cs4236: cs4232 and cs4236 driver merge to solve PnP BIOS detection")
Signed-off-by: Xiaomeng Tong <xiam0nd.tong@gmail.com>
Link: https://lore.kernel.org/r/20220327060822.4735-1-xiam0nd.tong@gmail.com
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
sound/isa/cs423x/cs4236.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
--- a/sound/isa/cs423x/cs4236.c
+++ b/sound/isa/cs423x/cs4236.c
@@ -559,7 +559,7 @@ static int snd_cs423x_pnpbios_detect(str
static int dev;
int err;
struct snd_card *card;
- struct pnp_dev *cdev;
+ struct pnp_dev *cdev, *iter;
char cid[PNP_ID_LEN];
if (pnp_device_is_isapnp(pdev))
@@ -575,9 +575,11 @@ static int snd_cs423x_pnpbios_detect(str
strcpy(cid, pdev->id[0].id);
cid[5] = '1';
cdev = NULL;
- list_for_each_entry(cdev, &(pdev->protocol->devices), protocol_list) {
- if (!strcmp(cdev->id[0].id, cid))
+ list_for_each_entry(iter, &(pdev->protocol->devices), protocol_list) {
+ if (!strcmp(iter->id[0].id, cid)) {
+ cdev = iter;
break;
+ }
}
err = snd_cs423x_card_new(&pdev->dev, dev, &card);
if (err < 0)
^ permalink raw reply [flat|nested] 364+ messages in thread
* [PATCH 4.19 044/338] ALSA: hda/realtek: Fix audio regression on Mi Notebook Pro 2020
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (42 preceding siblings ...)
2022-04-14 13:09 ` [PATCH 4.19 043/338] ALSA: cs4236: fix an incorrect NULL check on list iterator Greg Kroah-Hartman
@ 2022-04-14 13:09 ` Greg Kroah-Hartman
2022-04-14 13:09 ` [PATCH 4.19 045/338] mm,hwpoison: unmap poisoned page before invalidation Greg Kroah-Hartman
` (299 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:09 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, kernel test robot, Dan Carpenter,
Kai-Heng Feng, Takashi Iwai
From: Kai-Heng Feng <kai.heng.feng@canonical.com>
commit f30741cded62f87bb4b1cc58bc627f076abcaba8 upstream.
Commit 5aec98913095 ("ALSA: hda/realtek - ALC236 headset MIC recording
issue") is to solve recording issue met on AL236, by matching codec
variant ALC269_TYPE_ALC257 and ALC269_TYPE_ALC256.
This match can be too broad and Mi Notebook Pro 2020 is broken by the
patch.
Instead, use codec ID to be narrow down the scope, in order to make
ALC256 unaffected.
Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=215484
Fixes: 5aec98913095 ("ALSA: hda/realtek - ALC236 headset MIC recording issue")
Reported-by: kernel test robot <lkp@intel.com>
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Kai-Heng Feng <kai.heng.feng@canonical.com>
Link: https://lore.kernel.org/r/20220330061335.1015533-1-kai.heng.feng@canonical.com
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
sound/pci/hda/patch_realtek.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/sound/pci/hda/patch_realtek.c
+++ b/sound/pci/hda/patch_realtek.c
@@ -3400,8 +3400,8 @@ static void alc256_shutup(struct hda_cod
/* If disable 3k pulldown control for alc257, the Mic detection will not work correctly
* when booting with headset plugged. So skip setting it for the codec alc257
*/
- if (spec->codec_variant != ALC269_TYPE_ALC257 &&
- spec->codec_variant != ALC269_TYPE_ALC256)
+ if (codec->core.vendor_id != 0x10ec0236 &&
+ codec->core.vendor_id != 0x10ec0257)
alc_update_coef_idx(codec, 0x46, 0, 3 << 12);
if (!spec->no_shutup_pins)
^ permalink raw reply [flat|nested] 364+ messages in thread
* [PATCH 4.19 045/338] mm,hwpoison: unmap poisoned page before invalidation
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (43 preceding siblings ...)
2022-04-14 13:09 ` [PATCH 4.19 044/338] ALSA: hda/realtek: Fix audio regression on Mi Notebook Pro 2020 Greg Kroah-Hartman
@ 2022-04-14 13:09 ` Greg Kroah-Hartman
2022-04-14 13:09 ` [PATCH 4.19 046/338] drbd: fix potential silent data corruption Greg Kroah-Hartman
` (298 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:09 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Rik van Riel, Miaohe Lin,
Naoya Horiguchi, Oscar Salvador, Mel Gorman, Johannes Weiner,
Andrew Morton, Linus Torvalds
From: Rik van Riel <riel@surriel.com>
commit 3149c79f3cb0e2e3bafb7cfadacec090cbd250d3 upstream.
In some cases it appears the invalidation of a hwpoisoned page fails
because the page is still mapped in another process. This can cause a
program to be continuously restarted and die when it page faults on the
page that was not invalidated. Avoid that problem by unmapping the
hwpoisoned page when we find it.
Another issue is that sometimes we end up oopsing in finish_fault, if
the code tries to do something with the now-NULL vmf->page. I did not
hit this error when submitting the previous patch because there are
several opportunities for alloc_set_pte to bail out before accessing
vmf->page, and that apparently happened on those systems, and most of
the time on other systems, too.
However, across several million systems that error does occur a handful
of times a day. It can be avoided by returning VM_FAULT_NOPAGE which
will cause do_read_fault to return before calling finish_fault.
Link: https://lkml.kernel.org/r/20220325161428.5068d97e@imladris.surriel.com
Fixes: e53ac7374e64 ("mm: invalidate hwpoison page cache page in fault path")
Signed-off-by: Rik van Riel <riel@surriel.com>
Reviewed-by: Miaohe Lin <linmiaohe@huawei.com>
Tested-by: Naoya Horiguchi <naoya.horiguchi@nec.com>
Reviewed-by: Oscar Salvador <osalvador@suse.de>
Cc: Mel Gorman <mgorman@suse.de>
Cc: Johannes Weiner <hannes@cmpxchg.org>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
mm/memory.c | 12 ++++++++----
1 file changed, 8 insertions(+), 4 deletions(-)
--- a/mm/memory.c
+++ b/mm/memory.c
@@ -3416,14 +3416,18 @@ static vm_fault_t __do_fault(struct vm_f
return ret;
if (unlikely(PageHWPoison(vmf->page))) {
+ struct page *page = vmf->page;
vm_fault_t poisonret = VM_FAULT_HWPOISON;
if (ret & VM_FAULT_LOCKED) {
+ if (page_mapped(page))
+ unmap_mapping_pages(page_mapping(page),
+ page->index, 1, false);
/* Retry if a clean page was removed from the cache. */
- if (invalidate_inode_page(vmf->page))
- poisonret = 0;
- unlock_page(vmf->page);
+ if (invalidate_inode_page(page))
+ poisonret = VM_FAULT_NOPAGE;
+ unlock_page(page);
}
- put_page(vmf->page);
+ put_page(page);
vmf->page = NULL;
return poisonret;
}
^ permalink raw reply [flat|nested] 364+ messages in thread
* [PATCH 4.19 046/338] drbd: fix potential silent data corruption
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (44 preceding siblings ...)
2022-04-14 13:09 ` [PATCH 4.19 045/338] mm,hwpoison: unmap poisoned page before invalidation Greg Kroah-Hartman
@ 2022-04-14 13:09 ` Greg Kroah-Hartman
2022-04-14 13:09 ` [PATCH 4.19 047/338] powerpc/kvm: Fix kvm_use_magic_page Greg Kroah-Hartman
` (297 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:09 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Lars Ellenberg,
Christoph Böhmwalder, Jens Axboe
From: Lars Ellenberg <lars.ellenberg@linbit.com>
commit f4329d1f848ac35757d9cc5487669d19dfc5979c upstream.
Scenario:
---------
bio chain generated by blk_queue_split().
Some split bio fails and propagates its error status to the "parent" bio.
But then the (last part of the) parent bio itself completes without error.
We would clobber the already recorded error status with BLK_STS_OK,
causing silent data corruption.
Reproducer:
-----------
How to trigger this in the real world within seconds:
DRBD on top of degraded parity raid,
small stripe_cache_size, large read_ahead setting.
Drop page cache (sysctl vm.drop_caches=1, fadvise "DONTNEED",
umount and mount again, "reboot").
Cause significant read ahead.
Large read ahead request is split by blk_queue_split().
Parts of the read ahead that are already in the stripe cache,
or find an available stripe cache to use, can be serviced.
Parts of the read ahead that would need "too much work",
would need to wait for a "stripe_head" to become available,
are rejected immediately.
For larger read ahead requests that are split in many pieces, it is very
likely that some "splits" will be serviced, but then the stripe cache is
exhausted/busy, and the remaining ones will be rejected.
Signed-off-by: Lars Ellenberg <lars.ellenberg@linbit.com>
Signed-off-by: Christoph Böhmwalder <christoph.boehmwalder@linbit.com>
Cc: <stable@vger.kernel.org> # 4.13.x
Link: https://lore.kernel.org/r/20220330185551.3553196-1-christoph.boehmwalder@linbit.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/block/drbd/drbd_req.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/drivers/block/drbd/drbd_req.c
+++ b/drivers/block/drbd/drbd_req.c
@@ -207,7 +207,8 @@ void start_new_tl_epoch(struct drbd_conn
void complete_master_bio(struct drbd_device *device,
struct bio_and_error *m)
{
- m->bio->bi_status = errno_to_blk_status(m->error);
+ if (unlikely(m->error))
+ m->bio->bi_status = errno_to_blk_status(m->error);
bio_endio(m->bio);
dec_ap_bio(device);
}
^ permalink raw reply [flat|nested] 364+ messages in thread
* [PATCH 4.19 047/338] powerpc/kvm: Fix kvm_use_magic_page
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (45 preceding siblings ...)
2022-04-14 13:09 ` [PATCH 4.19 046/338] drbd: fix potential silent data corruption Greg Kroah-Hartman
@ 2022-04-14 13:09 ` Greg Kroah-Hartman
2022-04-14 13:09 ` [PATCH 4.19 048/338] ACPI: properties: Consistently return -ENOENT if there are no more references Greg Kroah-Hartman
` (296 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:09 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Andreas Gruenbacher, Anand Jain
From: Andreas Gruenbacher <agruenba@redhat.com>
commit 0c8eb2884a42d992c7726539328b7d3568f22143 upstream.
When switching from __get_user to fault_in_pages_readable, commit
9f9eae5ce717 broke kvm_use_magic_page: like __get_user,
fault_in_pages_readable returns 0 on success.
Fixes: 9f9eae5ce717 ("powerpc/kvm: Prefer fault_in_pages_readable function")
Cc: stable@vger.kernel.org # v4.18+
Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
Signed-off-by: Anand Jain <anand.jain@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/powerpc/kernel/kvm.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/arch/powerpc/kernel/kvm.c
+++ b/arch/powerpc/kernel/kvm.c
@@ -680,7 +680,7 @@ static void kvm_use_magic_page(void)
on_each_cpu(kvm_map_magic_page, &features, 1);
/* Quick self-test to see if the mapping works */
- if (!fault_in_pages_readable((const char *)KVM_MAGIC_PAGE, sizeof(u32))) {
+ if (fault_in_pages_readable((const char *)KVM_MAGIC_PAGE, sizeof(u32))) {
kvm_patching_worked = false;
return;
}
^ permalink raw reply [flat|nested] 364+ messages in thread
* [PATCH 4.19 048/338] ACPI: properties: Consistently return -ENOENT if there are no more references
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (46 preceding siblings ...)
2022-04-14 13:09 ` [PATCH 4.19 047/338] powerpc/kvm: Fix kvm_use_magic_page Greg Kroah-Hartman
@ 2022-04-14 13:09 ` Greg Kroah-Hartman
2022-04-14 13:09 ` [PATCH 4.19 049/338] drivers: hamradio: 6pack: fix UAF bug caused by mod_timer() Greg Kroah-Hartman
` (295 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:09 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Sakari Ailus, Rafael J. Wysocki
From: Sakari Ailus <sakari.ailus@linux.intel.com>
commit babc92da5928f81af951663fc436997352e02d3a upstream.
__acpi_node_get_property_reference() is documented to return -ENOENT if
the caller requests a property reference at an index that does not exist,
not -EINVAL which it actually does.
Fix this by returning -ENOENT consistenly, independently of whether the
property value is a plain reference or a package.
Fixes: c343bc2ce2c6 ("ACPI: properties: Align return codes of __acpi_node_get_property_reference()")
Cc: 4.14+ <stable@vger.kernel.org> # 4.14+
Signed-off-by: Sakari Ailus <sakari.ailus@linux.intel.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/acpi/property.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/acpi/property.c
+++ b/drivers/acpi/property.c
@@ -618,7 +618,7 @@ int __acpi_node_get_property_reference(c
*/
if (obj->type == ACPI_TYPE_LOCAL_REFERENCE) {
if (index)
- return -EINVAL;
+ return -ENOENT;
ret = acpi_bus_get_device(obj->reference.handle, &device);
if (ret)
^ permalink raw reply [flat|nested] 364+ messages in thread
* [PATCH 4.19 049/338] drivers: hamradio: 6pack: fix UAF bug caused by mod_timer()
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (47 preceding siblings ...)
2022-04-14 13:09 ` [PATCH 4.19 048/338] ACPI: properties: Consistently return -ENOENT if there are no more references Greg Kroah-Hartman
@ 2022-04-14 13:09 ` Greg Kroah-Hartman
2022-04-14 13:09 ` [PATCH 4.19 050/338] block: dont merge across cgroup boundaries if blkcg is enabled Greg Kroah-Hartman
` (294 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:09 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Duoming Zhou, Lin Ma, David S. Miller
From: Duoming Zhou <duoming@zju.edu.cn>
commit efe4186e6a1b54bf38b9e05450d43b0da1fd7739 upstream.
When a 6pack device is detaching, the sixpack_close() will act to cleanup
necessary resources. Although del_timer_sync() in sixpack_close()
won't return if there is an active timer, one could use mod_timer() in
sp_xmit_on_air() to wake up timer again by calling userspace syscall such
as ax25_sendmsg(), ax25_connect() and ax25_ioctl().
This unexpected waked handler, sp_xmit_on_air(), realizes nothing about
the undergoing cleanup and may still call pty_write() to use driver layer
resources that have already been released.
One of the possible race conditions is shown below:
(USE) | (FREE)
ax25_sendmsg() |
ax25_queue_xmit() |
... |
sp_xmit() |
sp_encaps() | sixpack_close()
sp_xmit_on_air() | del_timer_sync(&sp->tx_t)
mod_timer(&sp->tx_t,...) | ...
| unregister_netdev()
| ...
(wait a while) | tty_release()
| tty_release_struct()
| release_tty()
sp_xmit_on_air() | tty_kref_put(tty_struct) //FREE
pty_write(tty_struct) //USE | ...
The corresponding fail log is shown below:
===============================================================
BUG: KASAN: use-after-free in __run_timers.part.0+0x170/0x470
Write of size 8 at addr ffff88800a652ab8 by task swapper/2/0
...
Call Trace:
...
queue_work_on+0x3f/0x50
pty_write+0xcd/0xe0pty_write+0xcd/0xe0
sp_xmit_on_air+0xb2/0x1f0
call_timer_fn+0x28/0x150
__run_timers.part.0+0x3c2/0x470
run_timer_softirq+0x3b/0x80
__do_softirq+0xf1/0x380
...
This patch reorders the del_timer_sync() after the unregister_netdev()
to avoid UAF bugs. Because the unregister_netdev() is well synchronized,
it flushs out any pending queues, waits the refcount of net_device
decreases to zero and removes net_device from kernel. There is not any
running routines after executing unregister_netdev(). Therefore, we could
not arouse timer from userspace again.
Signed-off-by: Duoming Zhou <duoming@zju.edu.cn>
Reviewed-by: Lin Ma <linma@zju.edu.cn>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/hamradio/6pack.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/drivers/net/hamradio/6pack.c
+++ b/drivers/net/hamradio/6pack.c
@@ -674,14 +674,14 @@ static void sixpack_close(struct tty_str
*/
netif_stop_queue(sp->dev);
+ unregister_netdev(sp->dev);
+
del_timer_sync(&sp->tx_t);
del_timer_sync(&sp->resync_t);
/* Free all 6pack frame buffers. */
kfree(sp->rbuff);
kfree(sp->xbuff);
-
- unregister_netdev(sp->dev);
}
/* Perform I/O control on an active 6pack channel. */
^ permalink raw reply [flat|nested] 364+ messages in thread
* [PATCH 4.19 050/338] block: dont merge across cgroup boundaries if blkcg is enabled
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (48 preceding siblings ...)
2022-04-14 13:09 ` [PATCH 4.19 049/338] drivers: hamradio: 6pack: fix UAF bug caused by mod_timer() Greg Kroah-Hartman
@ 2022-04-14 13:09 ` Greg Kroah-Hartman
2022-04-14 13:09 ` Greg Kroah-Hartman
` (293 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:09 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Tejun Heo, Josef Bacik, Jens Axboe
From: Tejun Heo <tj@kernel.org>
commit 6b2b04590b51aa4cf395fcd185ce439cab5961dc upstream.
blk-iocost and iolatency are cgroup aware rq-qos policies but they didn't
disable merges across different cgroups. This obviously can lead to
accounting and control errors but more importantly to priority inversions -
e.g. an IO which belongs to a higher priority cgroup or IO class may end up
getting throttled incorrectly because it gets merged to an IO issued from a
low priority cgroup.
Fix it by adding blk_cgroup_mergeable() which is called from merge paths and
rejects cross-cgroup and cross-issue_as_root merges.
Signed-off-by: Tejun Heo <tj@kernel.org>
Fixes: d70675121546 ("block: introduce blk-iolatency io controller")
Cc: stable@vger.kernel.org # v4.19+
Cc: Josef Bacik <jbacik@fb.com>
Link: https://lore.kernel.org/r/Yi/eE/6zFNyWJ+qd@slm.duckdns.org
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
block/blk-merge.c | 12 ++++++++++++
include/linux/blk-cgroup.h | 17 +++++++++++++++++
2 files changed, 29 insertions(+)
--- a/block/blk-merge.c
+++ b/block/blk-merge.c
@@ -7,6 +7,8 @@
#include <linux/bio.h>
#include <linux/blkdev.h>
#include <linux/scatterlist.h>
+#include <linux/blkdev.h>
+#include <linux/blk-cgroup.h>
#include <trace/events/block.h>
@@ -486,6 +488,9 @@ static inline int ll_new_hw_segment(stru
if (req->nr_phys_segments + nr_phys_segs > queue_max_segments(q))
goto no_merge;
+ if (!blk_cgroup_mergeable(req, bio))
+ goto no_merge;
+
if (blk_integrity_merge_bio(q, req, bio) == false)
goto no_merge;
@@ -609,6 +614,9 @@ static int ll_merge_requests_fn(struct r
if (total_phys_segments > queue_max_segments(q))
return 0;
+ if (!blk_cgroup_mergeable(req, next->bio))
+ return 0;
+
if (blk_integrity_merge_rq(q, req, next) == false)
return 0;
@@ -843,6 +851,10 @@ bool blk_rq_merge_ok(struct request *rq,
if (rq->rq_disk != bio->bi_disk || req_no_special_merge(rq))
return false;
+ /* don't merge across cgroup boundaries */
+ if (!blk_cgroup_mergeable(rq, bio))
+ return false;
+
/* only merge integrity protected bio into ditto rq */
if (blk_integrity_merge_bio(rq->q, rq, bio) == false)
return false;
--- a/include/linux/blk-cgroup.h
+++ b/include/linux/blk-cgroup.h
@@ -21,6 +21,7 @@
#include <linux/blkdev.h>
#include <linux/atomic.h>
#include <linux/kthread.h>
+#include <linux/blkdev.h>
/* percpu_counter batch for blkg_[rw]stats, per-cpu drift doesn't matter */
#define BLKG_STAT_CPU_BATCH (INT_MAX / 2)
@@ -844,6 +845,21 @@ static inline void blkcg_use_delay(struc
atomic_inc(&blkg->blkcg->css.cgroup->congestion_count);
}
+/**
+ * blk_cgroup_mergeable - Determine whether to allow or disallow merges
+ * @rq: request to merge into
+ * @bio: bio to merge
+ *
+ * @bio and @rq should belong to the same cgroup and their issue_as_root should
+ * match. The latter is necessary as we don't want to throttle e.g. a metadata
+ * update because it happens to be next to a regular IO.
+ */
+static inline bool blk_cgroup_mergeable(struct request *rq, struct bio *bio)
+{
+ return rq->bio->bi_blkg == bio->bi_blkg &&
+ bio_issue_as_root_blkg(rq->bio) == bio_issue_as_root_blkg(bio);
+}
+
static inline int blkcg_unuse_delay(struct blkcg_gq *blkg)
{
int old = atomic_read(&blkg->use_delay);
@@ -947,6 +963,7 @@ static inline struct request_list *blk_r
static inline bool blkcg_bio_issue_check(struct request_queue *q,
struct bio *bio) { return true; }
+static inline bool blk_cgroup_mergeable(struct request *rq, struct bio *bio) { return true; }
#define blk_queue_for_each_rl(rl, q) \
for ((rl) = &(q)->root_rl; (rl); (rl) = NULL)
^ permalink raw reply [flat|nested] 364+ messages in thread
* [Intel-gfx] [PATCH 4.19 051/338] drm/edid: check basic audio support on CEA extension block
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
@ 2022-04-14 13:09 ` Greg Kroah-Hartman
2022-04-14 13:08 ` [PATCH 4.19 002/338] USB: serial: simple: add Nokia phone driver Greg Kroah-Hartman
` (342 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:09 UTC (permalink / raw)
To: linux-kernel
Cc: Cooper Chiou, Jani Nikula, Greg Kroah-Hartman, intel-gfx, stable
From: Cooper Chiou <cooper.chiou@intel.com>
commit 5662abf6e21338be6d085d6375d3732ac6147fd2 upstream.
Tag code stored in bit7:5 for CTA block byte[3] is not the same as
CEA extension block definition. Only check CEA block has
basic audio support.
v3: update commit message.
Cc: stable@vger.kernel.org
Cc: Jani Nikula <jani.nikula@intel.com>
Cc: Shawn C Lee <shawn.c.lee@intel.com>
Cc: intel-gfx <intel-gfx@lists.freedesktop.org>
Signed-off-by: Cooper Chiou <cooper.chiou@intel.com>
Signed-off-by: Lee Shawn C <shawn.c.lee@intel.com>
Fixes: e28ad544f462 ("drm/edid: parse CEA blocks embedded in DisplayID")
Reviewed-by: Jani Nikula <jani.nikula@intel.com>
Signed-off-by: Jani Nikula <jani.nikula@intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20220324061218.32739-1-shawn.c.lee@intel.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/drm_edid.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/drivers/gpu/drm/drm_edid.c
+++ b/drivers/gpu/drm/drm_edid.c
@@ -4323,7 +4323,8 @@ bool drm_detect_monitor_audio(struct edi
if (!edid_ext)
goto end;
- has_audio = ((edid_ext[3] & EDID_BASIC_AUDIO) != 0);
+ has_audio = (edid_ext[0] == CEA_EXT &&
+ (edid_ext[3] & EDID_BASIC_AUDIO) != 0);
if (has_audio) {
DRM_DEBUG_KMS("Monitor has basic audio support\n");
^ permalink raw reply [flat|nested] 364+ messages in thread
* [PATCH 4.19 051/338] drm/edid: check basic audio support on CEA extension block
@ 2022-04-14 13:09 ` Greg Kroah-Hartman
0 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:09 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jani Nikula, Shawn C Lee, intel-gfx,
Cooper Chiou
From: Cooper Chiou <cooper.chiou@intel.com>
commit 5662abf6e21338be6d085d6375d3732ac6147fd2 upstream.
Tag code stored in bit7:5 for CTA block byte[3] is not the same as
CEA extension block definition. Only check CEA block has
basic audio support.
v3: update commit message.
Cc: stable@vger.kernel.org
Cc: Jani Nikula <jani.nikula@intel.com>
Cc: Shawn C Lee <shawn.c.lee@intel.com>
Cc: intel-gfx <intel-gfx@lists.freedesktop.org>
Signed-off-by: Cooper Chiou <cooper.chiou@intel.com>
Signed-off-by: Lee Shawn C <shawn.c.lee@intel.com>
Fixes: e28ad544f462 ("drm/edid: parse CEA blocks embedded in DisplayID")
Reviewed-by: Jani Nikula <jani.nikula@intel.com>
Signed-off-by: Jani Nikula <jani.nikula@intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20220324061218.32739-1-shawn.c.lee@intel.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/drm_edid.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/drivers/gpu/drm/drm_edid.c
+++ b/drivers/gpu/drm/drm_edid.c
@@ -4323,7 +4323,8 @@ bool drm_detect_monitor_audio(struct edi
if (!edid_ext)
goto end;
- has_audio = ((edid_ext[3] & EDID_BASIC_AUDIO) != 0);
+ has_audio = (edid_ext[0] == CEA_EXT &&
+ (edid_ext[3] & EDID_BASIC_AUDIO) != 0);
if (has_audio) {
DRM_DEBUG_KMS("Monitor has basic audio support\n");
^ permalink raw reply [flat|nested] 364+ messages in thread
* [PATCH 4.19 052/338] video: fbdev: sm712fb: Fix crash in smtcfb_read()
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (50 preceding siblings ...)
2022-04-14 13:09 ` Greg Kroah-Hartman
@ 2022-04-14 13:09 ` Greg Kroah-Hartman
2022-04-14 13:09 ` [PATCH 4.19 053/338] video: fbdev: atari: Atari 2 bpp (STe) palette bugfix Greg Kroah-Hartman
` (291 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:09 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Zheyu Ma, Helge Deller
From: Helge Deller <deller@gmx.de>
commit bd771cf5c4254511cc4abb88f3dab3bd58bdf8e8 upstream.
Zheyu Ma reported this crash in the sm712fb driver when reading
three bytes from the framebuffer:
BUG: unable to handle page fault for address: ffffc90001ffffff
RIP: 0010:smtcfb_read+0x230/0x3e0
Call Trace:
vfs_read+0x198/0xa00
? do_sys_openat2+0x27d/0x350
? __fget_light+0x54/0x340
ksys_read+0xce/0x190
do_syscall_64+0x43/0x90
Fix it by removing the open-coded endianess fixup-code and
by moving the pointer post decrement out the fb_readl() function.
Reported-by: Zheyu Ma <zheyuma97@gmail.com>
Signed-off-by: Helge Deller <deller@gmx.de>
Tested-by: Zheyu Ma <zheyuma97@gmail.com>
Cc: stable@vger.kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/video/fbdev/sm712fb.c | 25 +++++++------------------
1 file changed, 7 insertions(+), 18 deletions(-)
--- a/drivers/video/fbdev/sm712fb.c
+++ b/drivers/video/fbdev/sm712fb.c
@@ -1047,7 +1047,7 @@ static ssize_t smtcfb_read(struct fb_inf
if (count + p > total_size)
count = total_size - p;
- buffer = kmalloc((count > PAGE_SIZE) ? PAGE_SIZE : count, GFP_KERNEL);
+ buffer = kmalloc(PAGE_SIZE, GFP_KERNEL);
if (!buffer)
return -ENOMEM;
@@ -1059,25 +1059,14 @@ static ssize_t smtcfb_read(struct fb_inf
while (count) {
c = (count > PAGE_SIZE) ? PAGE_SIZE : count;
dst = buffer;
- for (i = c >> 2; i--;) {
- *dst = fb_readl(src++);
- *dst = big_swap(*dst);
+ for (i = (c + 3) >> 2; i--;) {
+ u32 val;
+
+ val = fb_readl(src);
+ *dst = big_swap(val);
+ src++;
dst++;
}
- if (c & 3) {
- u8 *dst8 = (u8 *)dst;
- u8 __iomem *src8 = (u8 __iomem *)src;
-
- for (i = c & 3; i--;) {
- if (i & 1) {
- *dst8++ = fb_readb(++src8);
- } else {
- *dst8++ = fb_readb(--src8);
- src8 += 2;
- }
- }
- src = (u32 __iomem *)src8;
- }
if (copy_to_user(buf, buffer, c)) {
err = -EFAULT;
^ permalink raw reply [flat|nested] 364+ messages in thread
* [PATCH 4.19 053/338] video: fbdev: atari: Atari 2 bpp (STe) palette bugfix
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (51 preceding siblings ...)
2022-04-14 13:09 ` [PATCH 4.19 052/338] video: fbdev: sm712fb: Fix crash in smtcfb_read() Greg Kroah-Hartman
@ 2022-04-14 13:09 ` Greg Kroah-Hartman
2022-04-14 13:09 ` [PATCH 4.19 054/338] ARM: dts: at91: sama5d2: Fix PMERRLOC resource size Greg Kroah-Hartman
` (290 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:09 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Geert Uytterhoeven, Michael Schmitz,
Helge Deller
From: Michael Schmitz <schmitzmic@gmail.com>
commit c8be5edbd36ceed2ff3d6b8f8e40643c3f396ea3 upstream.
The code to set the shifter STe palette registers has a long
standing operator precedence bug, manifesting as colors set
on a 2 bits per pixel frame buffer coming up with a distinctive
blue tint.
Add parentheses around the calculation of the per-color palette
data before shifting those into their respective bit field position.
This bug goes back a long way (2.4 days at the very least) so there
won't be a Fixes: tag.
Tested on ARAnyM as well on Falcon030 hardware.
Cc: stable@vger.kernel.org
Reported-by: Geert Uytterhoeven <geert@linux-m68k.org>
Link: https://lore.kernel.org/all/CAMuHMdU3ievhXxKR_xi_v3aumnYW7UNUO6qMdhgfyWTyVSsCkQ@mail.gmail.com
Tested-by: Michael Schmitz <schmitzmic@gmail.com>
Tested-by: Geert Uytterhoeven <geert@linux-m68k.org>
Signed-off-by: Michael Schmitz <schmitzmic@gmail.com>
Signed-off-by: Helge Deller <deller@gmx.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/video/fbdev/atafb.c | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
--- a/drivers/video/fbdev/atafb.c
+++ b/drivers/video/fbdev/atafb.c
@@ -1713,9 +1713,9 @@ static int falcon_setcolreg(unsigned int
((blue & 0xfc00) >> 8));
if (regno < 16) {
shifter_tt.color_reg[regno] =
- (((red & 0xe000) >> 13) | ((red & 0x1000) >> 12) << 8) |
- (((green & 0xe000) >> 13) | ((green & 0x1000) >> 12) << 4) |
- ((blue & 0xe000) >> 13) | ((blue & 0x1000) >> 12);
+ ((((red & 0xe000) >> 13) | ((red & 0x1000) >> 12)) << 8) |
+ ((((green & 0xe000) >> 13) | ((green & 0x1000) >> 12)) << 4) |
+ ((blue & 0xe000) >> 13) | ((blue & 0x1000) >> 12);
((u32 *)info->pseudo_palette)[regno] = ((red & 0xf800) |
((green & 0xfc00) >> 5) |
((blue & 0xf800) >> 11));
@@ -2001,9 +2001,9 @@ static int stste_setcolreg(unsigned int
green >>= 12;
if (ATARIHW_PRESENT(EXTD_SHIFTER))
shifter_tt.color_reg[regno] =
- (((red & 0xe) >> 1) | ((red & 1) << 3) << 8) |
- (((green & 0xe) >> 1) | ((green & 1) << 3) << 4) |
- ((blue & 0xe) >> 1) | ((blue & 1) << 3);
+ ((((red & 0xe) >> 1) | ((red & 1) << 3)) << 8) |
+ ((((green & 0xe) >> 1) | ((green & 1) << 3)) << 4) |
+ ((blue & 0xe) >> 1) | ((blue & 1) << 3);
else
shifter_tt.color_reg[regno] =
((red & 0xe) << 7) |
^ permalink raw reply [flat|nested] 364+ messages in thread
* [PATCH 4.19 054/338] ARM: dts: at91: sama5d2: Fix PMERRLOC resource size
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (52 preceding siblings ...)
2022-04-14 13:09 ` [PATCH 4.19 053/338] video: fbdev: atari: Atari 2 bpp (STe) palette bugfix Greg Kroah-Hartman
@ 2022-04-14 13:09 ` Greg Kroah-Hartman
2022-04-14 13:09 ` [PATCH 4.19 055/338] ARM: dts: exynos: fix UART3 pins configuration in Exynos5250 Greg Kroah-Hartman
` (289 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:09 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Tudor Ambarus, Alexander Dahl, Nicolas Ferre
From: Tudor Ambarus <tudor.ambarus@microchip.com>
commit 0fb578a529ac7aca326a9fa475b4a6f58a756fda upstream.
PMERRLOC resource size was set to 0x100, which resulted in HSMC_ERRLOCx
register being truncated to offset x = 21, causing error correction to
fail if more than 22 bit errors and if 24 or 32 bit error correction
was supported.
Fixes: d9c41bf30cf8 ("ARM: dts: at91: Declare EBI/NAND controllers")
Signed-off-by: Tudor Ambarus <tudor.ambarus@microchip.com>
Cc: <stable@vger.kernel.org> # 4.13.x
Acked-by: Alexander Dahl <ada@thorsis.com>
Signed-off-by: Nicolas Ferre <nicolas.ferre@microchip.com>
Link: https://lore.kernel.org/r/20220111132301.906712-1-tudor.ambarus@microchip.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arm/boot/dts/sama5d2.dtsi | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/arch/arm/boot/dts/sama5d2.dtsi
+++ b/arch/arm/boot/dts/sama5d2.dtsi
@@ -1125,7 +1125,7 @@
pmecc: ecc-engine@f8014070 {
compatible = "atmel,sama5d2-pmecc";
reg = <0xf8014070 0x490>,
- <0xf8014500 0x100>;
+ <0xf8014500 0x200>;
};
};
^ permalink raw reply [flat|nested] 364+ messages in thread
* [PATCH 4.19 055/338] ARM: dts: exynos: fix UART3 pins configuration in Exynos5250
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (53 preceding siblings ...)
2022-04-14 13:09 ` [PATCH 4.19 054/338] ARM: dts: at91: sama5d2: Fix PMERRLOC resource size Greg Kroah-Hartman
@ 2022-04-14 13:09 ` Greg Kroah-Hartman
2022-04-14 13:09 ` [PATCH 4.19 056/338] ARM: dts: exynos: add missing HDMI supplies on SMDK5250 Greg Kroah-Hartman
` (288 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:09 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Krzysztof Kozlowski,
Marek Szyprowski, Alim Akhtar
From: Krzysztof Kozlowski <krzysztof.kozlowski@canonical.com>
commit 372d7027fed43c8570018e124cf78b89523a1f8e upstream.
The gpa1-4 pin was put twice in UART3 pin configuration of Exynos5250,
instead of proper pin gpa1-5.
Fixes: f8bfe2b050f3 ("ARM: dts: add pin state information in client nodes for Exynos5 platforms")
Cc: <stable@vger.kernel.org>
Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski@canonical.com>
Tested-by: Marek Szyprowski <m.szyprowski@samsung.com>
Reviewed-by: Alim Akhtar <alim.akhtar@samsung.com>
Link: https://lore.kernel.org/r/20211230195325.328220-1-krzysztof.kozlowski@canonical.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arm/boot/dts/exynos5250-pinctrl.dtsi | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/arch/arm/boot/dts/exynos5250-pinctrl.dtsi
+++ b/arch/arm/boot/dts/exynos5250-pinctrl.dtsi
@@ -260,7 +260,7 @@
};
uart3_data: uart3-data {
- samsung,pins = "gpa1-4", "gpa1-4";
+ samsung,pins = "gpa1-4", "gpa1-5";
samsung,pin-function = <EXYNOS_PIN_FUNC_2>;
samsung,pin-pud = <EXYNOS_PIN_PULL_NONE>;
samsung,pin-drv = <EXYNOS4_PIN_DRV_LV1>;
^ permalink raw reply [flat|nested] 364+ messages in thread
* [PATCH 4.19 056/338] ARM: dts: exynos: add missing HDMI supplies on SMDK5250
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (54 preceding siblings ...)
2022-04-14 13:09 ` [PATCH 4.19 055/338] ARM: dts: exynos: fix UART3 pins configuration in Exynos5250 Greg Kroah-Hartman
@ 2022-04-14 13:09 ` Greg Kroah-Hartman
2022-04-14 13:09 ` [PATCH 4.19 057/338] ARM: dts: exynos: add missing HDMI supplies on SMDK5420 Greg Kroah-Hartman
` (287 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:09 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Krzysztof Kozlowski, Alim Akhtar
From: Krzysztof Kozlowski <krzysztof.kozlowski@canonical.com>
commit 60a9914cb2061ba612a3f14f6ad329912b486360 upstream.
Add required VDD supplies to HDMI block on SMDK5250. Without them, the
HDMI driver won't probe. Because of lack of schematics, use same
supplies as on Arndale 5250 board (voltage matches).
Cc: <stable@vger.kernel.org> # v3.15+
Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski@canonical.com>
Reviewed-by: Alim Akhtar <alim.akhtar@samsung.com>
Link: https://lore.kernel.org/r/20220208171823.226211-2-krzysztof.kozlowski@canonical.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arm/boot/dts/exynos5250-smdk5250.dts | 3 +++
1 file changed, 3 insertions(+)
--- a/arch/arm/boot/dts/exynos5250-smdk5250.dts
+++ b/arch/arm/boot/dts/exynos5250-smdk5250.dts
@@ -116,6 +116,9 @@
status = "okay";
ddc = <&i2c_2>;
hpd-gpios = <&gpx3 7 GPIO_ACTIVE_HIGH>;
+ vdd-supply = <&ldo8_reg>;
+ vdd_osc-supply = <&ldo10_reg>;
+ vdd_pll-supply = <&ldo8_reg>;
};
&i2c_0 {
^ permalink raw reply [flat|nested] 364+ messages in thread
* [PATCH 4.19 057/338] ARM: dts: exynos: add missing HDMI supplies on SMDK5420
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (55 preceding siblings ...)
2022-04-14 13:09 ` [PATCH 4.19 056/338] ARM: dts: exynos: add missing HDMI supplies on SMDK5250 Greg Kroah-Hartman
@ 2022-04-14 13:09 ` Greg Kroah-Hartman
2022-04-14 13:09 ` [PATCH 4.19 058/338] carl9170: fix missing bit-wise or operator for tx_params Greg Kroah-Hartman
` (286 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:09 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Krzysztof Kozlowski, Alim Akhtar
From: Krzysztof Kozlowski <krzysztof.kozlowski@canonical.com>
commit 453a24ded415f7fce0499c6b0a2c7b28f84911f2 upstream.
Add required VDD supplies to HDMI block on SMDK5420. Without them, the
HDMI driver won't probe. Because of lack of schematics, use same
supplies as on Arndale Octa and Odroid XU3 boards (voltage matches).
Cc: <stable@vger.kernel.org> # v3.15+
Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski@canonical.com>
Reviewed-by: Alim Akhtar <alim.akhtar@samsung.com>
Link: https://lore.kernel.org/r/20220208171823.226211-3-krzysztof.kozlowski@canonical.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arm/boot/dts/exynos5420-smdk5420.dts | 3 +++
1 file changed, 3 insertions(+)
--- a/arch/arm/boot/dts/exynos5420-smdk5420.dts
+++ b/arch/arm/boot/dts/exynos5420-smdk5420.dts
@@ -131,6 +131,9 @@
hpd-gpios = <&gpx3 7 GPIO_ACTIVE_HIGH>;
pinctrl-names = "default";
pinctrl-0 = <&hdmi_hpd_irq>;
+ vdd-supply = <&ldo6_reg>;
+ vdd_osc-supply = <&ldo7_reg>;
+ vdd_pll-supply = <&ldo6_reg>;
};
&hsi2c_4 {
^ permalink raw reply [flat|nested] 364+ messages in thread
* [PATCH 4.19 058/338] carl9170: fix missing bit-wise or operator for tx_params
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (56 preceding siblings ...)
2022-04-14 13:09 ` [PATCH 4.19 057/338] ARM: dts: exynos: add missing HDMI supplies on SMDK5420 Greg Kroah-Hartman
@ 2022-04-14 13:09 ` Greg Kroah-Hartman
2022-04-14 13:09 ` [PATCH 4.19 059/338] thermal: int340x: Increase bitmap size Greg Kroah-Hartman
` (285 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:09 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Colin Ian King, Stable,
Christian Lamparter, Kalle Valo
From: Colin Ian King <colin.i.king@gmail.com>
commit 02a95374b5eebdbd3b6413fd7ddec151d2ea75a1 upstream.
Currently tx_params is being re-assigned with a new value and the
previous setting IEEE80211_HT_MCS_TX_RX_DIFF is being overwritten.
The assignment operator is incorrect, the original intent was to
bit-wise or the value in. Fix this by replacing the = operator
with |= instead.
Kudos to Christian Lamparter for suggesting the correct fix.
Fixes: fe8ee9ad80b2 ("carl9170: mac80211 glue and command interface")
Signed-off-by: Colin Ian King <colin.i.king@gmail.com>
Cc: <Stable@vger.kernel.org>
Acked-by: Christian Lamparter <chunkeey@gmail.com>
Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com>
Link: https://lore.kernel.org/r/20220125004406.344422-1-colin.i.king@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/wireless/ath/carl9170/main.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/net/wireless/ath/carl9170/main.c
+++ b/drivers/net/wireless/ath/carl9170/main.c
@@ -1922,7 +1922,7 @@ static int carl9170_parse_eeprom(struct
WARN_ON(!(tx_streams >= 1 && tx_streams <=
IEEE80211_HT_MCS_TX_MAX_STREAMS));
- tx_params = (tx_streams - 1) <<
+ tx_params |= (tx_streams - 1) <<
IEEE80211_HT_MCS_TX_MAX_STREAMS_SHIFT;
carl9170_band_2GHz.ht_cap.mcs.tx_params |= tx_params;
^ permalink raw reply [flat|nested] 364+ messages in thread
* [PATCH 4.19 059/338] thermal: int340x: Increase bitmap size
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (57 preceding siblings ...)
2022-04-14 13:09 ` [PATCH 4.19 058/338] carl9170: fix missing bit-wise or operator for tx_params Greg Kroah-Hartman
@ 2022-04-14 13:09 ` Greg Kroah-Hartman
2022-04-14 13:09 ` [PATCH 4.19 060/338] lib/raid6/test: fix multiple definition linking error Greg Kroah-Hartman
` (284 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:09 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Srinivas Pandruvada, Rafael J. Wysocki
From: Srinivas Pandruvada <srinivas.pandruvada@linux.intel.com>
commit 668f69a5f863b877bc3ae129efe9a80b6f055141 upstream.
The number of policies are 10, so can't be supported by the bitmap size
of u8.
Even though there are no platfoms with these many policies, but
for correctness increase to u32.
Signed-off-by: Srinivas Pandruvada <srinivas.pandruvada@linux.intel.com>
Fixes: 16fc8eca1975 ("thermal/int340x_thermal: Add additional UUIDs")
Cc: 5.1+ <stable@vger.kernel.org> # 5.1+
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/thermal/int340x_thermal/int3400_thermal.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/thermal/int340x_thermal/int3400_thermal.c
+++ b/drivers/thermal/int340x_thermal/int3400_thermal.c
@@ -53,7 +53,7 @@ struct int3400_thermal_priv {
struct art *arts;
int trt_count;
struct trt *trts;
- u8 uuid_bitmap;
+ u32 uuid_bitmap;
int rel_misc_dev_res;
int current_uuid_index;
};
^ permalink raw reply [flat|nested] 364+ messages in thread
* [PATCH 4.19 060/338] lib/raid6/test: fix multiple definition linking error
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (58 preceding siblings ...)
2022-04-14 13:09 ` [PATCH 4.19 059/338] thermal: int340x: Increase bitmap size Greg Kroah-Hartman
@ 2022-04-14 13:09 ` Greg Kroah-Hartman
2022-04-14 13:09 ` [PATCH 4.19 061/338] DEC: Limit PMAX memory probing to R3k systems Greg Kroah-Hartman
` (283 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:09 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dirk Müller, Paul Menzel, Song Liu
From: Dirk Müller <dmueller@suse.de>
commit a5359ddd052860bacf957e65fe819c63e974b3a6 upstream.
GCC 10+ defaults to -fno-common, which enforces proper declaration of
external references using "extern". without this change a link would
fail with:
lib/raid6/test/algos.c:28: multiple definition of `raid6_call';
lib/raid6/test/test.c:22: first defined here
the pq.h header that is included already includes an extern declaration
so we can just remove the redundant one here.
Cc: <stable@vger.kernel.org>
Signed-off-by: Dirk Müller <dmueller@suse.de>
Reviewed-by: Paul Menzel <pmenzel@molgen.mpg.de>
Signed-off-by: Song Liu <song@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
lib/raid6/test/test.c | 1 -
1 file changed, 1 deletion(-)
--- a/lib/raid6/test/test.c
+++ b/lib/raid6/test/test.c
@@ -22,7 +22,6 @@
#define NDISKS 16 /* Including P and Q */
const char raid6_empty_zero_page[PAGE_SIZE] __attribute__((aligned(PAGE_SIZE)));
-struct raid6_calls raid6_call;
char *dataptrs[NDISKS];
char data[NDISKS][PAGE_SIZE] __attribute__((aligned(PAGE_SIZE)));
^ permalink raw reply [flat|nested] 364+ messages in thread
* [PATCH 4.19 061/338] DEC: Limit PMAX memory probing to R3k systems
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (59 preceding siblings ...)
2022-04-14 13:09 ` [PATCH 4.19 060/338] lib/raid6/test: fix multiple definition linking error Greg Kroah-Hartman
@ 2022-04-14 13:09 ` Greg Kroah-Hartman
2022-04-14 13:09 ` [PATCH 4.19 062/338] media: davinci: vpif: fix unbalanced runtime PM get Greg Kroah-Hartman
` (282 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:09 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jan-Benedict Glaw, Sudip Mukherjee,
Maciej W. Rozycki, Thomas Bogendoerfer
From: Maciej W. Rozycki <macro@orcam.me.uk>
commit 244eae91a94c6dab82b3232967d10eeb9dfa21c6 upstream.
Recent tightening of the opcode table in binutils so as to consistently
disallow the assembly or disassembly of CP0 instructions not supported
by the processor architecture chosen has caused a regression like below:
arch/mips/dec/prom/locore.S: Assembler messages:
arch/mips/dec/prom/locore.S:29: Error: opcode not supported on this processor: r4600 (mips3) `rfe'
in a piece of code used to probe for memory with PMAX DECstation models,
which have non-REX firmware. Those computers always have an R2000 CPU
and consequently the exception handler used in memory probing uses the
RFE instruction, which those processors use.
While adding 64-bit support this code was correctly excluded for 64-bit
configurations, however it should have also been excluded for irrelevant
32-bit configurations. Do this now then, and only enable PMAX memory
probing for R3k systems.
Reported-by: Jan-Benedict Glaw <jbglaw@lug-owl.de>
Reported-by: Sudip Mukherjee <sudipm.mukherjee@gmail.com>
Signed-off-by: Maciej W. Rozycki <macro@orcam.me.uk>
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Cc: stable@vger.kernel.org # v2.6.12+
Signed-off-by: Thomas Bogendoerfer <tsbogend@alpha.franken.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/mips/dec/prom/Makefile | 2 +-
arch/mips/include/asm/dec/prom.h | 15 +++++----------
2 files changed, 6 insertions(+), 11 deletions(-)
--- a/arch/mips/dec/prom/Makefile
+++ b/arch/mips/dec/prom/Makefile
@@ -5,4 +5,4 @@
lib-y += init.o memory.o cmdline.o identify.o console.o
-lib-$(CONFIG_32BIT) += locore.o
+lib-$(CONFIG_CPU_R3000) += locore.o
--- a/arch/mips/include/asm/dec/prom.h
+++ b/arch/mips/include/asm/dec/prom.h
@@ -47,16 +47,11 @@
*/
#define REX_PROM_MAGIC 0x30464354
-#ifdef CONFIG_64BIT
-
-#define prom_is_rex(magic) 1 /* KN04 and KN05 are REX PROMs. */
-
-#else /* !CONFIG_64BIT */
-
-#define prom_is_rex(magic) ((magic) == REX_PROM_MAGIC)
-
-#endif /* !CONFIG_64BIT */
-
+/* KN04 and KN05 are REX PROMs, so only do the check for R3k systems. */
+static inline bool prom_is_rex(u32 magic)
+{
+ return !IS_ENABLED(CONFIG_CPU_R3000) || magic == REX_PROM_MAGIC;
+}
/*
* 3MIN/MAXINE PROM entry points for DS5000/1xx's, DS5000/xx's and
^ permalink raw reply [flat|nested] 364+ messages in thread
* [PATCH 4.19 062/338] media: davinci: vpif: fix unbalanced runtime PM get
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (60 preceding siblings ...)
2022-04-14 13:09 ` [PATCH 4.19 061/338] DEC: Limit PMAX memory probing to R3k systems Greg Kroah-Hartman
@ 2022-04-14 13:09 ` Greg Kroah-Hartman
2022-04-14 13:09 ` [PATCH 4.19 063/338] brcmfmac: firmware: Allocate space for default boardrev in nvram Greg Kroah-Hartman
` (281 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:09 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Lad, Prabhakar, Johan Hovold,
Hans Verkuil, Mauro Carvalho Chehab, Lad
From: Johan Hovold <johan@kernel.org>
commit 4a321de239213300a714fa0353a5f1272d381a44 upstream.
Make sure to balance the runtime PM usage counter on driver unbind.
Fixes: 407ccc65bfd2 ("[media] davinci: vpif: add pm_runtime support")
Cc: stable@vger.kernel.org # 3.9
Cc: Lad, Prabhakar <prabhakar.csengg@gmail.com>
Signed-off-by: Johan Hovold <johan@kernel.org>
Reviewed-by: Lad Prabhakar <prabhakar.csengg@gmail.com>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/media/platform/davinci/vpif.c | 1 +
1 file changed, 1 insertion(+)
--- a/drivers/media/platform/davinci/vpif.c
+++ b/drivers/media/platform/davinci/vpif.c
@@ -496,6 +496,7 @@ static int vpif_probe(struct platform_de
static int vpif_remove(struct platform_device *pdev)
{
+ pm_runtime_put(&pdev->dev);
pm_runtime_disable(&pdev->dev);
return 0;
}
^ permalink raw reply [flat|nested] 364+ messages in thread
* [PATCH 4.19 063/338] brcmfmac: firmware: Allocate space for default boardrev in nvram
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (61 preceding siblings ...)
2022-04-14 13:09 ` [PATCH 4.19 062/338] media: davinci: vpif: fix unbalanced runtime PM get Greg Kroah-Hartman
@ 2022-04-14 13:09 ` Greg Kroah-Hartman
2022-04-14 13:09 ` [PATCH 4.19 064/338] brcmfmac: pcie: Replace brcmf_pcie_copy_mem_todev with memcpy_toio Greg Kroah-Hartman
` (280 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:09 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Arend van Spriel, Hector Martin,
Andy Shevchenko, Kalle Valo
From: Hector Martin <marcan@marcan.st>
commit d19d8e3ba256f81ea4a27209dbbd1f0a00ef1903 upstream.
If boardrev is missing from the NVRAM we add a default one, but this
might need more space in the output buffer than was allocated. Ensure
we have enough padding for this in the buffer.
Fixes: 46f2b38a91b0 ("brcmfmac: insert default boardrev in nvram data if missing")
Reviewed-by: Arend van Spriel <arend.vanspriel@broadcom.com>
Cc: stable@vger.kernel.org
Signed-off-by: Hector Martin <marcan@marcan.st>
Reviewed-by: Andy Shevchenko <andy.shevchenko@gmail.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20220131160713.245637-3-marcan@marcan.st
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/wireless/broadcom/brcm80211/brcmfmac/firmware.c | 2 ++
1 file changed, 2 insertions(+)
--- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/firmware.c
+++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/firmware.c
@@ -217,6 +217,8 @@ static int brcmf_init_nvram_parser(struc
size = BRCMF_FW_MAX_NVRAM_SIZE;
else
size = data_len;
+ /* Add space for properties we may add */
+ size += strlen(BRCMF_FW_DEFAULT_BOARDREV) + 1;
/* Alloc for extra 0 byte + roundup by 4 + length field */
size += 1 + 3 + sizeof(u32);
nvp->nvram = kzalloc(size, GFP_KERNEL);
^ permalink raw reply [flat|nested] 364+ messages in thread
* [PATCH 4.19 064/338] brcmfmac: pcie: Replace brcmf_pcie_copy_mem_todev with memcpy_toio
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (62 preceding siblings ...)
2022-04-14 13:09 ` [PATCH 4.19 063/338] brcmfmac: firmware: Allocate space for default boardrev in nvram Greg Kroah-Hartman
@ 2022-04-14 13:09 ` Greg Kroah-Hartman
2022-04-14 13:09 ` [PATCH 4.19 065/338] PCI: pciehp: Clear cmd_busy bit in polling mode Greg Kroah-Hartman
` (279 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:09 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Linus Walleij, Arend van Spriel,
Andy Shevchenko, Hector Martin, Kalle Valo
From: Hector Martin <marcan@marcan.st>
commit 9466987f246758eb7e9071ae58005253f631271e upstream.
The alignment check was wrong (e.g. & 4 instead of & 3), and the logic
was also inefficient if the length was not a multiple of 4, since it
would needlessly fall back to copying the entire buffer bytewise.
We already have a perfectly good memcpy_toio function, so just call that
instead of rolling our own copy logic here. brcmf_pcie_init_ringbuffers
was already using it anyway.
Fixes: 9e37f045d5e7 ("brcmfmac: Adding PCIe bus layer support.")
Reviewed-by: Linus Walleij <linus.walleij@linaro.org>
Reviewed-by: Arend van Spriel <arend.vanspriel@broadcom.com>
Reviewed-by: Andy Shevchenko <andy.shevchenko@gmail.com>
Cc: stable@vger.kernel.org
Signed-off-by: Hector Martin <marcan@marcan.st>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20220131160713.245637-6-marcan@marcan.st
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/wireless/broadcom/brcm80211/brcmfmac/pcie.c | 48 +---------------
1 file changed, 4 insertions(+), 44 deletions(-)
--- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/pcie.c
+++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/pcie.c
@@ -22,6 +22,7 @@
#include <linux/interrupt.h>
#include <linux/bcma/bcma.h>
#include <linux/sched.h>
+#include <linux/io.h>
#include <asm/unaligned.h>
#include <soc.h>
@@ -442,47 +443,6 @@ brcmf_pcie_write_ram32(struct brcmf_pcie
static void
-brcmf_pcie_copy_mem_todev(struct brcmf_pciedev_info *devinfo, u32 mem_offset,
- void *srcaddr, u32 len)
-{
- void __iomem *address = devinfo->tcm + mem_offset;
- __le32 *src32;
- __le16 *src16;
- u8 *src8;
-
- if (((ulong)address & 4) || ((ulong)srcaddr & 4) || (len & 4)) {
- if (((ulong)address & 2) || ((ulong)srcaddr & 2) || (len & 2)) {
- src8 = (u8 *)srcaddr;
- while (len) {
- iowrite8(*src8, address);
- address++;
- src8++;
- len--;
- }
- } else {
- len = len / 2;
- src16 = (__le16 *)srcaddr;
- while (len) {
- iowrite16(le16_to_cpu(*src16), address);
- address += 2;
- src16++;
- len--;
- }
- }
- } else {
- len = len / 4;
- src32 = (__le32 *)srcaddr;
- while (len) {
- iowrite32(le32_to_cpu(*src32), address);
- address += 4;
- src32++;
- len--;
- }
- }
-}
-
-
-static void
brcmf_pcie_copy_dev_tomem(struct brcmf_pciedev_info *devinfo, u32 mem_offset,
void *dstaddr, u32 len)
{
@@ -1503,8 +1463,8 @@ static int brcmf_pcie_download_fw_nvram(
return err;
brcmf_dbg(PCIE, "Download FW %s\n", devinfo->fw_name);
- brcmf_pcie_copy_mem_todev(devinfo, devinfo->ci->rambase,
- (void *)fw->data, fw->size);
+ memcpy_toio(devinfo->tcm + devinfo->ci->rambase,
+ (void *)fw->data, fw->size);
resetintr = get_unaligned_le32(fw->data);
release_firmware(fw);
@@ -1518,7 +1478,7 @@ static int brcmf_pcie_download_fw_nvram(
brcmf_dbg(PCIE, "Download NVRAM %s\n", devinfo->nvram_name);
address = devinfo->ci->rambase + devinfo->ci->ramsize -
nvram_len;
- brcmf_pcie_copy_mem_todev(devinfo, address, nvram, nvram_len);
+ memcpy_toio(devinfo->tcm + address, nvram, nvram_len);
brcmf_fw_nvram_free(nvram);
} else {
brcmf_dbg(PCIE, "No matching NVRAM file found %s\n",
^ permalink raw reply [flat|nested] 364+ messages in thread
* [PATCH 4.19 065/338] PCI: pciehp: Clear cmd_busy bit in polling mode
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (63 preceding siblings ...)
2022-04-14 13:09 ` [PATCH 4.19 064/338] brcmfmac: pcie: Replace brcmf_pcie_copy_mem_todev with memcpy_toio Greg Kroah-Hartman
@ 2022-04-14 13:09 ` Greg Kroah-Hartman
2022-04-14 13:09 ` [PATCH 4.19 066/338] regulator: qcom_smd: fix for_each_child.cocci warnings Greg Kroah-Hartman
` (278 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:09 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Liguang Zhang, Bjorn Helgaas, Lukas Wunner
From: Liguang Zhang <zhangliguang@linux.alibaba.com>
commit 92912b175178c7e895f5e5e9f1e30ac30319162b upstream.
Writes to a Downstream Port's Slot Control register are PCIe hotplug
"commands." If the Port supports Command Completed events, software must
wait for a command to complete before writing to Slot Control again.
pcie_do_write_cmd() sets ctrl->cmd_busy when it writes to Slot Control. If
software notification is enabled, i.e., PCI_EXP_SLTCTL_HPIE and
PCI_EXP_SLTCTL_CCIE are set, ctrl->cmd_busy is cleared by pciehp_isr().
But when software notification is disabled, as it is when pcie_init()
powers off an empty slot, pcie_wait_cmd() uses pcie_poll_cmd() to poll for
command completion, and it neglects to clear ctrl->cmd_busy, which leads to
spurious timeouts:
pcieport 0000:00:03.0: pciehp: Timeout on hotplug command 0x01c0 (issued 2264 msec ago)
pcieport 0000:00:03.0: pciehp: Timeout on hotplug command 0x05c0 (issued 2288 msec ago)
Clear ctrl->cmd_busy in pcie_poll_cmd() when it detects a Command Completed
event (PCI_EXP_SLTSTA_CC).
[bhelgaas: commit log]
Fixes: a5dd4b4b0570 ("PCI: pciehp: Wait for hotplug command completion where necessary")
Link: https://lore.kernel.org/r/20211111054258.7309-1-zhangliguang@linux.alibaba.com
Link: https://bugzilla.kernel.org/show_bug.cgi?id=215143
Link: https://lore.kernel.org/r/20211126173309.GA12255@wunner.de
Signed-off-by: Liguang Zhang <zhangliguang@linux.alibaba.com>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Reviewed-by: Lukas Wunner <lukas@wunner.de>
Cc: stable@vger.kernel.org # v4.19+
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/pci/hotplug/pciehp_hpc.c | 2 ++
1 file changed, 2 insertions(+)
--- a/drivers/pci/hotplug/pciehp_hpc.c
+++ b/drivers/pci/hotplug/pciehp_hpc.c
@@ -80,6 +80,8 @@ static int pcie_poll_cmd(struct controll
if (slot_status & PCI_EXP_SLTSTA_CC) {
pcie_capability_write_word(pdev, PCI_EXP_SLTSTA,
PCI_EXP_SLTSTA_CC);
+ ctrl->cmd_busy = 0;
+ smp_mb();
return 1;
}
if (timeout < 0)
^ permalink raw reply [flat|nested] 364+ messages in thread
* [PATCH 4.19 066/338] regulator: qcom_smd: fix for_each_child.cocci warnings
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (64 preceding siblings ...)
2022-04-14 13:09 ` [PATCH 4.19 065/338] PCI: pciehp: Clear cmd_busy bit in polling mode Greg Kroah-Hartman
@ 2022-04-14 13:09 ` Greg Kroah-Hartman
2022-04-14 13:09 ` [PATCH 4.19 067/338] crypto: authenc - Fix sleep in atomic context in decrypt_tail Greg Kroah-Hartman
` (277 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:09 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Konrad Dybcio, kernel test robot,
Julia Lawall, Mark Brown, Sasha Levin
From: kernel test robot <lkp@intel.com>
[ Upstream commit 6390d42c21efff0b4c10956a38e341f4e84ecd3d ]
drivers/regulator/qcom_smd-regulator.c:1318:1-33: WARNING: Function "for_each_available_child_of_node" should have of_node_put() before return around line 1321.
Semantic patch information:
False positives can be due to function calls within the for_each
loop that may encapsulate an of_node_put.
Generated by: scripts/coccinelle/iterators/for_each_child.cocci
Fixes: 14e2976fbabd ("regulator: qcom_smd: Align probe function with rpmh-regulator")
CC: Konrad Dybcio <konrad.dybcio@somainline.org>
Reported-by: kernel test robot <lkp@intel.com>
Signed-off-by: kernel test robot <lkp@intel.com>
Signed-off-by: Julia Lawall <julia.lawall@inria.fr>
Link: https://lore.kernel.org/r/alpine.DEB.2.22.394.2201151210170.3051@hadrien
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/regulator/qcom_smd-regulator.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/regulator/qcom_smd-regulator.c b/drivers/regulator/qcom_smd-regulator.c
index 8d920a3ad40b..3c6d6afd419e 100644
--- a/drivers/regulator/qcom_smd-regulator.c
+++ b/drivers/regulator/qcom_smd-regulator.c
@@ -751,8 +751,10 @@ static int rpm_reg_probe(struct platform_device *pdev)
for_each_available_child_of_node(dev->of_node, node) {
vreg = devm_kzalloc(&pdev->dev, sizeof(*vreg), GFP_KERNEL);
- if (!vreg)
+ if (!vreg) {
+ of_node_put(node);
return -ENOMEM;
+ }
ret = rpm_regulator_init_vreg(vreg, dev, node, rpm, vreg_data);
--
2.34.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 067/338] crypto: authenc - Fix sleep in atomic context in decrypt_tail
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (65 preceding siblings ...)
2022-04-14 13:09 ` [PATCH 4.19 066/338] regulator: qcom_smd: fix for_each_child.cocci warnings Greg Kroah-Hartman
@ 2022-04-14 13:09 ` Greg Kroah-Hartman
2022-04-14 13:09 ` [PATCH 4.19 068/338] crypto: mxs-dcp - Fix scatterlist processing Greg Kroah-Hartman
` (276 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:09 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Corentin Labbe, Herbert Xu, Sasha Levin
From: Herbert Xu <herbert@gondor.apana.org.au>
[ Upstream commit 66eae850333d639fc278d6f915c6fc01499ea893 ]
The function crypto_authenc_decrypt_tail discards its flags
argument and always relies on the flags from the original request
when starting its sub-request.
This is clearly wrong as it may cause the SLEEPABLE flag to be
set when it shouldn't.
Fixes: 92d95ba91772 ("crypto: authenc - Convert to new AEAD interface")
Reported-by: Corentin Labbe <clabbe.montjoie@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Tested-by: Corentin Labbe <clabbe.montjoie@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
crypto/authenc.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/crypto/authenc.c b/crypto/authenc.c
index 3ee10fc25aff..02d4d8517449 100644
--- a/crypto/authenc.c
+++ b/crypto/authenc.c
@@ -268,7 +268,7 @@ static int crypto_authenc_decrypt_tail(struct aead_request *req,
dst = scatterwalk_ffwd(areq_ctx->dst, req->dst, req->assoclen);
skcipher_request_set_tfm(skreq, ctx->enc);
- skcipher_request_set_callback(skreq, aead_request_flags(req),
+ skcipher_request_set_callback(skreq, flags,
req->base.complete, req->base.data);
skcipher_request_set_crypt(skreq, src, dst,
req->cryptlen - authsize, req->iv);
--
2.34.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 068/338] crypto: mxs-dcp - Fix scatterlist processing
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (66 preceding siblings ...)
2022-04-14 13:09 ` [PATCH 4.19 067/338] crypto: authenc - Fix sleep in atomic context in decrypt_tail Greg Kroah-Hartman
@ 2022-04-14 13:09 ` Greg Kroah-Hartman
2022-04-14 13:09 ` [PATCH 4.19 069/338] spi: tegra114: Add missing IRQ check in tegra_spi_probe Greg Kroah-Hartman
` (275 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:09 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Tomas Paukrt, Herbert Xu, Sasha Levin
From: Tomas Paukrt <tomaspaukrt@email.cz>
[ Upstream commit 28e9b6d8199a3f124682b143800c2dacdc3d70dd ]
This patch fixes a bug in scatterlist processing that may cause incorrect AES block encryption/decryption.
Fixes: 2e6d793e1bf0 ("crypto: mxs-dcp - Use sg_mapping_iter to copy data")
Signed-off-by: Tomas Paukrt <tomaspaukrt@email.cz>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/crypto/mxs-dcp.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/crypto/mxs-dcp.c b/drivers/crypto/mxs-dcp.c
index da834ae3586b..2da6f38e2bcb 100644
--- a/drivers/crypto/mxs-dcp.c
+++ b/drivers/crypto/mxs-dcp.c
@@ -328,7 +328,7 @@ static int mxs_dcp_aes_block_crypt(struct crypto_async_request *arq)
memset(key + AES_KEYSIZE_128, 0, AES_KEYSIZE_128);
}
- for_each_sg(req->src, src, sg_nents(src), i) {
+ for_each_sg(req->src, src, sg_nents(req->src), i) {
src_buf = sg_virt(src);
len = sg_dma_len(src);
tlen += len;
--
2.34.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 069/338] spi: tegra114: Add missing IRQ check in tegra_spi_probe
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (67 preceding siblings ...)
2022-04-14 13:09 ` [PATCH 4.19 068/338] crypto: mxs-dcp - Fix scatterlist processing Greg Kroah-Hartman
@ 2022-04-14 13:09 ` Greg Kroah-Hartman
2022-04-14 13:09 ` [PATCH 4.19 070/338] selftests/x86: Add validity check and allow field splitting Greg Kroah-Hartman
` (274 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:09 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Miaoqian Lin, Mark Brown, Sasha Levin
From: Miaoqian Lin <linmq006@gmail.com>
[ Upstream commit 4f92724d4b92c024e721063f520d66e11ca4b54b ]
This func misses checking for platform_get_irq()'s call and may passes the
negative error codes to request_threaded_irq(), which takes unsigned IRQ #,
causing it to fail with -EINVAL, overriding an original error code.
Stop calling request_threaded_irq() with invalid IRQ #s.
Fixes: f333a331adfa ("spi/tegra114: add spi driver")
Signed-off-by: Miaoqian Lin <linmq006@gmail.com>
Link: https://lore.kernel.org/r/20220128165238.25615-1-linmq006@gmail.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/spi/spi-tegra114.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/drivers/spi/spi-tegra114.c b/drivers/spi/spi-tegra114.c
index c510b53e5e3f..a8264f880b76 100644
--- a/drivers/spi/spi-tegra114.c
+++ b/drivers/spi/spi-tegra114.c
@@ -1136,6 +1136,10 @@ static int tegra_spi_probe(struct platform_device *pdev)
tspi->phys = r->start;
spi_irq = platform_get_irq(pdev, 0);
+ if (spi_irq < 0) {
+ ret = spi_irq;
+ goto exit_free_master;
+ }
tspi->irq = spi_irq;
tspi->clk = devm_clk_get(&pdev->dev, "spi");
--
2.34.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 070/338] selftests/x86: Add validity check and allow field splitting
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (68 preceding siblings ...)
2022-04-14 13:09 ` [PATCH 4.19 069/338] spi: tegra114: Add missing IRQ check in tegra_spi_probe Greg Kroah-Hartman
@ 2022-04-14 13:09 ` Greg Kroah-Hartman
2022-04-14 13:09 ` [PATCH 4.19 071/338] spi: pxa2xx-pci: Balance reference count for PCI DMA device Greg Kroah-Hartman
` (273 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:09 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, kernelci.org bot,
Muhammad Usama Anjum, Dave Hansen, Sasha Levin
From: Muhammad Usama Anjum <usama.anjum@collabora.com>
[ Upstream commit b06e15ebd5bfb670f93c7f11a29b8299c1178bc6 ]
Add check to test if CC has a string. CC can have multiple sub-strings
like "ccache gcc". Erorr pops up if it is treated as single string and
double quotes are used around it. This can be fixed by removing the
quotes and not treating CC as a single string.
Fixes: e9886ace222e ("selftests, x86: Rework x86 target architecture detection")
Reported-by: "kernelci.org bot" <bot@kernelci.org>
Signed-off-by: Muhammad Usama Anjum <usama.anjum@collabora.com>
Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com>
Link: https://lkml.kernel.org/r/20220214184109.3739179-2-usama.anjum@collabora.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/testing/selftests/x86/check_cc.sh | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tools/testing/selftests/x86/check_cc.sh b/tools/testing/selftests/x86/check_cc.sh
index 172d3293fb7b..356689c56397 100755
--- a/tools/testing/selftests/x86/check_cc.sh
+++ b/tools/testing/selftests/x86/check_cc.sh
@@ -7,7 +7,7 @@ CC="$1"
TESTPROG="$2"
shift 2
-if "$CC" -o /dev/null "$TESTPROG" -O0 "$@" 2>/dev/null; then
+if [ -n "$CC" ] && $CC -o /dev/null "$TESTPROG" -O0 "$@" 2>/dev/null; then
echo 1
else
echo 0
--
2.34.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 071/338] spi: pxa2xx-pci: Balance reference count for PCI DMA device
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (69 preceding siblings ...)
2022-04-14 13:09 ` [PATCH 4.19 070/338] selftests/x86: Add validity check and allow field splitting Greg Kroah-Hartman
@ 2022-04-14 13:09 ` Greg Kroah-Hartman
2022-04-14 13:09 ` [PATCH 4.19 072/338] hwmon: (pmbus) Add mutex to regulator ops Greg Kroah-Hartman
` (272 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:09 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Wang Qing, Andy Shevchenko,
Mark Brown, Sasha Levin
From: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
[ Upstream commit 609d7ffdc42199a0ec949db057e3b4be6745d6c5 ]
The pci_get_slot() increases its reference count, the caller
must decrement the reference count by calling pci_dev_put().
Fixes: 743485ea3bee ("spi: pxa2xx-pci: Do a specific setup in a separate function")
Fixes: 25014521603f ("spi: pxa2xx-pci: Enable DMA for Intel Merrifield")
Reported-by: Wang Qing <wangqing@vivo.com>
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Link: https://lore.kernel.org/r/20220223191637.31147-1-andriy.shevchenko@linux.intel.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/spi/spi-pxa2xx-pci.c | 17 ++++++++++++++++-
1 file changed, 16 insertions(+), 1 deletion(-)
diff --git a/drivers/spi/spi-pxa2xx-pci.c b/drivers/spi/spi-pxa2xx-pci.c
index 1736a48bbcce..54e316eb0891 100644
--- a/drivers/spi/spi-pxa2xx-pci.c
+++ b/drivers/spi/spi-pxa2xx-pci.c
@@ -72,14 +72,23 @@ static bool lpss_dma_filter(struct dma_chan *chan, void *param)
return true;
}
+static void lpss_dma_put_device(void *dma_dev)
+{
+ pci_dev_put(dma_dev);
+}
+
static int lpss_spi_setup(struct pci_dev *dev, struct pxa_spi_info *c)
{
struct pci_dev *dma_dev;
+ int ret;
c->num_chipselect = 1;
c->max_clk_rate = 50000000;
dma_dev = pci_get_slot(dev->bus, PCI_DEVFN(PCI_SLOT(dev->devfn), 0));
+ ret = devm_add_action_or_reset(&dev->dev, lpss_dma_put_device, dma_dev);
+ if (ret)
+ return ret;
if (c->tx_param) {
struct dw_dma_slave *slave = c->tx_param;
@@ -103,8 +112,9 @@ static int lpss_spi_setup(struct pci_dev *dev, struct pxa_spi_info *c)
static int mrfld_spi_setup(struct pci_dev *dev, struct pxa_spi_info *c)
{
- struct pci_dev *dma_dev = pci_get_slot(dev->bus, PCI_DEVFN(21, 0));
struct dw_dma_slave *tx, *rx;
+ struct pci_dev *dma_dev;
+ int ret;
switch (PCI_FUNC(dev->devfn)) {
case 0:
@@ -129,6 +139,11 @@ static int mrfld_spi_setup(struct pci_dev *dev, struct pxa_spi_info *c)
return -ENODEV;
}
+ dma_dev = pci_get_slot(dev->bus, PCI_DEVFN(21, 0));
+ ret = devm_add_action_or_reset(&dev->dev, lpss_dma_put_device, dma_dev);
+ if (ret)
+ return ret;
+
tx = c->tx_param;
tx->dma_dev = &dma_dev->dev;
--
2.34.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 072/338] hwmon: (pmbus) Add mutex to regulator ops
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (70 preceding siblings ...)
2022-04-14 13:09 ` [PATCH 4.19 071/338] spi: pxa2xx-pci: Balance reference count for PCI DMA device Greg Kroah-Hartman
@ 2022-04-14 13:09 ` Greg Kroah-Hartman
2022-04-14 13:09 ` [PATCH 4.19 073/338] hwmon: (sch56xx-common) Replace WDOG_ACTIVE with WDOG_HW_RUNNING Greg Kroah-Hartman
` (271 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:09 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Patrick Rudolph,
Marcello Sylvester Bauer, Alan Tull, Guenter Roeck, Sasha Levin
From: Patrick Rudolph <patrick.rudolph@9elements.com>
[ Upstream commit 686d303ee6301261b422ea51e64833d7909a2c36 ]
On PMBUS devices with multiple pages, the regulator ops need to be
protected with the update mutex. This prevents accidentally changing
the page in a separate thread while operating on the PMBUS_OPERATION
register.
Tested on Infineon xdpe11280 while a separate thread polls for sensor
data.
Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com>
Signed-off-by: Marcello Sylvester Bauer <sylv@sylv.io>
Link: https://lore.kernel.org/r/b991506bcbf665f7af185945f70bf9d5cf04637c.1645804976.git.sylv@sylv.io
Fixes: ddbb4db4ced1b ("hwmon: (pmbus) Add regulator support")
Cc: Alan Tull <atull@opensource.altera.com>
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/hwmon/pmbus/pmbus_core.c | 16 +++++++++++++---
1 file changed, 13 insertions(+), 3 deletions(-)
diff --git a/drivers/hwmon/pmbus/pmbus_core.c b/drivers/hwmon/pmbus/pmbus_core.c
index cd24b375df1e..d822aeab333d 100644
--- a/drivers/hwmon/pmbus/pmbus_core.c
+++ b/drivers/hwmon/pmbus/pmbus_core.c
@@ -2074,10 +2074,14 @@ static int pmbus_regulator_is_enabled(struct regulator_dev *rdev)
{
struct device *dev = rdev_get_dev(rdev);
struct i2c_client *client = to_i2c_client(dev->parent);
+ struct pmbus_data *data = i2c_get_clientdata(client);
u8 page = rdev_get_id(rdev);
int ret;
+ mutex_lock(&data->update_lock);
ret = pmbus_read_byte_data(client, page, PMBUS_OPERATION);
+ mutex_unlock(&data->update_lock);
+
if (ret < 0)
return ret;
@@ -2088,11 +2092,17 @@ static int _pmbus_regulator_on_off(struct regulator_dev *rdev, bool enable)
{
struct device *dev = rdev_get_dev(rdev);
struct i2c_client *client = to_i2c_client(dev->parent);
+ struct pmbus_data *data = i2c_get_clientdata(client);
u8 page = rdev_get_id(rdev);
+ int ret;
- return pmbus_update_byte_data(client, page, PMBUS_OPERATION,
- PB_OPERATION_CONTROL_ON,
- enable ? PB_OPERATION_CONTROL_ON : 0);
+ mutex_lock(&data->update_lock);
+ ret = pmbus_update_byte_data(client, page, PMBUS_OPERATION,
+ PB_OPERATION_CONTROL_ON,
+ enable ? PB_OPERATION_CONTROL_ON : 0);
+ mutex_unlock(&data->update_lock);
+
+ return ret;
}
static int pmbus_regulator_enable(struct regulator_dev *rdev)
--
2.34.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 073/338] hwmon: (sch56xx-common) Replace WDOG_ACTIVE with WDOG_HW_RUNNING
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (71 preceding siblings ...)
2022-04-14 13:09 ` [PATCH 4.19 072/338] hwmon: (pmbus) Add mutex to regulator ops Greg Kroah-Hartman
@ 2022-04-14 13:09 ` Greg Kroah-Hartman
2022-04-14 13:09 ` [PATCH 4.19 074/338] block: dont delete queue kobject before its children Greg Kroah-Hartman
` (270 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:09 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Guenter Roeck, Armin Wolf,
Hans de Goede, Sasha Levin
From: Armin Wolf <W_Armin@gmx.de>
[ Upstream commit 647d6f09bea7dacf4cdb6d4ea7e3051883955297 ]
If the watchdog was already enabled by the BIOS after booting, the
watchdog infrastructure needs to regularly send keepalives to
prevent a unexpected reset.
WDOG_ACTIVE only serves as an status indicator for userspace,
we want to use WDOG_HW_RUNNING instead.
Since my Fujitsu Esprimo P720 does not support the watchdog,
this change is compile-tested only.
Suggested-by: Guenter Roeck <linux@roeck-us.net>
Fixes: fb551405c0f8 (watchdog: sch56xx: Use watchdog core)
Signed-off-by: Armin Wolf <W_Armin@gmx.de>
Link: https://lore.kernel.org/r/20220131211935.3656-5-W_Armin@gmx.de
Reviewed-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/hwmon/sch56xx-common.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/hwmon/sch56xx-common.c b/drivers/hwmon/sch56xx-common.c
index bda3d5285586..e1c4e6937a64 100644
--- a/drivers/hwmon/sch56xx-common.c
+++ b/drivers/hwmon/sch56xx-common.c
@@ -437,7 +437,7 @@ struct sch56xx_watchdog_data *sch56xx_watchdog_register(struct device *parent,
if (nowayout)
set_bit(WDOG_NO_WAY_OUT, &data->wddev.status);
if (output_enable & SCH56XX_WDOG_OUTPUT_ENABLE)
- set_bit(WDOG_ACTIVE, &data->wddev.status);
+ set_bit(WDOG_HW_RUNNING, &data->wddev.status);
/* Since the watchdog uses a downcounter there is no register to read
the BIOS set timeout from (if any was set at all) ->
--
2.34.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 074/338] block: dont delete queue kobject before its children
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (72 preceding siblings ...)
2022-04-14 13:09 ` [PATCH 4.19 073/338] hwmon: (sch56xx-common) Replace WDOG_ACTIVE with WDOG_HW_RUNNING Greg Kroah-Hartman
@ 2022-04-14 13:09 ` Greg Kroah-Hartman
2022-04-14 13:09 ` [PATCH 4.19 075/338] PM: hibernate: fix __setup handler error handling Greg Kroah-Hartman
` (269 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:09 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hannes Reinecke, Bart Van Assche,
Eric Biggers, Christoph Hellwig, Jens Axboe, Sasha Levin
From: Eric Biggers <ebiggers@google.com>
[ Upstream commit 0f69288253e9fc7c495047720e523b9f1aba5712 ]
kobjects aren't supposed to be deleted before their child kobjects are
deleted. Apparently this is usually benign; however, a WARN will be
triggered if one of the child kobjects has a named attribute group:
sysfs group 'modes' not found for kobject 'crypto'
WARNING: CPU: 0 PID: 1 at fs/sysfs/group.c:278 sysfs_remove_group+0x72/0x80
...
Call Trace:
sysfs_remove_groups+0x29/0x40 fs/sysfs/group.c:312
__kobject_del+0x20/0x80 lib/kobject.c:611
kobject_cleanup+0xa4/0x140 lib/kobject.c:696
kobject_release lib/kobject.c:736 [inline]
kref_put include/linux/kref.h:65 [inline]
kobject_put+0x53/0x70 lib/kobject.c:753
blk_crypto_sysfs_unregister+0x10/0x20 block/blk-crypto-sysfs.c:159
blk_unregister_queue+0xb0/0x110 block/blk-sysfs.c:962
del_gendisk+0x117/0x250 block/genhd.c:610
Fix this by moving the kobject_del() and the corresponding
kobject_uevent() to the correct place.
Fixes: 2c2086afc2b8 ("block: Protect less code with sysfs_lock in blk_{un,}register_queue()")
Reviewed-by: Hannes Reinecke <hare@suse.de>
Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Reviewed-by: Bart Van Assche <bvanassche@acm.org>
Signed-off-by: Eric Biggers <ebiggers@google.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Link: https://lore.kernel.org/r/20220124215938.2769-3-ebiggers@kernel.org
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
block/blk-sysfs.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/block/blk-sysfs.c b/block/blk-sysfs.c
index 07494deb1a26..67836f212e2d 100644
--- a/block/blk-sysfs.c
+++ b/block/blk-sysfs.c
@@ -1002,9 +1002,6 @@ void blk_unregister_queue(struct gendisk *disk)
*/
if (q->mq_ops)
blk_mq_unregister_dev(disk_to_dev(disk), q);
-
- kobject_uevent(&q->kobj, KOBJ_REMOVE);
- kobject_del(&q->kobj);
blk_trace_remove_sysfs(disk_to_dev(disk));
mutex_lock(&q->sysfs_lock);
@@ -1015,6 +1012,11 @@ void blk_unregister_queue(struct gendisk *disk)
if (q->request_fn || q->elevator)
elv_unregister_queue(q);
mutex_unlock(&q->sysfs_lock);
+
+ /* Now that we've deleted all child objects, we can delete the queue. */
+ kobject_uevent(&q->kobj, KOBJ_REMOVE);
+ kobject_del(&q->kobj);
+
mutex_unlock(&q->sysfs_dir_lock);
kobject_put(&disk_to_dev(disk)->kobj);
--
2.34.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 075/338] PM: hibernate: fix __setup handler error handling
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (73 preceding siblings ...)
2022-04-14 13:09 ` [PATCH 4.19 074/338] block: dont delete queue kobject before its children Greg Kroah-Hartman
@ 2022-04-14 13:09 ` Greg Kroah-Hartman
2022-04-14 13:09 ` [PATCH 4.19 076/338] PM: suspend: fix return value of __setup handler Greg Kroah-Hartman
` (268 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:09 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Randy Dunlap, Igor Zhbanov,
Rafael J. Wysocki, Sasha Levin
From: Randy Dunlap <rdunlap@infradead.org>
[ Upstream commit ba7ffcd4c4da374b0f64666354eeeda7d3827131 ]
If an invalid value is used in "resumedelay=<seconds>", it is
silently ignored. Add a warning message and then let the __setup
handler return 1 to indicate that the kernel command line option
has been handled.
Fixes: 317cf7e5e85e3 ("PM / hibernate: convert simple_strtoul to kstrtoul")
Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
Reported-by: Igor Zhbanov <i.zhbanov@omprussia.ru>
Link: lore.kernel.org/r/64644a2f-4a20-bab3-1e15-3b2cdd0defe3@omprussia.ru
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/power/hibernate.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/kernel/power/hibernate.c b/kernel/power/hibernate.c
index 6670a44ec5d4..6abdfdf571ee 100644
--- a/kernel/power/hibernate.c
+++ b/kernel/power/hibernate.c
@@ -1219,7 +1219,7 @@ static int __init resumedelay_setup(char *str)
int rc = kstrtouint(str, 0, &resume_delay);
if (rc)
- return rc;
+ pr_warn("resumedelay: bad option string '%s'\n", str);
return 1;
}
--
2.34.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 076/338] PM: suspend: fix return value of __setup handler
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (74 preceding siblings ...)
2022-04-14 13:09 ` [PATCH 4.19 075/338] PM: hibernate: fix __setup handler error handling Greg Kroah-Hartman
@ 2022-04-14 13:09 ` Greg Kroah-Hartman
2022-04-14 13:09 ` [PATCH 4.19 077/338] hwrng: atmel - disable trng on failure path Greg Kroah-Hartman
` (267 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:09 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Randy Dunlap, Igor Zhbanov,
Rafael J. Wysocki, Sasha Levin
From: Randy Dunlap <rdunlap@infradead.org>
[ Upstream commit 7a64ca17e4dd50d5f910769167f3553902777844 ]
If an invalid option is given for "test_suspend=<option>", the entire
string is added to init's environment, so return 1 instead of 0 from
the __setup handler.
Unknown kernel command line parameters "BOOT_IMAGE=/boot/bzImage-517rc5
test_suspend=invalid"
and
Run /sbin/init as init process
with arguments:
/sbin/init
with environment:
HOME=/
TERM=linux
BOOT_IMAGE=/boot/bzImage-517rc5
test_suspend=invalid
Fixes: 2ce986892faf ("PM / sleep: Enhance test_suspend option with repeat capability")
Fixes: 27ddcc6596e5 ("PM / sleep: Add state field to pm_states[] entries")
Fixes: a9d7052363a6 ("PM: Separate suspend to RAM functionality from core")
Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
Reported-by: Igor Zhbanov <i.zhbanov@omprussia.ru>
Link: lore.kernel.org/r/64644a2f-4a20-bab3-1e15-3b2cdd0defe3@omprussia.ru
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/power/suspend_test.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/kernel/power/suspend_test.c b/kernel/power/suspend_test.c
index 6a897e8b2a88..3f6345d60256 100644
--- a/kernel/power/suspend_test.c
+++ b/kernel/power/suspend_test.c
@@ -158,22 +158,22 @@ static int __init setup_test_suspend(char *value)
value++;
suspend_type = strsep(&value, ",");
if (!suspend_type)
- return 0;
+ return 1;
repeat = strsep(&value, ",");
if (repeat) {
if (kstrtou32(repeat, 0, &test_repeat_count_max))
- return 0;
+ return 1;
}
for (i = PM_SUSPEND_MIN; i < PM_SUSPEND_MAX; i++)
if (!strcmp(pm_labels[i], suspend_type)) {
test_state_label = pm_labels[i];
- return 0;
+ return 1;
}
printk(warn_bad_state, suspend_type);
- return 0;
+ return 1;
}
__setup("test_suspend", setup_test_suspend);
--
2.34.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 077/338] hwrng: atmel - disable trng on failure path
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (75 preceding siblings ...)
2022-04-14 13:09 ` [PATCH 4.19 076/338] PM: suspend: fix return value of __setup handler Greg Kroah-Hartman
@ 2022-04-14 13:09 ` Greg Kroah-Hartman
2022-04-14 13:09 ` [PATCH 4.19 078/338] crypto: vmx - add missing dependencies Greg Kroah-Hartman
` (266 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:09 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Claudiu Beznea, Herbert Xu, Sasha Levin
From: Claudiu Beznea <claudiu.beznea@microchip.com>
[ Upstream commit a223ea9f89ab960eb254ba78429efd42eaf845eb ]
Call atmel_trng_disable() on failure path of probe.
Fixes: a1fa98d8116f ("hwrng: atmel - disable TRNG during suspend")
Signed-off-by: Claudiu Beznea <claudiu.beznea@microchip.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/char/hw_random/atmel-rng.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/char/hw_random/atmel-rng.c b/drivers/char/hw_random/atmel-rng.c
index 433426242b87..40e6951ea078 100644
--- a/drivers/char/hw_random/atmel-rng.c
+++ b/drivers/char/hw_random/atmel-rng.c
@@ -96,6 +96,7 @@ static int atmel_trng_probe(struct platform_device *pdev)
err_register:
clk_disable_unprepare(trng->clk);
+ atmel_trng_disable(trng);
return ret;
}
--
2.34.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 078/338] crypto: vmx - add missing dependencies
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (76 preceding siblings ...)
2022-04-14 13:09 ` [PATCH 4.19 077/338] hwrng: atmel - disable trng on failure path Greg Kroah-Hartman
@ 2022-04-14 13:09 ` Greg Kroah-Hartman
2022-04-14 13:09 ` [PATCH 4.19 079/338] clocksource/drivers/timer-of: Check return value of of_iomap in timer_of_base_init() Greg Kroah-Hartman
` (265 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:09 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Nicolai Stange, Petr Vorel,
Herbert Xu, Sasha Levin
From: Petr Vorel <pvorel@suse.cz>
[ Upstream commit 647d41d3952d726d4ae49e853a9eff68ebad3b3f ]
vmx-crypto module depends on CRYPTO_AES, CRYPTO_CBC, CRYPTO_CTR or
CRYPTO_XTS, thus add them.
These dependencies are likely to be enabled, but if
CRYPTO_DEV_VMX=y && !CRYPTO_MANAGER_DISABLE_TESTS
and either of CRYPTO_AES, CRYPTO_CBC, CRYPTO_CTR or CRYPTO_XTS is built
as module or disabled, alg_test() from crypto/testmgr.c complains during
boot about failing to allocate the generic fallback implementations
(2 == ENOENT):
[ 0.540953] Failed to allocate xts(aes) fallback: -2
[ 0.541014] alg: skcipher: failed to allocate transform for p8_aes_xts: -2
[ 0.541120] alg: self-tests for p8_aes_xts (xts(aes)) failed (rc=-2)
[ 0.544440] Failed to allocate ctr(aes) fallback: -2
[ 0.544497] alg: skcipher: failed to allocate transform for p8_aes_ctr: -2
[ 0.544603] alg: self-tests for p8_aes_ctr (ctr(aes)) failed (rc=-2)
[ 0.547992] Failed to allocate cbc(aes) fallback: -2
[ 0.548052] alg: skcipher: failed to allocate transform for p8_aes_cbc: -2
[ 0.548156] alg: self-tests for p8_aes_cbc (cbc(aes)) failed (rc=-2)
[ 0.550745] Failed to allocate transformation for 'aes': -2
[ 0.550801] alg: cipher: Failed to load transform for p8_aes: -2
[ 0.550892] alg: self-tests for p8_aes (aes) failed (rc=-2)
Fixes: c07f5d3da643 ("crypto: vmx - Adding support for XTS")
Fixes: d2e3ae6f3aba ("crypto: vmx - Enabling VMX module for PPC64")
Suggested-by: Nicolai Stange <nstange@suse.de>
Signed-off-by: Petr Vorel <pvorel@suse.cz>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/crypto/vmx/Kconfig | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/drivers/crypto/vmx/Kconfig b/drivers/crypto/vmx/Kconfig
index c3d524ea6998..f39eeca87932 100644
--- a/drivers/crypto/vmx/Kconfig
+++ b/drivers/crypto/vmx/Kconfig
@@ -1,7 +1,11 @@
config CRYPTO_DEV_VMX_ENCRYPT
tristate "Encryption acceleration support on P8 CPU"
depends on CRYPTO_DEV_VMX
+ select CRYPTO_AES
+ select CRYPTO_CBC
+ select CRYPTO_CTR
select CRYPTO_GHASH
+ select CRYPTO_XTS
default m
help
Support for VMX cryptographic acceleration instructions on Power8 CPU.
--
2.34.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 079/338] clocksource/drivers/timer-of: Check return value of of_iomap in timer_of_base_init()
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (77 preceding siblings ...)
2022-04-14 13:09 ` [PATCH 4.19 078/338] crypto: vmx - add missing dependencies Greg Kroah-Hartman
@ 2022-04-14 13:09 ` Greg Kroah-Hartman
2022-04-14 13:09 ` [PATCH 4.19 080/338] ACPI: APEI: fix return value of __setup handlers Greg Kroah-Hartman
` (264 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:09 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Guillaume Ranquet, Daniel Lezcano,
Sasha Levin
From: Guillaume Ranquet <granquet@baylibre.com>
[ Upstream commit 4467b8bad2401794fb89a0268c8c8257180bf60f ]
of_base->base can either be iomapped using of_io_request_and_map() or
of_iomap() depending whether or not an of_base->name has been set.
Thus check of_base->base against NULL as of_iomap() does not return a
PTR_ERR() in case of error.
Fixes: 9aea417afa6b ("clocksource/drivers/timer-of: Don't request the resource by name")
Signed-off-by: Guillaume Ranquet <granquet@baylibre.com>
Link: https://lore.kernel.org/r/20220307172656.4836-1-granquet@baylibre.com
Signed-off-by: Daniel Lezcano <daniel.lezcano@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/clocksource/timer-of.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/drivers/clocksource/timer-of.c b/drivers/clocksource/timer-of.c
index 6e2cb3693ed8..82bb0d39e8af 100644
--- a/drivers/clocksource/timer-of.c
+++ b/drivers/clocksource/timer-of.c
@@ -164,9 +164,9 @@ static __init int timer_of_base_init(struct device_node *np,
of_base->base = of_base->name ?
of_io_request_and_map(np, of_base->index, of_base->name) :
of_iomap(np, of_base->index);
- if (IS_ERR(of_base->base)) {
- pr_err("Failed to iomap (%s)\n", of_base->name);
- return PTR_ERR(of_base->base);
+ if (IS_ERR_OR_NULL(of_base->base)) {
+ pr_err("Failed to iomap (%s:%s)\n", np->name, of_base->name);
+ return of_base->base ? PTR_ERR(of_base->base) : -ENOMEM;
}
return 0;
--
2.34.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 080/338] ACPI: APEI: fix return value of __setup handlers
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (78 preceding siblings ...)
2022-04-14 13:09 ` [PATCH 4.19 079/338] clocksource/drivers/timer-of: Check return value of of_iomap in timer_of_base_init() Greg Kroah-Hartman
@ 2022-04-14 13:09 ` Greg Kroah-Hartman
2022-04-14 13:09 ` [PATCH 4.19 081/338] crypto: ccp - ccp_dmaengine_unregister release dma channels Greg Kroah-Hartman
` (263 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:09 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Randy Dunlap, Igor Zhbanov, Huang,
Ying, Rafael J. Wysocki, Sasha Levin
From: Randy Dunlap <rdunlap@infradead.org>
[ Upstream commit f3303ff649dbf7dcdc6a6e1a922235b12b3028f4 ]
__setup() handlers should return 1 to indicate that the boot option
has been handled. Returning 0 causes a boot option to be listed in
the Unknown kernel command line parameters and also added to init's
arg list (if no '=' sign) or environment list (if of the form 'a=b').
Unknown kernel command line parameters "erst_disable
bert_disable hest_disable BOOT_IMAGE=/boot/bzImage-517rc6", will be
passed to user space.
Run /sbin/init as init process
with arguments:
/sbin/init
erst_disable
bert_disable
hest_disable
with environment:
HOME=/
TERM=linux
BOOT_IMAGE=/boot/bzImage-517rc6
Fixes: a3e2acc5e37b ("ACPI / APEI: Add Boot Error Record Table (BERT) support")
Fixes: a08f82d08053 ("ACPI, APEI, Error Record Serialization Table (ERST) support")
Fixes: 9dc966641677 ("ACPI, APEI, HEST table parsing")
Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
Reported-by: Igor Zhbanov <i.zhbanov@omprussia.ru>
Link: lore.kernel.org/r/64644a2f-4a20-bab3-1e15-3b2cdd0defe3@omprussia.ru
Reviewed-by: "Huang, Ying" <ying.huang@intel.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/acpi/apei/bert.c | 2 +-
drivers/acpi/apei/erst.c | 2 +-
drivers/acpi/apei/hest.c | 2 +-
3 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/drivers/acpi/apei/bert.c b/drivers/acpi/apei/bert.c
index 12771fcf0417..876824948c19 100644
--- a/drivers/acpi/apei/bert.c
+++ b/drivers/acpi/apei/bert.c
@@ -82,7 +82,7 @@ static int __init setup_bert_disable(char *str)
{
bert_disable = 1;
- return 0;
+ return 1;
}
__setup("bert_disable", setup_bert_disable);
diff --git a/drivers/acpi/apei/erst.c b/drivers/acpi/apei/erst.c
index ab8faa6d6616..445e85394db6 100644
--- a/drivers/acpi/apei/erst.c
+++ b/drivers/acpi/apei/erst.c
@@ -899,7 +899,7 @@ EXPORT_SYMBOL_GPL(erst_clear);
static int __init setup_erst_disable(char *str)
{
erst_disable = 1;
- return 0;
+ return 1;
}
__setup("erst_disable", setup_erst_disable);
diff --git a/drivers/acpi/apei/hest.c b/drivers/acpi/apei/hest.c
index b1e9f81ebeea..d536e4d132eb 100644
--- a/drivers/acpi/apei/hest.c
+++ b/drivers/acpi/apei/hest.c
@@ -215,7 +215,7 @@ static int __init hest_ghes_dev_register(unsigned int ghes_count)
static int __init setup_hest_disable(char *str)
{
hest_disable = HEST_DISABLED;
- return 0;
+ return 1;
}
__setup("hest_disable", setup_hest_disable);
--
2.34.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 081/338] crypto: ccp - ccp_dmaengine_unregister release dma channels
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (79 preceding siblings ...)
2022-04-14 13:09 ` [PATCH 4.19 080/338] ACPI: APEI: fix return value of __setup handlers Greg Kroah-Hartman
@ 2022-04-14 13:09 ` Greg Kroah-Hartman
2022-04-14 13:09 ` [PATCH 4.19 082/338] hwmon: (pmbus) Add Vin unit off handling Greg Kroah-Hartman
` (262 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:09 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dāvis Mosāns, John Allen,
Herbert Xu, Sasha Levin
From: Dāvis Mosāns <davispuh@gmail.com>
[ Upstream commit 54cce8ecb9254f971b40a72911c6da403720a2d2 ]
ccp_dmaengine_register adds dma_chan->device_node to dma_dev->channels list
but ccp_dmaengine_unregister didn't remove them.
That can cause crashes in various dmaengine methods that tries to use dma_dev->channels
Fixes: 58ea8abf4904 ("crypto: ccp - Register the CCP as a DMA...")
Signed-off-by: Dāvis Mosāns <davispuh@gmail.com>
Acked-by: John Allen <john.allen@amd.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/crypto/ccp/ccp-dmaengine.c | 16 ++++++++++++++++
1 file changed, 16 insertions(+)
diff --git a/drivers/crypto/ccp/ccp-dmaengine.c b/drivers/crypto/ccp/ccp-dmaengine.c
index a83588d6ba72..8209273eb85b 100644
--- a/drivers/crypto/ccp/ccp-dmaengine.c
+++ b/drivers/crypto/ccp/ccp-dmaengine.c
@@ -631,6 +631,20 @@ static int ccp_terminate_all(struct dma_chan *dma_chan)
return 0;
}
+static void ccp_dma_release(struct ccp_device *ccp)
+{
+ struct ccp_dma_chan *chan;
+ struct dma_chan *dma_chan;
+ unsigned int i;
+
+ for (i = 0; i < ccp->cmd_q_count; i++) {
+ chan = ccp->ccp_dma_chan + i;
+ dma_chan = &chan->dma_chan;
+ tasklet_kill(&chan->cleanup_tasklet);
+ list_del_rcu(&dma_chan->device_node);
+ }
+}
+
int ccp_dmaengine_register(struct ccp_device *ccp)
{
struct ccp_dma_chan *chan;
@@ -732,6 +746,7 @@ int ccp_dmaengine_register(struct ccp_device *ccp)
return 0;
err_reg:
+ ccp_dma_release(ccp);
kmem_cache_destroy(ccp->dma_desc_cache);
err_cache:
@@ -745,6 +760,7 @@ void ccp_dmaengine_unregister(struct ccp_device *ccp)
struct dma_device *dma_dev = &ccp->dma_dev;
dma_async_device_unregister(dma_dev);
+ ccp_dma_release(ccp);
kmem_cache_destroy(ccp->dma_desc_cache);
kmem_cache_destroy(ccp->dma_cmd_cache);
--
2.34.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 082/338] hwmon: (pmbus) Add Vin unit off handling
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (80 preceding siblings ...)
2022-04-14 13:09 ` [PATCH 4.19 081/338] crypto: ccp - ccp_dmaengine_unregister release dma channels Greg Kroah-Hartman
@ 2022-04-14 13:09 ` Greg Kroah-Hartman
2022-04-14 13:09 ` [PATCH 4.19 083/338] clocksource: acpi_pm: fix return value of __setup handler Greg Kroah-Hartman
` (261 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:09 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Brandon Wyman, Guenter Roeck, Sasha Levin
From: Brandon Wyman <bjwyman@gmail.com>
[ Upstream commit a5436af598779219b375c1977555c82def1c35d0 ]
If there is an input undervoltage fault, reported in STATUS_INPUT
command response, there is quite likely a "Unit Off For Insufficient
Input Voltage" condition as well.
Add a constant for bit 3 of STATUS_INPUT. Update the Vin limit
attributes to include both bits in the mask for clearing faults.
If an input undervoltage fault occurs, causing a unit off for
insufficient input voltage, but the unit is off bit is not cleared, the
STATUS_WORD will not be updated to clear the input fault condition.
Including the unit is off bit (bit 3) allows for the input fault
condition to completely clear.
Signed-off-by: Brandon Wyman <bjwyman@gmail.com>
Link: https://lore.kernel.org/r/20220317232123.2103592-1-bjwyman@gmail.com
Fixes: b4ce237b7f7d3 ("hwmon: (pmbus) Introduce infrastructure to detect sensors and limit registers")
[groeck: Dropped unnecessary ()]
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/hwmon/pmbus/pmbus.h | 1 +
drivers/hwmon/pmbus/pmbus_core.c | 2 +-
2 files changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/hwmon/pmbus/pmbus.h b/drivers/hwmon/pmbus/pmbus.h
index 1d24397d36ec..9d731de852c6 100644
--- a/drivers/hwmon/pmbus/pmbus.h
+++ b/drivers/hwmon/pmbus/pmbus.h
@@ -291,6 +291,7 @@ enum pmbus_fan_mode { percent = 0, rpm };
/*
* STATUS_VOUT, STATUS_INPUT
*/
+#define PB_VOLTAGE_VIN_OFF BIT(3)
#define PB_VOLTAGE_UV_FAULT BIT(4)
#define PB_VOLTAGE_UV_WARNING BIT(5)
#define PB_VOLTAGE_OV_WARNING BIT(6)
diff --git a/drivers/hwmon/pmbus/pmbus_core.c b/drivers/hwmon/pmbus/pmbus_core.c
index d822aeab333d..bef28e955953 100644
--- a/drivers/hwmon/pmbus/pmbus_core.c
+++ b/drivers/hwmon/pmbus/pmbus_core.c
@@ -1337,7 +1337,7 @@ static const struct pmbus_limit_attr vin_limit_attrs[] = {
.reg = PMBUS_VIN_UV_FAULT_LIMIT,
.attr = "lcrit",
.alarm = "lcrit_alarm",
- .sbit = PB_VOLTAGE_UV_FAULT,
+ .sbit = PB_VOLTAGE_UV_FAULT | PB_VOLTAGE_VIN_OFF,
}, {
.reg = PMBUS_VIN_OV_WARN_LIMIT,
.attr = "max",
--
2.34.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 083/338] clocksource: acpi_pm: fix return value of __setup handler
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (81 preceding siblings ...)
2022-04-14 13:09 ` [PATCH 4.19 082/338] hwmon: (pmbus) Add Vin unit off handling Greg Kroah-Hartman
@ 2022-04-14 13:09 ` Greg Kroah-Hartman
2022-04-14 13:09 ` [PATCH 4.19 084/338] sched/debug: Remove mpol_get/put and task_lock/unlock from sched_show_numa Greg Kroah-Hartman
` (260 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:09 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Randy Dunlap, Igor Zhbanov,
Rafael J. Wysocki, Sasha Levin
From: Randy Dunlap <rdunlap@infradead.org>
[ Upstream commit 6a861abceecb68497dd82a324fee45a5332dcece ]
__setup() handlers should return 1 to obsolete_checksetup() in
init/main.c to indicate that the boot option has been handled.
A return of 0 causes the boot option/value to be listed as an Unknown
kernel parameter and added to init's (limited) environment strings.
The __setup() handler interface isn't meant to handle negative return
values -- they are non-zero, so they mean "handled" (like a return
value of 1 does), but that's just a quirk. So return 1 from
parse_pmtmr(). Also print a warning message if kstrtouint() returns
an error.
Fixes: 6b148507d3d0 ("pmtmr: allow command line override of ioport")
Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
Reported-by: Igor Zhbanov <i.zhbanov@omprussia.ru>
Link: lore.kernel.org/r/64644a2f-4a20-bab3-1e15-3b2cdd0defe3@omprussia.ru
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/clocksource/acpi_pm.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/drivers/clocksource/acpi_pm.c b/drivers/clocksource/acpi_pm.c
index 1961e3539b57..05cc8d4e49ad 100644
--- a/drivers/clocksource/acpi_pm.c
+++ b/drivers/clocksource/acpi_pm.c
@@ -230,8 +230,10 @@ static int __init parse_pmtmr(char *arg)
int ret;
ret = kstrtouint(arg, 16, &base);
- if (ret)
- return ret;
+ if (ret) {
+ pr_warn("PMTMR: invalid 'pmtmr=' value: '%s'\n", arg);
+ return 1;
+ }
pr_info("PMTMR IOPort override: 0x%04x -> 0x%04x\n", pmtmr_ioport,
base);
--
2.34.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 084/338] sched/debug: Remove mpol_get/put and task_lock/unlock from sched_show_numa
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (82 preceding siblings ...)
2022-04-14 13:09 ` [PATCH 4.19 083/338] clocksource: acpi_pm: fix return value of __setup handler Greg Kroah-Hartman
@ 2022-04-14 13:09 ` Greg Kroah-Hartman
2022-04-14 13:09 ` [PATCH 4.19 085/338] perf/core: Fix address filter parser for multiple filters Greg Kroah-Hartman
` (259 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:09 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Bharata B Rao, Peter Zijlstra (Intel),
Srikar Dronamraju, Mel Gorman, Sasha Levin
From: Bharata B Rao <bharata@amd.com>
[ Upstream commit 28c988c3ec29db74a1dda631b18785958d57df4f ]
The older format of /proc/pid/sched printed home node info which
required the mempolicy and task lock around mpol_get(). However
the format has changed since then and there is no need for
sched_show_numa() any more to have mempolicy argument,
asssociated mpol_get/put and task_lock/unlock. Remove them.
Fixes: 397f2378f1361 ("sched/numa: Fix numa balancing stats in /proc/pid/sched")
Signed-off-by: Bharata B Rao <bharata@amd.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Reviewed-by: Srikar Dronamraju <srikar@linux.vnet.ibm.com>
Acked-by: Mel Gorman <mgorman@suse.de>
Link: https://lore.kernel.org/r/20220118050515.2973-1-bharata@amd.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/sched/debug.c | 10 ----------
1 file changed, 10 deletions(-)
diff --git a/kernel/sched/debug.c b/kernel/sched/debug.c
index 9518606fa1e5..b1ef4f2e7edc 100644
--- a/kernel/sched/debug.c
+++ b/kernel/sched/debug.c
@@ -871,25 +871,15 @@ void print_numa_stats(struct seq_file *m, int node, unsigned long tsf,
static void sched_show_numa(struct task_struct *p, struct seq_file *m)
{
#ifdef CONFIG_NUMA_BALANCING
- struct mempolicy *pol;
-
if (p->mm)
P(mm->numa_scan_seq);
- task_lock(p);
- pol = p->mempolicy;
- if (pol && !(pol->flags & MPOL_F_MORON))
- pol = NULL;
- mpol_get(pol);
- task_unlock(p);
-
P(numa_pages_migrated);
P(numa_preferred_nid);
P(total_numa_faults);
SEQ_printf(m, "current_node=%d, numa_group_id=%d\n",
task_node(p), task_numa_group_id(p));
show_numa_stats(p, m);
- mpol_put(pol);
#endif
}
--
2.34.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 085/338] perf/core: Fix address filter parser for multiple filters
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (83 preceding siblings ...)
2022-04-14 13:09 ` [PATCH 4.19 084/338] sched/debug: Remove mpol_get/put and task_lock/unlock from sched_show_numa Greg Kroah-Hartman
@ 2022-04-14 13:09 ` Greg Kroah-Hartman
2022-04-14 13:09 ` [PATCH 4.19 086/338] perf/x86/intel/pt: Fix address filter config for 32-bit kernel Greg Kroah-Hartman
` (258 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:09 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Adrian Hunter, Peter Zijlstra (Intel),
Sasha Levin
From: Adrian Hunter <adrian.hunter@intel.com>
[ Upstream commit d680ff24e9e14444c63945b43a37ede7cd6958f9 ]
Reset appropriate variables in the parser loop between parsing separate
filters, so that they do not interfere with parsing the next filter.
Fixes: 375637bc524952 ("perf/core: Introduce address range filtering")
Signed-off-by: Adrian Hunter <adrian.hunter@intel.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Link: https://lore.kernel.org/r/20220131072453.2839535-4-adrian.hunter@intel.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/events/core.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/kernel/events/core.c b/kernel/events/core.c
index 2adde229d1af..ec2f9e433208 100644
--- a/kernel/events/core.c
+++ b/kernel/events/core.c
@@ -9137,8 +9137,11 @@ perf_event_parse_addr_filter(struct perf_event *event, char *fstr,
}
/* ready to consume more filters */
+ kfree(filename);
+ filename = NULL;
state = IF_STATE_ACTION;
filter = NULL;
+ kernel = 0;
}
}
--
2.34.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 086/338] perf/x86/intel/pt: Fix address filter config for 32-bit kernel
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (84 preceding siblings ...)
2022-04-14 13:09 ` [PATCH 4.19 085/338] perf/core: Fix address filter parser for multiple filters Greg Kroah-Hartman
@ 2022-04-14 13:09 ` Greg Kroah-Hartman
2022-04-14 13:09 ` [PATCH 4.19 087/338] media: coda: Fix missing put_device() call in coda_get_vdoa_data Greg Kroah-Hartman
` (257 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:09 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Adrian Hunter, Peter Zijlstra (Intel),
Sasha Levin
From: Adrian Hunter <adrian.hunter@intel.com>
[ Upstream commit e5524bf1047eb3b3f3f33b5f59897ba67b3ade87 ]
Change from shifting 'unsigned long' to 'u64' to prevent the config bits
being lost on a 32-bit kernel.
Fixes: eadf48cab4b6b0 ("perf/x86/intel/pt: Add support for address range filtering in PT")
Signed-off-by: Adrian Hunter <adrian.hunter@intel.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Link: https://lore.kernel.org/r/20220131072453.2839535-5-adrian.hunter@intel.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/x86/events/intel/pt.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/x86/events/intel/pt.c b/arch/x86/events/intel/pt.c
index 849f0ba53a9b..49b3ea1c1ea1 100644
--- a/arch/x86/events/intel/pt.c
+++ b/arch/x86/events/intel/pt.c
@@ -460,7 +460,7 @@ static u64 pt_config_filters(struct perf_event *event)
pt->filters.filter[range].msr_b = filter->msr_b;
}
- rtit_ctl |= filter->config << pt_address_ranges[range].reg_off;
+ rtit_ctl |= (u64)filter->config << pt_address_ranges[range].reg_off;
}
return rtit_ctl;
--
2.34.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 087/338] media: coda: Fix missing put_device() call in coda_get_vdoa_data
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (85 preceding siblings ...)
2022-04-14 13:09 ` [PATCH 4.19 086/338] perf/x86/intel/pt: Fix address filter config for 32-bit kernel Greg Kroah-Hartman
@ 2022-04-14 13:09 ` Greg Kroah-Hartman
2022-04-14 13:09 ` [PATCH 4.19 088/338] video: fbdev: smscufx: Fix null-ptr-deref in ufx_usb_probe() Greg Kroah-Hartman
` (256 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:09 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Miaoqian Lin, Hans Verkuil,
Mauro Carvalho Chehab, Sasha Levin
From: Miaoqian Lin <linmq006@gmail.com>
[ Upstream commit ca85d271531a1e1c86f24b892f57b7d0a3ddb5a6 ]
The reference taken by 'of_find_device_by_node()' must be released when
not needed anymore.
Add the corresponding 'put_device()' in the error handling path.
Fixes: e7f3c5481035 ("[media] coda: use VDOA for un-tiling custom macroblock format")
Signed-off-by: Miaoqian Lin <linmq006@gmail.com>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/platform/coda/coda-common.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/media/platform/coda/coda-common.c b/drivers/media/platform/coda/coda-common.c
index fccc771d23a5..5f8da544b98d 100644
--- a/drivers/media/platform/coda/coda-common.c
+++ b/drivers/media/platform/coda/coda-common.c
@@ -376,6 +376,7 @@ static struct vdoa_data *coda_get_vdoa_data(void)
if (!vdoa_data)
vdoa_data = ERR_PTR(-EPROBE_DEFER);
+ put_device(&vdoa_pdev->dev);
out:
if (vdoa_node)
of_node_put(vdoa_node);
--
2.34.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 088/338] video: fbdev: smscufx: Fix null-ptr-deref in ufx_usb_probe()
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (86 preceding siblings ...)
2022-04-14 13:09 ` [PATCH 4.19 087/338] media: coda: Fix missing put_device() call in coda_get_vdoa_data Greg Kroah-Hartman
@ 2022-04-14 13:09 ` Greg Kroah-Hartman
2022-04-14 13:09 ` [PATCH 4.19 089/338] video: fbdev: fbcvt.c: fix printing in fb_cvt_print_name() Greg Kroah-Hartman
` (255 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:09 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hulk Robot, Wang Hai,
Thomas Zimmermann, Helge Deller, Sasha Levin
From: Wang Hai <wanghai38@huawei.com>
[ Upstream commit 1791f487f877a9e83d81c8677bd3e7b259e7cb27 ]
I got a null-ptr-deref report:
BUG: kernel NULL pointer dereference, address: 0000000000000000
...
RIP: 0010:fb_destroy_modelist+0x38/0x100
...
Call Trace:
ufx_usb_probe.cold+0x2b5/0xac1 [smscufx]
usb_probe_interface+0x1aa/0x3c0 [usbcore]
really_probe+0x167/0x460
...
ret_from_fork+0x1f/0x30
If fb_alloc_cmap() fails in ufx_usb_probe(), fb_destroy_modelist() will
be called to destroy modelist in the error handling path. But modelist
has not been initialized yet, so it will result in null-ptr-deref.
Initialize modelist before calling fb_alloc_cmap() to fix this bug.
Fixes: 3c8a63e22a08 ("Add support for SMSC UFX6000/7000 USB display adapters")
Reported-by: Hulk Robot <hulkci@huawei.com>
Signed-off-by: Wang Hai <wanghai38@huawei.com>
Acked-by: Thomas Zimmermann <tzimmermann@suse.de>
Signed-off-by: Helge Deller <deller@gmx.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/video/fbdev/smscufx.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/drivers/video/fbdev/smscufx.c b/drivers/video/fbdev/smscufx.c
index 22b606af0a87..da54a84d2e62 100644
--- a/drivers/video/fbdev/smscufx.c
+++ b/drivers/video/fbdev/smscufx.c
@@ -1662,6 +1662,7 @@ static int ufx_usb_probe(struct usb_interface *interface,
info->par = dev;
info->pseudo_palette = dev->pseudo_palette;
info->fbops = &ufx_ops;
+ INIT_LIST_HEAD(&info->modelist);
retval = fb_alloc_cmap(&info->cmap, 256, 0);
if (retval < 0) {
@@ -1672,8 +1673,6 @@ static int ufx_usb_probe(struct usb_interface *interface,
INIT_DELAYED_WORK(&dev->free_framebuffer_work,
ufx_free_framebuffer_work);
- INIT_LIST_HEAD(&info->modelist);
-
retval = ufx_reg_read(dev, 0x3000, &id_rev);
check_warn_goto_error(retval, "error %d reading 0x3000 register from device", retval);
dev_dbg(dev->gdev, "ID_REV register value 0x%08x", id_rev);
--
2.34.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 089/338] video: fbdev: fbcvt.c: fix printing in fb_cvt_print_name()
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (87 preceding siblings ...)
2022-04-14 13:09 ` [PATCH 4.19 088/338] video: fbdev: smscufx: Fix null-ptr-deref in ufx_usb_probe() Greg Kroah-Hartman
@ 2022-04-14 13:09 ` Greg Kroah-Hartman
2022-04-14 13:09 ` [PATCH 4.19 090/338] ARM: dts: qcom: ipq4019: fix sleep clock Greg Kroah-Hartman
` (254 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:09 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dan Carpenter, Helge Deller, Sasha Levin
From: Dan Carpenter <dan.carpenter@oracle.com>
[ Upstream commit 78482af095abd9f4f29f1aa3fe575d25c6ae3028 ]
This code has two bugs:
1) "cnt" is 255 but the size of the buffer is 256 so the last byte is
not used.
2) If we try to print more than 255 characters then "cnt" will be
negative and that will trigger a WARN() in snprintf(). The fix for
this is to use scnprintf() instead of snprintf().
We can re-write this code to be cleaner:
1) Rename "offset" to "off" because that's shorter.
2) Get rid of the "cnt" variable and just use "size - off" directly.
3) Get rid of the "read" variable and just increment "off" directly.
Fixes: 96fe6a2109db ("fbdev: Add VESA Coordinated Video Timings (CVT) support")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Helge Deller <deller@gmx.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/video/fbdev/core/fbcvt.c | 53 +++++++++++++-------------------
1 file changed, 21 insertions(+), 32 deletions(-)
diff --git a/drivers/video/fbdev/core/fbcvt.c b/drivers/video/fbdev/core/fbcvt.c
index 55d2bd0ce5c0..64843464c661 100644
--- a/drivers/video/fbdev/core/fbcvt.c
+++ b/drivers/video/fbdev/core/fbcvt.c
@@ -214,9 +214,11 @@ static u32 fb_cvt_aspect_ratio(struct fb_cvt_data *cvt)
static void fb_cvt_print_name(struct fb_cvt_data *cvt)
{
u32 pixcount, pixcount_mod;
- int cnt = 255, offset = 0, read = 0;
- u8 *buf = kzalloc(256, GFP_KERNEL);
+ int size = 256;
+ int off = 0;
+ u8 *buf;
+ buf = kzalloc(size, GFP_KERNEL);
if (!buf)
return;
@@ -224,43 +226,30 @@ static void fb_cvt_print_name(struct fb_cvt_data *cvt)
pixcount_mod = (cvt->xres * (cvt->yres/cvt->interlace)) % 1000000;
pixcount_mod /= 1000;
- read = snprintf(buf+offset, cnt, "fbcvt: %dx%d@%d: CVT Name - ",
- cvt->xres, cvt->yres, cvt->refresh);
- offset += read;
- cnt -= read;
+ off += scnprintf(buf + off, size - off, "fbcvt: %dx%d@%d: CVT Name - ",
+ cvt->xres, cvt->yres, cvt->refresh);
- if (cvt->status)
- snprintf(buf+offset, cnt, "Not a CVT standard - %d.%03d Mega "
- "Pixel Image\n", pixcount, pixcount_mod);
- else {
- if (pixcount) {
- read = snprintf(buf+offset, cnt, "%d", pixcount);
- cnt -= read;
- offset += read;
- }
+ if (cvt->status) {
+ off += scnprintf(buf + off, size - off,
+ "Not a CVT standard - %d.%03d Mega Pixel Image\n",
+ pixcount, pixcount_mod);
+ } else {
+ if (pixcount)
+ off += scnprintf(buf + off, size - off, "%d", pixcount);
- read = snprintf(buf+offset, cnt, ".%03dM", pixcount_mod);
- cnt -= read;
- offset += read;
+ off += scnprintf(buf + off, size - off, ".%03dM", pixcount_mod);
if (cvt->aspect_ratio == 0)
- read = snprintf(buf+offset, cnt, "3");
+ off += scnprintf(buf + off, size - off, "3");
else if (cvt->aspect_ratio == 3)
- read = snprintf(buf+offset, cnt, "4");
+ off += scnprintf(buf + off, size - off, "4");
else if (cvt->aspect_ratio == 1 || cvt->aspect_ratio == 4)
- read = snprintf(buf+offset, cnt, "9");
+ off += scnprintf(buf + off, size - off, "9");
else if (cvt->aspect_ratio == 2)
- read = snprintf(buf+offset, cnt, "A");
- else
- read = 0;
- cnt -= read;
- offset += read;
-
- if (cvt->flags & FB_CVT_FLAG_REDUCED_BLANK) {
- read = snprintf(buf+offset, cnt, "-R");
- cnt -= read;
- offset += read;
- }
+ off += scnprintf(buf + off, size - off, "A");
+
+ if (cvt->flags & FB_CVT_FLAG_REDUCED_BLANK)
+ off += scnprintf(buf + off, size - off, "-R");
}
printk(KERN_INFO "%s\n", buf);
--
2.34.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 090/338] ARM: dts: qcom: ipq4019: fix sleep clock
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (88 preceding siblings ...)
2022-04-14 13:09 ` [PATCH 4.19 089/338] video: fbdev: fbcvt.c: fix printing in fb_cvt_print_name() Greg Kroah-Hartman
@ 2022-04-14 13:09 ` Greg Kroah-Hartman
2022-04-14 13:09 ` [PATCH 4.19 091/338] soc: ti: wkup_m3_ipc: Fix IRQ check in wkup_m3_ipc_probe Greg Kroah-Hartman
` (253 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:09 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Pavel Kubelun, Bjorn Andersson,
Sasha Levin, Christian Lamparter
From: Pavel Kubelun <be.dissent@gmail.com>
[ Upstream commit 3d7e7980993d2c1ae42d3d314040fc2de6a9c45f ]
It seems like sleep_clk was copied from ipq806x.
Fix ipq40xx sleep_clk to the value QSDK defines.
Link: https://source.codeaurora.org/quic/qsdk/oss/kernel/linux-msm/commit/?id=d92ec59973484acc86dd24b67f10f8911b4b4b7d
Link: https://patchwork.kernel.org/comment/22721613/
Fixes: bec6ba4cdf2a ("qcom: ipq4019: Add basic board/dts support for IPQ4019 SoC")
Suggested-by: Bjorn Andersson <bjorn.andersson@linaro.org> (clock-output-names)
Signed-off-by: Pavel Kubelun <be.dissent@gmail.com>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com> (removed clock rename)
Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org>
Link: https://lore.kernel.org/r/20211220170352.34591-1-chunkeey@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/boot/dts/qcom-ipq4019.dtsi | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/arch/arm/boot/dts/qcom-ipq4019.dtsi b/arch/arm/boot/dts/qcom-ipq4019.dtsi
index 8328ad589e2b..59527bb1225a 100644
--- a/arch/arm/boot/dts/qcom-ipq4019.dtsi
+++ b/arch/arm/boot/dts/qcom-ipq4019.dtsi
@@ -135,7 +135,8 @@
clocks {
sleep_clk: sleep_clk {
compatible = "fixed-clock";
- clock-frequency = <32768>;
+ clock-frequency = <32000>;
+ clock-output-names = "gcc_sleep_clk_src";
#clock-cells = <0>;
};
--
2.34.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 091/338] soc: ti: wkup_m3_ipc: Fix IRQ check in wkup_m3_ipc_probe
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (89 preceding siblings ...)
2022-04-14 13:09 ` [PATCH 4.19 090/338] ARM: dts: qcom: ipq4019: fix sleep clock Greg Kroah-Hartman
@ 2022-04-14 13:09 ` Greg Kroah-Hartman
2022-04-14 13:09 ` [PATCH 4.19 092/338] media: em28xx: initialize refcount before kref_get Greg Kroah-Hartman
` (252 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:09 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Miaoqian Lin, Nishanth Menon,
Dave Gerlach, Sasha Levin
From: Miaoqian Lin <linmq006@gmail.com>
[ Upstream commit c3d66a164c726cc3b072232d3b6d87575d194084 ]
platform_get_irq() returns negative error number instead 0 on failure.
And the doc of platform_get_irq() provides a usage example:
int irq = platform_get_irq(pdev, 0);
if (irq < 0)
return irq;
Fix the check of return value to catch errors correctly.
Fixes: cdd5de500b2c ("soc: ti: Add wkup_m3_ipc driver")
Signed-off-by: Miaoqian Lin <linmq006@gmail.com>
Signed-off-by: Nishanth Menon <nm@ti.com>
Acked-by: Dave Gerlach <d-gerlach@ti.com>
Link: https://lore.kernel.org/r/20220114062840.16620-1-linmq006@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/soc/ti/wkup_m3_ipc.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/soc/ti/wkup_m3_ipc.c b/drivers/soc/ti/wkup_m3_ipc.c
index c1fda6acb670..8358b97505db 100644
--- a/drivers/soc/ti/wkup_m3_ipc.c
+++ b/drivers/soc/ti/wkup_m3_ipc.c
@@ -454,9 +454,9 @@ static int wkup_m3_ipc_probe(struct platform_device *pdev)
}
irq = platform_get_irq(pdev, 0);
- if (!irq) {
+ if (irq < 0) {
dev_err(&pdev->dev, "no irq resource\n");
- return -ENXIO;
+ return irq;
}
ret = devm_request_irq(dev, irq, wkup_m3_txev_handler,
--
2.34.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 092/338] media: em28xx: initialize refcount before kref_get
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (90 preceding siblings ...)
2022-04-14 13:09 ` [PATCH 4.19 091/338] soc: ti: wkup_m3_ipc: Fix IRQ check in wkup_m3_ipc_probe Greg Kroah-Hartman
@ 2022-04-14 13:09 ` Greg Kroah-Hartman
2022-04-14 13:09 ` [PATCH 4.19 093/338] media: usb: go7007: s2250-board: fix leak in probe() Greg Kroah-Hartman
` (251 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:09 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, syzkaller, Dongliang Mu,
Hans Verkuil, Sasha Levin
From: Dongliang Mu <mudongliangabcd@gmail.com>
[ Upstream commit c08eadca1bdfa099e20a32f8fa4b52b2f672236d ]
The commit 47677e51e2a4("[media] em28xx: Only deallocate struct
em28xx after finishing all extensions") adds kref_get to many init
functions (e.g., em28xx_audio_init). However, kref_init is called too
late in em28xx_usb_probe, since em28xx_init_dev before will invoke
those init functions and call kref_get function. Then refcount bug
occurs in my local syzkaller instance.
Fix it by moving kref_init before em28xx_init_dev. This issue occurs
not only in dev but also dev->dev_next.
Fixes: 47677e51e2a4 ("[media] em28xx: Only deallocate struct em28xx after finishing all extensions")
Reported-by: syzkaller <syzkaller@googlegroups.com>
Signed-off-by: Dongliang Mu <mudongliangabcd@gmail.com>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/usb/em28xx/em28xx-cards.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/drivers/media/usb/em28xx/em28xx-cards.c b/drivers/media/usb/em28xx/em28xx-cards.c
index 06da08f8efdb..c7f79d0f3883 100644
--- a/drivers/media/usb/em28xx/em28xx-cards.c
+++ b/drivers/media/usb/em28xx/em28xx-cards.c
@@ -3822,6 +3822,8 @@ static int em28xx_usb_probe(struct usb_interface *intf,
goto err_free;
}
+ kref_init(&dev->ref);
+
dev->devno = nr;
dev->model = id->driver_info;
dev->alt = -1;
@@ -3922,6 +3924,8 @@ static int em28xx_usb_probe(struct usb_interface *intf,
}
if (dev->board.has_dual_ts && em28xx_duplicate_dev(dev) == 0) {
+ kref_init(&dev->dev_next->ref);
+
dev->dev_next->ts = SECONDARY_TS;
dev->dev_next->alt = -1;
dev->dev_next->is_audio_only = has_vendor_audio &&
@@ -3976,12 +3980,8 @@ static int em28xx_usb_probe(struct usb_interface *intf,
em28xx_write_reg(dev, 0x0b, 0x82);
mdelay(100);
}
-
- kref_init(&dev->dev_next->ref);
}
- kref_init(&dev->ref);
-
request_modules(dev);
/*
--
2.34.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 093/338] media: usb: go7007: s2250-board: fix leak in probe()
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (91 preceding siblings ...)
2022-04-14 13:09 ` [PATCH 4.19 092/338] media: em28xx: initialize refcount before kref_get Greg Kroah-Hartman
@ 2022-04-14 13:09 ` Greg Kroah-Hartman
2022-04-14 13:09 ` [PATCH 4.19 094/338] ASoC: rt5663: check the return value of devm_kzalloc() in rt5663_parse_dp() Greg Kroah-Hartman
` (250 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:09 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dan Carpenter, Hans Verkuil, Sasha Levin
From: Dan Carpenter <dan.carpenter@oracle.com>
[ Upstream commit 67e4550ecd6164bfbdff54c169e5bbf9ccfaf14d ]
Call i2c_unregister_device(audio) on this error path.
Fixes: d3b2ccd9e307 ("[media] s2250: convert to the control framework")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/usb/go7007/s2250-board.c | 10 ++++------
1 file changed, 4 insertions(+), 6 deletions(-)
diff --git a/drivers/media/usb/go7007/s2250-board.c b/drivers/media/usb/go7007/s2250-board.c
index 1466db150d82..625e77f4dbd2 100644
--- a/drivers/media/usb/go7007/s2250-board.c
+++ b/drivers/media/usb/go7007/s2250-board.c
@@ -512,6 +512,7 @@ static int s2250_probe(struct i2c_client *client,
u8 *data;
struct go7007 *go = i2c_get_adapdata(adapter);
struct go7007_usb *usb = go->hpi_context;
+ int err = -EIO;
audio = i2c_new_dummy(adapter, TLV320_ADDRESS >> 1);
if (audio == NULL)
@@ -540,11 +541,8 @@ static int s2250_probe(struct i2c_client *client,
V4L2_CID_HUE, -512, 511, 1, 0);
sd->ctrl_handler = &state->hdl;
if (state->hdl.error) {
- int err = state->hdl.error;
-
- v4l2_ctrl_handler_free(&state->hdl);
- kfree(state);
- return err;
+ err = state->hdl.error;
+ goto fail;
}
state->std = V4L2_STD_NTSC;
@@ -608,7 +606,7 @@ static int s2250_probe(struct i2c_client *client,
i2c_unregister_device(audio);
v4l2_ctrl_handler_free(&state->hdl);
kfree(state);
- return -EIO;
+ return err;
}
static int s2250_remove(struct i2c_client *client)
--
2.34.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 094/338] ASoC: rt5663: check the return value of devm_kzalloc() in rt5663_parse_dp()
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (92 preceding siblings ...)
2022-04-14 13:09 ` [PATCH 4.19 093/338] media: usb: go7007: s2250-board: fix leak in probe() Greg Kroah-Hartman
@ 2022-04-14 13:09 ` Greg Kroah-Hartman
2022-04-14 13:09 ` [PATCH 4.19 095/338] ASoC: ti: davinci-i2s: Add check for clk_enable() Greg Kroah-Hartman
` (249 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:09 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, TOTE Robot, Jia-Ju Bai, Mark Brown,
Sasha Levin
From: Jia-Ju Bai <baijiaju1990@gmail.com>
[ Upstream commit 4d06f92f38b799295ae22c98be7a20cac3e2a1a7 ]
The function devm_kzalloc() in rt5663_parse_dp() can fail, so its return
value should be checked.
Fixes: 457c25efc592 ("ASoC: rt5663: Add the function of impedance sensing")
Reported-by: TOTE Robot <oslab@tsinghua.edu.cn>
Signed-off-by: Jia-Ju Bai <baijiaju1990@gmail.com>
Link: https://lore.kernel.org/r/20220225131030.27248-1-baijiaju1990@gmail.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/codecs/rt5663.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/sound/soc/codecs/rt5663.c b/sound/soc/codecs/rt5663.c
index dd77f131ce6c..b92e1b6ed383 100644
--- a/sound/soc/codecs/rt5663.c
+++ b/sound/soc/codecs/rt5663.c
@@ -3463,6 +3463,8 @@ static int rt5663_parse_dp(struct rt5663_priv *rt5663, struct device *dev)
table_size = sizeof(struct impedance_mapping_table) *
rt5663->pdata.impedance_sensing_num;
rt5663->imp_table = devm_kzalloc(dev, table_size, GFP_KERNEL);
+ if (!rt5663->imp_table)
+ return -ENOMEM;
ret = device_property_read_u32_array(dev,
"realtek,impedance_sensing_table",
(u32 *)rt5663->imp_table, table_size);
--
2.34.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 095/338] ASoC: ti: davinci-i2s: Add check for clk_enable()
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (93 preceding siblings ...)
2022-04-14 13:09 ` [PATCH 4.19 094/338] ASoC: rt5663: check the return value of devm_kzalloc() in rt5663_parse_dp() Greg Kroah-Hartman
@ 2022-04-14 13:09 ` Greg Kroah-Hartman
2022-04-14 13:09 ` [PATCH 4.19 096/338] ALSA: spi: " Greg Kroah-Hartman
` (248 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:09 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jiasheng Jiang, Peter Ujfalusi,
Mark Brown, Sasha Levin
From: Jiasheng Jiang <jiasheng@iscas.ac.cn>
[ Upstream commit ed7c9fef11931fc5d32a83d68017ff390bf5c280 ]
As the potential failure of the clk_enable(),
it should be better to check it and return error
if fails.
Fixes: 5f9a50c3e55e ("ASoC: Davinci: McBSP: add device tree support for McBSP")
Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>
Acked-by: Peter Ujfalusi <peter.ujfalusi@gmail.com>
Link: https://lore.kernel.org/r/20220228031540.3571959-1-jiasheng@iscas.ac.cn
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/davinci/davinci-i2s.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/sound/soc/davinci/davinci-i2s.c b/sound/soc/davinci/davinci-i2s.c
index a3206e65e5e5..205841e46046 100644
--- a/sound/soc/davinci/davinci-i2s.c
+++ b/sound/soc/davinci/davinci-i2s.c
@@ -721,7 +721,9 @@ static int davinci_i2s_probe(struct platform_device *pdev)
dev->clk = clk_get(&pdev->dev, NULL);
if (IS_ERR(dev->clk))
return -ENODEV;
- clk_enable(dev->clk);
+ ret = clk_enable(dev->clk);
+ if (ret)
+ goto err_put_clk;
dev->dev = &pdev->dev;
dev_set_drvdata(&pdev->dev, dev);
@@ -743,6 +745,7 @@ static int davinci_i2s_probe(struct platform_device *pdev)
snd_soc_unregister_component(&pdev->dev);
err_release_clk:
clk_disable(dev->clk);
+err_put_clk:
clk_put(dev->clk);
return ret;
}
--
2.34.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 096/338] ALSA: spi: Add check for clk_enable()
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (94 preceding siblings ...)
2022-04-14 13:09 ` [PATCH 4.19 095/338] ASoC: ti: davinci-i2s: Add check for clk_enable() Greg Kroah-Hartman
@ 2022-04-14 13:09 ` Greg Kroah-Hartman
2022-04-14 13:10 ` [PATCH 4.19 097/338] arm64: dts: ns2: Fix spi-cpol and spi-cpha property Greg Kroah-Hartman
` (247 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:09 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jiasheng Jiang, Takashi Iwai, Sasha Levin
From: Jiasheng Jiang <jiasheng@iscas.ac.cn>
[ Upstream commit ca1697eb09208f0168d94b88b72f57505339cbe5 ]
As the potential failure of the clk_enable(),
it should be better to check it and return error
if fails.
Fixes: 3568459a5113 ("ALSA: at73c213: manage SSC clock")
Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>
Link: https://lore.kernel.org/r/20220228022839.3547266-1-jiasheng@iscas.ac.cn
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/spi/at73c213.c | 27 +++++++++++++++++++++------
1 file changed, 21 insertions(+), 6 deletions(-)
diff --git a/sound/spi/at73c213.c b/sound/spi/at73c213.c
index 1ef52edeb538..3763f06ed784 100644
--- a/sound/spi/at73c213.c
+++ b/sound/spi/at73c213.c
@@ -221,7 +221,9 @@ static int snd_at73c213_pcm_open(struct snd_pcm_substream *substream)
runtime->hw = snd_at73c213_playback_hw;
chip->substream = substream;
- clk_enable(chip->ssc->clk);
+ err = clk_enable(chip->ssc->clk);
+ if (err)
+ return err;
return 0;
}
@@ -787,7 +789,9 @@ static int snd_at73c213_chip_init(struct snd_at73c213 *chip)
goto out;
/* Enable DAC master clock. */
- clk_enable(chip->board->dac_clk);
+ retval = clk_enable(chip->board->dac_clk);
+ if (retval)
+ goto out;
/* Initialize at73c213 on SPI bus. */
retval = snd_at73c213_write_reg(chip, DAC_RST, 0x04);
@@ -900,7 +904,9 @@ static int snd_at73c213_dev_init(struct snd_card *card,
chip->card = card;
chip->irq = -1;
- clk_enable(chip->ssc->clk);
+ retval = clk_enable(chip->ssc->clk);
+ if (retval)
+ return retval;
retval = request_irq(irq, snd_at73c213_interrupt, 0, "at73c213", chip);
if (retval) {
@@ -1019,7 +1025,9 @@ static int snd_at73c213_remove(struct spi_device *spi)
int retval;
/* Stop playback. */
- clk_enable(chip->ssc->clk);
+ retval = clk_enable(chip->ssc->clk);
+ if (retval)
+ goto out;
ssc_writel(chip->ssc->regs, CR, SSC_BIT(CR_TXDIS));
clk_disable(chip->ssc->clk);
@@ -1099,9 +1107,16 @@ static int snd_at73c213_resume(struct device *dev)
{
struct snd_card *card = dev_get_drvdata(dev);
struct snd_at73c213 *chip = card->private_data;
+ int retval;
- clk_enable(chip->board->dac_clk);
- clk_enable(chip->ssc->clk);
+ retval = clk_enable(chip->board->dac_clk);
+ if (retval)
+ return retval;
+ retval = clk_enable(chip->ssc->clk);
+ if (retval) {
+ clk_disable(chip->board->dac_clk);
+ return retval;
+ }
ssc_writel(chip->ssc->regs, CR, SSC_BIT(CR_TXEN));
return 0;
--
2.34.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 097/338] arm64: dts: ns2: Fix spi-cpol and spi-cpha property
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (95 preceding siblings ...)
2022-04-14 13:09 ` [PATCH 4.19 096/338] ALSA: spi: " Greg Kroah-Hartman
@ 2022-04-14 13:10 ` Greg Kroah-Hartman
2022-04-14 13:10 ` [PATCH 4.19 098/338] arm64: dts: broadcom: Fix sata nodename Greg Kroah-Hartman
` (246 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:10 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Kuldeep Singh, Ray Jui,
Scott Branden, Florian Fainelli, Sasha Levin
From: Kuldeep Singh <singh.kuldeep87k@gmail.com>
[ Upstream commit c953c764e505428f59ffe6afb1c73b89b5b1ac35 ]
Broadcom ns2 platform has spi-cpol and spi-cpho properties set
incorrectly. As per spi-slave-peripheral-prop.yaml, these properties are
of flag or boolean type and not integer type. Fix the values.
Fixes: d69dbd9f41a7c (arm64: dts: Add ARM PL022 SPI DT nodes for NS2)
Signed-off-by: Kuldeep Singh <singh.kuldeep87k@gmail.com>
CC: Ray Jui <rjui@broadcom.com>
CC: Scott Branden <sbranden@broadcom.com>
CC: Florian Fainelli <f.fainelli@gmail.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/boot/dts/broadcom/northstar2/ns2-svk.dts | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/arch/arm64/boot/dts/broadcom/northstar2/ns2-svk.dts b/arch/arm64/boot/dts/broadcom/northstar2/ns2-svk.dts
index ec19fbf928a1..12a4b1c03390 100644
--- a/arch/arm64/boot/dts/broadcom/northstar2/ns2-svk.dts
+++ b/arch/arm64/boot/dts/broadcom/northstar2/ns2-svk.dts
@@ -111,8 +111,8 @@
compatible = "silabs,si3226x";
reg = <0>;
spi-max-frequency = <5000000>;
- spi-cpha = <1>;
- spi-cpol = <1>;
+ spi-cpha;
+ spi-cpol;
pl022,hierarchy = <0>;
pl022,interface = <0>;
pl022,slave-tx-disable = <0>;
@@ -135,8 +135,8 @@
at25,byte-len = <0x8000>;
at25,addr-mode = <2>;
at25,page-size = <64>;
- spi-cpha = <1>;
- spi-cpol = <1>;
+ spi-cpha;
+ spi-cpol;
pl022,hierarchy = <0>;
pl022,interface = <0>;
pl022,slave-tx-disable = <0>;
--
2.34.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 098/338] arm64: dts: broadcom: Fix sata nodename
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (96 preceding siblings ...)
2022-04-14 13:10 ` [PATCH 4.19 097/338] arm64: dts: ns2: Fix spi-cpol and spi-cpha property Greg Kroah-Hartman
@ 2022-04-14 13:10 ` Greg Kroah-Hartman
2022-04-14 13:10 ` [PATCH 4.19 099/338] printk: fix return value of printk.devkmsg __setup handler Greg Kroah-Hartman
` (245 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:10 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Frank Wunderlich, Florian Fainelli,
Sasha Levin
From: Frank Wunderlich <frank-w@public-files.de>
[ Upstream commit 55927cb44db43a57699fa652e2437a91620385dc ]
After converting ahci-platform txt binding to yaml nodename is reported
as not matching the standard:
arch/arm64/boot/dts/broadcom/northstar2/ns2-svk.dt.yaml:
ahci@663f2000: $nodename:0: 'ahci@663f2000' does not match '^sata(@.*)?$'
Fix it to match binding.
Fixes: ac9aae00f0fc ("arm64: dts: Add SATA3 AHCI and SATA3 PHY DT nodes for NS2")
Signed-off-by: Frank Wunderlich <frank-w@public-files.de>
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/boot/dts/broadcom/northstar2/ns2.dtsi | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/arm64/boot/dts/broadcom/northstar2/ns2.dtsi b/arch/arm64/boot/dts/broadcom/northstar2/ns2.dtsi
index 6bfb7bbd264a..772ecf4ed3e6 100644
--- a/arch/arm64/boot/dts/broadcom/northstar2/ns2.dtsi
+++ b/arch/arm64/boot/dts/broadcom/northstar2/ns2.dtsi
@@ -687,7 +687,7 @@
};
};
- sata: ahci@663f2000 {
+ sata: sata@663f2000 {
compatible = "brcm,iproc-ahci", "generic-ahci";
reg = <0x663f2000 0x1000>;
dma-coherent;
--
2.34.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 099/338] printk: fix return value of printk.devkmsg __setup handler
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (97 preceding siblings ...)
2022-04-14 13:10 ` [PATCH 4.19 098/338] arm64: dts: broadcom: Fix sata nodename Greg Kroah-Hartman
@ 2022-04-14 13:10 ` Greg Kroah-Hartman
2022-04-14 13:10 ` [PATCH 4.19 100/338] ASoC: mxs-saif: Handle errors for clk_enable Greg Kroah-Hartman
` (244 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:10 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Randy Dunlap, Igor Zhbanov,
Borislav Petkov, Andrew Morton, Petr Mladek, Sergey Senozhatsky,
Steven Rostedt, John Ogness, Sasha Levin
From: Randy Dunlap <rdunlap@infradead.org>
[ Upstream commit b665eae7a788c5e2bc10f9ac3c0137aa0ad1fc97 ]
If an invalid option value is used with "printk.devkmsg=<value>",
it is silently ignored.
If a valid option value is used, it is honored but the wrong return
value (0) is used, indicating that the command line option had an
error and was not handled. This string is not added to init's
environment strings due to init/main.c::unknown_bootoption()
checking for a '.' in the boot option string and then considering
that string to be an "Unused module parameter".
Print a warning message if a bad option string is used.
Always return 1 from the __setup handler to indicate that the command
line option has been handled.
Fixes: 750afe7babd1 ("printk: add kernel parameter to control writes to /dev/kmsg")
Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
Reported-by: Igor Zhbanov <i.zhbanov@omprussia.ru>
Link: lore.kernel.org/r/64644a2f-4a20-bab3-1e15-3b2cdd0defe3@omprussia.ru
Cc: Borislav Petkov <bp@suse.de>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Petr Mladek <pmladek@suse.com>
Cc: Sergey Senozhatsky <senozhatsky@chromium.org>
Cc: Steven Rostedt <rostedt@goodmis.org>
Cc: John Ogness <john.ogness@linutronix.de>
Reviewed-by: John Ogness <john.ogness@linutronix.de>
Reviewed-by: Sergey Senozhatsky <senozhatsky@chromium.org>
Reviewed-by: Petr Mladek <pmladek@suse.com>
Signed-off-by: Petr Mladek <pmladek@suse.com>
Link: https://lore.kernel.org/r/20220228220556.23484-1-rdunlap@infradead.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/printk/printk.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/kernel/printk/printk.c b/kernel/printk/printk.c
index 57742e193214..2ba16c426ba5 100644
--- a/kernel/printk/printk.c
+++ b/kernel/printk/printk.c
@@ -127,8 +127,10 @@ static int __control_devkmsg(char *str)
static int __init control_devkmsg(char *str)
{
- if (__control_devkmsg(str) < 0)
+ if (__control_devkmsg(str) < 0) {
+ pr_warn("printk.devkmsg: bad option string '%s'\n", str);
return 1;
+ }
/*
* Set sysctl string accordingly:
@@ -147,7 +149,7 @@ static int __init control_devkmsg(char *str)
*/
devkmsg_log |= DEVKMSG_LOG_MASK_LOCK;
- return 0;
+ return 1;
}
__setup("printk.devkmsg=", control_devkmsg);
--
2.34.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 100/338] ASoC: mxs-saif: Handle errors for clk_enable
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (98 preceding siblings ...)
2022-04-14 13:10 ` [PATCH 4.19 099/338] printk: fix return value of printk.devkmsg __setup handler Greg Kroah-Hartman
@ 2022-04-14 13:10 ` Greg Kroah-Hartman
2022-04-14 13:10 ` [PATCH 4.19 101/338] ASoC: atmel_ssc_dai: " Greg Kroah-Hartman
` (243 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:10 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jiasheng Jiang, Mark Brown, Sasha Levin
From: Jiasheng Jiang <jiasheng@iscas.ac.cn>
[ Upstream commit 2ecf362d220317debf5da376e0390e9f7a3f7b29 ]
As the potential failure of the clk_enable(),
it should be better to check it, like mxs_saif_trigger().
Fixes: d0ba4c014934 ("ASoC: mxs-saif: set a base clock rate for EXTMASTER mode work")
Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>
Link: https://lore.kernel.org/r/20220301081717.3727190-1-jiasheng@iscas.ac.cn
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/mxs/mxs-saif.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/sound/soc/mxs/mxs-saif.c b/sound/soc/mxs/mxs-saif.c
index 156aa7c00787..93c019670199 100644
--- a/sound/soc/mxs/mxs-saif.c
+++ b/sound/soc/mxs/mxs-saif.c
@@ -467,7 +467,10 @@ static int mxs_saif_hw_params(struct snd_pcm_substream *substream,
* basic clock which should be fast enough for the internal
* logic.
*/
- clk_enable(saif->clk);
+ ret = clk_enable(saif->clk);
+ if (ret)
+ return ret;
+
ret = clk_set_rate(saif->clk, 24000000);
clk_disable(saif->clk);
if (ret)
--
2.34.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 101/338] ASoC: atmel_ssc_dai: Handle errors for clk_enable
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (99 preceding siblings ...)
2022-04-14 13:10 ` [PATCH 4.19 100/338] ASoC: mxs-saif: Handle errors for clk_enable Greg Kroah-Hartman
@ 2022-04-14 13:10 ` Greg Kroah-Hartman
2022-04-14 13:10 ` [PATCH 4.19 102/338] memory: emif: Add check for setup_interrupts Greg Kroah-Hartman
` (242 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:10 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jiasheng Jiang, Mark Brown, Sasha Levin
From: Jiasheng Jiang <jiasheng@iscas.ac.cn>
[ Upstream commit f9e2ca0640e59d19af0ff285ee5591ed39069b09 ]
As the potential failure of the clk_enable(),
it should be better to check it and return error if fals.
Fixes: cbaadf0f90d6 ("ASoC: atmel_ssc_dai: refactor the startup and shutdown")
Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>
Link: https://lore.kernel.org/r/20220301090637.3776558-1-jiasheng@iscas.ac.cn
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/atmel/atmel_ssc_dai.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/sound/soc/atmel/atmel_ssc_dai.c b/sound/soc/atmel/atmel_ssc_dai.c
index d3b69682d9c2..7272f00222fd 100644
--- a/sound/soc/atmel/atmel_ssc_dai.c
+++ b/sound/soc/atmel/atmel_ssc_dai.c
@@ -296,7 +296,10 @@ static int atmel_ssc_startup(struct snd_pcm_substream *substream,
/* Enable PMC peripheral clock for this SSC */
pr_debug("atmel_ssc_dai: Starting clock\n");
- clk_enable(ssc_p->ssc->clk);
+ ret = clk_enable(ssc_p->ssc->clk);
+ if (ret)
+ return ret;
+
ssc_p->mck_rate = clk_get_rate(ssc_p->ssc->clk);
/* Reset the SSC unless initialized to keep it in a clean state */
--
2.34.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 102/338] memory: emif: Add check for setup_interrupts
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (100 preceding siblings ...)
2022-04-14 13:10 ` [PATCH 4.19 101/338] ASoC: atmel_ssc_dai: " Greg Kroah-Hartman
@ 2022-04-14 13:10 ` Greg Kroah-Hartman
2022-04-14 13:10 ` [PATCH 4.19 103/338] memory: emif: check the pointer temp in get_device_details() Greg Kroah-Hartman
` (241 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:10 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jiasheng Jiang, Krzysztof Kozlowski,
Sasha Levin
From: Jiasheng Jiang <jiasheng@iscas.ac.cn>
[ Upstream commit fd7bd80b46373887b390852f490f21b07e209498 ]
As the potential failure of the devm_request_threaded_irq(),
it should be better to check the return value of the
setup_interrupts() and return error if fails.
Fixes: 68b4aee35d1f ("memory: emif: add interrupt and temperature handling")
Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>
Link: https://lore.kernel.org/r/20220224025444.3256530-1-jiasheng@iscas.ac.cn
Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski@canonical.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/memory/emif.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/drivers/memory/emif.c b/drivers/memory/emif.c
index 1c6b2cc6269a..8fd97b1b1efb 100644
--- a/drivers/memory/emif.c
+++ b/drivers/memory/emif.c
@@ -1517,7 +1517,7 @@ static int __init_or_module emif_probe(struct platform_device *pdev)
{
struct emif_data *emif;
struct resource *res;
- int irq;
+ int irq, ret;
if (pdev->dev.of_node)
emif = of_get_memory_device_details(pdev->dev.of_node, &pdev->dev);
@@ -1551,7 +1551,9 @@ static int __init_or_module emif_probe(struct platform_device *pdev)
emif_onetime_settings(emif);
emif_debugfs_init(emif);
disable_and_clear_all_interrupts(emif);
- setup_interrupts(emif, irq);
+ ret = setup_interrupts(emif, irq);
+ if (ret)
+ goto error;
/* One-time actions taken on probing the first device */
if (!emif1) {
--
2.34.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 103/338] memory: emif: check the pointer temp in get_device_details()
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (101 preceding siblings ...)
2022-04-14 13:10 ` [PATCH 4.19 102/338] memory: emif: Add check for setup_interrupts Greg Kroah-Hartman
@ 2022-04-14 13:10 ` Greg Kroah-Hartman
2022-04-14 13:10 ` [PATCH 4.19 104/338] ALSA: firewire-lib: fix uninitialized flag for AV/C deferred transaction Greg Kroah-Hartman
` (240 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:10 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jia-Ju Bai, Krzysztof Kozlowski, Sasha Levin
From: Jia-Ju Bai <baijiaju1990@gmail.com>
[ Upstream commit 5b5ab1bfa1898c6d52936a57c25c5ceba2cb2f87 ]
The pointer temp is allocated by devm_kzalloc(), so it should be
checked for error handling.
Fixes: 7ec944538dde ("memory: emif: add basic infrastructure for EMIF driver")
Signed-off-by: Jia-Ju Bai <baijiaju1990@gmail.com>
Link: https://lore.kernel.org/r/20220225132552.27894-1-baijiaju1990@gmail.com
Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski@canonical.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/memory/emif.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/memory/emif.c b/drivers/memory/emif.c
index 8fd97b1b1efb..45f78b38b0da 100644
--- a/drivers/memory/emif.c
+++ b/drivers/memory/emif.c
@@ -1425,7 +1425,7 @@ static struct emif_data *__init_or_module get_device_details(
temp = devm_kzalloc(dev, sizeof(*pd), GFP_KERNEL);
dev_info = devm_kzalloc(dev, sizeof(*dev_info), GFP_KERNEL);
- if (!emif || !pd || !dev_info) {
+ if (!emif || !temp || !dev_info) {
dev_err(dev, "%s:%d: allocation error\n", __func__, __LINE__);
goto error;
}
--
2.34.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 104/338] ALSA: firewire-lib: fix uninitialized flag for AV/C deferred transaction
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (102 preceding siblings ...)
2022-04-14 13:10 ` [PATCH 4.19 103/338] memory: emif: check the pointer temp in get_device_details() Greg Kroah-Hartman
@ 2022-04-14 13:10 ` Greg Kroah-Hartman
2022-04-14 13:10 ` [PATCH 4.19 105/338] media: stk1160: If start stream fails, return buffers with VB2_BUF_STATE_QUEUED Greg Kroah-Hartman
` (239 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:10 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Takashi Sakamoto, Takashi Iwai, Sasha Levin
From: Takashi Sakamoto <o-takashi@sakamocchi.jp>
[ Upstream commit bf0cd60b7e33cf221fbe1114e4acb2c828b0af0d ]
AV/C deferred transaction was supported at a commit 00a7bb81c20f ("ALSA:
firewire-lib: Add support for deferred transaction") while 'deferrable'
flag can be uninitialized for non-control/notify AV/C transactions.
UBSAN reports it:
kernel: ================================================================================
kernel: UBSAN: invalid-load in /build/linux-aa0B4d/linux-5.15.0/sound/firewire/fcp.c:363:9
kernel: load of value 158 is not a valid value for type '_Bool'
kernel: CPU: 3 PID: 182227 Comm: irq/35-firewire Tainted: P OE 5.15.0-18-generic #18-Ubuntu
kernel: Hardware name: Gigabyte Technology Co., Ltd. AX370-Gaming 5/AX370-Gaming 5, BIOS F42b 08/01/2019
kernel: Call Trace:
kernel: <IRQ>
kernel: show_stack+0x52/0x58
kernel: dump_stack_lvl+0x4a/0x5f
kernel: dump_stack+0x10/0x12
kernel: ubsan_epilogue+0x9/0x45
kernel: __ubsan_handle_load_invalid_value.cold+0x44/0x49
kernel: fcp_response.part.0.cold+0x1a/0x2b [snd_firewire_lib]
kernel: fcp_response+0x28/0x30 [snd_firewire_lib]
kernel: fw_core_handle_request+0x230/0x3d0 [firewire_core]
kernel: handle_ar_packet+0x1d9/0x200 [firewire_ohci]
kernel: ? handle_ar_packet+0x1d9/0x200 [firewire_ohci]
kernel: ? transmit_complete_callback+0x9f/0x120 [firewire_core]
kernel: ar_context_tasklet+0xa8/0x2e0 [firewire_ohci]
kernel: tasklet_action_common.constprop.0+0xea/0xf0
kernel: tasklet_action+0x22/0x30
kernel: __do_softirq+0xd9/0x2e3
kernel: ? irq_finalize_oneshot.part.0+0xf0/0xf0
kernel: do_softirq+0x75/0xa0
kernel: </IRQ>
kernel: <TASK>
kernel: __local_bh_enable_ip+0x50/0x60
kernel: irq_forced_thread_fn+0x7e/0x90
kernel: irq_thread+0xba/0x190
kernel: ? irq_thread_fn+0x60/0x60
kernel: kthread+0x11e/0x140
kernel: ? irq_thread_check_affinity+0xf0/0xf0
kernel: ? set_kthread_struct+0x50/0x50
kernel: ret_from_fork+0x22/0x30
kernel: </TASK>
kernel: ================================================================================
This commit fixes the bug. The bug has no disadvantage for the non-
control/notify AV/C transactions since the flag has an effect for AV/C
response with INTERIM (0x0f) status which is not used for the transactions
in AV/C general specification.
Fixes: 00a7bb81c20f ("ALSA: firewire-lib: Add support for deferred transaction")
Signed-off-by: Takashi Sakamoto <o-takashi@sakamocchi.jp>
Link: https://lore.kernel.org/r/20220304125647.78430-1-o-takashi@sakamocchi.jp
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/firewire/fcp.c | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/sound/firewire/fcp.c b/sound/firewire/fcp.c
index 61dda828f767..c8fbb54269cb 100644
--- a/sound/firewire/fcp.c
+++ b/sound/firewire/fcp.c
@@ -240,9 +240,7 @@ int fcp_avc_transaction(struct fw_unit *unit,
t.response_match_bytes = response_match_bytes;
t.state = STATE_PENDING;
init_waitqueue_head(&t.wait);
-
- if (*(const u8 *)command == 0x00 || *(const u8 *)command == 0x03)
- t.deferrable = true;
+ t.deferrable = (*(const u8 *)command == 0x00 || *(const u8 *)command == 0x03);
spin_lock_irq(&transactions_lock);
list_add_tail(&t.list, &transactions);
--
2.34.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 105/338] media: stk1160: If start stream fails, return buffers with VB2_BUF_STATE_QUEUED
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (103 preceding siblings ...)
2022-04-14 13:10 ` [PATCH 4.19 104/338] ALSA: firewire-lib: fix uninitialized flag for AV/C deferred transaction Greg Kroah-Hartman
@ 2022-04-14 13:10 ` Greg Kroah-Hartman
2022-04-14 13:10 ` [PATCH 4.19 106/338] ASoC: atmel: Add missing of_node_put() in at91sam9g20ek_audio_probe Greg Kroah-Hartman
` (238 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:10 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dafna Hirschfeld, Ezequiel Garcia,
Hans Verkuil, Mauro Carvalho Chehab, Sasha Levin
From: Dafna Hirschfeld <dafna.hirschfeld@collabora.com>
[ Upstream commit fbe04b49a54e31f4321d632270207f0e6304cd16 ]
If the callback 'start_streaming' fails, then all
queued buffers in the driver should be returned with
state 'VB2_BUF_STATE_QUEUED'. Currently, they are
returned with 'VB2_BUF_STATE_ERROR' which is wrong.
Fix this. This also fixes the warning:
[ 65.583633] WARNING: CPU: 5 PID: 593 at drivers/media/common/videobuf2/videobuf2-core.c:1612 vb2_start_streaming+0xd4/0x160 [videobuf2_common]
[ 65.585027] Modules linked in: snd_usb_audio snd_hwdep snd_usbmidi_lib snd_rawmidi snd_soc_hdmi_codec dw_hdmi_i2s_audio saa7115 stk1160 videobuf2_vmalloc videobuf2_memops videobuf2_v4l2 videobuf2_common videodev mc crct10dif_ce panfrost snd_soc_simple_card snd_soc_audio_graph_card snd_soc_spdif_tx snd_soc_simple_card_utils gpu_sched phy_rockchip_pcie snd_soc_rockchip_i2s rockchipdrm analogix_dp dw_mipi_dsi dw_hdmi cec drm_kms_helper drm rtc_rk808 rockchip_saradc industrialio_triggered_buffer kfifo_buf rockchip_thermal pcie_rockchip_host ip_tables x_tables ipv6
[ 65.589383] CPU: 5 PID: 593 Comm: v4l2src0:src Tainted: G W 5.16.0-rc4-62408-g32447129cb30-dirty #14
[ 65.590293] Hardware name: Radxa ROCK Pi 4B (DT)
[ 65.590696] pstate: 80000005 (Nzcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)
[ 65.591304] pc : vb2_start_streaming+0xd4/0x160 [videobuf2_common]
[ 65.591850] lr : vb2_start_streaming+0x6c/0x160 [videobuf2_common]
[ 65.592395] sp : ffff800012bc3ad0
[ 65.592685] x29: ffff800012bc3ad0 x28: 0000000000000000 x27: ffff800012bc3cd8
[ 65.593312] x26: 0000000000000000 x25: ffff00000d8a7800 x24: 0000000040045612
[ 65.593938] x23: ffff800011323000 x22: ffff800012bc3cd8 x21: ffff00000908a8b0
[ 65.594562] x20: ffff00000908a8c8 x19: 00000000fffffff4 x18: ffffffffffffffff
[ 65.595188] x17: 000000040044ffff x16: 00400034b5503510 x15: ffff800011323f78
[ 65.595813] x14: ffff000013163886 x13: ffff000013163885 x12: 00000000000002ce
[ 65.596439] x11: 0000000000000028 x10: 0000000000000001 x9 : 0000000000000228
[ 65.597064] x8 : 0101010101010101 x7 : 7f7f7f7f7f7f7f7f x6 : fefefeff726c5e78
[ 65.597690] x5 : ffff800012bc3990 x4 : 0000000000000000 x3 : ffff000009a34880
[ 65.598315] x2 : 0000000000000000 x1 : 0000000000000000 x0 : ffff000007cd99f0
[ 65.598940] Call trace:
[ 65.599155] vb2_start_streaming+0xd4/0x160 [videobuf2_common]
[ 65.599672] vb2_core_streamon+0x17c/0x1a8 [videobuf2_common]
[ 65.600179] vb2_streamon+0x54/0x88 [videobuf2_v4l2]
[ 65.600619] vb2_ioctl_streamon+0x54/0x60 [videobuf2_v4l2]
[ 65.601103] v4l_streamon+0x3c/0x50 [videodev]
[ 65.601521] __video_do_ioctl+0x1a4/0x428 [videodev]
[ 65.601977] video_usercopy+0x320/0x828 [videodev]
[ 65.602419] video_ioctl2+0x3c/0x58 [videodev]
[ 65.602830] v4l2_ioctl+0x60/0x90 [videodev]
[ 65.603227] __arm64_sys_ioctl+0xa8/0xe0
[ 65.603576] invoke_syscall+0x54/0x118
[ 65.603911] el0_svc_common.constprop.3+0x84/0x100
[ 65.604332] do_el0_svc+0x34/0xa0
[ 65.604625] el0_svc+0x1c/0x50
[ 65.604897] el0t_64_sync_handler+0x88/0xb0
[ 65.605264] el0t_64_sync+0x16c/0x170
[ 65.605587] ---[ end trace 578e0ba07742170d ]---
Fixes: 8ac456495a33d ("[media] stk1160: Stop device and unqueue buffers when start_streaming() fails")
Signed-off-by: Dafna Hirschfeld <dafna.hirschfeld@collabora.com>
Reviewed-by: Ezequiel Garcia <ezequiel@vanguardiasur.com.ar>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/usb/stk1160/stk1160-core.c | 2 +-
drivers/media/usb/stk1160/stk1160-v4l.c | 10 +++++-----
drivers/media/usb/stk1160/stk1160.h | 2 +-
3 files changed, 7 insertions(+), 7 deletions(-)
diff --git a/drivers/media/usb/stk1160/stk1160-core.c b/drivers/media/usb/stk1160/stk1160-core.c
index bb0db4cdc6c7..271994bfe9c5 100644
--- a/drivers/media/usb/stk1160/stk1160-core.c
+++ b/drivers/media/usb/stk1160/stk1160-core.c
@@ -413,7 +413,7 @@ static void stk1160_disconnect(struct usb_interface *interface)
/* Here is the only place where isoc get released */
stk1160_uninit_isoc(dev);
- stk1160_clear_queue(dev);
+ stk1160_clear_queue(dev, VB2_BUF_STATE_ERROR);
video_unregister_device(&dev->vdev);
v4l2_device_disconnect(&dev->v4l2_dev);
diff --git a/drivers/media/usb/stk1160/stk1160-v4l.c b/drivers/media/usb/stk1160/stk1160-v4l.c
index 504e413edcd2..381f9f189bb7 100644
--- a/drivers/media/usb/stk1160/stk1160-v4l.c
+++ b/drivers/media/usb/stk1160/stk1160-v4l.c
@@ -269,7 +269,7 @@ static int stk1160_start_streaming(struct stk1160 *dev)
stk1160_uninit_isoc(dev);
out_stop_hw:
usb_set_interface(dev->udev, 0, 0);
- stk1160_clear_queue(dev);
+ stk1160_clear_queue(dev, VB2_BUF_STATE_QUEUED);
mutex_unlock(&dev->v4l_lock);
@@ -317,7 +317,7 @@ static int stk1160_stop_streaming(struct stk1160 *dev)
stk1160_stop_hw(dev);
- stk1160_clear_queue(dev);
+ stk1160_clear_queue(dev, VB2_BUF_STATE_ERROR);
stk1160_dbg("streaming stopped\n");
@@ -762,7 +762,7 @@ static const struct video_device v4l_template = {
/********************************************************************/
/* Must be called with both v4l_lock and vb_queue_lock hold */
-void stk1160_clear_queue(struct stk1160 *dev)
+void stk1160_clear_queue(struct stk1160 *dev, enum vb2_buffer_state vb2_state)
{
struct stk1160_buffer *buf;
unsigned long flags;
@@ -773,7 +773,7 @@ void stk1160_clear_queue(struct stk1160 *dev)
buf = list_first_entry(&dev->avail_bufs,
struct stk1160_buffer, list);
list_del(&buf->list);
- vb2_buffer_done(&buf->vb.vb2_buf, VB2_BUF_STATE_ERROR);
+ vb2_buffer_done(&buf->vb.vb2_buf, vb2_state);
stk1160_dbg("buffer [%p/%d] aborted\n",
buf, buf->vb.vb2_buf.index);
}
@@ -783,7 +783,7 @@ void stk1160_clear_queue(struct stk1160 *dev)
buf = dev->isoc_ctl.buf;
dev->isoc_ctl.buf = NULL;
- vb2_buffer_done(&buf->vb.vb2_buf, VB2_BUF_STATE_ERROR);
+ vb2_buffer_done(&buf->vb.vb2_buf, vb2_state);
stk1160_dbg("buffer [%p/%d] aborted\n",
buf, buf->vb.vb2_buf.index);
}
diff --git a/drivers/media/usb/stk1160/stk1160.h b/drivers/media/usb/stk1160/stk1160.h
index acd1c811db08..54a046aacd33 100644
--- a/drivers/media/usb/stk1160/stk1160.h
+++ b/drivers/media/usb/stk1160/stk1160.h
@@ -177,7 +177,7 @@ struct regval {
int stk1160_vb2_setup(struct stk1160 *dev);
int stk1160_video_register(struct stk1160 *dev);
void stk1160_video_unregister(struct stk1160 *dev);
-void stk1160_clear_queue(struct stk1160 *dev);
+void stk1160_clear_queue(struct stk1160 *dev, enum vb2_buffer_state vb2_state);
/* Provided by stk1160-video.c */
int stk1160_alloc_isoc(struct stk1160 *dev);
--
2.34.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 106/338] ASoC: atmel: Add missing of_node_put() in at91sam9g20ek_audio_probe
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (104 preceding siblings ...)
2022-04-14 13:10 ` [PATCH 4.19 105/338] media: stk1160: If start stream fails, return buffers with VB2_BUF_STATE_QUEUED Greg Kroah-Hartman
@ 2022-04-14 13:10 ` Greg Kroah-Hartman
2022-04-14 13:10 ` [PATCH 4.19 107/338] ASoC: wm8350: Handle error for wm8350_register_irq Greg Kroah-Hartman
` (237 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:10 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Miaoqian Lin, Codrin Ciubotariu,
Mark Brown, Sasha Levin
From: Miaoqian Lin <linmq006@gmail.com>
[ Upstream commit f590797fa3c1bccdd19e55441592a23b46aef449 ]
This node pointer is returned by of_parse_phandle() with refcount
incremented in this function.
Calling of_node_put() to avoid the refcount leak.
Fixes: 531f67e41dcd ("ASoC: at91sam9g20ek-wm8731: convert to dt support")
Signed-off-by: Miaoqian Lin <linmq006@gmail.com>
Reviewed-by: Codrin Ciubotariu <codrin.ciubotariu@microchip.com>
Link: https://lore.kernel.org/r/20220307124539.1743-1-linmq006@gmail.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/atmel/sam9g20_wm8731.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/sound/soc/atmel/sam9g20_wm8731.c b/sound/soc/atmel/sam9g20_wm8731.c
index 98f93e79c654..5041f43ee5f7 100644
--- a/sound/soc/atmel/sam9g20_wm8731.c
+++ b/sound/soc/atmel/sam9g20_wm8731.c
@@ -225,6 +225,7 @@ static int at91sam9g20ek_audio_probe(struct platform_device *pdev)
cpu_np = of_parse_phandle(np, "atmel,ssc-controller", 0);
if (!cpu_np) {
dev_err(&pdev->dev, "dai and pcm info missing\n");
+ of_node_put(codec_np);
return -EINVAL;
}
at91sam9g20ek_dai.cpu_of_node = cpu_np;
--
2.34.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 107/338] ASoC: wm8350: Handle error for wm8350_register_irq
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (105 preceding siblings ...)
2022-04-14 13:10 ` [PATCH 4.19 106/338] ASoC: atmel: Add missing of_node_put() in at91sam9g20ek_audio_probe Greg Kroah-Hartman
@ 2022-04-14 13:10 ` Greg Kroah-Hartman
2022-04-14 13:10 ` [PATCH 4.19 108/338] ASoC: fsi: Add check for clk_enable Greg Kroah-Hartman
` (236 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:10 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jiasheng Jiang, Charles Keepax,
Mark Brown, Sasha Levin
From: Jiasheng Jiang <jiasheng@iscas.ac.cn>
[ Upstream commit db0350da8084ad549bca16cc0486c11cc70a1f9b ]
As the potential failure of the wm8350_register_irq(),
it should be better to check it and return error if fails.
Also, use 'free_' in order to avoid the same code.
Fixes: a6ba2b2dabb5 ("ASoC: Implement WM8350 headphone jack detection")
Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>
Acked-by: Charles Keepax <ckeepax@opensource.cirrus.com>
Link: https://lore.kernel.org/r/20220304023821.391936-1-jiasheng@iscas.ac.cn
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/codecs/wm8350.c | 28 ++++++++++++++++++++++++----
1 file changed, 24 insertions(+), 4 deletions(-)
diff --git a/sound/soc/codecs/wm8350.c b/sound/soc/codecs/wm8350.c
index e92ebe52d485..707b31ef9346 100644
--- a/sound/soc/codecs/wm8350.c
+++ b/sound/soc/codecs/wm8350.c
@@ -1538,18 +1538,38 @@ static int wm8350_component_probe(struct snd_soc_component *component)
wm8350_clear_bits(wm8350, WM8350_JACK_DETECT,
WM8350_JDL_ENA | WM8350_JDR_ENA);
- wm8350_register_irq(wm8350, WM8350_IRQ_CODEC_JCK_DET_L,
+ ret = wm8350_register_irq(wm8350, WM8350_IRQ_CODEC_JCK_DET_L,
wm8350_hpl_jack_handler, 0, "Left jack detect",
priv);
- wm8350_register_irq(wm8350, WM8350_IRQ_CODEC_JCK_DET_R,
+ if (ret != 0)
+ goto err;
+
+ ret = wm8350_register_irq(wm8350, WM8350_IRQ_CODEC_JCK_DET_R,
wm8350_hpr_jack_handler, 0, "Right jack detect",
priv);
- wm8350_register_irq(wm8350, WM8350_IRQ_CODEC_MICSCD,
+ if (ret != 0)
+ goto free_jck_det_l;
+
+ ret = wm8350_register_irq(wm8350, WM8350_IRQ_CODEC_MICSCD,
wm8350_mic_handler, 0, "Microphone short", priv);
- wm8350_register_irq(wm8350, WM8350_IRQ_CODEC_MICD,
+ if (ret != 0)
+ goto free_jck_det_r;
+
+ ret = wm8350_register_irq(wm8350, WM8350_IRQ_CODEC_MICD,
wm8350_mic_handler, 0, "Microphone detect", priv);
+ if (ret != 0)
+ goto free_micscd;
return 0;
+
+free_micscd:
+ wm8350_free_irq(wm8350, WM8350_IRQ_CODEC_MICSCD, priv);
+free_jck_det_r:
+ wm8350_free_irq(wm8350, WM8350_IRQ_CODEC_JCK_DET_R, priv);
+free_jck_det_l:
+ wm8350_free_irq(wm8350, WM8350_IRQ_CODEC_JCK_DET_L, priv);
+err:
+ return ret;
}
static void wm8350_component_remove(struct snd_soc_component *component)
--
2.34.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 108/338] ASoC: fsi: Add check for clk_enable
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (106 preceding siblings ...)
2022-04-14 13:10 ` [PATCH 4.19 107/338] ASoC: wm8350: Handle error for wm8350_register_irq Greg Kroah-Hartman
@ 2022-04-14 13:10 ` Greg Kroah-Hartman
2022-04-14 13:10 ` [PATCH 4.19 109/338] video: fbdev: omapfb: Add missing of_node_put() in dvic_probe_of Greg Kroah-Hartman
` (235 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:10 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jiasheng Jiang, Mark Brown, Sasha Levin
From: Jiasheng Jiang <jiasheng@iscas.ac.cn>
[ Upstream commit 405afed8a728f23cfaa02f75bbc8bdd6b7322123 ]
As the potential failure of the clk_enable(),
it should be better to check it and return error
if fails.
Fixes: ab6f6d85210c ("ASoC: fsi: add master clock control functions")
Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>
Link: https://lore.kernel.org/r/20220302062844.46869-1-jiasheng@iscas.ac.cn
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/sh/fsi.c | 19 ++++++++++++++++---
1 file changed, 16 insertions(+), 3 deletions(-)
diff --git a/sound/soc/sh/fsi.c b/sound/soc/sh/fsi.c
index aa7e902f0c02..f486e2b2c540 100644
--- a/sound/soc/sh/fsi.c
+++ b/sound/soc/sh/fsi.c
@@ -816,14 +816,27 @@ static int fsi_clk_enable(struct device *dev,
return ret;
}
- clk_enable(clock->xck);
- clk_enable(clock->ick);
- clk_enable(clock->div);
+ ret = clk_enable(clock->xck);
+ if (ret)
+ goto err;
+ ret = clk_enable(clock->ick);
+ if (ret)
+ goto disable_xck;
+ ret = clk_enable(clock->div);
+ if (ret)
+ goto disable_ick;
clock->count++;
}
return ret;
+
+disable_ick:
+ clk_disable(clock->ick);
+disable_xck:
+ clk_disable(clock->xck);
+err:
+ return ret;
}
static int fsi_clk_disable(struct device *dev,
--
2.34.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 109/338] video: fbdev: omapfb: Add missing of_node_put() in dvic_probe_of
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (107 preceding siblings ...)
2022-04-14 13:10 ` [PATCH 4.19 108/338] ASoC: fsi: Add check for clk_enable Greg Kroah-Hartman
@ 2022-04-14 13:10 ` Greg Kroah-Hartman
2022-04-14 13:10 ` [PATCH 4.19 110/338] ASoC: dmaengine: do not use a NULL prepare_slave_config() callback Greg Kroah-Hartman
` (234 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:10 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Miaoqian Lin, Helge Deller, Sasha Levin
From: Miaoqian Lin <linmq006@gmail.com>
[ Upstream commit a58c22cfbbf62fefca090334bbd35fd132e92a23 ]
The device_node pointer is returned by of_parse_phandle() with refcount
incremented. We should use of_node_put() on it when done.
Fixes: f76ee892a99e ("omapfb: copy omapdss & displays for omapfb")
Signed-off-by: Miaoqian Lin <linmq006@gmail.com>
Signed-off-by: Helge Deller <deller@gmx.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/video/fbdev/omap2/omapfb/displays/connector-dvi.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/video/fbdev/omap2/omapfb/displays/connector-dvi.c b/drivers/video/fbdev/omap2/omapfb/displays/connector-dvi.c
index 06e1db34541e..41b0db0cc047 100644
--- a/drivers/video/fbdev/omap2/omapfb/displays/connector-dvi.c
+++ b/drivers/video/fbdev/omap2/omapfb/displays/connector-dvi.c
@@ -254,6 +254,7 @@ static int dvic_probe_of(struct platform_device *pdev)
adapter_node = of_parse_phandle(node, "ddc-i2c-bus", 0);
if (adapter_node) {
adapter = of_get_i2c_adapter_by_node(adapter_node);
+ of_node_put(adapter_node);
if (adapter == NULL) {
dev_err(&pdev->dev, "failed to parse ddc-i2c-bus\n");
omap_dss_put_device(ddata->in);
--
2.34.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 110/338] ASoC: dmaengine: do not use a NULL prepare_slave_config() callback
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (108 preceding siblings ...)
2022-04-14 13:10 ` [PATCH 4.19 109/338] video: fbdev: omapfb: Add missing of_node_put() in dvic_probe_of Greg Kroah-Hartman
@ 2022-04-14 13:10 ` Greg Kroah-Hartman
2022-04-14 13:10 ` [PATCH 4.19 111/338] ASoC: mxs: Fix error handling in mxs_sgtl5000_probe Greg Kroah-Hartman
` (233 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:10 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Codrin Ciubotariu, Mark Brown, Sasha Levin
From: Codrin Ciubotariu <codrin.ciubotariu@microchip.com>
[ Upstream commit 9a1e13440a4f2e7566fd4c5eae6a53e6400e08a4 ]
Even if struct snd_dmaengine_pcm_config is used, prepare_slave_config()
callback might not be set. Check if this callback is set before using it.
Fixes: fa654e085300 ("ASoC: dmaengine-pcm: Provide default config")
Signed-off-by: Codrin Ciubotariu <codrin.ciubotariu@microchip.com>
Link: https://lore.kernel.org/r/20220307122202.2251639-2-codrin.ciubotariu@microchip.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/soc-generic-dmaengine-pcm.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/sound/soc/soc-generic-dmaengine-pcm.c b/sound/soc/soc-generic-dmaengine-pcm.c
index 232df04ca586..45cce7376191 100644
--- a/sound/soc/soc-generic-dmaengine-pcm.c
+++ b/sound/soc/soc-generic-dmaengine-pcm.c
@@ -91,10 +91,10 @@ static int dmaengine_pcm_hw_params(struct snd_pcm_substream *substream,
memset(&slave_config, 0, sizeof(slave_config));
- if (!pcm->config)
- prepare_slave_config = snd_dmaengine_pcm_prepare_slave_config;
- else
+ if (pcm->config && pcm->config->prepare_slave_config)
prepare_slave_config = pcm->config->prepare_slave_config;
+ else
+ prepare_slave_config = snd_dmaengine_pcm_prepare_slave_config;
if (prepare_slave_config) {
ret = prepare_slave_config(substream, params, &slave_config);
--
2.34.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 111/338] ASoC: mxs: Fix error handling in mxs_sgtl5000_probe
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (109 preceding siblings ...)
2022-04-14 13:10 ` [PATCH 4.19 110/338] ASoC: dmaengine: do not use a NULL prepare_slave_config() callback Greg Kroah-Hartman
@ 2022-04-14 13:10 ` Greg Kroah-Hartman
2022-04-14 13:10 ` [PATCH 4.19 112/338] ASoC: imx-es8328: Fix error return code in imx_es8328_probe() Greg Kroah-Hartman
` (232 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:10 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Miaoqian Lin, Mark Brown, Sasha Levin
From: Miaoqian Lin <linmq006@gmail.com>
[ Upstream commit 6ae0a4d8fec551ec581d620f0eb1fe31f755551c ]
This function only calls of_node_put() in the regular path.
And it will cause refcount leak in error paths.
For example, when codec_np is NULL, saif_np[0] and saif_np[1]
are not NULL, it will cause leaks.
of_node_put() will check if the node pointer is NULL, so we can
call it directly to release the refcount of regular pointers.
Fixes: e968194b45c4 ("ASoC: mxs: add device tree support for mxs-sgtl5000")
Signed-off-by: Miaoqian Lin <linmq006@gmail.com>
Link: https://lore.kernel.org/r/20220308020146.26496-1-linmq006@gmail.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/mxs/mxs-sgtl5000.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/sound/soc/mxs/mxs-sgtl5000.c b/sound/soc/mxs/mxs-sgtl5000.c
index 2b3f2408301a..c40e0ab49657 100644
--- a/sound/soc/mxs/mxs-sgtl5000.c
+++ b/sound/soc/mxs/mxs-sgtl5000.c
@@ -120,6 +120,9 @@ static int mxs_sgtl5000_probe(struct platform_device *pdev)
codec_np = of_parse_phandle(np, "audio-codec", 0);
if (!saif_np[0] || !saif_np[1] || !codec_np) {
dev_err(&pdev->dev, "phandle missing or invalid\n");
+ of_node_put(codec_np);
+ of_node_put(saif_np[0]);
+ of_node_put(saif_np[1]);
return -EINVAL;
}
--
2.34.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 112/338] ASoC: imx-es8328: Fix error return code in imx_es8328_probe()
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (110 preceding siblings ...)
2022-04-14 13:10 ` [PATCH 4.19 111/338] ASoC: mxs: Fix error handling in mxs_sgtl5000_probe Greg Kroah-Hartman
@ 2022-04-14 13:10 ` Greg Kroah-Hartman
2022-04-14 13:10 ` [PATCH 4.19 113/338] ASoC: msm8916-wcd-digital: Fix missing clk_disable_unprepare() in msm8916_wcd_digital_probe Greg Kroah-Hartman
` (231 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:10 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Wang Wensheng, Mark Brown, Sasha Levin
From: Wang Wensheng <wangwensheng4@huawei.com>
[ Upstream commit 3b891513f95cba3944e72c1139ea706d04f3781b ]
Fix to return a negative error code from the error handling case instead
of 0, as done elsewhere in this function.
Fixes: 7e7292dba215 ("ASoC: fsl: add imx-es8328 machine driver")
Signed-off-by: Wang Wensheng <wangwensheng4@huawei.com>
Link: https://lore.kernel.org/r/20220310091902.129299-1-wangwensheng4@huawei.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/fsl/imx-es8328.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/sound/soc/fsl/imx-es8328.c b/sound/soc/fsl/imx-es8328.c
index 9953438086e4..735693274f49 100644
--- a/sound/soc/fsl/imx-es8328.c
+++ b/sound/soc/fsl/imx-es8328.c
@@ -93,6 +93,7 @@ static int imx_es8328_probe(struct platform_device *pdev)
if (int_port > MUX_PORT_MAX || int_port == 0) {
dev_err(dev, "mux-int-port: hardware only has %d mux ports\n",
MUX_PORT_MAX);
+ ret = -EINVAL;
goto fail;
}
--
2.34.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 113/338] ASoC: msm8916-wcd-digital: Fix missing clk_disable_unprepare() in msm8916_wcd_digital_probe
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (111 preceding siblings ...)
2022-04-14 13:10 ` [PATCH 4.19 112/338] ASoC: imx-es8328: Fix error return code in imx_es8328_probe() Greg Kroah-Hartman
@ 2022-04-14 13:10 ` Greg Kroah-Hartman
2022-04-14 13:10 ` [PATCH 4.19 114/338] mmc: davinci_mmc: Handle error for clk_enable Greg Kroah-Hartman
` (230 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:10 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Miaoqian Lin, Mark Brown, Sasha Levin
From: Miaoqian Lin <linmq006@gmail.com>
[ Upstream commit 375a347da4889f64d86e1ab7f4e6702b6e9bf299 ]
Fix the missing clk_disable_unprepare() before return
from msm8916_wcd_digital_probe in the error handling case.
Fixes: 150db8c5afa1 ("ASoC: codecs: Add msm8916-wcd digital codec")
Signed-off-by: Miaoqian Lin <linmq006@gmail.com>
Link: https://lore.kernel.org/r/20220307084523.28687-1-linmq006@gmail.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/codecs/msm8916-wcd-digital.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/sound/soc/codecs/msm8916-wcd-digital.c b/sound/soc/codecs/msm8916-wcd-digital.c
index 6de2ab6f9706..e6750bda542a 100644
--- a/sound/soc/codecs/msm8916-wcd-digital.c
+++ b/sound/soc/codecs/msm8916-wcd-digital.c
@@ -918,7 +918,7 @@ static int msm8916_wcd_digital_probe(struct platform_device *pdev)
ret = clk_prepare_enable(priv->mclk);
if (ret < 0) {
dev_err(dev, "failed to enable mclk %d\n", ret);
- return ret;
+ goto err_clk;
}
dev_set_drvdata(dev, priv);
@@ -926,6 +926,9 @@ static int msm8916_wcd_digital_probe(struct platform_device *pdev)
return devm_snd_soc_register_component(dev, &msm8916_wcd_digital,
msm8916_wcd_digital_dai,
ARRAY_SIZE(msm8916_wcd_digital_dai));
+err_clk:
+ clk_disable_unprepare(priv->ahbclk);
+ return ret;
}
static int msm8916_wcd_digital_remove(struct platform_device *pdev)
--
2.34.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 114/338] mmc: davinci_mmc: Handle error for clk_enable
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (112 preceding siblings ...)
2022-04-14 13:10 ` [PATCH 4.19 113/338] ASoC: msm8916-wcd-digital: Fix missing clk_disable_unprepare() in msm8916_wcd_digital_probe Greg Kroah-Hartman
@ 2022-04-14 13:10 ` Greg Kroah-Hartman
2022-04-14 13:10 ` [PATCH 4.19 115/338] drm/bridge: Fix free wrong object in sii8620_init_rcp_input_dev Greg Kroah-Hartman
` (229 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:10 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jiasheng Jiang, Ulf Hansson, Sasha Levin
From: Jiasheng Jiang <jiasheng@iscas.ac.cn>
[ Upstream commit 09e7af76db02c74f2a339b3cb2d95460fa2ddbe4 ]
As the potential failure of the clk_enable(),
it should be better to check it and return error
if fails.
Fixes: bbce5802afc5 ("davinci: mmc: updates to suspend/resume implementation")
Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>
Link: https://lore.kernel.org/r/20220308071415.1093393-1-jiasheng@iscas.ac.cn
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/mmc/host/davinci_mmc.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/drivers/mmc/host/davinci_mmc.c b/drivers/mmc/host/davinci_mmc.c
index e6f14257a7d0..70d04962f53a 100644
--- a/drivers/mmc/host/davinci_mmc.c
+++ b/drivers/mmc/host/davinci_mmc.c
@@ -1389,8 +1389,12 @@ static int davinci_mmcsd_suspend(struct device *dev)
static int davinci_mmcsd_resume(struct device *dev)
{
struct mmc_davinci_host *host = dev_get_drvdata(dev);
+ int ret;
+
+ ret = clk_enable(host->clk);
+ if (ret)
+ return ret;
- clk_enable(host->clk);
mmc_davinci_reset_ctrl(host, 0);
return 0;
--
2.34.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 115/338] drm/bridge: Fix free wrong object in sii8620_init_rcp_input_dev
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (113 preceding siblings ...)
2022-04-14 13:10 ` [PATCH 4.19 114/338] mmc: davinci_mmc: Handle error for clk_enable Greg Kroah-Hartman
@ 2022-04-14 13:10 ` Greg Kroah-Hartman
2022-04-14 13:10 ` [PATCH 4.19 116/338] ath10k: fix memory overwrite of the WoWLAN wakeup packet pattern Greg Kroah-Hartman
` (228 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:10 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Miaoqian Lin, Robert Foss, Sasha Levin
From: Miaoqian Lin <linmq006@gmail.com>
[ Upstream commit 7c442e76c06cb1bef16a6c523487438175584eea ]
rc_dev is allocated by rc_allocate_device(), and doesn't assigned to
ctx->rc_dev before calling rc_free_device(ctx->rc_dev).
So it should call rc_free_device(rc_dev);
Fixes: e25f1f7c94e1 ("drm/bridge/sii8620: add remote control support")
Signed-off-by: Miaoqian Lin <linmq006@gmail.com>
Reviewed-by: Robert Foss <robert.foss@linaro.org>
Signed-off-by: Robert Foss <robert.foss@linaro.org>
Link: https://patchwork.freedesktop.org/patch/msgid/20211227092522.21755-1-linmq006@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/bridge/sil-sii8620.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/bridge/sil-sii8620.c b/drivers/gpu/drm/bridge/sil-sii8620.c
index 1ea2a1b0fe37..ea433bb189ca 100644
--- a/drivers/gpu/drm/bridge/sil-sii8620.c
+++ b/drivers/gpu/drm/bridge/sil-sii8620.c
@@ -2122,7 +2122,7 @@ static void sii8620_init_rcp_input_dev(struct sii8620 *ctx)
if (ret) {
dev_err(ctx->dev, "Failed to register RC device\n");
ctx->error = ret;
- rc_free_device(ctx->rc_dev);
+ rc_free_device(rc_dev);
return;
}
ctx->rc_dev = rc_dev;
--
2.34.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 116/338] ath10k: fix memory overwrite of the WoWLAN wakeup packet pattern
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (114 preceding siblings ...)
2022-04-14 13:10 ` [PATCH 4.19 115/338] drm/bridge: Fix free wrong object in sii8620_init_rcp_input_dev Greg Kroah-Hartman
@ 2022-04-14 13:10 ` Greg Kroah-Hartman
2022-04-14 13:10 ` [PATCH 4.19 117/338] Bluetooth: hci_serdev: call init_rwsem() before p->open() Greg Kroah-Hartman
` (227 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:10 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Wen Gong, Kalle Valo, Sasha Levin
From: Wen Gong <quic_wgong@quicinc.com>
[ Upstream commit e3fb3d4418fce5484dfe7995fcd94c18b10a431a ]
In function ath10k_wow_convert_8023_to_80211(), it will do memcpy for
the new->pattern, and currently the new->pattern and new->mask is same
with the old, then the memcpy of new->pattern will also overwrite the
old->pattern, because the header format of new->pattern is 802.11,
its length is larger than the old->pattern which is 802.3. Then the
operation of "Copy frame body" will copy a mistake value because the
body memory has been overwrite when memcpy the new->pattern.
Assign another empty value to new_pattern to avoid the overwrite issue.
Tested-on: QCA6174 hw3.2 SDIO WLAN.RMH.4.4.1-00049
Fixes: fa3440fa2fa1 ("ath10k: convert wow pattern from 802.3 to 802.11")
Signed-off-by: Wen Gong <quic_wgong@quicinc.com>
Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com>
Link: https://lore.kernel.org/r/20211222031347.25463-1-quic_wgong@quicinc.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/ath/ath10k/wow.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/drivers/net/wireless/ath/ath10k/wow.c b/drivers/net/wireless/ath/ath10k/wow.c
index a6b179f88d36..1d44227d107d 100644
--- a/drivers/net/wireless/ath/ath10k/wow.c
+++ b/drivers/net/wireless/ath/ath10k/wow.c
@@ -235,14 +235,15 @@ static int ath10k_vif_wow_set_wakeups(struct ath10k_vif *arvif,
if (patterns[i].mask[j / 8] & BIT(j % 8))
bitmask[j] = 0xff;
old_pattern.mask = bitmask;
- new_pattern = old_pattern;
if (ar->wmi.rx_decap_mode == ATH10K_HW_TXRX_NATIVE_WIFI) {
- if (patterns[i].pkt_offset < ETH_HLEN)
+ if (patterns[i].pkt_offset < ETH_HLEN) {
ath10k_wow_convert_8023_to_80211(&new_pattern,
&old_pattern);
- else
+ } else {
+ new_pattern = old_pattern;
new_pattern.pkt_offset += WOW_HDR_LEN - ETH_HLEN;
+ }
}
if (WARN_ON(new_pattern.pattern_len > WOW_MAX_PATTERN_SIZE))
--
2.34.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 117/338] Bluetooth: hci_serdev: call init_rwsem() before p->open()
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (115 preceding siblings ...)
2022-04-14 13:10 ` [PATCH 4.19 116/338] ath10k: fix memory overwrite of the WoWLAN wakeup packet pattern Greg Kroah-Hartman
@ 2022-04-14 13:10 ` Greg Kroah-Hartman
2022-04-14 13:10 ` [PATCH 4.19 118/338] mtd: onenand: Check for error irq Greg Kroah-Hartman
` (226 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:10 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Yiru Xu, Pavel Skripkin,
Marcel Holtmann, Sasha Levin
From: Pavel Skripkin <paskripkin@gmail.com>
[ Upstream commit 9d7cbe2b9cf5f650067df4f402fdd799d4bbb4e1 ]
kvartet reported, that hci_uart_tx_wakeup() uses uninitialized rwsem.
The problem was in wrong place for percpu_init_rwsem() call.
hci_uart_proto::open() may register a timer whose callback may call
hci_uart_tx_wakeup(). There is a chance, that hci_uart_register_device()
thread won't be fast enough to call percpu_init_rwsem().
Fix it my moving percpu_init_rwsem() call before p->open().
INFO: trying to register non-static key.
The code is fine but needs lockdep annotation, or maybe
you didn't initialize this object before use?
turning off the locking correctness validator.
CPU: 2 PID: 18524 Comm: syz-executor.5 Not tainted 5.16.0-rc6 #9
...
Call Trace:
<IRQ>
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106
assign_lock_key kernel/locking/lockdep.c:951 [inline]
register_lock_class+0x148d/0x1950 kernel/locking/lockdep.c:1263
__lock_acquire+0x106/0x57e0 kernel/locking/lockdep.c:4906
lock_acquire kernel/locking/lockdep.c:5637 [inline]
lock_acquire+0x1ab/0x520 kernel/locking/lockdep.c:5602
percpu_down_read_trylock include/linux/percpu-rwsem.h:92 [inline]
hci_uart_tx_wakeup+0x12e/0x490 drivers/bluetooth/hci_ldisc.c:124
h5_timed_event+0x32f/0x6a0 drivers/bluetooth/hci_h5.c:188
call_timer_fn+0x1a5/0x6b0 kernel/time/timer.c:1421
Fixes: d73e17281665 ("Bluetooth: hci_serdev: Init hci_uart proto_lock to avoid oops")
Reported-by: Yiru Xu <xyru1999@gmail.com>
Signed-off-by: Pavel Skripkin <paskripkin@gmail.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/bluetooth/hci_serdev.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/bluetooth/hci_serdev.c b/drivers/bluetooth/hci_serdev.c
index 7b3aade431e5..9ebcf0d9e395 100644
--- a/drivers/bluetooth/hci_serdev.c
+++ b/drivers/bluetooth/hci_serdev.c
@@ -288,6 +288,8 @@ int hci_uart_register_device(struct hci_uart *hu,
if (err)
return err;
+ percpu_init_rwsem(&hu->proto_lock);
+
err = p->open(hu);
if (err)
goto err_open;
@@ -310,7 +312,6 @@ int hci_uart_register_device(struct hci_uart *hu,
INIT_WORK(&hu->init_ready, hci_uart_init_work);
INIT_WORK(&hu->write_work, hci_uart_write_work);
- percpu_init_rwsem(&hu->proto_lock);
/* Only when vendor specific setup callback is provided, consider
* the manufacturer information valid. This avoids filling in the
--
2.34.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 118/338] mtd: onenand: Check for error irq
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (116 preceding siblings ...)
2022-04-14 13:10 ` [PATCH 4.19 117/338] Bluetooth: hci_serdev: call init_rwsem() before p->open() Greg Kroah-Hartman
@ 2022-04-14 13:10 ` Greg Kroah-Hartman
2022-04-14 13:10 ` [PATCH 4.19 119/338] drm/edid: Dont clear formats if using deep color Greg Kroah-Hartman
` (225 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:10 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jiasheng Jiang, Miquel Raynal, Sasha Levin
From: Jiasheng Jiang <jiasheng@iscas.ac.cn>
[ Upstream commit 3e68f331c8c759c0daa31cc92c3449b23119a215 ]
For the possible failure of the platform_get_irq(), the returned irq
could be error number and will finally cause the failure of the
request_irq().
Consider that platform_get_irq() can now in certain cases return
-EPROBE_DEFER, and the consequences of letting request_irq() effectively
convert that into -EINVAL, even at probe time rather than later on.
So it might be better to check just now.
Fixes: 2c22120fbd01 ("MTD: OneNAND: interrupt based wait support")
Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
Link: https://lore.kernel.org/linux-mtd/20220104162658.1988142-1-jiasheng@iscas.ac.cn
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/mtd/nand/onenand/generic.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/drivers/mtd/nand/onenand/generic.c b/drivers/mtd/nand/onenand/generic.c
index acad17ec6581..bfb5cee1b472 100644
--- a/drivers/mtd/nand/onenand/generic.c
+++ b/drivers/mtd/nand/onenand/generic.c
@@ -56,7 +56,12 @@ static int generic_onenand_probe(struct platform_device *pdev)
}
info->onenand.mmcontrol = pdata ? pdata->mmcontrol : NULL;
- info->onenand.irq = platform_get_irq(pdev, 0);
+
+ err = platform_get_irq(pdev, 0);
+ if (err < 0)
+ goto out_iounmap;
+
+ info->onenand.irq = err;
info->mtd.dev.parent = &pdev->dev;
info->mtd.priv = &info->onenand;
--
2.34.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 119/338] drm/edid: Dont clear formats if using deep color
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (117 preceding siblings ...)
2022-04-14 13:10 ` [PATCH 4.19 118/338] mtd: onenand: Check for error irq Greg Kroah-Hartman
@ 2022-04-14 13:10 ` Greg Kroah-Hartman
2022-04-14 13:10 ` [PATCH 4.19 120/338] drm/amd/display: Fix a NULL pointer dereference in amdgpu_dm_connector_add_common_modes() Greg Kroah-Hartman
` (224 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:10 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Maxime Ripard,
Ville Syrjälä,
Sasha Levin
From: Maxime Ripard <maxime@cerno.tech>
[ Upstream commit 75478b3b393bcbdca4e6da76fe3a9f1a4133ec5d ]
The current code, when parsing the EDID Deep Color depths, that the
YUV422 cannot be used, referring to the HDMI 1.3 Specification.
This specification, in its section 6.2.4, indeed states:
For each supported Deep Color mode, RGB 4:4:4 shall be supported and
optionally YCBCR 4:4:4 may be supported.
YCBCR 4:2:2 is not permitted for any Deep Color mode.
This indeed can be interpreted like the code does, but the HDMI 1.4
specification further clarifies that statement in its section 6.2.4:
For each supported Deep Color mode, RGB 4:4:4 shall be supported and
optionally YCBCR 4:4:4 may be supported.
YCBCR 4:2:2 is also 36-bit mode but does not require the further use
of the Deep Color modes described in section 6.5.2 and 6.5.3.
This means that, even though YUV422 can be used with 12 bit per color,
it shouldn't be treated as a deep color mode.
This is also broken with YUV444 if it's supported by the display, but
DRM_EDID_HDMI_DC_Y444 isn't set. In such a case, the code will clear
color_formats of the YUV444 support set previously in
drm_parse_cea_ext(), but will not set it back.
Since the formats supported are already setup properly in
drm_parse_cea_ext(), let's just remove the code modifying the formats in
drm_parse_hdmi_deep_color_info()
Fixes: d0c94692e0a3 ("drm/edid: Parse and handle HDMI deep color modes.")
Signed-off-by: Maxime Ripard <maxime@cerno.tech>
Reviewed-by: Ville Syrjälä <ville.syrjala@linux.intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20220120151625.594595-3-maxime@cerno.tech
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/drm_edid.c | 8 --------
1 file changed, 8 deletions(-)
--- a/drivers/gpu/drm/drm_edid.c
+++ b/drivers/gpu/drm/drm_edid.c
@@ -4502,16 +4502,8 @@ static void drm_parse_hdmi_deep_color_in
connector->name, dc_bpc);
info->bpc = dc_bpc;
- /*
- * Deep color support mandates RGB444 support for all video
- * modes and forbids YCRCB422 support for all video modes per
- * HDMI 1.3 spec.
- */
- info->color_formats = DRM_COLOR_FORMAT_RGB444;
-
/* YCRCB444 is optional according to spec. */
if (hdmi[6] & DRM_EDID_HDMI_DC_Y444) {
- info->color_formats |= DRM_COLOR_FORMAT_YCRCB444;
DRM_DEBUG("%s: HDMI sink does YCRCB444 in deep color.\n",
connector->name);
}
^ permalink raw reply [flat|nested] 364+ messages in thread
* [PATCH 4.19 120/338] drm/amd/display: Fix a NULL pointer dereference in amdgpu_dm_connector_add_common_modes()
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (118 preceding siblings ...)
2022-04-14 13:10 ` [PATCH 4.19 119/338] drm/edid: Dont clear formats if using deep color Greg Kroah-Hartman
@ 2022-04-14 13:10 ` Greg Kroah-Hartman
2022-04-14 13:10 ` [PATCH 4.19 121/338] ath9k_htc: fix uninit value bugs Greg Kroah-Hartman
` (223 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:10 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Zhou Qingyang, Alex Deucher, Sasha Levin
From: Zhou Qingyang <zhou1615@umn.edu>
[ Upstream commit 588a70177df3b1777484267584ef38ab2ca899a2 ]
In amdgpu_dm_connector_add_common_modes(), amdgpu_dm_create_common_mode()
is assigned to mode and is passed to drm_mode_probed_add() directly after
that. drm_mode_probed_add() passes &mode->head to list_add_tail(), and
there is a dereference of it in list_add_tail() without recoveries, which
could lead to NULL pointer dereference on failure of
amdgpu_dm_create_common_mode().
Fix this by adding a NULL check of mode.
This bug was found by a static analyzer.
Builds with 'make allyesconfig' show no new warnings,
and our static analyzer no longer warns about this code.
Fixes: e7b07ceef2a6 ("drm/amd/display: Merge amdgpu_dm_types and amdgpu_dm")
Signed-off-by: Zhou Qingyang <zhou1615@umn.edu>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c
index ed02bb6b2cd0..b2835cd41d3e 100644
--- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c
+++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c
@@ -3593,6 +3593,9 @@ static void amdgpu_dm_connector_add_common_modes(struct drm_encoder *encoder,
mode = amdgpu_dm_create_common_mode(encoder,
common_modes[i].name, common_modes[i].w,
common_modes[i].h);
+ if (!mode)
+ continue;
+
drm_mode_probed_add(connector, mode);
amdgpu_dm_connector->num_modes++;
}
--
2.34.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 121/338] ath9k_htc: fix uninit value bugs
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (119 preceding siblings ...)
2022-04-14 13:10 ` [PATCH 4.19 120/338] drm/amd/display: Fix a NULL pointer dereference in amdgpu_dm_connector_add_common_modes() Greg Kroah-Hartman
@ 2022-04-14 13:10 ` Greg Kroah-Hartman
2022-04-14 13:10 ` [PATCH 4.19 122/338] KVM: PPC: Fix vmx/vsx mixup in mmio emulation Greg Kroah-Hartman
` (222 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:10 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, syzbot+f83a1df1ed4f67e8d8ad,
Pavel Skripkin, Kalle Valo, Sasha Levin
From: Pavel Skripkin <paskripkin@gmail.com>
[ Upstream commit d1e0df1c57bd30871dd1c855742a7c346dbca853 ]
Syzbot reported 2 KMSAN bugs in ath9k. All of them are caused by missing
field initialization.
In htc_connect_service() svc_meta_len and pad are not initialized. Based
on code it looks like in current skb there is no service data, so simply
initialize svc_meta_len to 0.
htc_issue_send() does not initialize htc_frame_hdr::control array. Based
on firmware code, it will initialize it by itself, so simply zero whole
array to make KMSAN happy
Fail logs:
BUG: KMSAN: kernel-usb-infoleak in usb_submit_urb+0x6c1/0x2aa0 drivers/usb/core/urb.c:430
usb_submit_urb+0x6c1/0x2aa0 drivers/usb/core/urb.c:430
hif_usb_send_regout drivers/net/wireless/ath/ath9k/hif_usb.c:127 [inline]
hif_usb_send+0x5f0/0x16f0 drivers/net/wireless/ath/ath9k/hif_usb.c:479
htc_issue_send drivers/net/wireless/ath/ath9k/htc_hst.c:34 [inline]
htc_connect_service+0x143e/0x1960 drivers/net/wireless/ath/ath9k/htc_hst.c:275
...
Uninit was created at:
slab_post_alloc_hook mm/slab.h:524 [inline]
slab_alloc_node mm/slub.c:3251 [inline]
__kmalloc_node_track_caller+0xe0c/0x1510 mm/slub.c:4974
kmalloc_reserve net/core/skbuff.c:354 [inline]
__alloc_skb+0x545/0xf90 net/core/skbuff.c:426
alloc_skb include/linux/skbuff.h:1126 [inline]
htc_connect_service+0x1029/0x1960 drivers/net/wireless/ath/ath9k/htc_hst.c:258
...
Bytes 4-7 of 18 are uninitialized
Memory access of size 18 starts at ffff888027377e00
BUG: KMSAN: kernel-usb-infoleak in usb_submit_urb+0x6c1/0x2aa0 drivers/usb/core/urb.c:430
usb_submit_urb+0x6c1/0x2aa0 drivers/usb/core/urb.c:430
hif_usb_send_regout drivers/net/wireless/ath/ath9k/hif_usb.c:127 [inline]
hif_usb_send+0x5f0/0x16f0 drivers/net/wireless/ath/ath9k/hif_usb.c:479
htc_issue_send drivers/net/wireless/ath/ath9k/htc_hst.c:34 [inline]
htc_connect_service+0x143e/0x1960 drivers/net/wireless/ath/ath9k/htc_hst.c:275
...
Uninit was created at:
slab_post_alloc_hook mm/slab.h:524 [inline]
slab_alloc_node mm/slub.c:3251 [inline]
__kmalloc_node_track_caller+0xe0c/0x1510 mm/slub.c:4974
kmalloc_reserve net/core/skbuff.c:354 [inline]
__alloc_skb+0x545/0xf90 net/core/skbuff.c:426
alloc_skb include/linux/skbuff.h:1126 [inline]
htc_connect_service+0x1029/0x1960 drivers/net/wireless/ath/ath9k/htc_hst.c:258
...
Bytes 16-17 of 18 are uninitialized
Memory access of size 18 starts at ffff888027377e00
Fixes: fb9987d0f748 ("ath9k_htc: Support for AR9271 chipset.")
Reported-by: syzbot+f83a1df1ed4f67e8d8ad@syzkaller.appspotmail.com
Signed-off-by: Pavel Skripkin <paskripkin@gmail.com>
Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com>
Link: https://lore.kernel.org/r/20220115122733.11160-1-paskripkin@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/ath/ath9k/htc_hst.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/drivers/net/wireless/ath/ath9k/htc_hst.c b/drivers/net/wireless/ath/ath9k/htc_hst.c
index 05fca38b38ed..e37de14bc502 100644
--- a/drivers/net/wireless/ath/ath9k/htc_hst.c
+++ b/drivers/net/wireless/ath/ath9k/htc_hst.c
@@ -30,6 +30,7 @@ static int htc_issue_send(struct htc_target *target, struct sk_buff* skb,
hdr->endpoint_id = epid;
hdr->flags = flags;
hdr->payload_len = cpu_to_be16(len);
+ memset(hdr->control, 0, sizeof(hdr->control));
status = target->hif->send(target->hif_dev, endpoint->ul_pipeid, skb);
@@ -274,6 +275,10 @@ int htc_connect_service(struct htc_target *target,
conn_msg->dl_pipeid = endpoint->dl_pipeid;
conn_msg->ul_pipeid = endpoint->ul_pipeid;
+ /* To prevent infoleak */
+ conn_msg->svc_meta_len = 0;
+ conn_msg->pad = 0;
+
ret = htc_issue_send(target, skb, skb->len, 0, ENDPOINT0);
if (ret)
goto err;
--
2.34.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 122/338] KVM: PPC: Fix vmx/vsx mixup in mmio emulation
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (120 preceding siblings ...)
2022-04-14 13:10 ` [PATCH 4.19 121/338] ath9k_htc: fix uninit value bugs Greg Kroah-Hartman
@ 2022-04-14 13:10 ` Greg Kroah-Hartman
2022-04-14 13:10 ` [PATCH 4.19 123/338] power: reset: gemini-poweroff: Fix IRQ check in gemini_poweroff_probe Greg Kroah-Hartman
` (221 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:10 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Fabiano Rosas, Nicholas Piggin,
Michael Ellerman, Sasha Levin
From: Fabiano Rosas <farosas@linux.ibm.com>
[ Upstream commit b99234b918c6e36b9aa0a5b2981e86b6bd11f8e2 ]
The MMIO emulation code for vector instructions is duplicated between
VSX and VMX. When emulating VMX we should check the VMX copy size
instead of the VSX one.
Fixes: acc9eb9305fe ("KVM: PPC: Reimplement LOAD_VMX/STORE_VMX instruction ...")
Signed-off-by: Fabiano Rosas <farosas@linux.ibm.com>
Reviewed-by: Nicholas Piggin <npiggin@gmail.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20220125215655.1026224-3-farosas@linux.ibm.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/powerpc/kvm/powerpc.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/arch/powerpc/kvm/powerpc.c b/arch/powerpc/kvm/powerpc.c
index ad5a871a6cbf..dd352842a1c7 100644
--- a/arch/powerpc/kvm/powerpc.c
+++ b/arch/powerpc/kvm/powerpc.c
@@ -1479,7 +1479,7 @@ int kvmppc_handle_vmx_load(struct kvm_run *run, struct kvm_vcpu *vcpu,
{
enum emulation_result emulated = EMULATE_DONE;
- if (vcpu->arch.mmio_vsx_copy_nums > 2)
+ if (vcpu->arch.mmio_vmx_copy_nums > 2)
return EMULATE_FAIL;
while (vcpu->arch.mmio_vmx_copy_nums) {
@@ -1576,7 +1576,7 @@ int kvmppc_handle_vmx_store(struct kvm_run *run, struct kvm_vcpu *vcpu,
unsigned int index = rs & KVM_MMIO_REG_MASK;
enum emulation_result emulated = EMULATE_DONE;
- if (vcpu->arch.mmio_vsx_copy_nums > 2)
+ if (vcpu->arch.mmio_vmx_copy_nums > 2)
return EMULATE_FAIL;
vcpu->arch.io_gpr = rs;
--
2.34.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 123/338] power: reset: gemini-poweroff: Fix IRQ check in gemini_poweroff_probe
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (121 preceding siblings ...)
2022-04-14 13:10 ` [PATCH 4.19 122/338] KVM: PPC: Fix vmx/vsx mixup in mmio emulation Greg Kroah-Hartman
@ 2022-04-14 13:10 ` Greg Kroah-Hartman
2022-04-14 13:10 ` [PATCH 4.19 124/338] ray_cs: Check ioremap return value Greg Kroah-Hartman
` (220 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:10 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Miaoqian Lin, Linus Walleij,
Sebastian Reichel, Sasha Levin
From: Miaoqian Lin <linmq006@gmail.com>
[ Upstream commit ba18dad0fb880cd29aa97b6b75560ef14d1061ba ]
platform_get_irq() returns negative error number instead 0 on failure.
And the doc of platform_get_irq() provides a usage example:
int irq = platform_get_irq(pdev, 0);
if (irq < 0)
return irq;
Fix the check of return value to catch errors correctly.
Fixes: f7a388d6cd1c ("power: reset: Add a driver for the Gemini poweroff")
Signed-off-by: Miaoqian Lin <linmq006@gmail.com>
Reviewed-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Sebastian Reichel <sebastian.reichel@collabora.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/power/reset/gemini-poweroff.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/power/reset/gemini-poweroff.c b/drivers/power/reset/gemini-poweroff.c
index 90e35c07240a..b7f7a8225f22 100644
--- a/drivers/power/reset/gemini-poweroff.c
+++ b/drivers/power/reset/gemini-poweroff.c
@@ -107,8 +107,8 @@ static int gemini_poweroff_probe(struct platform_device *pdev)
return PTR_ERR(gpw->base);
irq = platform_get_irq(pdev, 0);
- if (!irq)
- return -EINVAL;
+ if (irq < 0)
+ return irq;
gpw->dev = dev;
--
2.34.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 124/338] ray_cs: Check ioremap return value
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (122 preceding siblings ...)
2022-04-14 13:10 ` [PATCH 4.19 123/338] power: reset: gemini-poweroff: Fix IRQ check in gemini_poweroff_probe Greg Kroah-Hartman
@ 2022-04-14 13:10 ` Greg Kroah-Hartman
2022-04-14 13:10 ` [PATCH 4.19 125/338] power: supply: ab8500: Fix memory leak in ab8500_fg_sysfs_init Greg Kroah-Hartman
` (219 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:10 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jiasheng Jiang, Kalle Valo, Sasha Levin
From: Jiasheng Jiang <jiasheng@iscas.ac.cn>
[ Upstream commit 7e4760713391ee46dc913194b33ae234389a174e ]
As the possible failure of the ioremap(), the 'local->sram' and other
two could be NULL.
Therefore it should be better to check it in order to avoid the later
dev_dbg.
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20211230022926.1846757-1-jiasheng@iscas.ac.cn
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/ray_cs.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/drivers/net/wireless/ray_cs.c b/drivers/net/wireless/ray_cs.c
index 08c607c031bc..8704bae39e1b 100644
--- a/drivers/net/wireless/ray_cs.c
+++ b/drivers/net/wireless/ray_cs.c
@@ -394,6 +394,8 @@ static int ray_config(struct pcmcia_device *link)
goto failed;
local->sram = ioremap(link->resource[2]->start,
resource_size(link->resource[2]));
+ if (!local->sram)
+ goto failed;
/*** Set up 16k window for shared memory (receive buffer) ***************/
link->resource[3]->flags |=
@@ -408,6 +410,8 @@ static int ray_config(struct pcmcia_device *link)
goto failed;
local->rmem = ioremap(link->resource[3]->start,
resource_size(link->resource[3]));
+ if (!local->rmem)
+ goto failed;
/*** Set up window for attribute memory ***********************************/
link->resource[4]->flags |=
@@ -422,6 +426,8 @@ static int ray_config(struct pcmcia_device *link)
goto failed;
local->amem = ioremap(link->resource[4]->start,
resource_size(link->resource[4]));
+ if (!local->amem)
+ goto failed;
dev_dbg(&link->dev, "ray_config sram=%p\n", local->sram);
dev_dbg(&link->dev, "ray_config rmem=%p\n", local->rmem);
--
2.34.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 125/338] power: supply: ab8500: Fix memory leak in ab8500_fg_sysfs_init
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (123 preceding siblings ...)
2022-04-14 13:10 ` [PATCH 4.19 124/338] ray_cs: Check ioremap return value Greg Kroah-Hartman
@ 2022-04-14 13:10 ` Greg Kroah-Hartman
2022-04-14 13:10 ` [PATCH 4.19 126/338] HID: i2c-hid: fix GET/SET_REPORT for unnumbered reports Greg Kroah-Hartman
` (218 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:10 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Miaoqian Lin, Sebastian Reichel, Sasha Levin
From: Miaoqian Lin <linmq006@gmail.com>
[ Upstream commit 6a4760463dbc6b603690938c468839985189ce0a ]
kobject_init_and_add() takes reference even when it fails.
According to the doc of kobject_init_and_add():
If this function returns an error, kobject_put() must be called to
properly clean up the memory associated with the object.
Fix memory leak by calling kobject_put().
Fixes: 8c0984e5a753 ("power: move power supply drivers to power/supply")
Signed-off-by: Miaoqian Lin <linmq006@gmail.com>
Signed-off-by: Sebastian Reichel <sebastian.reichel@collabora.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/power/supply/ab8500_fg.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/power/supply/ab8500_fg.c b/drivers/power/supply/ab8500_fg.c
index b0e77324b016..675f9d0e8471 100644
--- a/drivers/power/supply/ab8500_fg.c
+++ b/drivers/power/supply/ab8500_fg.c
@@ -2541,8 +2541,10 @@ static int ab8500_fg_sysfs_init(struct ab8500_fg *di)
ret = kobject_init_and_add(&di->fg_kobject,
&ab8500_fg_ktype,
NULL, "battery");
- if (ret < 0)
+ if (ret < 0) {
+ kobject_put(&di->fg_kobject);
dev_err(di->dev, "failed to create sysfs entry\n");
+ }
return ret;
}
--
2.34.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 126/338] HID: i2c-hid: fix GET/SET_REPORT for unnumbered reports
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (124 preceding siblings ...)
2022-04-14 13:10 ` [PATCH 4.19 125/338] power: supply: ab8500: Fix memory leak in ab8500_fg_sysfs_init Greg Kroah-Hartman
@ 2022-04-14 13:10 ` Greg Kroah-Hartman
2022-04-14 13:10 ` [PATCH 4.19 127/338] iwlwifi: Fix -EIO error code that is never returned Greg Kroah-Hartman
` (217 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:10 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dmitry Torokhov, Benjamin Tissoires,
Jiri Kosina, Sasha Levin
From: Dmitry Torokhov <dmitry.torokhov@gmail.com>
[ Upstream commit a5e5e03e94764148a01757b2fa4737d3445c13a6 ]
Internally kernel prepends all report buffers, for both numbered and
unnumbered reports, with report ID, therefore to properly handle unnumbered
reports we should prepend it ourselves.
For the same reason we should skip the first byte of the buffer when
calling i2c_hid_set_or_send_report() which then will take care of properly
formatting the transfer buffer based on its separate report ID argument
along with report payload.
[jkosina@suse.cz: finalize trimmed sentence in changelog as spotted by Benjamin]
Fixes: 9b5a9ae88573 ("HID: i2c-hid: implement ll_driver transport-layer callbacks")
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Tested-by: Benjamin Tissoires <benjamin.tissoires@redhat.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/hid/i2c-hid/i2c-hid-core.c | 32 ++++++++++++++++++++++--------
1 file changed, 24 insertions(+), 8 deletions(-)
diff --git a/drivers/hid/i2c-hid/i2c-hid-core.c b/drivers/hid/i2c-hid/i2c-hid-core.c
index 19f4b807a5d1..f5dc3122aff8 100644
--- a/drivers/hid/i2c-hid/i2c-hid-core.c
+++ b/drivers/hid/i2c-hid/i2c-hid-core.c
@@ -632,6 +632,17 @@ static int i2c_hid_get_raw_report(struct hid_device *hid,
if (report_type == HID_OUTPUT_REPORT)
return -EINVAL;
+ /*
+ * In case of unnumbered reports the response from the device will
+ * not have the report ID that the upper layers expect, so we need
+ * to stash it the buffer ourselves and adjust the data size.
+ */
+ if (!report_number) {
+ buf[0] = 0;
+ buf++;
+ count--;
+ }
+
/* +2 bytes to include the size of the reply in the query buffer */
ask_count = min(count + 2, (size_t)ihid->bufsize);
@@ -653,6 +664,9 @@ static int i2c_hid_get_raw_report(struct hid_device *hid,
count = min(count, ret_count - 2);
memcpy(buf, ihid->rawbuf + 2, count);
+ if (!report_number)
+ count++;
+
return count;
}
@@ -669,17 +683,19 @@ static int i2c_hid_output_raw_report(struct hid_device *hid, __u8 *buf,
mutex_lock(&ihid->reset_lock);
- if (report_id) {
- buf++;
- count--;
- }
-
+ /*
+ * Note that both numbered and unnumbered reports passed here
+ * are supposed to have report ID stored in the 1st byte of the
+ * buffer, so we strip it off unconditionally before passing payload
+ * to i2c_hid_set_or_send_report which takes care of encoding
+ * everything properly.
+ */
ret = i2c_hid_set_or_send_report(client,
report_type == HID_FEATURE_REPORT ? 0x03 : 0x02,
- report_id, buf, count, use_data);
+ report_id, buf + 1, count - 1, use_data);
- if (report_id && ret >= 0)
- ret++; /* add report_id to the number of transfered bytes */
+ if (ret >= 0)
+ ret++; /* add report_id to the number of transferred bytes */
mutex_unlock(&ihid->reset_lock);
--
2.34.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 127/338] iwlwifi: Fix -EIO error code that is never returned
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (125 preceding siblings ...)
2022-04-14 13:10 ` [PATCH 4.19 126/338] HID: i2c-hid: fix GET/SET_REPORT for unnumbered reports Greg Kroah-Hartman
@ 2022-04-14 13:10 ` Greg Kroah-Hartman
2022-04-14 13:10 ` [PATCH 4.19 128/338] dm crypt: fix get_key_size compiler warning if !CONFIG_KEYS Greg Kroah-Hartman
` (216 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:10 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Colin Ian King, Luca Coelho, Sasha Levin
From: Colin Ian King <colin.king@canonical.com>
[ Upstream commit c305c94bdc18e45b5ad1db54da4269f8cbfdff6b ]
Currently the error -EIO is being assinged to variable ret when
the READY_BIT is not set but the function iwlagn_mac_start returns
0 rather than ret. Fix this by returning ret instead of 0.
Addresses-Coverity: ("Unused value")
Fixes: 7335613ae27a ("iwlwifi: move all mac80211 related functions to one place")
Signed-off-by: Colin Ian King <colin.king@canonical.com>
Link: https://lore.kernel.org/r/20210907104658.14706-1-colin.king@canonical.com
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/intel/iwlwifi/dvm/mac80211.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/wireless/intel/iwlwifi/dvm/mac80211.c b/drivers/net/wireless/intel/iwlwifi/dvm/mac80211.c
index 82caae02dd09..f2e0cfa2f4a2 100644
--- a/drivers/net/wireless/intel/iwlwifi/dvm/mac80211.c
+++ b/drivers/net/wireless/intel/iwlwifi/dvm/mac80211.c
@@ -317,7 +317,7 @@ static int iwlagn_mac_start(struct ieee80211_hw *hw)
priv->is_open = 1;
IWL_DEBUG_MAC80211(priv, "leave\n");
- return 0;
+ return ret;
}
static void iwlagn_mac_stop(struct ieee80211_hw *hw)
--
2.34.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 128/338] dm crypt: fix get_key_size compiler warning if !CONFIG_KEYS
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (126 preceding siblings ...)
2022-04-14 13:10 ` [PATCH 4.19 127/338] iwlwifi: Fix -EIO error code that is never returned Greg Kroah-Hartman
@ 2022-04-14 13:10 ` Greg Kroah-Hartman
2022-04-14 13:10 ` [PATCH 4.19 129/338] scsi: pm8001: Fix command initialization in pm80XX_send_read_log() Greg Kroah-Hartman
` (215 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:10 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Aashish Sharma, Mike Snitzer, Sasha Levin
From: Aashish Sharma <shraash@google.com>
[ Upstream commit 6fc51504388c1a1a53db8faafe9fff78fccc7c87 ]
Explicitly convert unsigned int in the right of the conditional
expression to int to match the left side operand and the return type,
fixing the following compiler warning:
drivers/md/dm-crypt.c:2593:43: warning: signed and unsigned
type in conditional expression [-Wsign-compare]
Fixes: c538f6ec9f56 ("dm crypt: add ability to use keys from the kernel key retention service")
Signed-off-by: Aashish Sharma <shraash@google.com>
Signed-off-by: Mike Snitzer <snitzer@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/md/dm-crypt.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/md/dm-crypt.c b/drivers/md/dm-crypt.c
index a6a26f8e4d8e..3441ad140b58 100644
--- a/drivers/md/dm-crypt.c
+++ b/drivers/md/dm-crypt.c
@@ -2107,7 +2107,7 @@ static int crypt_set_keyring_key(struct crypt_config *cc, const char *key_string
static int get_key_size(char **key_string)
{
- return (*key_string[0] == ':') ? -EINVAL : strlen(*key_string) >> 1;
+ return (*key_string[0] == ':') ? -EINVAL : (int)(strlen(*key_string) >> 1);
}
#endif
--
2.34.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 129/338] scsi: pm8001: Fix command initialization in pm80XX_send_read_log()
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (127 preceding siblings ...)
2022-04-14 13:10 ` [PATCH 4.19 128/338] dm crypt: fix get_key_size compiler warning if !CONFIG_KEYS Greg Kroah-Hartman
@ 2022-04-14 13:10 ` Greg Kroah-Hartman
2022-04-14 13:10 ` [PATCH 4.19 130/338] scsi: pm8001: Fix command initialization in pm8001_chip_ssp_tm_req() Greg Kroah-Hartman
` (214 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:10 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, John Garry, Jack Wang,
Damien Le Moal, Martin K. Petersen, Sasha Levin
From: Damien Le Moal <damien.lemoal@opensource.wdc.com>
[ Upstream commit 1a37b6738b58d86f6b144b3fc754ace0f2e0166d ]
Since the sata_cmd struct is zeroed out before its fields are initialized,
there is no need for using "|=" to initialize the ncqtag_atap_dir_m
field. Using a standard assignment removes the sparse warning:
warning: invalid assignment: |=
Also, since the ncqtag_atap_dir_m field has type __le32, use cpu_to_le32()
to generate the assigned value.
Link: https://lore.kernel.org/r/20220220031810.738362-5-damien.lemoal@opensource.wdc.com
Fixes: c6b9ef5779c3 ("[SCSI] pm80xx: NCQ error handling changes")
Reviewed-by: John Garry <john.garry@huawei.com>
Reviewed-by: Jack Wang <jinpu.wang@ionos.com>
Signed-off-by: Damien Le Moal <damien.lemoal@opensource.wdc.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/scsi/pm8001/pm8001_hwi.c | 2 +-
drivers/scsi/pm8001/pm80xx_hwi.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/scsi/pm8001/pm8001_hwi.c b/drivers/scsi/pm8001/pm8001_hwi.c
index 3e814c0469fb..d0f3b65224f5 100644
--- a/drivers/scsi/pm8001/pm8001_hwi.c
+++ b/drivers/scsi/pm8001/pm8001_hwi.c
@@ -1826,7 +1826,7 @@ static void pm8001_send_read_log(struct pm8001_hba_info *pm8001_ha,
sata_cmd.tag = cpu_to_le32(ccb_tag);
sata_cmd.device_id = cpu_to_le32(pm8001_ha_dev->device_id);
- sata_cmd.ncqtag_atap_dir_m |= ((0x1 << 7) | (0x5 << 9));
+ sata_cmd.ncqtag_atap_dir_m = cpu_to_le32((0x1 << 7) | (0x5 << 9));
memcpy(&sata_cmd.sata_fis, &fis, sizeof(struct host_to_dev_fis));
res = pm8001_mpi_build_cmd(pm8001_ha, circularQ, opc, &sata_cmd, 0);
diff --git a/drivers/scsi/pm8001/pm80xx_hwi.c b/drivers/scsi/pm8001/pm80xx_hwi.c
index c63b5db435c5..c73a365da1d8 100644
--- a/drivers/scsi/pm8001/pm80xx_hwi.c
+++ b/drivers/scsi/pm8001/pm80xx_hwi.c
@@ -1516,7 +1516,7 @@ static void pm80xx_send_read_log(struct pm8001_hba_info *pm8001_ha,
sata_cmd.tag = cpu_to_le32(ccb_tag);
sata_cmd.device_id = cpu_to_le32(pm8001_ha_dev->device_id);
- sata_cmd.ncqtag_atap_dir_m_dad |= ((0x1 << 7) | (0x5 << 9));
+ sata_cmd.ncqtag_atap_dir_m_dad = cpu_to_le32(((0x1 << 7) | (0x5 << 9)));
memcpy(&sata_cmd.sata_fis, &fis, sizeof(struct host_to_dev_fis));
res = pm8001_mpi_build_cmd(pm8001_ha, circularQ, opc, &sata_cmd, 0);
--
2.34.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 130/338] scsi: pm8001: Fix command initialization in pm8001_chip_ssp_tm_req()
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (128 preceding siblings ...)
2022-04-14 13:10 ` [PATCH 4.19 129/338] scsi: pm8001: Fix command initialization in pm80XX_send_read_log() Greg Kroah-Hartman
@ 2022-04-14 13:10 ` Greg Kroah-Hartman
2022-04-14 13:10 ` [PATCH 4.19 131/338] scsi: pm8001: Fix payload initialization in pm80xx_set_thermal_config() Greg Kroah-Hartman
` (213 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:10 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jack Wang, Damien Le Moal,
Martin K. Petersen, Sasha Levin
From: Damien Le Moal <damien.lemoal@opensource.wdc.com>
[ Upstream commit cd2268a180117aa8ebb23e090ba204324b2d0e93 ]
The ds_ads_m field of struct ssp_ini_tm_start_req has the type __le32.
Assigning a value to it should thus use cpu_to_le32(). This fixes the
sparse warning:
warning: incorrect type in assignment (different base types)
expected restricted __le32 [addressable] [assigned] [usertype] ds_ads_m
got int
Link: https://lore.kernel.org/r/20220220031810.738362-7-damien.lemoal@opensource.wdc.com
Fixes: dbf9bfe61571 ("[SCSI] pm8001: add SAS/SATA HBA driver")
Reviewed-by: Jack Wang <jinpu.wang@ionos.com>
Signed-off-by: Damien Le Moal <damien.lemoal@opensource.wdc.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/scsi/pm8001/pm8001_hwi.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/scsi/pm8001/pm8001_hwi.c b/drivers/scsi/pm8001/pm8001_hwi.c
index d0f3b65224f5..6c54500237cd 100644
--- a/drivers/scsi/pm8001/pm8001_hwi.c
+++ b/drivers/scsi/pm8001/pm8001_hwi.c
@@ -4727,7 +4727,7 @@ int pm8001_chip_ssp_tm_req(struct pm8001_hba_info *pm8001_ha,
memcpy(sspTMCmd.lun, task->ssp_task.LUN, 8);
sspTMCmd.tag = cpu_to_le32(ccb->ccb_tag);
if (pm8001_ha->chip_id != chip_8001)
- sspTMCmd.ds_ads_m = 0x08;
+ sspTMCmd.ds_ads_m = cpu_to_le32(0x08);
circularQ = &pm8001_ha->inbnd_q_tbl[0];
ret = pm8001_mpi_build_cmd(pm8001_ha, circularQ, opc, &sspTMCmd, 0);
return ret;
--
2.34.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 131/338] scsi: pm8001: Fix payload initialization in pm80xx_set_thermal_config()
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (129 preceding siblings ...)
2022-04-14 13:10 ` [PATCH 4.19 130/338] scsi: pm8001: Fix command initialization in pm8001_chip_ssp_tm_req() Greg Kroah-Hartman
@ 2022-04-14 13:10 ` Greg Kroah-Hartman
2022-04-14 13:10 ` [PATCH 4.19 132/338] scsi: pm8001: Fix abort all task initialization Greg Kroah-Hartman
` (212 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:10 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, John Garry, Jack Wang,
Damien Le Moal, Martin K. Petersen, Sasha Levin
From: Damien Le Moal <damien.lemoal@opensource.wdc.com>
[ Upstream commit bb225b12dbcc82d53d637d10b8d70b64494f8c16 ]
The fields of the set_ctrl_cfg_req structure have the __le32 type, so use
cpu_to_le32() to assign them. This removes the sparse warnings:
warning: incorrect type in assignment (different base types)
expected restricted __le32
got unsigned int
Link: https://lore.kernel.org/r/20220220031810.738362-8-damien.lemoal@opensource.wdc.com
Fixes: 842784e0d15b ("pm80xx: Update For Thermal Page Code")
Fixes: f5860992db55 ("[SCSI] pm80xx: Added SPCv/ve specific hardware functionalities and relevant changes in common files")
Reviewed-by: John Garry <john.garry@huawei.com>
Reviewed-by: Jack Wang <jinpu.wang@ionos.com>
Signed-off-by: Damien Le Moal <damien.lemoal@opensource.wdc.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/scsi/pm8001/pm80xx_hwi.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/drivers/scsi/pm8001/pm80xx_hwi.c b/drivers/scsi/pm8001/pm80xx_hwi.c
index c73a365da1d8..2e743dc6b13a 100644
--- a/drivers/scsi/pm8001/pm80xx_hwi.c
+++ b/drivers/scsi/pm8001/pm80xx_hwi.c
@@ -881,9 +881,11 @@ pm80xx_set_thermal_config(struct pm8001_hba_info *pm8001_ha)
else
page_code = THERMAL_PAGE_CODE_8H;
- payload.cfg_pg[0] = (THERMAL_LOG_ENABLE << 9) |
- (THERMAL_ENABLE << 8) | page_code;
- payload.cfg_pg[1] = (LTEMPHIL << 24) | (RTEMPHIL << 8);
+ payload.cfg_pg[0] =
+ cpu_to_le32((THERMAL_LOG_ENABLE << 9) |
+ (THERMAL_ENABLE << 8) | page_code);
+ payload.cfg_pg[1] =
+ cpu_to_le32((LTEMPHIL << 24) | (RTEMPHIL << 8));
rc = pm8001_mpi_build_cmd(pm8001_ha, circularQ, opc, &payload, 0);
if (rc)
--
2.34.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 132/338] scsi: pm8001: Fix abort all task initialization
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (130 preceding siblings ...)
2022-04-14 13:10 ` [PATCH 4.19 131/338] scsi: pm8001: Fix payload initialization in pm80xx_set_thermal_config() Greg Kroah-Hartman
@ 2022-04-14 13:10 ` Greg Kroah-Hartman
2022-04-14 13:10 ` [PATCH 4.19 133/338] TOMOYO: fix __setup handlers return values Greg Kroah-Hartman
` (211 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:10 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jack Wang, Damien Le Moal,
Martin K. Petersen, Sasha Levin
From: Damien Le Moal <damien.lemoal@opensource.wdc.com>
[ Upstream commit 7f12845c8389855dbcc67baa068b6832dc4a396e ]
In pm80xx_send_abort_all(), the n_elem field of the ccb used is not
initialized to 0. This missing initialization sometimes lead to the task
completion path seeing the ccb with a non-zero n_elem resulting in the
execution of invalid dma_unmap_sg() calls in pm8001_ccb_task_free(),
causing a crash such as:
[ 197.676341] RIP: 0010:iommu_dma_unmap_sg+0x6d/0x280
[ 197.700204] RSP: 0018:ffff889bbcf89c88 EFLAGS: 00010012
[ 197.705485] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffffff83d0bda0
[ 197.712687] RDX: 0000000000000002 RSI: 0000000000000000 RDI: ffff88810dffc0d0
[ 197.719887] RBP: 0000000000000000 R08: 0000000000000000 R09: ffff8881c790098b
[ 197.727089] R10: ffffed1038f20131 R11: 0000000000000001 R12: 0000000000000000
[ 197.734296] R13: ffff88810dffc0d0 R14: 0000000000000010 R15: 0000000000000000
[ 197.741493] FS: 0000000000000000(0000) GS:ffff889bbcf80000(0000) knlGS:0000000000000000
[ 197.749659] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 197.755459] CR2: 00007f16c1b42734 CR3: 0000000004814000 CR4: 0000000000350ee0
[ 197.762656] Call Trace:
[ 197.765127] <IRQ>
[ 197.767162] pm8001_ccb_task_free+0x5f1/0x820 [pm80xx]
[ 197.772364] ? do_raw_spin_unlock+0x54/0x220
[ 197.776680] pm8001_mpi_task_abort_resp+0x2ce/0x4f0 [pm80xx]
[ 197.782406] process_oq+0xe85/0x7890 [pm80xx]
[ 197.786817] ? lock_acquire+0x194/0x490
[ 197.790697] ? handle_irq_event+0x10e/0x1b0
[ 197.794920] ? mpi_sata_completion+0x2d70/0x2d70 [pm80xx]
[ 197.800378] ? __wake_up_bit+0x100/0x100
[ 197.804340] ? lock_is_held_type+0x98/0x110
[ 197.808565] pm80xx_chip_isr+0x94/0x130 [pm80xx]
[ 197.813243] tasklet_action_common.constprop.0+0x24b/0x2f0
[ 197.818785] __do_softirq+0x1b5/0x82d
[ 197.822485] ? do_raw_spin_unlock+0x54/0x220
[ 197.826799] __irq_exit_rcu+0x17e/0x1e0
[ 197.830678] irq_exit_rcu+0xa/0x20
[ 197.834114] common_interrupt+0x78/0x90
[ 197.840051] </IRQ>
[ 197.844236] <TASK>
[ 197.848397] asm_common_interrupt+0x1e/0x40
Avoid this issue by always initializing the ccb n_elem field to 0 in
pm8001_send_abort_all(), pm8001_send_read_log() and
pm80xx_send_abort_all().
Link: https://lore.kernel.org/r/20220220031810.738362-17-damien.lemoal@opensource.wdc.com
Fixes: c6b9ef5779c3 ("[SCSI] pm80xx: NCQ error handling changes")
Reviewed-by: Jack Wang <jinpu.wang@ionos.com>
Signed-off-by: Damien Le Moal <damien.lemoal@opensource.wdc.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/scsi/pm8001/pm8001_hwi.c | 2 ++
drivers/scsi/pm8001/pm80xx_hwi.c | 1 +
2 files changed, 3 insertions(+)
diff --git a/drivers/scsi/pm8001/pm8001_hwi.c b/drivers/scsi/pm8001/pm8001_hwi.c
index 6c54500237cd..5eabea5ca6a7 100644
--- a/drivers/scsi/pm8001/pm8001_hwi.c
+++ b/drivers/scsi/pm8001/pm8001_hwi.c
@@ -1748,6 +1748,7 @@ static void pm8001_send_abort_all(struct pm8001_hba_info *pm8001_ha,
ccb->device = pm8001_ha_dev;
ccb->ccb_tag = ccb_tag;
ccb->task = task;
+ ccb->n_elem = 0;
circularQ = &pm8001_ha->inbnd_q_tbl[0];
@@ -1810,6 +1811,7 @@ static void pm8001_send_read_log(struct pm8001_hba_info *pm8001_ha,
ccb->device = pm8001_ha_dev;
ccb->ccb_tag = ccb_tag;
ccb->task = task;
+ ccb->n_elem = 0;
pm8001_ha_dev->id |= NCQ_READ_LOG_FLAG;
pm8001_ha_dev->id |= NCQ_2ND_RLE_FLAG;
diff --git a/drivers/scsi/pm8001/pm80xx_hwi.c b/drivers/scsi/pm8001/pm80xx_hwi.c
index 2e743dc6b13a..d655f72db51d 100644
--- a/drivers/scsi/pm8001/pm80xx_hwi.c
+++ b/drivers/scsi/pm8001/pm80xx_hwi.c
@@ -1437,6 +1437,7 @@ static void pm80xx_send_abort_all(struct pm8001_hba_info *pm8001_ha,
ccb->device = pm8001_ha_dev;
ccb->ccb_tag = ccb_tag;
ccb->task = task;
+ ccb->n_elem = 0;
circularQ = &pm8001_ha->inbnd_q_tbl[0];
--
2.34.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 133/338] TOMOYO: fix __setup handlers return values
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (131 preceding siblings ...)
2022-04-14 13:10 ` [PATCH 4.19 132/338] scsi: pm8001: Fix abort all task initialization Greg Kroah-Hartman
@ 2022-04-14 13:10 ` Greg Kroah-Hartman
2022-04-14 13:10 ` [PATCH 4.19 134/338] ext2: correct max file size computing Greg Kroah-Hartman
` (210 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:10 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Randy Dunlap, Igor Zhbanov,
James Morris, Kentaro Takeda, tomoyo-dev-en, Serge E. Hallyn,
Tetsuo Handa, Sasha Levin
From: Randy Dunlap <rdunlap@infradead.org>
[ Upstream commit 39844b7e3084baecef52d1498b5fa81afa2cefa9 ]
__setup() handlers should return 1 if the parameter is handled.
Returning 0 causes the entire string to be added to init's
environment strings (limited to 32 strings), unnecessarily polluting it.
Using the documented strings "TOMOYO_loader=string1" and
"TOMOYO_trigger=string2" causes an Unknown parameter message:
Unknown kernel command line parameters
"BOOT_IMAGE=/boot/bzImage-517rc5 TOMOYO_loader=string1 \
TOMOYO_trigger=string2", will be passed to user space.
and these strings are added to init's environment string space:
Run /sbin/init as init process
with arguments:
/sbin/init
with environment:
HOME=/
TERM=linux
BOOT_IMAGE=/boot/bzImage-517rc5
TOMOYO_loader=string1
TOMOYO_trigger=string2
With this change, these __setup handlers act as expected,
and init's environment is not polluted with these strings.
Fixes: 0e4ae0e0dec63 ("TOMOYO: Make several options configurable.")
Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
Reported-by: Igor Zhbanov <i.zhbanov@omprussia.ru>
Link: https://lore.kernel.org/r/64644a2f-4a20-bab3-1e15-3b2cdd0defe3@omprussia.ru
Cc: James Morris <jmorris@namei.org>
Cc: Kentaro Takeda <takedakn@nttdata.co.jp>
Cc: tomoyo-dev-en@lists.osdn.me
Cc: "Serge E. Hallyn" <serge@hallyn.com>
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
security/tomoyo/load_policy.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/security/tomoyo/load_policy.c b/security/tomoyo/load_policy.c
index 81b951652051..f8baef1f3277 100644
--- a/security/tomoyo/load_policy.c
+++ b/security/tomoyo/load_policy.c
@@ -24,7 +24,7 @@ static const char *tomoyo_loader;
static int __init tomoyo_loader_setup(char *str)
{
tomoyo_loader = str;
- return 0;
+ return 1;
}
__setup("TOMOYO_loader=", tomoyo_loader_setup);
@@ -63,7 +63,7 @@ static const char *tomoyo_trigger;
static int __init tomoyo_trigger_setup(char *str)
{
tomoyo_trigger = str;
- return 0;
+ return 1;
}
__setup("TOMOYO_trigger=", tomoyo_trigger_setup);
--
2.34.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 134/338] ext2: correct max file size computing
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (132 preceding siblings ...)
2022-04-14 13:10 ` [PATCH 4.19 133/338] TOMOYO: fix __setup handlers return values Greg Kroah-Hartman
@ 2022-04-14 13:10 ` Greg Kroah-Hartman
2022-04-14 13:10 ` [PATCH 4.19 135/338] drm/tegra: Fix reference leak in tegra_dsi_ganged_probe Greg Kroah-Hartman
` (209 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:10 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Zhang Yi, Jan Kara, Sasha Levin
From: Zhang Yi <yi.zhang@huawei.com>
[ Upstream commit 50b3a818991074177a56c87124c7a7bdf5fa4f67 ]
We need to calculate the max file size accurately if the total blocks
that can address by block tree exceed the upper_limit. But this check is
not correct now, it only compute the total data blocks but missing
metadata blocks are needed. So in the case of "data blocks < upper_limit
&& total blocks > upper_limit", we will get wrong result. Fortunately,
this case could not happen in reality, but it's confused and better to
correct the computing.
bits data blocks metadatablocks upper_limit
10 16843020 66051 2147483647
11 134480396 263171 1073741823
12 1074791436 1050627 536870911 (*)
13 8594130956 4198403 268435455 (*)
14 68736258060 16785411 134217727 (*)
15 549822930956 67125251 67108863 (*)
16 4398314962956 268468227 33554431 (*)
[*] Need to calculate in depth.
Fixes: 1c2d14212b15 ("ext2: Fix underflow in ext2_max_size()")
Link: https://lore.kernel.org/r/20220212050532.179055-1-yi.zhang@huawei.com
Signed-off-by: Zhang Yi <yi.zhang@huawei.com>
Signed-off-by: Jan Kara <jack@suse.cz>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/ext2/super.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/fs/ext2/super.c b/fs/ext2/super.c
index 80a3038e0e46..ad9fd08f66ba 100644
--- a/fs/ext2/super.c
+++ b/fs/ext2/super.c
@@ -780,8 +780,12 @@ static loff_t ext2_max_size(int bits)
res += 1LL << (bits-2);
res += 1LL << (2*(bits-2));
res += 1LL << (3*(bits-2));
+ /* Compute how many metadata blocks are needed */
+ meta_blocks = 1;
+ meta_blocks += 1 + ppb;
+ meta_blocks += 1 + ppb + ppb * ppb;
/* Does block tree limit file size? */
- if (res < upper_limit)
+ if (res + meta_blocks <= upper_limit)
goto check_lfs;
res = upper_limit;
--
2.34.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 135/338] drm/tegra: Fix reference leak in tegra_dsi_ganged_probe
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (133 preceding siblings ...)
2022-04-14 13:10 ` [PATCH 4.19 134/338] ext2: correct max file size computing Greg Kroah-Hartman
@ 2022-04-14 13:10 ` Greg Kroah-Hartman
2022-04-14 13:10 ` [PATCH 4.19 136/338] power: supply: bq24190_charger: Fix bq24190_vbus_is_enabled() wrong false return Greg Kroah-Hartman
` (208 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:10 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Miaoqian Lin, Thierry Reding, Sasha Levin
From: Miaoqian Lin <linmq006@gmail.com>
[ Upstream commit 221e3638feb8bc42143833c9a704fa89b6c366bb ]
The reference taken by 'of_find_device_by_node()' must be released when
not needed anymore. Add put_device() call to fix this.
Fixes: e94236cde4d5 ("drm/tegra: dsi: Add ganged mode support")
Signed-off-by: Miaoqian Lin <linmq006@gmail.com>
Signed-off-by: Thierry Reding <treding@nvidia.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/tegra/dsi.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/tegra/dsi.c b/drivers/gpu/drm/tegra/dsi.c
index ee6ca8fa1c65..e2903bf7821b 100644
--- a/drivers/gpu/drm/tegra/dsi.c
+++ b/drivers/gpu/drm/tegra/dsi.c
@@ -1456,8 +1456,10 @@ static int tegra_dsi_ganged_probe(struct tegra_dsi *dsi)
dsi->slave = platform_get_drvdata(gangster);
of_node_put(np);
- if (!dsi->slave)
+ if (!dsi->slave) {
+ put_device(&gangster->dev);
return -EPROBE_DEFER;
+ }
dsi->slave->master = dsi;
}
--
2.34.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 136/338] power: supply: bq24190_charger: Fix bq24190_vbus_is_enabled() wrong false return
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (134 preceding siblings ...)
2022-04-14 13:10 ` [PATCH 4.19 135/338] drm/tegra: Fix reference leak in tegra_dsi_ganged_probe Greg Kroah-Hartman
@ 2022-04-14 13:10 ` Greg Kroah-Hartman
2022-04-14 13:10 ` [PATCH 4.19 137/338] drm/bridge: cdns-dsi: Make sure to to create proper aliases for dt Greg Kroah-Hartman
` (207 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:10 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Bastien Nocera, Hans de Goede,
Andy Shevchenko, Sebastian Reichel, Sasha Levin
From: Hans de Goede <hdegoede@redhat.com>
[ Upstream commit f7731754fdce33dad19be746f647d6ac47c5d695 ]
The datasheet says that the BQ24190_REG_POC_CHG_CONFIG bits can
have a value of either 10(0x2) or 11(0x3) for OTG (5V boost regulator)
mode.
Sofar bq24190_vbus_is_enabled() was only checking for 10 but some BIOS-es
uses 11 when enabling the regulator at boot.
Make bq24190_vbus_is_enabled() also check for 11 so that it does not
wrongly returns false when the bits are set to 11.
Fixes: 66b6bef2c4e0 ("power: supply: bq24190_charger: Export 5V boost converter as regulator")
Cc: Bastien Nocera <hadess@hadess.net>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Reviewed-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Signed-off-by: Sebastian Reichel <sebastian.reichel@collabora.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/power/supply/bq24190_charger.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/drivers/power/supply/bq24190_charger.c b/drivers/power/supply/bq24190_charger.c
index 863208928cf0..c830343be61e 100644
--- a/drivers/power/supply/bq24190_charger.c
+++ b/drivers/power/supply/bq24190_charger.c
@@ -43,6 +43,7 @@
#define BQ24190_REG_POC_CHG_CONFIG_DISABLE 0x0
#define BQ24190_REG_POC_CHG_CONFIG_CHARGE 0x1
#define BQ24190_REG_POC_CHG_CONFIG_OTG 0x2
+#define BQ24190_REG_POC_CHG_CONFIG_OTG_ALT 0x3
#define BQ24190_REG_POC_SYS_MIN_MASK (BIT(3) | BIT(2) | BIT(1))
#define BQ24190_REG_POC_SYS_MIN_SHIFT 1
#define BQ24190_REG_POC_SYS_MIN_MIN 3000
@@ -568,7 +569,11 @@ static int bq24190_vbus_is_enabled(struct regulator_dev *dev)
pm_runtime_mark_last_busy(bdi->dev);
pm_runtime_put_autosuspend(bdi->dev);
- return ret ? ret : val == BQ24190_REG_POC_CHG_CONFIG_OTG;
+ if (ret)
+ return ret;
+
+ return (val == BQ24190_REG_POC_CHG_CONFIG_OTG ||
+ val == BQ24190_REG_POC_CHG_CONFIG_OTG_ALT);
}
static const struct regulator_ops bq24190_vbus_ops = {
--
2.34.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 137/338] drm/bridge: cdns-dsi: Make sure to to create proper aliases for dt
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (135 preceding siblings ...)
2022-04-14 13:10 ` [PATCH 4.19 136/338] power: supply: bq24190_charger: Fix bq24190_vbus_is_enabled() wrong false return Greg Kroah-Hartman
@ 2022-04-14 13:10 ` Greg Kroah-Hartman
2022-04-14 13:10 ` [PATCH 4.19 138/338] powerpc/Makefile: Dont pass -mcpu=powerpc64 when building 32-bit Greg Kroah-Hartman
` (206 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:10 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Nishanth Menon, Tomi Valkeinen,
Laurent Pinchart, Sasha Levin
From: Nishanth Menon <nm@ti.com>
[ Upstream commit ffb5c099aaa13ab7f73c29ea6ae26bce8d7575ae ]
Add MODULE_DEVICE_TABLE to the device tree table to create required
aliases needed for module to be loaded with device tree based platform.
Fixes: e19233955d9e ("drm/bridge: Add Cadence DSI driver")
Signed-off-by: Nishanth Menon <nm@ti.com>
Reviewed-by: Tomi Valkeinen <tomi.valkeinen@ideasonboard.com>
Reviewed-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Signed-off-by: Tomi Valkeinen <tomi.valkeinen@ideasonboard.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20210921174059.17946-1-nm@ti.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/bridge/cdns-dsi.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/gpu/drm/bridge/cdns-dsi.c b/drivers/gpu/drm/bridge/cdns-dsi.c
index ce9496d13986..0573c5250a41 100644
--- a/drivers/gpu/drm/bridge/cdns-dsi.c
+++ b/drivers/gpu/drm/bridge/cdns-dsi.c
@@ -1604,6 +1604,7 @@ static const struct of_device_id cdns_dsi_of_match[] = {
{ .compatible = "cdns,dsi" },
{ },
};
+MODULE_DEVICE_TABLE(of, cdns_dsi_of_match);
static struct platform_driver cdns_dsi_platform_driver = {
.probe = cdns_dsi_drm_probe,
--
2.34.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 138/338] powerpc/Makefile: Dont pass -mcpu=powerpc64 when building 32-bit
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (136 preceding siblings ...)
2022-04-14 13:10 ` [PATCH 4.19 137/338] drm/bridge: cdns-dsi: Make sure to to create proper aliases for dt Greg Kroah-Hartman
@ 2022-04-14 13:10 ` Greg Kroah-Hartman
2022-04-14 13:10 ` [PATCH 4.19 139/338] KVM: x86: Fix emulation in writing cr8 Greg Kroah-Hartman
` (205 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:10 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Michael Ellerman, Sasha Levin
From: Michael Ellerman <mpe@ellerman.id.au>
[ Upstream commit 2863dd2db23e0407f6c50b8ba5c0e55abef894f1 ]
When CONFIG_GENERIC_CPU=y (true for all our defconfigs) we pass
-mcpu=powerpc64 to the compiler, even when we're building a 32-bit
kernel.
This happens because we have an ifdef CONFIG_PPC_BOOK3S_64/else block in
the Makefile that was written before 32-bit supported GENERIC_CPU. Prior
to that the else block only applied to 64-bit Book3E.
The GCC man page says -mcpu=powerpc64 "[specifies] a pure ... 64-bit big
endian PowerPC ... architecture machine [type], with an appropriate,
generic processor model assumed for scheduling purposes."
It's unclear how that interacts with -m32, which we are also passing,
although obviously -m32 is taking precedence in some sense, as the
32-bit kernel only contains 32-bit instructions.
This was noticed by inspection, not via any bug reports, but it does
affect code generation. Comparing before/after code generation, there
are some changes to instruction scheduling, and the after case (with
-mcpu=powerpc64 removed) the compiler seems more keen to use r8.
Fix it by making the else case only apply to Book3E 64, which excludes
32-bit.
Fixes: 0e00a8c9fd92 ("powerpc: Allow CPU selection also on PPC32")
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20220215112858.304779-1-mpe@ellerman.id.au
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/powerpc/Makefile | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/powerpc/Makefile b/arch/powerpc/Makefile
index f51e21ea5349..26654d0c2af7 100644
--- a/arch/powerpc/Makefile
+++ b/arch/powerpc/Makefile
@@ -167,7 +167,7 @@ else
CFLAGS-$(CONFIG_GENERIC_CPU) += $(call cc-option,-mtune=power7,$(call cc-option,-mtune=power5))
CFLAGS-$(CONFIG_GENERIC_CPU) += $(call cc-option,-mcpu=power5,-mcpu=power4)
endif
-else
+else ifdef CONFIG_PPC_BOOK3E_64
CFLAGS-$(CONFIG_GENERIC_CPU) += -mcpu=powerpc64
endif
--
2.34.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 139/338] KVM: x86: Fix emulation in writing cr8
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (137 preceding siblings ...)
2022-04-14 13:10 ` [PATCH 4.19 138/338] powerpc/Makefile: Dont pass -mcpu=powerpc64 when building 32-bit Greg Kroah-Hartman
@ 2022-04-14 13:10 ` Greg Kroah-Hartman
2022-04-14 13:10 ` [PATCH 4.19 140/338] KVM: x86/emulator: Defer not-present segment check in __load_segment_descriptor() Greg Kroah-Hartman
` (204 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:10 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Zhenzhong Duan, Sean Christopherson,
Paolo Bonzini, Sasha Levin
From: Zhenzhong Duan <zhenzhong.duan@intel.com>
[ Upstream commit f66af9f222f08d5b11ea41c1bd6c07a0f12daa07 ]
In emulation of writing to cr8, one of the lowest four bits in TPR[3:0]
is kept.
According to Intel SDM 10.8.6.1(baremetal scenario):
"APIC.TPR[bits 7:4] = CR8[bits 3:0], APIC.TPR[bits 3:0] = 0";
and SDM 28.3(use TPR shadow):
"MOV to CR8. The instruction stores bits 3:0 of its source operand into
bits 7:4 of VTPR; the remainder of VTPR (bits 3:0 and bits 31:8) are
cleared.";
and AMD's APM 16.6.4:
"Task Priority Sub-class (TPS)-Bits 3 : 0. The TPS field indicates the
current sub-priority to be used when arbitrating lowest-priority messages.
This field is written with zero when TPR is written using the architectural
CR8 register.";
so in KVM emulated scenario, clear TPR[3:0] to make a consistent behavior
as in other scenarios.
This doesn't impact evaluation and delivery of pending virtual interrupts
because processor does not use the processor-priority sub-class to
determine which interrupts to delivery and which to inhibit.
Sub-class is used by hardware to arbitrate lowest priority interrupts,
but KVM just does a round-robin style delivery.
Fixes: b93463aa59d6 ("KVM: Accelerated apic support")
Signed-off-by: Zhenzhong Duan <zhenzhong.duan@intel.com>
Reviewed-by: Sean Christopherson <seanjc@google.com>
Message-Id: <20220210094506.20181-1-zhenzhong.duan@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/x86/kvm/lapic.c | 5 +----
1 file changed, 1 insertion(+), 4 deletions(-)
diff --git a/arch/x86/kvm/lapic.c b/arch/x86/kvm/lapic.c
index 56a4b9762b0c..89d07312e58c 100644
--- a/arch/x86/kvm/lapic.c
+++ b/arch/x86/kvm/lapic.c
@@ -2045,10 +2045,7 @@ void kvm_set_lapic_tscdeadline_msr(struct kvm_vcpu *vcpu, u64 data)
void kvm_lapic_set_tpr(struct kvm_vcpu *vcpu, unsigned long cr8)
{
- struct kvm_lapic *apic = vcpu->arch.apic;
-
- apic_set_tpr(apic, ((cr8 & 0x0f) << 4)
- | (kvm_lapic_get_reg(apic, APIC_TASKPRI) & 4));
+ apic_set_tpr(vcpu->arch.apic, (cr8 & 0x0f) << 4);
}
u64 kvm_lapic_get_cr8(struct kvm_vcpu *vcpu)
--
2.34.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 140/338] KVM: x86/emulator: Defer not-present segment check in __load_segment_descriptor()
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (138 preceding siblings ...)
2022-04-14 13:10 ` [PATCH 4.19 139/338] KVM: x86: Fix emulation in writing cr8 Greg Kroah-Hartman
@ 2022-04-14 13:10 ` Greg Kroah-Hartman
2022-04-14 13:10 ` [PATCH 4.19 141/338] hv_balloon: rate-limit "Unhandled message" warning Greg Kroah-Hartman
` (203 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:10 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Sean Christopherson, Hou Wenlong,
Paolo Bonzini, Sasha Levin
From: Hou Wenlong <houwenlong.hwl@antgroup.com>
[ Upstream commit ca85f002258fdac3762c57d12d5e6e401b6a41af ]
Per Intel's SDM on the "Instruction Set Reference", when
loading segment descriptor, not-present segment check should
be after all type and privilege checks. But the emulator checks
it first, then #NP is triggered instead of #GP if privilege fails
and segment is not present. Put not-present segment check after
type and privilege checks in __load_segment_descriptor().
Fixes: 38ba30ba51a00 (KVM: x86 emulator: Emulate task switch in emulator.c)
Reviewed-by: Sean Christopherson <seanjc@google.com>
Signed-off-by: Hou Wenlong <houwenlong.hwl@antgroup.com>
Message-Id: <52573c01d369f506cadcf7233812427cf7db81a7.1644292363.git.houwenlong.hwl@antgroup.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/x86/kvm/emulate.c | 14 +++++++++-----
1 file changed, 9 insertions(+), 5 deletions(-)
diff --git a/arch/x86/kvm/emulate.c b/arch/x86/kvm/emulate.c
index 3e182c7ae771..63754d248dfb 100644
--- a/arch/x86/kvm/emulate.c
+++ b/arch/x86/kvm/emulate.c
@@ -1669,11 +1669,6 @@ static int __load_segment_descriptor(struct x86_emulate_ctxt *ctxt,
goto exception;
}
- if (!seg_desc.p) {
- err_vec = (seg == VCPU_SREG_SS) ? SS_VECTOR : NP_VECTOR;
- goto exception;
- }
-
dpl = seg_desc.dpl;
switch (seg) {
@@ -1713,6 +1708,10 @@ static int __load_segment_descriptor(struct x86_emulate_ctxt *ctxt,
case VCPU_SREG_TR:
if (seg_desc.s || (seg_desc.type != 1 && seg_desc.type != 9))
goto exception;
+ if (!seg_desc.p) {
+ err_vec = NP_VECTOR;
+ goto exception;
+ }
old_desc = seg_desc;
seg_desc.type |= 2; /* busy */
ret = ctxt->ops->cmpxchg_emulated(ctxt, desc_addr, &old_desc, &seg_desc,
@@ -1737,6 +1736,11 @@ static int __load_segment_descriptor(struct x86_emulate_ctxt *ctxt,
break;
}
+ if (!seg_desc.p) {
+ err_vec = (seg == VCPU_SREG_SS) ? SS_VECTOR : NP_VECTOR;
+ goto exception;
+ }
+
if (seg_desc.s) {
/* mark segment as accessed */
if (!(seg_desc.type & 1)) {
--
2.34.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 141/338] hv_balloon: rate-limit "Unhandled message" warning
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (139 preceding siblings ...)
2022-04-14 13:10 ` [PATCH 4.19 140/338] KVM: x86/emulator: Defer not-present segment check in __load_segment_descriptor() Greg Kroah-Hartman
@ 2022-04-14 13:10 ` Greg Kroah-Hartman
2022-04-14 13:10 ` [PATCH 4.19 142/338] i2c: xiic: Make bus names unique Greg Kroah-Hartman
` (202 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:10 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Anssi Hannula, Michael Kelley,
Wei Liu, Sasha Levin
From: Anssi Hannula <anssi.hannula@bitwise.fi>
[ Upstream commit 1d7286729aa616772be334eb908e11f527e1e291 ]
For a couple of times I have encountered a situation where
hv_balloon: Unhandled message: type: 12447
is being flooded over 1 million times per second with various values,
filling the log and consuming cycles, making debugging difficult.
Add rate limiting to the message.
Most other Hyper-V drivers already have similar rate limiting in their
message callbacks.
The cause of the floods in my case was probably fixed by 96d9d1fa5cd5
("Drivers: hv: balloon: account for vmbus packet header in
max_pkt_size").
Fixes: 9aa8b50b2b3d ("Drivers: hv: Add Hyper-V balloon driver")
Signed-off-by: Anssi Hannula <anssi.hannula@bitwise.fi>
Reviewed-by: Michael Kelley <mikelley@microsoft.com>
Link: https://lore.kernel.org/r/20220222141400.98160-1-anssi.hannula@bitwise.fi
Signed-off-by: Wei Liu <wei.liu@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/hv/hv_balloon.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/hv/hv_balloon.c b/drivers/hv/hv_balloon.c
index e5fc719a34e7..d442a8d2332e 100644
--- a/drivers/hv/hv_balloon.c
+++ b/drivers/hv/hv_balloon.c
@@ -1548,7 +1548,7 @@ static void balloon_onchannelcallback(void *context)
break;
default:
- pr_warn("Unhandled message: type: %d\n", dm_hdr->type);
+ pr_warn_ratelimited("Unhandled message: type: %d\n", dm_hdr->type);
}
}
--
2.34.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 142/338] i2c: xiic: Make bus names unique
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (140 preceding siblings ...)
2022-04-14 13:10 ` [PATCH 4.19 141/338] hv_balloon: rate-limit "Unhandled message" warning Greg Kroah-Hartman
@ 2022-04-14 13:10 ` Greg Kroah-Hartman
2022-04-14 13:10 ` [PATCH 4.19 143/338] power: supply: wm8350-power: Handle error for wm8350_register_irq Greg Kroah-Hartman
` (201 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:10 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Robert Hancock, Michal Simek,
Wolfram Sang, Sasha Levin
From: Robert Hancock <robert.hancock@calian.com>
[ Upstream commit 1d366c2f9df8279df2adbb60471f86fc40a1c39e ]
This driver is for an FPGA logic core, so there can be arbitrarily many
instances of the bus on a given system. Previously all of the I2C bus
names were "xiic-i2c" which caused issues with lm_sensors when trying to
map human-readable names to sensor inputs because it could not properly
distinguish the busses, for example. Append the platform device name to
the I2C bus name so it is unique between different instances.
Fixes: e1d5b6598cdc ("i2c: Add support for Xilinx XPS IIC Bus Interface")
Signed-off-by: Robert Hancock <robert.hancock@calian.com>
Tested-by: Michal Simek <michal.simek@xilinx.com>
Signed-off-by: Wolfram Sang <wsa@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/i2c/busses/i2c-xiic.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/i2c/busses/i2c-xiic.c b/drivers/i2c/busses/i2c-xiic.c
index 8d6b6eeef71c..52acb185a29c 100644
--- a/drivers/i2c/busses/i2c-xiic.c
+++ b/drivers/i2c/busses/i2c-xiic.c
@@ -724,7 +724,6 @@ static const struct i2c_adapter_quirks xiic_quirks = {
static const struct i2c_adapter xiic_adapter = {
.owner = THIS_MODULE,
- .name = DRIVER_NAME,
.class = I2C_CLASS_DEPRECATED,
.algo = &xiic_algorithm,
.quirks = &xiic_quirks,
@@ -761,6 +760,8 @@ static int xiic_i2c_probe(struct platform_device *pdev)
i2c_set_adapdata(&i2c->adap, i2c);
i2c->adap.dev.parent = &pdev->dev;
i2c->adap.dev.of_node = pdev->dev.of_node;
+ snprintf(i2c->adap.name, sizeof(i2c->adap.name),
+ DRIVER_NAME " %s", pdev->name);
mutex_init(&i2c->lock);
init_waitqueue_head(&i2c->wait);
--
2.34.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 143/338] power: supply: wm8350-power: Handle error for wm8350_register_irq
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (141 preceding siblings ...)
2022-04-14 13:10 ` [PATCH 4.19 142/338] i2c: xiic: Make bus names unique Greg Kroah-Hartman
@ 2022-04-14 13:10 ` Greg Kroah-Hartman
2022-04-14 13:10 ` [PATCH 4.19 144/338] power: supply: wm8350-power: Add missing free in free_charger_irq Greg Kroah-Hartman
` (200 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:10 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jiasheng Jiang, Charles Keepax,
Sebastian Reichel, Sasha Levin
From: Jiasheng Jiang <jiasheng@iscas.ac.cn>
[ Upstream commit b0b14b5ba11bec56fad344a4a0b2e16449cc8b94 ]
As the potential failure of the wm8350_register_irq(),
it should be better to check it and return error if fails.
Also, use 'free_' in order to avoid same code.
Fixes: 14431aa0c5a4 ("power_supply: Add support for WM8350 PMU")
Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>
Acked-by: Charles Keepax <ckeepax@opensource.cirrus.com>
Signed-off-by: Sebastian Reichel <sebastian.reichel@collabora.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/power/supply/wm8350_power.c | 96 ++++++++++++++++++++++++-----
1 file changed, 82 insertions(+), 14 deletions(-)
diff --git a/drivers/power/supply/wm8350_power.c b/drivers/power/supply/wm8350_power.c
index 15c0ca15e2aa..33683b8477d2 100644
--- a/drivers/power/supply/wm8350_power.c
+++ b/drivers/power/supply/wm8350_power.c
@@ -411,44 +411,112 @@ static const struct power_supply_desc wm8350_usb_desc = {
* Initialisation
*********************************************************************/
-static void wm8350_init_charger(struct wm8350 *wm8350)
+static int wm8350_init_charger(struct wm8350 *wm8350)
{
+ int ret;
+
/* register our interest in charger events */
- wm8350_register_irq(wm8350, WM8350_IRQ_CHG_BAT_HOT,
+ ret = wm8350_register_irq(wm8350, WM8350_IRQ_CHG_BAT_HOT,
wm8350_charger_handler, 0, "Battery hot", wm8350);
- wm8350_register_irq(wm8350, WM8350_IRQ_CHG_BAT_COLD,
+ if (ret)
+ goto err;
+
+ ret = wm8350_register_irq(wm8350, WM8350_IRQ_CHG_BAT_COLD,
wm8350_charger_handler, 0, "Battery cold", wm8350);
- wm8350_register_irq(wm8350, WM8350_IRQ_CHG_BAT_FAIL,
+ if (ret)
+ goto free_chg_bat_hot;
+
+ ret = wm8350_register_irq(wm8350, WM8350_IRQ_CHG_BAT_FAIL,
wm8350_charger_handler, 0, "Battery fail", wm8350);
- wm8350_register_irq(wm8350, WM8350_IRQ_CHG_TO,
+ if (ret)
+ goto free_chg_bat_cold;
+
+ ret = wm8350_register_irq(wm8350, WM8350_IRQ_CHG_TO,
wm8350_charger_handler, 0,
"Charger timeout", wm8350);
- wm8350_register_irq(wm8350, WM8350_IRQ_CHG_END,
+ if (ret)
+ goto free_chg_bat_fail;
+
+ ret = wm8350_register_irq(wm8350, WM8350_IRQ_CHG_END,
wm8350_charger_handler, 0,
"Charge end", wm8350);
- wm8350_register_irq(wm8350, WM8350_IRQ_CHG_START,
+ if (ret)
+ goto free_chg_to;
+
+ ret = wm8350_register_irq(wm8350, WM8350_IRQ_CHG_START,
wm8350_charger_handler, 0,
"Charge start", wm8350);
- wm8350_register_irq(wm8350, WM8350_IRQ_CHG_FAST_RDY,
+ if (ret)
+ goto free_chg_end;
+
+ ret = wm8350_register_irq(wm8350, WM8350_IRQ_CHG_FAST_RDY,
wm8350_charger_handler, 0,
"Fast charge ready", wm8350);
- wm8350_register_irq(wm8350, WM8350_IRQ_CHG_VBATT_LT_3P9,
+ if (ret)
+ goto free_chg_start;
+
+ ret = wm8350_register_irq(wm8350, WM8350_IRQ_CHG_VBATT_LT_3P9,
wm8350_charger_handler, 0,
"Battery <3.9V", wm8350);
- wm8350_register_irq(wm8350, WM8350_IRQ_CHG_VBATT_LT_3P1,
+ if (ret)
+ goto free_chg_fast_rdy;
+
+ ret = wm8350_register_irq(wm8350, WM8350_IRQ_CHG_VBATT_LT_3P1,
wm8350_charger_handler, 0,
"Battery <3.1V", wm8350);
- wm8350_register_irq(wm8350, WM8350_IRQ_CHG_VBATT_LT_2P85,
+ if (ret)
+ goto free_chg_vbatt_lt_3p9;
+
+ ret = wm8350_register_irq(wm8350, WM8350_IRQ_CHG_VBATT_LT_2P85,
wm8350_charger_handler, 0,
"Battery <2.85V", wm8350);
+ if (ret)
+ goto free_chg_vbatt_lt_3p1;
/* and supply change events */
- wm8350_register_irq(wm8350, WM8350_IRQ_EXT_USB_FB,
+ ret = wm8350_register_irq(wm8350, WM8350_IRQ_EXT_USB_FB,
wm8350_charger_handler, 0, "USB", wm8350);
- wm8350_register_irq(wm8350, WM8350_IRQ_EXT_WALL_FB,
+ if (ret)
+ goto free_chg_vbatt_lt_2p85;
+
+ ret = wm8350_register_irq(wm8350, WM8350_IRQ_EXT_WALL_FB,
wm8350_charger_handler, 0, "Wall", wm8350);
- wm8350_register_irq(wm8350, WM8350_IRQ_EXT_BAT_FB,
+ if (ret)
+ goto free_ext_usb_fb;
+
+ ret = wm8350_register_irq(wm8350, WM8350_IRQ_EXT_BAT_FB,
wm8350_charger_handler, 0, "Battery", wm8350);
+ if (ret)
+ goto free_ext_wall_fb;
+
+ return 0;
+
+free_ext_wall_fb:
+ wm8350_free_irq(wm8350, WM8350_IRQ_EXT_WALL_FB, wm8350);
+free_ext_usb_fb:
+ wm8350_free_irq(wm8350, WM8350_IRQ_EXT_USB_FB, wm8350);
+free_chg_vbatt_lt_2p85:
+ wm8350_free_irq(wm8350, WM8350_IRQ_CHG_VBATT_LT_2P85, wm8350);
+free_chg_vbatt_lt_3p1:
+ wm8350_free_irq(wm8350, WM8350_IRQ_CHG_VBATT_LT_3P1, wm8350);
+free_chg_vbatt_lt_3p9:
+ wm8350_free_irq(wm8350, WM8350_IRQ_CHG_VBATT_LT_3P9, wm8350);
+free_chg_fast_rdy:
+ wm8350_free_irq(wm8350, WM8350_IRQ_CHG_FAST_RDY, wm8350);
+free_chg_start:
+ wm8350_free_irq(wm8350, WM8350_IRQ_CHG_START, wm8350);
+free_chg_end:
+ wm8350_free_irq(wm8350, WM8350_IRQ_CHG_END, wm8350);
+free_chg_to:
+ wm8350_free_irq(wm8350, WM8350_IRQ_CHG_TO, wm8350);
+free_chg_bat_fail:
+ wm8350_free_irq(wm8350, WM8350_IRQ_CHG_BAT_FAIL, wm8350);
+free_chg_bat_cold:
+ wm8350_free_irq(wm8350, WM8350_IRQ_CHG_BAT_COLD, wm8350);
+free_chg_bat_hot:
+ wm8350_free_irq(wm8350, WM8350_IRQ_CHG_BAT_HOT, wm8350);
+err:
+ return ret;
}
static void free_charger_irq(struct wm8350 *wm8350)
--
2.34.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 144/338] power: supply: wm8350-power: Add missing free in free_charger_irq
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (142 preceding siblings ...)
2022-04-14 13:10 ` [PATCH 4.19 143/338] power: supply: wm8350-power: Handle error for wm8350_register_irq Greg Kroah-Hartman
@ 2022-04-14 13:10 ` Greg Kroah-Hartman
2022-04-14 13:10 ` [PATCH 4.19 145/338] PCI: Reduce warnings on possible RW1C corruption Greg Kroah-Hartman
` (199 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:10 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jiasheng Jiang, Charles Keepax,
Sebastian Reichel, Sasha Levin
From: Jiasheng Jiang <jiasheng@iscas.ac.cn>
[ Upstream commit 6dee930f6f6776d1e5a7edf542c6863b47d9f078 ]
In free_charger_irq(), there is no free for 'WM8350_IRQ_CHG_FAST_RDY'.
Therefore, it should be better to add it in order to avoid the memory leak.
Fixes: 14431aa0c5a4 ("power_supply: Add support for WM8350 PMU")
Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>
Acked-by: Charles Keepax <ckeepax@opensource.cirrus.com>
Signed-off-by: Sebastian Reichel <sebastian.reichel@collabora.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/power/supply/wm8350_power.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/power/supply/wm8350_power.c b/drivers/power/supply/wm8350_power.c
index 33683b8477d2..4fa42d4a8a40 100644
--- a/drivers/power/supply/wm8350_power.c
+++ b/drivers/power/supply/wm8350_power.c
@@ -527,6 +527,7 @@ static void free_charger_irq(struct wm8350 *wm8350)
wm8350_free_irq(wm8350, WM8350_IRQ_CHG_TO, wm8350);
wm8350_free_irq(wm8350, WM8350_IRQ_CHG_END, wm8350);
wm8350_free_irq(wm8350, WM8350_IRQ_CHG_START, wm8350);
+ wm8350_free_irq(wm8350, WM8350_IRQ_CHG_FAST_RDY, wm8350);
wm8350_free_irq(wm8350, WM8350_IRQ_CHG_VBATT_LT_3P9, wm8350);
wm8350_free_irq(wm8350, WM8350_IRQ_CHG_VBATT_LT_3P1, wm8350);
wm8350_free_irq(wm8350, WM8350_IRQ_CHG_VBATT_LT_2P85, wm8350);
--
2.34.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 145/338] PCI: Reduce warnings on possible RW1C corruption
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (143 preceding siblings ...)
2022-04-14 13:10 ` [PATCH 4.19 144/338] power: supply: wm8350-power: Add missing free in free_charger_irq Greg Kroah-Hartman
@ 2022-04-14 13:10 ` Greg Kroah-Hartman
2022-04-14 13:10 ` [PATCH 4.19 146/338] powerpc/sysdev: fix incorrect use to determine if list is empty Greg Kroah-Hartman
` (198 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:10 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Bjorn Helgaas, Mark Tomlinson,
Bjorn Helgaas, Florian Fainelli, Rob Herring, Scott Branden,
Sasha Levin
From: Mark Tomlinson <mark.tomlinson@alliedtelesis.co.nz>
[ Upstream commit 92c45b63ce22c8898aa41806e8d6692bcd577510 ]
For hardware that only supports 32-bit writes to PCI there is the
possibility of clearing RW1C (write-one-to-clear) bits. A rate-limited
messages was introduced by fb2659230120, but rate-limiting is not the best
choice here. Some devices may not show the warnings they should if another
device has just produced a bunch of warnings. Also, the number of messages
can be a nuisance on devices which are otherwise working fine.
Change the ratelimit to a single warning per bus. This ensures no bus is
'starved' of emitting a warning and also that there isn't a continuous
stream of warnings. It would be preferable to have a warning per device,
but the pci_dev structure is not available here, and a lookup from devfn
would be far too slow.
Suggested-by: Bjorn Helgaas <helgaas@kernel.org>
Fixes: fb2659230120 ("PCI: Warn on possible RW1C corruption for sub-32 bit config writes")
Link: https://lore.kernel.org/r/20200806041455.11070-1-mark.tomlinson@alliedtelesis.co.nz
Signed-off-by: Mark Tomlinson <mark.tomlinson@alliedtelesis.co.nz>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Reviewed-by: Florian Fainelli <f.fainelli@gmail.com>
Reviewed-by: Rob Herring <robh@kernel.org>
Acked-by: Scott Branden <scott.branden@broadcom.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/pci/access.c | 9 ++++++---
include/linux/pci.h | 1 +
2 files changed, 7 insertions(+), 3 deletions(-)
diff --git a/drivers/pci/access.c b/drivers/pci/access.c
index 3c8ffd62dc00..98ee5f05fc0f 100644
--- a/drivers/pci/access.c
+++ b/drivers/pci/access.c
@@ -160,9 +160,12 @@ int pci_generic_config_write32(struct pci_bus *bus, unsigned int devfn,
* write happen to have any RW1C (write-one-to-clear) bits set, we
* just inadvertently cleared something we shouldn't have.
*/
- dev_warn_ratelimited(&bus->dev, "%d-byte config write to %04x:%02x:%02x.%d offset %#x may corrupt adjacent RW1C bits\n",
- size, pci_domain_nr(bus), bus->number,
- PCI_SLOT(devfn), PCI_FUNC(devfn), where);
+ if (!bus->unsafe_warn) {
+ dev_warn(&bus->dev, "%d-byte config write to %04x:%02x:%02x.%d offset %#x may corrupt adjacent RW1C bits\n",
+ size, pci_domain_nr(bus), bus->number,
+ PCI_SLOT(devfn), PCI_FUNC(devfn), where);
+ bus->unsafe_warn = 1;
+ }
mask = ~(((1 << (size * 8)) - 1) << ((where & 0x3) * 8));
tmp = readl(addr) & mask;
diff --git a/include/linux/pci.h b/include/linux/pci.h
index a4bbce871e08..3e06e9790c25 100644
--- a/include/linux/pci.h
+++ b/include/linux/pci.h
@@ -581,6 +581,7 @@ struct pci_bus {
struct bin_attribute *legacy_io; /* Legacy I/O for this bus */
struct bin_attribute *legacy_mem; /* Legacy mem */
unsigned int is_added:1;
+ unsigned int unsafe_warn:1; /* warned about RW1C config write */
};
#define to_pci_bus(n) container_of(n, struct pci_bus, dev)
--
2.34.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 146/338] powerpc/sysdev: fix incorrect use to determine if list is empty
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (144 preceding siblings ...)
2022-04-14 13:10 ` [PATCH 4.19 145/338] PCI: Reduce warnings on possible RW1C corruption Greg Kroah-Hartman
@ 2022-04-14 13:10 ` Greg Kroah-Hartman
2022-04-14 13:10 ` [PATCH 4.19 147/338] mfd: mc13xxx: Add check for mc13xxx_irq_request Greg Kroah-Hartman
` (197 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:10 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jakob Koschel, Michael Ellerman, Sasha Levin
From: Jakob Koschel <jakobkoschel@gmail.com>
[ Upstream commit fa1321b11bd01752f5be2415e74a0e1a7c378262 ]
'gtm' will *always* be set by list_for_each_entry().
It is incorrect to assume that the iterator value will be NULL if the
list is empty.
Instead of checking the pointer it should be checked if
the list is empty.
Fixes: 83ff9dcf375c ("powerpc/sysdev: implement FSL GTM support")
Signed-off-by: Jakob Koschel <jakobkoschel@gmail.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20220228142434.576226-1-jakobkoschel@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/powerpc/sysdev/fsl_gtm.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/arch/powerpc/sysdev/fsl_gtm.c b/arch/powerpc/sysdev/fsl_gtm.c
index d902306f4718..42fe959f6fc2 100644
--- a/arch/powerpc/sysdev/fsl_gtm.c
+++ b/arch/powerpc/sysdev/fsl_gtm.c
@@ -90,7 +90,7 @@ static LIST_HEAD(gtms);
*/
struct gtm_timer *gtm_get_timer16(void)
{
- struct gtm *gtm = NULL;
+ struct gtm *gtm;
int i;
list_for_each_entry(gtm, >ms, list_node) {
@@ -107,7 +107,7 @@ struct gtm_timer *gtm_get_timer16(void)
spin_unlock_irq(>m->lock);
}
- if (gtm)
+ if (!list_empty(>ms))
return ERR_PTR(-EBUSY);
return ERR_PTR(-ENODEV);
}
--
2.34.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 147/338] mfd: mc13xxx: Add check for mc13xxx_irq_request
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (145 preceding siblings ...)
2022-04-14 13:10 ` [PATCH 4.19 146/338] powerpc/sysdev: fix incorrect use to determine if list is empty Greg Kroah-Hartman
@ 2022-04-14 13:10 ` Greg Kroah-Hartman
2022-04-14 13:10 ` [PATCH 4.19 148/338] vxcan: enable local echo for sent CAN frames Greg Kroah-Hartman
` (196 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:10 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jiasheng Jiang, Lee Jones, Sasha Levin
From: Jiasheng Jiang <jiasheng@iscas.ac.cn>
[ Upstream commit e477e51a41cb5d6034f3c5ea85a71ad4613996b9 ]
As the potential failure of the devm_request_threaded_irq(),
it should be better to check the return value of the
mc13xxx_irq_request() and return error if fails.
Fixes: 8e00593557c3 ("mfd: Add mc13892 support to mc13xxx")
Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>
Signed-off-by: Lee Jones <lee.jones@linaro.org>
Link: https://lore.kernel.org/r/20220224022331.3208275-1-jiasheng@iscas.ac.cn
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/mfd/mc13xxx-core.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/mfd/mc13xxx-core.c b/drivers/mfd/mc13xxx-core.c
index d0bf50e3568d..dcbb969af5f4 100644
--- a/drivers/mfd/mc13xxx-core.c
+++ b/drivers/mfd/mc13xxx-core.c
@@ -326,8 +326,10 @@ int mc13xxx_adc_do_conversion(struct mc13xxx *mc13xxx, unsigned int mode,
adc1 |= MC13783_ADC1_ATOX;
dev_dbg(mc13xxx->dev, "%s: request irq\n", __func__);
- mc13xxx_irq_request(mc13xxx, MC13XXX_IRQ_ADCDONE,
+ ret = mc13xxx_irq_request(mc13xxx, MC13XXX_IRQ_ADCDONE,
mc13xxx_handler_adcdone, __func__, &adcdone_data);
+ if (ret)
+ goto out;
mc13xxx_reg_write(mc13xxx, MC13XXX_ADC0, adc0);
mc13xxx_reg_write(mc13xxx, MC13XXX_ADC1, adc1);
--
2.34.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 148/338] vxcan: enable local echo for sent CAN frames
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (146 preceding siblings ...)
2022-04-14 13:10 ` [PATCH 4.19 147/338] mfd: mc13xxx: Add check for mc13xxx_irq_request Greg Kroah-Hartman
@ 2022-04-14 13:10 ` Greg Kroah-Hartman
2022-04-14 13:10 ` [PATCH 4.19 149/338] MIPS: RB532: fix return value of __setup handler Greg Kroah-Hartman
` (195 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:10 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Oliver Hartkopp, Marc Kleine-Budde,
Sasha Levin
From: Oliver Hartkopp <socketcan@hartkopp.net>
[ Upstream commit 259bdba27e32368b4404f69d613b1c1014c07cbf ]
The vxcan driver provides a pair of virtual CAN interfaces to exchange
CAN traffic between different namespaces - analogue to veth.
In opposite to the vcan driver the local sent CAN traffic on this interface
is not echo'ed back but only sent to the remote peer. This is unusual and
can be easily fixed by removing IFF_ECHO from the netdevice flags that
are set for vxcan interfaces by default at startup.
Without IFF_ECHO set on driver level, the local sent CAN frames are echo'ed
in af_can.c in can_send(). This patch makes vxcan interfaces adopt the
same local echo behavior and procedures as known from the vcan interfaces.
Fixes: a8f820a380a2 ("can: add Virtual CAN Tunnel driver (vxcan)")
Link: https://lore.kernel.org/all/20220309120416.83514-5-socketcan@hartkopp.net
Signed-off-by: Oliver Hartkopp <socketcan@hartkopp.net>
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/can/vxcan.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/can/vxcan.c b/drivers/net/can/vxcan.c
index ccd758ba3fb0..8197f04aa8b6 100644
--- a/drivers/net/can/vxcan.c
+++ b/drivers/net/can/vxcan.c
@@ -156,7 +156,7 @@ static void vxcan_setup(struct net_device *dev)
dev->hard_header_len = 0;
dev->addr_len = 0;
dev->tx_queue_len = 0;
- dev->flags = (IFF_NOARP|IFF_ECHO);
+ dev->flags = IFF_NOARP;
dev->netdev_ops = &vxcan_netdev_ops;
dev->needs_free_netdev = true;
}
--
2.34.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 149/338] MIPS: RB532: fix return value of __setup handler
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (147 preceding siblings ...)
2022-04-14 13:10 ` [PATCH 4.19 148/338] vxcan: enable local echo for sent CAN frames Greg Kroah-Hartman
@ 2022-04-14 13:10 ` Greg Kroah-Hartman
2022-04-14 13:10 ` [PATCH 4.19 150/338] mtd: rawnand: atmel: fix refcount issue in atmel_nand_controller_init Greg Kroah-Hartman
` (194 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:10 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Randy Dunlap, Thomas Bogendoerfer,
linux-mips, David S. Miller, Jakub Kicinski, Phil Sutter,
Florian Fainelli, Ralf Baechle, Daniel Walter, Sasha Levin
From: Randy Dunlap <rdunlap@infradead.org>
[ Upstream commit 8755d57ba1ff910666572fab9e32890e8cc6ed3b ]
__setup() handlers should return 1 to obsolete_checksetup() in
init/main.c to indicate that the boot option has been handled.
A return of 0 causes the boot option/value to be listed as an Unknown
kernel parameter and added to init's (limited) argument or environment
strings. Also, error return codes don't mean anything to
obsolete_checksetup() -- only non-zero (usually 1) or zero.
So return 1 from setup_kmac().
Fixes: 9e21c7e40b7e ("MIPS: RB532: Replace parse_mac_addr() with mac_pton().")
Fixes: 73b4390fb234 ("[MIPS] Routerboard 532: Support for base system")
Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
From: Igor Zhbanov <i.zhbanov@omprussia.ru>
Link: lore.kernel.org/r/64644a2f-4a20-bab3-1e15-3b2cdd0defe3@omprussia.ru
Cc: Thomas Bogendoerfer <tsbogend@alpha.franken.de>
Cc: linux-mips@vger.kernel.org
Cc: "David S. Miller" <davem@davemloft.net>
Cc: Jakub Kicinski <kuba@kernel.org>
Cc: Phil Sutter <n0-1@freewrt.org>
Cc: Florian Fainelli <f.fainelli@gmail.com>
Cc: Ralf Baechle <ralf@linux-mips.org>
Cc: Daniel Walter <dwalter@google.com>
Signed-off-by: Thomas Bogendoerfer <tsbogend@alpha.franken.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/mips/rb532/devices.c | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/arch/mips/rb532/devices.c b/arch/mips/rb532/devices.c
index 354d258396ff..6624fe15839a 100644
--- a/arch/mips/rb532/devices.c
+++ b/arch/mips/rb532/devices.c
@@ -315,11 +315,9 @@ static int __init plat_setup_devices(void)
static int __init setup_kmac(char *s)
{
printk(KERN_INFO "korina mac = %s\n", s);
- if (!mac_pton(s, korina_dev0_data.mac)) {
+ if (!mac_pton(s, korina_dev0_data.mac))
printk(KERN_ERR "Invalid mac\n");
- return -EINVAL;
- }
- return 0;
+ return 1;
}
__setup("kmac=", setup_kmac);
--
2.34.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 150/338] mtd: rawnand: atmel: fix refcount issue in atmel_nand_controller_init
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (148 preceding siblings ...)
2022-04-14 13:10 ` [PATCH 4.19 149/338] MIPS: RB532: fix return value of __setup handler Greg Kroah-Hartman
@ 2022-04-14 13:10 ` Greg Kroah-Hartman
2022-04-14 13:10 ` [PATCH 4.19 151/338] USB: storage: ums-realtek: fix error code in rts51x_read_mem() Greg Kroah-Hartman
` (193 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:10 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Xiyu Yang, Xin Tan, Xin Xiong,
Claudiu Beznea, Miquel Raynal, Sasha Levin
From: Xin Xiong <xiongx18@fudan.edu.cn>
[ Upstream commit fecbd4a317c95d73c849648c406bcf1b6a0ec1cf ]
The reference counting issue happens in several error handling paths
on a refcounted object "nc->dmac". In these paths, the function simply
returns the error code, forgetting to balance the reference count of
"nc->dmac", increased earlier by dma_request_channel(), which may
cause refcount leaks.
Fix it by decrementing the refcount of specific object in those error
paths.
Fixes: f88fc122cc34 ("mtd: nand: Cleanup/rework the atmel_nand driver")
Co-developed-by: Xiyu Yang <xiyuyang19@fudan.edu.cn>
Signed-off-by: Xiyu Yang <xiyuyang19@fudan.edu.cn>
Co-developed-by: Xin Tan <tanxin.ctf@gmail.com>
Signed-off-by: Xin Tan <tanxin.ctf@gmail.com>
Signed-off-by: Xin Xiong <xiongx18@fudan.edu.cn>
Reviewed-by: Claudiu Beznea <claudiu.beznea@microchip.com>
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
Link: https://lore.kernel.org/linux-mtd/20220304085330.3610-1-xiongx18@fudan.edu.cn
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/mtd/nand/raw/atmel/nand-controller.c | 14 +++++++++++---
1 file changed, 11 insertions(+), 3 deletions(-)
diff --git a/drivers/mtd/nand/raw/atmel/nand-controller.c b/drivers/mtd/nand/raw/atmel/nand-controller.c
index 788762930487..b2ffd22fec31 100644
--- a/drivers/mtd/nand/raw/atmel/nand-controller.c
+++ b/drivers/mtd/nand/raw/atmel/nand-controller.c
@@ -1984,13 +1984,15 @@ static int atmel_nand_controller_init(struct atmel_nand_controller *nc,
nc->mck = of_clk_get(dev->parent->of_node, 0);
if (IS_ERR(nc->mck)) {
dev_err(dev, "Failed to retrieve MCK clk\n");
- return PTR_ERR(nc->mck);
+ ret = PTR_ERR(nc->mck);
+ goto out_release_dma;
}
np = of_parse_phandle(dev->parent->of_node, "atmel,smc", 0);
if (!np) {
dev_err(dev, "Missing or invalid atmel,smc property\n");
- return -EINVAL;
+ ret = -EINVAL;
+ goto out_release_dma;
}
nc->smc = syscon_node_to_regmap(np);
@@ -1998,10 +2000,16 @@ static int atmel_nand_controller_init(struct atmel_nand_controller *nc,
if (IS_ERR(nc->smc)) {
ret = PTR_ERR(nc->smc);
dev_err(dev, "Could not get SMC regmap (err = %d)\n", ret);
- return ret;
+ goto out_release_dma;
}
return 0;
+
+out_release_dma:
+ if (nc->dmac)
+ dma_release_channel(nc->dmac);
+
+ return ret;
}
static int
--
2.34.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 151/338] USB: storage: ums-realtek: fix error code in rts51x_read_mem()
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (149 preceding siblings ...)
2022-04-14 13:10 ` [PATCH 4.19 150/338] mtd: rawnand: atmel: fix refcount issue in atmel_nand_controller_init Greg Kroah-Hartman
@ 2022-04-14 13:10 ` Greg Kroah-Hartman
2022-04-14 13:10 ` [PATCH 4.19 152/338] af_netlink: Fix shift out of bounds in group mask calculation Greg Kroah-Hartman
` (192 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:10 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Alan Stern, Dan Carpenter, Sasha Levin
From: Dan Carpenter <dan.carpenter@oracle.com>
[ Upstream commit b07cabb8361dc692522538205552b1b9dab134be ]
The rts51x_read_mem() function should return negative error codes.
Currently if the kmalloc() fails it returns USB_STOR_TRANSPORT_ERROR (3)
which is treated as success by the callers.
Fixes: 065e60964e29 ("ums_realtek: do not use stack memory for DMA")
Acked-by: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Link: https://lore.kernel.org/r/20220304073504.GA26464@kili
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/usb/storage/realtek_cr.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/usb/storage/realtek_cr.c b/drivers/usb/storage/realtek_cr.c
index 1d9ce9cbc831..9c2a1eda3f4f 100644
--- a/drivers/usb/storage/realtek_cr.c
+++ b/drivers/usb/storage/realtek_cr.c
@@ -364,7 +364,7 @@ static int rts51x_read_mem(struct us_data *us, u16 addr, u8 *data, u16 len)
buf = kmalloc(len, GFP_NOIO);
if (buf == NULL)
- return USB_STOR_TRANSPORT_ERROR;
+ return -ENOMEM;
usb_stor_dbg(us, "addr = 0x%x, len = %d\n", addr, len);
--
2.34.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 152/338] af_netlink: Fix shift out of bounds in group mask calculation
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (150 preceding siblings ...)
2022-04-14 13:10 ` [PATCH 4.19 151/338] USB: storage: ums-realtek: fix error code in rts51x_read_mem() Greg Kroah-Hartman
@ 2022-04-14 13:10 ` Greg Kroah-Hartman
2022-04-14 13:10 ` [PATCH 4.19 153/338] i2c: mux: demux-pinctrl: do not deactivate a master that is not active Greg Kroah-Hartman
` (191 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:10 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Petr Machata, Ido Schimmel,
Jakub Kicinski, Sasha Levin
From: Petr Machata <petrm@nvidia.com>
[ Upstream commit 0caf6d9922192dd1afa8dc2131abfb4df1443b9f ]
When a netlink message is received, netlink_recvmsg() fills in the address
of the sender. One of the fields is the 32-bit bitfield nl_groups, which
carries the multicast group on which the message was received. The least
significant bit corresponds to group 1, and therefore the highest group
that the field can represent is 32. Above that, the UB sanitizer flags the
out-of-bounds shift attempts.
Which bits end up being set in such case is implementation defined, but
it's either going to be a wrong non-zero value, or zero, which is at least
not misleading. Make the latter choice deterministic by always setting to 0
for higher-numbered multicast groups.
To get information about membership in groups >= 32, userspace is expected
to use nl_pktinfo control messages[0], which are enabled by NETLINK_PKTINFO
socket option.
[0] https://lwn.net/Articles/147608/
The way to trigger this issue is e.g. through monitoring the BRVLAN group:
# bridge monitor vlan &
# ip link add name br type bridge
Which produces the following citation:
UBSAN: shift-out-of-bounds in net/netlink/af_netlink.c:162:19
shift exponent 32 is too large for 32-bit type 'int'
Fixes: f7fa9b10edbb ("[NETLINK]: Support dynamic number of multicast groups per netlink family")
Signed-off-by: Petr Machata <petrm@nvidia.com>
Reviewed-by: Ido Schimmel <idosch@nvidia.com>
Link: https://lore.kernel.org/r/2bef6aabf201d1fc16cca139a744700cff9dcb04.1647527635.git.petrm@nvidia.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/netlink/af_netlink.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c
index a7497361e4d7..5c6241964637 100644
--- a/net/netlink/af_netlink.c
+++ b/net/netlink/af_netlink.c
@@ -152,6 +152,8 @@ static const struct rhashtable_params netlink_rhashtable_params;
static inline u32 netlink_group_mask(u32 group)
{
+ if (group > 32)
+ return 0;
return group ? 1 << (group - 1) : 0;
}
--
2.34.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 153/338] i2c: mux: demux-pinctrl: do not deactivate a master that is not active
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (151 preceding siblings ...)
2022-04-14 13:10 ` [PATCH 4.19 152/338] af_netlink: Fix shift out of bounds in group mask calculation Greg Kroah-Hartman
@ 2022-04-14 13:10 ` Greg Kroah-Hartman
2022-04-14 13:10 ` [PATCH 4.19 154/338] selftests/bpf/test_lirc_mode2.sh: Exit with proper code Greg Kroah-Hartman
` (190 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:10 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Peter Rosin, Wolfram Sang, Sasha Levin
From: Peter Rosin <peda@axentia.se>
[ Upstream commit 1a22aabf20adf89cb216f566913196128766f25b ]
Attempting to rollback the activation of the current master when
the current master has not been activated is bad. priv->cur_chan
and priv->cur_adap are both still zeroed out and the rollback
may result in attempts to revert an of changeset that has not been
applied and do result in calls to both del and put the zeroed out
i2c_adapter. Maybe it crashes, or whatever, but it's bad in any
case.
Fixes: e9d1a0a41d44 ("i2c: mux: demux-pinctrl: Fix an error handling path in 'i2c_demux_pinctrl_probe()'")
Signed-off-by: Peter Rosin <peda@axentia.se>
Signed-off-by: Wolfram Sang <wsa@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/i2c/muxes/i2c-demux-pinctrl.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/drivers/i2c/muxes/i2c-demux-pinctrl.c b/drivers/i2c/muxes/i2c-demux-pinctrl.c
index 9ba9ce5696e1..1b99d0b928a0 100644
--- a/drivers/i2c/muxes/i2c-demux-pinctrl.c
+++ b/drivers/i2c/muxes/i2c-demux-pinctrl.c
@@ -262,7 +262,7 @@ static int i2c_demux_pinctrl_probe(struct platform_device *pdev)
err = device_create_file(&pdev->dev, &dev_attr_available_masters);
if (err)
- goto err_rollback;
+ goto err_rollback_activation;
err = device_create_file(&pdev->dev, &dev_attr_current_master);
if (err)
@@ -272,8 +272,9 @@ static int i2c_demux_pinctrl_probe(struct platform_device *pdev)
err_rollback_available:
device_remove_file(&pdev->dev, &dev_attr_available_masters);
-err_rollback:
+err_rollback_activation:
i2c_demux_deactivate_master(priv);
+err_rollback:
for (j = 0; j < i; j++) {
of_node_put(priv->chan[j].parent_np);
of_changeset_destroy(&priv->chan[j].chgset);
--
2.34.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 154/338] selftests/bpf/test_lirc_mode2.sh: Exit with proper code
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (152 preceding siblings ...)
2022-04-14 13:10 ` [PATCH 4.19 153/338] i2c: mux: demux-pinctrl: do not deactivate a master that is not active Greg Kroah-Hartman
@ 2022-04-14 13:10 ` Greg Kroah-Hartman
2022-04-14 13:10 ` [PATCH 4.19 155/338] net: bcmgenet: Use stronger register read/writes to assure ordering Greg Kroah-Hartman
` (189 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:10 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hangbin Liu, Daniel Borkmann, Sasha Levin
From: Hangbin Liu <liuhangbin@gmail.com>
[ Upstream commit ec80906b0fbd7be11e3e960813b977b1ffe5f8fe ]
When test_lirc_mode2_user exec failed, the test report failed but still
exit with 0. Fix it by exiting with an error code.
Another issue is for the LIRCDEV checking. With bash -n, we need to quote
the variable, or it will always be true. So if test_lirc_mode2_user was
not run, just exit with skip code.
Fixes: 6bdd533cee9a ("bpf: add selftest for lirc_mode2 type program")
Signed-off-by: Hangbin Liu <liuhangbin@gmail.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Link: https://lore.kernel.org/bpf/20220321024149.157861-1-liuhangbin@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/testing/selftests/bpf/test_lirc_mode2.sh | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/tools/testing/selftests/bpf/test_lirc_mode2.sh b/tools/testing/selftests/bpf/test_lirc_mode2.sh
index 677686198df3..795e56e3eaec 100755
--- a/tools/testing/selftests/bpf/test_lirc_mode2.sh
+++ b/tools/testing/selftests/bpf/test_lirc_mode2.sh
@@ -3,6 +3,7 @@
# Kselftest framework requirement - SKIP code is 4.
ksft_skip=4
+ret=$ksft_skip
msg="skip all tests:"
if [ $UID != 0 ]; then
@@ -24,7 +25,7 @@ do
fi
done
-if [ -n $LIRCDEV ];
+if [ -n "$LIRCDEV" ];
then
TYPE=lirc_mode2
./test_lirc_mode2_user $LIRCDEV
@@ -35,3 +36,5 @@ then
echo -e ${GREEN}"PASS: $TYPE"${NC}
fi
fi
+
+exit $ret
--
2.34.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 155/338] net: bcmgenet: Use stronger register read/writes to assure ordering
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (153 preceding siblings ...)
2022-04-14 13:10 ` [PATCH 4.19 154/338] selftests/bpf/test_lirc_mode2.sh: Exit with proper code Greg Kroah-Hartman
@ 2022-04-14 13:10 ` Greg Kroah-Hartman
2022-04-14 15:02 ` Jeremy Linton
2022-04-14 13:10 ` [PATCH 4.19 156/338] tcp: ensure PMTU updates are processed during fastopen Greg Kroah-Hartman
` (188 subsequent siblings)
343 siblings, 1 reply; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:10 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Peter Robinson, Jeremy Linton,
Florian Fainelli, Jakub Kicinski, Sasha Levin
From: Jeremy Linton <jeremy.linton@arm.com>
[ Upstream commit 8d3ea3d402db94b61075617e71b67459a714a502 ]
GCC12 appears to be much smarter about its dependency tracking and is
aware that the relaxed variants are just normal loads and stores and
this is causing problems like:
[ 210.074549] ------------[ cut here ]------------
[ 210.079223] NETDEV WATCHDOG: enabcm6e4ei0 (bcmgenet): transmit queue 1 timed out
[ 210.086717] WARNING: CPU: 1 PID: 0 at net/sched/sch_generic.c:529 dev_watchdog+0x234/0x240
[ 210.095044] Modules linked in: genet(E) nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct nft_chain_nat]
[ 210.146561] ACPI CPPC: PCC check channel failed for ss: 0. ret=-110
[ 210.146927] CPU: 1 PID: 0 Comm: swapper/1 Tainted: G E 5.17.0-rc7G12+ #58
[ 210.153226] CPPC Cpufreq:cppc_scale_freq_workfn: failed to read perf counters
[ 210.161349] Hardware name: Raspberry Pi Foundation Raspberry Pi 4 Model B/Raspberry Pi 4 Model B, BIOS EDK2-DEV 02/08/2022
[ 210.161353] pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
[ 210.161358] pc : dev_watchdog+0x234/0x240
[ 210.161364] lr : dev_watchdog+0x234/0x240
[ 210.161368] sp : ffff8000080a3a40
[ 210.161370] x29: ffff8000080a3a40 x28: ffffcd425af87000 x27: ffff8000080a3b20
[ 210.205150] x26: ffffcd425aa00000 x25: 0000000000000001 x24: ffffcd425af8ec08
[ 210.212321] x23: 0000000000000100 x22: ffffcd425af87000 x21: ffff55b142688000
[ 210.219491] x20: 0000000000000001 x19: ffff55b1426884c8 x18: ffffffffffffffff
[ 210.226661] x17: 64656d6974203120 x16: 0000000000000001 x15: 6d736e617274203a
[ 210.233831] x14: 2974656e65676d63 x13: ffffcd4259c300d8 x12: ffffcd425b07d5f0
[ 210.241001] x11: 00000000ffffffff x10: ffffcd425b07d5f0 x9 : ffffcd4258bdad9c
[ 210.248171] x8 : 00000000ffffdfff x7 : 000000000000003f x6 : 0000000000000000
[ 210.255341] x5 : 0000000000000000 x4 : 0000000000000000 x3 : 0000000000001000
[ 210.262511] x2 : 0000000000001000 x1 : 0000000000000005 x0 : 0000000000000044
[ 210.269682] Call trace:
[ 210.272133] dev_watchdog+0x234/0x240
[ 210.275811] call_timer_fn+0x3c/0x15c
[ 210.279489] __run_timers.part.0+0x288/0x310
[ 210.283777] run_timer_softirq+0x48/0x80
[ 210.287716] __do_softirq+0x128/0x360
[ 210.291392] __irq_exit_rcu+0x138/0x140
[ 210.295243] irq_exit_rcu+0x1c/0x30
[ 210.298745] el1_interrupt+0x38/0x54
[ 210.302334] el1h_64_irq_handler+0x18/0x24
[ 210.306445] el1h_64_irq+0x7c/0x80
[ 210.309857] arch_cpu_idle+0x18/0x2c
[ 210.313445] default_idle_call+0x4c/0x140
[ 210.317470] cpuidle_idle_call+0x14c/0x1a0
[ 210.321584] do_idle+0xb0/0x100
[ 210.324737] cpu_startup_entry+0x30/0x8c
[ 210.328675] secondary_start_kernel+0xe4/0x110
[ 210.333138] __secondary_switched+0x94/0x98
The assumption when these were relaxed seems to be that device memory
would be mapped non reordering, and that other constructs
(spinlocks/etc) would provide the barriers to assure that packet data
and in memory rings/queues were ordered with respect to device
register reads/writes. This itself seems a bit sketchy, but the real
problem with GCC12 is that it is moving the actual reads/writes around
at will as though they were independent operations when in truth they
are not, but the compiler can't know that. When looking at the
assembly dumps for many of these routines its possible to see very
clean, but not strictly in program order operations occurring as the
compiler would be free to do if these weren't actually register
reads/write operations.
Its possible to suppress the timeout with a liberal bit of dma_mb()'s
sprinkled around but the device still seems unable to reliably
send/receive data. A better plan is to use the safer readl/writel
everywhere.
Since this partially reverts an older commit, which notes the use of
the relaxed variants for performance reasons. I would suggest that
any performance problems with this commit are targeted at relaxing only
the performance critical code paths after assuring proper barriers.
Fixes: 69d2ea9c79898 ("net: bcmgenet: Use correct I/O accessors")
Reported-by: Peter Robinson <pbrobinson@gmail.com>
Signed-off-by: Jeremy Linton <jeremy.linton@arm.com>
Acked-by: Peter Robinson <pbrobinson@gmail.com>
Tested-by: Peter Robinson <pbrobinson@gmail.com>
Acked-by: Florian Fainelli <f.fainelli@gmail.com>
Link: https://lore.kernel.org/r/20220310045358.224350-1-jeremy.linton@arm.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/broadcom/genet/bcmgenet.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/net/ethernet/broadcom/genet/bcmgenet.c b/drivers/net/ethernet/broadcom/genet/bcmgenet.c
index d4be107ea4cd..c78b687a1443 100644
--- a/drivers/net/ethernet/broadcom/genet/bcmgenet.c
+++ b/drivers/net/ethernet/broadcom/genet/bcmgenet.c
@@ -83,7 +83,7 @@ static inline void bcmgenet_writel(u32 value, void __iomem *offset)
if (IS_ENABLED(CONFIG_MIPS) && IS_ENABLED(CONFIG_CPU_BIG_ENDIAN))
__raw_writel(value, offset);
else
- writel_relaxed(value, offset);
+ writel(value, offset);
}
static inline u32 bcmgenet_readl(void __iomem *offset)
@@ -91,7 +91,7 @@ static inline u32 bcmgenet_readl(void __iomem *offset)
if (IS_ENABLED(CONFIG_MIPS) && IS_ENABLED(CONFIG_CPU_BIG_ENDIAN))
return __raw_readl(offset);
else
- return readl_relaxed(offset);
+ return readl(offset);
}
static inline void dmadesc_set_length_status(struct bcmgenet_priv *priv,
--
2.34.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 156/338] tcp: ensure PMTU updates are processed during fastopen
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (154 preceding siblings ...)
2022-04-14 13:10 ` [PATCH 4.19 155/338] net: bcmgenet: Use stronger register read/writes to assure ordering Greg Kroah-Hartman
@ 2022-04-14 13:10 ` Greg Kroah-Hartman
2022-04-14 13:11 ` [PATCH 4.19 157/338] mfd: asic3: Add missing iounmap() on error asic3_mfd_probe Greg Kroah-Hartman
` (187 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:10 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Andre Nash, Neil Spring, Wei Wang,
Yuchung Cheng, Martin KaFai Lau, Jakub Kicinski, Eric Dumazet,
Sasha Levin
From: Jakub Kicinski <kuba@kernel.org>
[ Upstream commit ed0c99dc0f499ff8b6e75b5ae6092ab42be1ad39 ]
tp->rx_opt.mss_clamp is not populated, yet, during TFO send so we
rise it to the local MSS. tp->mss_cache is not updated, however:
tcp_v6_connect():
tp->rx_opt.mss_clamp = IPV6_MIN_MTU - headers;
tcp_connect():
tcp_connect_init():
tp->mss_cache = min(mtu, tp->rx_opt.mss_clamp)
tcp_send_syn_data():
tp->rx_opt.mss_clamp = tp->advmss
After recent fixes to ICMPv6 PTB handling we started dropping
PMTU updates higher than tp->mss_cache. Because of the stale
tp->mss_cache value PMTU updates during TFO are always dropped.
Thanks to Wei for helping zero in on the problem and the fix!
Fixes: c7bb4b89033b ("ipv6: tcp: drop silly ICMPv6 packet too big messages")
Reported-by: Andre Nash <alnash@fb.com>
Reported-by: Neil Spring <ntspring@fb.com>
Reviewed-by: Wei Wang <weiwan@google.com>
Acked-by: Yuchung Cheng <ycheng@google.com>
Acked-by: Martin KaFai Lau <kafai@fb.com>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Reviewed-by: Eric Dumazet <edumazet@google.com>
Link: https://lore.kernel.org/r/20220321165957.1769954-1-kuba@kernel.org
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/ipv4/tcp_output.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/net/ipv4/tcp_output.c b/net/ipv4/tcp_output.c
index c97c027a8d77..97c3b616d594 100644
--- a/net/ipv4/tcp_output.c
+++ b/net/ipv4/tcp_output.c
@@ -3425,6 +3425,7 @@ static void tcp_connect_queue_skb(struct sock *sk, struct sk_buff *skb)
*/
static int tcp_send_syn_data(struct sock *sk, struct sk_buff *syn)
{
+ struct inet_connection_sock *icsk = inet_csk(sk);
struct tcp_sock *tp = tcp_sk(sk);
struct tcp_fastopen_request *fo = tp->fastopen_req;
int space, err = 0;
@@ -3439,8 +3440,10 @@ static int tcp_send_syn_data(struct sock *sk, struct sk_buff *syn)
* private TCP options. The cost is reduced data space in SYN :(
*/
tp->rx_opt.mss_clamp = tcp_mss_clamp(tp, tp->rx_opt.mss_clamp);
+ /* Sync mss_cache after updating the mss_clamp */
+ tcp_sync_mss(sk, icsk->icsk_pmtu_cookie);
- space = __tcp_mtu_to_mss(sk, inet_csk(sk)->icsk_pmtu_cookie) -
+ space = __tcp_mtu_to_mss(sk, icsk->icsk_pmtu_cookie) -
MAX_TCP_OPTION_SPACE;
space = min_t(size_t, space, fo->size);
--
2.34.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 157/338] mfd: asic3: Add missing iounmap() on error asic3_mfd_probe
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (155 preceding siblings ...)
2022-04-14 13:10 ` [PATCH 4.19 156/338] tcp: ensure PMTU updates are processed during fastopen Greg Kroah-Hartman
@ 2022-04-14 13:11 ` Greg Kroah-Hartman
2022-04-14 13:11 ` [PATCH 4.19 158/338] mxser: fix xmit_buf leak in activate when LSR == 0xff Greg Kroah-Hartman
` (186 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:11 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Miaoqian Lin, Lee Jones, Sasha Levin
From: Miaoqian Lin <linmq006@gmail.com>
[ Upstream commit e84ee1a75f944a0fe3c277aaa10c426603d2b0bc ]
Add the missing iounmap() before return from asic3_mfd_probe
in the error handling case.
Fixes: 64e8867ba809 ("mfd: tmio_mmc hardware abstraction for CNF area")
Signed-off-by: Miaoqian Lin <linmq006@gmail.com>
Signed-off-by: Lee Jones <lee.jones@linaro.org>
Link: https://lore.kernel.org/r/20220307072947.5369-1-linmq006@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/mfd/asic3.c | 10 +++++++---
1 file changed, 7 insertions(+), 3 deletions(-)
diff --git a/drivers/mfd/asic3.c b/drivers/mfd/asic3.c
index 1531302a50ec..75584cee0da5 100644
--- a/drivers/mfd/asic3.c
+++ b/drivers/mfd/asic3.c
@@ -918,14 +918,14 @@ static int __init asic3_mfd_probe(struct platform_device *pdev,
ret = mfd_add_devices(&pdev->dev, pdev->id,
&asic3_cell_ds1wm, 1, mem, asic->irq_base, NULL);
if (ret < 0)
- goto out;
+ goto out_unmap;
}
if (mem_sdio && (irq >= 0)) {
ret = mfd_add_devices(&pdev->dev, pdev->id,
&asic3_cell_mmc, 1, mem_sdio, irq, NULL);
if (ret < 0)
- goto out;
+ goto out_unmap;
}
ret = 0;
@@ -939,8 +939,12 @@ static int __init asic3_mfd_probe(struct platform_device *pdev,
ret = mfd_add_devices(&pdev->dev, 0,
asic3_cell_leds, ASIC3_NUM_LEDS, NULL, 0, NULL);
}
+ return ret;
- out:
+out_unmap:
+ if (asic->tmio_cnf)
+ iounmap(asic->tmio_cnf);
+out:
return ret;
}
--
2.34.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 158/338] mxser: fix xmit_buf leak in activate when LSR == 0xff
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (156 preceding siblings ...)
2022-04-14 13:11 ` [PATCH 4.19 157/338] mfd: asic3: Add missing iounmap() on error asic3_mfd_probe Greg Kroah-Hartman
@ 2022-04-14 13:11 ` Greg Kroah-Hartman
2022-04-14 13:11 ` [PATCH 4.19 159/338] pwm: lpc18xx-sct: Initialize driver data and hardware before pwmchip_add() Greg Kroah-Hartman
` (185 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:11 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Jiri Slaby, Sasha Levin
From: Jiri Slaby <jslaby@suse.cz>
[ Upstream commit cd3a4907ee334b40d7aa880c7ab310b154fd5cd4 ]
When LSR is 0xff in ->activate() (rather unlike), we return an error.
Provided ->shutdown() is not called when ->activate() fails, nothing
actually frees the buffer in this case.
Fix this by properly freeing the buffer in a designated label. We jump
there also from the "!info->type" if now too.
Fixes: 6769140d3047 ("tty: mxser: use the tty_port_open method")
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
Link: https://lore.kernel.org/r/20220124071430.14907-6-jslaby@suse.cz
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/tty/mxser.c | 15 +++++++++++----
1 file changed, 11 insertions(+), 4 deletions(-)
diff --git a/drivers/tty/mxser.c b/drivers/tty/mxser.c
index 8bc15cb67a58..88eb90361a89 100644
--- a/drivers/tty/mxser.c
+++ b/drivers/tty/mxser.c
@@ -861,6 +861,7 @@ static int mxser_activate(struct tty_port *port, struct tty_struct *tty)
struct mxser_port *info = container_of(port, struct mxser_port, port);
unsigned long page;
unsigned long flags;
+ int ret;
page = __get_free_page(GFP_KERNEL);
if (!page)
@@ -870,9 +871,9 @@ static int mxser_activate(struct tty_port *port, struct tty_struct *tty)
if (!info->ioaddr || !info->type) {
set_bit(TTY_IO_ERROR, &tty->flags);
- free_page(page);
spin_unlock_irqrestore(&info->slock, flags);
- return 0;
+ ret = 0;
+ goto err_free_xmit;
}
info->port.xmit_buf = (unsigned char *) page;
@@ -898,8 +899,10 @@ static int mxser_activate(struct tty_port *port, struct tty_struct *tty)
if (capable(CAP_SYS_ADMIN)) {
set_bit(TTY_IO_ERROR, &tty->flags);
return 0;
- } else
- return -ENODEV;
+ }
+
+ ret = -ENODEV;
+ goto err_free_xmit;
}
/*
@@ -944,6 +947,10 @@ static int mxser_activate(struct tty_port *port, struct tty_struct *tty)
spin_unlock_irqrestore(&info->slock, flags);
return 0;
+err_free_xmit:
+ free_page(page);
+ info->port.xmit_buf = NULL;
+ return ret;
}
/*
--
2.34.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 159/338] pwm: lpc18xx-sct: Initialize driver data and hardware before pwmchip_add()
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (157 preceding siblings ...)
2022-04-14 13:11 ` [PATCH 4.19 158/338] mxser: fix xmit_buf leak in activate when LSR == 0xff Greg Kroah-Hartman
@ 2022-04-14 13:11 ` Greg Kroah-Hartman
2022-04-14 13:11 ` [PATCH 4.19 160/338] staging:iio:adc:ad7280a: Fix handing of device address bit reversing Greg Kroah-Hartman
` (184 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:11 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Uwe Kleine-König,
Thierry Reding, Sasha Levin
From: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
[ Upstream commit 0401f24cd238ae200a23a13925f98de3d2c883b8 ]
When a driver calls pwmchip_add() it has to be prepared to immediately
get its callbacks called. So move allocation of driver data and hardware
initialization before the call to pwmchip_add().
This fixes a potential NULL pointer exception and a race condition on
register writes.
Fixes: 841e6f90bb78 ("pwm: NXP LPC18xx PWM/SCT driver")
Signed-off-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
Signed-off-by: Thierry Reding <thierry.reding@gmail.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/pwm/pwm-lpc18xx-sct.c | 20 +++++++++-----------
1 file changed, 9 insertions(+), 11 deletions(-)
diff --git a/drivers/pwm/pwm-lpc18xx-sct.c b/drivers/pwm/pwm-lpc18xx-sct.c
index d7f5f7de030d..8b3aad06e236 100644
--- a/drivers/pwm/pwm-lpc18xx-sct.c
+++ b/drivers/pwm/pwm-lpc18xx-sct.c
@@ -406,12 +406,6 @@ static int lpc18xx_pwm_probe(struct platform_device *pdev)
lpc18xx_pwm_writel(lpc18xx_pwm, LPC18XX_PWM_LIMIT,
BIT(lpc18xx_pwm->period_event));
- ret = pwmchip_add(&lpc18xx_pwm->chip);
- if (ret < 0) {
- dev_err(&pdev->dev, "pwmchip_add failed: %d\n", ret);
- goto disable_pwmclk;
- }
-
for (i = 0; i < lpc18xx_pwm->chip.npwm; i++) {
struct lpc18xx_pwm_data *data;
@@ -421,14 +415,12 @@ static int lpc18xx_pwm_probe(struct platform_device *pdev)
GFP_KERNEL);
if (!data) {
ret = -ENOMEM;
- goto remove_pwmchip;
+ goto disable_pwmclk;
}
pwm_set_chip_data(pwm, data);
}
- platform_set_drvdata(pdev, lpc18xx_pwm);
-
val = lpc18xx_pwm_readl(lpc18xx_pwm, LPC18XX_PWM_CTRL);
val &= ~LPC18XX_PWM_BIDIR;
val &= ~LPC18XX_PWM_CTRL_HALT;
@@ -436,10 +428,16 @@ static int lpc18xx_pwm_probe(struct platform_device *pdev)
val |= LPC18XX_PWM_PRE(0);
lpc18xx_pwm_writel(lpc18xx_pwm, LPC18XX_PWM_CTRL, val);
+ ret = pwmchip_add(&lpc18xx_pwm->chip);
+ if (ret < 0) {
+ dev_err(&pdev->dev, "pwmchip_add failed: %d\n", ret);
+ goto disable_pwmclk;
+ }
+
+ platform_set_drvdata(pdev, lpc18xx_pwm);
+
return 0;
-remove_pwmchip:
- pwmchip_remove(&lpc18xx_pwm->chip);
disable_pwmclk:
clk_disable_unprepare(lpc18xx_pwm->pwm_clk);
return ret;
--
2.34.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 160/338] staging:iio:adc:ad7280a: Fix handing of device address bit reversing.
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (158 preceding siblings ...)
2022-04-14 13:11 ` [PATCH 4.19 159/338] pwm: lpc18xx-sct: Initialize driver data and hardware before pwmchip_add() Greg Kroah-Hartman
@ 2022-04-14 13:11 ` Greg Kroah-Hartman
2022-04-14 13:11 ` [PATCH 4.19 161/338] clk: qcom: ipq8074: Use floor ops for SDCC1 clock Greg Kroah-Hartman
` (183 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:11 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jonathan Cameron, Marcelo Schmitt,
Sasha Levin
From: Jonathan Cameron <Jonathan.Cameron@huawei.com>
[ Upstream commit f281e4ddbbc0b60f061bc18a2834e9363ba85f9f ]
The bit reversal was wrong for bits 1 and 3 of the 5 bits.
Result is driver failure to probe if you have more than 2 daisy-chained
devices. Discovered via QEMU based device emulation.
Fixes tag is for when this moved from a macro to a function, but it
was broken before that.
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Fixes: 065a7c0b1fec ("Staging: iio: adc: ad7280a.c: Fixed Macro argument reuse")
Reviewed-by: Marcelo Schmitt <marcelo.schmitt1@gmail.com>
Link: https://lore.kernel.org/r/20220206190328.333093-2-jic23@kernel.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/staging/iio/adc/ad7280a.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/staging/iio/adc/ad7280a.c b/drivers/staging/iio/adc/ad7280a.c
index 6a48ad067a8b..15422d82f812 100644
--- a/drivers/staging/iio/adc/ad7280a.c
+++ b/drivers/staging/iio/adc/ad7280a.c
@@ -102,9 +102,9 @@
static unsigned int ad7280a_devaddr(unsigned int addr)
{
return ((addr & 0x1) << 4) |
- ((addr & 0x2) << 3) |
+ ((addr & 0x2) << 2) |
(addr & 0x4) |
- ((addr & 0x8) >> 3) |
+ ((addr & 0x8) >> 2) |
((addr & 0x10) >> 4);
}
--
2.34.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 161/338] clk: qcom: ipq8074: Use floor ops for SDCC1 clock
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (159 preceding siblings ...)
2022-04-14 13:11 ` [PATCH 4.19 160/338] staging:iio:adc:ad7280a: Fix handing of device address bit reversing Greg Kroah-Hartman
@ 2022-04-14 13:11 ` Greg Kroah-Hartman
2022-04-14 13:11 ` [PATCH 4.19 162/338] serial: 8250_mid: Balance reference count for PCI DMA device Greg Kroah-Hartman
` (182 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:11 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dirk Buchwalder, Robert Marko,
Stephen Boyd, Bjorn Andersson, Sasha Levin
From: Dirk Buchwalder <buchwalder@posteo.de>
[ Upstream commit b77d8306d84f83d1da68028a68c91da9c867b6f6 ]
Use floor ops on SDCC1 APPS clock in order to round down selected clock
frequency and avoid overclocking SD/eMMC cards.
For example, currently HS200 cards were failling tuning as they were
actually being clocked at 384MHz instead of 192MHz.
This caused some boards to disable 1.8V I/O and force the eMMC into the
standard HS mode (50MHz) and that appeared to work despite the eMMC being
overclocked to 96Mhz in that case.
There was a previous commit to use floor ops on SDCC clocks, but it looks
to have only covered SDCC2 clock.
Fixes: 9607f6224b39 ("clk: qcom: ipq8074: add PCIE, USB and SDCC clocks")
Signed-off-by: Dirk Buchwalder <buchwalder@posteo.de>
Signed-off-by: Robert Marko <robimarko@gmail.com>
Reviewed-by: Stephen Boyd <sboyd@kernel.org>
Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org>
Link: https://lore.kernel.org/r/20220210173100.505128-1-robimarko@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/clk/qcom/gcc-ipq8074.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/clk/qcom/gcc-ipq8074.c b/drivers/clk/qcom/gcc-ipq8074.c
index 505c6263141d..708c486a6e96 100644
--- a/drivers/clk/qcom/gcc-ipq8074.c
+++ b/drivers/clk/qcom/gcc-ipq8074.c
@@ -1082,7 +1082,7 @@ static struct clk_rcg2 sdcc1_apps_clk_src = {
.name = "sdcc1_apps_clk_src",
.parent_names = gcc_xo_gpll0_gpll2_gpll0_out_main_div2,
.num_parents = 4,
- .ops = &clk_rcg2_ops,
+ .ops = &clk_rcg2_floor_ops,
},
};
--
2.34.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 162/338] serial: 8250_mid: Balance reference count for PCI DMA device
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (160 preceding siblings ...)
2022-04-14 13:11 ` [PATCH 4.19 161/338] clk: qcom: ipq8074: Use floor ops for SDCC1 clock Greg Kroah-Hartman
@ 2022-04-14 13:11 ` Greg Kroah-Hartman
2022-04-14 13:11 ` [PATCH 4.19 163/338] serial: 8250: Fix race condition in RTS-after-send handling Greg Kroah-Hartman
` (181 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:11 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Qing Wang, Andy Shevchenko, Sasha Levin
From: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
[ Upstream commit 67ec6dd0b257bd81b4e9fcac89b29da72f6265e5 ]
The pci_get_slot() increases its reference count, the caller
must decrement the reference count by calling pci_dev_put().
Fixes: 90b9aacf912a ("serial: 8250_pci: add Intel Tangier support")
Fixes: f549e94effa1 ("serial: 8250_pci: add Intel Penwell ports")
Reported-by: Qing Wang <wangqing@vivo.com>
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Depends-on: d9eda9bab237 ("serial: 8250_pci: Intel MID UART support to its own driver")
Link: https://lore.kernel.org/r/20220215100920.41984-1-andriy.shevchenko@linux.intel.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/tty/serial/8250/8250_mid.c | 19 +++++++++++++++----
1 file changed, 15 insertions(+), 4 deletions(-)
diff --git a/drivers/tty/serial/8250/8250_mid.c b/drivers/tty/serial/8250/8250_mid.c
index efa0515139f8..e6c1791609dd 100644
--- a/drivers/tty/serial/8250/8250_mid.c
+++ b/drivers/tty/serial/8250/8250_mid.c
@@ -73,6 +73,11 @@ static int pnw_setup(struct mid8250 *mid, struct uart_port *p)
return 0;
}
+static void pnw_exit(struct mid8250 *mid)
+{
+ pci_dev_put(mid->dma_dev);
+}
+
static int tng_handle_irq(struct uart_port *p)
{
struct mid8250 *mid = p->private_data;
@@ -124,6 +129,11 @@ static int tng_setup(struct mid8250 *mid, struct uart_port *p)
return 0;
}
+static void tng_exit(struct mid8250 *mid)
+{
+ pci_dev_put(mid->dma_dev);
+}
+
static int dnv_handle_irq(struct uart_port *p)
{
struct mid8250 *mid = p->private_data;
@@ -330,9 +340,9 @@ static int mid8250_probe(struct pci_dev *pdev, const struct pci_device_id *id)
pci_set_drvdata(pdev, mid);
return 0;
+
err:
- if (mid->board->exit)
- mid->board->exit(mid);
+ mid->board->exit(mid);
return ret;
}
@@ -342,8 +352,7 @@ static void mid8250_remove(struct pci_dev *pdev)
serial8250_unregister_port(mid->line);
- if (mid->board->exit)
- mid->board->exit(mid);
+ mid->board->exit(mid);
}
static const struct mid8250_board pnw_board = {
@@ -351,6 +360,7 @@ static const struct mid8250_board pnw_board = {
.freq = 50000000,
.base_baud = 115200,
.setup = pnw_setup,
+ .exit = pnw_exit,
};
static const struct mid8250_board tng_board = {
@@ -358,6 +368,7 @@ static const struct mid8250_board tng_board = {
.freq = 38400000,
.base_baud = 1843200,
.setup = tng_setup,
+ .exit = tng_exit,
};
static const struct mid8250_board dnv_board = {
--
2.34.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 163/338] serial: 8250: Fix race condition in RTS-after-send handling
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (161 preceding siblings ...)
2022-04-14 13:11 ` [PATCH 4.19 162/338] serial: 8250_mid: Balance reference count for PCI DMA device Greg Kroah-Hartman
@ 2022-04-14 13:11 ` Greg Kroah-Hartman
2022-04-14 13:11 ` [PATCH 4.19 164/338] iio: adc: Add check for devm_request_threaded_irq Greg Kroah-Hartman
` (180 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:11 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Uwe Kleine-König, Sasha Levin
From: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
[ Upstream commit dedab69fd650ea74710b2e626e63fd35584ef773 ]
Set em485->active_timer = NULL isn't always enough to take out the stop
timer. While there is a check that it acts in the right state (i.e.
waiting for RTS-after-send to pass after sending some chars) but the
following might happen:
- CPU1: some chars send, shifter becomes empty, stop tx timer armed
- CPU0: more chars send before RTS-after-send expired
- CPU0: shifter empty irq, port lock taken
- CPU1: tx timer triggers, waits for port lock
- CPU0: em485->active_timer = &em485->stop_tx_timer, hrtimer_start(),
releases lock()
- CPU1: get lock, see em485->active_timer == &em485->stop_tx_timer,
tear down RTS too early
This fix bases on research done by Steffen Trumtrar.
Fixes: b86f86e8e7c5 ("serial: 8250: fix potential deadlock in rs485-mode")
Signed-off-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
Link: https://lore.kernel.org/r/20220215160236.344236-1-u.kleine-koenig@pengutronix.de
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/tty/serial/8250/8250_port.c | 12 ++++++++++++
1 file changed, 12 insertions(+)
diff --git a/drivers/tty/serial/8250/8250_port.c b/drivers/tty/serial/8250/8250_port.c
index 39e821d6e537..5ec50ccfbec9 100644
--- a/drivers/tty/serial/8250/8250_port.c
+++ b/drivers/tty/serial/8250/8250_port.c
@@ -1594,6 +1594,18 @@ static inline void start_tx_rs485(struct uart_port *port)
if (!(up->port.rs485.flags & SER_RS485_RX_DURING_TX))
serial8250_stop_rx(&up->port);
+ /*
+ * While serial8250_em485_handle_stop_tx() is a noop if
+ * em485->active_timer != &em485->stop_tx_timer, it might happen that
+ * the timer is still armed and triggers only after the current bunch of
+ * chars is send and em485->active_timer == &em485->stop_tx_timer again.
+ * So cancel the timer. There is still a theoretical race condition if
+ * the timer is already running and only comes around to check for
+ * em485->active_timer when &em485->stop_tx_timer is armed again.
+ */
+ if (em485->active_timer == &em485->stop_tx_timer)
+ hrtimer_try_to_cancel(&em485->stop_tx_timer);
+
em485->active_timer = NULL;
mcr = serial8250_in_MCR(up);
--
2.34.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 164/338] iio: adc: Add check for devm_request_threaded_irq
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (162 preceding siblings ...)
2022-04-14 13:11 ` [PATCH 4.19 163/338] serial: 8250: Fix race condition in RTS-after-send handling Greg Kroah-Hartman
@ 2022-04-14 13:11 ` Greg Kroah-Hartman
2022-04-14 13:11 ` Greg Kroah-Hartman
` (179 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:11 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jiasheng Jiang, Jonathan Cameron,
Sasha Levin
From: Jiasheng Jiang <jiasheng@iscas.ac.cn>
[ Upstream commit b30537a4cedcacf0ade2f33ebb7610178ed1e7d7 ]
As the potential failure of the devm_request_threaded_irq(),
it should be better to check the return value and return
error if fails.
Fixes: fa659a40b80b ("iio: adc: twl6030-gpadc: Use devm_* API family")
Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>
Link: https://lore.kernel.org/r/20220224062849.3280966-1-jiasheng@iscas.ac.cn
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/iio/adc/twl6030-gpadc.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/iio/adc/twl6030-gpadc.c b/drivers/iio/adc/twl6030-gpadc.c
index e470510e76ea..765aaee157e2 100644
--- a/drivers/iio/adc/twl6030-gpadc.c
+++ b/drivers/iio/adc/twl6030-gpadc.c
@@ -927,6 +927,8 @@ static int twl6030_gpadc_probe(struct platform_device *pdev)
ret = devm_request_threaded_irq(dev, irq, NULL,
twl6030_gpadc_irq_handler,
IRQF_ONESHOT, "twl6030_gpadc", indio_dev);
+ if (ret)
+ return ret;
ret = twl6030_gpadc_enable_irq(TWL6030_GPADC_RT_SW1_EOC_MASK);
if (ret < 0) {
--
2.34.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 165/338] dma-debug: fix return value of __setup handlers
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
@ 2022-04-14 13:11 ` Greg Kroah-Hartman
2022-04-14 13:08 ` [PATCH 4.19 002/338] USB: serial: simple: add Nokia phone driver Greg Kroah-Hartman
` (342 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:11 UTC (permalink / raw)
To: linux-kernel
Cc: Sasha Levin, Greg Kroah-Hartman, Randy Dunlap, Igor Zhbanov,
stable, iommu, Robin Murphy, Christoph Hellwig
From: Randy Dunlap <rdunlap@infradead.org>
[ Upstream commit 80e4390981618e290616dbd06ea190d4576f219d ]
When valid kernel command line parameters
dma_debug=off dma_debug_entries=100
are used, they are reported as Unknown parameters and added to init's
environment strings, polluting it.
Unknown kernel command line parameters "BOOT_IMAGE=/boot/bzImage-517rc5
dma_debug=off dma_debug_entries=100", will be passed to user space.
and
Run /sbin/init as init process
with arguments:
/sbin/init
with environment:
HOME=/
TERM=linux
BOOT_IMAGE=/boot/bzImage-517rc5
dma_debug=off
dma_debug_entries=100
Return 1 from these __setup handlers to indicate that the command line
option has been handled.
Fixes: 59d3daafa1726 ("dma-debug: add kernel command line parameters")
Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
Reported-by: Igor Zhbanov <i.zhbanov@omprussia.ru>
Link: lore.kernel.org/r/64644a2f-4a20-bab3-1e15-3b2cdd0defe3@omprussia.ru
Cc: Joerg Roedel <joro@8bytes.org>
Cc: Christoph Hellwig <hch@lst.de>
Cc: Marek Szyprowski <m.szyprowski@samsung.com>
Cc: iommu@lists.linux-foundation.org
Cc: Robin Murphy <robin.murphy@arm.com>
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/dma/debug.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/kernel/dma/debug.c b/kernel/dma/debug.c
index 1c82b0d25498..9c9a5b12f92f 100644
--- a/kernel/dma/debug.c
+++ b/kernel/dma/debug.c
@@ -1056,7 +1056,7 @@ static __init int dma_debug_cmdline(char *str)
global_disable = true;
}
- return 0;
+ return 1;
}
static __init int dma_debug_entries_cmdline(char *str)
@@ -1065,7 +1065,7 @@ static __init int dma_debug_entries_cmdline(char *str)
return -EINVAL;
if (!get_option(&str, &nr_prealloc_entries))
nr_prealloc_entries = PREALLOC_DMA_DEBUG_ENTRIES;
- return 0;
+ return 1;
}
__setup("dma_debug=", dma_debug_cmdline);
--
2.34.1
_______________________________________________
iommu mailing list
iommu@lists.linux-foundation.org
https://lists.linuxfoundation.org/mailman/listinfo/iommu
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 165/338] dma-debug: fix return value of __setup handlers
@ 2022-04-14 13:11 ` Greg Kroah-Hartman
0 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:11 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Randy Dunlap, Igor Zhbanov,
Joerg Roedel, Christoph Hellwig, Marek Szyprowski, iommu,
Robin Murphy, Sasha Levin
From: Randy Dunlap <rdunlap@infradead.org>
[ Upstream commit 80e4390981618e290616dbd06ea190d4576f219d ]
When valid kernel command line parameters
dma_debug=off dma_debug_entries=100
are used, they are reported as Unknown parameters and added to init's
environment strings, polluting it.
Unknown kernel command line parameters "BOOT_IMAGE=/boot/bzImage-517rc5
dma_debug=off dma_debug_entries=100", will be passed to user space.
and
Run /sbin/init as init process
with arguments:
/sbin/init
with environment:
HOME=/
TERM=linux
BOOT_IMAGE=/boot/bzImage-517rc5
dma_debug=off
dma_debug_entries=100
Return 1 from these __setup handlers to indicate that the command line
option has been handled.
Fixes: 59d3daafa1726 ("dma-debug: add kernel command line parameters")
Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
Reported-by: Igor Zhbanov <i.zhbanov@omprussia.ru>
Link: lore.kernel.org/r/64644a2f-4a20-bab3-1e15-3b2cdd0defe3@omprussia.ru
Cc: Joerg Roedel <joro@8bytes.org>
Cc: Christoph Hellwig <hch@lst.de>
Cc: Marek Szyprowski <m.szyprowski@samsung.com>
Cc: iommu@lists.linux-foundation.org
Cc: Robin Murphy <robin.murphy@arm.com>
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/dma/debug.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/kernel/dma/debug.c b/kernel/dma/debug.c
index 1c82b0d25498..9c9a5b12f92f 100644
--- a/kernel/dma/debug.c
+++ b/kernel/dma/debug.c
@@ -1056,7 +1056,7 @@ static __init int dma_debug_cmdline(char *str)
global_disable = true;
}
- return 0;
+ return 1;
}
static __init int dma_debug_entries_cmdline(char *str)
@@ -1065,7 +1065,7 @@ static __init int dma_debug_entries_cmdline(char *str)
return -EINVAL;
if (!get_option(&str, &nr_prealloc_entries))
nr_prealloc_entries = PREALLOC_DMA_DEBUG_ENTRIES;
- return 0;
+ return 1;
}
__setup("dma_debug=", dma_debug_cmdline);
--
2.34.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 166/338] clk: qcom: clk-rcg2: Update the frac table for pixel clock
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (164 preceding siblings ...)
2022-04-14 13:11 ` Greg Kroah-Hartman
@ 2022-04-14 13:11 ` Greg Kroah-Hartman
2022-04-14 13:11 ` [PATCH 4.19 167/338] remoteproc: qcom_wcnss: Add missing of_node_put() in wcnss_alloc_memory_region Greg Kroah-Hartman
` (177 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:11 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Taniya Das, Stephen Boyd,
Bjorn Andersson, Sasha Levin
From: Taniya Das <tdas@codeaurora.org>
[ Upstream commit b527358cb4cd58a8279c9062b0786f1fab628fdc ]
Support the new numerator and denominator for pixel clock on SM8350 and
support rgb101010, RGB888 use cases on SM8450.
Fixes: 99cbd064b059f ("clk: qcom: Support display RCG clocks")
Signed-off-by: Taniya Das <tdas@codeaurora.org>
Reviewed-by: Stephen Boyd <sboyd@kernel.org>
Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org>
Link: https://lore.kernel.org/r/20220227175536.3131-2-tdas@codeaurora.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/clk/qcom/clk-rcg2.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/clk/qcom/clk-rcg2.c b/drivers/clk/qcom/clk-rcg2.c
index f420f0c96877..04bd29d6aba1 100644
--- a/drivers/clk/qcom/clk-rcg2.c
+++ b/drivers/clk/qcom/clk-rcg2.c
@@ -625,6 +625,7 @@ static const struct frac_entry frac_table_pixel[] = {
{ 2, 9 },
{ 4, 9 },
{ 1, 1 },
+ { 2, 3 },
{ }
};
--
2.34.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 167/338] remoteproc: qcom_wcnss: Add missing of_node_put() in wcnss_alloc_memory_region
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (165 preceding siblings ...)
2022-04-14 13:11 ` [PATCH 4.19 166/338] clk: qcom: clk-rcg2: Update the frac table for pixel clock Greg Kroah-Hartman
@ 2022-04-14 13:11 ` Greg Kroah-Hartman
2022-04-14 13:11 ` [PATCH 4.19 168/338] clk: actions: Terminate clk_div_table with sentinel element Greg Kroah-Hartman
` (176 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:11 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Miaoqian Lin, Bjorn Andersson, Sasha Levin
From: Miaoqian Lin <linmq006@gmail.com>
[ Upstream commit 8f90161a66bc3d6b9fe8dde4d9028d20eae1b62a ]
The device_node pointer is returned by of_parse_phandle() with refcount
incremented. We should use of_node_put() on it when done.
Fixes: aed361adca9f ("remoteproc: qcom: Introduce WCNSS peripheral image loader")
Signed-off-by: Miaoqian Lin <linmq006@gmail.com>
Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org>
Link: https://lore.kernel.org/r/20220308063102.10049-1-linmq006@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/remoteproc/qcom_wcnss.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/remoteproc/qcom_wcnss.c b/drivers/remoteproc/qcom_wcnss.c
index b0e07e9f42d5..6cc0f9a5533e 100644
--- a/drivers/remoteproc/qcom_wcnss.c
+++ b/drivers/remoteproc/qcom_wcnss.c
@@ -448,6 +448,7 @@ static int wcnss_alloc_memory_region(struct qcom_wcnss *wcnss)
}
ret = of_address_to_resource(node, 0, &r);
+ of_node_put(node);
if (ret)
return ret;
--
2.34.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 168/338] clk: actions: Terminate clk_div_table with sentinel element
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (166 preceding siblings ...)
2022-04-14 13:11 ` [PATCH 4.19 167/338] remoteproc: qcom_wcnss: Add missing of_node_put() in wcnss_alloc_memory_region Greg Kroah-Hartman
@ 2022-04-14 13:11 ` Greg Kroah-Hartman
2022-04-14 13:11 ` [PATCH 4.19 169/338] clk: loongson1: " Greg Kroah-Hartman
` (175 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:11 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jonathan Neuschäfer,
Manivannan Sadhasivam, Stephen Boyd, Sasha Levin
From: Jonathan Neuschäfer <j.neuschaefer@gmx.net>
[ Upstream commit d8a441e53e2434b1401e52dfd66b05263e442edc ]
In order that the end of a clk_div_table can be detected, it must be
terminated with a sentinel element (.div = 0).
In owl-s900.s, the { 0, 8 } element was probably meant to be just that,
so this patch changes { 0, 8 } to { 0, 0 }.
Fixes: d47317ca4ade1 ("clk: actions: Add S700 SoC clock support")
Fixes: d85d20053e195 ("clk: actions: Add S900 SoC clock support")
Signed-off-by: Jonathan Neuschäfer <j.neuschaefer@gmx.net>
Reviewed-by: Manivannan Sadhasivam <mani@kernel.org>
Link: https://lore.kernel.org/r/20220218000922.134857-2-j.neuschaefer@gmx.net
Signed-off-by: Stephen Boyd <sboyd@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/clk/actions/owl-s700.c | 1 +
drivers/clk/actions/owl-s900.c | 2 +-
2 files changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/clk/actions/owl-s700.c b/drivers/clk/actions/owl-s700.c
index 5e9531392ee5..aa76b0c10373 100644
--- a/drivers/clk/actions/owl-s700.c
+++ b/drivers/clk/actions/owl-s700.c
@@ -160,6 +160,7 @@ static struct clk_div_table hdmia_div_table[] = {
static struct clk_div_table rmii_div_table[] = {
{0, 4}, {1, 10},
+ {0, 0}
};
/* divider clocks */
diff --git a/drivers/clk/actions/owl-s900.c b/drivers/clk/actions/owl-s900.c
index 7f60ed6afe63..460b33fc6c54 100644
--- a/drivers/clk/actions/owl-s900.c
+++ b/drivers/clk/actions/owl-s900.c
@@ -138,7 +138,7 @@ static struct clk_div_table rmii_ref_div_table[] = {
static struct clk_div_table usb3_mac_div_table[] = {
{ 1, 2 }, { 2, 3 }, { 3, 4 },
- { 0, 8 },
+ { 0, 0 }
};
static struct clk_div_table i2s_div_table[] = {
--
2.34.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 169/338] clk: loongson1: Terminate clk_div_table with sentinel element
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (167 preceding siblings ...)
2022-04-14 13:11 ` [PATCH 4.19 168/338] clk: actions: Terminate clk_div_table with sentinel element Greg Kroah-Hartman
@ 2022-04-14 13:11 ` Greg Kroah-Hartman
2022-04-14 13:11 ` [PATCH 4.19 170/338] clk: clps711x: " Greg Kroah-Hartman
` (174 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:11 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jonathan Neuschäfer,
Philippe Mathieu-Daudé,
Stephen Boyd, Sasha Levin
From: Jonathan Neuschäfer <j.neuschaefer@gmx.net>
[ Upstream commit 3eb00f89162e80083dfcaa842468b510462cfeaa ]
In order that the end of a clk_div_table can be detected, it must be
terminated with a sentinel element (.div = 0).
Fixes: b4626a7f4892 ("CLK: Add Loongson1C clock support")
Signed-off-by: Jonathan Neuschäfer <j.neuschaefer@gmx.net>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Link: https://lore.kernel.org/r/20220218000922.134857-3-j.neuschaefer@gmx.net
Signed-off-by: Stephen Boyd <sboyd@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/clk/loongson1/clk-loongson1c.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/clk/loongson1/clk-loongson1c.c b/drivers/clk/loongson1/clk-loongson1c.c
index 3466f7320b40..e3aa502761a3 100644
--- a/drivers/clk/loongson1/clk-loongson1c.c
+++ b/drivers/clk/loongson1/clk-loongson1c.c
@@ -40,6 +40,7 @@ static const struct clk_div_table ahb_div_table[] = {
[1] = { .val = 1, .div = 4 },
[2] = { .val = 2, .div = 3 },
[3] = { .val = 3, .div = 3 },
+ [4] = { /* sentinel */ }
};
void __init ls1x_clk_init(void)
--
2.34.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 170/338] clk: clps711x: Terminate clk_div_table with sentinel element
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (168 preceding siblings ...)
2022-04-14 13:11 ` [PATCH 4.19 169/338] clk: loongson1: " Greg Kroah-Hartman
@ 2022-04-14 13:11 ` Greg Kroah-Hartman
2022-04-14 13:11 ` [PATCH 4.19 171/338] clk: tegra: tegra124-emc: Fix missing put_device() call in emc_ensure_emc_driver Greg Kroah-Hartman
` (173 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:11 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jonathan Neuschäfer,
Stephen Boyd, Sasha Levin
From: Jonathan Neuschäfer <j.neuschaefer@gmx.net>
[ Upstream commit 8bed4ed5aa3431085d9d27afc35d684856460eda ]
In order that the end of a clk_div_table can be detected, it must be
terminated with a sentinel element (.div = 0).
Fixes: 631c53478973d ("clk: Add CLPS711X clk driver")
Signed-off-by: Jonathan Neuschäfer <j.neuschaefer@gmx.net>
Link: https://lore.kernel.org/r/20220218000922.134857-5-j.neuschaefer@gmx.net
Signed-off-by: Stephen Boyd <sboyd@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/clk/clk-clps711x.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/clk/clk-clps711x.c b/drivers/clk/clk-clps711x.c
index 2c04396402ab..50b42e91a137 100644
--- a/drivers/clk/clk-clps711x.c
+++ b/drivers/clk/clk-clps711x.c
@@ -32,11 +32,13 @@ static const struct clk_div_table spi_div_table[] = {
{ .val = 1, .div = 8, },
{ .val = 2, .div = 2, },
{ .val = 3, .div = 1, },
+ { /* sentinel */ }
};
static const struct clk_div_table timer_div_table[] = {
{ .val = 0, .div = 256, },
{ .val = 1, .div = 1, },
+ { /* sentinel */ }
};
struct clps711x_clk {
--
2.34.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 171/338] clk: tegra: tegra124-emc: Fix missing put_device() call in emc_ensure_emc_driver
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (169 preceding siblings ...)
2022-04-14 13:11 ` [PATCH 4.19 170/338] clk: clps711x: " Greg Kroah-Hartman
@ 2022-04-14 13:11 ` Greg Kroah-Hartman
2022-04-14 13:11 ` [PATCH 4.19 172/338] NFS: remove unneeded check in decode_devicenotify_args() Greg Kroah-Hartman
` (172 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:11 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Miaoqian Lin, Thierry Reding,
Stephen Boyd, Sasha Levin
From: Miaoqian Lin <linmq006@gmail.com>
[ Upstream commit 6d6ef58c2470da85a99119f74d34216c8074b9f0 ]
The reference taken by 'of_find_device_by_node()' must be released when
not needed anymore.
Add the corresponding 'put_device()' in the error handling path.
Fixes: 2db04f16b589 ("clk: tegra: Add EMC clock driver")
Signed-off-by: Miaoqian Lin <linmq006@gmail.com>
Acked-by: Thierry Reding <treding@nvidia.com>
Link: https://lore.kernel.org/r/20220112104501.30655-1-linmq006@gmail.com
Signed-off-by: Stephen Boyd <sboyd@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/clk/tegra/clk-emc.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/clk/tegra/clk-emc.c b/drivers/clk/tegra/clk-emc.c
index 0621a3a82ea6..7aeace88be6e 100644
--- a/drivers/clk/tegra/clk-emc.c
+++ b/drivers/clk/tegra/clk-emc.c
@@ -190,6 +190,7 @@ static struct tegra_emc *emc_ensure_emc_driver(struct tegra_clk_emc *tegra)
tegra->emc = platform_get_drvdata(pdev);
if (!tegra->emc) {
+ put_device(&pdev->dev);
pr_err("%s: cannot find EMC driver\n", __func__);
return NULL;
}
--
2.34.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 172/338] NFS: remove unneeded check in decode_devicenotify_args()
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (170 preceding siblings ...)
2022-04-14 13:11 ` [PATCH 4.19 171/338] clk: tegra: tegra124-emc: Fix missing put_device() call in emc_ensure_emc_driver Greg Kroah-Hartman
@ 2022-04-14 13:11 ` Greg Kroah-Hartman
2022-04-14 13:11 ` [PATCH 4.19 173/338] pinctrl: mediatek: Fix missing of_node_put() in mtk_pctrl_init Greg Kroah-Hartman
` (171 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:11 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Alexey Khoroshilov, Trond Myklebust,
Sasha Levin
From: Alexey Khoroshilov <khoroshilov@ispras.ru>
[ Upstream commit cb8fac6d2727f79f211e745b16c9abbf4d8be652 ]
[You don't often get email from khoroshilov@ispras.ru. Learn why this is important at http://aka.ms/LearnAboutSenderIdentification.]
Overflow check in not needed anymore after we switch to kmalloc_array().
Signed-off-by: Alexey Khoroshilov <khoroshilov@ispras.ru>
Fixes: a4f743a6bb20 ("NFSv4.1: Convert open-coded array allocation calls to kmalloc_array()")
Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/nfs/callback_xdr.c | 4 ----
1 file changed, 4 deletions(-)
diff --git a/fs/nfs/callback_xdr.c b/fs/nfs/callback_xdr.c
index 76aa1b456c52..2f84c612838c 100644
--- a/fs/nfs/callback_xdr.c
+++ b/fs/nfs/callback_xdr.c
@@ -281,10 +281,6 @@ __be32 decode_devicenotify_args(struct svc_rqst *rqstp,
n = ntohl(*p++);
if (n == 0)
goto out;
- if (n > ULONG_MAX / sizeof(*args->devs)) {
- status = htonl(NFS4ERR_BADXDR);
- goto out;
- }
args->devs = kmalloc_array(n, sizeof(*args->devs), GFP_KERNEL);
if (!args->devs) {
--
2.34.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 173/338] pinctrl: mediatek: Fix missing of_node_put() in mtk_pctrl_init
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (171 preceding siblings ...)
2022-04-14 13:11 ` [PATCH 4.19 172/338] NFS: remove unneeded check in decode_devicenotify_args() Greg Kroah-Hartman
@ 2022-04-14 13:11 ` Greg Kroah-Hartman
2022-04-14 13:11 ` [PATCH 4.19 174/338] pinctrl: nomadik: Add missing of_node_put() in nmk_pinctrl_probe Greg Kroah-Hartman
` (170 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:11 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Miaoqian Lin,
AngeloGioacchino Del Regno, Linus Walleij, Sasha Levin
From: Miaoqian Lin <linmq006@gmail.com>
[ Upstream commit dab4df9ca919f59e5b9dd84385eaf34d4f20dbb0 ]
The device_node pointer is returned by of_parse_phandle() with refcount
incremented. We should use of_node_put() on it when done.
Fixes: a6df410d420a ("pinctrl: mediatek: Add Pinctrl/GPIO driver for mt8135.")
Signed-off-by: Miaoqian Lin <linmq006@gmail.com>
Reviewed-by: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
Link: https://lore.kernel.org/r/20220308071155.21114-1-linmq006@gmail.com
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/pinctrl/mediatek/pinctrl-mtk-common.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/pinctrl/mediatek/pinctrl-mtk-common.c b/drivers/pinctrl/mediatek/pinctrl-mtk-common.c
index 16ff56f93501..64fa544ac850 100644
--- a/drivers/pinctrl/mediatek/pinctrl-mtk-common.c
+++ b/drivers/pinctrl/mediatek/pinctrl-mtk-common.c
@@ -1046,6 +1046,7 @@ int mtk_pctrl_init(struct platform_device *pdev,
node = of_parse_phandle(np, "mediatek,pctl-regmap", 0);
if (node) {
pctl->regmap1 = syscon_node_to_regmap(node);
+ of_node_put(node);
if (IS_ERR(pctl->regmap1))
return PTR_ERR(pctl->regmap1);
} else if (regmap) {
@@ -1059,6 +1060,7 @@ int mtk_pctrl_init(struct platform_device *pdev,
node = of_parse_phandle(np, "mediatek,pctl-regmap", 1);
if (node) {
pctl->regmap2 = syscon_node_to_regmap(node);
+ of_node_put(node);
if (IS_ERR(pctl->regmap2))
return PTR_ERR(pctl->regmap2);
}
--
2.34.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 174/338] pinctrl: nomadik: Add missing of_node_put() in nmk_pinctrl_probe
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (172 preceding siblings ...)
2022-04-14 13:11 ` [PATCH 4.19 173/338] pinctrl: mediatek: Fix missing of_node_put() in mtk_pctrl_init Greg Kroah-Hartman
@ 2022-04-14 13:11 ` Greg Kroah-Hartman
2022-04-14 13:11 ` [PATCH 4.19 175/338] pinctrl/rockchip: Add missing of_node_put() in rockchip_pinctrl_probe Greg Kroah-Hartman
` (169 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:11 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Miaoqian Lin, Linus Walleij, Sasha Levin
From: Miaoqian Lin <linmq006@gmail.com>
[ Upstream commit c09ac191b1f97cfa06f394dbfd7a5db07986cefc ]
This node pointer is returned by of_parse_phandle() with refcount
incremented in this function. Calling of_node_put() to avoid
the refcount leak.
Fixes: 32e67eee670e ("pinctrl: nomadik: Allow prcm_base to be extracted from Device Tree")
Signed-off-by: Miaoqian Lin <linmq006@gmail.com>
Link: https://lore.kernel.org/r/20220307115116.25316-1-linmq006@gmail.com
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/pinctrl/nomadik/pinctrl-nomadik.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/pinctrl/nomadik/pinctrl-nomadik.c b/drivers/pinctrl/nomadik/pinctrl-nomadik.c
index f0e7a8c114b2..415e91360994 100644
--- a/drivers/pinctrl/nomadik/pinctrl-nomadik.c
+++ b/drivers/pinctrl/nomadik/pinctrl-nomadik.c
@@ -1916,8 +1916,10 @@ static int nmk_pinctrl_probe(struct platform_device *pdev)
}
prcm_np = of_parse_phandle(np, "prcm", 0);
- if (prcm_np)
+ if (prcm_np) {
npct->prcm_base = of_iomap(prcm_np, 0);
+ of_node_put(prcm_np);
+ }
if (!npct->prcm_base) {
if (version == PINCTRL_NMK_STN8815) {
dev_info(&pdev->dev,
--
2.34.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 175/338] pinctrl/rockchip: Add missing of_node_put() in rockchip_pinctrl_probe
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (173 preceding siblings ...)
2022-04-14 13:11 ` [PATCH 4.19 174/338] pinctrl: nomadik: Add missing of_node_put() in nmk_pinctrl_probe Greg Kroah-Hartman
@ 2022-04-14 13:11 ` Greg Kroah-Hartman
2022-04-14 13:11 ` Greg Kroah-Hartman
` (168 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:11 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Miaoqian Lin, Linus Walleij, Sasha Levin
From: Miaoqian Lin <linmq006@gmail.com>
[ Upstream commit 89388f8730699c259f8090ec435fb43569efe4ac ]
The device_node pointer is returned by of_parse_phandle() with refcount
incremented. We should use of_node_put() on it when done.
Fixes: 1e747e59cc4d ("pinctrl: rockchip: base regmap supplied by a syscon")
Fixes: 14dee8677e19 ("pinctrl: rockchip: let pmu registers be supplied by a syscon")
Signed-off-by: Miaoqian Lin <linmq006@gmail.com>
Link: https://lore.kernel.org/r/20220307120234.28657-1-linmq006@gmail.com
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/pinctrl/pinctrl-rockchip.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/pinctrl/pinctrl-rockchip.c b/drivers/pinctrl/pinctrl-rockchip.c
index d0d5b8bdbc10..dc405d7aa1b7 100644
--- a/drivers/pinctrl/pinctrl-rockchip.c
+++ b/drivers/pinctrl/pinctrl-rockchip.c
@@ -3400,6 +3400,7 @@ static int rockchip_pinctrl_probe(struct platform_device *pdev)
node = of_parse_phandle(np, "rockchip,grf", 0);
if (node) {
info->regmap_base = syscon_node_to_regmap(node);
+ of_node_put(node);
if (IS_ERR(info->regmap_base))
return PTR_ERR(info->regmap_base);
} else {
@@ -3436,6 +3437,7 @@ static int rockchip_pinctrl_probe(struct platform_device *pdev)
node = of_parse_phandle(np, "rockchip,pmu", 0);
if (node) {
info->regmap_pmu = syscon_node_to_regmap(node);
+ of_node_put(node);
if (IS_ERR(info->regmap_pmu))
return PTR_ERR(info->regmap_pmu);
}
--
2.34.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 176/338] tty: hvc: fix return value of __setup handler
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
@ 2022-04-14 13:11 ` Greg Kroah-Hartman
2022-04-14 13:08 ` [PATCH 4.19 002/338] USB: serial: simple: add Nokia phone driver Greg Kroah-Hartman
` (342 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:11 UTC (permalink / raw)
To: linux-kernel
Cc: Sasha Levin, Randy Dunlap, Vasily Gorbik, Greg Kroah-Hartman,
Jingoo Han, Julian Wiedmann, linuxppc-dev, stable, Igor Zhbanov,
Jiri Slaby
From: Randy Dunlap <rdunlap@infradead.org>
[ Upstream commit 53819a0d97aace1425bb042829e3446952a9e8a9 ]
__setup() handlers should return 1 to indicate that the boot option
has been handled or 0 to indicate that it was not handled.
Add a pr_warn() message if the option value is invalid and then
always return 1.
Link: lore.kernel.org/r/64644a2f-4a20-bab3-1e15-3b2cdd0defe3@omprussia.ru
Fixes: 86b40567b917 ("tty: replace strict_strtoul() with kstrtoul()")
Cc: Jingoo Han <jg1.han@samsung.com>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Jiri Slaby <jirislaby@kernel.org>
Cc: Michael Ellerman <mpe@ellerman.id.au>
Cc: Julian Wiedmann <jwi@linux.ibm.com>
Cc: Vasily Gorbik <gor@linux.ibm.com>
Cc: linuxppc-dev@lists.ozlabs.org
Reported-by: Igor Zhbanov <i.zhbanov@omprussia.ru>
Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
Link: https://lore.kernel.org/r/20220308024228.20477-1-rdunlap@infradead.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/tty/hvc/hvc_iucv.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/tty/hvc/hvc_iucv.c b/drivers/tty/hvc/hvc_iucv.c
index 2af1e5751bd6..796fbff623f6 100644
--- a/drivers/tty/hvc/hvc_iucv.c
+++ b/drivers/tty/hvc/hvc_iucv.c
@@ -1470,7 +1470,9 @@ static int __init hvc_iucv_init(void)
*/
static int __init hvc_iucv_config(char *val)
{
- return kstrtoul(val, 10, &hvc_iucv_devices);
+ if (kstrtoul(val, 10, &hvc_iucv_devices))
+ pr_warn("hvc_iucv= invalid parameter value '%s'\n", val);
+ return 1;
}
--
2.34.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 176/338] tty: hvc: fix return value of __setup handler
@ 2022-04-14 13:11 ` Greg Kroah-Hartman
0 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:11 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jingoo Han, Jiri Slaby,
Michael Ellerman, Julian Wiedmann, Vasily Gorbik, linuxppc-dev,
Igor Zhbanov, Randy Dunlap, Sasha Levin
From: Randy Dunlap <rdunlap@infradead.org>
[ Upstream commit 53819a0d97aace1425bb042829e3446952a9e8a9 ]
__setup() handlers should return 1 to indicate that the boot option
has been handled or 0 to indicate that it was not handled.
Add a pr_warn() message if the option value is invalid and then
always return 1.
Link: lore.kernel.org/r/64644a2f-4a20-bab3-1e15-3b2cdd0defe3@omprussia.ru
Fixes: 86b40567b917 ("tty: replace strict_strtoul() with kstrtoul()")
Cc: Jingoo Han <jg1.han@samsung.com>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Jiri Slaby <jirislaby@kernel.org>
Cc: Michael Ellerman <mpe@ellerman.id.au>
Cc: Julian Wiedmann <jwi@linux.ibm.com>
Cc: Vasily Gorbik <gor@linux.ibm.com>
Cc: linuxppc-dev@lists.ozlabs.org
Reported-by: Igor Zhbanov <i.zhbanov@omprussia.ru>
Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
Link: https://lore.kernel.org/r/20220308024228.20477-1-rdunlap@infradead.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/tty/hvc/hvc_iucv.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/tty/hvc/hvc_iucv.c b/drivers/tty/hvc/hvc_iucv.c
index 2af1e5751bd6..796fbff623f6 100644
--- a/drivers/tty/hvc/hvc_iucv.c
+++ b/drivers/tty/hvc/hvc_iucv.c
@@ -1470,7 +1470,9 @@ static int __init hvc_iucv_init(void)
*/
static int __init hvc_iucv_config(char *val)
{
- return kstrtoul(val, 10, &hvc_iucv_devices);
+ if (kstrtoul(val, 10, &hvc_iucv_devices))
+ pr_warn("hvc_iucv= invalid parameter value '%s'\n", val);
+ return 1;
}
--
2.34.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 177/338] kgdboc: fix return value of __setup handler
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (175 preceding siblings ...)
2022-04-14 13:11 ` Greg Kroah-Hartman
@ 2022-04-14 13:11 ` Greg Kroah-Hartman
2022-04-14 13:11 ` [PATCH 4.19 178/338] kgdbts: " Greg Kroah-Hartman
` (166 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:11 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, He Zhe, Jiri Slaby, kgdb-bugreport,
Jason Wessel, Daniel Thompson, Douglas Anderson, linux-serial,
Igor Zhbanov, Randy Dunlap, Sasha Levin
From: Randy Dunlap <rdunlap@infradead.org>
[ Upstream commit ab818c7aa7544bf8d2dd4bdf68878b17a02eb332 ]
__setup() handlers should return 1 to obsolete_checksetup() in
init/main.c to indicate that the boot option has been handled.
A return of 0 causes the boot option/value to be listed as an Unknown
kernel parameter and added to init's (limited) environment strings.
So return 1 from kgdboc_option_setup().
Unknown kernel command line parameters "BOOT_IMAGE=/boot/bzImage-517rc7
kgdboc=kbd kgdbts=", will be passed to user space.
Run /sbin/init as init process
with arguments:
/sbin/init
with environment:
HOME=/
TERM=linux
BOOT_IMAGE=/boot/bzImage-517rc7
kgdboc=kbd
kgdbts=
Link: lore.kernel.org/r/64644a2f-4a20-bab3-1e15-3b2cdd0defe3@omprussia.ru
Fixes: 1bd54d851f50 ("kgdboc: Passing ekgdboc to command line causes panic")
Fixes: f2d937f3bf00 ("consoles: polling support, kgdboc")
Cc: He Zhe <zhe.he@windriver.com>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Jiri Slaby <jirislaby@kernel.org>
Cc: kgdb-bugreport@lists.sourceforge.net
Cc: Jason Wessel <jason.wessel@windriver.com>
Cc: Daniel Thompson <daniel.thompson@linaro.org>
Cc: Douglas Anderson <dianders@chromium.org>
Cc: linux-serial@vger.kernel.org
Reported-by: Igor Zhbanov <i.zhbanov@omprussia.ru>
Reviewed-by: Douglas Anderson <dianders@chromium.org>
Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
Link: https://lore.kernel.org/r/20220309033018.17936-1-rdunlap@infradead.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/tty/serial/kgdboc.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/drivers/tty/serial/kgdboc.c b/drivers/tty/serial/kgdboc.c
index b0aa864f84a9..6e81d782d8a0 100644
--- a/drivers/tty/serial/kgdboc.c
+++ b/drivers/tty/serial/kgdboc.c
@@ -302,16 +302,16 @@ static int kgdboc_option_setup(char *opt)
{
if (!opt) {
pr_err("config string not provided\n");
- return -EINVAL;
+ return 1;
}
if (strlen(opt) >= MAX_CONFIG_LEN) {
pr_err("config string too long\n");
- return -ENOSPC;
+ return 1;
}
strcpy(config, opt);
- return 0;
+ return 1;
}
__setup("kgdboc=", kgdboc_option_setup);
--
2.34.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 178/338] kgdbts: fix return value of __setup handler
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (176 preceding siblings ...)
2022-04-14 13:11 ` [PATCH 4.19 177/338] kgdboc: " Greg Kroah-Hartman
@ 2022-04-14 13:11 ` Greg Kroah-Hartman
2022-04-14 13:11 ` [PATCH 4.19 179/338] jfs: fix divide error in dbNextAG Greg Kroah-Hartman
` (165 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:11 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, kgdb-bugreport, Jason Wessel,
Daniel Thompson, Douglas Anderson, Arnd Bergmann, Igor Zhbanov,
Randy Dunlap, Sasha Levin
From: Randy Dunlap <rdunlap@infradead.org>
[ Upstream commit 96c9e802c64014a7716865332d732cc9c7f24593 ]
__setup() handlers should return 1 to indicate that the boot option
has been handled. A return of 0 causes the boot option/value to be
listed as an Unknown kernel parameter and added to init's (limited)
environment strings. So return 1 from kgdbts_option_setup().
Unknown kernel command line parameters "BOOT_IMAGE=/boot/bzImage-517rc7
kgdboc=kbd kgdbts=", will be passed to user space.
Run /sbin/init as init process
with arguments:
/sbin/init
with environment:
HOME=/
TERM=linux
BOOT_IMAGE=/boot/bzImage-517rc7
kgdboc=kbd
kgdbts=
Link: lore.kernel.org/r/64644a2f-4a20-bab3-1e15-3b2cdd0defe3@omprussia.ru
Fixes: e8d31c204e36 ("kgdb: add kgdb internal test suite")
Cc: kgdb-bugreport@lists.sourceforge.net
Cc: Jason Wessel <jason.wessel@windriver.com>
Cc: Daniel Thompson <daniel.thompson@linaro.org>
Cc: Douglas Anderson <dianders@chromium.org>
Cc: Arnd Bergmann <arnd@arndb.de>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Reported-by: Igor Zhbanov <i.zhbanov@omprussia.ru>
Reviewed-by: Douglas Anderson <dianders@chromium.org>
Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
Link: https://lore.kernel.org/r/20220308033255.22118-1-rdunlap@infradead.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/misc/kgdbts.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/misc/kgdbts.c b/drivers/misc/kgdbts.c
index 49e08b6133f5..bc4dc92af1f6 100644
--- a/drivers/misc/kgdbts.c
+++ b/drivers/misc/kgdbts.c
@@ -1072,10 +1072,10 @@ static int kgdbts_option_setup(char *opt)
{
if (strlen(opt) >= MAX_CONFIG_LEN) {
printk(KERN_ERR "kgdbts: config string too long\n");
- return -ENOSPC;
+ return 1;
}
strcpy(config, opt);
- return 0;
+ return 1;
}
__setup("kgdbts=", kgdbts_option_setup);
--
2.34.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 179/338] jfs: fix divide error in dbNextAG
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (177 preceding siblings ...)
2022-04-14 13:11 ` [PATCH 4.19 178/338] kgdbts: " Greg Kroah-Hartman
@ 2022-04-14 13:11 ` Greg Kroah-Hartman
2022-04-14 13:11 ` [PATCH 4.19 180/338] netfilter: nf_conntrack_tcp: preserve liberal flag in tcp options Greg Kroah-Hartman
` (164 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:11 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Pavel Skripkin, Dave Kleikamp,
Sasha Levin, syzbot+46f5c25af73eb8330eb6
From: Pavel Skripkin <paskripkin@gmail.com>
[ Upstream commit 2cc7cc01c15f57d056318c33705647f87dcd4aab ]
Syzbot reported divide error in dbNextAG(). The problem was in missing
validation check for malicious image.
Syzbot crafted an image with bmp->db_numag equal to 0. There wasn't any
validation checks, but dbNextAG() blindly use bmp->db_numag in divide
expression
Fix it by validating bmp->db_numag in dbMount() and return an error if
image is malicious
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Reported-and-tested-by: syzbot+46f5c25af73eb8330eb6@syzkaller.appspotmail.com
Signed-off-by: Pavel Skripkin <paskripkin@gmail.com>
Signed-off-by: Dave Kleikamp <dave.kleikamp@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/jfs/jfs_dmap.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/fs/jfs/jfs_dmap.c b/fs/jfs/jfs_dmap.c
index 687b07b9b4f6..f05805a10a50 100644
--- a/fs/jfs/jfs_dmap.c
+++ b/fs/jfs/jfs_dmap.c
@@ -161,6 +161,7 @@ static const s8 budtab[256] = {
* 0 - success
* -ENOMEM - insufficient memory
* -EIO - i/o error
+ * -EINVAL - wrong bmap data
*/
int dbMount(struct inode *ipbmap)
{
@@ -192,6 +193,12 @@ int dbMount(struct inode *ipbmap)
bmp->db_nfree = le64_to_cpu(dbmp_le->dn_nfree);
bmp->db_l2nbperpage = le32_to_cpu(dbmp_le->dn_l2nbperpage);
bmp->db_numag = le32_to_cpu(dbmp_le->dn_numag);
+ if (!bmp->db_numag) {
+ release_metapage(mp);
+ kfree(bmp);
+ return -EINVAL;
+ }
+
bmp->db_maxlevel = le32_to_cpu(dbmp_le->dn_maxlevel);
bmp->db_maxag = le32_to_cpu(dbmp_le->dn_maxag);
bmp->db_agpref = le32_to_cpu(dbmp_le->dn_agpref);
--
2.34.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 180/338] netfilter: nf_conntrack_tcp: preserve liberal flag in tcp options
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (178 preceding siblings ...)
2022-04-14 13:11 ` [PATCH 4.19 179/338] jfs: fix divide error in dbNextAG Greg Kroah-Hartman
@ 2022-04-14 13:11 ` Greg Kroah-Hartman
2022-04-14 13:11 ` [PATCH 4.19 181/338] clk: qcom: gcc-msm8994: Fix gpll4 width Greg Kroah-Hartman
` (163 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:11 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Sven Auhagen, Pablo Neira Ayuso, Sasha Levin
From: Pablo Neira Ayuso <pablo@netfilter.org>
[ Upstream commit f2dd495a8d589371289981d5ed33e6873df94ecc ]
Do not reset IP_CT_TCP_FLAG_BE_LIBERAL flag in out-of-sync scenarios
coming before the TCP window tracking, otherwise such connections will
fail in the window check.
Update tcp_options() to leave this flag in place and add a new helper
function to reset the tcp window state.
Based on patch from Sven Auhagen.
Fixes: c4832c7bbc3f ("netfilter: nf_ct_tcp: improve out-of-sync situation in TCP tracking")
Tested-by: Sven Auhagen <sven.auhagen@voleatech.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/netfilter/nf_conntrack_proto_tcp.c | 17 +++++++++++++----
1 file changed, 13 insertions(+), 4 deletions(-)
diff --git a/net/netfilter/nf_conntrack_proto_tcp.c b/net/netfilter/nf_conntrack_proto_tcp.c
index 40f8a1252394..66cda5e2d6b9 100644
--- a/net/netfilter/nf_conntrack_proto_tcp.c
+++ b/net/netfilter/nf_conntrack_proto_tcp.c
@@ -362,8 +362,8 @@ static void tcp_options(const struct sk_buff *skb,
length, buff);
BUG_ON(ptr == NULL);
- state->td_scale =
- state->flags = 0;
+ state->td_scale = 0;
+ state->flags &= IP_CT_TCP_FLAG_BE_LIBERAL;
while (length > 0) {
int opcode=*ptr++;
@@ -784,6 +784,16 @@ static bool nf_conntrack_tcp_established(const struct nf_conn *ct)
test_bit(IPS_ASSURED_BIT, &ct->status);
}
+static void nf_ct_tcp_state_reset(struct ip_ct_tcp_state *state)
+{
+ state->td_end = 0;
+ state->td_maxend = 0;
+ state->td_maxwin = 0;
+ state->td_maxack = 0;
+ state->td_scale = 0;
+ state->flags &= IP_CT_TCP_FLAG_BE_LIBERAL;
+}
+
/* Returns verdict for packet, or -1 for invalid. */
static int tcp_packet(struct nf_conn *ct,
const struct sk_buff *skb,
@@ -882,8 +892,7 @@ static int tcp_packet(struct nf_conn *ct,
ct->proto.tcp.last_flags &= ~IP_CT_EXP_CHALLENGE_ACK;
ct->proto.tcp.seen[ct->proto.tcp.last_dir].flags =
ct->proto.tcp.last_flags;
- memset(&ct->proto.tcp.seen[dir], 0,
- sizeof(struct ip_ct_tcp_state));
+ nf_ct_tcp_state_reset(&ct->proto.tcp.seen[dir]);
break;
}
ct->proto.tcp.last_index = index;
--
2.34.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 181/338] clk: qcom: gcc-msm8994: Fix gpll4 width
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (179 preceding siblings ...)
2022-04-14 13:11 ` [PATCH 4.19 180/338] netfilter: nf_conntrack_tcp: preserve liberal flag in tcp options Greg Kroah-Hartman
@ 2022-04-14 13:11 ` Greg Kroah-Hartman
2022-04-14 13:11 ` [PATCH 4.19 182/338] xen: fix is_xen_pmu() Greg Kroah-Hartman
` (162 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:11 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Konrad Dybcio, Petr Vorel,
Stephen Boyd, Sasha Levin
From: Konrad Dybcio <konrad.dybcio@somainline.org>
[ Upstream commit 71021db1c532c2545ae53b9ee85b37b7154f51d4 ]
The gpll4 postdiv is actually a div4, so make sure that Linux is aware of
this.
This fixes the following error messages:
mmc1: Card appears overclocked; req 200000000 Hz, actual 343999999 Hz
mmc1: Card appears overclocked; req 400000000 Hz, actual 687999999 Hz
Fixes: aec89f78cf01 ("clk: qcom: Add support for msm8994 global clock controller")
Signed-off-by: Konrad Dybcio <konrad.dybcio@somainline.org>
Link: https://lore.kernel.org/r/20220319174940.341137-1-konrad.dybcio@somainline.org
Tested-by: Petr Vorel <petr.vorel@gmail.com>
Reviewed-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Stephen Boyd <sboyd@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/clk/qcom/gcc-msm8994.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/clk/qcom/gcc-msm8994.c b/drivers/clk/qcom/gcc-msm8994.c
index 53f0f369a33e..4ec481efedc8 100644
--- a/drivers/clk/qcom/gcc-msm8994.c
+++ b/drivers/clk/qcom/gcc-msm8994.c
@@ -115,6 +115,7 @@ static struct clk_alpha_pll gpll4_early = {
static struct clk_alpha_pll_postdiv gpll4 = {
.offset = 0x1dc0,
+ .width = 4,
.regs = clk_alpha_pll_regs[CLK_ALPHA_PLL_TYPE_DEFAULT],
.clkr.hw.init = &(struct clk_init_data)
{
--
2.34.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 182/338] xen: fix is_xen_pmu()
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (180 preceding siblings ...)
2022-04-14 13:11 ` [PATCH 4.19 181/338] clk: qcom: gcc-msm8994: Fix gpll4 width Greg Kroah-Hartman
@ 2022-04-14 13:11 ` Greg Kroah-Hartman
2022-04-14 13:11 ` [PATCH 4.19 183/338] net: phy: broadcom: Fix brcm_fet_config_init() Greg Kroah-Hartman
` (161 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:11 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Marek Marczykowski-Górecki,
Juergen Gross, Boris Ostrovsky, Sasha Levin
From: Juergen Gross <jgross@suse.com>
[ Upstream commit de2ae403b4c0e79a3410e63bc448542fbb9f9bfc ]
is_xen_pmu() is taking the cpu number as parameter, but it is not using
it. Instead it just tests whether the Xen PMU initialization on the
current cpu did succeed. As this test is done by checking a percpu
pointer, preemption needs to be disabled in order to avoid switching
the cpu while doing the test. While resuming from suspend() this seems
not to be the case:
[ 88.082751] ACPI: PM: Low-level resume complete
[ 88.087933] ACPI: EC: EC started
[ 88.091464] ACPI: PM: Restoring platform NVS memory
[ 88.097166] xen_acpi_processor: Uploading Xen processor PM info
[ 88.103850] Enabling non-boot CPUs ...
[ 88.108128] installing Xen timer for CPU 1
[ 88.112763] BUG: using smp_processor_id() in preemptible [00000000] code: systemd-sleep/7138
[ 88.122256] caller is is_xen_pmu+0x12/0x30
[ 88.126937] CPU: 0 PID: 7138 Comm: systemd-sleep Tainted: G W 5.16.13-2.fc32.qubes.x86_64 #1
[ 88.137939] Hardware name: Star Labs StarBook/StarBook, BIOS 7.97 03/21/2022
[ 88.145930] Call Trace:
[ 88.148757] <TASK>
[ 88.151193] dump_stack_lvl+0x48/0x5e
[ 88.155381] check_preemption_disabled+0xde/0xe0
[ 88.160641] is_xen_pmu+0x12/0x30
[ 88.164441] xen_smp_intr_init_pv+0x75/0x100
Fix that by replacing is_xen_pmu() by a simple boolean variable which
reflects the Xen PMU initialization state on cpu 0.
Modify xen_pmu_init() to return early in case it is being called for a
cpu other than cpu 0 and the boolean variable not being set.
Fixes: bf6dfb154d93 ("xen/PMU: PMU emulation code")
Reported-by: Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>
Signed-off-by: Juergen Gross <jgross@suse.com>
Reviewed-by: Boris Ostrovsky <boris.ostrovsky@oracle.com>
Link: https://lore.kernel.org/r/20220325142002.31789-1-jgross@suse.com
Signed-off-by: Boris Ostrovsky <boris.ostrovsky@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/x86/xen/pmu.c | 10 ++++------
arch/x86/xen/pmu.h | 3 ++-
arch/x86/xen/smp_pv.c | 2 +-
3 files changed, 7 insertions(+), 8 deletions(-)
diff --git a/arch/x86/xen/pmu.c b/arch/x86/xen/pmu.c
index 95997e6c0696..9813298ba57d 100644
--- a/arch/x86/xen/pmu.c
+++ b/arch/x86/xen/pmu.c
@@ -505,10 +505,7 @@ irqreturn_t xen_pmu_irq_handler(int irq, void *dev_id)
return ret;
}
-bool is_xen_pmu(int cpu)
-{
- return (get_xenpmu_data() != NULL);
-}
+bool is_xen_pmu;
void xen_pmu_init(int cpu)
{
@@ -519,7 +516,7 @@ void xen_pmu_init(int cpu)
BUILD_BUG_ON(sizeof(struct xen_pmu_data) > PAGE_SIZE);
- if (xen_hvm_domain())
+ if (xen_hvm_domain() || (cpu != 0 && !is_xen_pmu))
return;
xenpmu_data = (struct xen_pmu_data *)get_zeroed_page(GFP_KERNEL);
@@ -540,7 +537,8 @@ void xen_pmu_init(int cpu)
per_cpu(xenpmu_shared, cpu).xenpmu_data = xenpmu_data;
per_cpu(xenpmu_shared, cpu).flags = 0;
- if (cpu == 0) {
+ if (!is_xen_pmu) {
+ is_xen_pmu = true;
perf_register_guest_info_callbacks(&xen_guest_cbs);
xen_pmu_arch_init();
}
diff --git a/arch/x86/xen/pmu.h b/arch/x86/xen/pmu.h
index 0e83a160589b..65c58894fc79 100644
--- a/arch/x86/xen/pmu.h
+++ b/arch/x86/xen/pmu.h
@@ -4,6 +4,8 @@
#include <xen/interface/xenpmu.h>
+extern bool is_xen_pmu;
+
irqreturn_t xen_pmu_irq_handler(int irq, void *dev_id);
#ifdef CONFIG_XEN_HAVE_VPMU
void xen_pmu_init(int cpu);
@@ -12,7 +14,6 @@ void xen_pmu_finish(int cpu);
static inline void xen_pmu_init(int cpu) {}
static inline void xen_pmu_finish(int cpu) {}
#endif
-bool is_xen_pmu(int cpu);
bool pmu_msr_read(unsigned int msr, uint64_t *val, int *err);
bool pmu_msr_write(unsigned int msr, uint32_t low, uint32_t high, int *err);
int pmu_apic_update(uint32_t reg);
diff --git a/arch/x86/xen/smp_pv.c b/arch/x86/xen/smp_pv.c
index 41fd4c123165..e8248e8a04ca 100644
--- a/arch/x86/xen/smp_pv.c
+++ b/arch/x86/xen/smp_pv.c
@@ -126,7 +126,7 @@ int xen_smp_intr_init_pv(unsigned int cpu)
per_cpu(xen_irq_work, cpu).irq = rc;
per_cpu(xen_irq_work, cpu).name = callfunc_name;
- if (is_xen_pmu(cpu)) {
+ if (is_xen_pmu) {
pmu_name = kasprintf(GFP_KERNEL, "pmu%d", cpu);
rc = bind_virq_to_irqhandler(VIRQ_XENPMU, cpu,
xen_pmu_irq_handler,
--
2.34.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 183/338] net: phy: broadcom: Fix brcm_fet_config_init()
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (181 preceding siblings ...)
2022-04-14 13:11 ` [PATCH 4.19 182/338] xen: fix is_xen_pmu() Greg Kroah-Hartman
@ 2022-04-14 13:11 ` Greg Kroah-Hartman
2022-04-14 13:11 ` [PATCH 4.19 184/338] qlcnic: dcb: default to returning -EOPNOTSUPP Greg Kroah-Hartman
` (160 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:11 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Florian Fainelli, Jakub Kicinski,
Sasha Levin
From: Florian Fainelli <f.fainelli@gmail.com>
[ Upstream commit bf8bfc4336f7a34e48b3bbd19b1542bf085bdc3d ]
A Broadcom AC201 PHY (same entry as 5241) would be flagged by the
Broadcom UniMAC MDIO controller as not completing the turn around
properly since the PHY expects 65 MDC clock cycles to complete a write
cycle, and the MDIO controller was only sending 64 MDC clock cycles as
determined by looking at a scope shot.
This would make the subsequent read fail with the UniMAC MDIO controller
command field having MDIO_READ_FAIL set and we would abort the
brcm_fet_config_init() function and thus not probe the PHY at all.
After issuing a software reset, wait for at least 1ms which is well
above the 1us reset delay advertised by the datasheet and issue a dummy
read to let the PHY turn around the line properly. This read
specifically ignores -EIO which would be returned by MDIO controllers
checking for the line being turned around.
If we have a genuine reaad failure, the next read of the interrupt
status register would pick it up anyway.
Fixes: d7a2ed9248a3 ("broadcom: Add AC131 phy support")
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Link: https://lore.kernel.org/r/20220324232438.1156812-1-f.fainelli@gmail.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/phy/broadcom.c | 21 +++++++++++++++++++++
1 file changed, 21 insertions(+)
diff --git a/drivers/net/phy/broadcom.c b/drivers/net/phy/broadcom.c
index e86ea105c802..94622d119abc 100644
--- a/drivers/net/phy/broadcom.c
+++ b/drivers/net/phy/broadcom.c
@@ -15,6 +15,7 @@
*/
#include "bcm-phy-lib.h"
+#include <linux/delay.h>
#include <linux/module.h>
#include <linux/phy.h>
#include <linux/brcmphy.h>
@@ -462,6 +463,26 @@ static int brcm_fet_config_init(struct phy_device *phydev)
if (err < 0)
return err;
+ /* The datasheet indicates the PHY needs up to 1us to complete a reset,
+ * build some slack here.
+ */
+ usleep_range(1000, 2000);
+
+ /* The PHY requires 65 MDC clock cycles to complete a write operation
+ * and turnaround the line properly.
+ *
+ * We ignore -EIO here as the MDIO controller (e.g.: mdio-bcm-unimac)
+ * may flag the lack of turn-around as a read failure. This is
+ * particularly true with this combination since the MDIO controller
+ * only used 64 MDC cycles. This is not a critical failure in this
+ * specific case and it has no functional impact otherwise, so we let
+ * that one go through. If there is a genuine bus error, the next read
+ * of MII_BRCM_FET_INTREG will error out.
+ */
+ err = phy_read(phydev, MII_BMCR);
+ if (err < 0 && err != -EIO)
+ return err;
+
reg = phy_read(phydev, MII_BRCM_FET_INTREG);
if (reg < 0)
return reg;
--
2.34.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 184/338] qlcnic: dcb: default to returning -EOPNOTSUPP
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (182 preceding siblings ...)
2022-04-14 13:11 ` [PATCH 4.19 183/338] net: phy: broadcom: Fix brcm_fet_config_init() Greg Kroah-Hartman
@ 2022-04-14 13:11 ` Greg Kroah-Hartman
2022-04-14 13:11 ` [PATCH 4.19 185/338] net/x25: Fix null-ptr-deref caused by x25_disconnect Greg Kroah-Hartman
` (159 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:11 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Tom Rix, David S. Miller, Sasha Levin
From: Tom Rix <trix@redhat.com>
[ Upstream commit 1521db37f0d42334a88e8ff28198a27d1ed5cd7b ]
Clang static analysis reports this issue
qlcnic_dcb.c:382:10: warning: Assigned value is
garbage or undefined
mbx_out = *val;
^ ~~~~
val is set in the qlcnic_dcb_query_hw_capability() wrapper.
If there is no query_hw_capability op in dcp, success is
returned without setting the val.
For this and similar wrappers, return -EOPNOTSUPP.
Fixes: 14d385b99059 ("qlcnic: dcb: Query adapter DCB capabilities.")
Signed-off-by: Tom Rix <trix@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/qlogic/qlcnic/qlcnic_dcb.h | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/drivers/net/ethernet/qlogic/qlcnic/qlcnic_dcb.h b/drivers/net/ethernet/qlogic/qlcnic/qlcnic_dcb.h
index f4aa6331b367..0a9d24e86715 100644
--- a/drivers/net/ethernet/qlogic/qlcnic/qlcnic_dcb.h
+++ b/drivers/net/ethernet/qlogic/qlcnic/qlcnic_dcb.h
@@ -52,7 +52,7 @@ static inline int qlcnic_dcb_get_hw_capability(struct qlcnic_dcb *dcb)
if (dcb && dcb->ops->get_hw_capability)
return dcb->ops->get_hw_capability(dcb);
- return 0;
+ return -EOPNOTSUPP;
}
static inline void qlcnic_dcb_free(struct qlcnic_dcb *dcb)
@@ -66,7 +66,7 @@ static inline int qlcnic_dcb_attach(struct qlcnic_dcb *dcb)
if (dcb && dcb->ops->attach)
return dcb->ops->attach(dcb);
- return 0;
+ return -EOPNOTSUPP;
}
static inline int
@@ -75,7 +75,7 @@ qlcnic_dcb_query_hw_capability(struct qlcnic_dcb *dcb, char *buf)
if (dcb && dcb->ops->query_hw_capability)
return dcb->ops->query_hw_capability(dcb, buf);
- return 0;
+ return -EOPNOTSUPP;
}
static inline void qlcnic_dcb_get_info(struct qlcnic_dcb *dcb)
@@ -90,7 +90,7 @@ qlcnic_dcb_query_cee_param(struct qlcnic_dcb *dcb, char *buf, u8 type)
if (dcb && dcb->ops->query_cee_param)
return dcb->ops->query_cee_param(dcb, buf, type);
- return 0;
+ return -EOPNOTSUPP;
}
static inline int qlcnic_dcb_get_cee_cfg(struct qlcnic_dcb *dcb)
@@ -98,7 +98,7 @@ static inline int qlcnic_dcb_get_cee_cfg(struct qlcnic_dcb *dcb)
if (dcb && dcb->ops->get_cee_cfg)
return dcb->ops->get_cee_cfg(dcb);
- return 0;
+ return -EOPNOTSUPP;
}
static inline void qlcnic_dcb_aen_handler(struct qlcnic_dcb *dcb, void *msg)
--
2.34.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 185/338] net/x25: Fix null-ptr-deref caused by x25_disconnect
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (183 preceding siblings ...)
2022-04-14 13:11 ` [PATCH 4.19 184/338] qlcnic: dcb: default to returning -EOPNOTSUPP Greg Kroah-Hartman
@ 2022-04-14 13:11 ` Greg Kroah-Hartman
2022-04-14 13:11 ` [PATCH 4.19 186/338] NFSv4/pNFS: Fix another issue with a list iterator pointing to the head Greg Kroah-Hartman
` (158 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:11 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Duoming Zhou, Lin Ma,
David S. Miller, Sasha Levin
From: Duoming Zhou <duoming@zju.edu.cn>
[ Upstream commit 7781607938c8371d4c2b243527430241c62e39c2 ]
When the link layer is terminating, x25->neighbour will be set to NULL
in x25_disconnect(). As a result, it could cause null-ptr-deref bugs in
x25_sendmsg(),x25_recvmsg() and x25_connect(). One of the bugs is
shown below.
(Thread 1) | (Thread 2)
x25_link_terminated() | x25_recvmsg()
x25_kill_by_neigh() | ...
x25_disconnect() | lock_sock(sk)
... | ...
x25->neighbour = NULL //(1) |
... | x25->neighbour->extended //(2)
The code sets NULL to x25->neighbour in position (1) and dereferences
x25->neighbour in position (2), which could cause null-ptr-deref bug.
This patch adds lock_sock() in x25_kill_by_neigh() in order to synchronize
with x25_sendmsg(), x25_recvmsg() and x25_connect(). What`s more, the
sock held by lock_sock() is not NULL, because it is extracted from x25_list
and uses x25_list_lock to synchronize.
Fixes: 4becb7ee5b3d ("net/x25: Fix x25_neigh refcnt leak when x25 disconnect")
Signed-off-by: Duoming Zhou <duoming@zju.edu.cn>
Reviewed-by: Lin Ma <linma@zju.edu.cn>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/x25/af_x25.c | 11 ++++++++---
1 file changed, 8 insertions(+), 3 deletions(-)
diff --git a/net/x25/af_x25.c b/net/x25/af_x25.c
index f87002792836..77d8adb27ec7 100644
--- a/net/x25/af_x25.c
+++ b/net/x25/af_x25.c
@@ -1797,10 +1797,15 @@ void x25_kill_by_neigh(struct x25_neigh *nb)
write_lock_bh(&x25_list_lock);
- sk_for_each(s, &x25_list)
- if (x25_sk(s)->neighbour == nb)
+ sk_for_each(s, &x25_list) {
+ if (x25_sk(s)->neighbour == nb) {
+ write_unlock_bh(&x25_list_lock);
+ lock_sock(s);
x25_disconnect(s, ENETUNREACH, 0, 0);
-
+ release_sock(s);
+ write_lock_bh(&x25_list_lock);
+ }
+ }
write_unlock_bh(&x25_list_lock);
/* Remove any related forwards */
--
2.34.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 186/338] NFSv4/pNFS: Fix another issue with a list iterator pointing to the head
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (184 preceding siblings ...)
2022-04-14 13:11 ` [PATCH 4.19 185/338] net/x25: Fix null-ptr-deref caused by x25_disconnect Greg Kroah-Hartman
@ 2022-04-14 13:11 ` Greg Kroah-Hartman
2022-04-14 13:11 ` [PATCH 4.19 187/338] lib/test: use after free in register_test_dev_kmod() Greg Kroah-Hartman
` (157 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:11 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Xiaomeng Tong, Trond Myklebust, Sasha Levin
From: Trond Myklebust <trond.myklebust@hammerspace.com>
[ Upstream commit 7c9d845f0612e5bcd23456a2ec43be8ac43458f1 ]
In nfs4_callback_devicenotify(), if we don't find a matching entry for
the deviceid, we're left with a pointer to 'struct nfs_server' that
actually points to the list of super blocks associated with our struct
nfs_client.
Furthermore, even if we have a valid pointer, nothing pins the super
block, and so the struct nfs_server could end up getting freed while
we're using it.
Since all we want is a pointer to the struct pnfs_layoutdriver_type,
let's skip all the iteration over super blocks, and just use APIs to
find the layout driver directly.
Reported-by: Xiaomeng Tong <xiam0nd.tong@gmail.com>
Fixes: 1be5683b03a7 ("pnfs: CB_NOTIFY_DEVICEID")
Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/nfs/callback_proc.c | 27 +++++++++------------------
fs/nfs/pnfs.c | 11 +++++++++++
fs/nfs/pnfs.h | 2 ++
3 files changed, 22 insertions(+), 18 deletions(-)
diff --git a/fs/nfs/callback_proc.c b/fs/nfs/callback_proc.c
index 868d66ed8bcf..f2a854805f0e 100644
--- a/fs/nfs/callback_proc.c
+++ b/fs/nfs/callback_proc.c
@@ -364,12 +364,11 @@ __be32 nfs4_callback_devicenotify(void *argp, void *resp,
struct cb_process_state *cps)
{
struct cb_devicenotifyargs *args = argp;
+ const struct pnfs_layoutdriver_type *ld = NULL;
uint32_t i;
__be32 res = 0;
- struct nfs_client *clp = cps->clp;
- struct nfs_server *server = NULL;
- if (!clp) {
+ if (!cps->clp) {
res = cpu_to_be32(NFS4ERR_OP_NOT_IN_SESSION);
goto out;
}
@@ -377,23 +376,15 @@ __be32 nfs4_callback_devicenotify(void *argp, void *resp,
for (i = 0; i < args->ndevs; i++) {
struct cb_devicenotifyitem *dev = &args->devs[i];
- if (!server ||
- server->pnfs_curr_ld->id != dev->cbd_layout_type) {
- rcu_read_lock();
- list_for_each_entry_rcu(server, &clp->cl_superblocks, client_link)
- if (server->pnfs_curr_ld &&
- server->pnfs_curr_ld->id == dev->cbd_layout_type) {
- rcu_read_unlock();
- goto found;
- }
- rcu_read_unlock();
- continue;
+ if (!ld || ld->id != dev->cbd_layout_type) {
+ pnfs_put_layoutdriver(ld);
+ ld = pnfs_find_layoutdriver(dev->cbd_layout_type);
+ if (!ld)
+ continue;
}
-
- found:
- nfs4_delete_deviceid(server->pnfs_curr_ld, clp, &dev->cbd_dev_id);
+ nfs4_delete_deviceid(ld, cps->clp, &dev->cbd_dev_id);
}
-
+ pnfs_put_layoutdriver(ld);
out:
kfree(args->devs);
return res;
diff --git a/fs/nfs/pnfs.c b/fs/nfs/pnfs.c
index c900cb2119ba..0f1c15859418 100644
--- a/fs/nfs/pnfs.c
+++ b/fs/nfs/pnfs.c
@@ -92,6 +92,17 @@ find_pnfs_driver(u32 id)
return local;
}
+const struct pnfs_layoutdriver_type *pnfs_find_layoutdriver(u32 id)
+{
+ return find_pnfs_driver(id);
+}
+
+void pnfs_put_layoutdriver(const struct pnfs_layoutdriver_type *ld)
+{
+ if (ld)
+ module_put(ld->owner);
+}
+
void
unset_pnfs_layoutdriver(struct nfs_server *nfss)
{
diff --git a/fs/nfs/pnfs.h b/fs/nfs/pnfs.h
index 80fafa29e567..d5d818b1ac9d 100644
--- a/fs/nfs/pnfs.h
+++ b/fs/nfs/pnfs.h
@@ -225,6 +225,8 @@ struct pnfs_devicelist {
extern int pnfs_register_layoutdriver(struct pnfs_layoutdriver_type *);
extern void pnfs_unregister_layoutdriver(struct pnfs_layoutdriver_type *);
+extern const struct pnfs_layoutdriver_type *pnfs_find_layoutdriver(u32 id);
+extern void pnfs_put_layoutdriver(const struct pnfs_layoutdriver_type *ld);
/* nfs4proc.c */
extern size_t max_response_pages(struct nfs_server *server);
--
2.34.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 187/338] lib/test: use after free in register_test_dev_kmod()
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (185 preceding siblings ...)
2022-04-14 13:11 ` [PATCH 4.19 186/338] NFSv4/pNFS: Fix another issue with a list iterator pointing to the head Greg Kroah-Hartman
@ 2022-04-14 13:11 ` Greg Kroah-Hartman
2022-04-14 13:11 ` [PATCH 4.19 188/338] selinux: use correct type for context length Greg Kroah-Hartman
` (156 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:11 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dan Carpenter, Luis Chamberlain, Sasha Levin
From: Dan Carpenter <dan.carpenter@oracle.com>
[ Upstream commit dc0ce6cc4b133f5f2beb8b47dacae13a7d283c2c ]
The "test_dev" pointer is freed but then returned to the caller.
Fixes: d9c6a72d6fa2 ("kmod: add test driver to stress test the module loader")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Luis Chamberlain <mcgrof@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
lib/test_kmod.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/lib/test_kmod.c b/lib/test_kmod.c
index 87a0cc750ea2..6813b183aa34 100644
--- a/lib/test_kmod.c
+++ b/lib/test_kmod.c
@@ -1155,6 +1155,7 @@ static struct kmod_test_device *register_test_dev_kmod(void)
if (ret) {
pr_err("could not register misc device: %d\n", ret);
free_test_dev_kmod(test_dev);
+ test_dev = NULL;
goto out;
}
--
2.34.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 188/338] selinux: use correct type for context length
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (186 preceding siblings ...)
2022-04-14 13:11 ` [PATCH 4.19 187/338] lib/test: use after free in register_test_dev_kmod() Greg Kroah-Hartman
@ 2022-04-14 13:11 ` Greg Kroah-Hartman
2022-04-14 13:11 ` [PATCH 4.19 189/338] loop: use sysfs_emit() in the sysfs xxx show() Greg Kroah-Hartman
` (155 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:11 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Christian Göttsche, Paul Moore,
Sasha Levin
From: Christian Göttsche <cgzones@googlemail.com>
[ Upstream commit b97df7c098c531010e445da88d02b7bf7bf59ef6 ]
security_sid_to_context() expects a pointer to an u32 as the address
where to store the length of the computed context.
Reported by sparse:
security/selinux/xfrm.c:359:39: warning: incorrect type in arg 4
(different signedness)
security/selinux/xfrm.c:359:39: expected unsigned int
[usertype] *scontext_len
security/selinux/xfrm.c:359:39: got int *
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
[PM: wrapped commit description]
Signed-off-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
security/selinux/xfrm.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/security/selinux/xfrm.c b/security/selinux/xfrm.c
index 91dc3783ed94..9e803d2a687a 100644
--- a/security/selinux/xfrm.c
+++ b/security/selinux/xfrm.c
@@ -349,7 +349,7 @@ int selinux_xfrm_state_alloc_acquire(struct xfrm_state *x,
int rc;
struct xfrm_sec_ctx *ctx;
char *ctx_str = NULL;
- int str_len;
+ u32 str_len;
if (!polsec)
return 0;
--
2.34.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 189/338] loop: use sysfs_emit() in the sysfs xxx show()
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (187 preceding siblings ...)
2022-04-14 13:11 ` [PATCH 4.19 188/338] selinux: use correct type for context length Greg Kroah-Hartman
@ 2022-04-14 13:11 ` Greg Kroah-Hartman
2022-04-14 13:11 ` [PATCH 4.19 190/338] Fix incorrect type in assignment of ipv6 port for audit Greg Kroah-Hartman
` (154 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:11 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Chaitanya Kulkarni, Himanshu Madhani,
Jens Axboe, Sasha Levin
From: Chaitanya Kulkarni <kch@nvidia.com>
[ Upstream commit b27824d31f09ea7b4a6ba2c1b18bd328df3e8bed ]
sprintf does not know the PAGE_SIZE maximum of the temporary buffer
used for outputting sysfs content and it's possible to overrun the
PAGE_SIZE buffer length.
Use a generic sysfs_emit function that knows the size of the
temporary buffer and ensures that no overrun is done for offset
attribute in
loop_attr_[offset|sizelimit|autoclear|partscan|dio]_show() callbacks.
Signed-off-by: Chaitanya Kulkarni <kch@nvidia.com>
Reviewed-by: Himanshu Madhani <himanshu.madhani@oracle.com>
Link: https://lore.kernel.org/r/20220215213310.7264-2-kch@nvidia.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/block/loop.c | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/drivers/block/loop.c b/drivers/block/loop.c
index 19042b42a8ba..c31a76485c9c 100644
--- a/drivers/block/loop.c
+++ b/drivers/block/loop.c
@@ -795,33 +795,33 @@ static ssize_t loop_attr_backing_file_show(struct loop_device *lo, char *buf)
static ssize_t loop_attr_offset_show(struct loop_device *lo, char *buf)
{
- return sprintf(buf, "%llu\n", (unsigned long long)lo->lo_offset);
+ return sysfs_emit(buf, "%llu\n", (unsigned long long)lo->lo_offset);
}
static ssize_t loop_attr_sizelimit_show(struct loop_device *lo, char *buf)
{
- return sprintf(buf, "%llu\n", (unsigned long long)lo->lo_sizelimit);
+ return sysfs_emit(buf, "%llu\n", (unsigned long long)lo->lo_sizelimit);
}
static ssize_t loop_attr_autoclear_show(struct loop_device *lo, char *buf)
{
int autoclear = (lo->lo_flags & LO_FLAGS_AUTOCLEAR);
- return sprintf(buf, "%s\n", autoclear ? "1" : "0");
+ return sysfs_emit(buf, "%s\n", autoclear ? "1" : "0");
}
static ssize_t loop_attr_partscan_show(struct loop_device *lo, char *buf)
{
int partscan = (lo->lo_flags & LO_FLAGS_PARTSCAN);
- return sprintf(buf, "%s\n", partscan ? "1" : "0");
+ return sysfs_emit(buf, "%s\n", partscan ? "1" : "0");
}
static ssize_t loop_attr_dio_show(struct loop_device *lo, char *buf)
{
int dio = (lo->lo_flags & LO_FLAGS_DIRECT_IO);
- return sprintf(buf, "%s\n", dio ? "1" : "0");
+ return sysfs_emit(buf, "%s\n", dio ? "1" : "0");
}
LOOP_ATTR_RO(backing_file);
--
2.34.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 190/338] Fix incorrect type in assignment of ipv6 port for audit
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (188 preceding siblings ...)
2022-04-14 13:11 ` [PATCH 4.19 189/338] loop: use sysfs_emit() in the sysfs xxx show() Greg Kroah-Hartman
@ 2022-04-14 13:11 ` Greg Kroah-Hartman
2022-04-14 13:11 ` [PATCH 4.19 191/338] irqchip/qcom-pdc: Fix broken locking Greg Kroah-Hartman
` (153 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:11 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, kernel test robot, Casey Schaufler,
Sasha Levin
From: Casey Schaufler <casey@schaufler-ca.com>
[ Upstream commit a5cd1ab7ab679d252a6d2f483eee7d45ebf2040c ]
Remove inappropriate use of ntohs() and assign the
port value directly.
Reported-by: kernel test robot <lkp@intel.com>
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
security/smack/smack_lsm.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index 221de4c755c3..4f65d953fe31 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -2586,7 +2586,7 @@ static int smk_ipv6_check(struct smack_known *subject,
#ifdef CONFIG_AUDIT
smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
ad.a.u.net->family = PF_INET6;
- ad.a.u.net->dport = ntohs(address->sin6_port);
+ ad.a.u.net->dport = address->sin6_port;
if (act == SMK_RECEIVING)
ad.a.u.net->v6info.saddr = address->sin6_addr;
else
--
2.34.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 191/338] irqchip/qcom-pdc: Fix broken locking
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (189 preceding siblings ...)
2022-04-14 13:11 ` [PATCH 4.19 190/338] Fix incorrect type in assignment of ipv6 port for audit Greg Kroah-Hartman
@ 2022-04-14 13:11 ` Greg Kroah-Hartman
2022-04-14 13:11 ` [PATCH 4.19 192/338] irqchip/nvic: Release nvic_base upon failure Greg Kroah-Hartman
` (152 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:11 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Marc Zyngier, Maulik Shah, Sasha Levin
From: Marc Zyngier <maz@kernel.org>
[ Upstream commit a6aca2f460e203781dc41391913cc5b54f4bc0ce ]
pdc_enable_intr() serves as a primitive to qcom_pdc_gic_{en,dis}able,
and has a raw spinlock for mutual exclusion, which is uses with
interruptible primitives.
This means that this critical section can itself be interrupted.
Should the interrupt also be a PDC interrupt, and the endpoint driver
perform an irq_disable() on that interrupt, we end-up in a deadlock.
Fix this by using the irqsave/irqrestore variants of the locking
primitives.
Signed-off-by: Marc Zyngier <maz@kernel.org>
Reviewed-by: Maulik Shah <quic_mkshah@quicinc.com>
Link: https://lore.kernel.org/r/20220224101226.88373-5-maz@kernel.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/irqchip/qcom-pdc.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/drivers/irqchip/qcom-pdc.c b/drivers/irqchip/qcom-pdc.c
index faa7d61b9d6c..239a889df608 100644
--- a/drivers/irqchip/qcom-pdc.c
+++ b/drivers/irqchip/qcom-pdc.c
@@ -50,17 +50,18 @@ static u32 pdc_reg_read(int reg, u32 i)
static void pdc_enable_intr(struct irq_data *d, bool on)
{
int pin_out = d->hwirq;
+ unsigned long flags;
u32 index, mask;
u32 enable;
index = pin_out / 32;
mask = pin_out % 32;
- raw_spin_lock(&pdc_lock);
+ raw_spin_lock_irqsave(&pdc_lock, flags);
enable = pdc_reg_read(IRQ_ENABLE_BANK, index);
enable = on ? ENABLE_INTR(enable, mask) : CLEAR_INTR(enable, mask);
pdc_reg_write(IRQ_ENABLE_BANK, index, enable);
- raw_spin_unlock(&pdc_lock);
+ raw_spin_unlock_irqrestore(&pdc_lock, flags);
}
static void qcom_pdc_gic_mask(struct irq_data *d)
--
2.34.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 192/338] irqchip/nvic: Release nvic_base upon failure
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (190 preceding siblings ...)
2022-04-14 13:11 ` [PATCH 4.19 191/338] irqchip/qcom-pdc: Fix broken locking Greg Kroah-Hartman
@ 2022-04-14 13:11 ` Greg Kroah-Hartman
2022-04-14 13:11 ` [PATCH 4.19 193/338] bfq: fix use-after-free in bfq_dispatch_request Greg Kroah-Hartman
` (151 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:11 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, kernel test robot, Dan Carpenter,
Souptick Joarder (HPE),
Marc Zyngier, Sasha Levin
From: Souptick Joarder (HPE) <jrdr.linux@gmail.com>
[ Upstream commit e414c25e3399b2b3d7337dc47abccab5c71b7c8f ]
smatch warning was reported as below ->
smatch warnings:
drivers/irqchip/irq-nvic.c:131 nvic_of_init()
warn: 'nvic_base' not released on lines: 97.
Release nvic_base upon failure.
Reported-by: kernel test robot <lkp@intel.com>
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Souptick Joarder (HPE) <jrdr.linux@gmail.com>
Signed-off-by: Marc Zyngier <maz@kernel.org>
Link: https://lore.kernel.org/r/20220218163303.33344-1-jrdr.linux@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/irqchip/irq-nvic.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/irqchip/irq-nvic.c b/drivers/irqchip/irq-nvic.c
index 9694529b709d..330beb62d015 100644
--- a/drivers/irqchip/irq-nvic.c
+++ b/drivers/irqchip/irq-nvic.c
@@ -108,6 +108,7 @@ static int __init nvic_of_init(struct device_node *node,
if (!nvic_irq_domain) {
pr_warn("Failed to allocate irq domain\n");
+ iounmap(nvic_base);
return -ENOMEM;
}
@@ -117,6 +118,7 @@ static int __init nvic_of_init(struct device_node *node,
if (ret) {
pr_warn("Failed to allocate irq chips\n");
irq_domain_remove(nvic_irq_domain);
+ iounmap(nvic_base);
return ret;
}
--
2.34.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 193/338] bfq: fix use-after-free in bfq_dispatch_request
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (191 preceding siblings ...)
2022-04-14 13:11 ` [PATCH 4.19 192/338] irqchip/nvic: Release nvic_base upon failure Greg Kroah-Hartman
@ 2022-04-14 13:11 ` Greg Kroah-Hartman
2022-04-14 13:11 ` [PATCH 4.19 194/338] ACPICA: Avoid walking the ACPI Namespace if it is not there Greg Kroah-Hartman
` (150 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:11 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hulk Robot, Zhang Wensheng,
Jens Axboe, Sasha Levin
From: Zhang Wensheng <zhangwensheng5@huawei.com>
[ Upstream commit ab552fcb17cc9e4afe0e4ac4df95fc7b30e8490a ]
KASAN reports a use-after-free report when doing normal scsi-mq test
[69832.239032] ==================================================================
[69832.241810] BUG: KASAN: use-after-free in bfq_dispatch_request+0x1045/0x44b0
[69832.243267] Read of size 8 at addr ffff88802622ba88 by task kworker/3:1H/155
[69832.244656]
[69832.245007] CPU: 3 PID: 155 Comm: kworker/3:1H Not tainted 5.10.0-10295-g576c6382529e #8
[69832.246626] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014
[69832.249069] Workqueue: kblockd blk_mq_run_work_fn
[69832.250022] Call Trace:
[69832.250541] dump_stack+0x9b/0xce
[69832.251232] ? bfq_dispatch_request+0x1045/0x44b0
[69832.252243] print_address_description.constprop.6+0x3e/0x60
[69832.253381] ? __cpuidle_text_end+0x5/0x5
[69832.254211] ? vprintk_func+0x6b/0x120
[69832.254994] ? bfq_dispatch_request+0x1045/0x44b0
[69832.255952] ? bfq_dispatch_request+0x1045/0x44b0
[69832.256914] kasan_report.cold.9+0x22/0x3a
[69832.257753] ? bfq_dispatch_request+0x1045/0x44b0
[69832.258755] check_memory_region+0x1c1/0x1e0
[69832.260248] bfq_dispatch_request+0x1045/0x44b0
[69832.261181] ? bfq_bfqq_expire+0x2440/0x2440
[69832.262032] ? blk_mq_delay_run_hw_queues+0xf9/0x170
[69832.263022] __blk_mq_do_dispatch_sched+0x52f/0x830
[69832.264011] ? blk_mq_sched_request_inserted+0x100/0x100
[69832.265101] __blk_mq_sched_dispatch_requests+0x398/0x4f0
[69832.266206] ? blk_mq_do_dispatch_ctx+0x570/0x570
[69832.267147] ? __switch_to+0x5f4/0xee0
[69832.267898] blk_mq_sched_dispatch_requests+0xdf/0x140
[69832.268946] __blk_mq_run_hw_queue+0xc0/0x270
[69832.269840] blk_mq_run_work_fn+0x51/0x60
[69832.278170] process_one_work+0x6d4/0xfe0
[69832.278984] worker_thread+0x91/0xc80
[69832.279726] ? __kthread_parkme+0xb0/0x110
[69832.280554] ? process_one_work+0xfe0/0xfe0
[69832.281414] kthread+0x32d/0x3f0
[69832.282082] ? kthread_park+0x170/0x170
[69832.282849] ret_from_fork+0x1f/0x30
[69832.283573]
[69832.283886] Allocated by task 7725:
[69832.284599] kasan_save_stack+0x19/0x40
[69832.285385] __kasan_kmalloc.constprop.2+0xc1/0xd0
[69832.286350] kmem_cache_alloc_node+0x13f/0x460
[69832.287237] bfq_get_queue+0x3d4/0x1140
[69832.287993] bfq_get_bfqq_handle_split+0x103/0x510
[69832.289015] bfq_init_rq+0x337/0x2d50
[69832.289749] bfq_insert_requests+0x304/0x4e10
[69832.290634] blk_mq_sched_insert_requests+0x13e/0x390
[69832.291629] blk_mq_flush_plug_list+0x4b4/0x760
[69832.292538] blk_flush_plug_list+0x2c5/0x480
[69832.293392] io_schedule_prepare+0xb2/0xd0
[69832.294209] io_schedule_timeout+0x13/0x80
[69832.295014] wait_for_common_io.constprop.1+0x13c/0x270
[69832.296137] submit_bio_wait+0x103/0x1a0
[69832.296932] blkdev_issue_discard+0xe6/0x160
[69832.297794] blk_ioctl_discard+0x219/0x290
[69832.298614] blkdev_common_ioctl+0x50a/0x1750
[69832.304715] blkdev_ioctl+0x470/0x600
[69832.305474] block_ioctl+0xde/0x120
[69832.306232] vfs_ioctl+0x6c/0xc0
[69832.306877] __se_sys_ioctl+0x90/0xa0
[69832.307629] do_syscall_64+0x2d/0x40
[69832.308362] entry_SYSCALL_64_after_hwframe+0x44/0xa9
[69832.309382]
[69832.309701] Freed by task 155:
[69832.310328] kasan_save_stack+0x19/0x40
[69832.311121] kasan_set_track+0x1c/0x30
[69832.311868] kasan_set_free_info+0x1b/0x30
[69832.312699] __kasan_slab_free+0x111/0x160
[69832.313524] kmem_cache_free+0x94/0x460
[69832.314367] bfq_put_queue+0x582/0x940
[69832.315112] __bfq_bfqd_reset_in_service+0x166/0x1d0
[69832.317275] bfq_bfqq_expire+0xb27/0x2440
[69832.318084] bfq_dispatch_request+0x697/0x44b0
[69832.318991] __blk_mq_do_dispatch_sched+0x52f/0x830
[69832.319984] __blk_mq_sched_dispatch_requests+0x398/0x4f0
[69832.321087] blk_mq_sched_dispatch_requests+0xdf/0x140
[69832.322225] __blk_mq_run_hw_queue+0xc0/0x270
[69832.323114] blk_mq_run_work_fn+0x51/0x60
[69832.323942] process_one_work+0x6d4/0xfe0
[69832.324772] worker_thread+0x91/0xc80
[69832.325518] kthread+0x32d/0x3f0
[69832.326205] ret_from_fork+0x1f/0x30
[69832.326932]
[69832.338297] The buggy address belongs to the object at ffff88802622b968
[69832.338297] which belongs to the cache bfq_queue of size 512
[69832.340766] The buggy address is located 288 bytes inside of
[69832.340766] 512-byte region [ffff88802622b968, ffff88802622bb68)
[69832.343091] The buggy address belongs to the page:
[69832.344097] page:ffffea0000988a00 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88802622a528 pfn:0x26228
[69832.346214] head:ffffea0000988a00 order:2 compound_mapcount:0 compound_pincount:0
[69832.347719] flags: 0x1fffff80010200(slab|head)
[69832.348625] raw: 001fffff80010200 ffffea0000dbac08 ffff888017a57650 ffff8880179fe840
[69832.354972] raw: ffff88802622a528 0000000000120008 00000001ffffffff 0000000000000000
[69832.356547] page dumped because: kasan: bad access detected
[69832.357652]
[69832.357970] Memory state around the buggy address:
[69832.358926] ffff88802622b980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[69832.360358] ffff88802622ba00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[69832.361810] >ffff88802622ba80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[69832.363273] ^
[69832.363975] ffff88802622bb00: fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc
[69832.375960] ffff88802622bb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[69832.377405] ==================================================================
In bfq_dispatch_requestfunction, it may have function call:
bfq_dispatch_request
__bfq_dispatch_request
bfq_select_queue
bfq_bfqq_expire
__bfq_bfqd_reset_in_service
bfq_put_queue
kmem_cache_free
In this function call, in_serv_queue has beed expired and meet the
conditions to free. In the function bfq_dispatch_request, the address
of in_serv_queue pointing to has been released. For getting the value
of idle_timer_disabled, it will get flags value from the address which
in_serv_queue pointing to, then the problem of use-after-free happens;
Fix the problem by check in_serv_queue == bfqd->in_service_queue, to
get the value of idle_timer_disabled if in_serve_queue is equel to
bfqd->in_service_queue. If the space of in_serv_queue pointing has
been released, this judge will aviod use-after-free problem.
And if in_serv_queue may be expired or finished, the idle_timer_disabled
will be false which would not give effects to bfq_update_dispatch_stats.
Reported-by: Hulk Robot <hulkci@huawei.com>
Signed-off-by: Zhang Wensheng <zhangwensheng5@huawei.com>
Link: https://lore.kernel.org/r/20220303070334.3020168-1-zhangwensheng5@huawei.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
block/bfq-iosched.c | 15 ++++++++-------
1 file changed, 8 insertions(+), 7 deletions(-)
diff --git a/block/bfq-iosched.c b/block/bfq-iosched.c
index 11686e768401..dfd55037dc6f 100644
--- a/block/bfq-iosched.c
+++ b/block/bfq-iosched.c
@@ -4122,7 +4122,7 @@ static struct request *bfq_dispatch_request(struct blk_mq_hw_ctx *hctx)
struct bfq_data *bfqd = hctx->queue->elevator->elevator_data;
struct request *rq;
struct bfq_queue *in_serv_queue;
- bool waiting_rq, idle_timer_disabled;
+ bool waiting_rq, idle_timer_disabled = false;
spin_lock_irq(&bfqd->lock);
@@ -4130,14 +4130,15 @@ static struct request *bfq_dispatch_request(struct blk_mq_hw_ctx *hctx)
waiting_rq = in_serv_queue && bfq_bfqq_wait_request(in_serv_queue);
rq = __bfq_dispatch_request(hctx);
-
- idle_timer_disabled =
- waiting_rq && !bfq_bfqq_wait_request(in_serv_queue);
+ if (in_serv_queue == bfqd->in_service_queue) {
+ idle_timer_disabled =
+ waiting_rq && !bfq_bfqq_wait_request(in_serv_queue);
+ }
spin_unlock_irq(&bfqd->lock);
-
- bfq_update_dispatch_stats(hctx->queue, rq, in_serv_queue,
- idle_timer_disabled);
+ bfq_update_dispatch_stats(hctx->queue, rq,
+ idle_timer_disabled ? in_serv_queue : NULL,
+ idle_timer_disabled);
return rq;
}
--
2.34.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 194/338] ACPICA: Avoid walking the ACPI Namespace if it is not there
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (192 preceding siblings ...)
2022-04-14 13:11 ` [PATCH 4.19 193/338] bfq: fix use-after-free in bfq_dispatch_request Greg Kroah-Hartman
@ 2022-04-14 13:11 ` Greg Kroah-Hartman
2022-04-14 13:11 ` [PATCH 4.19 195/338] lib/raid6/test/Makefile: Use $(pound) instead of \# for Make 4.3 Greg Kroah-Hartman
` (149 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:11 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hans de Goede, Rafael J. Wysocki,
Sasha Levin
From: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
[ Upstream commit 0c9992315e738e7d6e927ef36839a466b080dba6 ]
ACPICA commit b1c3656ef4950098e530be68d4b589584f06cddc
Prevent acpi_ns_walk_namespace() from crashing when called with
start_node equal to ACPI_ROOT_OBJECT if the Namespace has not been
instantiated yet and acpi_gbl_root_node is NULL.
For instance, this can happen if the kernel is run with "acpi=off"
in the command line.
Link: https://github.com/acpica/acpica/commit/b1c3656ef4950098e530be68d4b589584f06cddc
Link: https://lore.kernel.org/linux-acpi/CAJZ5v0hJWW_vZ3wwajE7xT38aWjY7cZyvqMJpXHzUL98-SiCVQ@mail.gmail.com/
Reported-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/acpi/acpica/nswalk.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/acpi/acpica/nswalk.c b/drivers/acpi/acpica/nswalk.c
index e9a061da9bb2..c325789a62bf 100644
--- a/drivers/acpi/acpica/nswalk.c
+++ b/drivers/acpi/acpica/nswalk.c
@@ -169,6 +169,9 @@ acpi_ns_walk_namespace(acpi_object_type type,
if (start_node == ACPI_ROOT_OBJECT) {
start_node = acpi_gbl_root_node;
+ if (!start_node) {
+ return_ACPI_STATUS(AE_NO_NAMESPACE);
+ }
}
/* Null child means "get first node" */
--
2.34.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 195/338] lib/raid6/test/Makefile: Use $(pound) instead of \# for Make 4.3
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (193 preceding siblings ...)
2022-04-14 13:11 ` [PATCH 4.19 194/338] ACPICA: Avoid walking the ACPI Namespace if it is not there Greg Kroah-Hartman
@ 2022-04-14 13:11 ` Greg Kroah-Hartman
2022-04-14 13:11 ` [PATCH 4.19 196/338] Revert "Revert "block, bfq: honor already-setup queue merges"" Greg Kroah-Hartman
` (148 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:11 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Matt Brown, Paul Menzel, Song Liu,
Sasha Levin
From: Paul Menzel <pmenzel@molgen.mpg.de>
[ Upstream commit 633174a7046ec3b4572bec24ef98e6ee89bce14b ]
Buidling raid6test on Ubuntu 21.10 (ppc64le) with GNU Make 4.3 shows the
errors below:
$ cd lib/raid6/test/
$ make
<stdin>:1:1: error: stray ‘\’ in program
<stdin>:1:2: error: stray ‘#’ in program
<stdin>:1:11: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘__attribute__’ \
before ‘<’ token
[...]
The errors come from the HAS_ALTIVEC test, which fails, and the POWER
optimized versions are not built. That’s also reason nobody noticed on the
other architectures.
GNU Make 4.3 does not remove the backslash anymore. From the 4.3 release
announcment:
> * WARNING: Backward-incompatibility!
> Number signs (#) appearing inside a macro reference or function invocation
> no longer introduce comments and should not be escaped with backslashes:
> thus a call such as:
> foo := $(shell echo '#')
> is legal. Previously the number sign needed to be escaped, for example:
> foo := $(shell echo '\#')
> Now this latter will resolve to "\#". If you want to write makefiles
> portable to both versions, assign the number sign to a variable:
> H := \#
> foo := $(shell echo '$H')
> This was claimed to be fixed in 3.81, but wasn't, for some reason.
> To detect this change search for 'nocomment' in the .FEATURES variable.
So, do the same as commit 9564a8cf422d ("Kbuild: fix # escaping in .cmd
files for future Make") and commit 929bef467771 ("bpf: Use $(pound) instead
of \# in Makefiles") and define and use a $(pound) variable.
Reference for the change in make:
https://git.savannah.gnu.org/cgit/make.git/commit/?id=c6966b323811c37acedff05b57
Cc: Matt Brown <matthew.brown.dev@gmail.com>
Signed-off-by: Paul Menzel <pmenzel@molgen.mpg.de>
Signed-off-by: Song Liu <song@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
lib/raid6/test/Makefile | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/lib/raid6/test/Makefile b/lib/raid6/test/Makefile
index 79777645cac9..e7b54ec8ca70 100644
--- a/lib/raid6/test/Makefile
+++ b/lib/raid6/test/Makefile
@@ -4,6 +4,8 @@
# from userspace.
#
+pound := \#
+
CC = gcc
OPTFLAGS = -O2 # Adjust as desired
CFLAGS = -I.. -I ../../../include -g $(OPTFLAGS)
@@ -44,7 +46,7 @@ else ifeq ($(HAS_NEON),yes)
OBJS += neon.o neon1.o neon2.o neon4.o neon8.o recov_neon.o recov_neon_inner.o
CFLAGS += -DCONFIG_KERNEL_MODE_NEON=1
else
- HAS_ALTIVEC := $(shell printf '\#include <altivec.h>\nvector int a;\n' |\
+ HAS_ALTIVEC := $(shell printf '$(pound)include <altivec.h>\nvector int a;\n' |\
gcc -c -x c - >/dev/null && rm ./-.o && echo yes)
ifeq ($(HAS_ALTIVEC),yes)
CFLAGS += -I../../../arch/powerpc/include
--
2.34.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 196/338] Revert "Revert "block, bfq: honor already-setup queue merges""
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (194 preceding siblings ...)
2022-04-14 13:11 ` [PATCH 4.19 195/338] lib/raid6/test/Makefile: Use $(pound) instead of \# for Make 4.3 Greg Kroah-Hartman
@ 2022-04-14 13:11 ` Greg Kroah-Hartman
2022-04-14 13:11 ` [PATCH 4.19 197/338] ACPI/APEI: Limit printable size of BERT table data Greg Kroah-Hartman
` (147 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:11 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Holger Hoffstätte,
Paolo Valente, Jens Axboe, Sasha Levin
From: Paolo Valente <paolo.valente@linaro.org>
[ Upstream commit 15729ff8143f8135b03988a100a19e66d7cb7ecd ]
A crash [1] happened to be triggered in conjunction with commit
2d52c58b9c9b ("block, bfq: honor already-setup queue merges"). The
latter was then reverted by commit ebc69e897e17 ("Revert "block, bfq:
honor already-setup queue merges""). Yet, the reverted commit was not
the one introducing the bug. In fact, it actually triggered a UAF
introduced by a different commit, and now fixed by commit d29bd41428cf
("block, bfq: reset last_bfqq_created on group change").
So, there is no point in keeping commit 2d52c58b9c9b ("block, bfq:
honor already-setup queue merges") out. This commit restores it.
[1] https://bugzilla.kernel.org/show_bug.cgi?id=214503
Reported-by: Holger Hoffstätte <holger@applied-asynchrony.com>
Signed-off-by: Paolo Valente <paolo.valente@linaro.org>
Link: https://lore.kernel.org/r/20211125181510.15004-1-paolo.valente@linaro.org
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
block/bfq-iosched.c | 16 +++++++++++++---
1 file changed, 13 insertions(+), 3 deletions(-)
diff --git a/block/bfq-iosched.c b/block/bfq-iosched.c
index dfd55037dc6f..a9f42df92ea3 100644
--- a/block/bfq-iosched.c
+++ b/block/bfq-iosched.c
@@ -2155,6 +2155,15 @@ bfq_setup_merge(struct bfq_queue *bfqq, struct bfq_queue *new_bfqq)
* are likely to increase the throughput.
*/
bfqq->new_bfqq = new_bfqq;
+ /*
+ * The above assignment schedules the following redirections:
+ * each time some I/O for bfqq arrives, the process that
+ * generated that I/O is disassociated from bfqq and
+ * associated with new_bfqq. Here we increases new_bfqq->ref
+ * in advance, adding the number of processes that are
+ * expected to be associated with new_bfqq as they happen to
+ * issue I/O.
+ */
new_bfqq->ref += process_refs;
return new_bfqq;
}
@@ -2214,6 +2223,10 @@ bfq_setup_cooperator(struct bfq_data *bfqd, struct bfq_queue *bfqq,
{
struct bfq_queue *in_service_bfqq, *new_bfqq;
+ /* if a merge has already been setup, then proceed with that first */
+ if (bfqq->new_bfqq)
+ return bfqq->new_bfqq;
+
/*
* Prevent bfqq from being merged if it has been created too
* long ago. The idea is that true cooperating processes, and
@@ -2228,9 +2241,6 @@ bfq_setup_cooperator(struct bfq_data *bfqd, struct bfq_queue *bfqq,
if (bfq_too_late_for_merging(bfqq))
return NULL;
- if (bfqq->new_bfqq)
- return bfqq->new_bfqq;
-
if (!io_struct || unlikely(bfqq == &bfqd->oom_bfqq))
return NULL;
--
2.34.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 197/338] ACPI/APEI: Limit printable size of BERT table data
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (195 preceding siblings ...)
2022-04-14 13:11 ` [PATCH 4.19 196/338] Revert "Revert "block, bfq: honor already-setup queue merges"" Greg Kroah-Hartman
@ 2022-04-14 13:11 ` Greg Kroah-Hartman
2022-04-14 13:11 ` [PATCH 4.19 198/338] PM: core: keep irq flags in device_pm_check_callbacks() Greg Kroah-Hartman
` (146 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:11 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Darren Hart, Rafael J. Wysocki, Sasha Levin
From: Darren Hart <darren@os.amperecomputing.com>
[ Upstream commit 3f8dec116210ca649163574ed5f8df1e3b837d07 ]
Platforms with large BERT table data can trigger soft lockup errors
while attempting to print the entire BERT table data to the console at
boot:
watchdog: BUG: soft lockup - CPU#160 stuck for 23s! [swapper/0:1]
Observed on Ampere Altra systems with a single BERT record of ~250KB.
The original bert driver appears to have assumed relatively small table
data. Since it is impractical to reassemble large table data from
interwoven console messages, and the table data is available in
/sys/firmware/acpi/tables/data/BERT
limit the size for tables printed to the console to 1024 (for no reason
other than it seemed like a good place to kick off the discussion, would
appreciate feedback from existing users in terms of what size would
maintain their current usage model).
Alternatively, we could make printing a CONFIG option, use the
bert_disable boot arg (or something similar), or use a debug log level.
However, all those solutions require extra steps or change the existing
behavior for small table data. Limiting the size preserves existing
behavior on existing platforms with small table data, and eliminates the
soft lockups for platforms with large table data, while still making it
available.
Signed-off-by: Darren Hart <darren@os.amperecomputing.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/acpi/apei/bert.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/drivers/acpi/apei/bert.c b/drivers/acpi/apei/bert.c
index 876824948c19..d2212e092c50 100644
--- a/drivers/acpi/apei/bert.c
+++ b/drivers/acpi/apei/bert.c
@@ -31,6 +31,7 @@
#undef pr_fmt
#define pr_fmt(fmt) "BERT: " fmt
+#define ACPI_BERT_PRINT_MAX_LEN 1024
static int bert_disable;
@@ -59,8 +60,11 @@ static void __init bert_print_all(struct acpi_bert_region *region,
}
pr_info_once("Error records from previous boot:\n");
-
- cper_estatus_print(KERN_INFO HW_ERR, estatus);
+ if (region_len < ACPI_BERT_PRINT_MAX_LEN)
+ cper_estatus_print(KERN_INFO HW_ERR, estatus);
+ else
+ pr_info_once("Max print length exceeded, table data is available at:\n"
+ "/sys/firmware/acpi/tables/data/BERT");
/*
* Because the boot error source is "one-time polled" type,
--
2.34.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 198/338] PM: core: keep irq flags in device_pm_check_callbacks()
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (196 preceding siblings ...)
2022-04-14 13:11 ` [PATCH 4.19 197/338] ACPI/APEI: Limit printable size of BERT table data Greg Kroah-Hartman
@ 2022-04-14 13:11 ` Greg Kroah-Hartman
2022-04-14 13:11 ` [PATCH 4.19 199/338] spi: tegra20: Use of_device_get_match_data() Greg Kroah-Hartman
` (145 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:11 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dmitry Baryshkov, Rafael J. Wysocki,
Sasha Levin
From: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
[ Upstream commit 524bb1da785a7ae43dd413cd392b5071c6c367f8 ]
The function device_pm_check_callbacks() can be called under the spin
lock (in the reported case it happens from genpd_add_device() ->
dev_pm_domain_set(), when the genpd uses spinlocks rather than mutexes.
However this function uncoditionally uses spin_lock_irq() /
spin_unlock_irq(), thus not preserving the CPU flags. Use the
irqsave/irqrestore instead.
The backtrace for the reference:
[ 2.752010] ------------[ cut here ]------------
[ 2.756769] raw_local_irq_restore() called with IRQs enabled
[ 2.762596] WARNING: CPU: 4 PID: 1 at kernel/locking/irqflag-debug.c:10 warn_bogus_irq_restore+0x34/0x50
[ 2.772338] Modules linked in:
[ 2.775487] CPU: 4 PID: 1 Comm: swapper/0 Tainted: G S 5.17.0-rc6-00384-ge330d0d82eff-dirty #684
[ 2.781384] Freeing initrd memory: 46024K
[ 2.785839] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
[ 2.785841] pc : warn_bogus_irq_restore+0x34/0x50
[ 2.785844] lr : warn_bogus_irq_restore+0x34/0x50
[ 2.785846] sp : ffff80000805b7d0
[ 2.785847] x29: ffff80000805b7d0 x28: 0000000000000000 x27: 0000000000000002
[ 2.785850] x26: ffffd40e80930b18 x25: ffff7ee2329192b8 x24: ffff7edfc9f60800
[ 2.785853] x23: ffffd40e80930b18 x22: ffffd40e80930d30 x21: ffff7edfc0dffa00
[ 2.785856] x20: ffff7edfc09e3768 x19: 0000000000000000 x18: ffffffffffffffff
[ 2.845775] x17: 6572206f74206465 x16: 6c696166203a3030 x15: ffff80008805b4f7
[ 2.853108] x14: 0000000000000000 x13: ffffd40e809550b0 x12: 00000000000003d8
[ 2.860441] x11: 0000000000000148 x10: ffffd40e809550b0 x9 : ffffd40e809550b0
[ 2.867774] x8 : 00000000ffffefff x7 : ffffd40e809ad0b0 x6 : ffffd40e809ad0b0
[ 2.875107] x5 : 000000000000bff4 x4 : 0000000000000000 x3 : 0000000000000000
[ 2.882440] x2 : 0000000000000000 x1 : 0000000000000000 x0 : ffff7edfc03a8000
[ 2.889774] Call trace:
[ 2.892290] warn_bogus_irq_restore+0x34/0x50
[ 2.896770] _raw_spin_unlock_irqrestore+0x94/0xa0
[ 2.901690] genpd_unlock_spin+0x20/0x30
[ 2.905724] genpd_add_device+0x100/0x2d0
[ 2.909850] __genpd_dev_pm_attach+0xa8/0x23c
[ 2.914329] genpd_dev_pm_attach_by_id+0xc4/0x190
[ 2.919167] genpd_dev_pm_attach_by_name+0x3c/0xd0
[ 2.924086] dev_pm_domain_attach_by_name+0x24/0x30
[ 2.929102] psci_dt_attach_cpu+0x24/0x90
[ 2.933230] psci_cpuidle_probe+0x2d4/0x46c
[ 2.937534] platform_probe+0x68/0xe0
[ 2.941304] really_probe.part.0+0x9c/0x2fc
[ 2.945605] __driver_probe_device+0x98/0x144
[ 2.950085] driver_probe_device+0x44/0x15c
[ 2.954385] __device_attach_driver+0xb8/0x120
[ 2.958950] bus_for_each_drv+0x78/0xd0
[ 2.962896] __device_attach+0xd8/0x180
[ 2.966843] device_initial_probe+0x14/0x20
[ 2.971144] bus_probe_device+0x9c/0xa4
[ 2.975092] device_add+0x380/0x88c
[ 2.978679] platform_device_add+0x114/0x234
[ 2.983067] platform_device_register_full+0x100/0x190
[ 2.988344] psci_idle_init+0x6c/0xb0
[ 2.992113] do_one_initcall+0x74/0x3a0
[ 2.996060] kernel_init_freeable+0x2fc/0x384
[ 3.000543] kernel_init+0x28/0x130
[ 3.004132] ret_from_fork+0x10/0x20
[ 3.007817] irq event stamp: 319826
[ 3.011404] hardirqs last enabled at (319825): [<ffffd40e7eda0268>] __up_console_sem+0x78/0x84
[ 3.020332] hardirqs last disabled at (319826): [<ffffd40e7fd6d9d8>] el1_dbg+0x24/0x8c
[ 3.028458] softirqs last enabled at (318312): [<ffffd40e7ec90410>] _stext+0x410/0x588
[ 3.036678] softirqs last disabled at (318299): [<ffffd40e7ed1bf68>] __irq_exit_rcu+0x158/0x174
[ 3.045607] ---[ end trace 0000000000000000 ]---
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/base/power/main.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/drivers/base/power/main.c b/drivers/base/power/main.c
index da413b95afab..c0284c8db19b 100644
--- a/drivers/base/power/main.c
+++ b/drivers/base/power/main.c
@@ -2145,7 +2145,9 @@ static bool pm_ops_is_empty(const struct dev_pm_ops *ops)
void device_pm_check_callbacks(struct device *dev)
{
- spin_lock_irq(&dev->power.lock);
+ unsigned long flags;
+
+ spin_lock_irqsave(&dev->power.lock, flags);
dev->power.no_pm_callbacks =
(!dev->bus || (pm_ops_is_empty(dev->bus->pm) &&
!dev->bus->suspend && !dev->bus->resume)) &&
@@ -2154,7 +2156,7 @@ void device_pm_check_callbacks(struct device *dev)
(!dev->pm_domain || pm_ops_is_empty(&dev->pm_domain->ops)) &&
(!dev->driver || (pm_ops_is_empty(dev->driver->pm) &&
!dev->driver->suspend && !dev->driver->resume));
- spin_unlock_irq(&dev->power.lock);
+ spin_unlock_irqrestore(&dev->power.lock, flags);
}
bool dev_pm_smart_suspend_and_suspended(struct device *dev)
--
2.34.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 199/338] spi: tegra20: Use of_device_get_match_data()
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (197 preceding siblings ...)
2022-04-14 13:11 ` [PATCH 4.19 198/338] PM: core: keep irq flags in device_pm_check_callbacks() Greg Kroah-Hartman
@ 2022-04-14 13:11 ` Greg Kroah-Hartman
2022-04-14 13:11 ` [PATCH 4.19 200/338] ext4: dont BUG if someone dirty pages without asking ext4 first Greg Kroah-Hartman
` (144 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:11 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Zeal Robot, Minghao Chi, Mark Brown,
Sasha Levin
From: Minghao Chi <chi.minghao@zte.com.cn>
[ Upstream commit c9839acfcbe20ce43d363c2a9d0772472d9921c0 ]
Use of_device_get_match_data() to simplify the code.
Reported-by: Zeal Robot <zealci@zte.com.cn>
Signed-off-by: Minghao Chi <chi.minghao@zte.com.cn>
Link: https://lore.kernel.org/r/20220315023138.2118293-1-chi.minghao@zte.com.cn
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/spi/spi-tegra20-slink.c | 8 +-------
1 file changed, 1 insertion(+), 7 deletions(-)
diff --git a/drivers/spi/spi-tegra20-slink.c b/drivers/spi/spi-tegra20-slink.c
index bc3097e5cc26..436d559503db 100644
--- a/drivers/spi/spi-tegra20-slink.c
+++ b/drivers/spi/spi-tegra20-slink.c
@@ -1016,14 +1016,8 @@ static int tegra_slink_probe(struct platform_device *pdev)
struct resource *r;
int ret, spi_irq;
const struct tegra_slink_chip_data *cdata = NULL;
- const struct of_device_id *match;
- match = of_match_device(tegra_slink_of_match, &pdev->dev);
- if (!match) {
- dev_err(&pdev->dev, "Error: No device match found\n");
- return -ENODEV;
- }
- cdata = match->data;
+ cdata = of_device_get_match_data(&pdev->dev);
master = spi_alloc_master(&pdev->dev, sizeof(*tspi));
if (!master) {
--
2.34.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 200/338] ext4: dont BUG if someone dirty pages without asking ext4 first
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (198 preceding siblings ...)
2022-04-14 13:11 ` [PATCH 4.19 199/338] spi: tegra20: Use of_device_get_match_data() Greg Kroah-Hartman
@ 2022-04-14 13:11 ` Greg Kroah-Hartman
2022-04-14 13:25 ` syzbot
2022-04-14 13:11 ` [PATCH 4.19 201/338] ntfs: add sanity check on allocation size Greg Kroah-Hartman
` (143 subsequent siblings)
343 siblings, 1 reply; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:11 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable,
syzbot+d59332e2db681cf18f0318a06e994ebbb529a8db, Lee Jones,
Theodore Tso, Sasha Levin
From: Theodore Ts'o <tytso@mit.edu>
[ Upstream commit cc5095747edfb054ca2068d01af20be3fcc3634f ]
[un]pin_user_pages_remote is dirtying pages without properly warning
the file system in advance. A related race was noted by Jan Kara in
2018[1]; however, more recently instead of it being a very hard-to-hit
race, it could be reliably triggered by process_vm_writev(2) which was
discovered by Syzbot[2].
This is technically a bug in mm/gup.c, but arguably ext4 is fragile in
that if some other kernel subsystem dirty pages without properly
notifying the file system using page_mkwrite(), ext4 will BUG, while
other file systems will not BUG (although data will still be lost).
So instead of crashing with a BUG, issue a warning (since there may be
potential data loss) and just mark the page as clean to avoid
unprivileged denial of service attacks until the problem can be
properly fixed. More discussion and background can be found in the
thread starting at [2].
[1] https://lore.kernel.org/linux-mm/20180103100430.GE4911@quack2.suse.cz
[2] https://lore.kernel.org/r/Yg0m6IjcNmfaSokM@google.com
Reported-by: syzbot+d59332e2db681cf18f0318a06e994ebbb529a8db@syzkaller.appspotmail.com
Reported-by: Lee Jones <lee.jones@linaro.org>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Link: https://lore.kernel.org/r/YiDS9wVfq4mM2jGK@mit.edu
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/ext4/inode.c | 25 +++++++++++++++++++++++++
1 file changed, 25 insertions(+)
diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c
index 7959aae4857e..96cf0f57ca95 100644
--- a/fs/ext4/inode.c
+++ b/fs/ext4/inode.c
@@ -2148,6 +2148,15 @@ static int ext4_writepage(struct page *page,
else
len = PAGE_SIZE;
+ /* Should never happen but for bugs in other kernel subsystems */
+ if (!page_has_buffers(page)) {
+ ext4_warning_inode(inode,
+ "page %lu does not have buffers attached", page->index);
+ ClearPageDirty(page);
+ unlock_page(page);
+ return 0;
+ }
+
page_bufs = page_buffers(page);
/*
* We cannot do block allocation or other extent handling in this
@@ -2697,6 +2706,22 @@ static int mpage_prepare_extent_to_map(struct mpage_da_data *mpd)
wait_on_page_writeback(page);
BUG_ON(PageWriteback(page));
+ /*
+ * Should never happen but for buggy code in
+ * other subsystems that call
+ * set_page_dirty() without properly warning
+ * the file system first. See [1] for more
+ * information.
+ *
+ * [1] https://lore.kernel.org/linux-mm/20180103100430.GE4911@quack2.suse.cz
+ */
+ if (!page_has_buffers(page)) {
+ ext4_warning_inode(mpd->inode, "page %lu does not have buffers attached", page->index);
+ ClearPageDirty(page);
+ unlock_page(page);
+ continue;
+ }
+
if (mpd->map.m_len == 0)
mpd->first_page = page->index;
mpd->next_page = page->index + 1;
--
2.34.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 201/338] ntfs: add sanity check on allocation size
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (199 preceding siblings ...)
2022-04-14 13:11 ` [PATCH 4.19 200/338] ext4: dont BUG if someone dirty pages without asking ext4 first Greg Kroah-Hartman
@ 2022-04-14 13:11 ` Greg Kroah-Hartman
2022-04-14 13:11 ` Greg Kroah-Hartman
` (142 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:11 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, syzbot+3c765c5248797356edaa,
Dongliang Mu, Anton Altaparmakov, Andrew Morton, Linus Torvalds,
Sasha Levin
From: Dongliang Mu <mudongliangabcd@gmail.com>
[ Upstream commit 714fbf2647b1a33d914edd695d4da92029c7e7c0 ]
ntfs_read_inode_mount invokes ntfs_malloc_nofs with zero allocation
size. It triggers one BUG in the __ntfs_malloc function.
Fix this by adding sanity check on ni->attr_list_size.
Link: https://lkml.kernel.org/r/20220120094914.47736-1-dzm91@hust.edu.cn
Reported-by: syzbot+3c765c5248797356edaa@syzkaller.appspotmail.com
Signed-off-by: Dongliang Mu <mudongliangabcd@gmail.com>
Acked-by: Anton Altaparmakov <anton@tuxera.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/ntfs/inode.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/fs/ntfs/inode.c b/fs/ntfs/inode.c
index e844b43f2eac..0acd1f02b146 100644
--- a/fs/ntfs/inode.c
+++ b/fs/ntfs/inode.c
@@ -1906,6 +1906,10 @@ int ntfs_read_inode_mount(struct inode *vi)
}
/* Now allocate memory for the attribute list. */
ni->attr_list_size = (u32)ntfs_attr_size(a);
+ if (!ni->attr_list_size) {
+ ntfs_error(sb, "Attr_list_size is zero");
+ goto put_err_out;
+ }
ni->attr_list = ntfs_malloc_nofs(ni->attr_list_size);
if (!ni->attr_list) {
ntfs_error(sb, "Not enough memory to allocate buffer "
--
2.34.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 202/338] video: fbdev: nvidiafb: Use strscpy() to prevent buffer overflow
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
@ 2022-04-14 13:11 ` Greg Kroah-Hartman
2022-04-14 13:08 ` [PATCH 4.19 002/338] USB: serial: simple: add Nokia phone driver Greg Kroah-Hartman
` (342 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:11 UTC (permalink / raw)
To: linux-kernel
Cc: Sasha Levin, linux-fbdev, Antonino Daplas, Greg Kroah-Hartman,
Helge Deller, dri-devel, stable, Tim Gardner
From: Tim Gardner <tim.gardner@canonical.com>
[ Upstream commit 37a1a2e6eeeb101285cd34e12e48a881524701aa ]
Coverity complains of a possible buffer overflow. However,
given the 'static' scope of nvidia_setup_i2c_bus() it looks
like that can't happen after examiniing the call sites.
CID 19036 (#1 of 1): Copy into fixed size buffer (STRING_OVERFLOW)
1. fixed_size_dest: You might overrun the 48-character fixed-size string
chan->adapter.name by copying name without checking the length.
2. parameter_as_source: Note: This defect has an elevated risk because the
source argument is a parameter of the current function.
89 strcpy(chan->adapter.name, name);
Fix this warning by using strscpy() which will silence the warning and
prevent any future buffer overflows should the names used to identify the
channel become much longer.
Cc: Antonino Daplas <adaplas@gmail.com>
Cc: linux-fbdev@vger.kernel.org
Cc: dri-devel@lists.freedesktop.org
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
Signed-off-by: Helge Deller <deller@gmx.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/video/fbdev/nvidia/nv_i2c.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/video/fbdev/nvidia/nv_i2c.c b/drivers/video/fbdev/nvidia/nv_i2c.c
index d7994a173245..0b48965a6420 100644
--- a/drivers/video/fbdev/nvidia/nv_i2c.c
+++ b/drivers/video/fbdev/nvidia/nv_i2c.c
@@ -86,7 +86,7 @@ static int nvidia_setup_i2c_bus(struct nvidia_i2c_chan *chan, const char *name,
{
int rc;
- strcpy(chan->adapter.name, name);
+ strscpy(chan->adapter.name, name, sizeof(chan->adapter.name));
chan->adapter.owner = THIS_MODULE;
chan->adapter.class = i2c_class;
chan->adapter.algo_data = &chan->algo;
--
2.34.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 202/338] video: fbdev: nvidiafb: Use strscpy() to prevent buffer overflow
@ 2022-04-14 13:11 ` Greg Kroah-Hartman
0 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:11 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Antonino Daplas, linux-fbdev,
dri-devel, Tim Gardner, Helge Deller, Sasha Levin
From: Tim Gardner <tim.gardner@canonical.com>
[ Upstream commit 37a1a2e6eeeb101285cd34e12e48a881524701aa ]
Coverity complains of a possible buffer overflow. However,
given the 'static' scope of nvidia_setup_i2c_bus() it looks
like that can't happen after examiniing the call sites.
CID 19036 (#1 of 1): Copy into fixed size buffer (STRING_OVERFLOW)
1. fixed_size_dest: You might overrun the 48-character fixed-size string
chan->adapter.name by copying name without checking the length.
2. parameter_as_source: Note: This defect has an elevated risk because the
source argument is a parameter of the current function.
89 strcpy(chan->adapter.name, name);
Fix this warning by using strscpy() which will silence the warning and
prevent any future buffer overflows should the names used to identify the
channel become much longer.
Cc: Antonino Daplas <adaplas@gmail.com>
Cc: linux-fbdev@vger.kernel.org
Cc: dri-devel@lists.freedesktop.org
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
Signed-off-by: Helge Deller <deller@gmx.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/video/fbdev/nvidia/nv_i2c.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/video/fbdev/nvidia/nv_i2c.c b/drivers/video/fbdev/nvidia/nv_i2c.c
index d7994a173245..0b48965a6420 100644
--- a/drivers/video/fbdev/nvidia/nv_i2c.c
+++ b/drivers/video/fbdev/nvidia/nv_i2c.c
@@ -86,7 +86,7 @@ static int nvidia_setup_i2c_bus(struct nvidia_i2c_chan *chan, const char *name,
{
int rc;
- strcpy(chan->adapter.name, name);
+ strscpy(chan->adapter.name, name, sizeof(chan->adapter.name));
chan->adapter.owner = THIS_MODULE;
chan->adapter.class = i2c_class;
chan->adapter.algo_data = &chan->algo;
--
2.34.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 203/338] video: fbdev: w100fb: Reset global state
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (201 preceding siblings ...)
2022-04-14 13:11 ` Greg Kroah-Hartman
@ 2022-04-14 13:11 ` Greg Kroah-Hartman
2022-04-14 13:11 ` [PATCH 4.19 204/338] video: fbdev: cirrusfb: check pixclock to avoid divide by zero Greg Kroah-Hartman
` (140 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:11 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Evgeny Novikov, Kirill Shilimanov,
Helge Deller, Sasha Levin
From: Evgeny Novikov <novikov@ispras.ru>
[ Upstream commit 8738ddcac644964ae128ccd3d80d48773c8d528e ]
w100fb_probe() did not reset the global state to its initial state. This
can result in invocation of iounmap() even when there was not the
appropriate successful call of ioremap(). For instance, this may be the
case if first probe fails after two successful ioremap() while second
probe fails when first ioremap() fails. The similar issue is with
w100fb_remove(). The patch fixes both bugs.
Found by Linux Driver Verification project (linuxtesting.org).
Signed-off-by: Evgeny Novikov <novikov@ispras.ru>
Co-developed-by: Kirill Shilimanov <kirill.shilimanov@huawei.com>
Signed-off-by: Kirill Shilimanov <kirill.shilimanov@huawei.com>
Signed-off-by: Helge Deller <deller@gmx.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/video/fbdev/w100fb.c | 15 ++++++++++++---
1 file changed, 12 insertions(+), 3 deletions(-)
diff --git a/drivers/video/fbdev/w100fb.c b/drivers/video/fbdev/w100fb.c
index 967030176d87..307066113c35 100644
--- a/drivers/video/fbdev/w100fb.c
+++ b/drivers/video/fbdev/w100fb.c
@@ -773,12 +773,18 @@ int w100fb_probe(struct platform_device *pdev)
fb_dealloc_cmap(&info->cmap);
kfree(info->pseudo_palette);
}
- if (remapped_fbuf != NULL)
+ if (remapped_fbuf != NULL) {
iounmap(remapped_fbuf);
- if (remapped_regs != NULL)
+ remapped_fbuf = NULL;
+ }
+ if (remapped_regs != NULL) {
iounmap(remapped_regs);
- if (remapped_base != NULL)
+ remapped_regs = NULL;
+ }
+ if (remapped_base != NULL) {
iounmap(remapped_base);
+ remapped_base = NULL;
+ }
if (info)
framebuffer_release(info);
return err;
@@ -803,8 +809,11 @@ static int w100fb_remove(struct platform_device *pdev)
fb_dealloc_cmap(&info->cmap);
iounmap(remapped_base);
+ remapped_base = NULL;
iounmap(remapped_regs);
+ remapped_regs = NULL;
iounmap(remapped_fbuf);
+ remapped_fbuf = NULL;
framebuffer_release(info);
--
2.34.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 204/338] video: fbdev: cirrusfb: check pixclock to avoid divide by zero
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (202 preceding siblings ...)
2022-04-14 13:11 ` [PATCH 4.19 203/338] video: fbdev: w100fb: Reset global state Greg Kroah-Hartman
@ 2022-04-14 13:11 ` Greg Kroah-Hartman
2022-04-14 13:11 ` [PATCH 4.19 205/338] video: fbdev: omapfb: acx565akm: replace snprintf with sysfs_emit Greg Kroah-Hartman
` (139 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:11 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, George Kennedy, Geert Uytterhoeven,
Helge Deller, Sasha Levin
From: George Kennedy <george.kennedy@oracle.com>
[ Upstream commit 5c6f402bdcf9e7239c6bc7087eda71ac99b31379 ]
Do a sanity check on pixclock value to avoid divide by zero.
If the pixclock value is zero, the cirrusfb driver will round up
pixclock to get the derived frequency as close to maxclock as
possible.
Syzkaller reported a divide error in cirrusfb_check_pixclock.
divide error: 0000 [#1] SMP KASAN PTI
CPU: 0 PID: 14938 Comm: cirrusfb_test Not tainted 5.15.0-rc6 #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.11.0-2
RIP: 0010:cirrusfb_check_var+0x6f1/0x1260
Call Trace:
fb_set_var+0x398/0xf90
do_fb_ioctl+0x4b8/0x6f0
fb_ioctl+0xeb/0x130
__x64_sys_ioctl+0x19d/0x220
do_syscall_64+0x3a/0x80
entry_SYSCALL_64_after_hwframe+0x44/0xae
Signed-off-by: George Kennedy <george.kennedy@oracle.com>
Reviewed-by: Geert Uytterhoeven <geert@linux-m68k.org>
Signed-off-by: Helge Deller <deller@gmx.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/video/fbdev/cirrusfb.c | 16 ++++++++--------
1 file changed, 8 insertions(+), 8 deletions(-)
diff --git a/drivers/video/fbdev/cirrusfb.c b/drivers/video/fbdev/cirrusfb.c
index b3be06dd2908..72358d187023 100644
--- a/drivers/video/fbdev/cirrusfb.c
+++ b/drivers/video/fbdev/cirrusfb.c
@@ -470,7 +470,7 @@ static int cirrusfb_check_mclk(struct fb_info *info, long freq)
return 0;
}
-static int cirrusfb_check_pixclock(const struct fb_var_screeninfo *var,
+static int cirrusfb_check_pixclock(struct fb_var_screeninfo *var,
struct fb_info *info)
{
long freq;
@@ -479,9 +479,7 @@ static int cirrusfb_check_pixclock(const struct fb_var_screeninfo *var,
unsigned maxclockidx = var->bits_per_pixel >> 3;
/* convert from ps to kHz */
- freq = PICOS2KHZ(var->pixclock);
-
- dev_dbg(info->device, "desired pixclock: %ld kHz\n", freq);
+ freq = PICOS2KHZ(var->pixclock ? : 1);
maxclock = cirrusfb_board_info[cinfo->btype].maxclock[maxclockidx];
cinfo->multiplexing = 0;
@@ -489,11 +487,13 @@ static int cirrusfb_check_pixclock(const struct fb_var_screeninfo *var,
/* If the frequency is greater than we can support, we might be able
* to use multiplexing for the video mode */
if (freq > maxclock) {
- dev_err(info->device,
- "Frequency greater than maxclock (%ld kHz)\n",
- maxclock);
- return -EINVAL;
+ var->pixclock = KHZ2PICOS(maxclock);
+
+ while ((freq = PICOS2KHZ(var->pixclock)) > maxclock)
+ var->pixclock++;
}
+ dev_dbg(info->device, "desired pixclock: %ld kHz\n", freq);
+
/*
* Additional constraint: 8bpp uses DAC clock doubling to allow maximum
* pixel clock
--
2.34.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 205/338] video: fbdev: omapfb: acx565akm: replace snprintf with sysfs_emit
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (203 preceding siblings ...)
2022-04-14 13:11 ` [PATCH 4.19 204/338] video: fbdev: cirrusfb: check pixclock to avoid divide by zero Greg Kroah-Hartman
@ 2022-04-14 13:11 ` Greg Kroah-Hartman
2022-04-14 13:11 ` [PATCH 4.19 206/338] ARM: dts: qcom: fix gic_irq_domain_translate warnings for msm8960 Greg Kroah-Hartman
` (138 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:11 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Zeal Robot, Yang Guang, Helge Deller,
Sasha Levin
From: Yang Guang <yang.guang5@zte.com.cn>
[ Upstream commit 24565bc4115961db7ee64fcc7ad2a7437c0d0a49 ]
coccinelle report:
./drivers/video/fbdev/omap2/omapfb/displays/panel-sony-acx565akm.c:
479:9-17: WARNING: use scnprintf or sprintf
Use sysfs_emit instead of scnprintf or sprintf makes more sense.
Reported-by: Zeal Robot <zealci@zte.com.cn>
Signed-off-by: Yang Guang <yang.guang5@zte.com.cn>
Signed-off-by: Helge Deller <deller@gmx.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
.../video/fbdev/omap2/omapfb/displays/panel-sony-acx565akm.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/video/fbdev/omap2/omapfb/displays/panel-sony-acx565akm.c b/drivers/video/fbdev/omap2/omapfb/displays/panel-sony-acx565akm.c
index f2c2fef3db74..87c4f420a9d9 100644
--- a/drivers/video/fbdev/omap2/omapfb/displays/panel-sony-acx565akm.c
+++ b/drivers/video/fbdev/omap2/omapfb/displays/panel-sony-acx565akm.c
@@ -487,7 +487,7 @@ static ssize_t show_cabc_available_modes(struct device *dev,
int i;
if (!ddata->has_cabc)
- return snprintf(buf, PAGE_SIZE, "%s\n", cabc_modes[0]);
+ return sysfs_emit(buf, "%s\n", cabc_modes[0]);
for (i = 0, len = 0;
len < PAGE_SIZE && i < ARRAY_SIZE(cabc_modes); i++)
--
2.34.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 206/338] ARM: dts: qcom: fix gic_irq_domain_translate warnings for msm8960
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (204 preceding siblings ...)
2022-04-14 13:11 ` [PATCH 4.19 205/338] video: fbdev: omapfb: acx565akm: replace snprintf with sysfs_emit Greg Kroah-Hartman
@ 2022-04-14 13:11 ` Greg Kroah-Hartman
2022-04-14 13:11 ` [PATCH 4.19 207/338] ARM: dts: bcm2837: Add the missing L1/L2 cache information Greg Kroah-Hartman
` (137 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:11 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, David Heidelberg, Bjorn Andersson,
Sasha Levin, LogicalErzor
From: David Heidelberg <david@ixit.cz>
[ Upstream commit 6f7e221e7a5cfc3299616543fce42b36e631497b ]
IRQ types blindly copied from very similar APQ8064.
Fixes warnings as:
WARNING: CPU: 0 PID: 1 at drivers/irqchip/irq-gic.c:1080 gic_irq_domain_translate+0x118/0x120
...
Tested-by: LogicalErzor <logicalerzor@gmail.com> # boot-tested on Samsung S3
Signed-off-by: David Heidelberg <david@ixit.cz>
Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org>
Link: https://lore.kernel.org/r/20220108174229.60384-1-david@ixit.cz
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/boot/dts/qcom-msm8960.dtsi | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/arch/arm/boot/dts/qcom-msm8960.dtsi b/arch/arm/boot/dts/qcom-msm8960.dtsi
index 1733d8f40ab1..b256fda0f5ea 100644
--- a/arch/arm/boot/dts/qcom-msm8960.dtsi
+++ b/arch/arm/boot/dts/qcom-msm8960.dtsi
@@ -140,7 +140,9 @@
reg = <0x108000 0x1000>;
qcom,ipc = <&l2cc 0x8 2>;
- interrupts = <0 19 0>, <0 21 0>, <0 22 0>;
+ interrupts = <GIC_SPI 19 IRQ_TYPE_EDGE_RISING>,
+ <GIC_SPI 21 IRQ_TYPE_EDGE_RISING>,
+ <GIC_SPI 22 IRQ_TYPE_EDGE_RISING>;
interrupt-names = "ack", "err", "wakeup";
regulators {
@@ -186,7 +188,7 @@
compatible = "qcom,msm-uartdm-v1.3", "qcom,msm-uartdm";
reg = <0x16440000 0x1000>,
<0x16400000 0x1000>;
- interrupts = <0 154 0x0>;
+ interrupts = <GIC_SPI 154 IRQ_TYPE_LEVEL_HIGH>;
clocks = <&gcc GSBI5_UART_CLK>, <&gcc GSBI5_H_CLK>;
clock-names = "core", "iface";
status = "disabled";
@@ -312,7 +314,7 @@
#address-cells = <1>;
#size-cells = <0>;
reg = <0x16080000 0x1000>;
- interrupts = <0 147 0>;
+ interrupts = <GIC_SPI 147 IRQ_TYPE_LEVEL_HIGH>;
spi-max-frequency = <24000000>;
cs-gpios = <&msmgpio 8 0>;
--
2.34.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 207/338] ARM: dts: bcm2837: Add the missing L1/L2 cache information
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (205 preceding siblings ...)
2022-04-14 13:11 ` [PATCH 4.19 206/338] ARM: dts: qcom: fix gic_irq_domain_translate warnings for msm8960 Greg Kroah-Hartman
@ 2022-04-14 13:11 ` Greg Kroah-Hartman
2022-04-14 13:11 ` [PATCH 4.19 208/338] ARM: ftrace: avoid redundant loads or clobbering IP Greg Kroah-Hartman
` (136 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:11 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Richard Schleich, Stefan Wahren,
Florian Fainelli, Sasha Levin
From: Richard Schleich <rs@noreya.tech>
[ Upstream commit bdf8762da268d2a34abf517c36528413906e9cd5 ]
This patch fixes the kernel warning
"cacheinfo: Unable to detect cache hierarchy for CPU 0"
for the bcm2837 on newer kernel versions.
Signed-off-by: Richard Schleich <rs@noreya.tech>
Tested-by: Stefan Wahren <stefan.wahren@i2se.com>
[florian: Align and remove comments matching property values]
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/boot/dts/bcm2837.dtsi | 49 ++++++++++++++++++++++++++++++++++
1 file changed, 49 insertions(+)
diff --git a/arch/arm/boot/dts/bcm2837.dtsi b/arch/arm/boot/dts/bcm2837.dtsi
index beb6c502dadc..bcad098a7fcc 100644
--- a/arch/arm/boot/dts/bcm2837.dtsi
+++ b/arch/arm/boot/dts/bcm2837.dtsi
@@ -38,12 +38,26 @@
#size-cells = <0>;
enable-method = "brcm,bcm2836-smp"; // for ARM 32-bit
+ /* Source for d/i-cache-line-size and d/i-cache-sets
+ * https://developer.arm.com/documentation/ddi0500/e/level-1-memory-system
+ * /about-the-l1-memory-system?lang=en
+ *
+ * Source for d/i-cache-size
+ * https://magpi.raspberrypi.com/articles/raspberry-pi-3-specs-benchmarks
+ */
cpu0: cpu@0 {
device_type = "cpu";
compatible = "arm,cortex-a53";
reg = <0>;
enable-method = "spin-table";
cpu-release-addr = <0x0 0x000000d8>;
+ d-cache-size = <0x8000>;
+ d-cache-line-size = <64>;
+ d-cache-sets = <128>; // 32KiB(size)/64(line-size)=512ways/4-way set
+ i-cache-size = <0x8000>;
+ i-cache-line-size = <64>;
+ i-cache-sets = <256>; // 32KiB(size)/64(line-size)=512ways/2-way set
+ next-level-cache = <&l2>;
};
cpu1: cpu@1 {
@@ -52,6 +66,13 @@
reg = <1>;
enable-method = "spin-table";
cpu-release-addr = <0x0 0x000000e0>;
+ d-cache-size = <0x8000>;
+ d-cache-line-size = <64>;
+ d-cache-sets = <128>; // 32KiB(size)/64(line-size)=512ways/4-way set
+ i-cache-size = <0x8000>;
+ i-cache-line-size = <64>;
+ i-cache-sets = <256>; // 32KiB(size)/64(line-size)=512ways/2-way set
+ next-level-cache = <&l2>;
};
cpu2: cpu@2 {
@@ -60,6 +81,13 @@
reg = <2>;
enable-method = "spin-table";
cpu-release-addr = <0x0 0x000000e8>;
+ d-cache-size = <0x8000>;
+ d-cache-line-size = <64>;
+ d-cache-sets = <128>; // 32KiB(size)/64(line-size)=512ways/4-way set
+ i-cache-size = <0x8000>;
+ i-cache-line-size = <64>;
+ i-cache-sets = <256>; // 32KiB(size)/64(line-size)=512ways/2-way set
+ next-level-cache = <&l2>;
};
cpu3: cpu@3 {
@@ -68,6 +96,27 @@
reg = <3>;
enable-method = "spin-table";
cpu-release-addr = <0x0 0x000000f0>;
+ d-cache-size = <0x8000>;
+ d-cache-line-size = <64>;
+ d-cache-sets = <128>; // 32KiB(size)/64(line-size)=512ways/4-way set
+ i-cache-size = <0x8000>;
+ i-cache-line-size = <64>;
+ i-cache-sets = <256>; // 32KiB(size)/64(line-size)=512ways/2-way set
+ next-level-cache = <&l2>;
+ };
+
+ /* Source for cache-line-size + cache-sets
+ * https://developer.arm.com/documentation/ddi0500
+ * /e/level-2-memory-system/about-the-l2-memory-system?lang=en
+ * Source for cache-size
+ * https://datasheets.raspberrypi.com/cm/cm1-and-cm3-datasheet.pdf
+ */
+ l2: l2-cache0 {
+ compatible = "cache";
+ cache-size = <0x80000>;
+ cache-line-size = <64>;
+ cache-sets = <512>; // 512KiB(size)/64(line-size)=8192ways/16-way set
+ cache-level = <2>;
};
};
};
--
2.34.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 208/338] ARM: ftrace: avoid redundant loads or clobbering IP
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (206 preceding siblings ...)
2022-04-14 13:11 ` [PATCH 4.19 207/338] ARM: dts: bcm2837: Add the missing L1/L2 cache information Greg Kroah-Hartman
@ 2022-04-14 13:11 ` Greg Kroah-Hartman
2022-04-14 13:25 ` Ard Biesheuvel
2022-04-14 13:11 ` [PATCH 4.19 209/338] video: fbdev: omapfb: panel-dsi-cm: Use sysfs_emit() instead of snprintf() Greg Kroah-Hartman
` (135 subsequent siblings)
343 siblings, 1 reply; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:11 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Ard Biesheuvel,
Steven Rostedt (Google),
Sasha Levin
From: Ard Biesheuvel <ardb@kernel.org>
[ Upstream commit d11967870815b5ab89843980e35aab616c97c463 ]
Tweak the ftrace return paths to avoid redundant loads of SP, as well as
unnecessary clobbering of IP.
This also fixes the inconsistency of using MOV to perform a function
return, which is sub-optimal on recent micro-architectures but more
importantly, does not perform an interworking return, unlike compiler
generated function returns in Thumb2 builds.
Let's fix this by popping PC from the stack like most ordinary code
does.
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Reviewed-by: Steven Rostedt (Google) <rostedt@goodmis.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/kernel/entry-ftrace.S | 51 +++++++++++++++-------------------
1 file changed, 22 insertions(+), 29 deletions(-)
diff --git a/arch/arm/kernel/entry-ftrace.S b/arch/arm/kernel/entry-ftrace.S
index 1acf4d05e94c..393c342ecd51 100644
--- a/arch/arm/kernel/entry-ftrace.S
+++ b/arch/arm/kernel/entry-ftrace.S
@@ -41,10 +41,7 @@
* mcount can be thought of as a function called in the middle of a subroutine
* call. As such, it needs to be transparent for both the caller and the
* callee: the original lr needs to be restored when leaving mcount, and no
- * registers should be clobbered. (In the __gnu_mcount_nc implementation, we
- * clobber the ip register. This is OK because the ARM calling convention
- * allows it to be clobbered in subroutines and doesn't use it to hold
- * parameters.)
+ * registers should be clobbered.
*
* When using dynamic ftrace, we patch out the mcount call by a "mov r0, r0"
* for the mcount case, and a "pop {lr}" for the __gnu_mcount_nc case (see
@@ -96,26 +93,25 @@
.macro __ftrace_regs_caller
- sub sp, sp, #8 @ space for PC and CPSR OLD_R0,
+ str lr, [sp, #-8]! @ store LR as PC and make space for CPSR/OLD_R0,
@ OLD_R0 will overwrite previous LR
- add ip, sp, #12 @ move in IP the value of SP as it was
- @ before the push {lr} of the mcount mechanism
+ ldr lr, [sp, #8] @ get previous LR
- str lr, [sp, #0] @ store LR instead of PC
+ str r0, [sp, #8] @ write r0 as OLD_R0 over previous LR
- ldr lr, [sp, #8] @ get previous LR
+ str lr, [sp, #-4]! @ store previous LR as LR
- str r0, [sp, #8] @ write r0 as OLD_R0 over previous LR
+ add lr, sp, #16 @ move in LR the value of SP as it was
+ @ before the push {lr} of the mcount mechanism
- stmdb sp!, {ip, lr}
- stmdb sp!, {r0-r11, lr}
+ push {r0-r11, ip, lr}
@ stack content at this point:
@ 0 4 48 52 56 60 64 68 72
- @ R0 | R1 | ... | LR | SP + 4 | previous LR | LR | PSR | OLD_R0 |
+ @ R0 | R1 | ... | IP | SP + 4 | previous LR | LR | PSR | OLD_R0 |
- mov r3, sp @ struct pt_regs*
+ mov r3, sp @ struct pt_regs*
ldr r2, =function_trace_op
ldr r2, [r2] @ pointer to the current
@@ -138,11 +134,9 @@ ftrace_graph_regs_call:
#endif
@ pop saved regs
- ldmia sp!, {r0-r12} @ restore r0 through r12
- ldr ip, [sp, #8] @ restore PC
- ldr lr, [sp, #4] @ restore LR
- ldr sp, [sp, #0] @ restore SP
- mov pc, ip @ return
+ pop {r0-r11, ip, lr} @ restore r0 through r12
+ ldr lr, [sp], #4 @ restore LR
+ ldr pc, [sp], #12
.endm
#ifdef CONFIG_FUNCTION_GRAPH_TRACER
@@ -158,11 +152,9 @@ ftrace_graph_regs_call:
bl prepare_ftrace_return
@ pop registers saved in ftrace_regs_caller
- ldmia sp!, {r0-r12} @ restore r0 through r12
- ldr ip, [sp, #8] @ restore PC
- ldr lr, [sp, #4] @ restore LR
- ldr sp, [sp, #0] @ restore SP
- mov pc, ip @ return
+ pop {r0-r11, ip, lr} @ restore r0 through r12
+ ldr lr, [sp], #4 @ restore LR
+ ldr pc, [sp], #12
.endm
#endif
@@ -273,16 +265,17 @@ ENDPROC(ftrace_graph_caller_old)
.endm
.macro mcount_exit
- ldmia sp!, {r0-r3, ip, lr}
- ret ip
+ ldmia sp!, {r0-r3}
+ ldr lr, [sp, #4]
+ ldr pc, [sp], #8
.endm
ENTRY(__gnu_mcount_nc)
UNWIND(.fnstart)
#ifdef CONFIG_DYNAMIC_FTRACE
- mov ip, lr
- ldmia sp!, {lr}
- ret ip
+ push {lr}
+ ldr lr, [sp, #4]
+ ldr pc, [sp], #8
#else
__mcount
#endif
--
2.34.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 209/338] video: fbdev: omapfb: panel-dsi-cm: Use sysfs_emit() instead of snprintf()
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (207 preceding siblings ...)
2022-04-14 13:11 ` [PATCH 4.19 208/338] ARM: ftrace: avoid redundant loads or clobbering IP Greg Kroah-Hartman
@ 2022-04-14 13:11 ` Greg Kroah-Hartman
2022-04-14 13:11 ` [PATCH 4.19 210/338] video: fbdev: omapfb: panel-tpo-td043mtea1: " Greg Kroah-Hartman
` (134 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:11 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Zeal Robot, Jing Yao, Helge Deller,
Sasha Levin
From: Jing Yao <yao.jing2@zte.com.cn>
[ Upstream commit f63658a59c3d439c8ad7b290f8ec270980e0f384 ]
Use sysfs_emit instead of scnprintf, snprintf or sprintf.
Reported-by: Zeal Robot <zealci@zte.com.cn>
Signed-off-by: Jing Yao <yao.jing2@zte.com.cn>
Signed-off-by: Helge Deller <deller@gmx.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/video/fbdev/omap2/omapfb/displays/panel-dsi-cm.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/drivers/video/fbdev/omap2/omapfb/displays/panel-dsi-cm.c b/drivers/video/fbdev/omap2/omapfb/displays/panel-dsi-cm.c
index 87497a00241f..1c57ddaeff1b 100644
--- a/drivers/video/fbdev/omap2/omapfb/displays/panel-dsi-cm.c
+++ b/drivers/video/fbdev/omap2/omapfb/displays/panel-dsi-cm.c
@@ -412,7 +412,7 @@ static ssize_t dsicm_num_errors_show(struct device *dev,
if (r)
return r;
- return snprintf(buf, PAGE_SIZE, "%d\n", errors);
+ return sysfs_emit(buf, "%d\n", errors);
}
static ssize_t dsicm_hw_revision_show(struct device *dev,
@@ -442,7 +442,7 @@ static ssize_t dsicm_hw_revision_show(struct device *dev,
if (r)
return r;
- return snprintf(buf, PAGE_SIZE, "%02x.%02x.%02x\n", id1, id2, id3);
+ return sysfs_emit(buf, "%02x.%02x.%02x\n", id1, id2, id3);
}
static ssize_t dsicm_store_ulps(struct device *dev,
@@ -490,7 +490,7 @@ static ssize_t dsicm_show_ulps(struct device *dev,
t = ddata->ulps_enabled;
mutex_unlock(&ddata->lock);
- return snprintf(buf, PAGE_SIZE, "%u\n", t);
+ return sysfs_emit(buf, "%u\n", t);
}
static ssize_t dsicm_store_ulps_timeout(struct device *dev,
@@ -535,7 +535,7 @@ static ssize_t dsicm_show_ulps_timeout(struct device *dev,
t = ddata->ulps_timeout;
mutex_unlock(&ddata->lock);
- return snprintf(buf, PAGE_SIZE, "%u\n", t);
+ return sysfs_emit(buf, "%u\n", t);
}
static DEVICE_ATTR(num_dsi_errors, S_IRUGO, dsicm_num_errors_show, NULL);
--
2.34.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 210/338] video: fbdev: omapfb: panel-tpo-td043mtea1: Use sysfs_emit() instead of snprintf()
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (208 preceding siblings ...)
2022-04-14 13:11 ` [PATCH 4.19 209/338] video: fbdev: omapfb: panel-dsi-cm: Use sysfs_emit() instead of snprintf() Greg Kroah-Hartman
@ 2022-04-14 13:11 ` Greg Kroah-Hartman
2022-04-14 13:11 ` [PATCH 4.19 211/338] video: fbdev: udlfb: replace snprintf in show functions with sysfs_emit Greg Kroah-Hartman
` (133 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:11 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Zeal Robot, Jing Yao, Helge Deller,
Sasha Levin
From: Jing Yao <yao.jing2@zte.com.cn>
[ Upstream commit c07a039cbb96748f54c02995bae8131cc9a73b0a ]
Use sysfs_emit instead of scnprintf, snprintf or sprintf.
Reported-by: Zeal Robot <zealci@zte.com.cn>
Signed-off-by: Jing Yao <yao.jing2@zte.com.cn>
Signed-off-by: Helge Deller <deller@gmx.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
.../video/fbdev/omap2/omapfb/displays/panel-tpo-td043mtea1.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/video/fbdev/omap2/omapfb/displays/panel-tpo-td043mtea1.c b/drivers/video/fbdev/omap2/omapfb/displays/panel-tpo-td043mtea1.c
index ea8c79a42b41..3f1389bfba6f 100644
--- a/drivers/video/fbdev/omap2/omapfb/displays/panel-tpo-td043mtea1.c
+++ b/drivers/video/fbdev/omap2/omapfb/displays/panel-tpo-td043mtea1.c
@@ -173,7 +173,7 @@ static ssize_t tpo_td043_vmirror_show(struct device *dev,
{
struct panel_drv_data *ddata = dev_get_drvdata(dev);
- return snprintf(buf, PAGE_SIZE, "%d\n", ddata->vmirror);
+ return sysfs_emit(buf, "%d\n", ddata->vmirror);
}
static ssize_t tpo_td043_vmirror_store(struct device *dev,
@@ -203,7 +203,7 @@ static ssize_t tpo_td043_mode_show(struct device *dev,
{
struct panel_drv_data *ddata = dev_get_drvdata(dev);
- return snprintf(buf, PAGE_SIZE, "%d\n", ddata->mode);
+ return sysfs_emit(buf, "%d\n", ddata->mode);
}
static ssize_t tpo_td043_mode_store(struct device *dev,
--
2.34.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 211/338] video: fbdev: udlfb: replace snprintf in show functions with sysfs_emit
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (209 preceding siblings ...)
2022-04-14 13:11 ` [PATCH 4.19 210/338] video: fbdev: omapfb: panel-tpo-td043mtea1: " Greg Kroah-Hartman
@ 2022-04-14 13:11 ` Greg Kroah-Hartman
2022-04-14 13:11 ` [PATCH 4.19 212/338] ASoC: soc-core: skip zero num_dai component in searching dai name Greg Kroah-Hartman
` (132 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:11 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Zeal Robot, Jing Yao, Helge Deller,
Sasha Levin
From: Jing Yao <yao.jing2@zte.com.cn>
[ Upstream commit 81a998288956d09d7a7a2303d47e4d60ad55c401 ]
Use sysfs_emit instead of scnprintf, snprintf or sprintf.
Reported-by: Zeal Robot <zealci@zte.com.cn>
Signed-off-by: Jing Yao <yao.jing2@zte.com.cn>
Signed-off-by: Helge Deller <deller@gmx.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/video/fbdev/udlfb.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/drivers/video/fbdev/udlfb.c b/drivers/video/fbdev/udlfb.c
index f7823aa99340..08a694e9383f 100644
--- a/drivers/video/fbdev/udlfb.c
+++ b/drivers/video/fbdev/udlfb.c
@@ -1430,7 +1430,7 @@ static ssize_t metrics_bytes_rendered_show(struct device *fbdev,
struct device_attribute *a, char *buf) {
struct fb_info *fb_info = dev_get_drvdata(fbdev);
struct dlfb_data *dlfb = fb_info->par;
- return snprintf(buf, PAGE_SIZE, "%u\n",
+ return sysfs_emit(buf, "%u\n",
atomic_read(&dlfb->bytes_rendered));
}
@@ -1438,7 +1438,7 @@ static ssize_t metrics_bytes_identical_show(struct device *fbdev,
struct device_attribute *a, char *buf) {
struct fb_info *fb_info = dev_get_drvdata(fbdev);
struct dlfb_data *dlfb = fb_info->par;
- return snprintf(buf, PAGE_SIZE, "%u\n",
+ return sysfs_emit(buf, "%u\n",
atomic_read(&dlfb->bytes_identical));
}
@@ -1446,7 +1446,7 @@ static ssize_t metrics_bytes_sent_show(struct device *fbdev,
struct device_attribute *a, char *buf) {
struct fb_info *fb_info = dev_get_drvdata(fbdev);
struct dlfb_data *dlfb = fb_info->par;
- return snprintf(buf, PAGE_SIZE, "%u\n",
+ return sysfs_emit(buf, "%u\n",
atomic_read(&dlfb->bytes_sent));
}
@@ -1454,7 +1454,7 @@ static ssize_t metrics_cpu_kcycles_used_show(struct device *fbdev,
struct device_attribute *a, char *buf) {
struct fb_info *fb_info = dev_get_drvdata(fbdev);
struct dlfb_data *dlfb = fb_info->par;
- return snprintf(buf, PAGE_SIZE, "%u\n",
+ return sysfs_emit(buf, "%u\n",
atomic_read(&dlfb->cpu_kcycles_used));
}
--
2.34.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 212/338] ASoC: soc-core: skip zero num_dai component in searching dai name
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (210 preceding siblings ...)
2022-04-14 13:11 ` [PATCH 4.19 211/338] video: fbdev: udlfb: replace snprintf in show functions with sysfs_emit Greg Kroah-Hartman
@ 2022-04-14 13:11 ` Greg Kroah-Hartman
2022-04-14 13:11 ` [PATCH 4.19 213/338] media: cx88-mpeg: clear interrupt status register before streaming video Greg Kroah-Hartman
` (131 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:11 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Shengjiu Wang, Mark Brown, Sasha Levin
From: Shengjiu Wang <shengjiu.wang@nxp.com>
[ Upstream commit f7d344a2bd5ec81fbd1ce76928fd059e57ec9bea ]
In the case like dmaengine which's not a dai but as a component, the
num_dai is zero, dmaengine component has the same component_of_node
as cpu dai, when cpu dai component is not ready, but dmaengine component
is ready, try to get cpu dai name, the snd_soc_get_dai_name() return
-EINVAL, not -EPROBE_DEFER, that cause below error:
asoc-simple-card <card name>: parse error -22
asoc-simple-card: probe of <card name> failed with error -22
The sound card failed to probe.
So this patch fixes the issue above by skipping the zero num_dai
component in searching dai name.
Signed-off-by: Shengjiu Wang <shengjiu.wang@nxp.com>
Link: https://lore.kernel.org/r/1644491952-7457-1-git-send-email-shengjiu.wang@nxp.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/soc-core.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/sound/soc/soc-core.c b/sound/soc/soc-core.c
index 273898b358c4..9ca7dff5593d 100644
--- a/sound/soc/soc-core.c
+++ b/sound/soc/soc-core.c
@@ -3708,7 +3708,7 @@ int snd_soc_get_dai_name(struct of_phandle_args *args,
if (!component_of_node && pos->dev->parent)
component_of_node = pos->dev->parent->of_node;
- if (component_of_node != args->np)
+ if (component_of_node != args->np || !pos->num_dai)
continue;
if (pos->driver->of_xlate_dai_name) {
--
2.34.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 213/338] media: cx88-mpeg: clear interrupt status register before streaming video
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (211 preceding siblings ...)
2022-04-14 13:11 ` [PATCH 4.19 212/338] ASoC: soc-core: skip zero num_dai component in searching dai name Greg Kroah-Hartman
@ 2022-04-14 13:11 ` Greg Kroah-Hartman
2022-04-14 13:11 ` [PATCH 4.19 214/338] ARM: tegra: tamonten: Fix I2C3 pad setting Greg Kroah-Hartman
` (130 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:11 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Daniel González Cabanelas, Sasha Levin
From: Daniel González Cabanelas <dgcbueu@gmail.com>
[ Upstream commit 56cb61f70e547e1b0cdfe6ff5a1f1ce6242e6d96 ]
Some cx88 video cards may have transport stream status interrupts set
to 1 from cold start, causing errors like this:
cx88xx: cx88_print_irqbits: core:irq mpeg [0x100000] ts_err?*
cx8802: cx8802_mpeg_irq: mpeg:general errors: 0x00100000
According to CX2388x datasheet, the interrupt status register should be
cleared before enabling IRQs to stream video.
Fix it by clearing the Transport Stream Interrupt Status register.
Signed-off-by: Daniel González Cabanelas <dgcbueu@gmail.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/pci/cx88/cx88-mpeg.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/media/pci/cx88/cx88-mpeg.c b/drivers/media/pci/cx88/cx88-mpeg.c
index 52ff00ebd4bd..281eca525340 100644
--- a/drivers/media/pci/cx88/cx88-mpeg.c
+++ b/drivers/media/pci/cx88/cx88-mpeg.c
@@ -171,6 +171,9 @@ int cx8802_start_dma(struct cx8802_dev *dev,
cx_write(MO_TS_GPCNTRL, GP_COUNT_CONTROL_RESET);
q->count = 0;
+ /* clear interrupt status register */
+ cx_write(MO_TS_INTSTAT, 0x1f1111);
+
/* enable irqs */
dprintk(1, "setting the interrupt mask\n");
cx_set(MO_PCI_INTMSK, core->pci_irqmask | PCI_INT_TSINT);
--
2.34.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 214/338] ARM: tegra: tamonten: Fix I2C3 pad setting
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (212 preceding siblings ...)
2022-04-14 13:11 ` [PATCH 4.19 213/338] media: cx88-mpeg: clear interrupt status register before streaming video Greg Kroah-Hartman
@ 2022-04-14 13:11 ` Greg Kroah-Hartman
2022-04-14 13:11 ` [PATCH 4.19 215/338] ARM: mmp: Fix failure to remove sram device Greg Kroah-Hartman
` (129 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:11 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Richard Leitner, Thierry Reding, Sasha Levin
From: Richard Leitner <richard.leitner@skidata.com>
[ Upstream commit 0092c25b541a5422d7e71892a13c55ee91abc34b ]
This patch fixes the tristate configuration for i2c3 function assigned
to the dtf pins on the Tamonten Tegra20 SoM.
Signed-off-by: Richard Leitner <richard.leitner@skidata.com>
Signed-off-by: Thierry Reding <treding@nvidia.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/boot/dts/tegra20-tamonten.dtsi | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/arch/arm/boot/dts/tegra20-tamonten.dtsi b/arch/arm/boot/dts/tegra20-tamonten.dtsi
index 394a6b4dc69d..69cb65d86c46 100644
--- a/arch/arm/boot/dts/tegra20-tamonten.dtsi
+++ b/arch/arm/boot/dts/tegra20-tamonten.dtsi
@@ -183,8 +183,8 @@
};
conf_ata {
nvidia,pins = "ata", "atb", "atc", "atd", "ate",
- "cdev1", "cdev2", "dap1", "dtb", "gma",
- "gmb", "gmc", "gmd", "gme", "gpu7",
+ "cdev1", "cdev2", "dap1", "dtb", "dtf",
+ "gma", "gmb", "gmc", "gmd", "gme", "gpu7",
"gpv", "i2cp", "irrx", "irtx", "pta",
"rm", "slxa", "slxk", "spia", "spib",
"uac";
@@ -203,7 +203,7 @@
};
conf_crtp {
nvidia,pins = "crtp", "dap2", "dap3", "dap4",
- "dtc", "dte", "dtf", "gpu", "sdio1",
+ "dtc", "dte", "gpu", "sdio1",
"slxc", "slxd", "spdi", "spdo", "spig",
"uda";
nvidia,pull = <TEGRA_PIN_PULL_NONE>;
--
2.34.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 215/338] ARM: mmp: Fix failure to remove sram device
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (213 preceding siblings ...)
2022-04-14 13:11 ` [PATCH 4.19 214/338] ARM: tegra: tamonten: Fix I2C3 pad setting Greg Kroah-Hartman
@ 2022-04-14 13:11 ` Greg Kroah-Hartman
2022-04-14 13:11 ` [PATCH 4.19 216/338] video: fbdev: sm712fb: Fix crash in smtcfb_write() Greg Kroah-Hartman
` (128 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:11 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Uwe Kleine-König, Arnd Bergmann,
Sasha Levin
From: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
[ Upstream commit 4036b29a146b2749af3bb213b003eb69f3e5ecc4 ]
Make sure in .probe() to set driver data before the function is left to
make it possible in .remove() to undo the actions done.
This fixes a potential memory leak and stops returning an error code in
.remove() that is ignored by the driver core anyhow.
Signed-off-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/mach-mmp/sram.c | 22 ++++++++++++----------
1 file changed, 12 insertions(+), 10 deletions(-)
diff --git a/arch/arm/mach-mmp/sram.c b/arch/arm/mach-mmp/sram.c
index ba91e4fe444d..3c4e41dabb02 100644
--- a/arch/arm/mach-mmp/sram.c
+++ b/arch/arm/mach-mmp/sram.c
@@ -76,6 +76,8 @@ static int sram_probe(struct platform_device *pdev)
if (!info)
return -ENOMEM;
+ platform_set_drvdata(pdev, info);
+
res = platform_get_resource(pdev, IORESOURCE_MEM, 0);
if (res == NULL) {
dev_err(&pdev->dev, "no memory resource defined\n");
@@ -111,8 +113,6 @@ static int sram_probe(struct platform_device *pdev)
list_add(&info->node, &sram_bank_list);
mutex_unlock(&sram_lock);
- platform_set_drvdata(pdev, info);
-
dev_info(&pdev->dev, "initialized\n");
return 0;
@@ -131,17 +131,19 @@ static int sram_remove(struct platform_device *pdev)
struct sram_bank_info *info;
info = platform_get_drvdata(pdev);
- if (info == NULL)
- return -ENODEV;
- mutex_lock(&sram_lock);
- list_del(&info->node);
- mutex_unlock(&sram_lock);
+ if (info->sram_size) {
+ mutex_lock(&sram_lock);
+ list_del(&info->node);
+ mutex_unlock(&sram_lock);
+
+ gen_pool_destroy(info->gpool);
+ iounmap(info->sram_virt);
+ kfree(info->pool_name);
+ }
- gen_pool_destroy(info->gpool);
- iounmap(info->sram_virt);
- kfree(info->pool_name);
kfree(info);
+
return 0;
}
--
2.34.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 216/338] video: fbdev: sm712fb: Fix crash in smtcfb_write()
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (214 preceding siblings ...)
2022-04-14 13:11 ` [PATCH 4.19 215/338] ARM: mmp: Fix failure to remove sram device Greg Kroah-Hartman
@ 2022-04-14 13:11 ` Greg Kroah-Hartman
2022-04-14 13:12 ` [PATCH 4.19 217/338] media: Revert "media: em28xx: add missing em28xx_close_extension" Greg Kroah-Hartman
` (127 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:11 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Zheyu Ma, Helge Deller, Sasha Levin
From: Zheyu Ma <zheyuma97@gmail.com>
[ Upstream commit 4f01d09b2bbfbcb47b3eb305560a7f4857a32260 ]
When the sm712fb driver writes three bytes to the framebuffer, the
driver will crash:
BUG: unable to handle page fault for address: ffffc90001ffffff
RIP: 0010:smtcfb_write+0x454/0x5b0
Call Trace:
vfs_write+0x291/0xd60
? do_sys_openat2+0x27d/0x350
? __fget_light+0x54/0x340
ksys_write+0xce/0x190
do_syscall_64+0x43/0x90
entry_SYSCALL_64_after_hwframe+0x44/0xae
Fix it by removing the open-coded endianness fixup-code.
Signed-off-by: Zheyu Ma <zheyuma97@gmail.com>
Signed-off-by: Helge Deller <deller@gmx.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/video/fbdev/sm712fb.c | 21 ++++-----------------
1 file changed, 4 insertions(+), 17 deletions(-)
--- a/drivers/video/fbdev/sm712fb.c
+++ b/drivers/video/fbdev/sm712fb.c
@@ -1119,7 +1119,7 @@ static ssize_t smtcfb_write(struct fb_in
count = total_size - p;
}
- buffer = kmalloc((count > PAGE_SIZE) ? PAGE_SIZE : count, GFP_KERNEL);
+ buffer = kmalloc(PAGE_SIZE, GFP_KERNEL);
if (!buffer)
return -ENOMEM;
@@ -1137,24 +1137,11 @@ static ssize_t smtcfb_write(struct fb_in
break;
}
- for (i = c >> 2; i--;) {
- fb_writel(big_swap(*src), dst++);
+ for (i = (c + 3) >> 2; i--;) {
+ fb_writel(big_swap(*src), dst);
+ dst++;
src++;
}
- if (c & 3) {
- u8 *src8 = (u8 *)src;
- u8 __iomem *dst8 = (u8 __iomem *)dst;
-
- for (i = c & 3; i--;) {
- if (i & 1) {
- fb_writeb(*src8++, ++dst8);
- } else {
- fb_writeb(*src8++, --dst8);
- dst8 += 2;
- }
- }
- dst = (u32 __iomem *)dst8;
- }
*ppos += c;
buf += c;
^ permalink raw reply [flat|nested] 364+ messages in thread
* [PATCH 4.19 217/338] media: Revert "media: em28xx: add missing em28xx_close_extension"
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (215 preceding siblings ...)
2022-04-14 13:11 ` [PATCH 4.19 216/338] video: fbdev: sm712fb: Fix crash in smtcfb_write() Greg Kroah-Hartman
@ 2022-04-14 13:12 ` Greg Kroah-Hartman
2022-04-14 13:12 ` [PATCH 4.19 218/338] media: hdpvr: initialize dev->worker at hdpvr_register_videodev Greg Kroah-Hartman
` (126 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:12 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Maximilian Böhm, Pavel Skripkin,
Hans Verkuil, Mauro Carvalho Chehab, Sasha Levin
From: Pavel Skripkin <paskripkin@gmail.com>
[ Upstream commit fde18c3bac3f964d8333ae53b304d8fee430502b ]
This reverts commit 2c98b8a3458df03abdc6945bbef67ef91d181938.
Reverted patch causes problems with Hauppauge WinTV dualHD as Maximilian
reported [1]. Since quick solution didn't come up let's just revert it
to make this device work with upstream kernels.
Link: https://lore.kernel.org/all/6a72a37b-e972-187d-0322-16336e12bdc5@elbmurf.de/ [1]
Reported-by: Maximilian Böhm <maximilian.boehm@elbmurf.de>
Tested-by: Maximilian Böhm <maximilian.boehm@elbmurf.de>
Signed-off-by: Pavel Skripkin <paskripkin@gmail.com>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/usb/em28xx/em28xx-cards.c | 5 +----
1 file changed, 1 insertion(+), 4 deletions(-)
diff --git a/drivers/media/usb/em28xx/em28xx-cards.c b/drivers/media/usb/em28xx/em28xx-cards.c
index c7f79d0f3883..b14bff7b4ec8 100644
--- a/drivers/media/usb/em28xx/em28xx-cards.c
+++ b/drivers/media/usb/em28xx/em28xx-cards.c
@@ -4036,11 +4036,8 @@ static void em28xx_usb_disconnect(struct usb_interface *intf)
em28xx_close_extension(dev);
- if (dev->dev_next) {
- em28xx_close_extension(dev->dev_next);
+ if (dev->dev_next)
em28xx_release_resources(dev->dev_next);
- }
-
em28xx_release_resources(dev);
if (dev->dev_next) {
--
2.34.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 218/338] media: hdpvr: initialize dev->worker at hdpvr_register_videodev
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (216 preceding siblings ...)
2022-04-14 13:12 ` [PATCH 4.19 217/338] media: Revert "media: em28xx: add missing em28xx_close_extension" Greg Kroah-Hartman
@ 2022-04-14 13:12 ` Greg Kroah-Hartman
2022-04-14 13:12 ` [PATCH 4.19 219/338] mmc: host: Return an error when ->enable_sdio_irq() ops is missing Greg Kroah-Hartman
` (125 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:12 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, syzkaller, Dongliang Mu,
Hans Verkuil, Mauro Carvalho Chehab, Sasha Levin
From: Dongliang Mu <mudongliangabcd@gmail.com>
[ Upstream commit 07922937e9a580825f9965c46fd15e23ba5754b6 ]
hdpvr_register_videodev is responsible to initialize a worker in
hdpvr_device. However, the worker is only initialized at
hdpvr_start_streaming other than hdpvr_register_videodev.
When hdpvr_probe does not initialize its worker, the hdpvr_disconnect
will encounter one WARN in flush_work.The stack trace is as follows:
hdpvr_disconnect+0xb8/0xf2 drivers/media/usb/hdpvr/hdpvr-core.c:425
usb_unbind_interface+0xbf/0x3a0 drivers/usb/core/driver.c:458
__device_release_driver drivers/base/dd.c:1206 [inline]
device_release_driver_internal+0x22a/0x230 drivers/base/dd.c:1237
bus_remove_device+0x108/0x160 drivers/base/bus.c:529
device_del+0x1fe/0x510 drivers/base/core.c:3592
usb_disable_device+0xd1/0x1d0 drivers/usb/core/message.c:1419
usb_disconnect+0x109/0x330 drivers/usb/core/hub.c:2228
Fix this by moving the initialization of dev->worker to the starting of
hdpvr_register_videodev
Reported-by: syzkaller <syzkaller@googlegroups.com>
Signed-off-by: Dongliang Mu <mudongliangabcd@gmail.com>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/usb/hdpvr/hdpvr-video.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/media/usb/hdpvr/hdpvr-video.c b/drivers/media/usb/hdpvr/hdpvr-video.c
index 0615996572e4..ce46f8721470 100644
--- a/drivers/media/usb/hdpvr/hdpvr-video.c
+++ b/drivers/media/usb/hdpvr/hdpvr-video.c
@@ -312,7 +312,6 @@ static int hdpvr_start_streaming(struct hdpvr_device *dev)
dev->status = STATUS_STREAMING;
- INIT_WORK(&dev->worker, hdpvr_transmit_buffers);
schedule_work(&dev->worker);
v4l2_dbg(MSG_BUFFER, hdpvr_debug, &dev->v4l2_dev,
@@ -1175,6 +1174,9 @@ int hdpvr_register_videodev(struct hdpvr_device *dev, struct device *parent,
bool ac3 = dev->flags & HDPVR_FLAG_AC3_CAP;
int res;
+ // initialize dev->worker
+ INIT_WORK(&dev->worker, hdpvr_transmit_buffers);
+
dev->cur_std = V4L2_STD_525_60;
dev->width = 720;
dev->height = 480;
--
2.34.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 219/338] mmc: host: Return an error when ->enable_sdio_irq() ops is missing
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (217 preceding siblings ...)
2022-04-14 13:12 ` [PATCH 4.19 218/338] media: hdpvr: initialize dev->worker at hdpvr_register_videodev Greg Kroah-Hartman
@ 2022-04-14 13:12 ` Greg Kroah-Hartman
2022-04-14 13:12 ` [PATCH 4.19 220/338] powerpc/lib/sstep: Fix sthcx instruction Greg Kroah-Hartman
` (124 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:12 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Ulf Hansson, Sasha Levin
From: Ulf Hansson <ulf.hansson@linaro.org>
[ Upstream commit d6c9219ca1139b74541b2a98cee47a3426d754a9 ]
Even if the current WARN() notifies the user that something is severely
wrong, we can still end up in a PANIC() when trying to invoke the missing
->enable_sdio_irq() ops. Therefore, let's also return an error code and
prevent the host from being added.
While at it, move the code into a separate function to prepare for
subsequent changes and for further host caps validations.
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Link: https://lore.kernel.org/r/20220303165142.129745-1-ulf.hansson@linaro.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/mmc/core/host.c | 15 +++++++++++++--
1 file changed, 13 insertions(+), 2 deletions(-)
diff --git a/drivers/mmc/core/host.c b/drivers/mmc/core/host.c
index dd1c14d8f686..9de8a3553d42 100644
--- a/drivers/mmc/core/host.c
+++ b/drivers/mmc/core/host.c
@@ -413,6 +413,16 @@ struct mmc_host *mmc_alloc_host(int extra, struct device *dev)
EXPORT_SYMBOL(mmc_alloc_host);
+static int mmc_validate_host_caps(struct mmc_host *host)
+{
+ if (host->caps & MMC_CAP_SDIO_IRQ && !host->ops->enable_sdio_irq) {
+ dev_warn(host->parent, "missing ->enable_sdio_irq() ops\n");
+ return -EINVAL;
+ }
+
+ return 0;
+}
+
/**
* mmc_add_host - initialise host hardware
* @host: mmc host
@@ -425,8 +435,9 @@ int mmc_add_host(struct mmc_host *host)
{
int err;
- WARN_ON((host->caps & MMC_CAP_SDIO_IRQ) &&
- !host->ops->enable_sdio_irq);
+ err = mmc_validate_host_caps(host);
+ if (err)
+ return err;
err = device_add(&host->class_dev);
if (err)
--
2.34.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 220/338] powerpc/lib/sstep: Fix sthcx instruction
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (218 preceding siblings ...)
2022-04-14 13:12 ` [PATCH 4.19 219/338] mmc: host: Return an error when ->enable_sdio_irq() ops is missing Greg Kroah-Hartman
@ 2022-04-14 13:12 ` Greg Kroah-Hartman
2022-04-14 13:12 ` [PATCH 4.19 221/338] powerpc/lib/sstep: Fix build errors with newer binutils Greg Kroah-Hartman
` (123 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:12 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Arnd Bergmann, Anders Roxell,
Michael Ellerman
From: Anders Roxell <anders.roxell@linaro.org>
commit a633cb1edddaa643fadc70abc88f89a408fa834a upstream.
Looks like there been a copy paste mistake when added the instruction
'stbcx' twice and one was probably meant to be 'sthcx'. Changing to
'sthcx' from 'stbcx'.
Fixes: 350779a29f11 ("powerpc: Handle most loads and stores in instruction emulation code")
Cc: stable@vger.kernel.org # v4.14+
Reported-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Anders Roxell <anders.roxell@linaro.org>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20220224162215.3406642-1-anders.roxell@linaro.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/powerpc/lib/sstep.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/arch/powerpc/lib/sstep.c
+++ b/arch/powerpc/lib/sstep.c
@@ -2806,7 +2806,7 @@ int emulate_loadstore(struct pt_regs *re
__put_user_asmx(op->val, ea, err, "stbcx.", cr);
break;
case 2:
- __put_user_asmx(op->val, ea, err, "stbcx.", cr);
+ __put_user_asmx(op->val, ea, err, "sthcx.", cr);
break;
#endif
case 4:
^ permalink raw reply [flat|nested] 364+ messages in thread
* [PATCH 4.19 221/338] powerpc/lib/sstep: Fix build errors with newer binutils
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (219 preceding siblings ...)
2022-04-14 13:12 ` [PATCH 4.19 220/338] powerpc/lib/sstep: Fix sthcx instruction Greg Kroah-Hartman
@ 2022-04-14 13:12 ` Greg Kroah-Hartman
2022-04-14 13:12 ` [PATCH 4.19 222/338] powerpc: " Greg Kroah-Hartman
` (122 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:12 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Arnd Bergmann, Anders Roxell,
Segher Boessenkool, Michael Ellerman
From: Anders Roxell <anders.roxell@linaro.org>
commit 8219d31effa7be5dbc7ff915d7970672e028c701 upstream.
Building tinyconfig with gcc (Debian 11.2.0-16) and assembler (Debian
2.37.90.20220207) the following build error shows up:
{standard input}: Assembler messages:
{standard input}:10576: Error: unrecognized opcode: `stbcx.'
{standard input}:10680: Error: unrecognized opcode: `lharx'
{standard input}:10694: Error: unrecognized opcode: `lbarx'
Rework to add assembler directives [1] around the instruction. The
problem with this might be that we can trick a power6 into
single-stepping through an stbcx. for instance, and it will execute that
in kernel mode.
[1] https://sourceware.org/binutils/docs/as/PowerPC_002dPseudo.html#PowerPC_002dPseudo
Fixes: 350779a29f11 ("powerpc: Handle most loads and stores in instruction emulation code")
Cc: stable@vger.kernel.org # v4.14+
Co-developed-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Anders Roxell <anders.roxell@linaro.org>
Reviewed-by: Segher Boessenkool <segher@kernel.crashing.org>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20220224162215.3406642-3-anders.roxell@linaro.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/powerpc/lib/sstep.c | 6 ++++++
1 file changed, 6 insertions(+)
--- a/arch/powerpc/lib/sstep.c
+++ b/arch/powerpc/lib/sstep.c
@@ -910,7 +910,10 @@ NOKPROBE_SYMBOL(emulate_dcbz);
#define __put_user_asmx(x, addr, err, op, cr) \
__asm__ __volatile__( \
+ ".machine push\n" \
+ ".machine power8\n" \
"1: " op " %2,0,%3\n" \
+ ".machine pop\n" \
" mfcr %1\n" \
"2:\n" \
".section .fixup,\"ax\"\n" \
@@ -923,7 +926,10 @@ NOKPROBE_SYMBOL(emulate_dcbz);
#define __get_user_asmx(x, addr, err, op) \
__asm__ __volatile__( \
+ ".machine push\n" \
+ ".machine power8\n" \
"1: "op" %1,0,%2\n" \
+ ".machine pop\n" \
"2:\n" \
".section .fixup,\"ax\"\n" \
"3: li %0,%3\n" \
^ permalink raw reply [flat|nested] 364+ messages in thread
* [PATCH 4.19 222/338] powerpc: Fix build errors with newer binutils
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (220 preceding siblings ...)
2022-04-14 13:12 ` [PATCH 4.19 221/338] powerpc/lib/sstep: Fix build errors with newer binutils Greg Kroah-Hartman
@ 2022-04-14 13:12 ` Greg Kroah-Hartman
2022-04-14 13:12 ` [PATCH 4.19 223/338] scsi: qla2xxx: Fix stuck session in gpdb Greg Kroah-Hartman
` (121 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:12 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Arnd Bergmann, Anders Roxell,
Segher Boessenkool, Michael Ellerman
From: Anders Roxell <anders.roxell@linaro.org>
commit 8667d0d64dd1f84fd41b5897fd87fa9113ae05e3 upstream.
Building tinyconfig with gcc (Debian 11.2.0-16) and assembler (Debian
2.37.90.20220207) the following build error shows up:
{standard input}: Assembler messages:
{standard input}:1190: Error: unrecognized opcode: `stbcix'
{standard input}:1433: Error: unrecognized opcode: `lwzcix'
{standard input}:1453: Error: unrecognized opcode: `stbcix'
{standard input}:1460: Error: unrecognized opcode: `stwcix'
{standard input}:1596: Error: unrecognized opcode: `stbcix'
...
Rework to add assembler directives [1] around the instruction. Going
through them one by one shows that the changes should be safe. Like
__get_user_atomic_128_aligned() is only called in p9_hmi_special_emu(),
which according to the name is specific to power9. And __raw_rm_read*()
are only called in things that are powernv or book3s_hv specific.
[1] https://sourceware.org/binutils/docs/as/PowerPC_002dPseudo.html#PowerPC_002dPseudo
Cc: stable@vger.kernel.org
Co-developed-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Anders Roxell <anders.roxell@linaro.org>
Reviewed-by: Segher Boessenkool <segher@kernel.crashing.org>
[mpe: Make commit subject more descriptive]
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20220224162215.3406642-2-anders.roxell@linaro.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/powerpc/include/asm/io.h | 40 ++++++++++++++++++++++++++++-------
arch/powerpc/include/asm/uaccess.h | 3 ++
arch/powerpc/platforms/powernv/rng.c | 6 ++++-
3 files changed, 40 insertions(+), 9 deletions(-)
--- a/arch/powerpc/include/asm/io.h
+++ b/arch/powerpc/include/asm/io.h
@@ -372,25 +372,37 @@ static inline void __raw_writeq_be(unsig
*/
static inline void __raw_rm_writeb(u8 val, volatile void __iomem *paddr)
{
- __asm__ __volatile__("stbcix %0,0,%1"
+ __asm__ __volatile__(".machine push; \
+ .machine power6; \
+ stbcix %0,0,%1; \
+ .machine pop;"
: : "r" (val), "r" (paddr) : "memory");
}
static inline void __raw_rm_writew(u16 val, volatile void __iomem *paddr)
{
- __asm__ __volatile__("sthcix %0,0,%1"
+ __asm__ __volatile__(".machine push; \
+ .machine power6; \
+ sthcix %0,0,%1; \
+ .machine pop;"
: : "r" (val), "r" (paddr) : "memory");
}
static inline void __raw_rm_writel(u32 val, volatile void __iomem *paddr)
{
- __asm__ __volatile__("stwcix %0,0,%1"
+ __asm__ __volatile__(".machine push; \
+ .machine power6; \
+ stwcix %0,0,%1; \
+ .machine pop;"
: : "r" (val), "r" (paddr) : "memory");
}
static inline void __raw_rm_writeq(u64 val, volatile void __iomem *paddr)
{
- __asm__ __volatile__("stdcix %0,0,%1"
+ __asm__ __volatile__(".machine push; \
+ .machine power6; \
+ stdcix %0,0,%1; \
+ .machine pop;"
: : "r" (val), "r" (paddr) : "memory");
}
@@ -402,7 +414,10 @@ static inline void __raw_rm_writeq_be(u6
static inline u8 __raw_rm_readb(volatile void __iomem *paddr)
{
u8 ret;
- __asm__ __volatile__("lbzcix %0,0, %1"
+ __asm__ __volatile__(".machine push; \
+ .machine power6; \
+ lbzcix %0,0, %1; \
+ .machine pop;"
: "=r" (ret) : "r" (paddr) : "memory");
return ret;
}
@@ -410,7 +425,10 @@ static inline u8 __raw_rm_readb(volatile
static inline u16 __raw_rm_readw(volatile void __iomem *paddr)
{
u16 ret;
- __asm__ __volatile__("lhzcix %0,0, %1"
+ __asm__ __volatile__(".machine push; \
+ .machine power6; \
+ lhzcix %0,0, %1; \
+ .machine pop;"
: "=r" (ret) : "r" (paddr) : "memory");
return ret;
}
@@ -418,7 +436,10 @@ static inline u16 __raw_rm_readw(volatil
static inline u32 __raw_rm_readl(volatile void __iomem *paddr)
{
u32 ret;
- __asm__ __volatile__("lwzcix %0,0, %1"
+ __asm__ __volatile__(".machine push; \
+ .machine power6; \
+ lwzcix %0,0, %1; \
+ .machine pop;"
: "=r" (ret) : "r" (paddr) : "memory");
return ret;
}
@@ -426,7 +447,10 @@ static inline u32 __raw_rm_readl(volatil
static inline u64 __raw_rm_readq(volatile void __iomem *paddr)
{
u64 ret;
- __asm__ __volatile__("ldcix %0,0, %1"
+ __asm__ __volatile__(".machine push; \
+ .machine power6; \
+ ldcix %0,0, %1; \
+ .machine pop;"
: "=r" (ret) : "r" (paddr) : "memory");
return ret;
}
--- a/arch/powerpc/include/asm/uaccess.h
+++ b/arch/powerpc/include/asm/uaccess.h
@@ -217,8 +217,11 @@ extern long __get_user_bad(void);
*/
#define __get_user_atomic_128_aligned(kaddr, uaddr, err) \
__asm__ __volatile__( \
+ ".machine push\n" \
+ ".machine altivec\n" \
"1: lvx 0,0,%1 # get user\n" \
" stvx 0,0,%2 # put kernel\n" \
+ ".machine pop\n" \
"2:\n" \
".section .fixup,\"ax\"\n" \
"3: li %0,%3\n" \
--- a/arch/powerpc/platforms/powernv/rng.c
+++ b/arch/powerpc/platforms/powernv/rng.c
@@ -47,7 +47,11 @@ static unsigned long rng_whiten(struct p
unsigned long parity;
/* Calculate the parity of the value */
- asm ("popcntd %0,%1" : "=r" (parity) : "r" (val));
+ asm (".machine push; \
+ .machine power7; \
+ popcntd %0,%1; \
+ .machine pop;"
+ : "=r" (parity) : "r" (val));
/* xor our value with the previous mask */
val ^= rng->mask;
^ permalink raw reply [flat|nested] 364+ messages in thread
* [PATCH 4.19 223/338] scsi: qla2xxx: Fix stuck session in gpdb
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (221 preceding siblings ...)
2022-04-14 13:12 ` [PATCH 4.19 222/338] powerpc: " Greg Kroah-Hartman
@ 2022-04-14 13:12 ` Greg Kroah-Hartman
2022-04-14 13:12 ` [PATCH 4.19 224/338] scsi: qla2xxx: Fix warning for missing error code Greg Kroah-Hartman
` (120 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:12 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Himanshu Madhani, Quinn Tran,
Nilesh Javali, Martin K. Petersen
From: Quinn Tran <qutran@marvell.com>
commit 725d3a0d31a51c0debf970011e05f585e805165b upstream.
Fix stuck sessions in get port database. When a thread is in the process of
re-establishing a session, a flag is set to prevent multiple threads /
triggers from doing the same task. This flag was left on, where any attempt
to relogin was locked out. Clear this flag, if the attempt has failed.
Link: https://lore.kernel.org/r/20220110050218.3958-4-njavali@marvell.com
Cc: stable@vger.kernel.org
Reviewed-by: Himanshu Madhani <himanshu.madhani@oracle.com>
Signed-off-by: Quinn Tran <qutran@marvell.com>
Signed-off-by: Nilesh Javali <njavali@marvell.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/scsi/qla2xxx/qla_init.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
--- a/drivers/scsi/qla2xxx/qla_init.c
+++ b/drivers/scsi/qla2xxx/qla_init.c
@@ -219,9 +219,9 @@ qla2x00_async_login(struct scsi_qla_host
if (!vha->flags.online || (fcport->flags & FCF_ASYNC_SENT) ||
fcport->loop_id == FC_NO_LOOP_ID) {
ql_log(ql_log_warn, vha, 0xffff,
- "%s: %8phC - not sending command.\n",
- __func__, fcport->port_name);
- return rval;
+ "%s: %8phC online %d flags %x - not sending command.\n",
+ __func__, fcport->port_name, vha->flags.online, fcport->flags);
+ goto done;
}
sp = qla2x00_get_sp(vha, fcport, GFP_KERNEL);
^ permalink raw reply [flat|nested] 364+ messages in thread
* [PATCH 4.19 224/338] scsi: qla2xxx: Fix warning for missing error code
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (222 preceding siblings ...)
2022-04-14 13:12 ` [PATCH 4.19 223/338] scsi: qla2xxx: Fix stuck session in gpdb Greg Kroah-Hartman
@ 2022-04-14 13:12 ` Greg Kroah-Hartman
2022-04-14 13:12 ` [PATCH 4.19 225/338] scsi: qla2xxx: Check for firmware dump already collected Greg Kroah-Hartman
` (119 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:12 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Himanshu Madhani, Nilesh Javali,
Martin K. Petersen
From: Nilesh Javali <njavali@marvell.com>
commit 14cb838d245ae0d523b2f7804af5a02c22e79f5a upstream.
Fix smatch-reported warning message:
drivers/scsi/qla2xxx/qla_target.c:3324 qlt_xmit_response() warn: missing error
code 'res'
Link: https://lore.kernel.org/r/20220110050218.3958-12-njavali@marvell.com
Fixes: 4a8f71014b4d ("scsi: qla2xxx: Fix unmap of already freed sgl")
Cc: stable@vger.kernel.org
Reviewed-by: Himanshu Madhani <himanshu.madhani@oracle.com>
Signed-off-by: Nilesh Javali <njavali@marvell.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/scsi/qla2xxx/qla_target.c | 1 +
1 file changed, 1 insertion(+)
--- a/drivers/scsi/qla2xxx/qla_target.c
+++ b/drivers/scsi/qla2xxx/qla_target.c
@@ -3216,6 +3216,7 @@ int qlt_xmit_response(struct qla_tgt_cmd
"RESET-RSP online/active/old-count/new-count = %d/%d/%d/%d.\n",
vha->flags.online, qla2x00_reset_active(vha),
cmd->reset_count, qpair->chip_reset);
+ res = 0;
goto out_unmap_unlock;
}
^ permalink raw reply [flat|nested] 364+ messages in thread
* [PATCH 4.19 225/338] scsi: qla2xxx: Check for firmware dump already collected
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (223 preceding siblings ...)
2022-04-14 13:12 ` [PATCH 4.19 224/338] scsi: qla2xxx: Fix warning for missing error code Greg Kroah-Hartman
@ 2022-04-14 13:12 ` Greg Kroah-Hartman
2022-04-14 13:12 ` [PATCH 4.19 226/338] scsi: qla2xxx: Suppress a kernel complaint in qla_create_qpair() Greg Kroah-Hartman
` (118 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:12 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Joe Carnuccio, Nilesh Javali,
Martin K. Petersen
From: Joe Carnuccio <joe.carnuccio@cavium.com>
commit cfbafad7c6032d449a5a07f2d273acd2437bbc6a upstream.
While allocating firmware dump, check if dump is already collected and do
not re-allocate the buffer.
Link: https://lore.kernel.org/r/20220110050218.3958-17-njavali@marvell.com
Cc: stable@vger.kernel.org
Signed-off-by: Joe Carnuccio <joe.carnuccio@cavium.com>
Signed-off-by: Nilesh Javali <njavali@marvell.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/scsi/qla2xxx/qla_init.c | 8 ++++++++
1 file changed, 8 insertions(+)
--- a/drivers/scsi/qla2xxx/qla_init.c
+++ b/drivers/scsi/qla2xxx/qla_init.c
@@ -3151,6 +3151,14 @@ qla2x00_alloc_fw_dump(scsi_qla_host_t *v
struct rsp_que *rsp = ha->rsp_q_map[0];
struct qla2xxx_fw_dump *fw_dump;
+ if (ha->fw_dump) {
+ ql_dbg(ql_dbg_init, vha, 0x00bd,
+ "Firmware dump already allocated.\n");
+ return;
+ }
+
+ ha->fw_dumped = 0;
+ ha->fw_dump_cap_flags = 0;
dump_size = fixed_size = mem_size = eft_size = fce_size = mq_size = 0;
req_q_size = rsp_q_size = 0;
^ permalink raw reply [flat|nested] 364+ messages in thread
* [PATCH 4.19 226/338] scsi: qla2xxx: Suppress a kernel complaint in qla_create_qpair()
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (224 preceding siblings ...)
2022-04-14 13:12 ` [PATCH 4.19 225/338] scsi: qla2xxx: Check for firmware dump already collected Greg Kroah-Hartman
@ 2022-04-14 13:12 ` Greg Kroah-Hartman
2022-04-14 13:12 ` [PATCH 4.19 227/338] scsi: qla2xxx: Fix incorrect reporting of task management failure Greg Kroah-Hartman
` (117 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:12 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Himanshu Madhani, Saurav Kashyap,
Nilesh Javali, Martin K. Petersen
From: Saurav Kashyap <skashyap@marvell.com>
commit a60447e7d451df42c7bde43af53b34f10f34f469 upstream.
[ 12.323788] BUG: using smp_processor_id() in preemptible [00000000] code: systemd-udevd/1020
[ 12.332297] caller is qla2xxx_create_qpair+0x32a/0x5d0 [qla2xxx]
[ 12.338417] CPU: 7 PID: 1020 Comm: systemd-udevd Tainted: G I --------- --- 5.14.0-29.el9.x86_64 #1
[ 12.348827] Hardware name: Dell Inc. PowerEdge R610/0F0XJ6, BIOS 6.6.0 05/22/2018
[ 12.356356] Call Trace:
[ 12.358821] dump_stack_lvl+0x34/0x44
[ 12.362514] check_preemption_disabled+0xd9/0xe0
[ 12.367164] qla2xxx_create_qpair+0x32a/0x5d0 [qla2xxx]
[ 12.372481] qla2x00_probe_one+0xa3a/0x1b80 [qla2xxx]
[ 12.377617] ? _raw_spin_lock_irqsave+0x19/0x40
[ 12.384284] local_pci_probe+0x42/0x80
[ 12.390162] ? pci_match_device+0xd7/0x110
[ 12.396366] pci_device_probe+0xfd/0x1b0
[ 12.402372] really_probe+0x1e7/0x3e0
[ 12.408114] __driver_probe_device+0xfe/0x180
[ 12.414544] driver_probe_device+0x1e/0x90
[ 12.420685] __driver_attach+0xc0/0x1c0
[ 12.426536] ? __device_attach_driver+0xe0/0xe0
[ 12.433061] ? __device_attach_driver+0xe0/0xe0
[ 12.439538] bus_for_each_dev+0x78/0xc0
[ 12.445294] bus_add_driver+0x12b/0x1e0
[ 12.451021] driver_register+0x8f/0xe0
[ 12.456631] ? 0xffffffffc07bc000
[ 12.461773] qla2x00_module_init+0x1be/0x229 [qla2xxx]
[ 12.468776] do_one_initcall+0x44/0x200
[ 12.474401] ? load_module+0xad3/0xba0
[ 12.479908] ? kmem_cache_alloc_trace+0x45/0x410
[ 12.486268] do_init_module+0x5c/0x280
[ 12.491730] __do_sys_init_module+0x12e/0x1b0
[ 12.497785] do_syscall_64+0x3b/0x90
[ 12.503029] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 12.509764] RIP: 0033:0x7f554f73ab2e
Link: https://lore.kernel.org/r/20220110050218.3958-15-njavali@marvell.com
Cc: stable@vger.kernel.org
Reviewed-by: Himanshu Madhani <himanshu.madhani@oracle.com>
Signed-off-by: Saurav Kashyap <skashyap@marvell.com>
Signed-off-by: Nilesh Javali <njavali@marvell.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/scsi/qla2xxx/qla_init.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/scsi/qla2xxx/qla_init.c
+++ b/drivers/scsi/qla2xxx/qla_init.c
@@ -8717,7 +8717,7 @@ struct qla_qpair *qla2xxx_create_qpair(s
qpair->rsp->req = qpair->req;
qpair->rsp->qpair = qpair;
/* init qpair to this cpu. Will adjust at run time. */
- qla_cpu_update(qpair, smp_processor_id());
+ qla_cpu_update(qpair, raw_smp_processor_id());
if (IS_T10_PI_CAPABLE(ha) && ql2xenabledif) {
if (ha->fw_attributes & BIT_4)
^ permalink raw reply [flat|nested] 364+ messages in thread
* [PATCH 4.19 227/338] scsi: qla2xxx: Fix incorrect reporting of task management failure
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (225 preceding siblings ...)
2022-04-14 13:12 ` [PATCH 4.19 226/338] scsi: qla2xxx: Suppress a kernel complaint in qla_create_qpair() Greg Kroah-Hartman
@ 2022-04-14 13:12 ` Greg Kroah-Hartman
2022-04-14 13:12 ` [PATCH 4.19 228/338] scsi: qla2xxx: Fix hang due to session stuck Greg Kroah-Hartman
` (116 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:12 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Himanshu Madhani, Quinn Tran,
Nilesh Javali, Martin K. Petersen
From: Quinn Tran <qutran@marvell.com>
commit 58ca5999e0367d131de82a75257fbfd5aed0195d upstream.
User experienced no task management error while target device is responding
with error. The RSP_CODE field in the status IOCB is in little endian.
Driver assumes it's big endian and it picked up erroneous data.
Convert the data back to big endian as is on the wire.
Link: https://lore.kernel.org/r/20220310092604.22950-2-njavali@marvell.com
Fixes: faef62d13463 ("[SCSI] qla2xxx: Fix Task Management command asynchronous handling")
Cc: stable@vger.kernel.org
Reviewed-by: Himanshu Madhani <himanshu.madhani@oracle.com>
Signed-off-by: Quinn Tran <qutran@marvell.com>
Signed-off-by: Nilesh Javali <njavali@marvell.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/scsi/qla2xxx/qla_isr.c | 1 +
1 file changed, 1 insertion(+)
--- a/drivers/scsi/qla2xxx/qla_isr.c
+++ b/drivers/scsi/qla2xxx/qla_isr.c
@@ -1819,6 +1819,7 @@ qla24xx_tm_iocb_entry(scsi_qla_host_t *v
iocb->u.tmf.data = QLA_FUNCTION_FAILED;
} else if ((le16_to_cpu(sts->scsi_status) &
SS_RESPONSE_INFO_LEN_VALID)) {
+ host_to_fcp_swap(sts->data, sizeof(sts->data));
if (le32_to_cpu(sts->rsp_data_len) < 4) {
ql_log(ql_log_warn, fcport->vha, 0x503b,
"Async-%s error - hdl=%x not enough response(%d).\n",
^ permalink raw reply [flat|nested] 364+ messages in thread
* [PATCH 4.19 228/338] scsi: qla2xxx: Fix hang due to session stuck
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (226 preceding siblings ...)
2022-04-14 13:12 ` [PATCH 4.19 227/338] scsi: qla2xxx: Fix incorrect reporting of task management failure Greg Kroah-Hartman
@ 2022-04-14 13:12 ` Greg Kroah-Hartman
2022-04-14 13:12 ` [PATCH 4.19 229/338] scsi: qla2xxx: Reduce false trigger to login Greg Kroah-Hartman
` (115 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:12 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Himanshu Madhani, Quinn Tran,
Nilesh Javali, Martin K. Petersen
From: Quinn Tran <qutran@marvell.com>
commit c02aada06d19a215c8291bd968a99a270e96f734 upstream.
User experienced device lost. The log shows Get port data base command was
queued up, failed, and requeued again. Every time it is requeued, it set
the FCF_ASYNC_ACTIVE. This prevents any recovery code from occurring
because driver thinks a recovery is in progress for this session. In
essence, this session is hung. The reason it gets into this place is the
session deletion got in front of this call due to link perturbation.
Break the requeue cycle and exit. The session deletion code will trigger a
session relogin.
Link: https://lore.kernel.org/r/20220310092604.22950-8-njavali@marvell.com
Fixes: 726b85487067 ("qla2xxx: Add framework for async fabric discovery")
Cc: stable@vger.kernel.org
Reviewed-by: Himanshu Madhani <himanshu.madhani@oracle.com>
Signed-off-by: Quinn Tran <qutran@marvell.com>
Signed-off-by: Nilesh Javali <njavali@marvell.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/scsi/qla2xxx/qla_def.h | 4 ++++
drivers/scsi/qla2xxx/qla_init.c | 19 +++++++++++++++++--
2 files changed, 21 insertions(+), 2 deletions(-)
--- a/drivers/scsi/qla2xxx/qla_def.h
+++ b/drivers/scsi/qla2xxx/qla_def.h
@@ -4655,4 +4655,8 @@ struct sff_8247_a0 {
#include "qla_gbl.h"
#include "qla_dbg.h"
#include "qla_inline.h"
+
+#define IS_SESSION_DELETED(_fcport) (_fcport->disc_state == DSC_DELETE_PEND || \
+ _fcport->disc_state == DSC_DELETED)
+
#endif
--- a/drivers/scsi/qla2xxx/qla_init.c
+++ b/drivers/scsi/qla2xxx/qla_init.c
@@ -891,6 +891,14 @@ int qla24xx_async_gnl(struct scsi_qla_ho
unsigned long flags;
u16 *mb;
+ if (IS_SESSION_DELETED(fcport)) {
+ ql_log(ql_log_warn, vha, 0xffff,
+ "%s: %8phC is being delete - not sending command.\n",
+ __func__, fcport->port_name);
+ fcport->flags &= ~FCF_ASYNC_ACTIVE;
+ return rval;
+ }
+
if (!vha->flags.online || (fcport->flags & FCF_ASYNC_SENT))
return rval;
@@ -1121,8 +1129,15 @@ int qla24xx_async_gpdb(struct scsi_qla_h
struct port_database_24xx *pd;
struct qla_hw_data *ha = vha->hw;
- if (!vha->flags.online || (fcport->flags & FCF_ASYNC_SENT) ||
- fcport->loop_id == FC_NO_LOOP_ID) {
+ if (IS_SESSION_DELETED(fcport)) {
+ ql_log(ql_log_warn, vha, 0xffff,
+ "%s: %8phC is being delete - not sending command.\n",
+ __func__, fcport->port_name);
+ fcport->flags &= ~FCF_ASYNC_ACTIVE;
+ return rval;
+ }
+
+ if (!vha->flags.online || fcport->flags & FCF_ASYNC_SENT) {
ql_log(ql_log_warn, vha, 0xffff,
"%s: %8phC - not sending command.\n",
__func__, fcport->port_name);
^ permalink raw reply [flat|nested] 364+ messages in thread
* [PATCH 4.19 229/338] scsi: qla2xxx: Reduce false trigger to login
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (227 preceding siblings ...)
2022-04-14 13:12 ` [PATCH 4.19 228/338] scsi: qla2xxx: Fix hang due to session stuck Greg Kroah-Hartman
@ 2022-04-14 13:12 ` Greg Kroah-Hartman
2022-04-14 13:12 ` [PATCH 4.19 230/338] scsi: qla2xxx: Use correct feature type field during RFF_ID processing Greg Kroah-Hartman
` (114 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:12 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Himanshu Madhani, Quinn Tran,
Nilesh Javali, Martin K. Petersen
From: Quinn Tran <qutran@marvell.com>
commit d2646eed7b19a206912f49101178cbbaa507256c upstream.
While a session is in the middle of a relogin, a late RSCN can be delivered
from switch. RSCN trigger fabric scan where the scan logic can trigger
another session login while a login is in progress. Reduce the extra
trigger to prevent multiple logins to the same session.
Link: https://lore.kernel.org/r/20220310092604.22950-10-njavali@marvell.com
Fixes: bee8b84686c4 ("scsi: qla2xxx: Reduce redundant ADISC command for RSCNs")
Cc: stable@vger.kernel.org
Reviewed-by: Himanshu Madhani <himanshu.madhani@oracle.com>
Signed-off-by: Quinn Tran <qutran@marvell.com>
Signed-off-by: Nilesh Javali <njavali@marvell.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/scsi/qla2xxx/qla_init.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
--- a/drivers/scsi/qla2xxx/qla_init.c
+++ b/drivers/scsi/qla2xxx/qla_init.c
@@ -1346,7 +1346,8 @@ int qla24xx_fcport_handle_login(struct s
fcport->login_gen, fcport->login_retry,
fcport->loop_id, fcport->scan_state);
- if (fcport->scan_state != QLA_FCPORT_FOUND)
+ if (fcport->scan_state != QLA_FCPORT_FOUND ||
+ fcport->disc_state == DSC_DELETE_PEND)
return 0;
if ((fcport->loop_id != FC_NO_LOOP_ID) &&
@@ -1365,7 +1366,7 @@ int qla24xx_fcport_handle_login(struct s
if (vha->host->active_mode == MODE_TARGET)
return 0;
- if (fcport->flags & FCF_ASYNC_SENT) {
+ if (fcport->flags & (FCF_ASYNC_SENT | FCF_ASYNC_ACTIVE)) {
set_bit(RELOGIN_NEEDED, &vha->dpc_flags);
return 0;
}
^ permalink raw reply [flat|nested] 364+ messages in thread
* [PATCH 4.19 230/338] scsi: qla2xxx: Use correct feature type field during RFF_ID processing
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (228 preceding siblings ...)
2022-04-14 13:12 ` [PATCH 4.19 229/338] scsi: qla2xxx: Reduce false trigger to login Greg Kroah-Hartman
@ 2022-04-14 13:12 ` Greg Kroah-Hartman
2022-04-14 13:12 ` [PATCH 4.19 231/338] KVM: Prevent module exit until all VMs are freed Greg Kroah-Hartman
` (113 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:12 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Himanshu Madhani, Manish Rangankar,
Nilesh Javali, Martin K. Petersen
From: Manish Rangankar <mrangankar@marvell.com>
commit a7e05f7a1bcbe4ee055479242de46c5c16ab03b1 upstream.
During SNS Register FC-4 Features (RFF_ID) the initiator driver was sending
incorrect type field for NVMe supported device. Use correct feature type
field.
Link: https://lore.kernel.org/r/20220310092604.22950-12-njavali@marvell.com
Fixes: e374f9f59281 ("scsi: qla2xxx: Migrate switch registration commands away from mailbox interface")
Cc: stable@vger.kernel.org
Reviewed-by: Himanshu Madhani <himanshu.madhani@oracle.com>
Signed-off-by: Manish Rangankar <mrangankar@marvell.com>
Signed-off-by: Nilesh Javali <njavali@marvell.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/scsi/qla2xxx/qla_gs.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
--- a/drivers/scsi/qla2xxx/qla_gs.c
+++ b/drivers/scsi/qla2xxx/qla_gs.c
@@ -691,8 +691,7 @@ qla2x00_rff_id(scsi_qla_host_t *vha, u8
return (QLA_SUCCESS);
}
- return qla_async_rffid(vha, &vha->d_id, qlt_rff_id(vha),
- FC4_TYPE_FCP_SCSI);
+ return qla_async_rffid(vha, &vha->d_id, qlt_rff_id(vha), type);
}
static int qla_async_rffid(scsi_qla_host_t *vha, port_id_t *d_id,
@@ -744,7 +743,7 @@ static int qla_async_rffid(scsi_qla_host
ct_req->req.rff_id.port_id[1] = d_id->b.area;
ct_req->req.rff_id.port_id[2] = d_id->b.al_pa;
ct_req->req.rff_id.fc4_feature = fc4feature;
- ct_req->req.rff_id.fc4_type = fc4type; /* SCSI - FCP */
+ ct_req->req.rff_id.fc4_type = fc4type; /* SCSI-FCP or FC-NVMe */
sp->u.iocb_cmd.u.ctarg.req_size = RFF_ID_REQ_SIZE;
sp->u.iocb_cmd.u.ctarg.rsp_size = RFF_ID_RSP_SIZE;
^ permalink raw reply [flat|nested] 364+ messages in thread
* [PATCH 4.19 231/338] KVM: Prevent module exit until all VMs are freed
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (229 preceding siblings ...)
2022-04-14 13:12 ` [PATCH 4.19 230/338] scsi: qla2xxx: Use correct feature type field during RFF_ID processing Greg Kroah-Hartman
@ 2022-04-14 13:12 ` Greg Kroah-Hartman
2022-04-14 13:12 ` [PATCH 4.19 232/338] KVM: x86: fix sending PV IPI Greg Kroah-Hartman
` (112 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:12 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Ben Gardon, David Matlack, Paolo Bonzini
From: David Matlack <dmatlack@google.com>
commit 5f6de5cbebee925a612856fce6f9182bb3eee0db upstream.
Tie the lifetime the KVM module to the lifetime of each VM via
kvm.users_count. This way anything that grabs a reference to the VM via
kvm_get_kvm() cannot accidentally outlive the KVM module.
Prior to this commit, the lifetime of the KVM module was tied to the
lifetime of /dev/kvm file descriptors, VM file descriptors, and vCPU
file descriptors by their respective file_operations "owner" field.
This approach is insufficient because references grabbed via
kvm_get_kvm() do not prevent closing any of the aforementioned file
descriptors.
This fixes a long standing theoretical bug in KVM that at least affects
async page faults. kvm_setup_async_pf() grabs a reference via
kvm_get_kvm(), and drops it in an asynchronous work callback. Nothing
prevents the VM file descriptor from being closed and the KVM module
from being unloaded before this callback runs.
Fixes: af585b921e5d ("KVM: Halt vcpu if page it tries to access is swapped out")
Fixes: 3d3aab1b973b ("KVM: set owner of cpu and vm file operations")
Cc: stable@vger.kernel.org
Suggested-by: Ben Gardon <bgardon@google.com>
[ Based on a patch from Ben implemented for Google's kernel. ]
Signed-off-by: David Matlack <dmatlack@google.com>
Message-Id: <20220303183328.1499189-2-dmatlack@google.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
virt/kvm/kvm_main.c | 13 +++++++++++++
1 file changed, 13 insertions(+)
--- a/virt/kvm/kvm_main.c
+++ b/virt/kvm/kvm_main.c
@@ -112,6 +112,8 @@ EXPORT_SYMBOL_GPL(kvm_debugfs_dir);
static int kvm_debugfs_num_entries;
static const struct file_operations *stat_fops_per_vm[];
+static struct file_operations kvm_chardev_ops;
+
static long kvm_vcpu_ioctl(struct file *file, unsigned int ioctl,
unsigned long arg);
#ifdef CONFIG_KVM_COMPAT
@@ -741,6 +743,16 @@ static struct kvm *kvm_create_vm(unsigne
preempt_notifier_inc();
+ /*
+ * When the fd passed to this ioctl() is opened it pins the module,
+ * but try_module_get() also prevents getting a reference if the module
+ * is in MODULE_STATE_GOING (e.g. if someone ran "rmmod --wait").
+ */
+ if (!try_module_get(kvm_chardev_ops.owner)) {
+ r = -ENODEV;
+ goto out_err;
+ }
+
return kvm;
out_err:
@@ -817,6 +829,7 @@ static void kvm_destroy_vm(struct kvm *k
preempt_notifier_dec();
hardware_disable_all();
mmdrop(mm);
+ module_put(kvm_chardev_ops.owner);
}
void kvm_get_kvm(struct kvm *kvm)
^ permalink raw reply [flat|nested] 364+ messages in thread
* [PATCH 4.19 232/338] KVM: x86: fix sending PV IPI
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (230 preceding siblings ...)
2022-04-14 13:12 ` [PATCH 4.19 231/338] KVM: Prevent module exit until all VMs are freed Greg Kroah-Hartman
@ 2022-04-14 13:12 ` Greg Kroah-Hartman
2022-04-14 13:12 ` [PATCH 4.19 233/338] ubifs: rename_whiteout: Fix double free for whiteout_ui->data Greg Kroah-Hartman
` (111 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:12 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Li RongQing, Paolo Bonzini
From: Li RongQing <lirongqing@baidu.com>
commit c15e0ae42c8e5a61e9aca8aac920517cf7b3e94e upstream.
If apic_id is less than min, and (max - apic_id) is greater than
KVM_IPI_CLUSTER_SIZE, then the third check condition is satisfied but
the new apic_id does not fit the bitmask. In this case __send_ipi_mask
should send the IPI.
This is mostly theoretical, but it can happen if the apic_ids on three
iterations of the loop are for example 1, KVM_IPI_CLUSTER_SIZE, 0.
Fixes: aaffcfd1e82 ("KVM: X86: Implement PV IPIs in linux guest")
Signed-off-by: Li RongQing <lirongqing@baidu.com>
Message-Id: <1646814944-51801-1-git-send-email-lirongqing@baidu.com>
Cc: stable@vger.kernel.org
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/kernel/kvm.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/arch/x86/kernel/kvm.c
+++ b/arch/x86/kernel/kvm.c
@@ -480,7 +480,7 @@ static void __send_ipi_mask(const struct
} else if (apic_id < min && max - apic_id < KVM_IPI_CLUSTER_SIZE) {
ipi_bitmap <<= min - apic_id;
min = apic_id;
- } else if (apic_id < min + KVM_IPI_CLUSTER_SIZE) {
+ } else if (apic_id > min && apic_id < min + KVM_IPI_CLUSTER_SIZE) {
max = apic_id < max ? max : apic_id;
} else {
ret = kvm_hypercall4(KVM_HC_SEND_IPI, (unsigned long)ipi_bitmap,
^ permalink raw reply [flat|nested] 364+ messages in thread
* [PATCH 4.19 233/338] ubifs: rename_whiteout: Fix double free for whiteout_ui->data
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (231 preceding siblings ...)
2022-04-14 13:12 ` [PATCH 4.19 232/338] KVM: x86: fix sending PV IPI Greg Kroah-Hartman
@ 2022-04-14 13:12 ` Greg Kroah-Hartman
2022-04-14 13:12 ` [PATCH 4.19 234/338] ubifs: Fix deadlock in concurrent rename whiteout and inode writeback Greg Kroah-Hartman
` (110 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:12 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Zhihao Cheng, Richard Weinberger
From: Zhihao Cheng <chengzhihao1@huawei.com>
commit 40a8f0d5e7b3999f096570edab71c345da812e3e upstream.
'whiteout_ui->data' will be freed twice if space budget fail for
rename whiteout operation as following process:
rename_whiteout
dev = kmalloc
whiteout_ui->data = dev
kfree(whiteout_ui->data) // Free first time
iput(whiteout)
ubifs_free_inode
kfree(ui->data) // Double free!
KASAN reports:
==================================================================
BUG: KASAN: double-free or invalid-free in ubifs_free_inode+0x4f/0x70
Call Trace:
kfree+0x117/0x490
ubifs_free_inode+0x4f/0x70 [ubifs]
i_callback+0x30/0x60
rcu_do_batch+0x366/0xac0
__do_softirq+0x133/0x57f
Allocated by task 1506:
kmem_cache_alloc_trace+0x3c2/0x7a0
do_rename+0x9b7/0x1150 [ubifs]
ubifs_rename+0x106/0x1f0 [ubifs]
do_syscall_64+0x35/0x80
Freed by task 1506:
kfree+0x117/0x490
do_rename.cold+0x53/0x8a [ubifs]
ubifs_rename+0x106/0x1f0 [ubifs]
do_syscall_64+0x35/0x80
The buggy address belongs to the object at ffff88810238bed8 which
belongs to the cache kmalloc-8 of size 8
==================================================================
Let ubifs_free_inode() free 'whiteout_ui->data'. BTW, delete unused
assignment 'whiteout_ui->data_len = 0', process 'ubifs_evict_inode()
-> ubifs_jnl_delete_inode() -> ubifs_jnl_write_inode()' doesn't need it
(because 'inc_nlink(whiteout)' won't be excuted by 'goto out_release',
and the nlink of whiteout inode is 0).
Fixes: 9e0a1fff8db56ea ("ubifs: Implement RENAME_WHITEOUT")
Signed-off-by: Zhihao Cheng <chengzhihao1@huawei.com>
Signed-off-by: Richard Weinberger <richard@nod.at>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/ubifs/dir.c | 2 --
1 file changed, 2 deletions(-)
--- a/fs/ubifs/dir.c
+++ b/fs/ubifs/dir.c
@@ -1442,8 +1442,6 @@ static int do_rename(struct inode *old_d
err = ubifs_budget_space(c, &wht_req);
if (err) {
- kfree(whiteout_ui->data);
- whiteout_ui->data_len = 0;
iput(whiteout);
goto out_release;
}
^ permalink raw reply [flat|nested] 364+ messages in thread
* [PATCH 4.19 234/338] ubifs: Fix deadlock in concurrent rename whiteout and inode writeback
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (232 preceding siblings ...)
2022-04-14 13:12 ` [PATCH 4.19 233/338] ubifs: rename_whiteout: Fix double free for whiteout_ui->data Greg Kroah-Hartman
@ 2022-04-14 13:12 ` Greg Kroah-Hartman
2022-04-14 13:12 ` [PATCH 4.19 235/338] ubifs: Add missing iput if do_tmpfile() failed in rename whiteout Greg Kroah-Hartman
` (109 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:12 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Zhihao Cheng, Richard Weinberger
From: Zhihao Cheng <chengzhihao1@huawei.com>
commit afd427048047e8efdedab30e8888044e2be5aa9c upstream.
Following hung tasks:
[ 77.028764] task:kworker/u8:4 state:D stack: 0 pid: 132
[ 77.028820] Call Trace:
[ 77.029027] schedule+0x8c/0x1b0
[ 77.029067] mutex_lock+0x50/0x60
[ 77.029074] ubifs_write_inode+0x68/0x1f0 [ubifs]
[ 77.029117] __writeback_single_inode+0x43c/0x570
[ 77.029128] writeback_sb_inodes+0x259/0x740
[ 77.029148] wb_writeback+0x107/0x4d0
[ 77.029163] wb_workfn+0x162/0x7b0
[ 92.390442] task:aa state:D stack: 0 pid: 1506
[ 92.390448] Call Trace:
[ 92.390458] schedule+0x8c/0x1b0
[ 92.390461] wb_wait_for_completion+0x82/0xd0
[ 92.390469] __writeback_inodes_sb_nr+0xb2/0x110
[ 92.390472] writeback_inodes_sb_nr+0x14/0x20
[ 92.390476] ubifs_budget_space+0x705/0xdd0 [ubifs]
[ 92.390503] do_rename.cold+0x7f/0x187 [ubifs]
[ 92.390549] ubifs_rename+0x8b/0x180 [ubifs]
[ 92.390571] vfs_rename+0xdb2/0x1170
[ 92.390580] do_renameat2+0x554/0x770
, are caused by concurrent rename whiteout and inode writeback processes:
rename_whiteout(Thread 1) wb_workfn(Thread2)
ubifs_rename
do_rename
lock_4_inodes (Hold ui_mutex)
ubifs_budget_space
make_free_space
shrink_liability
__writeback_inodes_sb_nr
bdi_split_work_to_wbs (Queue new wb work)
wb_do_writeback(wb work)
__writeback_single_inode
ubifs_write_inode
LOCK(ui_mutex)
↑
wb_wait_for_completion (Wait wb work) <-- deadlock!
Reproducer (Detail program in [Link]):
1. SYS_renameat2("/mp/dir/file", "/mp/dir/whiteout", RENAME_WHITEOUT)
2. Consume out of space before kernel(mdelay) doing budget for whiteout
Fix it by doing whiteout space budget before locking ubifs inodes.
BTW, it also fixes wrong goto tag 'out_release' in whiteout budget
error handling path(It should at least recover dir i_size and unlock
4 ubifs inodes).
Fixes: 9e0a1fff8db56ea ("ubifs: Implement RENAME_WHITEOUT")
Link: https://bugzilla.kernel.org/show_bug.cgi?id=214733
Signed-off-by: Zhihao Cheng <chengzhihao1@huawei.com>
Signed-off-by: Richard Weinberger <richard@nod.at>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/ubifs/dir.c | 25 +++++++++++++++----------
1 file changed, 15 insertions(+), 10 deletions(-)
--- a/fs/ubifs/dir.c
+++ b/fs/ubifs/dir.c
@@ -1341,6 +1341,7 @@ static int do_rename(struct inode *old_d
if (flags & RENAME_WHITEOUT) {
union ubifs_dev_desc *dev = NULL;
+ struct ubifs_budget_req wht_req;
dev = kmalloc(sizeof(union ubifs_dev_desc), GFP_NOFS);
if (!dev) {
@@ -1362,6 +1363,20 @@ static int do_rename(struct inode *old_d
whiteout_ui->data = dev;
whiteout_ui->data_len = ubifs_encode_dev(dev, MKDEV(0, 0));
ubifs_assert(c, !whiteout_ui->dirty);
+
+ memset(&wht_req, 0, sizeof(struct ubifs_budget_req));
+ wht_req.dirtied_ino = 1;
+ wht_req.dirtied_ino_d = ALIGN(whiteout_ui->data_len, 8);
+ /*
+ * To avoid deadlock between space budget (holds ui_mutex and
+ * waits wb work) and writeback work(waits ui_mutex), do space
+ * budget before ubifs inodes locked.
+ */
+ err = ubifs_budget_space(c, &wht_req);
+ if (err) {
+ iput(whiteout);
+ goto out_release;
+ }
}
lock_4_inodes(old_dir, new_dir, new_inode, whiteout);
@@ -1436,16 +1451,6 @@ static int do_rename(struct inode *old_d
}
if (whiteout) {
- struct ubifs_budget_req wht_req = { .dirtied_ino = 1,
- .dirtied_ino_d = \
- ALIGN(ubifs_inode(whiteout)->data_len, 8) };
-
- err = ubifs_budget_space(c, &wht_req);
- if (err) {
- iput(whiteout);
- goto out_release;
- }
-
inc_nlink(whiteout);
mark_inode_dirty(whiteout);
^ permalink raw reply [flat|nested] 364+ messages in thread
* [PATCH 4.19 235/338] ubifs: Add missing iput if do_tmpfile() failed in rename whiteout
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (233 preceding siblings ...)
2022-04-14 13:12 ` [PATCH 4.19 234/338] ubifs: Fix deadlock in concurrent rename whiteout and inode writeback Greg Kroah-Hartman
@ 2022-04-14 13:12 ` Greg Kroah-Hartman
2022-04-14 13:12 ` [PATCH 4.19 236/338] ubifs: setflags: Make dirtied_ino_d 8 bytes aligned Greg Kroah-Hartman
` (108 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:12 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Zhihao Cheng, Sascha Hauer,
Richard Weinberger
From: Zhihao Cheng <chengzhihao1@huawei.com>
commit 716b4573026bcbfa7b58ed19fe15554bac66b082 upstream.
whiteout inode should be put when do_tmpfile() failed if inode has been
initialized. Otherwise we will get following warning during umount:
UBIFS error (ubi0:0 pid 1494): ubifs_assert_failed [ubifs]: UBIFS
assert failed: c->bi.dd_growth == 0, in fs/ubifs/super.c:1930
VFS: Busy inodes after unmount of ubifs. Self-destruct in 5 seconds.
Fixes: 9e0a1fff8db56ea ("ubifs: Implement RENAME_WHITEOUT")
Signed-off-by: Zhihao Cheng <chengzhihao1@huawei.com>
Suggested-by: Sascha Hauer <s.hauer@pengutronix.de>
Signed-off-by: Richard Weinberger <richard@nod.at>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/ubifs/dir.c | 2 ++
1 file changed, 2 insertions(+)
--- a/fs/ubifs/dir.c
+++ b/fs/ubifs/dir.c
@@ -451,6 +451,8 @@ out_inode:
make_bad_inode(inode);
if (!instantiated)
iput(inode);
+ else if (whiteout)
+ iput(*whiteout);
out_budg:
ubifs_release_budget(c, &req);
if (!instantiated)
^ permalink raw reply [flat|nested] 364+ messages in thread
* [PATCH 4.19 236/338] ubifs: setflags: Make dirtied_ino_d 8 bytes aligned
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (234 preceding siblings ...)
2022-04-14 13:12 ` [PATCH 4.19 235/338] ubifs: Add missing iput if do_tmpfile() failed in rename whiteout Greg Kroah-Hartman
@ 2022-04-14 13:12 ` Greg Kroah-Hartman
2022-04-14 13:12 ` [PATCH 4.19 237/338] ubifs: Fix read out-of-bounds in ubifs_wbuf_write_nolock() Greg Kroah-Hartman
` (107 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:12 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Zhihao Cheng, Richard Weinberger
From: Zhihao Cheng <chengzhihao1@huawei.com>
commit 1b83ec057db16b4d0697dc21ef7a9743b6041f72 upstream.
Make 'ui->data_len' aligned with 8 bytes before it is assigned to
dirtied_ino_d. Since 8871d84c8f8b0c6b("ubifs: convert to fileattr")
applied, 'setflags()' only affects regular files and directories, only
xattr inode, symlink inode and special inode(pipe/char_dev/block_dev)
have none- zero 'ui->data_len' field, so assertion
'!(req->dirtied_ino_d & 7)' cannot fail in ubifs_budget_space().
To avoid assertion fails in future evolution(eg. setflags can operate
special inodes), it's better to make dirtied_ino_d 8 bytes aligned,
after all aligned size is still zero for regular files.
Fixes: 1e51764a3c2ac05a ("UBIFS: add new flash file system")
Signed-off-by: Zhihao Cheng <chengzhihao1@huawei.com>
Signed-off-by: Richard Weinberger <richard@nod.at>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/ubifs/ioctl.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/fs/ubifs/ioctl.c
+++ b/fs/ubifs/ioctl.c
@@ -113,7 +113,7 @@ static int setflags(struct inode *inode,
struct ubifs_inode *ui = ubifs_inode(inode);
struct ubifs_info *c = inode->i_sb->s_fs_info;
struct ubifs_budget_req req = { .dirtied_ino = 1,
- .dirtied_ino_d = ui->data_len };
+ .dirtied_ino_d = ALIGN(ui->data_len, 8) };
err = ubifs_budget_space(c, &req);
if (err)
^ permalink raw reply [flat|nested] 364+ messages in thread
* [PATCH 4.19 237/338] ubifs: Fix read out-of-bounds in ubifs_wbuf_write_nolock()
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (235 preceding siblings ...)
2022-04-14 13:12 ` [PATCH 4.19 236/338] ubifs: setflags: Make dirtied_ino_d 8 bytes aligned Greg Kroah-Hartman
@ 2022-04-14 13:12 ` Greg Kroah-Hartman
2022-04-14 13:12 ` [PATCH 4.19 238/338] ubifs: rename_whiteout: correct old_dir size computing Greg Kroah-Hartman
` (106 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:12 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Chengsong Ke, Zhihao Cheng,
Richard Weinberger
From: Zhihao Cheng <chengzhihao1@huawei.com>
commit 4f2262a334641e05f645364d5ade1f565c85f20b upstream.
Function ubifs_wbuf_write_nolock() may access buf out of bounds in
following process:
ubifs_wbuf_write_nolock():
aligned_len = ALIGN(len, 8); // Assume len = 4089, aligned_len = 4096
if (aligned_len <= wbuf->avail) ... // Not satisfy
if (wbuf->used) {
ubifs_leb_write() // Fill some data in avail wbuf
len -= wbuf->avail; // len is still not 8-bytes aligned
aligned_len -= wbuf->avail;
}
n = aligned_len >> c->max_write_shift;
if (n) {
n <<= c->max_write_shift;
err = ubifs_leb_write(c, wbuf->lnum, buf + written,
wbuf->offs, n);
// n > len, read out of bounds less than 8(n-len) bytes
}
, which can be catched by KASAN:
=========================================================
BUG: KASAN: slab-out-of-bounds in ecc_sw_hamming_calculate+0x1dc/0x7d0
Read of size 4 at addr ffff888105594ff8 by task kworker/u8:4/128
Workqueue: writeback wb_workfn (flush-ubifs_0_0)
Call Trace:
kasan_report.cold+0x81/0x165
nand_write_page_swecc+0xa9/0x160
ubifs_leb_write+0xf2/0x1b0 [ubifs]
ubifs_wbuf_write_nolock+0x421/0x12c0 [ubifs]
write_head+0xdc/0x1c0 [ubifs]
ubifs_jnl_write_inode+0x627/0x960 [ubifs]
wb_workfn+0x8af/0xb80
Function ubifs_wbuf_write_nolock() accepts that parameter 'len' is not 8
bytes aligned, the 'len' represents the true length of buf (which is
allocated in 'ubifs_jnl_xxx', eg. ubifs_jnl_write_inode), so
ubifs_wbuf_write_nolock() must handle the length read from 'buf' carefully
to write leb safely.
Fetch a reproducer in [Link].
Fixes: 1e51764a3c2ac0 ("UBIFS: add new flash file system")
Link: https://bugzilla.kernel.org/show_bug.cgi?id=214785
Reported-by: Chengsong Ke <kechengsong@huawei.com>
Signed-off-by: Zhihao Cheng <chengzhihao1@huawei.com>
Signed-off-by: Richard Weinberger <richard@nod.at>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/ubifs/io.c | 34 ++++++++++++++++++++++++++++++----
1 file changed, 30 insertions(+), 4 deletions(-)
--- a/fs/ubifs/io.c
+++ b/fs/ubifs/io.c
@@ -810,16 +810,42 @@ int ubifs_wbuf_write_nolock(struct ubifs
*/
n = aligned_len >> c->max_write_shift;
if (n) {
- n <<= c->max_write_shift;
+ int m = n - 1;
+
dbg_io("write %d bytes to LEB %d:%d", n, wbuf->lnum,
wbuf->offs);
- err = ubifs_leb_write(c, wbuf->lnum, buf + written,
- wbuf->offs, n);
+
+ if (m) {
+ /* '(n-1)<<c->max_write_shift < len' is always true. */
+ m <<= c->max_write_shift;
+ err = ubifs_leb_write(c, wbuf->lnum, buf + written,
+ wbuf->offs, m);
+ if (err)
+ goto out;
+ wbuf->offs += m;
+ aligned_len -= m;
+ len -= m;
+ written += m;
+ }
+
+ /*
+ * The non-written len of buf may be less than 'n' because
+ * parameter 'len' is not 8 bytes aligned, so here we read
+ * min(len, n) bytes from buf.
+ */
+ n = 1 << c->max_write_shift;
+ memcpy(wbuf->buf, buf + written, min(len, n));
+ if (n > len) {
+ ubifs_assert(c, n - len < 8);
+ ubifs_pad(c, wbuf->buf + len, n - len);
+ }
+
+ err = ubifs_leb_write(c, wbuf->lnum, wbuf->buf, wbuf->offs, n);
if (err)
goto out;
wbuf->offs += n;
aligned_len -= n;
- len -= n;
+ len -= min(len, n);
written += n;
}
^ permalink raw reply [flat|nested] 364+ messages in thread
* [PATCH 4.19 238/338] ubifs: rename_whiteout: correct old_dir size computing
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (236 preceding siblings ...)
2022-04-14 13:12 ` [PATCH 4.19 237/338] ubifs: Fix read out-of-bounds in ubifs_wbuf_write_nolock() Greg Kroah-Hartman
@ 2022-04-14 13:12 ` Greg Kroah-Hartman
2022-04-14 13:12 ` [PATCH 4.19 239/338] can: mcba_usb: mcba_usb_start_xmit(): fix double dev_kfree_skb in error path Greg Kroah-Hartman
` (105 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:12 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Zhihao Cheng, Baokun Li, Richard Weinberger
From: Baokun Li <libaokun1@huawei.com>
commit 705757274599e2e064dd3054aabc74e8af31a095 upstream.
When renaming the whiteout file, the old whiteout file is not deleted.
Therefore, we add the old dentry size to the old dir like XFS.
Otherwise, an error may be reported due to `fscki->calc_sz != fscki->size`
in check_indes.
Fixes: 9e0a1fff8db56ea ("ubifs: Implement RENAME_WHITEOUT")
Reported-by: Zhihao Cheng <chengzhihao1@huawei.com>
Signed-off-by: Baokun Li <libaokun1@huawei.com>
Signed-off-by: Richard Weinberger <richard@nod.at>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/ubifs/dir.c | 3 +++
1 file changed, 3 insertions(+)
--- a/fs/ubifs/dir.c
+++ b/fs/ubifs/dir.c
@@ -1379,6 +1379,9 @@ static int do_rename(struct inode *old_d
iput(whiteout);
goto out_release;
}
+
+ /* Add the old_dentry size to the old_dir size. */
+ old_sz -= CALC_DENT_SIZE(fname_len(&old_nm));
}
lock_4_inodes(old_dir, new_dir, new_inode, whiteout);
^ permalink raw reply [flat|nested] 364+ messages in thread
* [PATCH 4.19 239/338] can: mcba_usb: mcba_usb_start_xmit(): fix double dev_kfree_skb in error path
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (237 preceding siblings ...)
2022-04-14 13:12 ` [PATCH 4.19 238/338] ubifs: rename_whiteout: correct old_dir size computing Greg Kroah-Hartman
@ 2022-04-14 13:12 ` Greg Kroah-Hartman
2022-04-14 13:12 ` [PATCH 4.19 240/338] can: mcba_usb: properly check endpoint type Greg Kroah-Hartman
` (104 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:12 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Hangyu Hua, Marc Kleine-Budde
From: Hangyu Hua <hbh25y@gmail.com>
commit 04c9b00ba83594a29813d6b1fb8fdc93a3915174 upstream.
There is no need to call dev_kfree_skb() when usb_submit_urb() fails
because can_put_echo_skb() deletes original skb and
can_free_echo_skb() deletes the cloned skb.
Fixes: 51f3baad7de9 ("can: mcba_usb: Add support for Microchip CAN BUS Analyzer")
Link: https://lore.kernel.org/all/20220311080208.45047-1-hbh25y@gmail.com
Signed-off-by: Hangyu Hua <hbh25y@gmail.com>
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/can/usb/mcba_usb.c | 1 -
1 file changed, 1 deletion(-)
--- a/drivers/net/can/usb/mcba_usb.c
+++ b/drivers/net/can/usb/mcba_usb.c
@@ -379,7 +379,6 @@ static netdev_tx_t mcba_usb_start_xmit(s
xmit_failed:
can_free_echo_skb(priv->netdev, ctx->ndx);
mcba_usb_free_ctx(ctx);
- dev_kfree_skb(skb);
stats->tx_dropped++;
return NETDEV_TX_OK;
^ permalink raw reply [flat|nested] 364+ messages in thread
* [PATCH 4.19 240/338] can: mcba_usb: properly check endpoint type
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (238 preceding siblings ...)
2022-04-14 13:12 ` [PATCH 4.19 239/338] can: mcba_usb: mcba_usb_start_xmit(): fix double dev_kfree_skb in error path Greg Kroah-Hartman
@ 2022-04-14 13:12 ` Greg Kroah-Hartman
2022-04-14 13:12 ` [PATCH 4.19 241/338] gfs2: Make sure FITRIM minlen is rounded up to fs block size Greg Kroah-Hartman
` (103 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:12 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Pavel Skripkin, Vincent Mailhol,
Marc Kleine-Budde, syzbot+3bc1dce0cc0052d60fde
From: Pavel Skripkin <paskripkin@gmail.com>
commit 136bed0bfd3bc9c95c88aafff2d22ecb3a919f23 upstream.
Syzbot reported warning in usb_submit_urb() which is caused by wrong
endpoint type. We should check that in endpoint is actually present to
prevent this warning.
Found pipes are now saved to struct mcba_priv and code uses them
directly instead of making pipes in place.
Fail log:
| usb 5-1: BOGUS urb xfer, pipe 3 != type 1
| WARNING: CPU: 1 PID: 49 at drivers/usb/core/urb.c:502 usb_submit_urb+0xed2/0x18a0 drivers/usb/core/urb.c:502
| Modules linked in:
| CPU: 1 PID: 49 Comm: kworker/1:2 Not tainted 5.17.0-rc6-syzkaller-00184-g38f80f42147f #0
| Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.14.0-2 04/01/2014
| Workqueue: usb_hub_wq hub_event
| RIP: 0010:usb_submit_urb+0xed2/0x18a0 drivers/usb/core/urb.c:502
| ...
| Call Trace:
| <TASK>
| mcba_usb_start drivers/net/can/usb/mcba_usb.c:662 [inline]
| mcba_usb_probe+0x8a3/0xc50 drivers/net/can/usb/mcba_usb.c:858
| usb_probe_interface+0x315/0x7f0 drivers/usb/core/driver.c:396
| call_driver_probe drivers/base/dd.c:517 [inline]
Fixes: 51f3baad7de9 ("can: mcba_usb: Add support for Microchip CAN BUS Analyzer")
Link: https://lore.kernel.org/all/20220313100903.10868-1-paskripkin@gmail.com
Reported-and-tested-by: syzbot+3bc1dce0cc0052d60fde@syzkaller.appspotmail.com
Signed-off-by: Pavel Skripkin <paskripkin@gmail.com>
Reviewed-by: Vincent Mailhol <mailhol.vincent@wanadoo.fr>
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/can/usb/mcba_usb.c | 26 ++++++++++++++++----------
1 file changed, 16 insertions(+), 10 deletions(-)
--- a/drivers/net/can/usb/mcba_usb.c
+++ b/drivers/net/can/usb/mcba_usb.c
@@ -44,10 +44,6 @@
#define MCBA_USB_RX_BUFF_SIZE 64
#define MCBA_USB_TX_BUFF_SIZE (sizeof(struct mcba_usb_msg))
-/* MCBA endpoint numbers */
-#define MCBA_USB_EP_IN 1
-#define MCBA_USB_EP_OUT 1
-
/* Microchip command id */
#define MBCA_CMD_RECEIVE_MESSAGE 0xE3
#define MBCA_CMD_I_AM_ALIVE_FROM_CAN 0xF5
@@ -95,6 +91,8 @@ struct mcba_priv {
atomic_t free_ctx_cnt;
void *rxbuf[MCBA_MAX_RX_URBS];
dma_addr_t rxbuf_dma[MCBA_MAX_RX_URBS];
+ int rx_pipe;
+ int tx_pipe;
};
/* CAN frame */
@@ -283,10 +281,8 @@ static netdev_tx_t mcba_usb_xmit(struct
memcpy(buf, usb_msg, MCBA_USB_TX_BUFF_SIZE);
- usb_fill_bulk_urb(urb, priv->udev,
- usb_sndbulkpipe(priv->udev, MCBA_USB_EP_OUT), buf,
- MCBA_USB_TX_BUFF_SIZE, mcba_usb_write_bulk_callback,
- ctx);
+ usb_fill_bulk_urb(urb, priv->udev, priv->tx_pipe, buf, MCBA_USB_TX_BUFF_SIZE,
+ mcba_usb_write_bulk_callback, ctx);
urb->transfer_flags |= URB_NO_TRANSFER_DMA_MAP;
usb_anchor_urb(urb, &priv->tx_submitted);
@@ -621,7 +617,7 @@ static void mcba_usb_read_bulk_callback(
resubmit_urb:
usb_fill_bulk_urb(urb, priv->udev,
- usb_rcvbulkpipe(priv->udev, MCBA_USB_EP_OUT),
+ priv->rx_pipe,
urb->transfer_buffer, MCBA_USB_RX_BUFF_SIZE,
mcba_usb_read_bulk_callback, priv);
@@ -666,7 +662,7 @@ static int mcba_usb_start(struct mcba_pr
urb->transfer_dma = buf_dma;
usb_fill_bulk_urb(urb, priv->udev,
- usb_rcvbulkpipe(priv->udev, MCBA_USB_EP_IN),
+ priv->rx_pipe,
buf, MCBA_USB_RX_BUFF_SIZE,
mcba_usb_read_bulk_callback, priv);
urb->transfer_flags |= URB_NO_TRANSFER_DMA_MAP;
@@ -820,6 +816,13 @@ static int mcba_usb_probe(struct usb_int
struct mcba_priv *priv;
int err = -ENOMEM;
struct usb_device *usbdev = interface_to_usbdev(intf);
+ struct usb_endpoint_descriptor *in, *out;
+
+ err = usb_find_common_endpoints(intf->cur_altsetting, &in, &out, NULL, NULL);
+ if (err) {
+ dev_err(&intf->dev, "Can't find endpoints\n");
+ return err;
+ }
netdev = alloc_candev(sizeof(struct mcba_priv), MCBA_MAX_TX_URBS);
if (!netdev) {
@@ -865,6 +868,9 @@ static int mcba_usb_probe(struct usb_int
goto cleanup_free_candev;
}
+ priv->rx_pipe = usb_rcvbulkpipe(priv->udev, in->bEndpointAddress);
+ priv->tx_pipe = usb_sndbulkpipe(priv->udev, out->bEndpointAddress);
+
devm_can_led_init(netdev);
/* Start USB dev only if we have successfully registered CAN device */
^ permalink raw reply [flat|nested] 364+ messages in thread
* [PATCH 4.19 241/338] gfs2: Make sure FITRIM minlen is rounded up to fs block size
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (239 preceding siblings ...)
2022-04-14 13:12 ` [PATCH 4.19 240/338] can: mcba_usb: properly check endpoint type Greg Kroah-Hartman
@ 2022-04-14 13:12 ` Greg Kroah-Hartman
2022-04-14 13:12 ` [PATCH 4.19 242/338] pinctrl: pinconf-generic: Print arguments for bias-pull-* Greg Kroah-Hartman
` (102 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:12 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Andrew Price, Andreas Gruenbacher
From: Andrew Price <anprice@redhat.com>
commit 27ca8273fda398638ca994a207323a85b6d81190 upstream.
Per fstrim(8) we must round up the minlen argument to the fs block size.
The current calculation doesn't take into account devices that have a
discard granularity and requested minlen less than 1 fs block, so the
value can get shifted away to zero in the translation to fs blocks.
The zero minlen passed to gfs2_rgrp_send_discards() then allows
sb_issue_discard() to be called with nr_sects == 0 which returns -EINVAL
and results in gfs2_rgrp_send_discards() returning -EIO.
Make sure minlen is never < 1 fs block by taking the max of the
requested minlen and the fs block size before comparing to the device's
discard granularity and shifting to fs blocks.
Fixes: 076f0faa764ab ("GFS2: Fix FITRIM argument handling")
Signed-off-by: Andrew Price <anprice@redhat.com>
Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/gfs2/rgrp.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/fs/gfs2/rgrp.c
+++ b/fs/gfs2/rgrp.c
@@ -1406,7 +1406,8 @@ int gfs2_fitrim(struct file *filp, void
start = r.start >> bs_shift;
end = start + (r.len >> bs_shift);
- minlen = max_t(u64, r.minlen,
+ minlen = max_t(u64, r.minlen, sdp->sd_sb.sb_bsize);
+ minlen = max_t(u64, minlen,
q->limits.discard_granularity) >> bs_shift;
if (end <= start || minlen > sdp->sd_max_rg_data)
^ permalink raw reply [flat|nested] 364+ messages in thread
* [PATCH 4.19 242/338] pinctrl: pinconf-generic: Print arguments for bias-pull-*
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (240 preceding siblings ...)
2022-04-14 13:12 ` [PATCH 4.19 241/338] gfs2: Make sure FITRIM minlen is rounded up to fs block size Greg Kroah-Hartman
@ 2022-04-14 13:12 ` Greg Kroah-Hartman
2022-04-14 13:12 ` [PATCH 4.19 243/338] ubi: Fix race condition between ctrl_cdev_ioctl and ubi_cdev_ioctl Greg Kroah-Hartman
` (101 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:12 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Chen-Yu Tsai,
AngeloGioacchino Del Regno, Linus Walleij
From: Chen-Yu Tsai <wenst@chromium.org>
commit 188e5834b930acd03ad3cf7c5e7aa24db9665a29 upstream.
The bias-pull-* properties, or PIN_CONFIG_BIAS_PULL_* pin config
parameters, accept optional arguments in ohms denoting the strength of
the pin bias.
Print these values out in debugfs as well.
Fixes: eec450713e5c ("pinctrl: pinconf-generic: Add flag to print arguments")
Signed-off-by: Chen-Yu Tsai <wenst@chromium.org>
Reviewed-by: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
Tested-by: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
Link: https://lore.kernel.org/r/20220308100956.2750295-2-wenst@chromium.org
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/pinctrl/pinconf-generic.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
--- a/drivers/pinctrl/pinconf-generic.c
+++ b/drivers/pinctrl/pinconf-generic.c
@@ -31,10 +31,10 @@ static const struct pin_config_item conf
PCONFDUMP(PIN_CONFIG_BIAS_BUS_HOLD, "input bias bus hold", NULL, false),
PCONFDUMP(PIN_CONFIG_BIAS_DISABLE, "input bias disabled", NULL, false),
PCONFDUMP(PIN_CONFIG_BIAS_HIGH_IMPEDANCE, "input bias high impedance", NULL, false),
- PCONFDUMP(PIN_CONFIG_BIAS_PULL_DOWN, "input bias pull down", NULL, false),
+ PCONFDUMP(PIN_CONFIG_BIAS_PULL_DOWN, "input bias pull down", "ohms", true),
PCONFDUMP(PIN_CONFIG_BIAS_PULL_PIN_DEFAULT,
- "input bias pull to pin specific state", NULL, false),
- PCONFDUMP(PIN_CONFIG_BIAS_PULL_UP, "input bias pull up", NULL, false),
+ "input bias pull to pin specific state", "ohms", true),
+ PCONFDUMP(PIN_CONFIG_BIAS_PULL_UP, "input bias pull up", "ohms", true),
PCONFDUMP(PIN_CONFIG_DRIVE_OPEN_DRAIN, "output drive open drain", NULL, false),
PCONFDUMP(PIN_CONFIG_DRIVE_OPEN_SOURCE, "output drive open source", NULL, false),
PCONFDUMP(PIN_CONFIG_DRIVE_PUSH_PULL, "output drive push pull", NULL, false),
^ permalink raw reply [flat|nested] 364+ messages in thread
* [PATCH 4.19 243/338] ubi: Fix race condition between ctrl_cdev_ioctl and ubi_cdev_ioctl
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (241 preceding siblings ...)
2022-04-14 13:12 ` [PATCH 4.19 242/338] pinctrl: pinconf-generic: Print arguments for bias-pull-* Greg Kroah-Hartman
@ 2022-04-14 13:12 ` Greg Kroah-Hartman
2022-04-14 13:12 ` [PATCH 4.19 244/338] ACPI: CPPC: Avoid out of bounds access when parsing _CPC data Greg Kroah-Hartman
` (100 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:12 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hulk Robot, Baokun Li, Richard Weinberger
From: Baokun Li <libaokun1@huawei.com>
commit 3cbf0e392f173ba0ce425968c8374a6aa3e90f2e upstream.
Hulk Robot reported a KASAN report about use-after-free:
==================================================================
BUG: KASAN: use-after-free in __list_del_entry_valid+0x13d/0x160
Read of size 8 at addr ffff888035e37d98 by task ubiattach/1385
[...]
Call Trace:
klist_dec_and_del+0xa7/0x4a0
klist_put+0xc7/0x1a0
device_del+0x4d4/0xed0
cdev_device_del+0x1a/0x80
ubi_attach_mtd_dev+0x2951/0x34b0 [ubi]
ctrl_cdev_ioctl+0x286/0x2f0 [ubi]
Allocated by task 1414:
device_add+0x60a/0x18b0
cdev_device_add+0x103/0x170
ubi_create_volume+0x1118/0x1a10 [ubi]
ubi_cdev_ioctl+0xb7f/0x1ba0 [ubi]
Freed by task 1385:
cdev_device_del+0x1a/0x80
ubi_remove_volume+0x438/0x6c0 [ubi]
ubi_cdev_ioctl+0xbf4/0x1ba0 [ubi]
[...]
==================================================================
The lock held by ctrl_cdev_ioctl is ubi_devices_mutex, but the lock held
by ubi_cdev_ioctl is ubi->device_mutex. Therefore, the two locks can be
concurrent.
ctrl_cdev_ioctl contains two operations: ubi_attach and ubi_detach.
ubi_detach is bug-free because it uses reference counting to prevent
concurrency. However, uif_init and uif_close in ubi_attach may race with
ubi_cdev_ioctl.
uif_init will race with ubi_cdev_ioctl as in the following stack.
cpu1 cpu2 cpu3
_______________________|________________________|______________________
ctrl_cdev_ioctl
ubi_attach_mtd_dev
uif_init
ubi_cdev_ioctl
ubi_create_volume
cdev_device_add
ubi_add_volume
// sysfs exist
kill_volumes
ubi_cdev_ioctl
ubi_remove_volume
cdev_device_del
// first free
ubi_free_volume
cdev_del
// double free
cdev_device_del
And uif_close will race with ubi_cdev_ioctl as in the following stack.
cpu1 cpu2 cpu3
_______________________|________________________|______________________
ctrl_cdev_ioctl
ubi_attach_mtd_dev
uif_init
ubi_cdev_ioctl
ubi_create_volume
cdev_device_add
ubi_debugfs_init_dev
//error goto out_uif;
uif_close
kill_volumes
ubi_cdev_ioctl
ubi_remove_volume
cdev_device_del
// first free
ubi_free_volume
// double free
The cause of this problem is that commit 714fb87e8bc0 make device
"available" before it becomes accessible via sysfs. Therefore, we
roll back the modification. We will fix the race condition between
ubi device creation and udev by removing ubi_get_device in
vol_attribute_show and dev_attribute_show.This avoids accessing
uninitialized ubi_devices[ubi_num].
ubi_get_device is used to prevent devices from being deleted during
sysfs execution. However, now kernfs ensures that devices will not
be deleted before all reference counting are released.
The key process is shown in the following stack.
device_del
device_remove_attrs
device_remove_groups
sysfs_remove_groups
sysfs_remove_group
remove_files
kernfs_remove_by_name
kernfs_remove_by_name_ns
__kernfs_remove
kernfs_drain
Fixes: 714fb87e8bc0 ("ubi: Fix race condition between ubi device creation and udev")
Reported-by: Hulk Robot <hulkci@huawei.com>
Signed-off-by: Baokun Li <libaokun1@huawei.com>
Signed-off-by: Richard Weinberger <richard@nod.at>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/mtd/ubi/build.c | 9 +--------
drivers/mtd/ubi/vmt.c | 8 +-------
2 files changed, 2 insertions(+), 15 deletions(-)
--- a/drivers/mtd/ubi/build.c
+++ b/drivers/mtd/ubi/build.c
@@ -363,9 +363,6 @@ static ssize_t dev_attribute_show(struct
* we still can use 'ubi->ubi_num'.
*/
ubi = container_of(dev, struct ubi_device, dev);
- ubi = ubi_get_device(ubi->ubi_num);
- if (!ubi)
- return -ENODEV;
if (attr == &dev_eraseblock_size)
ret = sprintf(buf, "%d\n", ubi->leb_size);
@@ -394,7 +391,6 @@ static ssize_t dev_attribute_show(struct
else
ret = -EINVAL;
- ubi_put_device(ubi);
return ret;
}
@@ -969,9 +965,6 @@ int ubi_attach_mtd_dev(struct mtd_info *
goto out_detach;
}
- /* Make device "available" before it becomes accessible via sysfs */
- ubi_devices[ubi_num] = ubi;
-
err = uif_init(ubi);
if (err)
goto out_detach;
@@ -1016,6 +1009,7 @@ int ubi_attach_mtd_dev(struct mtd_info *
wake_up_process(ubi->bgt_thread);
spin_unlock(&ubi->wl_lock);
+ ubi_devices[ubi_num] = ubi;
ubi_notify_all(ubi, UBI_VOLUME_ADDED, NULL);
return ubi_num;
@@ -1024,7 +1018,6 @@ out_debugfs:
out_uif:
uif_close(ubi);
out_detach:
- ubi_devices[ubi_num] = NULL;
ubi_wl_close(ubi);
ubi_free_internal_volumes(ubi);
vfree(ubi->vtbl);
--- a/drivers/mtd/ubi/vmt.c
+++ b/drivers/mtd/ubi/vmt.c
@@ -69,16 +69,11 @@ static ssize_t vol_attribute_show(struct
{
int ret;
struct ubi_volume *vol = container_of(dev, struct ubi_volume, dev);
- struct ubi_device *ubi;
-
- ubi = ubi_get_device(vol->ubi->ubi_num);
- if (!ubi)
- return -ENODEV;
+ struct ubi_device *ubi = vol->ubi;
spin_lock(&ubi->volumes_lock);
if (!ubi->volumes[vol->vol_id]) {
spin_unlock(&ubi->volumes_lock);
- ubi_put_device(ubi);
return -ENODEV;
}
/* Take a reference to prevent volume removal */
@@ -116,7 +111,6 @@ static ssize_t vol_attribute_show(struct
vol->ref_count -= 1;
ubi_assert(vol->ref_count >= 0);
spin_unlock(&ubi->volumes_lock);
- ubi_put_device(ubi);
return ret;
}
^ permalink raw reply [flat|nested] 364+ messages in thread
* [PATCH 4.19 244/338] ACPI: CPPC: Avoid out of bounds access when parsing _CPC data
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (242 preceding siblings ...)
2022-04-14 13:12 ` [PATCH 4.19 243/338] ubi: Fix race condition between ctrl_cdev_ioctl and ubi_cdev_ioctl Greg Kroah-Hartman
@ 2022-04-14 13:12 ` Greg Kroah-Hartman
2022-04-14 13:12 ` [PATCH 4.19 245/338] mm/mmap: return 1 from stack_guard_gap __setup() handler Greg Kroah-Hartman
` (99 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:12 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, kernel test robot, Rafael J. Wysocki,
Huang Rui
From: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
commit 40d8abf364bcab23bc715a9221a3c8623956257b upstream.
If the NumEntries field in the _CPC return package is less than 2, do
not attempt to access the "Revision" element of that package, because
it may not be present then.
Fixes: 337aadff8e45 ("ACPI: Introduce CPU performance controls using CPPC")
BugLink: https://lore.kernel.org/lkml/20220322143534.GC32582@xsang-OptiPlex-9020/
Reported-by: kernel test robot <oliver.sang@intel.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Reviewed-by: Huang Rui <ray.huang@amd.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/acpi/cppc_acpi.c | 5 +++++
1 file changed, 5 insertions(+)
--- a/drivers/acpi/cppc_acpi.c
+++ b/drivers/acpi/cppc_acpi.c
@@ -742,6 +742,11 @@ int acpi_cppc_processor_probe(struct acp
cpc_obj = &out_obj->package.elements[0];
if (cpc_obj->type == ACPI_TYPE_INTEGER) {
num_ent = cpc_obj->integer.value;
+ if (num_ent <= 1) {
+ pr_debug("Unexpected _CPC NumEntries value (%d) for CPU:%d\n",
+ num_ent, pr->id);
+ goto out_free;
+ }
} else {
pr_debug("Unexpected entry type(%d) for NumEntries\n",
cpc_obj->type);
^ permalink raw reply [flat|nested] 364+ messages in thread
* [PATCH 4.19 245/338] mm/mmap: return 1 from stack_guard_gap __setup() handler
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (243 preceding siblings ...)
2022-04-14 13:12 ` [PATCH 4.19 244/338] ACPI: CPPC: Avoid out of bounds access when parsing _CPC data Greg Kroah-Hartman
@ 2022-04-14 13:12 ` Greg Kroah-Hartman
2022-04-14 13:12 ` [PATCH 4.19 246/338] mm/memcontrol: return 1 from cgroup.memory " Greg Kroah-Hartman
` (98 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:12 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Randy Dunlap, Igor Zhbanov,
Hugh Dickins, Andrew Morton, Linus Torvalds
From: Randy Dunlap <rdunlap@infradead.org>
commit e6d094936988910ce6e8197570f2753898830081 upstream.
__setup() handlers should return 1 if the command line option is handled
and 0 if not (or maybe never return 0; it just pollutes init's
environment). This prevents:
Unknown kernel command line parameters \
"BOOT_IMAGE=/boot/bzImage-517rc5 stack_guard_gap=100", will be \
passed to user space.
Run /sbin/init as init process
with arguments:
/sbin/init
with environment:
HOME=/
TERM=linux
BOOT_IMAGE=/boot/bzImage-517rc5
stack_guard_gap=100
Return 1 to indicate that the boot option has been handled.
Note that there is no warning message if someone enters:
stack_guard_gap=anything_invalid
and 'val' and stack_guard_gap are both set to 0 due to the use of
simple_strtoul(). This could be improved by using kstrtoxxx() and
checking for an error.
It appears that having stack_guard_gap == 0 is valid (if unexpected) since
using "stack_guard_gap=0" on the kernel command line does that.
Link: https://lkml.kernel.org/r/20220222005817.11087-1-rdunlap@infradead.org
Link: lore.kernel.org/r/64644a2f-4a20-bab3-1e15-3b2cdd0defe3@omprussia.ru
Fixes: 1be7107fbe18e ("mm: larger stack guard gap, between vmas")
Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
Reported-by: Igor Zhbanov <i.zhbanov@omprussia.ru>
Cc: Hugh Dickins <hughd@google.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
mm/mmap.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/mm/mmap.c
+++ b/mm/mmap.c
@@ -2469,7 +2469,7 @@ static int __init cmdline_parse_stack_gu
if (!*endptr)
stack_guard_gap = val << PAGE_SHIFT;
- return 0;
+ return 1;
}
__setup("stack_guard_gap=", cmdline_parse_stack_guard_gap);
^ permalink raw reply [flat|nested] 364+ messages in thread
* [PATCH 4.19 246/338] mm/memcontrol: return 1 from cgroup.memory __setup() handler
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (244 preceding siblings ...)
2022-04-14 13:12 ` [PATCH 4.19 245/338] mm/mmap: return 1 from stack_guard_gap __setup() handler Greg Kroah-Hartman
@ 2022-04-14 13:12 ` Greg Kroah-Hartman
2022-04-14 13:12 ` [PATCH 4.19 247/338] mm/usercopy: return 1 from hardened_usercopy " Greg Kroah-Hartman
` (97 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:12 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Randy Dunlap, Igor Zhbanov,
Michal Koutný,
Johannes Weiner, Michal Hocko, Vladimir Davydov, Roman Gushchin,
Andrew Morton, Linus Torvalds
From: Randy Dunlap <rdunlap@infradead.org>
commit 460a79e18842caca6fa0c415de4a3ac1e671ac50 upstream.
__setup() handlers should return 1 if the command line option is handled
and 0 if not (or maybe never return 0; it just pollutes init's
environment).
The only reason that this particular __setup handler does not pollute
init's environment is that the setup string contains a '.', as in
"cgroup.memory". This causes init/main.c::unknown_boottoption() to
consider it to be an "Unused module parameter" and ignore it. (This is
for parsing of loadable module parameters any time after kernel init.)
Otherwise the string "cgroup.memory=whatever" would be added to init's
environment strings.
Instead of relying on this '.' quirk, just return 1 to indicate that the
boot option has been handled.
Note that there is no warning message if someone enters:
cgroup.memory=anything_invalid
Link: https://lkml.kernel.org/r/20220222005811.10672-1-rdunlap@infradead.org
Fixes: f7e1cb6ec51b0 ("mm: memcontrol: account socket memory in unified hierarchy memory controller")
Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
Reported-by: Igor Zhbanov <i.zhbanov@omprussia.ru>
Link: lore.kernel.org/r/64644a2f-4a20-bab3-1e15-3b2cdd0defe3@omprussia.ru
Reviewed-by: Michal Koutný <mkoutny@suse.com>
Cc: Johannes Weiner <hannes@cmpxchg.org>
Cc: Michal Hocko <mhocko@kernel.org>
Cc: Vladimir Davydov <vdavydov.dev@gmail.com>
Cc: Roman Gushchin <roman.gushchin@linux.dev>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
mm/memcontrol.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/mm/memcontrol.c
+++ b/mm/memcontrol.c
@@ -6404,7 +6404,7 @@ static int __init cgroup_memory(char *s)
if (!strcmp(token, "nokmem"))
cgroup_memory_nokmem = true;
}
- return 0;
+ return 1;
}
__setup("cgroup.memory=", cgroup_memory);
^ permalink raw reply [flat|nested] 364+ messages in thread
* [PATCH 4.19 247/338] mm/usercopy: return 1 from hardened_usercopy __setup() handler
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (245 preceding siblings ...)
2022-04-14 13:12 ` [PATCH 4.19 246/338] mm/memcontrol: return 1 from cgroup.memory " Greg Kroah-Hartman
@ 2022-04-14 13:12 ` Greg Kroah-Hartman
2022-04-14 13:12 ` [PATCH 4.19 248/338] bpf: Fix comment for helper bpf_current_task_under_cgroup() Greg Kroah-Hartman
` (96 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:12 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Randy Dunlap, Igor Zhbanov,
Chris von Recklinghausen, Kees Cook, Andrew Morton,
Linus Torvalds
From: Randy Dunlap <rdunlap@infradead.org>
commit 05fe3c103f7e6b8b4fca8a7001dfc9ed4628085b upstream.
__setup() handlers should return 1 if the command line option is handled
and 0 if not (or maybe never return 0; it just pollutes init's
environment). This prevents:
Unknown kernel command line parameters \
"BOOT_IMAGE=/boot/bzImage-517rc5 hardened_usercopy=off", will be \
passed to user space.
Run /sbin/init as init process
with arguments:
/sbin/init
with environment:
HOME=/
TERM=linux
BOOT_IMAGE=/boot/bzImage-517rc5
hardened_usercopy=off
or
hardened_usercopy=on
but when "hardened_usercopy=foo" is used, there is no Unknown kernel
command line parameter.
Return 1 to indicate that the boot option has been handled.
Print a warning if strtobool() returns an error on the option string,
but do not mark this as in unknown command line option and do not cause
init's environment to be polluted with this string.
Link: https://lkml.kernel.org/r/20220222034249.14795-1-rdunlap@infradead.org
Link: lore.kernel.org/r/64644a2f-4a20-bab3-1e15-3b2cdd0defe3@omprussia.ru
Fixes: b5cb15d9372ab ("usercopy: Allow boot cmdline disabling of hardening")
Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
Reported-by: Igor Zhbanov <i.zhbanov@omprussia.ru>
Acked-by: Chris von Recklinghausen <crecklin@redhat.com>
Cc: Kees Cook <keescook@chromium.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
mm/usercopy.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
--- a/mm/usercopy.c
+++ b/mm/usercopy.c
@@ -298,7 +298,10 @@ static bool enable_checks __initdata = t
static int __init parse_hardened_usercopy(char *str)
{
- return strtobool(str, &enable_checks);
+ if (strtobool(str, &enable_checks))
+ pr_warn("Invalid option string for hardened_usercopy: '%s'\n",
+ str);
+ return 1;
}
__setup("hardened_usercopy=", parse_hardened_usercopy);
^ permalink raw reply [flat|nested] 364+ messages in thread
* [PATCH 4.19 248/338] bpf: Fix comment for helper bpf_current_task_under_cgroup()
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (246 preceding siblings ...)
2022-04-14 13:12 ` [PATCH 4.19 247/338] mm/usercopy: return 1 from hardened_usercopy " Greg Kroah-Hartman
@ 2022-04-14 13:12 ` Greg Kroah-Hartman
2022-04-14 13:12 ` [PATCH 4.19 249/338] ubi: fastmap: Return error code if memory allocation fails in add_aeb() Greg Kroah-Hartman
` (95 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:12 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hengqi Chen, Daniel Borkmann, Yonghong Song
From: Hengqi Chen <hengqi.chen@gmail.com>
commit 58617014405ad5c9f94f464444f4972dabb71ca7 upstream.
Fix the descriptions of the return values of helper bpf_current_task_under_cgroup().
Fixes: c6b5fb8690fa ("bpf: add documentation for eBPF helpers (42-50)")
Signed-off-by: Hengqi Chen <hengqi.chen@gmail.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: Yonghong Song <yhs@fb.com>
Link: https://lore.kernel.org/bpf/20220310155335.1278783-1-hengqi.chen@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
include/uapi/linux/bpf.h | 4 ++--
tools/include/uapi/linux/bpf.h | 4 ++--
2 files changed, 4 insertions(+), 4 deletions(-)
--- a/include/uapi/linux/bpf.h
+++ b/include/uapi/linux/bpf.h
@@ -1207,8 +1207,8 @@ union bpf_attr {
* Return
* The return value depends on the result of the test, and can be:
*
- * * 0, if current task belongs to the cgroup2.
- * * 1, if current task does not belong to the cgroup2.
+ * * 1, if current task belongs to the cgroup2.
+ * * 0, if current task does not belong to the cgroup2.
* * A negative error code, if an error occurred.
*
* int bpf_skb_change_tail(struct sk_buff *skb, u32 len, u64 flags)
--- a/tools/include/uapi/linux/bpf.h
+++ b/tools/include/uapi/linux/bpf.h
@@ -1205,8 +1205,8 @@ union bpf_attr {
* Return
* The return value depends on the result of the test, and can be:
*
- * * 0, if current task belongs to the cgroup2.
- * * 1, if current task does not belong to the cgroup2.
+ * * 1, if current task belongs to the cgroup2.
+ * * 0, if current task does not belong to the cgroup2.
* * A negative error code, if an error occurred.
*
* int bpf_skb_change_tail(struct sk_buff *skb, u32 len, u64 flags)
^ permalink raw reply [flat|nested] 364+ messages in thread
* [PATCH 4.19 249/338] ubi: fastmap: Return error code if memory allocation fails in add_aeb()
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (247 preceding siblings ...)
2022-04-14 13:12 ` [PATCH 4.19 248/338] bpf: Fix comment for helper bpf_current_task_under_cgroup() Greg Kroah-Hartman
@ 2022-04-14 13:12 ` Greg Kroah-Hartman
2022-04-14 13:12 ` [PATCH 4.19 250/338] ASoC: topology: Allow TLV control to be either read or write Greg Kroah-Hartman
` (94 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:12 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Zhihao Cheng, Richard Weinberger
From: Zhihao Cheng <chengzhihao1@huawei.com>
commit c3c07fc25f37c157fde041b3a0c3dfcb1590cbce upstream.
Abort fastmap scanning and return error code if memory allocation fails
in add_aeb(). Otherwise ubi will get wrong peb statistics information
after scanning.
Fixes: dbb7d2a88d2a7b ("UBI: Add fastmap core")
Signed-off-by: Zhihao Cheng <chengzhihao1@huawei.com>
Signed-off-by: Richard Weinberger <richard@nod.at>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/mtd/ubi/fastmap.c | 28 +++++++++++++++++++---------
1 file changed, 19 insertions(+), 9 deletions(-)
--- a/drivers/mtd/ubi/fastmap.c
+++ b/drivers/mtd/ubi/fastmap.c
@@ -477,7 +477,9 @@ static int scan_pool(struct ubi_device *
if (err == UBI_IO_FF_BITFLIPS)
scrub = 1;
- add_aeb(ai, free, pnum, ec, scrub);
+ ret = add_aeb(ai, free, pnum, ec, scrub);
+ if (ret)
+ goto out;
continue;
} else if (err == 0 || err == UBI_IO_BITFLIPS) {
dbg_bld("Found non empty PEB:%i in pool", pnum);
@@ -647,8 +649,10 @@ static int ubi_attach_fastmap(struct ubi
if (fm_pos >= fm_size)
goto fail_bad;
- add_aeb(ai, &ai->free, be32_to_cpu(fmec->pnum),
- be32_to_cpu(fmec->ec), 0);
+ ret = add_aeb(ai, &ai->free, be32_to_cpu(fmec->pnum),
+ be32_to_cpu(fmec->ec), 0);
+ if (ret)
+ goto fail;
}
/* read EC values from used list */
@@ -658,8 +662,10 @@ static int ubi_attach_fastmap(struct ubi
if (fm_pos >= fm_size)
goto fail_bad;
- add_aeb(ai, &used, be32_to_cpu(fmec->pnum),
- be32_to_cpu(fmec->ec), 0);
+ ret = add_aeb(ai, &used, be32_to_cpu(fmec->pnum),
+ be32_to_cpu(fmec->ec), 0);
+ if (ret)
+ goto fail;
}
/* read EC values from scrub list */
@@ -669,8 +675,10 @@ static int ubi_attach_fastmap(struct ubi
if (fm_pos >= fm_size)
goto fail_bad;
- add_aeb(ai, &used, be32_to_cpu(fmec->pnum),
- be32_to_cpu(fmec->ec), 1);
+ ret = add_aeb(ai, &used, be32_to_cpu(fmec->pnum),
+ be32_to_cpu(fmec->ec), 1);
+ if (ret)
+ goto fail;
}
/* read EC values from erase list */
@@ -680,8 +688,10 @@ static int ubi_attach_fastmap(struct ubi
if (fm_pos >= fm_size)
goto fail_bad;
- add_aeb(ai, &ai->erase, be32_to_cpu(fmec->pnum),
- be32_to_cpu(fmec->ec), 1);
+ ret = add_aeb(ai, &ai->erase, be32_to_cpu(fmec->pnum),
+ be32_to_cpu(fmec->ec), 1);
+ if (ret)
+ goto fail;
}
ai->mean_ec = div_u64(ai->ec_sum, ai->ec_count);
^ permalink raw reply [flat|nested] 364+ messages in thread
* [PATCH 4.19 250/338] ASoC: topology: Allow TLV control to be either read or write
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (248 preceding siblings ...)
2022-04-14 13:12 ` [PATCH 4.19 249/338] ubi: fastmap: Return error code if memory allocation fails in add_aeb() Greg Kroah-Hartman
@ 2022-04-14 13:12 ` Greg Kroah-Hartman
2022-04-14 13:12 ` [PATCH 4.19 251/338] ARM: dts: spear1340: Update serial node properties Greg Kroah-Hartman
` (93 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:12 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Amadeusz Sławiński,
Cezary Rojewski, Pierre-Louis Bossart, Mark Brown
From: Amadeusz Sławiński <amadeuszx.slawinski@linux.intel.com>
commit feb00b736af64875560f371fe7f58b0b7f239046 upstream.
There is no reason to force readwrite access on TLV controls. It can be
either read, write or both. This is further evidenced in code where it
performs following checks:
if ((k->access & SNDRV_CTL_ELEM_ACCESS_TLV_READ) && !sbe->get)
return -EINVAL;
if ((k->access & SNDRV_CTL_ELEM_ACCESS_TLV_WRITE) && !sbe->put)
return -EINVAL;
Fixes: 1a3232d2f61d ("ASoC: topology: Add support for TLV bytes controls")
Signed-off-by: Amadeusz Sławiński <amadeuszx.slawinski@linux.intel.com>
Reviewed-by: Cezary Rojewski <cezary.rojewski@intel.com>
Reviewed-by: Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
Link: https://lore.kernel.org/r/20220112170030.569712-3-amadeuszx.slawinski@linux.intel.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
sound/soc/soc-topology.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/sound/soc/soc-topology.c
+++ b/sound/soc/soc-topology.c
@@ -547,7 +547,8 @@ static int soc_tplg_kcontrol_bind_io(str
if (hdr->ops.info == SND_SOC_TPLG_CTL_BYTES
&& k->iface & SNDRV_CTL_ELEM_IFACE_MIXER
- && k->access & SNDRV_CTL_ELEM_ACCESS_TLV_READWRITE
+ && (k->access & SNDRV_CTL_ELEM_ACCESS_TLV_READ
+ || k->access & SNDRV_CTL_ELEM_ACCESS_TLV_WRITE)
&& k->access & SNDRV_CTL_ELEM_ACCESS_TLV_CALLBACK) {
struct soc_bytes_ext *sbe;
struct snd_soc_tplg_bytes_control *be;
^ permalink raw reply [flat|nested] 364+ messages in thread
* [PATCH 4.19 251/338] ARM: dts: spear1340: Update serial node properties
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (249 preceding siblings ...)
2022-04-14 13:12 ` [PATCH 4.19 250/338] ASoC: topology: Allow TLV control to be either read or write Greg Kroah-Hartman
@ 2022-04-14 13:12 ` Greg Kroah-Hartman
2022-04-14 13:12 ` [PATCH 4.19 252/338] ARM: dts: spear13xx: Update SPI dma properties Greg Kroah-Hartman
` (92 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:12 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Kuldeep Singh, Viresh Kumar, Arnd Bergmann
From: Kuldeep Singh <singh.kuldeep87k@gmail.com>
commit 583d6b0062640def86f3265aa1042ecb6672516e upstream.
Reorder dma and dma-names property for serial node to make it compliant
with bindings.
Fixes: 6e8887f60f60 ("ARM: SPEAr13xx: Pass generic DW DMAC platform data from DT")
Signed-off-by: Kuldeep Singh <singh.kuldeep87k@gmail.com>
Acked-by: Viresh Kumar <viresh.kumar@linaro.org>
Link: https://lore.kernel.org/r/20220326042313.97862-3-singh.kuldeep87k@gmail.com'
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arm/boot/dts/spear1340.dtsi | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
--- a/arch/arm/boot/dts/spear1340.dtsi
+++ b/arch/arm/boot/dts/spear1340.dtsi
@@ -142,9 +142,9 @@
reg = <0xb4100000 0x1000>;
interrupts = <0 105 0x4>;
status = "disabled";
- dmas = <&dwdma0 12 0 1>,
- <&dwdma0 13 1 0>;
- dma-names = "tx", "rx";
+ dmas = <&dwdma0 13 0 1>,
+ <&dwdma0 12 1 0>;
+ dma-names = "rx", "tx";
};
thermal@e07008c4 {
^ permalink raw reply [flat|nested] 364+ messages in thread
* [PATCH 4.19 252/338] ARM: dts: spear13xx: Update SPI dma properties
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (250 preceding siblings ...)
2022-04-14 13:12 ` [PATCH 4.19 251/338] ARM: dts: spear1340: Update serial node properties Greg Kroah-Hartman
@ 2022-04-14 13:12 ` Greg Kroah-Hartman
2022-04-14 13:12 ` [PATCH 4.19 253/338] um: Fix uml_mconsole stop/go Greg Kroah-Hartman
` (91 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:12 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Kuldeep Singh, Viresh Kumar, Arnd Bergmann
From: Kuldeep Singh <singh.kuldeep87k@gmail.com>
commit 31d3687d6017c7ce6061695361598d9cda70807a upstream.
Reorder dmas and dma-names property for spi controller node to make it
compliant with bindings.
Fixes: 6e8887f60f60 ("ARM: SPEAr13xx: Pass generic DW DMAC platform data from DT")
Signed-off-by: Kuldeep Singh <singh.kuldeep87k@gmail.com>
Acked-by: Viresh Kumar <viresh.kumar@linaro.org>
Link: https://lore.kernel.org/r/20220326042313.97862-2-singh.kuldeep87k@gmail.com'
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arm/boot/dts/spear13xx.dtsi | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
--- a/arch/arm/boot/dts/spear13xx.dtsi
+++ b/arch/arm/boot/dts/spear13xx.dtsi
@@ -290,9 +290,9 @@
#size-cells = <0>;
interrupts = <0 31 0x4>;
status = "disabled";
- dmas = <&dwdma0 4 0 0>,
- <&dwdma0 5 0 0>;
- dma-names = "tx", "rx";
+ dmas = <&dwdma0 5 0 0>,
+ <&dwdma0 4 0 0>;
+ dma-names = "rx", "tx";
};
rtc@e0580000 {
^ permalink raw reply [flat|nested] 364+ messages in thread
* [PATCH 4.19 253/338] um: Fix uml_mconsole stop/go
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (251 preceding siblings ...)
2022-04-14 13:12 ` [PATCH 4.19 252/338] ARM: dts: spear13xx: Update SPI dma properties Greg Kroah-Hartman
@ 2022-04-14 13:12 ` Greg Kroah-Hartman
2022-04-14 13:12 ` [PATCH 4.19 254/338] openvswitch: Fixed nd target mask field in the flow dump Greg Kroah-Hartman
` (90 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:12 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Anton Ivanov, Richard Weinberger
From: Anton Ivanov <anton.ivanov@cambridgegreys.com>
commit 1a3a6a2a035bb6c3a7ef4c788d8fd69a7b2d6284 upstream.
Moving to an EPOLL based IRQ controller broke uml_mconsole stop/go
commands. This fixes it and restores stop/go functionality.
Fixes: ff6a17989c08 ("Epoll based IRQ controller")
Signed-off-by: Anton Ivanov <anton.ivanov@cambridgegreys.com>
Signed-off-by: Richard Weinberger <richard@nod.at>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/um/drivers/mconsole_kern.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/arch/um/drivers/mconsole_kern.c
+++ b/arch/um/drivers/mconsole_kern.c
@@ -218,7 +218,7 @@ void mconsole_go(struct mc_request *req)
void mconsole_stop(struct mc_request *req)
{
- deactivate_fd(req->originating_fd, MCONSOLE_IRQ);
+ block_signals();
os_set_fd_block(req->originating_fd, 1);
mconsole_reply(req, "stopped", 0, 0);
for (;;) {
@@ -242,6 +242,7 @@ void mconsole_stop(struct mc_request *re
os_set_fd_block(req->originating_fd, 0);
reactivate_fd(req->originating_fd, MCONSOLE_IRQ);
mconsole_reply(req, "", 0, 0);
+ unblock_signals();
}
static DEFINE_SPINLOCK(mc_devices_lock);
^ permalink raw reply [flat|nested] 364+ messages in thread
* [PATCH 4.19 254/338] openvswitch: Fixed nd target mask field in the flow dump.
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (252 preceding siblings ...)
2022-04-14 13:12 ` [PATCH 4.19 253/338] um: Fix uml_mconsole stop/go Greg Kroah-Hartman
@ 2022-04-14 13:12 ` Greg Kroah-Hartman
2022-04-14 13:12 ` [PATCH 4.19 255/338] KVM: x86: Forbid VMM to set SYNIC/STIMER MSRs when SynIC wasnt activated Greg Kroah-Hartman
` (89 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:12 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Martin Varghese, Paolo Abeni
From: Martin Varghese <martin.varghese@nokia.com>
commit f19c44452b58a84d95e209b847f5495d91c9983a upstream.
IPv6 nd target mask was not getting populated in flow dump.
In the function __ovs_nla_put_key the icmp code mask field was checked
instead of icmp code key field to classify the flow as neighbour discovery.
ufid:bdfbe3e5-60c2-43b0-a5ff-dfcac1c37328, recirc_id(0),dp_hash(0/0),
skb_priority(0/0),in_port(ovs-nm1),skb_mark(0/0),ct_state(0/0),
ct_zone(0/0),ct_mark(0/0),ct_label(0/0),
eth(src=00:00:00:00:00:00/00:00:00:00:00:00,
dst=00:00:00:00:00:00/00:00:00:00:00:00),
eth_type(0x86dd),
ipv6(src=::/::,dst=::/::,label=0/0,proto=58,tclass=0/0,hlimit=0/0,frag=no),
icmpv6(type=135,code=0),
nd(target=2001::2/::,
sll=00:00:00:00:00:00/00:00:00:00:00:00,
tll=00:00:00:00:00:00/00:00:00:00:00:00),
packets:10, bytes:860, used:0.504s, dp:ovs, actions:ovs-nm2
Fixes: e64457191a25 (openvswitch: Restructure datapath.c and flow.c)
Signed-off-by: Martin Varghese <martin.varghese@nokia.com>
Link: https://lore.kernel.org/r/20220328054148.3057-1-martinvarghesenokia@gmail.com
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/openvswitch/flow_netlink.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/net/openvswitch/flow_netlink.c
+++ b/net/openvswitch/flow_netlink.c
@@ -2166,8 +2166,8 @@ static int __ovs_nla_put_key(const struc
icmpv6_key->icmpv6_type = ntohs(output->tp.src);
icmpv6_key->icmpv6_code = ntohs(output->tp.dst);
- if (icmpv6_key->icmpv6_type == NDISC_NEIGHBOUR_SOLICITATION ||
- icmpv6_key->icmpv6_type == NDISC_NEIGHBOUR_ADVERTISEMENT) {
+ if (swkey->tp.src == htons(NDISC_NEIGHBOUR_SOLICITATION) ||
+ swkey->tp.src == htons(NDISC_NEIGHBOUR_ADVERTISEMENT)) {
struct ovs_key_nd *nd_key;
nla = nla_reserve(skb, OVS_KEY_ATTR_ND, sizeof(*nd_key));
^ permalink raw reply [flat|nested] 364+ messages in thread
* [PATCH 4.19 255/338] KVM: x86: Forbid VMM to set SYNIC/STIMER MSRs when SynIC wasnt activated
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (253 preceding siblings ...)
2022-04-14 13:12 ` [PATCH 4.19 254/338] openvswitch: Fixed nd target mask field in the flow dump Greg Kroah-Hartman
@ 2022-04-14 13:12 ` Greg Kroah-Hartman
2022-04-14 13:12 ` [PATCH 4.19 256/338] ubifs: Rectify space amount budget for mkdir/tmpfile operations Greg Kroah-Hartman
` (88 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:12 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Vitaly Kuznetsov, Paolo Bonzini
From: Vitaly Kuznetsov <vkuznets@redhat.com>
commit b1e34d325397a33d97d845e312d7cf2a8b646b44 upstream.
Setting non-zero values to SYNIC/STIMER MSRs activates certain features,
this should not happen when KVM_CAP_HYPERV_SYNIC{,2} was not activated.
Note, it would've been better to forbid writing anything to SYNIC/STIMER
MSRs, including zeroes, however, at least QEMU tries clearing
HV_X64_MSR_STIMER0_CONFIG without SynIC. HV_X64_MSR_EOM MSR is somewhat
'special' as writing zero there triggers an action, this also should not
happen when SynIC wasn't activated.
Signed-off-by: Vitaly Kuznetsov <vkuznets@redhat.com>
Message-Id: <20220325132140.25650-4-vkuznets@redhat.com>
Cc: stable@vger.kernel.org
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/kvm/hyperv.c | 17 ++++++++++++++++-
1 file changed, 16 insertions(+), 1 deletion(-)
--- a/arch/x86/kvm/hyperv.c
+++ b/arch/x86/kvm/hyperv.c
@@ -237,7 +237,7 @@ static int synic_set_msr(struct kvm_vcpu
struct kvm_vcpu *vcpu = synic_to_vcpu(synic);
int ret;
- if (!synic->active && !host)
+ if (!synic->active && (!host || data))
return 1;
trace_kvm_hv_synic_set_msr(vcpu->vcpu_id, msr, data, host);
@@ -283,6 +283,9 @@ static int synic_set_msr(struct kvm_vcpu
case HV_X64_MSR_EOM: {
int i;
+ if (!synic->active)
+ break;
+
for (i = 0; i < ARRAY_SIZE(synic->sint); i++)
kvm_hv_notify_acked_sint(vcpu, i);
break;
@@ -544,6 +547,12 @@ static int stimer_start(struct kvm_vcpu_
static int stimer_set_config(struct kvm_vcpu_hv_stimer *stimer, u64 config,
bool host)
{
+ struct kvm_vcpu *vcpu = stimer_to_vcpu(stimer);
+ struct kvm_vcpu_hv_synic *synic = vcpu_to_synic(vcpu);
+
+ if (!synic->active && (!host || config))
+ return 1;
+
trace_kvm_hv_stimer_set_config(stimer_to_vcpu(stimer)->vcpu_id,
stimer->index, config, host);
@@ -558,6 +567,12 @@ static int stimer_set_config(struct kvm_
static int stimer_set_count(struct kvm_vcpu_hv_stimer *stimer, u64 count,
bool host)
{
+ struct kvm_vcpu *vcpu = stimer_to_vcpu(stimer);
+ struct kvm_vcpu_hv_synic *synic = vcpu_to_synic(vcpu);
+
+ if (!synic->active && (!host || count))
+ return 1;
+
trace_kvm_hv_stimer_set_count(stimer_to_vcpu(stimer)->vcpu_id,
stimer->index, count, host);
^ permalink raw reply [flat|nested] 364+ messages in thread
* [PATCH 4.19 256/338] ubifs: Rectify space amount budget for mkdir/tmpfile operations
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (254 preceding siblings ...)
2022-04-14 13:12 ` [PATCH 4.19 255/338] KVM: x86: Forbid VMM to set SYNIC/STIMER MSRs when SynIC wasnt activated Greg Kroah-Hartman
@ 2022-04-14 13:12 ` Greg Kroah-Hartman
2022-04-14 13:12 ` [PATCH 4.19 257/338] rtc: wm8350: Handle error for wm8350_register_irq Greg Kroah-Hartman
` (87 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:12 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Zhihao Cheng, Richard Weinberger,
Sasha Levin
From: Zhihao Cheng <chengzhihao1@huawei.com>
[ Upstream commit a6dab6607d4681d227905d5198710b575dbdb519 ]
UBIFS should make sure the flash has enough space to store dirty (Data
that is newer than disk) data (in memory), space budget is exactly
designed to do that. If space budget calculates less data than we need,
'make_reservation()' will do more work(return -ENOSPC if no free space
lelf, sometimes we can see "cannot reserve xxx bytes in jhead xxx, error
-28" in ubifs error messages) with ubifs inodes locked, which may effect
other syscalls.
A simple way to decide how much space do we need when make a budget:
See how much space is needed by 'make_reservation()' in ubifs_jnl_xxx()
function according to corresponding operation.
It's better to report ENOSPC in ubifs_budget_space(), as early as we can.
Fixes: 474b93704f32163 ("ubifs: Implement O_TMPFILE")
Fixes: 1e51764a3c2ac05 ("UBIFS: add new flash file system")
Signed-off-by: Zhihao Cheng <chengzhihao1@huawei.com>
Signed-off-by: Richard Weinberger <richard@nod.at>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/ubifs/dir.c | 12 ++++++++----
1 file changed, 8 insertions(+), 4 deletions(-)
diff --git a/fs/ubifs/dir.c b/fs/ubifs/dir.c
index 9e466eb30dcb..111905ddbfc2 100644
--- a/fs/ubifs/dir.c
+++ b/fs/ubifs/dir.c
@@ -373,15 +373,18 @@ static int do_tmpfile(struct inode *dir, struct dentry *dentry,
{
struct inode *inode;
struct ubifs_info *c = dir->i_sb->s_fs_info;
- struct ubifs_budget_req req = { .new_ino = 1, .new_dent = 1};
+ struct ubifs_budget_req req = { .new_ino = 1, .new_dent = 1,
+ .dirtied_ino = 1};
struct ubifs_budget_req ino_req = { .dirtied_ino = 1 };
struct ubifs_inode *ui, *dir_ui = ubifs_inode(dir);
int err, instantiated = 0;
struct fscrypt_name nm;
/*
- * Budget request settings: new dirty inode, new direntry,
- * budget for dirtied inode will be released via writeback.
+ * Budget request settings: new inode, new direntry, changing the
+ * parent directory inode.
+ * Allocate budget separately for new dirtied inode, the budget will
+ * be released via writeback.
*/
dbg_gen("dent '%pd', mode %#hx in dir ino %lu",
@@ -973,7 +976,8 @@ static int ubifs_mkdir(struct inode *dir, struct dentry *dentry, umode_t mode)
struct ubifs_inode *dir_ui = ubifs_inode(dir);
struct ubifs_info *c = dir->i_sb->s_fs_info;
int err, sz_change;
- struct ubifs_budget_req req = { .new_ino = 1, .new_dent = 1 };
+ struct ubifs_budget_req req = { .new_ino = 1, .new_dent = 1,
+ .dirtied_ino = 1};
struct fscrypt_name nm;
/*
--
2.35.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 257/338] rtc: wm8350: Handle error for wm8350_register_irq
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (255 preceding siblings ...)
2022-04-14 13:12 ` [PATCH 4.19 256/338] ubifs: Rectify space amount budget for mkdir/tmpfile operations Greg Kroah-Hartman
@ 2022-04-14 13:12 ` Greg Kroah-Hartman
2022-04-14 13:12 ` [PATCH 4.19 258/338] riscv module: remove (NOLOAD) Greg Kroah-Hartman
` (86 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:12 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jiasheng Jiang, Charles Keepax,
Alexandre Belloni, Sasha Levin
From: Jiasheng Jiang <jiasheng@iscas.ac.cn>
[ Upstream commit 43f0269b6b89c1eec4ef83c48035608f4dcdd886 ]
As the potential failure of the wm8350_register_irq(),
it should be better to check it and return error if fails.
Also, it need not free 'wm_rtc->rtc' since it will be freed
automatically.
Fixes: 077eaf5b40ec ("rtc: rtc-wm8350: add support for WM8350 RTC")
Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>
Acked-by: Charles Keepax <ckeepax@opensource.cirrus.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Link: https://lore.kernel.org/r/20220303085030.291793-1-jiasheng@iscas.ac.cn
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/rtc/rtc-wm8350.c | 11 +++++++++--
1 file changed, 9 insertions(+), 2 deletions(-)
diff --git a/drivers/rtc/rtc-wm8350.c b/drivers/rtc/rtc-wm8350.c
index 483c7993516b..ed874e5c5fc8 100644
--- a/drivers/rtc/rtc-wm8350.c
+++ b/drivers/rtc/rtc-wm8350.c
@@ -441,14 +441,21 @@ static int wm8350_rtc_probe(struct platform_device *pdev)
return ret;
}
- wm8350_register_irq(wm8350, WM8350_IRQ_RTC_SEC,
+ ret = wm8350_register_irq(wm8350, WM8350_IRQ_RTC_SEC,
wm8350_rtc_update_handler, 0,
"RTC Seconds", wm8350);
+ if (ret)
+ return ret;
+
wm8350_mask_irq(wm8350, WM8350_IRQ_RTC_SEC);
- wm8350_register_irq(wm8350, WM8350_IRQ_RTC_ALM,
+ ret = wm8350_register_irq(wm8350, WM8350_IRQ_RTC_ALM,
wm8350_rtc_alarm_handler, 0,
"RTC Alarm", wm8350);
+ if (ret) {
+ wm8350_free_irq(wm8350, WM8350_IRQ_RTC_SEC, wm8350);
+ return ret;
+ }
return 0;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 258/338] riscv module: remove (NOLOAD)
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (256 preceding siblings ...)
2022-04-14 13:12 ` [PATCH 4.19 257/338] rtc: wm8350: Handle error for wm8350_register_irq Greg Kroah-Hartman
@ 2022-04-14 13:12 ` Greg Kroah-Hartman
2022-04-14 13:12 ` Greg Kroah-Hartman
` (85 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:12 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Nathan Chancellor, Fangrui Song,
Palmer Dabbelt, Sasha Levin
From: Fangrui Song <maskray@google.com>
[ Upstream commit 60210a3d86dc57ce4a76a366e7841dda746a33f7 ]
On ELF, (NOLOAD) sets the section type to SHT_NOBITS[1]. It is conceptually
inappropriate for .plt, .got, and .got.plt sections which are always
SHT_PROGBITS.
In GNU ld, if PLT entries are needed, .plt will be SHT_PROGBITS anyway
and (NOLOAD) will be essentially ignored. In ld.lld, since
https://reviews.llvm.org/D118840 ("[ELF] Support (TYPE=<value>) to
customize the output section type"), ld.lld will report a `section type
mismatch` error (later changed to a warning). Just remove (NOLOAD) to
fix the warning.
[1] https://lld.llvm.org/ELF/linker_script.html As of today, "The
section should be marked as not loadable" on
https://sourceware.org/binutils/docs/ld/Output-Section-Type.html is
outdated for ELF.
Link: https://github.com/ClangBuiltLinux/linux/issues/1597
Fixes: ab1ef68e5401 ("RISC-V: Add sections of PLT and GOT for kernel module")
Reported-by: Nathan Chancellor <nathan@kernel.org>
Signed-off-by: Fangrui Song <maskray@google.com>
Signed-off-by: Palmer Dabbelt <palmer@rivosinc.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/riscv/kernel/module.lds | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/arch/riscv/kernel/module.lds b/arch/riscv/kernel/module.lds
index 295ecfb341a2..18ec719899e2 100644
--- a/arch/riscv/kernel/module.lds
+++ b/arch/riscv/kernel/module.lds
@@ -2,7 +2,7 @@
/* Copyright (C) 2017 Andes Technology Corporation */
SECTIONS {
- .plt (NOLOAD) : { BYTE(0) }
- .got (NOLOAD) : { BYTE(0) }
- .got.plt (NOLOAD) : { BYTE(0) }
+ .plt : { BYTE(0) }
+ .got : { BYTE(0) }
+ .got.plt : { BYTE(0) }
}
--
2.35.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 259/338] ARM: 9187/1: JIVE: fix return value of __setup handler
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
@ 2022-04-14 13:12 ` Greg Kroah-Hartman
2022-04-14 13:08 ` [PATCH 4.19 002/338] USB: serial: simple: add Nokia phone driver Greg Kroah-Hartman
` (342 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:12 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Randy Dunlap, Ben Dooks,
Krzysztof Kozlowski, Alim Akhtar, linux-arm-kernel,
linux-samsung-soc, patches, Russell King (Oracle),
Sasha Levin
From: Randy Dunlap <rdunlap@infradead.org>
[ Upstream commit 8b2360c7157b462c4870d447d1e65d30ef31f9aa ]
__setup() handlers should return 1 to obsolete_checksetup() in
init/main.c to indicate that the boot option has been handled.
A return of 0 causes the boot option/value to be listed as an Unknown
kernel parameter and added to init's (limited) argument or environment
strings. Also, error return codes don't mean anything to
obsolete_checksetup() -- only non-zero (usually 1) or zero.
So return 1 from jive_mtdset().
Fixes: 9db829f485c5 ("[ARM] JIVE: Initial machine support for Logitech Jive")
Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
Cc: Ben Dooks <ben-linux@fluff.org>
Cc: Krzysztof Kozlowski <krzk@kernel.org>
Cc: Alim Akhtar <alim.akhtar@samsung.com>
Cc: linux-arm-kernel@lists.infradead.org
Cc: linux-samsung-soc@vger.kernel.org
Cc: patches@armlinux.org.uk
Signed-off-by: Russell King (Oracle) <rmk+kernel@armlinux.org.uk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/mach-s3c24xx/mach-jive.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/arch/arm/mach-s3c24xx/mach-jive.c b/arch/arm/mach-s3c24xx/mach-jive.c
index 885e8f12e4b9..eedc9f8ed210 100644
--- a/arch/arm/mach-s3c24xx/mach-jive.c
+++ b/arch/arm/mach-s3c24xx/mach-jive.c
@@ -237,11 +237,11 @@ static int __init jive_mtdset(char *options)
unsigned long set;
if (options == NULL || options[0] == '\0')
- return 0;
+ return 1;
if (kstrtoul(options, 10, &set)) {
printk(KERN_ERR "failed to parse mtdset=%s\n", options);
- return 0;
+ return 1;
}
switch (set) {
@@ -256,7 +256,7 @@ static int __init jive_mtdset(char *options)
"using default.", set);
}
- return 0;
+ return 1;
}
/* parse the mtdset= option given to the kernel command line */
--
2.35.1
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 259/338] ARM: 9187/1: JIVE: fix return value of __setup handler
@ 2022-04-14 13:12 ` Greg Kroah-Hartman
0 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:12 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Randy Dunlap, Ben Dooks,
Krzysztof Kozlowski, Alim Akhtar, linux-arm-kernel,
linux-samsung-soc, patches, Russell King (Oracle),
Sasha Levin
From: Randy Dunlap <rdunlap@infradead.org>
[ Upstream commit 8b2360c7157b462c4870d447d1e65d30ef31f9aa ]
__setup() handlers should return 1 to obsolete_checksetup() in
init/main.c to indicate that the boot option has been handled.
A return of 0 causes the boot option/value to be listed as an Unknown
kernel parameter and added to init's (limited) argument or environment
strings. Also, error return codes don't mean anything to
obsolete_checksetup() -- only non-zero (usually 1) or zero.
So return 1 from jive_mtdset().
Fixes: 9db829f485c5 ("[ARM] JIVE: Initial machine support for Logitech Jive")
Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
Cc: Ben Dooks <ben-linux@fluff.org>
Cc: Krzysztof Kozlowski <krzk@kernel.org>
Cc: Alim Akhtar <alim.akhtar@samsung.com>
Cc: linux-arm-kernel@lists.infradead.org
Cc: linux-samsung-soc@vger.kernel.org
Cc: patches@armlinux.org.uk
Signed-off-by: Russell King (Oracle) <rmk+kernel@armlinux.org.uk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/mach-s3c24xx/mach-jive.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/arch/arm/mach-s3c24xx/mach-jive.c b/arch/arm/mach-s3c24xx/mach-jive.c
index 885e8f12e4b9..eedc9f8ed210 100644
--- a/arch/arm/mach-s3c24xx/mach-jive.c
+++ b/arch/arm/mach-s3c24xx/mach-jive.c
@@ -237,11 +237,11 @@ static int __init jive_mtdset(char *options)
unsigned long set;
if (options == NULL || options[0] == '\0')
- return 0;
+ return 1;
if (kstrtoul(options, 10, &set)) {
printk(KERN_ERR "failed to parse mtdset=%s\n", options);
- return 0;
+ return 1;
}
switch (set) {
@@ -256,7 +256,7 @@ static int __init jive_mtdset(char *options)
"using default.", set);
}
- return 0;
+ return 1;
}
/* parse the mtdset= option given to the kernel command line */
--
2.35.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 260/338] KVM: x86/svm: Clear reserved bits written to PerfEvtSeln MSRs
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (258 preceding siblings ...)
2022-04-14 13:12 ` Greg Kroah-Hartman
@ 2022-04-14 13:12 ` Greg Kroah-Hartman
2022-04-14 13:12 ` [PATCH 4.19 261/338] drm: Add orientation quirk for GPD Win Max Greg Kroah-Hartman
` (83 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:12 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Lotus Fenn, Jim Mattson, Like Xu,
David Dunn, Paolo Bonzini, Sasha Levin
From: Jim Mattson <jmattson@google.com>
[ Upstream commit 9b026073db2f1ad0e4d8b61c83316c8497981037 ]
AMD EPYC CPUs never raise a #GP for a WRMSR to a PerfEvtSeln MSR. Some
reserved bits are cleared, and some are not. Specifically, on
Zen3/Milan, bits 19 and 42 are not cleared.
When emulating such a WRMSR, KVM should not synthesize a #GP,
regardless of which bits are set. However, undocumented bits should
not be passed through to the hardware MSR. So, rather than checking
for reserved bits and synthesizing a #GP, just clear the reserved
bits.
This may seem pedantic, but since KVM currently does not support the
"Host/Guest Only" bits (41:40), it is necessary to clear these bits
rather than synthesizing #GP, because some popular guests (e.g Linux)
will set the "Host Only" bit even on CPUs that don't support
EFER.SVME, and they don't expect a #GP.
For example,
root@Ubuntu1804:~# perf stat -e r26 -a sleep 1
Performance counter stats for 'system wide':
0 r26
1.001070977 seconds time elapsed
Feb 23 03:59:58 Ubuntu1804 kernel: [ 405.379957] unchecked MSR access error: WRMSR to 0xc0010200 (tried to write 0x0000020000130026) at rIP: 0xffffffff9b276a28 (native_write_msr+0x8/0x30)
Feb 23 03:59:58 Ubuntu1804 kernel: [ 405.379958] Call Trace:
Feb 23 03:59:58 Ubuntu1804 kernel: [ 405.379963] amd_pmu_disable_event+0x27/0x90
Fixes: ca724305a2b0 ("KVM: x86/vPMU: Implement AMD vPMU code for KVM")
Reported-by: Lotus Fenn <lotusf@google.com>
Signed-off-by: Jim Mattson <jmattson@google.com>
Reviewed-by: Like Xu <likexu@tencent.com>
Reviewed-by: David Dunn <daviddunn@google.com>
Message-Id: <20220226234131.2167175-1-jmattson@google.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/x86/kvm/pmu_amd.c | 8 +++-----
1 file changed, 3 insertions(+), 5 deletions(-)
diff --git a/arch/x86/kvm/pmu_amd.c b/arch/x86/kvm/pmu_amd.c
index 41dff881e0f0..93a135f216b2 100644
--- a/arch/x86/kvm/pmu_amd.c
+++ b/arch/x86/kvm/pmu_amd.c
@@ -247,12 +247,10 @@ static int amd_pmu_set_msr(struct kvm_vcpu *vcpu, struct msr_data *msr_info)
/* MSR_EVNTSELn */
pmc = get_gp_pmc_amd(pmu, msr, PMU_TYPE_EVNTSEL);
if (pmc) {
- if (data == pmc->eventsel)
- return 0;
- if (!(data & pmu->reserved_bits)) {
+ data &= ~pmu->reserved_bits;
+ if (data != pmc->eventsel)
reprogram_gp_counter(pmc, data);
- return 0;
- }
+ return 0;
}
return 1;
--
2.35.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 261/338] drm: Add orientation quirk for GPD Win Max
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (259 preceding siblings ...)
2022-04-14 13:12 ` [PATCH 4.19 260/338] KVM: x86/svm: Clear reserved bits written to PerfEvtSeln MSRs Greg Kroah-Hartman
@ 2022-04-14 13:12 ` Greg Kroah-Hartman
2022-04-14 13:12 ` [PATCH 4.19 262/338] ath5k: fix OOB in ath5k_eeprom_read_pcal_info_5111 Greg Kroah-Hartman
` (82 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:12 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Anisse Astier, Hans de Goede,
Jani Nikula, Sasha Levin
From: Anisse Astier <anisse@astier.eu>
[ Upstream commit 0b464ca3e0dd3cec65f28bc6d396d82f19080f69 ]
Panel is 800x1280, but mounted on a laptop form factor, sideways.
Signed-off-by: Anisse Astier <anisse@astier.eu>
Reviewed-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Jani Nikula <jani.nikula@intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20211229222200.53128-3-anisse@astier.eu
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/drm_panel_orientation_quirks.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/drivers/gpu/drm/drm_panel_orientation_quirks.c b/drivers/gpu/drm/drm_panel_orientation_quirks.c
index 3b70a338e5b4..265df1e67eb3 100644
--- a/drivers/gpu/drm/drm_panel_orientation_quirks.c
+++ b/drivers/gpu/drm/drm_panel_orientation_quirks.c
@@ -133,6 +133,12 @@ static const struct dmi_system_id orientation_data[] = {
DMI_EXACT_MATCH(DMI_PRODUCT_NAME, "MicroPC"),
},
.driver_data = (void *)&lcd720x1280_rightside_up,
+ }, { /* GPD Win Max */
+ .matches = {
+ DMI_EXACT_MATCH(DMI_SYS_VENDOR, "GPD"),
+ DMI_EXACT_MATCH(DMI_PRODUCT_NAME, "G1619-01"),
+ },
+ .driver_data = (void *)&lcd800x1280_rightside_up,
}, { /*
* GPD Pocket, note that the the DMI data is less generic then
* it seems, devices with a board-vendor of "AMI Corporation"
--
2.35.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 262/338] ath5k: fix OOB in ath5k_eeprom_read_pcal_info_5111
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (260 preceding siblings ...)
2022-04-14 13:12 ` [PATCH 4.19 261/338] drm: Add orientation quirk for GPD Win Max Greg Kroah-Hartman
@ 2022-04-14 13:12 ` Greg Kroah-Hartman
2022-04-14 13:12 ` [PATCH 4.19 263/338] drm/amd/amdgpu/amdgpu_cs: fix refcount leak of a dma_fence obj Greg Kroah-Hartman
` (81 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:12 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Brendan Dolan-Gavitt, Zekun Shen,
Kalle Valo, Sasha Levin
From: Zekun Shen <bruceshenzk@gmail.com>
[ Upstream commit 564d4eceb97eaf381dd6ef6470b06377bb50c95a ]
The bug was found during fuzzing. Stacktrace locates it in
ath5k_eeprom_convert_pcal_info_5111.
When none of the curve is selected in the loop, idx can go
up to AR5K_EEPROM_N_PD_CURVES. The line makes pd out of bound.
pd = &chinfo[pier].pd_curves[idx];
There are many OOB writes using pd later in the code. So I
added a sanity check for idx. Checks for other loops involving
AR5K_EEPROM_N_PD_CURVES are not needed as the loop index is not
used outside the loops.
The patch is NOT tested with real device.
The following is the fuzzing report
BUG: KASAN: slab-out-of-bounds in ath5k_eeprom_read_pcal_info_5111+0x126a/0x1390 [ath5k]
Write of size 1 at addr ffff8880174a4d60 by task modprobe/214
CPU: 0 PID: 214 Comm: modprobe Not tainted 5.6.0 #1
Call Trace:
dump_stack+0x76/0xa0
print_address_description.constprop.0+0x16/0x200
? ath5k_eeprom_read_pcal_info_5111+0x126a/0x1390 [ath5k]
? ath5k_eeprom_read_pcal_info_5111+0x126a/0x1390 [ath5k]
__kasan_report.cold+0x37/0x7c
? ath5k_eeprom_read_pcal_info_5111+0x126a/0x1390 [ath5k]
kasan_report+0xe/0x20
ath5k_eeprom_read_pcal_info_5111+0x126a/0x1390 [ath5k]
? apic_timer_interrupt+0xa/0x20
? ath5k_eeprom_init_11a_pcal_freq+0xbc0/0xbc0 [ath5k]
? ath5k_pci_eeprom_read+0x228/0x3c0 [ath5k]
ath5k_eeprom_init+0x2513/0x6290 [ath5k]
? ath5k_eeprom_init_11a_pcal_freq+0xbc0/0xbc0 [ath5k]
? usleep_range+0xb8/0x100
? apic_timer_interrupt+0xa/0x20
? ath5k_eeprom_read_pcal_info_2413+0x2f20/0x2f20 [ath5k]
ath5k_hw_init+0xb60/0x1970 [ath5k]
ath5k_init_ah+0x6fe/0x2530 [ath5k]
? kasprintf+0xa6/0xe0
? ath5k_stop+0x140/0x140 [ath5k]
? _dev_notice+0xf6/0xf6
? apic_timer_interrupt+0xa/0x20
ath5k_pci_probe.cold+0x29a/0x3d6 [ath5k]
? ath5k_pci_eeprom_read+0x3c0/0x3c0 [ath5k]
? mutex_lock+0x89/0xd0
? ath5k_pci_eeprom_read+0x3c0/0x3c0 [ath5k]
local_pci_probe+0xd3/0x160
pci_device_probe+0x23f/0x3e0
? pci_device_remove+0x280/0x280
? pci_device_remove+0x280/0x280
really_probe+0x209/0x5d0
Reported-by: Brendan Dolan-Gavitt <brendandg@nyu.edu>
Signed-off-by: Zekun Shen <bruceshenzk@gmail.com>
Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com>
Link: https://lore.kernel.org/r/YckvDdj3mtCkDRIt@a-10-27-26-18.dynapool.vpn.nyu.edu
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/ath/ath5k/eeprom.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/net/wireless/ath/ath5k/eeprom.c b/drivers/net/wireless/ath/ath5k/eeprom.c
index 94d34ee02265..01163b333945 100644
--- a/drivers/net/wireless/ath/ath5k/eeprom.c
+++ b/drivers/net/wireless/ath/ath5k/eeprom.c
@@ -746,6 +746,9 @@ ath5k_eeprom_convert_pcal_info_5111(struct ath5k_hw *ah, int mode,
}
}
+ if (idx == AR5K_EEPROM_N_PD_CURVES)
+ goto err_out;
+
ee->ee_pd_gains[mode] = 1;
pd = &chinfo[pier].pd_curves[idx];
--
2.35.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 263/338] drm/amd/amdgpu/amdgpu_cs: fix refcount leak of a dma_fence obj
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (261 preceding siblings ...)
2022-04-14 13:12 ` [PATCH 4.19 262/338] ath5k: fix OOB in ath5k_eeprom_read_pcal_info_5111 Greg Kroah-Hartman
@ 2022-04-14 13:12 ` Greg Kroah-Hartman
2022-04-14 13:12 ` [PATCH 4.19 264/338] ptp: replace snprintf with sysfs_emit Greg Kroah-Hartman
` (80 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:12 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Christian König, Xin Xiong,
Xin Tan, Alex Deucher, Sasha Levin
From: Xin Xiong <xiongx18@fudan.edu.cn>
[ Upstream commit dfced44f122c500004a48ecc8db516bb6a295a1b ]
This issue takes place in an error path in
amdgpu_cs_fence_to_handle_ioctl(). When `info->in.what` falls into
default case, the function simply returns -EINVAL, forgetting to
decrement the reference count of a dma_fence obj, which is bumped
earlier by amdgpu_cs_get_fence(). This may result in reference count
leaks.
Fix it by decreasing the refcount of specific object before returning
the error code.
Reviewed-by: Christian König <christian.koenig@amd.com>
Signed-off-by: Xin Xiong <xiongx18@fudan.edu.cn>
Signed-off-by: Xin Tan <tanxin.ctf@gmail.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c
index 81001d879322..023309296bfc 100644
--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c
+++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c
@@ -1469,6 +1469,7 @@ int amdgpu_cs_fence_to_handle_ioctl(struct drm_device *dev, void *data,
return 0;
default:
+ dma_fence_put(fence);
return -EINVAL;
}
}
--
2.35.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 264/338] ptp: replace snprintf with sysfs_emit
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (262 preceding siblings ...)
2022-04-14 13:12 ` [PATCH 4.19 263/338] drm/amd/amdgpu/amdgpu_cs: fix refcount leak of a dma_fence obj Greg Kroah-Hartman
@ 2022-04-14 13:12 ` Greg Kroah-Hartman
2022-04-14 13:12 ` [PATCH 4.19 265/338] powerpc: dts: t104xrdb: fix phy type for FMAN 4/5 Greg Kroah-Hartman
` (79 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:12 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Zeal Robot, Yang Guang, David Yang,
Richard Cochran, David S. Miller, Sasha Levin
From: Yang Guang <yang.guang5@zte.com.cn>
[ Upstream commit e2cf07654efb0fd7bbcb475c6f74be7b5755a8fd ]
coccinelle report:
./drivers/ptp/ptp_sysfs.c:17:8-16:
WARNING: use scnprintf or sprintf
./drivers/ptp/ptp_sysfs.c:390:8-16:
WARNING: use scnprintf or sprintf
Use sysfs_emit instead of scnprintf or sprintf makes more sense.
Reported-by: Zeal Robot <zealci@zte.com.cn>
Signed-off-by: Yang Guang <yang.guang5@zte.com.cn>
Signed-off-by: David Yang <davidcomponentone@gmail.com>
Acked-by: Richard Cochran <richardcochran@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/ptp/ptp_sysfs.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/ptp/ptp_sysfs.c b/drivers/ptp/ptp_sysfs.c
index 48401dfcd999..f97a5eefa2e2 100644
--- a/drivers/ptp/ptp_sysfs.c
+++ b/drivers/ptp/ptp_sysfs.c
@@ -26,7 +26,7 @@ static ssize_t clock_name_show(struct device *dev,
struct device_attribute *attr, char *page)
{
struct ptp_clock *ptp = dev_get_drvdata(dev);
- return snprintf(page, PAGE_SIZE-1, "%s\n", ptp->info->name);
+ return sysfs_emit(page, "%s\n", ptp->info->name);
}
static DEVICE_ATTR_RO(clock_name);
@@ -240,7 +240,7 @@ static ssize_t ptp_pin_show(struct device *dev, struct device_attribute *attr,
mutex_unlock(&ptp->pincfg_mux);
- return snprintf(page, PAGE_SIZE, "%u %u\n", func, chan);
+ return sysfs_emit(page, "%u %u\n", func, chan);
}
static ssize_t ptp_pin_store(struct device *dev, struct device_attribute *attr,
--
2.35.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 265/338] powerpc: dts: t104xrdb: fix phy type for FMAN 4/5
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (263 preceding siblings ...)
2022-04-14 13:12 ` [PATCH 4.19 264/338] ptp: replace snprintf with sysfs_emit Greg Kroah-Hartman
@ 2022-04-14 13:12 ` Greg Kroah-Hartman
2022-04-14 13:12 ` [PATCH 4.19 266/338] scsi: mvsas: Replace snprintf() with sysfs_emit() Greg Kroah-Hartman
` (78 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:12 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Maxim Kiselev, Maxim Kochetkov,
Vladimir Oltean, Michael Ellerman, Sasha Levin
From: Maxim Kiselev <bigunclemax@gmail.com>
[ Upstream commit 17846485dff91acce1ad47b508b633dffc32e838 ]
T1040RDB has two RTL8211E-VB phys which requires setting
of internal delays for correct work.
Changing the phy-connection-type property to `rgmii-id`
will fix this issue.
Signed-off-by: Maxim Kiselev <bigunclemax@gmail.com>
Reviewed-by: Maxim Kochetkov <fido_max@inbox.ru>
Reviewed-by: Vladimir Oltean <vladimir.oltean@nxp.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20211230151123.1258321-1-bigunclemax@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/powerpc/boot/dts/fsl/t104xrdb.dtsi | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/arch/powerpc/boot/dts/fsl/t104xrdb.dtsi b/arch/powerpc/boot/dts/fsl/t104xrdb.dtsi
index 099a598c74c0..bfe1ed5be337 100644
--- a/arch/powerpc/boot/dts/fsl/t104xrdb.dtsi
+++ b/arch/powerpc/boot/dts/fsl/t104xrdb.dtsi
@@ -139,12 +139,12 @@
fman@400000 {
ethernet@e6000 {
phy-handle = <&phy_rgmii_0>;
- phy-connection-type = "rgmii";
+ phy-connection-type = "rgmii-id";
};
ethernet@e8000 {
phy-handle = <&phy_rgmii_1>;
- phy-connection-type = "rgmii";
+ phy-connection-type = "rgmii-id";
};
mdio0: mdio@fc000 {
--
2.35.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 266/338] scsi: mvsas: Replace snprintf() with sysfs_emit()
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (264 preceding siblings ...)
2022-04-14 13:12 ` [PATCH 4.19 265/338] powerpc: dts: t104xrdb: fix phy type for FMAN 4/5 Greg Kroah-Hartman
@ 2022-04-14 13:12 ` Greg Kroah-Hartman
2022-04-14 13:12 ` [PATCH 4.19 267/338] scsi: bfa: " Greg Kroah-Hartman
` (77 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:12 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Zeal Robot, Yang Guang, David Yang,
Martin K. Petersen, Sasha Levin
From: Yang Guang <yang.guang5@zte.com.cn>
[ Upstream commit 0ad3867b0f13e45cfee5a1298bfd40eef096116c ]
coccinelle report:
./drivers/scsi/mvsas/mv_init.c:699:8-16:
WARNING: use scnprintf or sprintf
./drivers/scsi/mvsas/mv_init.c:747:8-16:
WARNING: use scnprintf or sprintf
Use sysfs_emit() instead of scnprintf() or sprintf().
Link: https://lore.kernel.org/r/c1711f7cf251730a8ceb5bdfc313bf85662b3395.1643182948.git.yang.guang5@zte.com.cn
Reported-by: Zeal Robot <zealci@zte.com.cn>
Signed-off-by: Yang Guang <yang.guang5@zte.com.cn>
Signed-off-by: David Yang <davidcomponentone@gmail.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/scsi/mvsas/mv_init.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/scsi/mvsas/mv_init.c b/drivers/scsi/mvsas/mv_init.c
index 98d6608068ab..9c48394ac68a 100644
--- a/drivers/scsi/mvsas/mv_init.c
+++ b/drivers/scsi/mvsas/mv_init.c
@@ -729,7 +729,7 @@ static ssize_t
mvs_show_driver_version(struct device *cdev,
struct device_attribute *attr, char *buffer)
{
- return snprintf(buffer, PAGE_SIZE, "%s\n", DRV_VERSION);
+ return sysfs_emit(buffer, "%s\n", DRV_VERSION);
}
static DEVICE_ATTR(driver_version,
@@ -781,7 +781,7 @@ mvs_store_interrupt_coalescing(struct device *cdev,
static ssize_t mvs_show_interrupt_coalescing(struct device *cdev,
struct device_attribute *attr, char *buffer)
{
- return snprintf(buffer, PAGE_SIZE, "%d\n", interrupt_coalescing);
+ return sysfs_emit(buffer, "%d\n", interrupt_coalescing);
}
static DEVICE_ATTR(interrupt_coalescing,
--
2.35.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 267/338] scsi: bfa: Replace snprintf() with sysfs_emit()
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (265 preceding siblings ...)
2022-04-14 13:12 ` [PATCH 4.19 266/338] scsi: mvsas: Replace snprintf() with sysfs_emit() Greg Kroah-Hartman
@ 2022-04-14 13:12 ` Greg Kroah-Hartman
2022-04-14 13:12 ` [PATCH 4.19 268/338] power: supply: axp20x_battery: properly report current when discharging Greg Kroah-Hartman
` (76 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:12 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Zeal Robot, Yang Guang, David Yang,
Martin K. Petersen, Sasha Levin
From: Yang Guang <yang.guang5@zte.com.cn>
[ Upstream commit 2245ea91fd3a04cafbe2f54911432a8657528c3b ]
coccinelle report:
./drivers/scsi/bfa/bfad_attr.c:908:8-16:
WARNING: use scnprintf or sprintf
./drivers/scsi/bfa/bfad_attr.c:860:8-16:
WARNING: use scnprintf or sprintf
./drivers/scsi/bfa/bfad_attr.c:888:8-16:
WARNING: use scnprintf or sprintf
./drivers/scsi/bfa/bfad_attr.c:853:8-16:
WARNING: use scnprintf or sprintf
./drivers/scsi/bfa/bfad_attr.c:808:8-16:
WARNING: use scnprintf or sprintf
./drivers/scsi/bfa/bfad_attr.c:728:8-16:
WARNING: use scnprintf or sprintf
./drivers/scsi/bfa/bfad_attr.c:822:8-16:
WARNING: use scnprintf or sprintf
./drivers/scsi/bfa/bfad_attr.c:927:9-17:
WARNING: use scnprintf or sprintf
./drivers/scsi/bfa/bfad_attr.c:900:8-16:
WARNING: use scnprintf or sprintf
./drivers/scsi/bfa/bfad_attr.c:874:8-16:
WARNING: use scnprintf or sprintf
./drivers/scsi/bfa/bfad_attr.c:714:8-16:
WARNING: use scnprintf or sprintf
./drivers/scsi/bfa/bfad_attr.c:839:8-16:
WARNING: use scnprintf or sprintf
Use sysfs_emit() instead of scnprintf() or sprintf().
Link: https://lore.kernel.org/r/def83ff75faec64ba592b867a8499b1367bae303.1643181468.git.yang.guang5@zte.com.cn
Reported-by: Zeal Robot <zealci@zte.com.cn>
Signed-off-by: Yang Guang <yang.guang5@zte.com.cn>
Signed-off-by: David Yang <davidcomponentone@gmail.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/scsi/bfa/bfad_attr.c | 26 +++++++++++++-------------
1 file changed, 13 insertions(+), 13 deletions(-)
diff --git a/drivers/scsi/bfa/bfad_attr.c b/drivers/scsi/bfa/bfad_attr.c
index 3b84290cf0a7..eaab423a5fd0 100644
--- a/drivers/scsi/bfa/bfad_attr.c
+++ b/drivers/scsi/bfa/bfad_attr.c
@@ -719,7 +719,7 @@ bfad_im_serial_num_show(struct device *dev, struct device_attribute *attr,
char serial_num[BFA_ADAPTER_SERIAL_NUM_LEN];
bfa_get_adapter_serial_num(&bfad->bfa, serial_num);
- return snprintf(buf, PAGE_SIZE, "%s\n", serial_num);
+ return sysfs_emit(buf, "%s\n", serial_num);
}
static ssize_t
@@ -733,7 +733,7 @@ bfad_im_model_show(struct device *dev, struct device_attribute *attr,
char model[BFA_ADAPTER_MODEL_NAME_LEN];
bfa_get_adapter_model(&bfad->bfa, model);
- return snprintf(buf, PAGE_SIZE, "%s\n", model);
+ return sysfs_emit(buf, "%s\n", model);
}
static ssize_t
@@ -813,7 +813,7 @@ bfad_im_model_desc_show(struct device *dev, struct device_attribute *attr,
snprintf(model_descr, BFA_ADAPTER_MODEL_DESCR_LEN,
"Invalid Model");
- return snprintf(buf, PAGE_SIZE, "%s\n", model_descr);
+ return sysfs_emit(buf, "%s\n", model_descr);
}
static ssize_t
@@ -827,7 +827,7 @@ bfad_im_node_name_show(struct device *dev, struct device_attribute *attr,
u64 nwwn;
nwwn = bfa_fcs_lport_get_nwwn(port->fcs_port);
- return snprintf(buf, PAGE_SIZE, "0x%llx\n", cpu_to_be64(nwwn));
+ return sysfs_emit(buf, "0x%llx\n", cpu_to_be64(nwwn));
}
static ssize_t
@@ -844,7 +844,7 @@ bfad_im_symbolic_name_show(struct device *dev, struct device_attribute *attr,
bfa_fcs_lport_get_attr(&bfad->bfa_fcs.fabric.bport, &port_attr);
strlcpy(symname, port_attr.port_cfg.sym_name.symname,
BFA_SYMNAME_MAXLEN);
- return snprintf(buf, PAGE_SIZE, "%s\n", symname);
+ return sysfs_emit(buf, "%s\n", symname);
}
static ssize_t
@@ -858,14 +858,14 @@ bfad_im_hw_version_show(struct device *dev, struct device_attribute *attr,
char hw_ver[BFA_VERSION_LEN];
bfa_get_pci_chip_rev(&bfad->bfa, hw_ver);
- return snprintf(buf, PAGE_SIZE, "%s\n", hw_ver);
+ return sysfs_emit(buf, "%s\n", hw_ver);
}
static ssize_t
bfad_im_drv_version_show(struct device *dev, struct device_attribute *attr,
char *buf)
{
- return snprintf(buf, PAGE_SIZE, "%s\n", BFAD_DRIVER_VERSION);
+ return sysfs_emit(buf, "%s\n", BFAD_DRIVER_VERSION);
}
static ssize_t
@@ -879,7 +879,7 @@ bfad_im_optionrom_version_show(struct device *dev,
char optrom_ver[BFA_VERSION_LEN];
bfa_get_adapter_optrom_ver(&bfad->bfa, optrom_ver);
- return snprintf(buf, PAGE_SIZE, "%s\n", optrom_ver);
+ return sysfs_emit(buf, "%s\n", optrom_ver);
}
static ssize_t
@@ -893,7 +893,7 @@ bfad_im_fw_version_show(struct device *dev, struct device_attribute *attr,
char fw_ver[BFA_VERSION_LEN];
bfa_get_adapter_fw_ver(&bfad->bfa, fw_ver);
- return snprintf(buf, PAGE_SIZE, "%s\n", fw_ver);
+ return sysfs_emit(buf, "%s\n", fw_ver);
}
static ssize_t
@@ -905,7 +905,7 @@ bfad_im_num_of_ports_show(struct device *dev, struct device_attribute *attr,
(struct bfad_im_port_s *) shost->hostdata[0];
struct bfad_s *bfad = im_port->bfad;
- return snprintf(buf, PAGE_SIZE, "%d\n",
+ return sysfs_emit(buf, "%d\n",
bfa_get_nports(&bfad->bfa));
}
@@ -913,7 +913,7 @@ static ssize_t
bfad_im_drv_name_show(struct device *dev, struct device_attribute *attr,
char *buf)
{
- return snprintf(buf, PAGE_SIZE, "%s\n", BFAD_DRIVER_NAME);
+ return sysfs_emit(buf, "%s\n", BFAD_DRIVER_NAME);
}
static ssize_t
@@ -932,14 +932,14 @@ bfad_im_num_of_discovered_ports_show(struct device *dev,
rports = kcalloc(nrports, sizeof(struct bfa_rport_qualifier_s),
GFP_ATOMIC);
if (rports == NULL)
- return snprintf(buf, PAGE_SIZE, "Failed\n");
+ return sysfs_emit(buf, "Failed\n");
spin_lock_irqsave(&bfad->bfad_lock, flags);
bfa_fcs_lport_get_rport_quals(port->fcs_port, rports, &nrports);
spin_unlock_irqrestore(&bfad->bfad_lock, flags);
kfree(rports);
- return snprintf(buf, PAGE_SIZE, "%d\n", nrports);
+ return sysfs_emit(buf, "%d\n", nrports);
}
static DEVICE_ATTR(serial_number, S_IRUGO,
--
2.35.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 268/338] power: supply: axp20x_battery: properly report current when discharging
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (266 preceding siblings ...)
2022-04-14 13:12 ` [PATCH 4.19 267/338] scsi: bfa: " Greg Kroah-Hartman
@ 2022-04-14 13:12 ` Greg Kroah-Hartman
2022-04-14 13:12 ` [PATCH 4.19 269/338] powerpc: Set crashkernel offset to mid of RMA region Greg Kroah-Hartman
` (75 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:12 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Evgeny Boger, Chen-Yu Tsai,
Sebastian Reichel, Sasha Levin
From: Evgeny Boger <boger@wirenboard.com>
[ Upstream commit d4f408cdcd26921c1268cb8dcbe8ffb6faf837f3 ]
As stated in [1], negative current values are used for discharging
batteries.
AXP PMICs internally have two different ADC channels for shunt current
measurement: one used during charging and one during discharging.
The values reported by these ADCs are unsigned.
While the driver properly selects ADC channel to get the data from,
it doesn't apply negative sign when reporting discharging current.
[1] Documentation/ABI/testing/sysfs-class-power
Signed-off-by: Evgeny Boger <boger@wirenboard.com>
Acked-by: Chen-Yu Tsai <wens@csie.org>
Signed-off-by: Sebastian Reichel <sebastian.reichel@collabora.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/power/supply/axp20x_battery.c | 13 ++++++-------
1 file changed, 6 insertions(+), 7 deletions(-)
diff --git a/drivers/power/supply/axp20x_battery.c b/drivers/power/supply/axp20x_battery.c
index e84b6e4da14a..9fda98b950ba 100644
--- a/drivers/power/supply/axp20x_battery.c
+++ b/drivers/power/supply/axp20x_battery.c
@@ -185,7 +185,6 @@ static int axp20x_battery_get_prop(struct power_supply *psy,
union power_supply_propval *val)
{
struct axp20x_batt_ps *axp20x_batt = power_supply_get_drvdata(psy);
- struct iio_channel *chan;
int ret = 0, reg, val1;
switch (psp) {
@@ -265,12 +264,12 @@ static int axp20x_battery_get_prop(struct power_supply *psy,
if (ret)
return ret;
- if (reg & AXP20X_PWR_STATUS_BAT_CHARGING)
- chan = axp20x_batt->batt_chrg_i;
- else
- chan = axp20x_batt->batt_dischrg_i;
-
- ret = iio_read_channel_processed(chan, &val->intval);
+ if (reg & AXP20X_PWR_STATUS_BAT_CHARGING) {
+ ret = iio_read_channel_processed(axp20x_batt->batt_chrg_i, &val->intval);
+ } else {
+ ret = iio_read_channel_processed(axp20x_batt->batt_dischrg_i, &val1);
+ val->intval = -val1;
+ }
if (ret)
return ret;
--
2.35.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 269/338] powerpc: Set crashkernel offset to mid of RMA region
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (267 preceding siblings ...)
2022-04-14 13:12 ` [PATCH 4.19 268/338] power: supply: axp20x_battery: properly report current when discharging Greg Kroah-Hartman
@ 2022-04-14 13:12 ` Greg Kroah-Hartman
2022-04-14 13:12 ` [PATCH 4.19 270/338] PCI: aardvark: Fix support for MSI interrupts Greg Kroah-Hartman
` (74 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:12 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Abdul haleem, Sourabh Jain,
Michael Ellerman, Sasha Levin
From: Sourabh Jain <sourabhjain@linux.ibm.com>
[ Upstream commit 7c5ed82b800d8615cdda00729e7b62e5899f0b13 ]
On large config LPARs (having 192 and more cores), Linux fails to boot
due to insufficient memory in the first memblock. It is due to the
memory reservation for the crash kernel which starts at 128MB offset of
the first memblock. This memory reservation for the crash kernel doesn't
leave enough space in the first memblock to accommodate other essential
system resources.
The crash kernel start address was set to 128MB offset by default to
ensure that the crash kernel get some memory below the RMA region which
is used to be of size 256MB. But given that the RMA region size can be
512MB or more, setting the crash kernel offset to mid of RMA size will
leave enough space for the kernel to allocate memory for other system
resources.
Since the above crash kernel offset change is only applicable to the LPAR
platform, the LPAR feature detection is pushed before the crash kernel
reservation. The rest of LPAR specific initialization will still
be done during pseries_probe_fw_features as usual.
This patch is dependent on changes to paca allocation for boot CPU. It
expect boot CPU to discover 1T segment support which is introduced by
the patch posted here:
https://lists.ozlabs.org/pipermail/linuxppc-dev/2022-January/239175.html
Reported-by: Abdul haleem <abdhalee@linux.vnet.ibm.com>
Signed-off-by: Sourabh Jain <sourabhjain@linux.ibm.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20220204085601.107257-1-sourabhjain@linux.ibm.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/powerpc/kernel/machine_kexec.c | 15 +++++++++++----
arch/powerpc/kernel/rtas.c | 6 ++++++
2 files changed, 17 insertions(+), 4 deletions(-)
diff --git a/arch/powerpc/kernel/machine_kexec.c b/arch/powerpc/kernel/machine_kexec.c
index 094c37fb07a9..437c50bfe4e6 100644
--- a/arch/powerpc/kernel/machine_kexec.c
+++ b/arch/powerpc/kernel/machine_kexec.c
@@ -148,11 +148,18 @@ void __init reserve_crashkernel(void)
if (!crashk_res.start) {
#ifdef CONFIG_PPC64
/*
- * On 64bit we split the RMO in half but cap it at half of
- * a small SLB (128MB) since the crash kernel needs to place
- * itself and some stacks to be in the first segment.
+ * On the LPAR platform place the crash kernel to mid of
+ * RMA size (512MB or more) to ensure the crash kernel
+ * gets enough space to place itself and some stack to be
+ * in the first segment. At the same time normal kernel
+ * also get enough space to allocate memory for essential
+ * system resource in the first segment. Keep the crash
+ * kernel starts at 128MB offset on other platforms.
*/
- crashk_res.start = min(0x8000000ULL, (ppc64_rma_size / 2));
+ if (firmware_has_feature(FW_FEATURE_LPAR))
+ crashk_res.start = ppc64_rma_size / 2;
+ else
+ crashk_res.start = min(0x8000000ULL, (ppc64_rma_size / 2));
#else
crashk_res.start = KDUMP_KERNELBASE;
#endif
diff --git a/arch/powerpc/kernel/rtas.c b/arch/powerpc/kernel/rtas.c
index b3aa0cea6283..362c20c8c22f 100644
--- a/arch/powerpc/kernel/rtas.c
+++ b/arch/powerpc/kernel/rtas.c
@@ -1357,6 +1357,12 @@ int __init early_init_dt_scan_rtas(unsigned long node,
entryp = of_get_flat_dt_prop(node, "linux,rtas-entry", NULL);
sizep = of_get_flat_dt_prop(node, "rtas-size", NULL);
+#ifdef CONFIG_PPC64
+ /* need this feature to decide the crashkernel offset */
+ if (of_get_flat_dt_prop(node, "ibm,hypertas-functions", NULL))
+ powerpc_firmware_features |= FW_FEATURE_LPAR;
+#endif
+
if (basep && entryp && sizep) {
rtas.base = *basep;
rtas.entry = *entryp;
--
2.35.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 270/338] PCI: aardvark: Fix support for MSI interrupts
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (268 preceding siblings ...)
2022-04-14 13:12 ` [PATCH 4.19 269/338] powerpc: Set crashkernel offset to mid of RMA region Greg Kroah-Hartman
@ 2022-04-14 13:12 ` Greg Kroah-Hartman
2022-04-14 13:12 ` [PATCH 4.19 271/338] iommu/arm-smmu-v3: fix event handling soft lockup Greg Kroah-Hartman
` (73 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:12 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Pali Rohár, Marek Behún,
Lorenzo Pieralisi, Sasha Levin
From: Pali Rohár <pali@kernel.org>
[ Upstream commit b0b0b8b897f8e12b2368e868bd7cdc5742d5c5a9 ]
Aardvark hardware supports Multi-MSI and MSI_FLAG_MULTI_PCI_MSI is already
set for the MSI chip. But when allocating MSI interrupt numbers for
Multi-MSI, the numbers need to be properly aligned, otherwise endpoint
devices send MSI interrupt with incorrect numbers.
Fix this issue by using function bitmap_find_free_region() instead of
bitmap_find_next_zero_area().
To ensure that aligned MSI interrupt numbers are used by endpoint devices,
we cannot use Linux virtual irq numbers (as they are random and not
properly aligned). Instead we need to use the aligned hwirq numbers.
This change fixes receiving MSI interrupts on Armada 3720 boards and
allows using NVMe disks which use Multi-MSI feature with 3 interrupts.
Without this NVMe disks freeze booting as linux nvme-core.c is waiting
60s for an interrupt.
Link: https://lore.kernel.org/r/20220110015018.26359-4-kabel@kernel.org
Signed-off-by: Pali Rohár <pali@kernel.org>
Signed-off-by: Marek Behún <kabel@kernel.org>
Signed-off-by: Lorenzo Pieralisi <lorenzo.pieralisi@arm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/pci/controller/pci-aardvark.c | 16 ++++++----------
1 file changed, 6 insertions(+), 10 deletions(-)
diff --git a/drivers/pci/controller/pci-aardvark.c b/drivers/pci/controller/pci-aardvark.c
index e6d60fa2217d..db778a25bae3 100644
--- a/drivers/pci/controller/pci-aardvark.c
+++ b/drivers/pci/controller/pci-aardvark.c
@@ -833,7 +833,7 @@ static void advk_msi_irq_compose_msi_msg(struct irq_data *data,
msg->address_lo = lower_32_bits(msi_msg);
msg->address_hi = upper_32_bits(msi_msg);
- msg->data = data->irq;
+ msg->data = data->hwirq;
}
static int advk_msi_set_affinity(struct irq_data *irq_data,
@@ -850,15 +850,11 @@ static int advk_msi_irq_domain_alloc(struct irq_domain *domain,
int hwirq, i;
mutex_lock(&pcie->msi_used_lock);
- hwirq = bitmap_find_next_zero_area(pcie->msi_used, MSI_IRQ_NUM,
- 0, nr_irqs, 0);
- if (hwirq >= MSI_IRQ_NUM) {
- mutex_unlock(&pcie->msi_used_lock);
- return -ENOSPC;
- }
-
- bitmap_set(pcie->msi_used, hwirq, nr_irqs);
+ hwirq = bitmap_find_free_region(pcie->msi_used, MSI_IRQ_NUM,
+ order_base_2(nr_irqs));
mutex_unlock(&pcie->msi_used_lock);
+ if (hwirq < 0)
+ return -ENOSPC;
for (i = 0; i < nr_irqs; i++)
irq_domain_set_info(domain, virq + i, hwirq + i,
@@ -876,7 +872,7 @@ static void advk_msi_irq_domain_free(struct irq_domain *domain,
struct advk_pcie *pcie = domain->host_data;
mutex_lock(&pcie->msi_used_lock);
- bitmap_clear(pcie->msi_used, d->hwirq, nr_irqs);
+ bitmap_release_region(pcie->msi_used, d->hwirq, order_base_2(nr_irqs));
mutex_unlock(&pcie->msi_used_lock);
}
--
2.35.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 271/338] iommu/arm-smmu-v3: fix event handling soft lockup
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (269 preceding siblings ...)
2022-04-14 13:12 ` [PATCH 4.19 270/338] PCI: aardvark: Fix support for MSI interrupts Greg Kroah-Hartman
@ 2022-04-14 13:12 ` Greg Kroah-Hartman
2022-04-14 13:12 ` [PATCH 4.19 272/338] usb: ehci: add pci device support for Aspeed platforms Greg Kroah-Hartman
` (72 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:12 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Zhou Guanghui, Will Deacon, Sasha Levin
From: Zhou Guanghui <zhouguanghui1@huawei.com>
[ Upstream commit 30de2b541af98179780054836b48825fcfba4408 ]
During event processing, events are read from the event queue one
by one until the queue is empty.If the master device continuously
requests address access at the same time and the SMMU generates
events, the cyclic processing of the event takes a long time and
softlockup warnings may be reported.
arm-smmu-v3 arm-smmu-v3.34.auto: event 0x0a received:
arm-smmu-v3 arm-smmu-v3.34.auto: 0x00007f220000280a
arm-smmu-v3 arm-smmu-v3.34.auto: 0x000010000000007e
arm-smmu-v3 arm-smmu-v3.34.auto: 0x00000000034e8670
watchdog: BUG: soft lockup - CPU#0 stuck for 22s! [irq/268-arm-smm:247]
Call trace:
_dev_info+0x7c/0xa0
arm_smmu_evtq_thread+0x1c0/0x230
irq_thread_fn+0x30/0x80
irq_thread+0x128/0x210
kthread+0x134/0x138
ret_from_fork+0x10/0x1c
Kernel panic - not syncing: softlockup: hung tasks
Fix this by calling cond_resched() after the event information is
printed.
Signed-off-by: Zhou Guanghui <zhouguanghui1@huawei.com>
Link: https://lore.kernel.org/r/20220119070754.26528-1-zhouguanghui1@huawei.com
Signed-off-by: Will Deacon <will@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/iommu/arm-smmu-v3.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/iommu/arm-smmu-v3.c b/drivers/iommu/arm-smmu-v3.c
index 6b7664052b5b..9f16f47e7021 100644
--- a/drivers/iommu/arm-smmu-v3.c
+++ b/drivers/iommu/arm-smmu-v3.c
@@ -1250,6 +1250,7 @@ static irqreturn_t arm_smmu_evtq_thread(int irq, void *dev)
dev_info(smmu->dev, "\t0x%016llx\n",
(unsigned long long)evt[i]);
+ cond_resched();
}
/*
--
2.35.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 272/338] usb: ehci: add pci device support for Aspeed platforms
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (270 preceding siblings ...)
2022-04-14 13:12 ` [PATCH 4.19 271/338] iommu/arm-smmu-v3: fix event handling soft lockup Greg Kroah-Hartman
@ 2022-04-14 13:12 ` Greg Kroah-Hartman
2022-04-14 13:12 ` [PATCH 4.19 273/338] PCI: pciehp: Add Qualcomm quirk for Command Completed erratum Greg Kroah-Hartman
` (71 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:12 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Alan Stern, Neal Liu, Sasha Levin
From: Neal Liu <neal_liu@aspeedtech.com>
[ Upstream commit c3c9cee592828528fd228b01d312c7526c584a42 ]
Enable Aspeed quirks in commit 7f2d73788d90 ("usb: ehci:
handshake CMD_RUN instead of STS_HALT") to support Aspeed
ehci-pci device.
Acked-by: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Neal Liu <neal_liu@aspeedtech.com>
Link: https://lore.kernel.org/r/20220208101657.76459-1-neal_liu@aspeedtech.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/usb/host/ehci-pci.c | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/drivers/usb/host/ehci-pci.c b/drivers/usb/host/ehci-pci.c
index 56e6fd0f0482..42ace9f92ce9 100644
--- a/drivers/usb/host/ehci-pci.c
+++ b/drivers/usb/host/ehci-pci.c
@@ -21,6 +21,9 @@ static const char hcd_name[] = "ehci-pci";
/* defined here to avoid adding to pci_ids.h for single instance use */
#define PCI_DEVICE_ID_INTEL_CE4100_USB 0x2e70
+#define PCI_VENDOR_ID_ASPEED 0x1a03
+#define PCI_DEVICE_ID_ASPEED_EHCI 0x2603
+
/*-------------------------------------------------------------------------*/
#define PCI_DEVICE_ID_INTEL_QUARK_X1000_SOC 0x0939
static inline bool is_intel_quark_x1000(struct pci_dev *pdev)
@@ -223,6 +226,12 @@ static int ehci_pci_setup(struct usb_hcd *hcd)
ehci->has_synopsys_hc_bug = 1;
}
break;
+ case PCI_VENDOR_ID_ASPEED:
+ if (pdev->device == PCI_DEVICE_ID_ASPEED_EHCI) {
+ ehci_info(ehci, "applying Aspeed HC workaround\n");
+ ehci->is_aspeed = 1;
+ }
+ break;
}
/* optional debug port, normally in the first BAR */
--
2.35.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 273/338] PCI: pciehp: Add Qualcomm quirk for Command Completed erratum
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (271 preceding siblings ...)
2022-04-14 13:12 ` [PATCH 4.19 272/338] usb: ehci: add pci device support for Aspeed platforms Greg Kroah-Hartman
@ 2022-04-14 13:12 ` Greg Kroah-Hartman
2022-04-14 13:12 ` [PATCH 4.19 274/338] ipv4: Invalidate neighbour for broadcast address upon address addition Greg Kroah-Hartman
` (70 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:12 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Manivannan Sadhasivam, Bjorn Helgaas,
Sasha Levin
From: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
[ Upstream commit 9f72d4757cbe4d1ed669192f6d23817c9e437c4b ]
The Qualcomm PCI bridge device (Device ID 0x0110) found in chipsets such as
SM8450 does not set the Command Completed bit unless writes to the Slot
Command register change "Control" bits.
This results in timeouts like below:
pcieport 0001:00:00.0: pciehp: Timeout on hotplug command 0x03c0 (issued 2020 msec ago)
Add the device to the Command Completed quirk to mark commands "completed"
immediately unless they change the "Control" bits.
Link: https://lore.kernel.org/r/20220210145003.135907-1-manivannan.sadhasivam@linaro.org
Signed-off-by: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/pci/hotplug/pciehp_hpc.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/pci/hotplug/pciehp_hpc.c b/drivers/pci/hotplug/pciehp_hpc.c
index 0fdde66a49f1..2795445233b3 100644
--- a/drivers/pci/hotplug/pciehp_hpc.c
+++ b/drivers/pci/hotplug/pciehp_hpc.c
@@ -971,6 +971,8 @@ static void quirk_cmd_compl(struct pci_dev *pdev)
}
DECLARE_PCI_FIXUP_CLASS_EARLY(PCI_VENDOR_ID_INTEL, PCI_ANY_ID,
PCI_CLASS_BRIDGE_PCI, 8, quirk_cmd_compl);
+DECLARE_PCI_FIXUP_CLASS_EARLY(PCI_VENDOR_ID_QCOM, 0x0110,
+ PCI_CLASS_BRIDGE_PCI, 8, quirk_cmd_compl);
DECLARE_PCI_FIXUP_CLASS_EARLY(PCI_VENDOR_ID_QCOM, 0x0400,
PCI_CLASS_BRIDGE_PCI, 8, quirk_cmd_compl);
DECLARE_PCI_FIXUP_CLASS_EARLY(PCI_VENDOR_ID_QCOM, 0x0401,
--
2.35.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 274/338] ipv4: Invalidate neighbour for broadcast address upon address addition
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (272 preceding siblings ...)
2022-04-14 13:12 ` [PATCH 4.19 273/338] PCI: pciehp: Add Qualcomm quirk for Command Completed erratum Greg Kroah-Hartman
@ 2022-04-14 13:12 ` Greg Kroah-Hartman
2022-04-14 13:12 ` [PATCH 4.19 275/338] dm ioctl: prevent potential spectre v1 gadget Greg Kroah-Hartman
` (69 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:12 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Wang Hai, Ido Schimmel,
David S. Miller, Sasha Levin
From: Ido Schimmel <idosch@nvidia.com>
[ Upstream commit 0c51e12e218f20b7d976158fdc18019627326f7a ]
In case user space sends a packet destined to a broadcast address when a
matching broadcast route is not configured, the kernel will create a
unicast neighbour entry that will never be resolved [1].
When the broadcast route is configured, the unicast neighbour entry will
not be invalidated and continue to linger, resulting in packets being
dropped.
Solve this by invalidating unresolved neighbour entries for broadcast
addresses after routes for these addresses are internally configured by
the kernel. This allows the kernel to create a broadcast neighbour entry
following the next route lookup.
Another possible solution that is more generic but also more complex is
to have the ARP code register a listener to the FIB notification chain
and invalidate matching neighbour entries upon the addition of broadcast
routes.
It is also possible to wave off the issue as a user space problem, but
it seems a bit excessive to expect user space to be that intimately
familiar with the inner workings of the FIB/neighbour kernel code.
[1] https://lore.kernel.org/netdev/55a04a8f-56f3-f73c-2aea-2195923f09d1@huawei.com/
Reported-by: Wang Hai <wanghai38@huawei.com>
Signed-off-by: Ido Schimmel <idosch@nvidia.com>
Tested-by: Wang Hai <wanghai38@huawei.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/net/arp.h | 1 +
net/ipv4/arp.c | 9 +++++++--
net/ipv4/fib_frontend.c | 5 ++++-
3 files changed, 12 insertions(+), 3 deletions(-)
diff --git a/include/net/arp.h b/include/net/arp.h
index c8f580a0e6b1..dc6e9dd3e1e6 100644
--- a/include/net/arp.h
+++ b/include/net/arp.h
@@ -71,6 +71,7 @@ void arp_send(int type, int ptype, __be32 dest_ip,
const unsigned char *src_hw, const unsigned char *th);
int arp_mc_map(__be32 addr, u8 *haddr, struct net_device *dev, int dir);
void arp_ifdown(struct net_device *dev);
+int arp_invalidate(struct net_device *dev, __be32 ip, bool force);
struct sk_buff *arp_create(int type, int ptype, __be32 dest_ip,
struct net_device *dev, __be32 src_ip,
diff --git a/net/ipv4/arp.c b/net/ipv4/arp.c
index e90c89ef8c08..b18b2a3c54ad 100644
--- a/net/ipv4/arp.c
+++ b/net/ipv4/arp.c
@@ -1114,13 +1114,18 @@ static int arp_req_get(struct arpreq *r, struct net_device *dev)
return err;
}
-static int arp_invalidate(struct net_device *dev, __be32 ip)
+int arp_invalidate(struct net_device *dev, __be32 ip, bool force)
{
struct neighbour *neigh = neigh_lookup(&arp_tbl, &ip, dev);
int err = -ENXIO;
struct neigh_table *tbl = &arp_tbl;
if (neigh) {
+ if ((neigh->nud_state & NUD_VALID) && !force) {
+ neigh_release(neigh);
+ return 0;
+ }
+
if (neigh->nud_state & ~NUD_NOARP)
err = neigh_update(neigh, NULL, NUD_FAILED,
NEIGH_UPDATE_F_OVERRIDE|
@@ -1167,7 +1172,7 @@ static int arp_req_delete(struct net *net, struct arpreq *r,
if (!dev)
return -EINVAL;
}
- return arp_invalidate(dev, ip);
+ return arp_invalidate(dev, ip, true);
}
/*
diff --git a/net/ipv4/fib_frontend.c b/net/ipv4/fib_frontend.c
index 70e5e9e5d835..1885a2fbad86 100644
--- a/net/ipv4/fib_frontend.c
+++ b/net/ipv4/fib_frontend.c
@@ -917,9 +917,11 @@ void fib_add_ifaddr(struct in_ifaddr *ifa)
return;
/* Add broadcast address, if it is explicitly assigned. */
- if (ifa->ifa_broadcast && ifa->ifa_broadcast != htonl(0xFFFFFFFF))
+ if (ifa->ifa_broadcast && ifa->ifa_broadcast != htonl(0xFFFFFFFF)) {
fib_magic(RTM_NEWROUTE, RTN_BROADCAST, ifa->ifa_broadcast, 32,
prim, 0);
+ arp_invalidate(dev, ifa->ifa_broadcast, false);
+ }
if (!ipv4_is_zeronet(prefix) && !(ifa->ifa_flags & IFA_F_SECONDARY) &&
(prefix != addr || ifa->ifa_prefixlen < 32)) {
@@ -935,6 +937,7 @@ void fib_add_ifaddr(struct in_ifaddr *ifa)
prim, 0);
fib_magic(RTM_NEWROUTE, RTN_BROADCAST, prefix | ~mask,
32, prim, 0);
+ arp_invalidate(dev, prefix | ~mask, false);
}
}
}
--
2.35.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 275/338] dm ioctl: prevent potential spectre v1 gadget
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (273 preceding siblings ...)
2022-04-14 13:12 ` [PATCH 4.19 274/338] ipv4: Invalidate neighbour for broadcast address upon address addition Greg Kroah-Hartman
@ 2022-04-14 13:12 ` Greg Kroah-Hartman
2022-04-14 13:12 ` [PATCH 4.19 276/338] drm/amdkfd: make CRAT table missing message informational only Greg Kroah-Hartman
` (68 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:12 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jordy Zomer, Mike Snitzer, Sasha Levin
From: Jordy Zomer <jordy@jordyzomer.github.io>
[ Upstream commit cd9c88da171a62c4b0f1c70e50c75845969fbc18 ]
It appears like cmd could be a Spectre v1 gadget as it's supplied by a
user and used as an array index. Prevent the contents of kernel memory
from being leaked to userspace via speculative execution by using
array_index_nospec.
Signed-off-by: Jordy Zomer <jordy@pwning.systems>
Signed-off-by: Mike Snitzer <snitzer@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/md/dm-ioctl.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/md/dm-ioctl.c b/drivers/md/dm-ioctl.c
index 17cbad58834f..0aae4a46db66 100644
--- a/drivers/md/dm-ioctl.c
+++ b/drivers/md/dm-ioctl.c
@@ -17,6 +17,7 @@
#include <linux/dm-ioctl.h>
#include <linux/hdreg.h>
#include <linux/compat.h>
+#include <linux/nospec.h>
#include <linux/uaccess.h>
@@ -1670,6 +1671,7 @@ static ioctl_fn lookup_ioctl(unsigned int cmd, int *ioctl_flags)
if (unlikely(cmd >= ARRAY_SIZE(_ioctls)))
return NULL;
+ cmd = array_index_nospec(cmd, ARRAY_SIZE(_ioctls));
*ioctl_flags = _ioctls[cmd].flags;
return _ioctls[cmd].fn;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 276/338] drm/amdkfd: make CRAT table missing message informational only
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (274 preceding siblings ...)
2022-04-14 13:12 ` [PATCH 4.19 275/338] dm ioctl: prevent potential spectre v1 gadget Greg Kroah-Hartman
@ 2022-04-14 13:12 ` Greg Kroah-Hartman
2022-04-14 13:13 ` [PATCH 4.19 277/338] scsi: pm8001: Fix pm8001_mpi_task_abort_resp() Greg Kroah-Hartman
` (67 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:12 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Felix Kuehling, Alex Deucher, Sasha Levin
From: Alex Deucher <alexander.deucher@amd.com>
[ Upstream commit 9dff13f9edf755a15f6507874185a3290c1ae8bb ]
The driver has a fallback so make the message informational
rather than a warning. The driver has a fallback if the
Component Resource Association Table (CRAT) is missing, so
make this informational now.
Bug: https://gitlab.freedesktop.org/drm/amd/-/issues/1906
Reviewed-by: Felix Kuehling <Felix.Kuehling@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/amd/amdkfd/kfd_crat.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/amd/amdkfd/kfd_crat.c b/drivers/gpu/drm/amd/amdkfd/kfd_crat.c
index ee4996029a86..e2780643f4c3 100644
--- a/drivers/gpu/drm/amd/amdkfd/kfd_crat.c
+++ b/drivers/gpu/drm/amd/amdkfd/kfd_crat.c
@@ -733,7 +733,7 @@ int kfd_create_crat_image_acpi(void **crat_image, size_t *size)
/* Fetch the CRAT table from ACPI */
status = acpi_get_table(CRAT_SIGNATURE, 0, &crat_table);
if (status == AE_NOT_FOUND) {
- pr_warn("CRAT table not found\n");
+ pr_info("CRAT table not found\n");
return -ENODATA;
} else if (ACPI_FAILURE(status)) {
const char *err = acpi_format_exception(status);
--
2.35.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 277/338] scsi: pm8001: Fix pm8001_mpi_task_abort_resp()
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (275 preceding siblings ...)
2022-04-14 13:12 ` [PATCH 4.19 276/338] drm/amdkfd: make CRAT table missing message informational only Greg Kroah-Hartman
@ 2022-04-14 13:13 ` Greg Kroah-Hartman
2022-04-14 13:13 ` [PATCH 4.19 278/338] scsi: aha152x: Fix aha152x_setup() __setup handler return value Greg Kroah-Hartman
` (66 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:13 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jack Wang, Damien Le Moal,
Martin K. Petersen, Sasha Levin
From: Damien Le Moal <damien.lemoal@opensource.wdc.com>
[ Upstream commit 7e6b7e740addcea450041b5be8e42f0a4ceece0f ]
The call to pm8001_ccb_task_free() at the end of
pm8001_mpi_task_abort_resp() already frees the ccb tag. So when the device
NCQ_ABORT_ALL_FLAG is set, the tag should not be freed again. Also change
the hardcoded 0xBFFFFFFF value to ~NCQ_ABORT_ALL_FLAG as it ought to be.
Link: https://lore.kernel.org/r/20220220031810.738362-19-damien.lemoal@opensource.wdc.com
Reviewed-by: Jack Wang <jinpu.wang@ionos.com>
Signed-off-by: Damien Le Moal <damien.lemoal@opensource.wdc.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/scsi/pm8001/pm8001_hwi.c | 7 +++----
1 file changed, 3 insertions(+), 4 deletions(-)
diff --git a/drivers/scsi/pm8001/pm8001_hwi.c b/drivers/scsi/pm8001/pm8001_hwi.c
index 5eabea5ca6a7..d532230c62f3 100644
--- a/drivers/scsi/pm8001/pm8001_hwi.c
+++ b/drivers/scsi/pm8001/pm8001_hwi.c
@@ -3777,12 +3777,11 @@ int pm8001_mpi_task_abort_resp(struct pm8001_hba_info *pm8001_ha, void *piomb)
mb();
if (pm8001_dev->id & NCQ_ABORT_ALL_FLAG) {
- pm8001_tag_free(pm8001_ha, tag);
sas_free_task(t);
- /* clear the flag */
- pm8001_dev->id &= 0xBFFFFFFF;
- } else
+ pm8001_dev->id &= ~NCQ_ABORT_ALL_FLAG;
+ } else {
t->task_done(t);
+ }
return 0;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 278/338] scsi: aha152x: Fix aha152x_setup() __setup handler return value
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (276 preceding siblings ...)
2022-04-14 13:13 ` [PATCH 4.19 277/338] scsi: pm8001: Fix pm8001_mpi_task_abort_resp() Greg Kroah-Hartman
@ 2022-04-14 13:13 ` Greg Kroah-Hartman
2022-04-14 13:13 ` [PATCH 4.19 279/338] net/smc: correct settings of RMB window update limit Greg Kroah-Hartman
` (65 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:13 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Juergen E. Fischer,
James E.J. Bottomley, Martin K. Petersen, Igor Zhbanov,
Randy Dunlap, Sasha Levin
From: Randy Dunlap <rdunlap@infradead.org>
[ Upstream commit cc8294ec4738d25e2bb2d71f7d82a9bf7f4a157b ]
__setup() handlers should return 1 if the command line option is handled
and 0 if not (or maybe never return 0; doing so just pollutes init's
environment with strings that are not init arguments/parameters).
Return 1 from aha152x_setup() to indicate that the boot option has been
handled.
Link: lore.kernel.org/r/64644a2f-4a20-bab3-1e15-3b2cdd0defe3@omprussia.ru
Link: https://lore.kernel.org/r/20220223000623.5920-1-rdunlap@infradead.org
Cc: "Juergen E. Fischer" <fischer@norbit.de>
Cc: "James E.J. Bottomley" <jejb@linux.ibm.com>
Cc: "Martin K. Petersen" <martin.petersen@oracle.com>
Reported-by: Igor Zhbanov <i.zhbanov@omprussia.ru>
Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/scsi/aha152x.c | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/drivers/scsi/aha152x.c b/drivers/scsi/aha152x.c
index 4d7b0e0adbf7..2690098d4411 100644
--- a/drivers/scsi/aha152x.c
+++ b/drivers/scsi/aha152x.c
@@ -3379,13 +3379,11 @@ static int __init aha152x_setup(char *str)
setup[setup_count].synchronous = ints[0] >= 6 ? ints[6] : 1;
setup[setup_count].delay = ints[0] >= 7 ? ints[7] : DELAY_DEFAULT;
setup[setup_count].ext_trans = ints[0] >= 8 ? ints[8] : 0;
- if (ints[0] > 8) { /*}*/
+ if (ints[0] > 8)
printk(KERN_NOTICE "aha152x: usage: aha152x=<IOBASE>[,<IRQ>[,<SCSI ID>"
"[,<RECONNECT>[,<PARITY>[,<SYNCHRONOUS>[,<DELAY>[,<EXT_TRANS>]]]]]]]\n");
- } else {
+ else
setup_count++;
- return 0;
- }
return 1;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 279/338] net/smc: correct settings of RMB window update limit
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (277 preceding siblings ...)
2022-04-14 13:13 ` [PATCH 4.19 278/338] scsi: aha152x: Fix aha152x_setup() __setup handler return value Greg Kroah-Hartman
@ 2022-04-14 13:13 ` Greg Kroah-Hartman
2022-04-14 13:13 ` [PATCH 4.19 280/338] macvtap: advertise link netns via netlink Greg Kroah-Hartman
` (64 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:13 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dust Li, David S. Miller, Sasha Levin
From: Dust Li <dust.li@linux.alibaba.com>
[ Upstream commit 6bf536eb5c8ca011d1ff57b5c5f7c57ceac06a37 ]
rmbe_update_limit is used to limit announcing receive
window updating too frequently. RFC7609 request a minimal
increase in the window size of 10% of the receive buffer
space. But current implementation used:
min_t(int, rmbe_size / 10, SOCK_MIN_SNDBUF / 2)
and SOCK_MIN_SNDBUF / 2 == 2304 Bytes, which is almost
always less then 10% of the receive buffer space.
This causes the receiver always sending CDC message to
update its consumer cursor when it consumes more then 2K
of data. And as a result, we may encounter something like
"TCP silly window syndrome" when sending 2.5~8K message.
This patch fixes this using max(rmbe_size / 10, SOCK_MIN_SNDBUF / 2).
With this patch and SMC autocorking enabled, qperf 2K/4K/8K
tcp_bw test shows 45%/75%/40% increase in throughput respectively.
Signed-off-by: Dust Li <dust.li@linux.alibaba.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/smc/smc_core.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/smc/smc_core.c b/net/smc/smc_core.c
index 6add3094ea9e..4d421407d6fc 100644
--- a/net/smc/smc_core.c
+++ b/net/smc/smc_core.c
@@ -709,7 +709,7 @@ static struct smc_buf_desc *smc_buf_get_slot(int compressed_bufsize,
*/
static inline int smc_rmb_wnd_update_limit(int rmbe_size)
{
- return min_t(int, rmbe_size / 10, SOCK_MIN_SNDBUF / 2);
+ return max_t(int, rmbe_size / 10, SOCK_MIN_SNDBUF / 2);
}
static struct smc_buf_desc *smcr_new_buf_create(struct smc_link_group *lgr,
--
2.35.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 280/338] macvtap: advertise link netns via netlink
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (278 preceding siblings ...)
2022-04-14 13:13 ` [PATCH 4.19 279/338] net/smc: correct settings of RMB window update limit Greg Kroah-Hartman
@ 2022-04-14 13:13 ` Greg Kroah-Hartman
2022-04-14 13:13 ` [PATCH 4.19 281/338] bnxt_en: Eliminate unintended link toggle during FW reset Greg Kroah-Hartman
` (63 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:13 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Leonardo Mörlein,
Sven Eckelmann, Jakub Kicinski, Sasha Levin
From: Sven Eckelmann <sven@narfation.org>
[ Upstream commit a02192151b7dbf855084c38dca380d77c7658353 ]
Assign rtnl_link_ops->get_link_net() callback so that IFLA_LINK_NETNSID is
added to rtnetlink messages. This fixes iproute2 which otherwise resolved
the link interface to an interface in the wrong namespace.
Test commands:
ip netns add nst
ip link add dummy0 type dummy
ip link add link macvtap0 link dummy0 type macvtap
ip link set macvtap0 netns nst
ip -netns nst link show macvtap0
Before:
10: macvtap0@gre0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 500
link/ether 5e:8f:ae:1d:60:50 brd ff:ff:ff:ff:ff:ff
After:
10: macvtap0@if2: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 500
link/ether 5e:8f:ae:1d:60:50 brd ff:ff:ff:ff:ff:ff link-netnsid 0
Reported-by: Leonardo Mörlein <freifunk@irrelefant.net>
Signed-off-by: Sven Eckelmann <sven@narfation.org>
Link: https://lore.kernel.org/r/20220228003240.1337426-1-sven@narfation.org
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/macvtap.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/drivers/net/macvtap.c b/drivers/net/macvtap.c
index 9a10029caf83..085f1648a8a6 100644
--- a/drivers/net/macvtap.c
+++ b/drivers/net/macvtap.c
@@ -132,11 +132,17 @@ static void macvtap_setup(struct net_device *dev)
dev->tx_queue_len = TUN_READQ_SIZE;
}
+static struct net *macvtap_link_net(const struct net_device *dev)
+{
+ return dev_net(macvlan_dev_real_dev(dev));
+}
+
static struct rtnl_link_ops macvtap_link_ops __read_mostly = {
.kind = "macvtap",
.setup = macvtap_setup,
.newlink = macvtap_newlink,
.dellink = macvtap_dellink,
+ .get_link_net = macvtap_link_net,
.priv_size = sizeof(struct macvtap_dev),
};
--
2.35.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 281/338] bnxt_en: Eliminate unintended link toggle during FW reset
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (279 preceding siblings ...)
2022-04-14 13:13 ` [PATCH 4.19 280/338] macvtap: advertise link netns via netlink Greg Kroah-Hartman
@ 2022-04-14 13:13 ` Greg Kroah-Hartman
2022-04-14 13:13 ` [PATCH 4.19 282/338] MIPS: fix fortify panic when copying asm exception handlers Greg Kroah-Hartman
` (62 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:13 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Colin Winegarden, Pavan Chebbi,
Michael Chan, David S. Miller, Sasha Levin
From: Michael Chan <michael.chan@broadcom.com>
[ Upstream commit 7c492a2530c1f05441da541307c2534230dfd59b ]
If the flow control settings have been changed, a subsequent FW reset
may cause the ethernet link to toggle unnecessarily. This link toggle
will increase the down time by a few seconds.
The problem is caused by bnxt_update_phy_setting() detecting a false
mismatch in the flow control settings between the stored software
settings and the current FW settings after the FW reset. This mismatch
is caused by the AUTONEG bit added to link_info->req_flow_ctrl in an
inconsistent way in bnxt_set_pauseparam() in autoneg mode. The AUTONEG
bit should not be added to link_info->req_flow_ctrl.
Reviewed-by: Colin Winegarden <colin.winegarden@broadcom.com>
Reviewed-by: Pavan Chebbi <pavan.chebbi@broadcom.com>
Signed-off-by: Michael Chan <michael.chan@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/broadcom/bnxt/bnxt_ethtool.c | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt_ethtool.c b/drivers/net/ethernet/broadcom/bnxt/bnxt_ethtool.c
index e75a47a9f511..deba77670b1c 100644
--- a/drivers/net/ethernet/broadcom/bnxt/bnxt_ethtool.c
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt_ethtool.c
@@ -1377,9 +1377,7 @@ static int bnxt_set_pauseparam(struct net_device *dev,
}
link_info->autoneg |= BNXT_AUTONEG_FLOW_CTRL;
- if (bp->hwrm_spec_code >= 0x10201)
- link_info->req_flow_ctrl =
- PORT_PHY_CFG_REQ_AUTO_PAUSE_AUTONEG_PAUSE;
+ link_info->req_flow_ctrl = 0;
} else {
/* when transition from auto pause to force pause,
* force a link change
--
2.35.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 282/338] MIPS: fix fortify panic when copying asm exception handlers
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (280 preceding siblings ...)
2022-04-14 13:13 ` [PATCH 4.19 281/338] bnxt_en: Eliminate unintended link toggle during FW reset Greg Kroah-Hartman
@ 2022-04-14 13:13 ` Greg Kroah-Hartman
2022-04-14 13:13 ` [PATCH 4.19 283/338] scsi: libfc: Fix use after free in fc_exch_abts_resp() Greg Kroah-Hartman
` (61 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:13 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Alexander Lobakin,
Thomas Bogendoerfer, Sasha Levin
From: Alexander Lobakin <alobakin@pm.me>
[ Upstream commit d17b66417308996e7e64b270a3c7f3c1fbd4cfc8 ]
With KCFLAGS="-O3", I was able to trigger a fortify-source
memcpy() overflow panic on set_vi_srs_handler().
Although O3 level is not supported in the mainline, under some
conditions that may've happened with any optimization settings,
it's just a matter of inlining luck. The panic itself is correct,
more precisely, 50/50 false-positive and not at the same time.
>From the one side, no real overflow happens. Exception handler
defined in asm just gets copied to some reserved places in the
memory.
But the reason behind is that C code refers to that exception
handler declares it as `char`, i.e. something of 1 byte length.
It's obvious that the asm function itself is way more than 1 byte,
so fortify logics thought we are going to past the symbol declared.
The standard way to refer to asm symbols from C code which is not
supposed to be called from C is to declare them as
`extern const u8[]`. This is fully correct from any point of view,
as any code itself is just a bunch of bytes (including 0 as it is
for syms like _stext/_etext/etc.), and the exact size is not known
at the moment of compilation.
Adjust the type of the except_vec_vi_*() and related variables.
Make set_handler() take `const` as a second argument to avoid
cast-away warnings and give a little more room for optimization.
Signed-off-by: Alexander Lobakin <alobakin@pm.me>
Signed-off-by: Thomas Bogendoerfer <tsbogend@alpha.franken.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/mips/include/asm/setup.h | 2 +-
arch/mips/kernel/traps.c | 22 +++++++++++-----------
2 files changed, 12 insertions(+), 12 deletions(-)
diff --git a/arch/mips/include/asm/setup.h b/arch/mips/include/asm/setup.h
index bb36a400203d..8c56b862fd9c 100644
--- a/arch/mips/include/asm/setup.h
+++ b/arch/mips/include/asm/setup.h
@@ -16,7 +16,7 @@ static inline void setup_8250_early_printk_port(unsigned long base,
unsigned int reg_shift, unsigned int timeout) {}
#endif
-extern void set_handler(unsigned long offset, void *addr, unsigned long len);
+void set_handler(unsigned long offset, const void *addr, unsigned long len);
extern void set_uncached_handler(unsigned long offset, void *addr, unsigned long len);
typedef void (*vi_handler_t)(void);
diff --git a/arch/mips/kernel/traps.c b/arch/mips/kernel/traps.c
index b9da2cefb564..0ca4185cc5e3 100644
--- a/arch/mips/kernel/traps.c
+++ b/arch/mips/kernel/traps.c
@@ -1978,19 +1978,19 @@ static void *set_vi_srs_handler(int n, vi_handler_t addr, int srs)
* If no shadow set is selected then use the default handler
* that does normal register saving and standard interrupt exit
*/
- extern char except_vec_vi, except_vec_vi_lui;
- extern char except_vec_vi_ori, except_vec_vi_end;
- extern char rollback_except_vec_vi;
- char *vec_start = using_rollback_handler() ?
- &rollback_except_vec_vi : &except_vec_vi;
+ extern const u8 except_vec_vi[], except_vec_vi_lui[];
+ extern const u8 except_vec_vi_ori[], except_vec_vi_end[];
+ extern const u8 rollback_except_vec_vi[];
+ const u8 *vec_start = using_rollback_handler() ?
+ rollback_except_vec_vi : except_vec_vi;
#if defined(CONFIG_CPU_MICROMIPS) || defined(CONFIG_CPU_BIG_ENDIAN)
- const int lui_offset = &except_vec_vi_lui - vec_start + 2;
- const int ori_offset = &except_vec_vi_ori - vec_start + 2;
+ const int lui_offset = except_vec_vi_lui - vec_start + 2;
+ const int ori_offset = except_vec_vi_ori - vec_start + 2;
#else
- const int lui_offset = &except_vec_vi_lui - vec_start;
- const int ori_offset = &except_vec_vi_ori - vec_start;
+ const int lui_offset = except_vec_vi_lui - vec_start;
+ const int ori_offset = except_vec_vi_ori - vec_start;
#endif
- const int handler_len = &except_vec_vi_end - vec_start;
+ const int handler_len = except_vec_vi_end - vec_start;
if (handler_len > VECTORSPACING) {
/*
@@ -2210,7 +2210,7 @@ void per_cpu_trap_init(bool is_boot_cpu)
}
/* Install CPU exception handler */
-void set_handler(unsigned long offset, void *addr, unsigned long size)
+void set_handler(unsigned long offset, const void *addr, unsigned long size)
{
#ifdef CONFIG_CPU_MICROMIPS
memcpy((void *)(ebase + offset), ((unsigned char *)addr - 1), size);
--
2.35.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 283/338] scsi: libfc: Fix use after free in fc_exch_abts_resp()
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (281 preceding siblings ...)
2022-04-14 13:13 ` [PATCH 4.19 282/338] MIPS: fix fortify panic when copying asm exception handlers Greg Kroah-Hartman
@ 2022-04-14 13:13 ` Greg Kroah-Hartman
2022-04-14 13:13 ` [PATCH 4.19 284/338] usb: dwc3: omap: fix "unbalanced disables for smps10_out1" on omap5evm Greg Kroah-Hartman
` (60 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:13 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hannes Reinecke, Jianglei Nie,
Martin K. Petersen, Sasha Levin
From: Jianglei Nie <niejianglei2021@163.com>
[ Upstream commit 271add11994ba1a334859069367e04d2be2ebdd4 ]
fc_exch_release(ep) will decrease the ep's reference count. When the
reference count reaches zero, it is freed. But ep is still used in the
following code, which will lead to a use after free.
Return after the fc_exch_release() call to avoid use after free.
Link: https://lore.kernel.org/r/20220303015115.459778-1-niejianglei2021@163.com
Reviewed-by: Hannes Reinecke <hare@suse.de>
Signed-off-by: Jianglei Nie <niejianglei2021@163.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/scsi/libfc/fc_exch.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/scsi/libfc/fc_exch.c b/drivers/scsi/libfc/fc_exch.c
index 384458d1f73c..9fa0aa235cb4 100644
--- a/drivers/scsi/libfc/fc_exch.c
+++ b/drivers/scsi/libfc/fc_exch.c
@@ -1709,6 +1709,7 @@ static void fc_exch_abts_resp(struct fc_exch *ep, struct fc_frame *fp)
if (cancel_delayed_work_sync(&ep->timeout_work)) {
FC_EXCH_DBG(ep, "Exchange timer canceled due to ABTS response\n");
fc_exch_release(ep); /* release from pending timer hold */
+ return;
}
spin_lock_bh(&ep->ex_lock);
--
2.35.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 284/338] usb: dwc3: omap: fix "unbalanced disables for smps10_out1" on omap5evm
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (282 preceding siblings ...)
2022-04-14 13:13 ` [PATCH 4.19 283/338] scsi: libfc: Fix use after free in fc_exch_abts_resp() Greg Kroah-Hartman
@ 2022-04-14 13:13 ` Greg Kroah-Hartman
2022-04-14 13:13 ` [PATCH 4.19 285/338] xtensa: fix DTC warning unit_address_format Greg Kroah-Hartman
` (59 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:13 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, H. Nikolaus Schaller, Sasha Levin
From: H. Nikolaus Schaller <hns@goldelico.com>
[ Upstream commit ac01df343e5a6c6bcead2ed421af1fde30f73e7e ]
Usually, the vbus_regulator (smps10 on omap5evm) boots up disabled.
Hence calling regulator_disable() indirectly through dwc3_omap_set_mailbox()
during probe leads to:
[ 10.332764] WARNING: CPU: 0 PID: 1628 at drivers/regulator/core.c:2853 _regulator_disable+0x40/0x164
[ 10.351919] unbalanced disables for smps10_out1
[ 10.361298] Modules linked in: dwc3_omap(+) clk_twl6040 at24 gpio_twl6040 palmas_gpadc palmas_pwrbutton
industrialio snd_soc_omap_mcbsp(+) snd_soc_ti_sdma display_connector ti_tpd12s015 drm leds_gpio
drm_panel_orientation_quirks ip_tables x_tables ipv6 autofs4
[ 10.387818] CPU: 0 PID: 1628 Comm: systemd-udevd Not tainted 5.17.0-rc1-letux-lpae+ #8139
[ 10.405129] Hardware name: Generic OMAP5 (Flattened Device Tree)
[ 10.411455] unwind_backtrace from show_stack+0x10/0x14
[ 10.416970] show_stack from dump_stack_lvl+0x40/0x4c
[ 10.422313] dump_stack_lvl from __warn+0xb8/0x170
[ 10.427377] __warn from warn_slowpath_fmt+0x70/0x9c
[ 10.432595] warn_slowpath_fmt from _regulator_disable+0x40/0x164
[ 10.439037] _regulator_disable from regulator_disable+0x30/0x64
[ 10.445382] regulator_disable from dwc3_omap_set_mailbox+0x8c/0xf0 [dwc3_omap]
[ 10.453116] dwc3_omap_set_mailbox [dwc3_omap] from dwc3_omap_probe+0x2b8/0x394 [dwc3_omap]
[ 10.467021] dwc3_omap_probe [dwc3_omap] from platform_probe+0x58/0xa8
[ 10.481762] platform_probe from really_probe+0x168/0x2fc
[ 10.481782] really_probe from __driver_probe_device+0xc4/0xd8
[ 10.481782] __driver_probe_device from driver_probe_device+0x24/0xa4
[ 10.503762] driver_probe_device from __driver_attach+0xc4/0xd8
[ 10.510018] __driver_attach from bus_for_each_dev+0x64/0xa0
[ 10.516001] bus_for_each_dev from bus_add_driver+0x148/0x1a4
[ 10.524880] bus_add_driver from driver_register+0xb4/0xf8
[ 10.530678] driver_register from do_one_initcall+0x90/0x1c4
[ 10.536661] do_one_initcall from do_init_module+0x4c/0x200
[ 10.536683] do_init_module from load_module+0x13dc/0x1910
[ 10.551159] load_module from sys_finit_module+0xc8/0xd8
[ 10.561319] sys_finit_module from __sys_trace_return+0x0/0x18
[ 10.561336] Exception stack(0xc344bfa8 to 0xc344bff0)
[ 10.561341] bfa0: b6fb5778 b6fab8d8 00000007 b6ecfbb8 00000000 b6ed0398
[ 10.561341] bfc0: b6fb5778 b6fab8d8 855c0500 0000017b 00020000 b6f9a3cc 00000000 b6fb5778
[ 10.595500] bfe0: bede18f8 bede18e8 b6ec9aeb b6dda1c2
[ 10.601345] ---[ end trace 0000000000000000 ]---
Fix this unnecessary warning by checking if the regulator is enabled.
Signed-off-by: H. Nikolaus Schaller <hns@goldelico.com>
Link: https://lore.kernel.org/r/af3b750dc2265d875deaabcf5f80098c9645da45.1646744616.git.hns@goldelico.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/usb/dwc3/dwc3-omap.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/usb/dwc3/dwc3-omap.c b/drivers/usb/dwc3/dwc3-omap.c
index 0dfb710f48b5..0b800bc6150d 100644
--- a/drivers/usb/dwc3/dwc3-omap.c
+++ b/drivers/usb/dwc3/dwc3-omap.c
@@ -237,7 +237,7 @@ static void dwc3_omap_set_mailbox(struct dwc3_omap *omap,
break;
case OMAP_DWC3_ID_FLOAT:
- if (omap->vbus_reg)
+ if (omap->vbus_reg && regulator_is_enabled(omap->vbus_reg))
regulator_disable(omap->vbus_reg);
val = dwc3_omap_read_utmi_ctrl(omap);
val |= USBOTGSS_UTMI_OTG_CTRL_IDDIG;
--
2.35.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 285/338] xtensa: fix DTC warning unit_address_format
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (283 preceding siblings ...)
2022-04-14 13:13 ` [PATCH 4.19 284/338] usb: dwc3: omap: fix "unbalanced disables for smps10_out1" on omap5evm Greg Kroah-Hartman
@ 2022-04-14 13:13 ` Greg Kroah-Hartman
2022-04-14 13:13 ` [PATCH 4.19 286/338] Bluetooth: Fix use after free in hci_send_acl Greg Kroah-Hartman
` (58 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:13 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Max Filippov, Sasha Levin
From: Max Filippov <jcmvbkbc@gmail.com>
[ Upstream commit e85d29ba4b24f68e7a78cb85c55e754362eeb2de ]
DTC issues the following warnings when building xtfpga device trees:
/soc/flash@00000000/partition@0x0: unit name should not have leading "0x"
/soc/flash@00000000/partition@0x6000000: unit name should not have leading "0x"
/soc/flash@00000000/partition@0x6800000: unit name should not have leading "0x"
/soc/flash@00000000/partition@0x7fe0000: unit name should not have leading "0x"
Drop leading 0x from flash partition unit names.
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/xtensa/boot/dts/xtfpga-flash-128m.dtsi | 8 ++++----
arch/xtensa/boot/dts/xtfpga-flash-16m.dtsi | 8 ++++----
arch/xtensa/boot/dts/xtfpga-flash-4m.dtsi | 4 ++--
3 files changed, 10 insertions(+), 10 deletions(-)
diff --git a/arch/xtensa/boot/dts/xtfpga-flash-128m.dtsi b/arch/xtensa/boot/dts/xtfpga-flash-128m.dtsi
index 9bf8bad1dd18..c33932568aa7 100644
--- a/arch/xtensa/boot/dts/xtfpga-flash-128m.dtsi
+++ b/arch/xtensa/boot/dts/xtfpga-flash-128m.dtsi
@@ -8,19 +8,19 @@
reg = <0x00000000 0x08000000>;
bank-width = <2>;
device-width = <2>;
- partition@0x0 {
+ partition@0 {
label = "data";
reg = <0x00000000 0x06000000>;
};
- partition@0x6000000 {
+ partition@6000000 {
label = "boot loader area";
reg = <0x06000000 0x00800000>;
};
- partition@0x6800000 {
+ partition@6800000 {
label = "kernel image";
reg = <0x06800000 0x017e0000>;
};
- partition@0x7fe0000 {
+ partition@7fe0000 {
label = "boot environment";
reg = <0x07fe0000 0x00020000>;
};
diff --git a/arch/xtensa/boot/dts/xtfpga-flash-16m.dtsi b/arch/xtensa/boot/dts/xtfpga-flash-16m.dtsi
index 40c2f81f7cb6..7bde2ab2d6fb 100644
--- a/arch/xtensa/boot/dts/xtfpga-flash-16m.dtsi
+++ b/arch/xtensa/boot/dts/xtfpga-flash-16m.dtsi
@@ -8,19 +8,19 @@
reg = <0x08000000 0x01000000>;
bank-width = <2>;
device-width = <2>;
- partition@0x0 {
+ partition@0 {
label = "boot loader area";
reg = <0x00000000 0x00400000>;
};
- partition@0x400000 {
+ partition@400000 {
label = "kernel image";
reg = <0x00400000 0x00600000>;
};
- partition@0xa00000 {
+ partition@a00000 {
label = "data";
reg = <0x00a00000 0x005e0000>;
};
- partition@0xfe0000 {
+ partition@fe0000 {
label = "boot environment";
reg = <0x00fe0000 0x00020000>;
};
diff --git a/arch/xtensa/boot/dts/xtfpga-flash-4m.dtsi b/arch/xtensa/boot/dts/xtfpga-flash-4m.dtsi
index fb8d3a9f33c2..0655b868749a 100644
--- a/arch/xtensa/boot/dts/xtfpga-flash-4m.dtsi
+++ b/arch/xtensa/boot/dts/xtfpga-flash-4m.dtsi
@@ -8,11 +8,11 @@
reg = <0x08000000 0x00400000>;
bank-width = <2>;
device-width = <2>;
- partition@0x0 {
+ partition@0 {
label = "boot loader area";
reg = <0x00000000 0x003f0000>;
};
- partition@0x3f0000 {
+ partition@3f0000 {
label = "boot environment";
reg = <0x003f0000 0x00010000>;
};
--
2.35.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 286/338] Bluetooth: Fix use after free in hci_send_acl
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (284 preceding siblings ...)
2022-04-14 13:13 ` [PATCH 4.19 285/338] xtensa: fix DTC warning unit_address_format Greg Kroah-Hartman
@ 2022-04-14 13:13 ` Greg Kroah-Hartman
2022-04-14 13:13 ` [PATCH 4.19 287/338] init/main.c: return 1 from handled __setup() functions Greg Kroah-Hartman
` (57 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:13 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Sönke Huster,
Luiz Augusto von Dentz, Marcel Holtmann, Sasha Levin
From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
[ Upstream commit f63d24baff787e13b723d86fe036f84bdbc35045 ]
This fixes the following trace caused by receiving
HCI_EV_DISCONN_PHY_LINK_COMPLETE which does call hci_conn_del without
first checking if conn->type is in fact AMP_LINK and in case it is
do properly cleanup upper layers with hci_disconn_cfm:
==================================================================
BUG: KASAN: use-after-free in hci_send_acl+0xaba/0xc50
Read of size 8 at addr ffff88800e404818 by task bluetoothd/142
CPU: 0 PID: 142 Comm: bluetoothd Not tainted
5.17.0-rc5-00006-gda4022eeac1a #7
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS
rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014
Call Trace:
<TASK>
dump_stack_lvl+0x45/0x59
print_address_description.constprop.0+0x1f/0x150
kasan_report.cold+0x7f/0x11b
hci_send_acl+0xaba/0xc50
l2cap_do_send+0x23f/0x3d0
l2cap_chan_send+0xc06/0x2cc0
l2cap_sock_sendmsg+0x201/0x2b0
sock_sendmsg+0xdc/0x110
sock_write_iter+0x20f/0x370
do_iter_readv_writev+0x343/0x690
do_iter_write+0x132/0x640
vfs_writev+0x198/0x570
do_writev+0x202/0x280
do_syscall_64+0x38/0x90
entry_SYSCALL_64_after_hwframe+0x44/0xae
RSP: 002b:00007ffce8a099b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
Code: 0f 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b8 0f 1f 00 f3
0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 b8 14 00 00 00 0f 05
<48> 3d 00 f0 ff ff 77 51 c3 48 83 ec 28 89 54 24 1c 48 89 74 24 10
RDX: 0000000000000001 RSI: 00007ffce8a099e0 RDI: 0000000000000015
RAX: ffffffffffffffda RBX: 00007ffce8a099e0 RCX: 00007f788fc3cf77
R10: 00007ffce8af7080 R11: 0000000000000246 R12: 000055e4ccf75580
RBP: 0000000000000015 R08: 0000000000000002 R09: 0000000000000001
</TASK>
R13: 000055e4ccf754a0 R14: 000055e4ccf75cd0 R15: 000055e4ccf4a6b0
Allocated by task 45:
kasan_save_stack+0x1e/0x40
__kasan_kmalloc+0x81/0xa0
hci_chan_create+0x9a/0x2f0
l2cap_conn_add.part.0+0x1a/0xdc0
l2cap_connect_cfm+0x236/0x1000
le_conn_complete_evt+0x15a7/0x1db0
hci_le_conn_complete_evt+0x226/0x2c0
hci_le_meta_evt+0x247/0x450
hci_event_packet+0x61b/0xe90
hci_rx_work+0x4d5/0xc50
process_one_work+0x8fb/0x15a0
worker_thread+0x576/0x1240
kthread+0x29d/0x340
ret_from_fork+0x1f/0x30
Freed by task 45:
kasan_save_stack+0x1e/0x40
kasan_set_track+0x21/0x30
kasan_set_free_info+0x20/0x30
__kasan_slab_free+0xfb/0x130
kfree+0xac/0x350
hci_conn_cleanup+0x101/0x6a0
hci_conn_del+0x27e/0x6c0
hci_disconn_phylink_complete_evt+0xe0/0x120
hci_event_packet+0x812/0xe90
hci_rx_work+0x4d5/0xc50
process_one_work+0x8fb/0x15a0
worker_thread+0x576/0x1240
kthread+0x29d/0x340
ret_from_fork+0x1f/0x30
The buggy address belongs to the object at ffff88800c0f0500
The buggy address is located 24 bytes inside of
which belongs to the cache kmalloc-128 of size 128
The buggy address belongs to the page:
128-byte region [ffff88800c0f0500, ffff88800c0f0580)
flags: 0x100000000000200(slab|node=0|zone=1)
page:00000000fe45cd86 refcount:1 mapcount:0
mapping:0000000000000000 index:0x0 pfn:0xc0f0
raw: 0000000000000000 0000000080100010 00000001ffffffff
0000000000000000
raw: 0100000000000200 ffffea00003a2c80 dead000000000004
ffff8880078418c0
page dumped because: kasan: bad access detected
ffff88800c0f0400: 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc
Memory state around the buggy address:
>ffff88800c0f0500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
ffff88800c0f0480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
ffff88800c0f0580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
^
==================================================================
ffff88800c0f0600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
Reported-by: Sönke Huster <soenke.huster@eknoes.de>
Tested-by: Sönke Huster <soenke.huster@eknoes.de>
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/bluetooth/hci_event.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c
index 196d0d832007..dd7bf437d88e 100644
--- a/net/bluetooth/hci_event.c
+++ b/net/bluetooth/hci_event.c
@@ -4792,8 +4792,9 @@ static void hci_disconn_phylink_complete_evt(struct hci_dev *hdev,
hci_dev_lock(hdev);
hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
- if (hcon) {
+ if (hcon && hcon->type == AMP_LINK) {
hcon->state = BT_CLOSED;
+ hci_disconn_cfm(hcon, ev->reason);
hci_conn_del(hcon);
}
--
2.35.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 287/338] init/main.c: return 1 from handled __setup() functions
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (285 preceding siblings ...)
2022-04-14 13:13 ` [PATCH 4.19 286/338] Bluetooth: Fix use after free in hci_send_acl Greg Kroah-Hartman
@ 2022-04-14 13:13 ` Greg Kroah-Hartman
2022-04-14 13:13 ` [PATCH 4.19 288/338] minix: fix bug when opening a file with O_DIRECT Greg Kroah-Hartman
` (56 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:13 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Randy Dunlap, Igor Zhbanov,
Ingo Molnar, Andrew Morton, Linus Torvalds, Sasha Levin
From: Randy Dunlap <rdunlap@infradead.org>
[ Upstream commit f9a40b0890658330c83c95511f9d6b396610defc ]
initcall_blacklist() should return 1 to indicate that it handled its
cmdline arguments.
set_debug_rodata() should return 1 to indicate that it handled its
cmdline arguments. Print a warning if the option string is invalid.
This prevents these strings from being added to the 'init' program's
environment as they are not init arguments/parameters.
Link: https://lkml.kernel.org/r/20220221050901.23985-1-rdunlap@infradead.org
Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
Reported-by: Igor Zhbanov <i.zhbanov@omprussia.ru>
Cc: Ingo Molnar <mingo@kernel.org>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
init/main.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/init/main.c b/init/main.c
index 7baad67c2e93..272ec131211c 100644
--- a/init/main.c
+++ b/init/main.c
@@ -774,7 +774,7 @@ static int __init initcall_blacklist(char *str)
}
} while (str_entry);
- return 0;
+ return 1;
}
static bool __init_or_module initcall_blacklisted(initcall_t fn)
@@ -1027,7 +1027,9 @@ static noinline void __init kernel_init_freeable(void);
bool rodata_enabled __ro_after_init = true;
static int __init set_debug_rodata(char *str)
{
- return strtobool(str, &rodata_enabled);
+ if (strtobool(str, &rodata_enabled))
+ pr_warn("Invalid option string for rodata: '%s'\n", str);
+ return 1;
}
__setup("rodata=", set_debug_rodata);
#endif
--
2.35.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 288/338] minix: fix bug when opening a file with O_DIRECT
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (286 preceding siblings ...)
2022-04-14 13:13 ` [PATCH 4.19 287/338] init/main.c: return 1 from handled __setup() functions Greg Kroah-Hartman
@ 2022-04-14 13:13 ` Greg Kroah-Hartman
2022-04-14 13:13 ` [PATCH 4.19 289/338] w1: w1_therm: fixes w1_seq for ds28ea00 sensors Greg Kroah-Hartman
` (55 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:13 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Qinghua Jin, Colin Ian King,
Jan Kara, Christian Brauner, Andrew Morton, Linus Torvalds,
Sasha Levin
From: Qinghua Jin <qhjin.dev@gmail.com>
[ Upstream commit 9ce3c0d26c42d279b6c378a03cd6a61d828f19ca ]
Testcase:
1. create a minix file system and mount it
2. open a file on the file system with O_RDWR|O_CREAT|O_TRUNC|O_DIRECT
3. open fails with -EINVAL but leaves an empty file behind. All other
open() failures don't leave the failed open files behind.
It is hard to check the direct_IO op before creating the inode. Just as
ext4 and btrfs do, this patch will resolve the issue by allowing to
create the file with O_DIRECT but returning error when writing the file.
Link: https://lkml.kernel.org/r/20220107133626.413379-1-qhjin.dev@gmail.com
Signed-off-by: Qinghua Jin <qhjin.dev@gmail.com>
Reported-by: Colin Ian King <colin.king@intel.com>
Reviewed-by: Jan Kara <jack@suse.cz>
Acked-by: Christian Brauner <christian.brauner@ubuntu.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/minix/inode.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/fs/minix/inode.c b/fs/minix/inode.c
index 03fe8bac36cf..3ce91ad1ee1b 100644
--- a/fs/minix/inode.c
+++ b/fs/minix/inode.c
@@ -450,7 +450,8 @@ static const struct address_space_operations minix_aops = {
.writepage = minix_writepage,
.write_begin = minix_write_begin,
.write_end = generic_write_end,
- .bmap = minix_bmap
+ .bmap = minix_bmap,
+ .direct_IO = noop_direct_IO
};
static const struct inode_operations minix_symlink_inode_operations = {
--
2.35.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 289/338] w1: w1_therm: fixes w1_seq for ds28ea00 sensors
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (287 preceding siblings ...)
2022-04-14 13:13 ` [PATCH 4.19 288/338] minix: fix bug when opening a file with O_DIRECT Greg Kroah-Hartman
@ 2022-04-14 13:13 ` Greg Kroah-Hartman
2022-04-14 13:13 ` [PATCH 4.19 290/338] NFSv4: Protect the state recovery thread against direct reclaim Greg Kroah-Hartman
` (54 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:13 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Lucas Denefle, Sasha Levin
From: Lucas Denefle <lucas.denefle@converge.io>
[ Upstream commit 41a92a89eee819298f805c40187ad8b02bb53426 ]
w1_seq was failing due to several devices responding to the
CHAIN_DONE at the same time. Now properly selects the current
device in the chain with MATCH_ROM. Also acknowledgment was
read twice.
Signed-off-by: Lucas Denefle <lucas.denefle@converge.io>
Link: https://lore.kernel.org/r/20220223113558.232750-1-lucas.denefle@converge.io
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/w1/slaves/w1_therm.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/drivers/w1/slaves/w1_therm.c b/drivers/w1/slaves/w1_therm.c
index 3c350dfbcd0b..aba727294bc8 100644
--- a/drivers/w1/slaves/w1_therm.c
+++ b/drivers/w1/slaves/w1_therm.c
@@ -693,16 +693,20 @@ static ssize_t w1_seq_show(struct device *device,
if (sl->reg_num.id == reg_num->id)
seq = i;
+ if (w1_reset_bus(sl->master))
+ goto error;
+
+ /* Put the device into chain DONE state */
+ w1_write_8(sl->master, W1_MATCH_ROM);
+ w1_write_block(sl->master, (u8 *)&rn, 8);
w1_write_8(sl->master, W1_42_CHAIN);
w1_write_8(sl->master, W1_42_CHAIN_DONE);
w1_write_8(sl->master, W1_42_CHAIN_DONE_INV);
- w1_read_block(sl->master, &ack, sizeof(ack));
/* check for acknowledgment */
ack = w1_read_8(sl->master);
if (ack != W1_42_SUCCESS_CONFIRM_BYTE)
goto error;
-
}
/* Exit from CHAIN state */
--
2.35.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 290/338] NFSv4: Protect the state recovery thread against direct reclaim
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (288 preceding siblings ...)
2022-04-14 13:13 ` [PATCH 4.19 289/338] w1: w1_therm: fixes w1_seq for ds28ea00 sensors Greg Kroah-Hartman
@ 2022-04-14 13:13 ` Greg Kroah-Hartman
2022-04-14 13:13 ` [PATCH 4.19 291/338] xen: delay xen_hvm_init_time_ops() if kdump is boot on vcpu>=32 Greg Kroah-Hartman
` (53 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:13 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Trond Myklebust, Sasha Levin
From: Trond Myklebust <trond.myklebust@hammerspace.com>
[ Upstream commit 3e17898aca293a24dae757a440a50aa63ca29671 ]
If memory allocation triggers a direct reclaim from the state recovery
thread, then we can deadlock. Use memalloc_nofs_save/restore to ensure
that doesn't happen.
Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/nfs/nfs4state.c | 12 ++++++++++++
1 file changed, 12 insertions(+)
diff --git a/fs/nfs/nfs4state.c b/fs/nfs/nfs4state.c
index 9c98547fcefc..30576a10a1f4 100644
--- a/fs/nfs/nfs4state.c
+++ b/fs/nfs/nfs4state.c
@@ -49,6 +49,7 @@
#include <linux/workqueue.h>
#include <linux/bitops.h>
#include <linux/jiffies.h>
+#include <linux/sched/mm.h>
#include <linux/sunrpc/clnt.h>
@@ -2505,9 +2506,17 @@ static int nfs4_bind_conn_to_session(struct nfs_client *clp)
static void nfs4_state_manager(struct nfs_client *clp)
{
+ unsigned int memflags;
int status = 0;
const char *section = "", *section_sep = "";
+ /*
+ * State recovery can deadlock if the direct reclaim code tries
+ * start NFS writeback. So ensure memory allocations are all
+ * GFP_NOFS.
+ */
+ memflags = memalloc_nofs_save();
+
/* Ensure exclusive access to NFSv4 state */
do {
clear_bit(NFS4CLNT_RUN_MANAGER, &clp->cl_state);
@@ -2600,6 +2609,7 @@ static void nfs4_state_manager(struct nfs_client *clp)
goto out_error;
}
+ memalloc_nofs_restore(memflags);
nfs4_end_drain_session(clp);
nfs4_clear_state_manager_bit(clp);
@@ -2616,6 +2626,7 @@ static void nfs4_state_manager(struct nfs_client *clp)
return;
if (test_and_set_bit(NFS4CLNT_MANAGER_RUNNING, &clp->cl_state) != 0)
return;
+ memflags = memalloc_nofs_save();
} while (refcount_read(&clp->cl_count) > 1 && !signalled());
goto out_drain;
@@ -2627,6 +2638,7 @@ static void nfs4_state_manager(struct nfs_client *clp)
clp->cl_hostname, -status);
ssleep(1);
out_drain:
+ memalloc_nofs_restore(memflags);
nfs4_end_drain_session(clp);
nfs4_clear_state_manager_bit(clp);
}
--
2.35.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 291/338] xen: delay xen_hvm_init_time_ops() if kdump is boot on vcpu>=32
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (289 preceding siblings ...)
2022-04-14 13:13 ` [PATCH 4.19 290/338] NFSv4: Protect the state recovery thread against direct reclaim Greg Kroah-Hartman
@ 2022-04-14 13:13 ` Greg Kroah-Hartman
2022-04-14 13:13 ` [PATCH 4.19 292/338] clk: Enforce that disjoints limits are invalid Greg Kroah-Hartman
` (52 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:13 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Joe Jin, Dongli Zhang,
Boris Ostrovsky, Sasha Levin
From: Dongli Zhang <dongli.zhang@oracle.com>
[ Upstream commit eed05744322da07dd7e419432dcedf3c2e017179 ]
The sched_clock() can be used very early since commit 857baa87b642
("sched/clock: Enable sched clock early"). In addition, with commit
38669ba205d1 ("x86/xen/time: Output xen sched_clock time from 0"), kdump
kernel in Xen HVM guest may panic at very early stage when accessing
&__this_cpu_read(xen_vcpu)->time as in below:
setup_arch()
-> init_hypervisor_platform()
-> x86_init.hyper.init_platform = xen_hvm_guest_init()
-> xen_hvm_init_time_ops()
-> xen_clocksource_read()
-> src = &__this_cpu_read(xen_vcpu)->time;
This is because Xen HVM supports at most MAX_VIRT_CPUS=32 'vcpu_info'
embedded inside 'shared_info' during early stage until xen_vcpu_setup() is
used to allocate/relocate 'vcpu_info' for boot cpu at arbitrary address.
However, when Xen HVM guest panic on vcpu >= 32, since
xen_vcpu_info_reset(0) would set per_cpu(xen_vcpu, cpu) = NULL when
vcpu >= 32, xen_clocksource_read() on vcpu >= 32 would panic.
This patch calls xen_hvm_init_time_ops() again later in
xen_hvm_smp_prepare_boot_cpu() after the 'vcpu_info' for boot vcpu is
registered when the boot vcpu is >= 32.
This issue can be reproduced on purpose via below command at the guest
side when kdump/kexec is enabled:
"taskset -c 33 echo c > /proc/sysrq-trigger"
The bugfix for PVM is not implemented due to the lack of testing
environment.
[boris: xen_hvm_init_time_ops() returns on errors instead of jumping to end]
Cc: Joe Jin <joe.jin@oracle.com>
Signed-off-by: Dongli Zhang <dongli.zhang@oracle.com>
Reviewed-by: Boris Ostrovsky <boris.ostrovsky@oracle.com>
Link: https://lore.kernel.org/r/20220302164032.14569-3-dongli.zhang@oracle.com
Signed-off-by: Boris Ostrovsky <boris.ostrovsky@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/x86/xen/smp_hvm.c | 6 ++++++
arch/x86/xen/time.c | 24 +++++++++++++++++++++++-
2 files changed, 29 insertions(+), 1 deletion(-)
diff --git a/arch/x86/xen/smp_hvm.c b/arch/x86/xen/smp_hvm.c
index f8d39440b292..e5bd9eb42191 100644
--- a/arch/x86/xen/smp_hvm.c
+++ b/arch/x86/xen/smp_hvm.c
@@ -18,6 +18,12 @@ static void __init xen_hvm_smp_prepare_boot_cpu(void)
*/
xen_vcpu_setup(0);
+ /*
+ * Called again in case the kernel boots on vcpu >= MAX_VIRT_CPUS.
+ * Refer to comments in xen_hvm_init_time_ops().
+ */
+ xen_hvm_init_time_ops();
+
/*
* The alternative logic (which patches the unlock/lock) runs before
* the smp bootup up code is activated. Hence we need to set this up
diff --git a/arch/x86/xen/time.c b/arch/x86/xen/time.c
index 01dcccf9185f..9809de9f2310 100644
--- a/arch/x86/xen/time.c
+++ b/arch/x86/xen/time.c
@@ -547,6 +547,11 @@ static void xen_hvm_setup_cpu_clockevents(void)
void __init xen_hvm_init_time_ops(void)
{
+ static bool hvm_time_initialized;
+
+ if (hvm_time_initialized)
+ return;
+
/*
* vector callback is needed otherwise we cannot receive interrupts
* on cpu > 0 and at this point we don't know how many cpus are
@@ -556,7 +561,22 @@ void __init xen_hvm_init_time_ops(void)
return;
if (!xen_feature(XENFEAT_hvm_safe_pvclock)) {
- pr_info("Xen doesn't support pvclock on HVM, disable pv timer");
+ pr_info_once("Xen doesn't support pvclock on HVM, disable pv timer");
+ return;
+ }
+
+ /*
+ * Only MAX_VIRT_CPUS 'vcpu_info' are embedded inside 'shared_info'.
+ * The __this_cpu_read(xen_vcpu) is still NULL when Xen HVM guest
+ * boots on vcpu >= MAX_VIRT_CPUS (e.g., kexec), To access
+ * __this_cpu_read(xen_vcpu) via xen_clocksource_read() will panic.
+ *
+ * The xen_hvm_init_time_ops() should be called again later after
+ * __this_cpu_read(xen_vcpu) is available.
+ */
+ if (!__this_cpu_read(xen_vcpu)) {
+ pr_info("Delay xen_init_time_common() as kernel is running on vcpu=%d\n",
+ xen_vcpu_nr(0));
return;
}
@@ -568,5 +588,7 @@ void __init xen_hvm_init_time_ops(void)
x86_platform.calibrate_tsc = xen_tsc_khz;
x86_platform.get_wallclock = xen_get_wallclock;
x86_platform.set_wallclock = xen_set_wallclock;
+
+ hvm_time_initialized = true;
}
#endif
--
2.35.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 292/338] clk: Enforce that disjoints limits are invalid
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (290 preceding siblings ...)
2022-04-14 13:13 ` [PATCH 4.19 291/338] xen: delay xen_hvm_init_time_ops() if kdump is boot on vcpu>=32 Greg Kroah-Hartman
@ 2022-04-14 13:13 ` Greg Kroah-Hartman
2022-04-14 13:13 ` [PATCH 4.19 293/338] SUNRPC/call_alloc: async tasks mustnt block waiting for memory Greg Kroah-Hartman
` (51 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:13 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Maxime Ripard, Stephen Boyd, Sasha Levin
From: Maxime Ripard <maxime@cerno.tech>
[ Upstream commit 10c46f2ea914202482d19cf80dcc9c321c9ff59b ]
If we were to have two users of the same clock, doing something like:
clk_set_rate_range(user1, 1000, 2000);
clk_set_rate_range(user2, 3000, 4000);
The second call would fail with -EINVAL, preventing from getting in a
situation where we end up with impossible limits.
However, this is never explicitly checked against and enforced, and
works by relying on an undocumented behaviour of clk_set_rate().
Indeed, on the first clk_set_rate_range will make sure the current clock
rate is within the new range, so it will be between 1000 and 2000Hz. On
the second clk_set_rate_range(), it will consider (rightfully), that our
current clock is outside of the 3000-4000Hz range, and will call
clk_core_set_rate_nolock() to set it to 3000Hz.
clk_core_set_rate_nolock() will then call clk_calc_new_rates() that will
eventually check that our rate 3000Hz rate is outside the min 3000Hz max
2000Hz range, will bail out, the error will propagate and we'll
eventually return -EINVAL.
This solely relies on the fact that clk_calc_new_rates(), and in
particular clk_core_determine_round_nolock(), won't modify the new rate
allowing the error to be reported. That assumption won't be true for all
drivers, and most importantly we'll break that assumption in a later
patch.
It can also be argued that we shouldn't even reach the point where we're
calling clk_core_set_rate_nolock().
Let's make an explicit check for disjoints range before we're doing
anything.
Signed-off-by: Maxime Ripard <maxime@cerno.tech>
Link: https://lore.kernel.org/r/20220225143534.405820-4-maxime@cerno.tech
Signed-off-by: Stephen Boyd <sboyd@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/clk/clk.c | 24 ++++++++++++++++++++++++
1 file changed, 24 insertions(+)
diff --git a/drivers/clk/clk.c b/drivers/clk/clk.c
index a9490c8e82a7..32606d1094fe 100644
--- a/drivers/clk/clk.c
+++ b/drivers/clk/clk.c
@@ -523,6 +523,24 @@ static void clk_core_get_boundaries(struct clk_core *core,
*max_rate = min(*max_rate, clk_user->max_rate);
}
+static bool clk_core_check_boundaries(struct clk_core *core,
+ unsigned long min_rate,
+ unsigned long max_rate)
+{
+ struct clk *user;
+
+ lockdep_assert_held(&prepare_lock);
+
+ if (min_rate > core->max_rate || max_rate < core->min_rate)
+ return false;
+
+ hlist_for_each_entry(user, &core->clks, clks_node)
+ if (min_rate > user->max_rate || max_rate < user->min_rate)
+ return false;
+
+ return true;
+}
+
void clk_hw_set_rate_range(struct clk_hw *hw, unsigned long min_rate,
unsigned long max_rate)
{
@@ -2066,6 +2084,11 @@ int clk_set_rate_range(struct clk *clk, unsigned long min, unsigned long max)
clk->min_rate = min;
clk->max_rate = max;
+ if (!clk_core_check_boundaries(clk->core, min, max)) {
+ ret = -EINVAL;
+ goto out;
+ }
+
rate = clk_core_get_rate_nolock(clk->core);
if (rate < min || rate > max) {
/*
@@ -2094,6 +2117,7 @@ int clk_set_rate_range(struct clk *clk, unsigned long min, unsigned long max)
}
}
+out:
if (clk->exclusive_count)
clk_core_rate_protect(clk->core);
--
2.35.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 293/338] SUNRPC/call_alloc: async tasks mustnt block waiting for memory
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (291 preceding siblings ...)
2022-04-14 13:13 ` [PATCH 4.19 292/338] clk: Enforce that disjoints limits are invalid Greg Kroah-Hartman
@ 2022-04-14 13:13 ` Greg Kroah-Hartman
2022-04-14 13:13 ` [PATCH 4.19 294/338] NFS: swap IO handling is slightly different for O_DIRECT IO Greg Kroah-Hartman
` (50 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:13 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, NeilBrown, Trond Myklebust, Sasha Levin
From: NeilBrown <neilb@suse.de>
[ Upstream commit c487216bec83b0c5a8803e5c61433d33ad7b104d ]
When memory is short, new worker threads cannot be created and we depend
on the minimum one rpciod thread to be able to handle everything.
So it must not block waiting for memory.
mempools are particularly a problem as memory can only be released back
to the mempool by an async rpc task running. If all available
workqueue threads are waiting on the mempool, no thread is available to
return anything.
rpc_malloc() can block, and this might cause deadlocks.
So check RPC_IS_ASYNC(), rather than RPC_IS_SWAPPER() to determine if
blocking is acceptable.
Signed-off-by: NeilBrown <neilb@suse.de>
Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/sunrpc/sched.c | 4 +++-
net/sunrpc/xprtrdma/transport.c | 4 +++-
2 files changed, 6 insertions(+), 2 deletions(-)
diff --git a/net/sunrpc/sched.c b/net/sunrpc/sched.c
index e339f8da1b0a..e36ae4d4b540 100644
--- a/net/sunrpc/sched.c
+++ b/net/sunrpc/sched.c
@@ -893,8 +893,10 @@ int rpc_malloc(struct rpc_task *task)
struct rpc_buffer *buf;
gfp_t gfp = GFP_NOIO | __GFP_NOWARN;
+ if (RPC_IS_ASYNC(task))
+ gfp = GFP_NOWAIT | __GFP_NOWARN;
if (RPC_IS_SWAPPER(task))
- gfp = __GFP_MEMALLOC | GFP_NOWAIT | __GFP_NOWARN;
+ gfp |= __GFP_MEMALLOC;
size += sizeof(struct rpc_buffer);
if (size <= RPC_BUFFER_MAXSIZE)
diff --git a/net/sunrpc/xprtrdma/transport.c b/net/sunrpc/xprtrdma/transport.c
index fdd14908eacb..e87a79be7ef0 100644
--- a/net/sunrpc/xprtrdma/transport.c
+++ b/net/sunrpc/xprtrdma/transport.c
@@ -665,8 +665,10 @@ xprt_rdma_allocate(struct rpc_task *task)
gfp_t flags;
flags = RPCRDMA_DEF_GFP;
+ if (RPC_IS_ASYNC(task))
+ flags = GFP_NOWAIT | __GFP_NOWARN;
if (RPC_IS_SWAPPER(task))
- flags = __GFP_MEMALLOC | GFP_NOWAIT | __GFP_NOWARN;
+ flags |= __GFP_MEMALLOC;
if (!rpcrdma_get_sendbuf(r_xprt, req, rqst->rq_callsize, flags))
goto out_fail;
--
2.35.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 294/338] NFS: swap IO handling is slightly different for O_DIRECT IO
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (292 preceding siblings ...)
2022-04-14 13:13 ` [PATCH 4.19 293/338] SUNRPC/call_alloc: async tasks mustnt block waiting for memory Greg Kroah-Hartman
@ 2022-04-14 13:13 ` Greg Kroah-Hartman
2022-04-14 13:13 ` [PATCH 4.19 295/338] NFS: swap-out must always use STABLE writes Greg Kroah-Hartman
` (49 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:13 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, NeilBrown, Trond Myklebust, Sasha Levin
From: NeilBrown <neilb@suse.de>
[ Upstream commit 64158668ac8b31626a8ce48db4cad08496eb8340 ]
1/ Taking the i_rwsem for swap IO triggers lockdep warnings regarding
possible deadlocks with "fs_reclaim". These deadlocks could, I believe,
eventuate if a buffered read on the swapfile was attempted.
We don't need coherence with the page cache for a swap file, and
buffered writes are forbidden anyway. There is no other need for
i_rwsem during direct IO. So never take it for swap_rw()
2/ generic_write_checks() explicitly forbids writes to swap, and
performs checks that are not needed for swap. So bypass it
for swap_rw().
Signed-off-by: NeilBrown <neilb@suse.de>
Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/nfs/direct.c | 42 ++++++++++++++++++++++++++++--------------
fs/nfs/file.c | 4 ++--
include/linux/nfs_fs.h | 8 ++++----
3 files changed, 34 insertions(+), 20 deletions(-)
diff --git a/fs/nfs/direct.c b/fs/nfs/direct.c
index e5da9d7fb69e..41ff316cd6ad 100644
--- a/fs/nfs/direct.c
+++ b/fs/nfs/direct.c
@@ -288,8 +288,8 @@ ssize_t nfs_direct_IO(struct kiocb *iocb, struct iov_iter *iter)
VM_BUG_ON(iov_iter_count(iter) != PAGE_SIZE);
if (iov_iter_rw(iter) == READ)
- return nfs_file_direct_read(iocb, iter);
- return nfs_file_direct_write(iocb, iter);
+ return nfs_file_direct_read(iocb, iter, true);
+ return nfs_file_direct_write(iocb, iter, true);
}
static void nfs_direct_release_pages(struct page **pages, unsigned int npages)
@@ -553,6 +553,7 @@ static ssize_t nfs_direct_read_schedule_iovec(struct nfs_direct_req *dreq,
* nfs_file_direct_read - file direct read operation for NFS files
* @iocb: target I/O control block
* @iter: vector of user buffers into which to read data
+ * @swap: flag indicating this is swap IO, not O_DIRECT IO
*
* We use this function for direct reads instead of calling
* generic_file_aio_read() in order to avoid gfar's check to see if
@@ -568,7 +569,8 @@ static ssize_t nfs_direct_read_schedule_iovec(struct nfs_direct_req *dreq,
* client must read the updated atime from the server back into its
* cache.
*/
-ssize_t nfs_file_direct_read(struct kiocb *iocb, struct iov_iter *iter)
+ssize_t nfs_file_direct_read(struct kiocb *iocb, struct iov_iter *iter,
+ bool swap)
{
struct file *file = iocb->ki_filp;
struct address_space *mapping = file->f_mapping;
@@ -610,12 +612,14 @@ ssize_t nfs_file_direct_read(struct kiocb *iocb, struct iov_iter *iter)
if (iter_is_iovec(iter))
dreq->flags = NFS_ODIRECT_SHOULD_DIRTY;
- nfs_start_io_direct(inode);
+ if (!swap)
+ nfs_start_io_direct(inode);
NFS_I(inode)->read_io += count;
requested = nfs_direct_read_schedule_iovec(dreq, iter, iocb->ki_pos);
- nfs_end_io_direct(inode);
+ if (!swap)
+ nfs_end_io_direct(inode);
if (requested > 0) {
result = nfs_direct_wait(dreq);
@@ -971,6 +975,7 @@ static ssize_t nfs_direct_write_schedule_iovec(struct nfs_direct_req *dreq,
* nfs_file_direct_write - file direct write operation for NFS files
* @iocb: target I/O control block
* @iter: vector of user buffers from which to write data
+ * @swap: flag indicating this is swap IO, not O_DIRECT IO
*
* We use this function for direct writes instead of calling
* generic_file_aio_write() in order to avoid taking the inode
@@ -987,7 +992,8 @@ static ssize_t nfs_direct_write_schedule_iovec(struct nfs_direct_req *dreq,
* Note that O_APPEND is not supported for NFS direct writes, as there
* is no atomic O_APPEND write facility in the NFS protocol.
*/
-ssize_t nfs_file_direct_write(struct kiocb *iocb, struct iov_iter *iter)
+ssize_t nfs_file_direct_write(struct kiocb *iocb, struct iov_iter *iter,
+ bool swap)
{
ssize_t result = -EINVAL, requested;
size_t count;
@@ -1001,7 +1007,11 @@ ssize_t nfs_file_direct_write(struct kiocb *iocb, struct iov_iter *iter)
dfprintk(FILE, "NFS: direct write(%pD2, %zd@%Ld)\n",
file, iov_iter_count(iter), (long long) iocb->ki_pos);
- result = generic_write_checks(iocb, iter);
+ if (swap)
+ /* bypass generic checks */
+ result = iov_iter_count(iter);
+ else
+ result = generic_write_checks(iocb, iter);
if (result <= 0)
return result;
count = result;
@@ -1031,16 +1041,20 @@ ssize_t nfs_file_direct_write(struct kiocb *iocb, struct iov_iter *iter)
if (!is_sync_kiocb(iocb))
dreq->iocb = iocb;
- nfs_start_io_direct(inode);
+ if (swap) {
+ requested = nfs_direct_write_schedule_iovec(dreq, iter, pos);
+ } else {
+ nfs_start_io_direct(inode);
- requested = nfs_direct_write_schedule_iovec(dreq, iter, pos);
+ requested = nfs_direct_write_schedule_iovec(dreq, iter, pos);
- if (mapping->nrpages) {
- invalidate_inode_pages2_range(mapping,
- pos >> PAGE_SHIFT, end);
- }
+ if (mapping->nrpages) {
+ invalidate_inode_pages2_range(mapping,
+ pos >> PAGE_SHIFT, end);
+ }
- nfs_end_io_direct(inode);
+ nfs_end_io_direct(inode);
+ }
if (requested > 0) {
result = nfs_direct_wait(dreq);
diff --git a/fs/nfs/file.c b/fs/nfs/file.c
index 29553fdba8af..62a86c414391 100644
--- a/fs/nfs/file.c
+++ b/fs/nfs/file.c
@@ -157,7 +157,7 @@ nfs_file_read(struct kiocb *iocb, struct iov_iter *to)
ssize_t result;
if (iocb->ki_flags & IOCB_DIRECT)
- return nfs_file_direct_read(iocb, to);
+ return nfs_file_direct_read(iocb, to, false);
dprintk("NFS: read(%pD2, %zu@%lu)\n",
iocb->ki_filp,
@@ -606,7 +606,7 @@ ssize_t nfs_file_write(struct kiocb *iocb, struct iov_iter *from)
return result;
if (iocb->ki_flags & IOCB_DIRECT)
- return nfs_file_direct_write(iocb, from);
+ return nfs_file_direct_write(iocb, from, false);
dprintk("NFS: write(%pD2, %zu@%Ld)\n",
file, iov_iter_count(from), (long long) iocb->ki_pos);
diff --git a/include/linux/nfs_fs.h b/include/linux/nfs_fs.h
index 0ff7dd2bf8a4..8ea7ceed8285 100644
--- a/include/linux/nfs_fs.h
+++ b/include/linux/nfs_fs.h
@@ -475,10 +475,10 @@ static inline struct rpc_cred *nfs_file_cred(struct file *file)
* linux/fs/nfs/direct.c
*/
extern ssize_t nfs_direct_IO(struct kiocb *, struct iov_iter *);
-extern ssize_t nfs_file_direct_read(struct kiocb *iocb,
- struct iov_iter *iter);
-extern ssize_t nfs_file_direct_write(struct kiocb *iocb,
- struct iov_iter *iter);
+ssize_t nfs_file_direct_read(struct kiocb *iocb,
+ struct iov_iter *iter, bool swap);
+ssize_t nfs_file_direct_write(struct kiocb *iocb,
+ struct iov_iter *iter, bool swap);
/*
* linux/fs/nfs/dir.c
--
2.35.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 295/338] NFS: swap-out must always use STABLE writes.
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (293 preceding siblings ...)
2022-04-14 13:13 ` [PATCH 4.19 294/338] NFS: swap IO handling is slightly different for O_DIRECT IO Greg Kroah-Hartman
@ 2022-04-14 13:13 ` Greg Kroah-Hartman
2022-04-14 13:13 ` [PATCH 4.19 296/338] serial: samsung_tty: do not unlock port->lock for uart_write_wakeup() Greg Kroah-Hartman
` (48 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:13 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, NeilBrown, Trond Myklebust, Sasha Levin
From: NeilBrown <neilb@suse.de>
[ Upstream commit c265de257f558a05c1859ee9e3fed04883b9ec0e ]
The commit handling code is not safe against memory-pressure deadlocks
when writing to swap. In particular, nfs_commitdata_alloc() blocks
indefinitely waiting for memory, and this can consume all available
workqueue threads.
swap-out most likely uses STABLE writes anyway as COND_STABLE indicates
that a stable write should be used if the write fits in a single
request, and it normally does. However if we ever swap with a small
wsize, or gather unusually large numbers of pages for a single write,
this might change.
For safety, make it explicit in the code that direct writes used for swap
must always use FLUSH_STABLE.
Signed-off-by: NeilBrown <neilb@suse.de>
Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/nfs/direct.c | 10 ++++++----
1 file changed, 6 insertions(+), 4 deletions(-)
diff --git a/fs/nfs/direct.c b/fs/nfs/direct.c
index 41ff316cd6ad..6a4083d550c6 100644
--- a/fs/nfs/direct.c
+++ b/fs/nfs/direct.c
@@ -888,7 +888,7 @@ static const struct nfs_pgio_completion_ops nfs_direct_write_completion_ops = {
*/
static ssize_t nfs_direct_write_schedule_iovec(struct nfs_direct_req *dreq,
struct iov_iter *iter,
- loff_t pos)
+ loff_t pos, int ioflags)
{
struct nfs_pageio_descriptor desc;
struct inode *inode = dreq->inode;
@@ -896,7 +896,7 @@ static ssize_t nfs_direct_write_schedule_iovec(struct nfs_direct_req *dreq,
size_t requested_bytes = 0;
size_t wsize = max_t(size_t, NFS_SERVER(inode)->wsize, PAGE_SIZE);
- nfs_pageio_init_write(&desc, inode, FLUSH_COND_STABLE, false,
+ nfs_pageio_init_write(&desc, inode, ioflags, false,
&nfs_direct_write_completion_ops);
desc.pg_dreq = dreq;
get_dreq(dreq);
@@ -1042,11 +1042,13 @@ ssize_t nfs_file_direct_write(struct kiocb *iocb, struct iov_iter *iter,
dreq->iocb = iocb;
if (swap) {
- requested = nfs_direct_write_schedule_iovec(dreq, iter, pos);
+ requested = nfs_direct_write_schedule_iovec(dreq, iter, pos,
+ FLUSH_STABLE);
} else {
nfs_start_io_direct(inode);
- requested = nfs_direct_write_schedule_iovec(dreq, iter, pos);
+ requested = nfs_direct_write_schedule_iovec(dreq, iter, pos,
+ FLUSH_COND_STABLE);
if (mapping->nrpages) {
invalidate_inode_pages2_range(mapping,
--
2.35.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 296/338] serial: samsung_tty: do not unlock port->lock for uart_write_wakeup()
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (294 preceding siblings ...)
2022-04-14 13:13 ` [PATCH 4.19 295/338] NFS: swap-out must always use STABLE writes Greg Kroah-Hartman
@ 2022-04-14 13:13 ` Greg Kroah-Hartman
2022-04-14 13:13 ` Greg Kroah-Hartman
` (47 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:13 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Thomas Abraham, Kyungmin Park,
Hyeonkook Kim, Jiri Slaby, Sasha Levin
From: Jiri Slaby <jslaby@suse.cz>
[ Upstream commit 988c7c00691008ea1daaa1235680a0da49dab4e8 ]
The commit c15c3747ee32 (serial: samsung: fix potential soft lockup
during uart write) added an unlock of port->lock before
uart_write_wakeup() and a lock after it. It was always problematic to
write data from tty_ldisc_ops::write_wakeup and it was even documented
that way. We fixed the line disciplines to conform to this recently.
So if there is still a missed one, we should fix them instead of this
workaround.
On the top of that, s3c24xx_serial_tx_dma_complete() in this driver
still holds the port->lock while calling uart_write_wakeup().
So revert the wrap added by the commit above.
Cc: Thomas Abraham <thomas.abraham@linaro.org>
Cc: Kyungmin Park <kyungmin.park@samsung.com>
Cc: Hyeonkook Kim <hk619.kim@samsung.com>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
Link: https://lore.kernel.org/r/20220308115153.4225-1-jslaby@suse.cz
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/tty/serial/samsung.c | 5 +----
1 file changed, 1 insertion(+), 4 deletions(-)
diff --git a/drivers/tty/serial/samsung.c b/drivers/tty/serial/samsung.c
index 1528a7ba2bf4..49661cef5469 100644
--- a/drivers/tty/serial/samsung.c
+++ b/drivers/tty/serial/samsung.c
@@ -761,11 +761,8 @@ static irqreturn_t s3c24xx_serial_tx_chars(int irq, void *id)
goto out;
}
- if (uart_circ_chars_pending(xmit) < WAKEUP_CHARS) {
- spin_unlock(&port->lock);
+ if (uart_circ_chars_pending(xmit) < WAKEUP_CHARS)
uart_write_wakeup(port);
- spin_lock(&port->lock);
- }
if (uart_circ_empty(xmit))
s3c24xx_serial_stop_tx(port);
--
2.35.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 297/338] virtio_console: eliminate anonymous module_init & module_exit
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
@ 2022-04-14 13:13 ` Greg Kroah-Hartman
2022-04-14 13:08 ` [PATCH 4.19 002/338] USB: serial: simple: add Nokia phone driver Greg Kroah-Hartman
` (342 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:13 UTC (permalink / raw)
To: linux-kernel
Cc: Sasha Levin, Arnd Bergmann, Amit Shah, Greg Kroah-Hartman,
Randy Dunlap, stable, virtualization
From: Randy Dunlap <rdunlap@infradead.org>
[ Upstream commit fefb8a2a941338d871e2d83fbd65fbfa068857bd ]
Eliminate anonymous module_init() and module_exit(), which can lead to
confusion or ambiguity when reading System.map, crashes/oops/bugs,
or an initcall_debug log.
Give each of these init and exit functions unique driver-specific
names to eliminate the anonymous names.
Example 1: (System.map)
ffffffff832fc78c t init
ffffffff832fc79e t init
ffffffff832fc8f8 t init
Example 2: (initcall_debug log)
calling init+0x0/0x12 @ 1
initcall init+0x0/0x12 returned 0 after 15 usecs
calling init+0x0/0x60 @ 1
initcall init+0x0/0x60 returned 0 after 2 usecs
calling init+0x0/0x9a @ 1
initcall init+0x0/0x9a returned 0 after 74 usecs
Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
Reviewed-by: Amit Shah <amit@kernel.org>
Cc: virtualization@lists.linux-foundation.org
Cc: Arnd Bergmann <arnd@arndb.de>
Link: https://lore.kernel.org/r/20220316192010.19001-3-rdunlap@infradead.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/char/virtio_console.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/drivers/char/virtio_console.c b/drivers/char/virtio_console.c
index ac0b84afabe7..d3937d690400 100644
--- a/drivers/char/virtio_console.c
+++ b/drivers/char/virtio_console.c
@@ -2265,7 +2265,7 @@ static struct virtio_driver virtio_rproc_serial = {
.remove = virtcons_remove,
};
-static int __init init(void)
+static int __init virtio_console_init(void)
{
int err;
@@ -2302,7 +2302,7 @@ static int __init init(void)
return err;
}
-static void __exit fini(void)
+static void __exit virtio_console_fini(void)
{
reclaim_dma_bufs();
@@ -2312,8 +2312,8 @@ static void __exit fini(void)
class_destroy(pdrvdata.class);
debugfs_remove_recursive(pdrvdata.debugfs_dir);
}
-module_init(init);
-module_exit(fini);
+module_init(virtio_console_init);
+module_exit(virtio_console_fini);
MODULE_DESCRIPTION("Virtio console driver");
MODULE_LICENSE("GPL");
--
2.35.1
_______________________________________________
Virtualization mailing list
Virtualization@lists.linux-foundation.org
https://lists.linuxfoundation.org/mailman/listinfo/virtualization
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 297/338] virtio_console: eliminate anonymous module_init & module_exit
@ 2022-04-14 13:13 ` Greg Kroah-Hartman
0 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:13 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Randy Dunlap, Amit Shah,
virtualization, Arnd Bergmann, Sasha Levin
From: Randy Dunlap <rdunlap@infradead.org>
[ Upstream commit fefb8a2a941338d871e2d83fbd65fbfa068857bd ]
Eliminate anonymous module_init() and module_exit(), which can lead to
confusion or ambiguity when reading System.map, crashes/oops/bugs,
or an initcall_debug log.
Give each of these init and exit functions unique driver-specific
names to eliminate the anonymous names.
Example 1: (System.map)
ffffffff832fc78c t init
ffffffff832fc79e t init
ffffffff832fc8f8 t init
Example 2: (initcall_debug log)
calling init+0x0/0x12 @ 1
initcall init+0x0/0x12 returned 0 after 15 usecs
calling init+0x0/0x60 @ 1
initcall init+0x0/0x60 returned 0 after 2 usecs
calling init+0x0/0x9a @ 1
initcall init+0x0/0x9a returned 0 after 74 usecs
Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
Reviewed-by: Amit Shah <amit@kernel.org>
Cc: virtualization@lists.linux-foundation.org
Cc: Arnd Bergmann <arnd@arndb.de>
Link: https://lore.kernel.org/r/20220316192010.19001-3-rdunlap@infradead.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/char/virtio_console.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/drivers/char/virtio_console.c b/drivers/char/virtio_console.c
index ac0b84afabe7..d3937d690400 100644
--- a/drivers/char/virtio_console.c
+++ b/drivers/char/virtio_console.c
@@ -2265,7 +2265,7 @@ static struct virtio_driver virtio_rproc_serial = {
.remove = virtcons_remove,
};
-static int __init init(void)
+static int __init virtio_console_init(void)
{
int err;
@@ -2302,7 +2302,7 @@ static int __init init(void)
return err;
}
-static void __exit fini(void)
+static void __exit virtio_console_fini(void)
{
reclaim_dma_bufs();
@@ -2312,8 +2312,8 @@ static void __exit fini(void)
class_destroy(pdrvdata.class);
debugfs_remove_recursive(pdrvdata.debugfs_dir);
}
-module_init(init);
-module_exit(fini);
+module_init(virtio_console_init);
+module_exit(virtio_console_fini);
MODULE_DESCRIPTION("Virtio console driver");
MODULE_LICENSE("GPL");
--
2.35.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 298/338] jfs: prevent NULL deref in diFree
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (296 preceding siblings ...)
2022-04-14 13:13 ` Greg Kroah-Hartman
@ 2022-04-14 13:13 ` Greg Kroah-Hartman
2022-04-14 13:13 ` [PATCH 4.19 299/338] parisc: Fix CPU affinity for Lasi, WAX and Dino chips Greg Kroah-Hartman
` (45 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:13 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, TCS Robot, Haimin Zhang,
Dave Kleikamp, Sasha Levin
From: Haimin Zhang <tcs_kernel@tencent.com>
[ Upstream commit a53046291020ec41e09181396c1e829287b48d47 ]
Add validation check for JFS_IP(ipimap)->i_imap to prevent a NULL deref
in diFree since diFree uses it without do any validations.
When function jfs_mount calls diMount to initialize fileset inode
allocation map, it can fail and JFS_IP(ipimap)->i_imap won't be
initialized. Then it calls diFreeSpecial to close fileset inode allocation
map inode and it will flow into jfs_evict_inode. Function jfs_evict_inode
just validates JFS_SBI(inode->i_sb)->ipimap, then calls diFree. diFree use
JFS_IP(ipimap)->i_imap directly, then it will cause a NULL deref.
Reported-by: TCS Robot <tcs_robot@tencent.com>
Signed-off-by: Haimin Zhang <tcs_kernel@tencent.com>
Signed-off-by: Dave Kleikamp <dave.kleikamp@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/jfs/inode.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/fs/jfs/inode.c b/fs/jfs/inode.c
index 87b41edc800d..68779cc3609a 100644
--- a/fs/jfs/inode.c
+++ b/fs/jfs/inode.c
@@ -156,12 +156,13 @@ void jfs_evict_inode(struct inode *inode)
dquot_initialize(inode);
if (JFS_IP(inode)->fileset == FILESYSTEM_I) {
+ struct inode *ipimap = JFS_SBI(inode->i_sb)->ipimap;
truncate_inode_pages_final(&inode->i_data);
if (test_cflag(COMMIT_Freewmap, inode))
jfs_free_zero_link(inode);
- if (JFS_SBI(inode->i_sb)->ipimap)
+ if (ipimap && JFS_IP(ipimap)->i_imap)
diFree(inode);
/*
--
2.35.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 299/338] parisc: Fix CPU affinity for Lasi, WAX and Dino chips
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (297 preceding siblings ...)
2022-04-14 13:13 ` [PATCH 4.19 298/338] jfs: prevent NULL deref in diFree Greg Kroah-Hartman
@ 2022-04-14 13:13 ` Greg Kroah-Hartman
2022-04-14 13:13 ` [PATCH 4.19 300/338] net: add missing SOF_TIMESTAMPING_OPT_ID support Greg Kroah-Hartman
` (44 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:13 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Helge Deller, Sasha Levin
From: Helge Deller <deller@gmx.de>
[ Upstream commit 939fc856676c266c3bc347c1c1661872a3725c0f ]
Add the missing logic to allow Lasi, WAX and Dino to set the
CPU affinity. This fixes IRQ migration to other CPUs when a
CPU is shutdown which currently holds the IRQs for one of those
chips.
Signed-off-by: Helge Deller <deller@gmx.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/parisc/dino.c | 41 +++++++++++++++++++++++++++++++++--------
drivers/parisc/gsc.c | 31 +++++++++++++++++++++++++++++++
drivers/parisc/gsc.h | 1 +
drivers/parisc/lasi.c | 7 +++----
drivers/parisc/wax.c | 7 +++----
5 files changed, 71 insertions(+), 16 deletions(-)
diff --git a/drivers/parisc/dino.c b/drivers/parisc/dino.c
index 2b60535a9c7b..25f36e5197d4 100644
--- a/drivers/parisc/dino.c
+++ b/drivers/parisc/dino.c
@@ -144,9 +144,8 @@ struct dino_device
{
struct pci_hba_data hba; /* 'C' inheritance - must be first */
spinlock_t dinosaur_pen;
- unsigned long txn_addr; /* EIR addr to generate interrupt */
- u32 txn_data; /* EIR data assign to each dino */
u32 imr; /* IRQ's which are enabled */
+ struct gsc_irq gsc_irq;
int global_irq[DINO_LOCAL_IRQS]; /* map IMR bit to global irq */
#ifdef DINO_DEBUG
unsigned int dino_irr0; /* save most recent IRQ line stat */
@@ -343,14 +342,43 @@ static void dino_unmask_irq(struct irq_data *d)
if (tmp & DINO_MASK_IRQ(local_irq)) {
DBG(KERN_WARNING "%s(): IRQ asserted! (ILR 0x%x)\n",
__func__, tmp);
- gsc_writel(dino_dev->txn_data, dino_dev->txn_addr);
+ gsc_writel(dino_dev->gsc_irq.txn_data, dino_dev->gsc_irq.txn_addr);
}
}
+#ifdef CONFIG_SMP
+static int dino_set_affinity_irq(struct irq_data *d, const struct cpumask *dest,
+ bool force)
+{
+ struct dino_device *dino_dev = irq_data_get_irq_chip_data(d);
+ struct cpumask tmask;
+ int cpu_irq;
+ u32 eim;
+
+ if (!cpumask_and(&tmask, dest, cpu_online_mask))
+ return -EINVAL;
+
+ cpu_irq = cpu_check_affinity(d, &tmask);
+ if (cpu_irq < 0)
+ return cpu_irq;
+
+ dino_dev->gsc_irq.txn_addr = txn_affinity_addr(d->irq, cpu_irq);
+ eim = ((u32) dino_dev->gsc_irq.txn_addr) | dino_dev->gsc_irq.txn_data;
+ __raw_writel(eim, dino_dev->hba.base_addr+DINO_IAR0);
+
+ irq_data_update_effective_affinity(d, &tmask);
+
+ return IRQ_SET_MASK_OK;
+}
+#endif
+
static struct irq_chip dino_interrupt_type = {
.name = "GSC-PCI",
.irq_unmask = dino_unmask_irq,
.irq_mask = dino_mask_irq,
+#ifdef CONFIG_SMP
+ .irq_set_affinity = dino_set_affinity_irq,
+#endif
};
@@ -811,7 +839,6 @@ static int __init dino_common_init(struct parisc_device *dev,
{
int status;
u32 eim;
- struct gsc_irq gsc_irq;
struct resource *res;
pcibios_register_hba(&dino_dev->hba);
@@ -826,10 +853,8 @@ static int __init dino_common_init(struct parisc_device *dev,
** still only has 11 IRQ input lines - just map some of them
** to a different processor.
*/
- dev->irq = gsc_alloc_irq(&gsc_irq);
- dino_dev->txn_addr = gsc_irq.txn_addr;
- dino_dev->txn_data = gsc_irq.txn_data;
- eim = ((u32) gsc_irq.txn_addr) | gsc_irq.txn_data;
+ dev->irq = gsc_alloc_irq(&dino_dev->gsc_irq);
+ eim = ((u32) dino_dev->gsc_irq.txn_addr) | dino_dev->gsc_irq.txn_data;
/*
** Dino needs a PA "IRQ" to get a processor's attention.
diff --git a/drivers/parisc/gsc.c b/drivers/parisc/gsc.c
index 1bab5a2cd359..a0cae6194591 100644
--- a/drivers/parisc/gsc.c
+++ b/drivers/parisc/gsc.c
@@ -139,10 +139,41 @@ static void gsc_asic_unmask_irq(struct irq_data *d)
*/
}
+#ifdef CONFIG_SMP
+static int gsc_set_affinity_irq(struct irq_data *d, const struct cpumask *dest,
+ bool force)
+{
+ struct gsc_asic *gsc_dev = irq_data_get_irq_chip_data(d);
+ struct cpumask tmask;
+ int cpu_irq;
+
+ if (!cpumask_and(&tmask, dest, cpu_online_mask))
+ return -EINVAL;
+
+ cpu_irq = cpu_check_affinity(d, &tmask);
+ if (cpu_irq < 0)
+ return cpu_irq;
+
+ gsc_dev->gsc_irq.txn_addr = txn_affinity_addr(d->irq, cpu_irq);
+ gsc_dev->eim = ((u32) gsc_dev->gsc_irq.txn_addr) | gsc_dev->gsc_irq.txn_data;
+
+ /* switch IRQ's for devices below LASI/WAX to other CPU */
+ gsc_writel(gsc_dev->eim, gsc_dev->hpa + OFFSET_IAR);
+
+ irq_data_update_effective_affinity(d, &tmask);
+
+ return IRQ_SET_MASK_OK;
+}
+#endif
+
+
static struct irq_chip gsc_asic_interrupt_type = {
.name = "GSC-ASIC",
.irq_unmask = gsc_asic_unmask_irq,
.irq_mask = gsc_asic_mask_irq,
+#ifdef CONFIG_SMP
+ .irq_set_affinity = gsc_set_affinity_irq,
+#endif
};
int gsc_assign_irq(struct irq_chip *type, void *data)
diff --git a/drivers/parisc/gsc.h b/drivers/parisc/gsc.h
index b9d7bfb68e24..9a364a4d09a5 100644
--- a/drivers/parisc/gsc.h
+++ b/drivers/parisc/gsc.h
@@ -32,6 +32,7 @@ struct gsc_asic {
int version;
int type;
int eim;
+ struct gsc_irq gsc_irq;
int global_irq[32];
};
diff --git a/drivers/parisc/lasi.c b/drivers/parisc/lasi.c
index 4c9225431500..07ac0b8ee4fe 100644
--- a/drivers/parisc/lasi.c
+++ b/drivers/parisc/lasi.c
@@ -167,7 +167,6 @@ static int __init lasi_init_chip(struct parisc_device *dev)
{
extern void (*chassis_power_off)(void);
struct gsc_asic *lasi;
- struct gsc_irq gsc_irq;
int ret;
lasi = kzalloc(sizeof(*lasi), GFP_KERNEL);
@@ -189,7 +188,7 @@ static int __init lasi_init_chip(struct parisc_device *dev)
lasi_init_irq(lasi);
/* the IRQ lasi should use */
- dev->irq = gsc_alloc_irq(&gsc_irq);
+ dev->irq = gsc_alloc_irq(&lasi->gsc_irq);
if (dev->irq < 0) {
printk(KERN_ERR "%s(): cannot get GSC irq\n",
__func__);
@@ -197,9 +196,9 @@ static int __init lasi_init_chip(struct parisc_device *dev)
return -EBUSY;
}
- lasi->eim = ((u32) gsc_irq.txn_addr) | gsc_irq.txn_data;
+ lasi->eim = ((u32) lasi->gsc_irq.txn_addr) | lasi->gsc_irq.txn_data;
- ret = request_irq(gsc_irq.irq, gsc_asic_intr, 0, "lasi", lasi);
+ ret = request_irq(lasi->gsc_irq.irq, gsc_asic_intr, 0, "lasi", lasi);
if (ret < 0) {
kfree(lasi);
return ret;
diff --git a/drivers/parisc/wax.c b/drivers/parisc/wax.c
index 6a3e40702b3b..5c42bfa83398 100644
--- a/drivers/parisc/wax.c
+++ b/drivers/parisc/wax.c
@@ -72,7 +72,6 @@ static int __init wax_init_chip(struct parisc_device *dev)
{
struct gsc_asic *wax;
struct parisc_device *parent;
- struct gsc_irq gsc_irq;
int ret;
wax = kzalloc(sizeof(*wax), GFP_KERNEL);
@@ -89,7 +88,7 @@ static int __init wax_init_chip(struct parisc_device *dev)
wax_init_irq(wax);
/* the IRQ wax should use */
- dev->irq = gsc_claim_irq(&gsc_irq, WAX_GSC_IRQ);
+ dev->irq = gsc_claim_irq(&wax->gsc_irq, WAX_GSC_IRQ);
if (dev->irq < 0) {
printk(KERN_ERR "%s(): cannot get GSC irq\n",
__func__);
@@ -97,9 +96,9 @@ static int __init wax_init_chip(struct parisc_device *dev)
return -EBUSY;
}
- wax->eim = ((u32) gsc_irq.txn_addr) | gsc_irq.txn_data;
+ wax->eim = ((u32) wax->gsc_irq.txn_addr) | wax->gsc_irq.txn_data;
- ret = request_irq(gsc_irq.irq, gsc_asic_intr, 0, "wax", wax);
+ ret = request_irq(wax->gsc_irq.irq, gsc_asic_intr, 0, "wax", wax);
if (ret < 0) {
kfree(wax);
return ret;
--
2.35.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 300/338] net: add missing SOF_TIMESTAMPING_OPT_ID support
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (298 preceding siblings ...)
2022-04-14 13:13 ` [PATCH 4.19 299/338] parisc: Fix CPU affinity for Lasi, WAX and Dino chips Greg Kroah-Hartman
@ 2022-04-14 13:13 ` Greg Kroah-Hartman
2022-04-14 13:13 ` [PATCH 4.19 301/338] mm: fix race between MADV_FREE reclaim and blkdev direct IO read Greg Kroah-Hartman
` (43 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:13 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Willem de Bruijn,
Soheil Hassas Yeganeh, David S. Miller, Vladimir Oltean,
Sasha Levin
From: Willem de Bruijn <willemb@google.com>
[ Upstream commit 8f932f762e7928d250e21006b00ff9b7718b0a64 ]
SOF_TIMESTAMPING_OPT_ID is supported on TCP, UDP and RAW sockets.
But it was missing on RAW with IPPROTO_IP, PF_PACKET and CAN.
Add skb_setup_tx_timestamp that configures both tx_flags and tskey
for these paths that do not need corking or use bytestream keys.
Fixes: 09c2d251b707 ("net-timestamp: add key to disambiguate concurrent datagrams")
Signed-off-by: Willem de Bruijn <willemb@google.com>
Acked-by: Soheil Hassas Yeganeh <soheil@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Vladimir Oltean <vladimir.oltean@nxp.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/net/sock.h | 25 +++++++++++++++++++++----
net/can/raw.c | 2 +-
net/ipv4/raw.c | 2 +-
net/ipv6/raw.c | 2 +-
net/packet/af_packet.c | 6 +++---
5 files changed, 27 insertions(+), 10 deletions(-)
diff --git a/include/net/sock.h b/include/net/sock.h
index 2bf8dcf863f2..7d3a4c2eea95 100644
--- a/include/net/sock.h
+++ b/include/net/sock.h
@@ -2400,22 +2400,39 @@ static inline void sock_recv_ts_and_drops(struct msghdr *msg, struct sock *sk,
void __sock_tx_timestamp(__u16 tsflags, __u8 *tx_flags);
/**
- * sock_tx_timestamp - checks whether the outgoing packet is to be time stamped
+ * _sock_tx_timestamp - checks whether the outgoing packet is to be time stamped
* @sk: socket sending this packet
* @tsflags: timestamping flags to use
* @tx_flags: completed with instructions for time stamping
+ * @tskey: filled in with next sk_tskey (not for TCP, which uses seqno)
*
* Note: callers should take care of initial ``*tx_flags`` value (usually 0)
*/
-static inline void sock_tx_timestamp(const struct sock *sk, __u16 tsflags,
- __u8 *tx_flags)
+static inline void _sock_tx_timestamp(struct sock *sk, __u16 tsflags,
+ __u8 *tx_flags, __u32 *tskey)
{
- if (unlikely(tsflags))
+ if (unlikely(tsflags)) {
__sock_tx_timestamp(tsflags, tx_flags);
+ if (tsflags & SOF_TIMESTAMPING_OPT_ID && tskey &&
+ tsflags & SOF_TIMESTAMPING_TX_RECORD_MASK)
+ *tskey = sk->sk_tskey++;
+ }
if (unlikely(sock_flag(sk, SOCK_WIFI_STATUS)))
*tx_flags |= SKBTX_WIFI_STATUS;
}
+static inline void sock_tx_timestamp(struct sock *sk, __u16 tsflags,
+ __u8 *tx_flags)
+{
+ _sock_tx_timestamp(sk, tsflags, tx_flags, NULL);
+}
+
+static inline void skb_setup_tx_timestamp(struct sk_buff *skb, __u16 tsflags)
+{
+ _sock_tx_timestamp(skb->sk, tsflags, &skb_shinfo(skb)->tx_flags,
+ &skb_shinfo(skb)->tskey);
+}
+
/**
* sk_eat_skb - Release a skb if it is no longer needed
* @sk: socket to eat this skb from
diff --git a/net/can/raw.c b/net/can/raw.c
index d0fb5a57c66d..2a6db8752b61 100644
--- a/net/can/raw.c
+++ b/net/can/raw.c
@@ -814,7 +814,7 @@ static int raw_sendmsg(struct socket *sock, struct msghdr *msg, size_t size)
if (err < 0)
goto free_skb;
- sock_tx_timestamp(sk, sk->sk_tsflags, &skb_shinfo(skb)->tx_flags);
+ skb_setup_tx_timestamp(skb, sk->sk_tsflags);
skb->dev = dev;
skb->sk = sk;
diff --git a/net/ipv4/raw.c b/net/ipv4/raw.c
index 8cae691c3c9f..654f586fc0d7 100644
--- a/net/ipv4/raw.c
+++ b/net/ipv4/raw.c
@@ -391,7 +391,7 @@ static int raw_send_hdrinc(struct sock *sk, struct flowi4 *fl4,
skb->ip_summed = CHECKSUM_NONE;
- sock_tx_timestamp(sk, sockc->tsflags, &skb_shinfo(skb)->tx_flags);
+ skb_setup_tx_timestamp(skb, sockc->tsflags);
if (flags & MSG_CONFIRM)
skb_set_dst_pending_confirm(skb, 1);
diff --git a/net/ipv6/raw.c b/net/ipv6/raw.c
index 98c8f98a7660..ad7bd40b6d53 100644
--- a/net/ipv6/raw.c
+++ b/net/ipv6/raw.c
@@ -660,7 +660,7 @@ static int rawv6_send_hdrinc(struct sock *sk, struct msghdr *msg, int length,
skb->ip_summed = CHECKSUM_NONE;
- sock_tx_timestamp(sk, sockc->tsflags, &skb_shinfo(skb)->tx_flags);
+ skb_setup_tx_timestamp(skb, sockc->tsflags);
if (flags & MSG_CONFIRM)
skb_set_dst_pending_confirm(skb, 1);
diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c
index d65051959f85..b951f411dded 100644
--- a/net/packet/af_packet.c
+++ b/net/packet/af_packet.c
@@ -1978,7 +1978,7 @@ static int packet_sendmsg_spkt(struct socket *sock, struct msghdr *msg,
skb->mark = sk->sk_mark;
skb->tstamp = sockc.transmit_time;
- sock_tx_timestamp(sk, sockc.tsflags, &skb_shinfo(skb)->tx_flags);
+ skb_setup_tx_timestamp(skb, sockc.tsflags);
if (unlikely(extra_len == 4))
skb->no_fcs = 1;
@@ -2501,7 +2501,7 @@ static int tpacket_fill_skb(struct packet_sock *po, struct sk_buff *skb,
skb->priority = po->sk.sk_priority;
skb->mark = po->sk.sk_mark;
skb->tstamp = sockc->transmit_time;
- sock_tx_timestamp(&po->sk, sockc->tsflags, &skb_shinfo(skb)->tx_flags);
+ skb_setup_tx_timestamp(skb, sockc->tsflags);
skb_zcopy_set_nouarg(skb, ph.raw);
skb_reserve(skb, hlen);
@@ -2965,7 +2965,7 @@ static int packet_snd(struct socket *sock, struct msghdr *msg, size_t len)
goto out_free;
}
- sock_tx_timestamp(sk, sockc.tsflags, &skb_shinfo(skb)->tx_flags);
+ skb_setup_tx_timestamp(skb, sockc.tsflags);
if (!vnet_hdr.gso_type && (len > dev->mtu + reserve + extra_len) &&
!packet_extra_vlan_len_allowed(dev, skb)) {
--
2.35.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 301/338] mm: fix race between MADV_FREE reclaim and blkdev direct IO read
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (299 preceding siblings ...)
2022-04-14 13:13 ` [PATCH 4.19 300/338] net: add missing SOF_TIMESTAMPING_OPT_ID support Greg Kroah-Hartman
@ 2022-04-14 13:13 ` Greg Kroah-Hartman
2022-04-14 13:13 ` [PATCH 4.19 302/338] KVM: arm64: Check arm64_get_bp_hardening_data() didnt return NULL Greg Kroah-Hartman
` (42 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:13 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Mauricio Faria de Oliveira, Huang,
Ying, Minchan Kim, Yu Zhao, Yang Shi, Miaohe Lin, Dan Hill,
Dan Streetman, Dongdong Tao, Gavin Guo, Gerald Yang,
Heitor Alves de Siqueira, Ioanna Alifieraki, Jay Vosburgh,
Matthew Ruffell, Ponnuvel Palaniyappan, Christoph Hellwig,
Andrew Morton, Linus Torvalds, Sasha Levin
From: Mauricio Faria de Oliveira <mfo@canonical.com>
commit 6c8e2a256915a223f6289f651d6b926cd7135c9e upstream.
Problem:
=======
Userspace might read the zero-page instead of actual data from a direct IO
read on a block device if the buffers have been called madvise(MADV_FREE)
on earlier (this is discussed below) due to a race between page reclaim on
MADV_FREE and blkdev direct IO read.
- Race condition:
==============
During page reclaim, the MADV_FREE page check in try_to_unmap_one() checks
if the page is not dirty, then discards its rmap PTE(s) (vs. remap back
if the page is dirty).
However, after try_to_unmap_one() returns to shrink_page_list(), it might
keep the page _anyway_ if page_ref_freeze() fails (it expects exactly
_one_ page reference, from the isolation for page reclaim).
Well, blkdev_direct_IO() gets references for all pages, and on READ
operations it only sets them dirty _later_.
So, if MADV_FREE'd pages (i.e., not dirty) are used as buffers for direct
IO read from block devices, and page reclaim happens during
__blkdev_direct_IO[_simple]() exactly AFTER bio_iov_iter_get_pages()
returns, but BEFORE the pages are set dirty, the situation happens.
The direct IO read eventually completes. Now, when userspace reads the
buffers, the PTE is no longer there and the page fault handler
do_anonymous_page() services that with the zero-page, NOT the data!
A synthetic reproducer is provided.
- Page faults:
===========
If page reclaim happens BEFORE bio_iov_iter_get_pages() the issue doesn't
happen, because that faults-in all pages as writeable, so
do_anonymous_page() sets up a new page/rmap/PTE, and that is used by
direct IO. The userspace reads don't fault as the PTE is there (thus
zero-page is not used/setup).
But if page reclaim happens AFTER it / BEFORE setting pages dirty, the PTE
is no longer there; the subsequent page faults can't help:
The data-read from the block device probably won't generate faults due to
DMA (no MMU) but even in the case it wouldn't use DMA, that happens on
different virtual addresses (not user-mapped addresses) because `struct
bio_vec` stores `struct page` to figure addresses out (which are different
from user-mapped addresses) for the read.
Thus userspace reads (to user-mapped addresses) still fault, then
do_anonymous_page() gets another `struct page` that would address/ map to
other memory than the `struct page` used by `struct bio_vec` for the read.
(The original `struct page` is not available, since it wasn't freed, as
page_ref_freeze() failed due to more page refs. And even if it were
available, its data cannot be trusted anymore.)
Solution:
========
One solution is to check for the expected page reference count in
try_to_unmap_one().
There should be one reference from the isolation (that is also checked in
shrink_page_list() with page_ref_freeze()) plus one or more references
from page mapping(s) (put in discard: label). Further references mean
that rmap/PTE cannot be unmapped/nuked.
(Note: there might be more than one reference from mapping due to
fork()/clone() without CLONE_VM, which use the same `struct page` for
references, until the copy-on-write page gets copied.)
So, additional page references (e.g., from direct IO read) now prevent the
rmap/PTE from being unmapped/dropped; similarly to the page is not freed
per shrink_page_list()/page_ref_freeze()).
- Races and Barriers:
==================
The new check in try_to_unmap_one() should be safe in races with
bio_iov_iter_get_pages() in get_user_pages() fast and slow paths, as it's
done under the PTE lock.
The fast path doesn't take the lock, but it checks if the PTE has changed
and if so, it drops the reference and leaves the page for the slow path
(which does take that lock).
The fast path requires synchronization w/ full memory barrier: it writes
the page reference count first then it reads the PTE later, while
try_to_unmap() writes PTE first then it reads page refcount.
And a second barrier is needed, as the page dirty flag should not be read
before the page reference count (as in __remove_mapping()). (This can be
a load memory barrier only; no writes are involved.)
Call stack/comments:
- try_to_unmap_one()
- page_vma_mapped_walk()
- map_pte() # see pte_offset_map_lock():
pte_offset_map()
spin_lock()
- ptep_get_and_clear() # write PTE
- smp_mb() # (new barrier) GUP fast path
- page_ref_count() # (new check) read refcount
- page_vma_mapped_walk_done() # see pte_unmap_unlock():
pte_unmap()
spin_unlock()
- bio_iov_iter_get_pages()
- __bio_iov_iter_get_pages()
- iov_iter_get_pages()
- get_user_pages_fast()
- internal_get_user_pages_fast()
# fast path
- lockless_pages_from_mm()
- gup_{pgd,p4d,pud,pmd,pte}_range()
ptep = pte_offset_map() # not _lock()
pte = ptep_get_lockless(ptep)
page = pte_page(pte)
try_grab_compound_head(page) # inc refcount
# (RMW/barrier
# on success)
if (pte_val(pte) != pte_val(*ptep)) # read PTE
put_compound_head(page) # dec refcount
# go slow path
# slow path
- __gup_longterm_unlocked()
- get_user_pages_unlocked()
- __get_user_pages_locked()
- __get_user_pages()
- follow_{page,p4d,pud,pmd}_mask()
- follow_page_pte()
ptep = pte_offset_map_lock()
pte = *ptep
page = vm_normal_page(pte)
try_grab_page(page) # inc refcount
pte_unmap_unlock()
- Huge Pages:
==========
Regarding transparent hugepages, that logic shouldn't change, as MADV_FREE
(aka lazyfree) pages are PageAnon() && !PageSwapBacked()
(madvise_free_pte_range() -> mark_page_lazyfree() -> lru_lazyfree_fn())
thus should reach shrink_page_list() -> split_huge_page_to_list() before
try_to_unmap[_one](), so it deals with normal pages only.
(And in case unlikely/TTU_SPLIT_HUGE_PMD/split_huge_pmd_address() happens,
which should not or be rare, the page refcount should be greater than
mapcount: the head page is referenced by tail pages. That also prevents
checking the head `page` then incorrectly call page_remove_rmap(subpage)
for a tail page, that isn't even in the shrink_page_list()'s page_list (an
effect of split huge pmd/pmvw), as it might happen today in this unlikely
scenario.)
MADV_FREE'd buffers:
===================
So, back to the "if MADV_FREE pages are used as buffers" note. The case
is arguable, and subject to multiple interpretations.
The madvise(2) manual page on the MADV_FREE advice value says:
1) 'After a successful MADV_FREE ... data will be lost when
the kernel frees the pages.'
2) 'the free operation will be canceled if the caller writes
into the page' / 'subsequent writes ... will succeed and
then [the] kernel cannot free those dirtied pages'
3) 'If there is no subsequent write, the kernel can free the
pages at any time.'
Thoughts, questions, considerations... respectively:
1) Since the kernel didn't actually free the page (page_ref_freeze()
failed), should the data not have been lost? (on userspace read.)
2) Should writes performed by the direct IO read be able to cancel
the free operation?
- Should the direct IO read be considered as 'the caller' too,
as it's been requested by 'the caller'?
- Should the bio technique to dirty pages on return to userspace
(bio_check_pages_dirty() is called/used by __blkdev_direct_IO())
be considered in another/special way here?
3) Should an upcoming write from a previously requested direct IO
read be considered as a subsequent write, so the kernel should
not free the pages? (as it's known at the time of page reclaim.)
And lastly:
Technically, the last point would seem a reasonable consideration and
balance, as the madvise(2) manual page apparently (and fairly) seem to
assume that 'writes' are memory access from the userspace process (not
explicitly considering writes from the kernel or its corner cases; again,
fairly).. plus the kernel fix implementation for the corner case of the
largely 'non-atomic write' encompassed by a direct IO read operation, is
relatively simple; and it helps.
Reproducer:
==========
@ test.c (simplified, but works)
#define _GNU_SOURCE
#include <fcntl.h>
#include <stdio.h>
#include <unistd.h>
#include <sys/mman.h>
int main() {
int fd, i;
char *buf;
fd = open(DEV, O_RDONLY | O_DIRECT);
buf = mmap(NULL, BUF_SIZE, PROT_READ | PROT_WRITE,
MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
for (i = 0; i < BUF_SIZE; i += PAGE_SIZE)
buf[i] = 1; // init to non-zero
madvise(buf, BUF_SIZE, MADV_FREE);
read(fd, buf, BUF_SIZE);
for (i = 0; i < BUF_SIZE; i += PAGE_SIZE)
printf("%p: 0x%x\n", &buf[i], buf[i]);
return 0;
}
@ block/fops.c (formerly fs/block_dev.c)
+#include <linux/swap.h>
...
... __blkdev_direct_IO[_simple](...)
{
...
+ if (!strcmp(current->comm, "good"))
+ shrink_all_memory(ULONG_MAX);
+
ret = bio_iov_iter_get_pages(...);
+
+ if (!strcmp(current->comm, "bad"))
+ shrink_all_memory(ULONG_MAX);
...
}
@ shell
# NUM_PAGES=4
# PAGE_SIZE=$(getconf PAGE_SIZE)
# yes | dd of=test.img bs=${PAGE_SIZE} count=${NUM_PAGES}
# DEV=$(losetup -f --show test.img)
# gcc -DDEV=\"$DEV\" \
-DBUF_SIZE=$((PAGE_SIZE * NUM_PAGES)) \
-DPAGE_SIZE=${PAGE_SIZE} \
test.c -o test
# od -tx1 $DEV
0000000 79 0a 79 0a 79 0a 79 0a 79 0a 79 0a 79 0a 79 0a
*
0040000
# mv test good
# ./good
0x7f7c10418000: 0x79
0x7f7c10419000: 0x79
0x7f7c1041a000: 0x79
0x7f7c1041b000: 0x79
# mv good bad
# ./bad
0x7fa1b8050000: 0x0
0x7fa1b8051000: 0x0
0x7fa1b8052000: 0x0
0x7fa1b8053000: 0x0
Note: the issue is consistent on v5.17-rc3, but it's intermittent with the
support of MADV_FREE on v4.5 (60%-70% error; needs swap). [wrap
do_direct_IO() in do_blockdev_direct_IO() @ fs/direct-io.c].
- v5.17-rc3:
# for i in {1..1000}; do ./good; done \
| cut -d: -f2 | sort | uniq -c
4000 0x79
# mv good bad
# for i in {1..1000}; do ./bad; done \
| cut -d: -f2 | sort | uniq -c
4000 0x0
# free | grep Swap
Swap: 0 0 0
- v4.5:
# for i in {1..1000}; do ./good; done \
| cut -d: -f2 | sort | uniq -c
4000 0x79
# mv good bad
# for i in {1..1000}; do ./bad; done \
| cut -d: -f2 | sort | uniq -c
2702 0x0
1298 0x79
# swapoff -av
swapoff /swap
# for i in {1..1000}; do ./bad; done \
| cut -d: -f2 | sort | uniq -c
4000 0x79
Ceph/TCMalloc:
=============
For documentation purposes, the use case driving the analysis/fix is Ceph
on Ubuntu 18.04, as the TCMalloc library there still uses MADV_FREE to
release unused memory to the system from the mmap'ed page heap (might be
committed back/used again; it's not munmap'ed.) - PageHeap::DecommitSpan()
-> TCMalloc_SystemRelease() -> madvise() - PageHeap::CommitSpan() ->
TCMalloc_SystemCommit() -> do nothing.
Note: TCMalloc switched back to MADV_DONTNEED a few commits after the
release in Ubuntu 18.04 (google-perftools/gperftools 2.5), so the issue
just 'disappeared' on Ceph on later Ubuntu releases but is still present
in the kernel, and can be hit by other use cases.
The observed issue seems to be the old Ceph bug #22464 [1], where checksum
mismatches are observed (and instrumentation with buffer dumps shows
zero-pages read from mmap'ed/MADV_FREE'd page ranges).
The issue in Ceph was reasonably deemed a kernel bug (comment #50) and
mostly worked around with a retry mechanism, but other parts of Ceph could
still hit that (rocksdb). Anyway, it's less likely to be hit again as
TCMalloc switched out of MADV_FREE by default.
(Some kernel versions/reports from the Ceph bug, and relation with
the MADV_FREE introduction/changes; TCMalloc versions not checked.)
- 4.4 good
- 4.5 (madv_free: introduction)
- 4.9 bad
- 4.10 good? maybe a swapless system
- 4.12 (madv_free: no longer free instantly on swapless systems)
- 4.13 bad
[1] https://tracker.ceph.com/issues/22464
Thanks:
======
Several people contributed to analysis/discussions/tests/reproducers in
the first stages when drilling down on ceph/tcmalloc/linux kernel:
- Dan Hill
- Dan Streetman
- Dongdong Tao
- Gavin Guo
- Gerald Yang
- Heitor Alves de Siqueira
- Ioanna Alifieraki
- Jay Vosburgh
- Matthew Ruffell
- Ponnuvel Palaniyappan
Reviews, suggestions, corrections, comments:
- Minchan Kim
- Yu Zhao
- Huang, Ying
- John Hubbard
- Christoph Hellwig
[mfo@canonical.com: v4]
Link: https://lkml.kernel.org/r/20220209202659.183418-1-mfo@canonical.comLink: https://lkml.kernel.org/r/20220131230255.789059-1-mfo@canonical.com
Fixes: 802a3a92ad7a ("mm: reclaim MADV_FREE pages")
Signed-off-by: Mauricio Faria de Oliveira <mfo@canonical.com>
Reviewed-by: "Huang, Ying" <ying.huang@intel.com>
Cc: Minchan Kim <minchan@kernel.org>
Cc: Yu Zhao <yuzhao@google.com>
Cc: Yang Shi <shy828301@gmail.com>
Cc: Miaohe Lin <linmiaohe@huawei.com>
Cc: Dan Hill <daniel.hill@canonical.com>
Cc: Dan Streetman <dan.streetman@canonical.com>
Cc: Dongdong Tao <dongdong.tao@canonical.com>
Cc: Gavin Guo <gavin.guo@canonical.com>
Cc: Gerald Yang <gerald.yang@canonical.com>
Cc: Heitor Alves de Siqueira <halves@canonical.com>
Cc: Ioanna Alifieraki <ioanna-maria.alifieraki@canonical.com>
Cc: Jay Vosburgh <jay.vosburgh@canonical.com>
Cc: Matthew Ruffell <matthew.ruffell@canonical.com>
Cc: Ponnuvel Palaniyappan <ponnuvel.palaniyappan@canonical.com>
Cc: <stable@vger.kernel.org>
Cc: Christoph Hellwig <hch@infradead.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
[mfo: backport: replace folio/test_flag with page/flag equivalents;
real Fixes: 854e9ed09ded ("mm: support madvise(MADV_FREE)") in v4.]
Signed-off-by: Mauricio Faria de Oliveira <mfo@canonical.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
mm/rmap.c | 25 ++++++++++++++++++++++++-
1 file changed, 24 insertions(+), 1 deletion(-)
diff --git a/mm/rmap.c b/mm/rmap.c
index 699f445e3e78..e578eb942317 100644
--- a/mm/rmap.c
+++ b/mm/rmap.c
@@ -1594,7 +1594,30 @@ static bool try_to_unmap_one(struct page *page, struct vm_area_struct *vma,
/* MADV_FREE page check */
if (!PageSwapBacked(page)) {
- if (!PageDirty(page)) {
+ int ref_count, map_count;
+
+ /*
+ * Synchronize with gup_pte_range():
+ * - clear PTE; barrier; read refcount
+ * - inc refcount; barrier; read PTE
+ */
+ smp_mb();
+
+ ref_count = page_ref_count(page);
+ map_count = page_mapcount(page);
+
+ /*
+ * Order reads for page refcount and dirty flag
+ * (see comments in __remove_mapping()).
+ */
+ smp_rmb();
+
+ /*
+ * The only page refs must be one from isolation
+ * plus the rmap(s) (dropped by discard:).
+ */
+ if (ref_count == 1 + map_count &&
+ !PageDirty(page)) {
/* Invalidate as we cleared the pte */
mmu_notifier_invalidate_range(mm,
address, address + PAGE_SIZE);
--
2.35.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 302/338] KVM: arm64: Check arm64_get_bp_hardening_data() didnt return NULL
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (300 preceding siblings ...)
2022-04-14 13:13 ` [PATCH 4.19 301/338] mm: fix race between MADV_FREE reclaim and blkdev direct IO read Greg Kroah-Hartman
@ 2022-04-14 13:13 ` Greg Kroah-Hartman
2022-04-14 13:13 ` [PATCH 4.19 303/338] drm/amdgpu: fix off by one in amdgpu_gfx_kiq_acquire() Greg Kroah-Hartman
` (41 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:13 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Will Deacon, James Morse, Sasha Levin
From: James Morse <james.morse@arm.com>
Will reports that with CONFIG_EXPERT=y and CONFIG_HARDEN_BRANCH_PREDICTOR=n,
the kernel dereferences a NULL pointer during boot:
[ 2.384444] Internal error: Oops: 96000004 [#1] PREEMPT SMP
[ 2.384461] pstate: 20400085 (nzCv daIf +PAN -UAO)
[ 2.384472] pc : cpu_hyp_reinit+0x114/0x30c
[ 2.384476] lr : cpu_hyp_reinit+0x80/0x30c
[ 2.384529] Call trace:
[ 2.384533] cpu_hyp_reinit+0x114/0x30c
[ 2.384537] _kvm_arch_hardware_enable+0x30/0x54
[ 2.384541] flush_smp_call_function_queue+0xe4/0x154
[ 2.384544] generic_smp_call_function_single_interrupt+0x10/0x18
[ 2.384549] ipi_handler+0x170/0x2b0
[ 2.384555] handle_percpu_devid_fasteoi_ipi+0x120/0x1cc
[ 2.384560] __handle_domain_irq+0x9c/0xf4
[ 2.384563] gic_handle_irq+0x6c/0xe4
[ 2.384566] el1_irq+0xf0/0x1c0
[ 2.384570] arch_cpu_idle+0x28/0x44
[ 2.384574] do_idle+0x100/0x2a8
[ 2.384577] cpu_startup_entry+0x20/0x24
[ 2.384581] secondary_start_kernel+0x1b0/0x1cc
[ 2.384589] Code: b9469d08 7100011f 540003ad 52800208 (f9400108)
[ 2.384600] ---[ end trace 266d08dbf96ff143 ]---
[ 2.385171] Kernel panic - not syncing: Fatal exception in interrupt
In this configuration arm64_get_bp_hardening_data() returns NULL.
Add a check in kvm_get_hyp_vector().
Cc: Will Deacon <will@kernel.org>
Link: https://lore.kernel.org/linux-arm-kernel/20220408120041.GB27685@willie-the-truck/
Fixes: a68912a3ae3 ("KVM: arm64: Add templates for BHB mitigation sequences")
Cc: stable@vger.kernel.org # 4.19
Signed-off-by: James Morse <james.morse@arm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/include/asm/kvm_mmu.h | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/arch/arm64/include/asm/kvm_mmu.h b/arch/arm64/include/asm/kvm_mmu.h
index 44d3fdbcdf62..0243b6d22453 100644
--- a/arch/arm64/include/asm/kvm_mmu.h
+++ b/arch/arm64/include/asm/kvm_mmu.h
@@ -439,7 +439,8 @@ static inline void *kvm_get_hyp_vector(void)
int slot = -1;
if ((cpus_have_const_cap(ARM64_HARDEN_BRANCH_PREDICTOR) ||
- cpus_have_const_cap(ARM64_SPECTRE_BHB)) && data->template_start) {
+ cpus_have_const_cap(ARM64_SPECTRE_BHB)) &&
+ data && data->template_start) {
vect = kern_hyp_va(kvm_ksym_ref(__bp_harden_hyp_vecs_start));
slot = data->hyp_vectors_slot;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 303/338] drm/amdgpu: fix off by one in amdgpu_gfx_kiq_acquire()
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (301 preceding siblings ...)
2022-04-14 13:13 ` [PATCH 4.19 302/338] KVM: arm64: Check arm64_get_bp_hardening_data() didnt return NULL Greg Kroah-Hartman
@ 2022-04-14 13:13 ` Greg Kroah-Hartman
2022-04-14 13:13 ` [PATCH 4.19 304/338] Drivers: hv: vmbus: Fix potential crash on module unload Greg Kroah-Hartman
` (40 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:13 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dan Carpenter, Alex Deucher, Sasha Levin
From: Dan Carpenter <dan.carpenter@oracle.com>
[ Upstream commit 1647b54ed55d4d48c7199d439f8834626576cbe9 ]
This post-op should be a pre-op so that we do not pass -1 as the bit
number to test_bit(). The current code will loop downwards from 63 to
-1. After changing to a pre-op, it loops from 63 to 0.
Fixes: 71c37505e7ea ("drm/amdgpu/gfx: move more common KIQ code to amdgpu_gfx.c")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/amd/amdgpu/amdgpu_gfx.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_gfx.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_gfx.c
index 239bf2a4b3c6..eeaa2e825858 100644
--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_gfx.c
+++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_gfx.c
@@ -173,7 +173,7 @@ static int amdgpu_gfx_kiq_acquire(struct amdgpu_device *adev,
* adev->gfx.mec.num_pipe_per_mec
* adev->gfx.mec.num_queue_per_pipe;
- while (queue_bit-- >= 0) {
+ while (--queue_bit >= 0) {
if (test_bit(queue_bit, adev->gfx.mec.queue_bitmap))
continue;
--
2.35.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 304/338] Drivers: hv: vmbus: Fix potential crash on module unload
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (302 preceding siblings ...)
2022-04-14 13:13 ` [PATCH 4.19 303/338] drm/amdgpu: fix off by one in amdgpu_gfx_kiq_acquire() Greg Kroah-Hartman
@ 2022-04-14 13:13 ` Greg Kroah-Hartman
2022-04-14 13:13 ` [PATCH 4.19 305/338] scsi: zorro7xx: Fix a resource leak in zorro7xx_remove_one() Greg Kroah-Hartman
` (39 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:13 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Guilherme G. Piccoli, Michael Kelley,
Wei Liu, Sasha Levin
From: Guilherme G. Piccoli <gpiccoli@igalia.com>
[ Upstream commit 792f232d57ff28bbd5f9c4abe0466b23d5879dc8 ]
The vmbus driver relies on the panic notifier infrastructure to perform
some operations when a panic event is detected. Since vmbus can be built
as module, it is required that the driver handles both registering and
unregistering such panic notifier callback.
After commit 74347a99e73a ("x86/Hyper-V: Unload vmbus channel in hv panic callback")
though, the panic notifier registration is done unconditionally in the module
initialization routine whereas the unregistering procedure is conditionally
guarded and executes only if HV_FEATURE_GUEST_CRASH_MSR_AVAILABLE capability
is set.
This patch fixes that by unconditionally unregistering the panic notifier
in the module's exit routine as well.
Fixes: 74347a99e73a ("x86/Hyper-V: Unload vmbus channel in hv panic callback")
Signed-off-by: Guilherme G. Piccoli <gpiccoli@igalia.com>
Reviewed-by: Michael Kelley <mikelley@microsoft.com>
Link: https://lore.kernel.org/r/20220315203535.682306-1-gpiccoli@igalia.com
Signed-off-by: Wei Liu <wei.liu@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/hv/vmbus_drv.c | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/drivers/hv/vmbus_drv.c b/drivers/hv/vmbus_drv.c
index 51fe219c91fc..0c17743b4a65 100644
--- a/drivers/hv/vmbus_drv.c
+++ b/drivers/hv/vmbus_drv.c
@@ -2062,10 +2062,15 @@ static void __exit vmbus_exit(void)
if (ms_hyperv.misc_features & HV_FEATURE_GUEST_CRASH_MSR_AVAILABLE) {
kmsg_dump_unregister(&hv_kmsg_dumper);
unregister_die_notifier(&hyperv_die_block);
- atomic_notifier_chain_unregister(&panic_notifier_list,
- &hyperv_panic_block);
}
+ /*
+ * The panic notifier is always registered, hence we should
+ * also unconditionally unregister it here as well.
+ */
+ atomic_notifier_chain_unregister(&panic_notifier_list,
+ &hyperv_panic_block);
+
free_page((unsigned long)hv_panic_page);
unregister_sysctl_table(hv_ctl_table_hdr);
hv_ctl_table_hdr = NULL;
--
2.35.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 305/338] scsi: zorro7xx: Fix a resource leak in zorro7xx_remove_one()
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (303 preceding siblings ...)
2022-04-14 13:13 ` [PATCH 4.19 304/338] Drivers: hv: vmbus: Fix potential crash on module unload Greg Kroah-Hartman
@ 2022-04-14 13:13 ` Greg Kroah-Hartman
2022-04-14 13:13 ` [PATCH 4.19 306/338] net: stmmac: Fix unset max_speed difference between DT and non-DT platforms Greg Kroah-Hartman
` (38 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:13 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Geert Uytterhoeven,
Christophe JAILLET, Martin K. Petersen, Sasha Levin
From: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
[ Upstream commit 16ed828b872d12ccba8f07bcc446ae89ba662f9c ]
The error handling path of the probe releases a resource that is not freed
in the remove function. In some cases, a ioremap() must be undone.
Add the missing iounmap() call in the remove function.
Link: https://lore.kernel.org/r/247066a3104d25f9a05de8b3270fc3c848763bcc.1647673264.git.christophe.jaillet@wanadoo.fr
Fixes: 45804fbb00ee ("[SCSI] 53c700: Amiga Zorro NCR53c710 SCSI")
Reviewed-by: Geert Uytterhoeven <geert@linux-m68k.org>
Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/scsi/zorro7xx.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/scsi/zorro7xx.c b/drivers/scsi/zorro7xx.c
index aff31991aea9..ee6d97473853 100644
--- a/drivers/scsi/zorro7xx.c
+++ b/drivers/scsi/zorro7xx.c
@@ -158,6 +158,8 @@ static void zorro7xx_remove_one(struct zorro_dev *z)
scsi_remove_host(host);
NCR_700_release(host);
+ if (host->base > 0x01000000)
+ iounmap(hostdata->base);
kfree(hostdata);
free_irq(host->irq, host);
zorro_release_device(z);
--
2.35.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 306/338] net: stmmac: Fix unset max_speed difference between DT and non-DT platforms
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (304 preceding siblings ...)
2022-04-14 13:13 ` [PATCH 4.19 305/338] scsi: zorro7xx: Fix a resource leak in zorro7xx_remove_one() Greg Kroah-Hartman
@ 2022-04-14 13:13 ` Greg Kroah-Hartman
2022-04-14 13:13 ` [PATCH 4.19 307/338] drm/imx: Fix memory leak in imx_pd_connector_get_modes Greg Kroah-Hartman
` (37 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:13 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Chen-Yu Tsai, Russell King (Oracle),
Srinivas Kandagatla, Jakub Kicinski, Sasha Levin
From: Chen-Yu Tsai <wens@csie.org>
[ Upstream commit c21cabb0fd0b54b8b54235fc1ecfe1195a23bcb2 ]
In commit 9cbadf094d9d ("net: stmmac: support max-speed device tree
property"), when DT platforms don't set "max-speed", max_speed is set to
-1; for non-DT platforms, it stays the default 0.
Prior to commit eeef2f6b9f6e ("net: stmmac: Start adding phylink support"),
the check for a valid max_speed setting was to check if it was greater
than zero. This commit got it right, but subsequent patches just checked
for non-zero, which is incorrect for DT platforms.
In commit 92c3807b9ac3 ("net: stmmac: convert to phylink_get_linkmodes()")
the conversion switched completely to checking for non-zero value as a
valid value, which caused 1000base-T to stop getting advertised by
default.
Instead of trying to fix all the checks, simply leave max_speed alone if
DT property parsing fails.
Fixes: 9cbadf094d9d ("net: stmmac: support max-speed device tree property")
Fixes: 92c3807b9ac3 ("net: stmmac: convert to phylink_get_linkmodes()")
Signed-off-by: Chen-Yu Tsai <wens@csie.org>
Acked-by: Russell King (Oracle) <rmk+kernel@armlinux.org.uk>
Reviewed-by: Srinivas Kandagatla <srinivas.kandagatla@linaro.org>
Link: https://lore.kernel.org/r/20220331184832.16316-1-wens@kernel.org
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/stmicro/stmmac/stmmac_platform.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/drivers/net/ethernet/stmicro/stmmac/stmmac_platform.c b/drivers/net/ethernet/stmicro/stmmac/stmmac_platform.c
index 05f5084158bf..9762e687fc73 100644
--- a/drivers/net/ethernet/stmicro/stmmac/stmmac_platform.c
+++ b/drivers/net/ethernet/stmicro/stmmac/stmmac_platform.c
@@ -398,8 +398,7 @@ stmmac_probe_config_dt(struct platform_device *pdev, const char **mac)
plat->interface = of_get_phy_mode(np);
/* Get max speed of operation from device tree */
- if (of_property_read_u32(np, "max-speed", &plat->max_speed))
- plat->max_speed = -1;
+ of_property_read_u32(np, "max-speed", &plat->max_speed);
plat->bus_id = of_alias_get_id(np, "ethernet");
if (plat->bus_id < 0)
--
2.35.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 307/338] drm/imx: Fix memory leak in imx_pd_connector_get_modes
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (305 preceding siblings ...)
2022-04-14 13:13 ` [PATCH 4.19 306/338] net: stmmac: Fix unset max_speed difference between DT and non-DT platforms Greg Kroah-Hartman
@ 2022-04-14 13:13 ` Greg Kroah-Hartman
2022-04-14 13:13 ` [PATCH 4.19 308/338] net: openvswitch: dont send internal clone attribute to the userspace Greg Kroah-Hartman
` (36 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:13 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, José Expósito,
Philipp Zabel, Sasha Levin
From: José Expósito <jose.exposito89@gmail.com>
[ Upstream commit bce81feb03a20fca7bbdd1c4af16b4e9d5c0e1d3 ]
Avoid leaking the display mode variable if of_get_drm_display_mode
fails.
Fixes: 76ecd9c9fb24 ("drm/imx: parallel-display: check return code from of_get_drm_display_mode()")
Addresses-Coverity-ID: 1443943 ("Resource leak")
Signed-off-by: José Expósito <jose.exposito89@gmail.com>
Signed-off-by: Philipp Zabel <p.zabel@pengutronix.de>
Link: https://lore.kernel.org/r/20220108165230.44610-1-jose.exposito89@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/imx/parallel-display.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/imx/parallel-display.c b/drivers/gpu/drm/imx/parallel-display.c
index aefd04e18f93..e9dff31b377c 100644
--- a/drivers/gpu/drm/imx/parallel-display.c
+++ b/drivers/gpu/drm/imx/parallel-display.c
@@ -77,8 +77,10 @@ static int imx_pd_connector_get_modes(struct drm_connector *connector)
ret = of_get_drm_display_mode(np, &imxpd->mode,
&imxpd->bus_flags,
OF_USE_NATIVE_MODE);
- if (ret)
+ if (ret) {
+ drm_mode_destroy(connector->dev, mode);
return ret;
+ }
drm_mode_copy(mode, &imxpd->mode);
mode->type |= DRM_MODE_TYPE_DRIVER | DRM_MODE_TYPE_PREFERRED,
--
2.35.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 308/338] net: openvswitch: dont send internal clone attribute to the userspace.
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (306 preceding siblings ...)
2022-04-14 13:13 ` [PATCH 4.19 307/338] drm/imx: Fix memory leak in imx_pd_connector_get_modes Greg Kroah-Hartman
@ 2022-04-14 13:13 ` Greg Kroah-Hartman
2022-04-14 13:13 ` [PATCH 4.19 309/338] rxrpc: fix a race in rxrpc_exit_net() Greg Kroah-Hartman
` (35 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:13 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Ilya Maximets, Aaron Conole,
Jakub Kicinski, Sasha Levin
From: Ilya Maximets <i.maximets@ovn.org>
[ Upstream commit 3f2a3050b4a3e7f32fc0ea3c9b0183090ae00522 ]
'OVS_CLONE_ATTR_EXEC' is an internal attribute that is used for
performance optimization inside the kernel. It's added by the kernel
while parsing user-provided actions and should not be sent during the
flow dump as it's not part of the uAPI.
The issue doesn't cause any significant problems to the ovs-vswitchd
process, because reported actions are not really used in the
application lifecycle and only supposed to be shown to a human via
ovs-dpctl flow dump. However, the action list is still incorrect
and causes the following error if the user wants to look at the
datapath flows:
# ovs-dpctl add-dp system@ovs-system
# ovs-dpctl add-flow "<flow match>" "clone(ct(commit),0)"
# ovs-dpctl dump-flows
<flow match>, packets:0, bytes:0, used:never,
actions:clone(bad length 4, expected -1 for: action0(01 00 00 00),
ct(commit),0)
With the fix:
# ovs-dpctl dump-flows
<flow match>, packets:0, bytes:0, used:never,
actions:clone(ct(commit),0)
Additionally fixed an incorrect attribute name in the comment.
Fixes: b233504033db ("openvswitch: kernel datapath clone action")
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
Acked-by: Aaron Conole <aconole@redhat.com>
Link: https://lore.kernel.org/r/20220404104150.2865736-1-i.maximets@ovn.org
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/openvswitch/actions.c | 2 +-
net/openvswitch/flow_netlink.c | 4 +++-
2 files changed, 4 insertions(+), 2 deletions(-)
diff --git a/net/openvswitch/actions.c b/net/openvswitch/actions.c
index 100cc09c100d..8b75afe41284 100644
--- a/net/openvswitch/actions.c
+++ b/net/openvswitch/actions.c
@@ -1098,7 +1098,7 @@ static int clone(struct datapath *dp, struct sk_buff *skb,
int rem = nla_len(attr);
bool dont_clone_flow_key;
- /* The first action is always 'OVS_CLONE_ATTR_ARG'. */
+ /* The first action is always 'OVS_CLONE_ATTR_EXEC'. */
clone_arg = nla_data(attr);
dont_clone_flow_key = nla_get_u32(clone_arg);
actions = nla_next(clone_arg, &rem);
diff --git a/net/openvswitch/flow_netlink.c b/net/openvswitch/flow_netlink.c
index fb69978f50ec..4413ffdc1e03 100644
--- a/net/openvswitch/flow_netlink.c
+++ b/net/openvswitch/flow_netlink.c
@@ -3173,7 +3173,9 @@ static int clone_action_to_attr(const struct nlattr *attr,
if (!start)
return -EMSGSIZE;
- err = ovs_nla_put_actions(nla_data(attr), rem, skb);
+ /* Skipping the OVS_CLONE_ATTR_EXEC that is always the first attribute. */
+ attr = nla_next(nla_data(attr), &rem);
+ err = ovs_nla_put_actions(attr, rem, skb);
if (err)
nla_nest_cancel(skb, start);
--
2.35.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 309/338] rxrpc: fix a race in rxrpc_exit_net()
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (307 preceding siblings ...)
2022-04-14 13:13 ` [PATCH 4.19 308/338] net: openvswitch: dont send internal clone attribute to the userspace Greg Kroah-Hartman
@ 2022-04-14 13:13 ` Greg Kroah-Hartman
2022-04-14 13:13 ` [PATCH 4.19 310/338] qede: confirm skb is allocated before using Greg Kroah-Hartman
` (34 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:13 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Eric Dumazet, David Howells,
Marc Dionne, linux-afs, syzbot, David S. Miller, Sasha Levin
From: Eric Dumazet <edumazet@google.com>
[ Upstream commit 1946014ca3b19be9e485e780e862c375c6f98bad ]
Current code can lead to the following race:
CPU0 CPU1
rxrpc_exit_net()
rxrpc_peer_keepalive_worker()
if (rxnet->live)
rxnet->live = false;
del_timer_sync(&rxnet->peer_keepalive_timer);
timer_reduce(&rxnet->peer_keepalive_timer, jiffies + delay);
cancel_work_sync(&rxnet->peer_keepalive_work);
rxrpc_exit_net() exits while peer_keepalive_timer is still armed,
leading to use-after-free.
syzbot report was:
ODEBUG: free active (active state 0) object type: timer_list hint: rxrpc_peer_keepalive_timeout+0x0/0xb0
WARNING: CPU: 0 PID: 3660 at lib/debugobjects.c:505 debug_print_object+0x16e/0x250 lib/debugobjects.c:505
Modules linked in:
CPU: 0 PID: 3660 Comm: kworker/u4:6 Not tainted 5.17.0-syzkaller-13993-g88e6c0207623 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: netns cleanup_net
RIP: 0010:debug_print_object+0x16e/0x250 lib/debugobjects.c:505
Code: ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 af 00 00 00 48 8b 14 dd 00 1c 26 8a 4c 89 ee 48 c7 c7 00 10 26 8a e8 b1 e7 28 05 <0f> 0b 83 05 15 eb c5 09 01 48 83 c4 18 5b 5d 41 5c 41 5d 41 5e c3
RSP: 0018:ffffc9000353fb00 EFLAGS: 00010082
RAX: 0000000000000000 RBX: 0000000000000003 RCX: 0000000000000000
RDX: ffff888029196140 RSI: ffffffff815efad8 RDI: fffff520006a7f52
RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
R10: ffffffff815ea4ae R11: 0000000000000000 R12: ffffffff89ce23e0
R13: ffffffff8a2614e0 R14: ffffffff816628c0 R15: dffffc0000000000
FS: 0000000000000000(0000) GS:ffff8880b9c00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fe1f2908924 CR3: 0000000043720000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
__debug_check_no_obj_freed lib/debugobjects.c:992 [inline]
debug_check_no_obj_freed+0x301/0x420 lib/debugobjects.c:1023
kfree+0xd6/0x310 mm/slab.c:3809
ops_free_list.part.0+0x119/0x370 net/core/net_namespace.c:176
ops_free_list net/core/net_namespace.c:174 [inline]
cleanup_net+0x591/0xb00 net/core/net_namespace.c:598
process_one_work+0x996/0x1610 kernel/workqueue.c:2289
worker_thread+0x665/0x1080 kernel/workqueue.c:2436
kthread+0x2e9/0x3a0 kernel/kthread.c:376
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:298
</TASK>
Fixes: ace45bec6d77 ("rxrpc: Fix firewall route keepalive")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: David Howells <dhowells@redhat.com>
Cc: Marc Dionne <marc.dionne@auristor.com>
Cc: linux-afs@lists.infradead.org
Reported-by: syzbot <syzkaller@googlegroups.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/rxrpc/net_ns.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/rxrpc/net_ns.c b/net/rxrpc/net_ns.c
index 417d80867c4f..1b403c2573da 100644
--- a/net/rxrpc/net_ns.c
+++ b/net/rxrpc/net_ns.c
@@ -117,8 +117,8 @@ static __net_exit void rxrpc_exit_net(struct net *net)
struct rxrpc_net *rxnet = rxrpc_net(net);
rxnet->live = false;
- del_timer_sync(&rxnet->peer_keepalive_timer);
cancel_work_sync(&rxnet->peer_keepalive_work);
+ del_timer_sync(&rxnet->peer_keepalive_timer);
rxrpc_destroy_all_calls(rxnet);
rxrpc_destroy_all_connections(rxnet);
rxrpc_destroy_all_peers(rxnet);
--
2.35.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 310/338] qede: confirm skb is allocated before using
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (308 preceding siblings ...)
2022-04-14 13:13 ` [PATCH 4.19 309/338] rxrpc: fix a race in rxrpc_exit_net() Greg Kroah-Hartman
@ 2022-04-14 13:13 ` Greg Kroah-Hartman
2022-04-14 13:13 ` [PATCH 4.19 311/338] spi: bcm-qspi: fix MSPI only access with bcm_qspi_exec_mem_op() Greg Kroah-Hartman
` (33 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:13 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jamie Bainbridge, David S. Miller,
Sasha Levin
From: Jamie Bainbridge <jamie.bainbridge@gmail.com>
[ Upstream commit 4e910dbe36508654a896d5735b318c0b88172570 ]
qede_build_skb() assumes build_skb() always works and goes straight
to skb_reserve(). However, build_skb() can fail under memory pressure.
This results in a kernel panic because the skb to reserve is NULL.
Add a check in case build_skb() failed to allocate and return NULL.
The NULL return is handled correctly in callers to qede_build_skb().
Fixes: 8a8633978b842 ("qede: Add build_skb() support.")
Signed-off-by: Jamie Bainbridge <jamie.bainbridge@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/qlogic/qede/qede_fp.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/net/ethernet/qlogic/qede/qede_fp.c b/drivers/net/ethernet/qlogic/qede/qede_fp.c
index 9d5c2e31dfe9..6a1a7d37dfd7 100644
--- a/drivers/net/ethernet/qlogic/qede/qede_fp.c
+++ b/drivers/net/ethernet/qlogic/qede/qede_fp.c
@@ -731,6 +731,9 @@ qede_build_skb(struct qede_rx_queue *rxq,
buf = page_address(bd->data) + bd->page_offset;
skb = build_skb(buf, rxq->rx_buf_seg_size);
+ if (unlikely(!skb))
+ return NULL;
+
skb_reserve(skb, pad);
skb_put(skb, len);
--
2.35.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 311/338] spi: bcm-qspi: fix MSPI only access with bcm_qspi_exec_mem_op()
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (309 preceding siblings ...)
2022-04-14 13:13 ` [PATCH 4.19 310/338] qede: confirm skb is allocated before using Greg Kroah-Hartman
@ 2022-04-14 13:13 ` Greg Kroah-Hartman
2022-04-14 13:13 ` [PATCH 4.19 312/338] drbd: Fix five use after free bugs in get_initial_state Greg Kroah-Hartman
` (32 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:13 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Kamal Dasu, Florian Fainelli,
Mark Brown, Sasha Levin
From: Kamal Dasu <kdasu.kdev@gmail.com>
[ Upstream commit 2c7d1b281286c46049cd22b43435cecba560edde ]
This fixes case where MSPI controller is used to access spi-nor
flash and BSPI block is not present.
Fixes: 5f195ee7d830 ("spi: bcm-qspi: Implement the spi_mem interface")
Signed-off-by: Kamal Dasu <kdasu.kdev@gmail.com>
Acked-by: Florian Fainelli <f.fainelli@gmail.com>
Link: https://lore.kernel.org/r/20220328142442.7553-1-kdasu.kdev@gmail.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/spi/spi-bcm-qspi.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/spi/spi-bcm-qspi.c b/drivers/spi/spi-bcm-qspi.c
index 82c24c85f45b..3f291db7b39a 100644
--- a/drivers/spi/spi-bcm-qspi.c
+++ b/drivers/spi/spi-bcm-qspi.c
@@ -970,7 +970,7 @@ static int bcm_qspi_exec_mem_op(struct spi_mem *mem,
addr = op->addr.val;
len = op->data.nbytes;
- if (bcm_qspi_bspi_ver_three(qspi) == true) {
+ if (has_bspi(qspi) && bcm_qspi_bspi_ver_three(qspi) == true) {
/*
* The address coming into this function is a raw flash offset.
* But for BSPI <= V3, we need to convert it to a remapped BSPI
@@ -989,7 +989,7 @@ static int bcm_qspi_exec_mem_op(struct spi_mem *mem,
len < 4)
mspi_read = true;
- if (mspi_read)
+ if (!has_bspi(qspi) || mspi_read)
return bcm_qspi_mspi_exec_mem_op(spi, op);
ret = bcm_qspi_bspi_set_mode(qspi, op, 0);
--
2.35.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 312/338] drbd: Fix five use after free bugs in get_initial_state
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (310 preceding siblings ...)
2022-04-14 13:13 ` [PATCH 4.19 311/338] spi: bcm-qspi: fix MSPI only access with bcm_qspi_exec_mem_op() Greg Kroah-Hartman
@ 2022-04-14 13:13 ` Greg Kroah-Hartman
2022-04-14 13:13 ` [PATCH 4.19 313/338] Revert "mmc: sdhci-xenon: fix annoying 1.8V regulator warning" Greg Kroah-Hartman
` (31 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:13 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Lv Yunlong,
Christoph Böhmwalder, Jens Axboe, Sasha Levin
From: Lv Yunlong <lyl2019@mail.ustc.edu.cn>
[ Upstream commit aadb22ba2f656581b2f733deb3a467c48cc618f6 ]
In get_initial_state, it calls notify_initial_state_done(skb,..) if
cb->args[5]==1. If genlmsg_put() failed in notify_initial_state_done(),
the skb will be freed by nlmsg_free(skb).
Then get_initial_state will goto out and the freed skb will be used by
return value skb->len, which is a uaf bug.
What's worse, the same problem goes even further: skb can also be
freed in the notify_*_state_change -> notify_*_state calls below.
Thus 4 additional uaf bugs happened.
My patch lets the problem callee functions: notify_initial_state_done
and notify_*_state_change return an error code if errors happen.
So that the error codes could be propagated and the uaf bugs can be avoid.
v2 reports a compilation warning. This v3 fixed this warning and built
successfully in my local environment with no additional warnings.
v2: https://lore.kernel.org/patchwork/patch/1435218/
Fixes: a29728463b254 ("drbd: Backport the "events2" command")
Signed-off-by: Lv Yunlong <lyl2019@mail.ustc.edu.cn>
Reviewed-by: Christoph Böhmwalder <christoph.boehmwalder@linbit.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/block/drbd/drbd_int.h | 8 ++---
drivers/block/drbd/drbd_nl.c | 41 ++++++++++++++++----------
drivers/block/drbd/drbd_state.c | 18 +++++------
drivers/block/drbd/drbd_state_change.h | 8 ++---
4 files changed, 42 insertions(+), 33 deletions(-)
diff --git a/drivers/block/drbd/drbd_int.h b/drivers/block/drbd/drbd_int.h
index e35a234b0a8f..4f66cf6879fd 100644
--- a/drivers/block/drbd/drbd_int.h
+++ b/drivers/block/drbd/drbd_int.h
@@ -1688,22 +1688,22 @@ struct sib_info {
};
void drbd_bcast_event(struct drbd_device *device, const struct sib_info *sib);
-extern void notify_resource_state(struct sk_buff *,
+extern int notify_resource_state(struct sk_buff *,
unsigned int,
struct drbd_resource *,
struct resource_info *,
enum drbd_notification_type);
-extern void notify_device_state(struct sk_buff *,
+extern int notify_device_state(struct sk_buff *,
unsigned int,
struct drbd_device *,
struct device_info *,
enum drbd_notification_type);
-extern void notify_connection_state(struct sk_buff *,
+extern int notify_connection_state(struct sk_buff *,
unsigned int,
struct drbd_connection *,
struct connection_info *,
enum drbd_notification_type);
-extern void notify_peer_device_state(struct sk_buff *,
+extern int notify_peer_device_state(struct sk_buff *,
unsigned int,
struct drbd_peer_device *,
struct peer_device_info *,
diff --git a/drivers/block/drbd/drbd_nl.c b/drivers/block/drbd/drbd_nl.c
index 5b15ffd0c7f5..5a80453be553 100644
--- a/drivers/block/drbd/drbd_nl.c
+++ b/drivers/block/drbd/drbd_nl.c
@@ -4598,7 +4598,7 @@ static int nla_put_notification_header(struct sk_buff *msg,
return drbd_notification_header_to_skb(msg, &nh, true);
}
-void notify_resource_state(struct sk_buff *skb,
+int notify_resource_state(struct sk_buff *skb,
unsigned int seq,
struct drbd_resource *resource,
struct resource_info *resource_info,
@@ -4640,16 +4640,17 @@ void notify_resource_state(struct sk_buff *skb,
if (err && err != -ESRCH)
goto failed;
}
- return;
+ return 0;
nla_put_failure:
nlmsg_free(skb);
failed:
drbd_err(resource, "Error %d while broadcasting event. Event seq:%u\n",
err, seq);
+ return err;
}
-void notify_device_state(struct sk_buff *skb,
+int notify_device_state(struct sk_buff *skb,
unsigned int seq,
struct drbd_device *device,
struct device_info *device_info,
@@ -4689,16 +4690,17 @@ void notify_device_state(struct sk_buff *skb,
if (err && err != -ESRCH)
goto failed;
}
- return;
+ return 0;
nla_put_failure:
nlmsg_free(skb);
failed:
drbd_err(device, "Error %d while broadcasting event. Event seq:%u\n",
err, seq);
+ return err;
}
-void notify_connection_state(struct sk_buff *skb,
+int notify_connection_state(struct sk_buff *skb,
unsigned int seq,
struct drbd_connection *connection,
struct connection_info *connection_info,
@@ -4738,16 +4740,17 @@ void notify_connection_state(struct sk_buff *skb,
if (err && err != -ESRCH)
goto failed;
}
- return;
+ return 0;
nla_put_failure:
nlmsg_free(skb);
failed:
drbd_err(connection, "Error %d while broadcasting event. Event seq:%u\n",
err, seq);
+ return err;
}
-void notify_peer_device_state(struct sk_buff *skb,
+int notify_peer_device_state(struct sk_buff *skb,
unsigned int seq,
struct drbd_peer_device *peer_device,
struct peer_device_info *peer_device_info,
@@ -4788,13 +4791,14 @@ void notify_peer_device_state(struct sk_buff *skb,
if (err && err != -ESRCH)
goto failed;
}
- return;
+ return 0;
nla_put_failure:
nlmsg_free(skb);
failed:
drbd_err(peer_device, "Error %d while broadcasting event. Event seq:%u\n",
err, seq);
+ return err;
}
void notify_helper(enum drbd_notification_type type,
@@ -4845,7 +4849,7 @@ void notify_helper(enum drbd_notification_type type,
err, seq);
}
-static void notify_initial_state_done(struct sk_buff *skb, unsigned int seq)
+static int notify_initial_state_done(struct sk_buff *skb, unsigned int seq)
{
struct drbd_genlmsghdr *dh;
int err;
@@ -4859,11 +4863,12 @@ static void notify_initial_state_done(struct sk_buff *skb, unsigned int seq)
if (nla_put_notification_header(skb, NOTIFY_EXISTS))
goto nla_put_failure;
genlmsg_end(skb, dh);
- return;
+ return 0;
nla_put_failure:
nlmsg_free(skb);
pr_err("Error %d sending event. Event seq:%u\n", err, seq);
+ return err;
}
static void free_state_changes(struct list_head *list)
@@ -4890,6 +4895,7 @@ static int get_initial_state(struct sk_buff *skb, struct netlink_callback *cb)
unsigned int seq = cb->args[2];
unsigned int n;
enum drbd_notification_type flags = 0;
+ int err = 0;
/* There is no need for taking notification_mutex here: it doesn't
matter if the initial state events mix with later state chage
@@ -4898,32 +4904,32 @@ static int get_initial_state(struct sk_buff *skb, struct netlink_callback *cb)
cb->args[5]--;
if (cb->args[5] == 1) {
- notify_initial_state_done(skb, seq);
+ err = notify_initial_state_done(skb, seq);
goto out;
}
n = cb->args[4]++;
if (cb->args[4] < cb->args[3])
flags |= NOTIFY_CONTINUES;
if (n < 1) {
- notify_resource_state_change(skb, seq, state_change->resource,
+ err = notify_resource_state_change(skb, seq, state_change->resource,
NOTIFY_EXISTS | flags);
goto next;
}
n--;
if (n < state_change->n_connections) {
- notify_connection_state_change(skb, seq, &state_change->connections[n],
+ err = notify_connection_state_change(skb, seq, &state_change->connections[n],
NOTIFY_EXISTS | flags);
goto next;
}
n -= state_change->n_connections;
if (n < state_change->n_devices) {
- notify_device_state_change(skb, seq, &state_change->devices[n],
+ err = notify_device_state_change(skb, seq, &state_change->devices[n],
NOTIFY_EXISTS | flags);
goto next;
}
n -= state_change->n_devices;
if (n < state_change->n_devices * state_change->n_connections) {
- notify_peer_device_state_change(skb, seq, &state_change->peer_devices[n],
+ err = notify_peer_device_state_change(skb, seq, &state_change->peer_devices[n],
NOTIFY_EXISTS | flags);
goto next;
}
@@ -4938,7 +4944,10 @@ static int get_initial_state(struct sk_buff *skb, struct netlink_callback *cb)
cb->args[4] = 0;
}
out:
- return skb->len;
+ if (err)
+ return err;
+ else
+ return skb->len;
}
int drbd_adm_get_initial_state(struct sk_buff *skb, struct netlink_callback *cb)
diff --git a/drivers/block/drbd/drbd_state.c b/drivers/block/drbd/drbd_state.c
index b452359b6aae..1474250f9440 100644
--- a/drivers/block/drbd/drbd_state.c
+++ b/drivers/block/drbd/drbd_state.c
@@ -1549,7 +1549,7 @@ int drbd_bitmap_io_from_worker(struct drbd_device *device,
return rv;
}
-void notify_resource_state_change(struct sk_buff *skb,
+int notify_resource_state_change(struct sk_buff *skb,
unsigned int seq,
struct drbd_resource_state_change *resource_state_change,
enum drbd_notification_type type)
@@ -1562,10 +1562,10 @@ void notify_resource_state_change(struct sk_buff *skb,
.res_susp_fen = resource_state_change->susp_fen[NEW],
};
- notify_resource_state(skb, seq, resource, &resource_info, type);
+ return notify_resource_state(skb, seq, resource, &resource_info, type);
}
-void notify_connection_state_change(struct sk_buff *skb,
+int notify_connection_state_change(struct sk_buff *skb,
unsigned int seq,
struct drbd_connection_state_change *connection_state_change,
enum drbd_notification_type type)
@@ -1576,10 +1576,10 @@ void notify_connection_state_change(struct sk_buff *skb,
.conn_role = connection_state_change->peer_role[NEW],
};
- notify_connection_state(skb, seq, connection, &connection_info, type);
+ return notify_connection_state(skb, seq, connection, &connection_info, type);
}
-void notify_device_state_change(struct sk_buff *skb,
+int notify_device_state_change(struct sk_buff *skb,
unsigned int seq,
struct drbd_device_state_change *device_state_change,
enum drbd_notification_type type)
@@ -1589,10 +1589,10 @@ void notify_device_state_change(struct sk_buff *skb,
.dev_disk_state = device_state_change->disk_state[NEW],
};
- notify_device_state(skb, seq, device, &device_info, type);
+ return notify_device_state(skb, seq, device, &device_info, type);
}
-void notify_peer_device_state_change(struct sk_buff *skb,
+int notify_peer_device_state_change(struct sk_buff *skb,
unsigned int seq,
struct drbd_peer_device_state_change *p,
enum drbd_notification_type type)
@@ -1606,7 +1606,7 @@ void notify_peer_device_state_change(struct sk_buff *skb,
.peer_resync_susp_dependency = p->resync_susp_dependency[NEW],
};
- notify_peer_device_state(skb, seq, peer_device, &peer_device_info, type);
+ return notify_peer_device_state(skb, seq, peer_device, &peer_device_info, type);
}
static void broadcast_state_change(struct drbd_state_change *state_change)
@@ -1614,7 +1614,7 @@ static void broadcast_state_change(struct drbd_state_change *state_change)
struct drbd_resource_state_change *resource_state_change = &state_change->resource[0];
bool resource_state_has_changed;
unsigned int n_device, n_connection, n_peer_device, n_peer_devices;
- void (*last_func)(struct sk_buff *, unsigned int, void *,
+ int (*last_func)(struct sk_buff *, unsigned int, void *,
enum drbd_notification_type) = NULL;
void *uninitialized_var(last_arg);
diff --git a/drivers/block/drbd/drbd_state_change.h b/drivers/block/drbd/drbd_state_change.h
index ba80f612d6ab..d5b0479bc9a6 100644
--- a/drivers/block/drbd/drbd_state_change.h
+++ b/drivers/block/drbd/drbd_state_change.h
@@ -44,19 +44,19 @@ extern struct drbd_state_change *remember_old_state(struct drbd_resource *, gfp_
extern void copy_old_to_new_state_change(struct drbd_state_change *);
extern void forget_state_change(struct drbd_state_change *);
-extern void notify_resource_state_change(struct sk_buff *,
+extern int notify_resource_state_change(struct sk_buff *,
unsigned int,
struct drbd_resource_state_change *,
enum drbd_notification_type type);
-extern void notify_connection_state_change(struct sk_buff *,
+extern int notify_connection_state_change(struct sk_buff *,
unsigned int,
struct drbd_connection_state_change *,
enum drbd_notification_type type);
-extern void notify_device_state_change(struct sk_buff *,
+extern int notify_device_state_change(struct sk_buff *,
unsigned int,
struct drbd_device_state_change *,
enum drbd_notification_type type);
-extern void notify_peer_device_state_change(struct sk_buff *,
+extern int notify_peer_device_state_change(struct sk_buff *,
unsigned int,
struct drbd_peer_device_state_change *,
enum drbd_notification_type type);
--
2.35.1
^ permalink raw reply related [flat|nested] 364+ messages in thread
* [PATCH 4.19 313/338] Revert "mmc: sdhci-xenon: fix annoying 1.8V regulator warning"
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (311 preceding siblings ...)
2022-04-14 13:13 ` [PATCH 4.19 312/338] drbd: Fix five use after free bugs in get_initial_state Greg Kroah-Hartman
@ 2022-04-14 13:13 ` Greg Kroah-Hartman
2022-04-14 13:13 ` [PATCH 4.19 314/338] mmc: renesas_sdhi: dont overwrite TAP settings when HS400 tuning is complete Greg Kroah-Hartman
` (30 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:13 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Pali Rohár, Marek Behún,
Marcin Wojtas, Ulf Hansson
From: Pali Rohár <pali@kernel.org>
commit 7e2646ed47542123168d43916b84b954532e5386 upstream.
This reverts commit bb32e1987bc55ce1db400faf47d85891da3c9b9f.
Commit 1a3ed0dc3594 ("mmc: sdhci-xenon: fix 1.8v regulator stabilization")
contains proper fix for the issue described in commit bb32e1987bc5 ("mmc:
sdhci-xenon: fix annoying 1.8V regulator warning").
Fixes: 8d876bf472db ("mmc: sdhci-xenon: wait 5ms after set 1.8V signal enable")
Cc: stable@vger.kernel.org # 1a3ed0dc3594 ("mmc: sdhci-xenon: fix 1.8v regulator stabilization")
Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Marek Behún <kabel@kernel.org>
Reviewed-by: Marcin Wojtas <mw@semihalf.com>
Link: https://lore.kernel.org/r/20220318141441.32329-1-pali@kernel.org
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/mmc/host/sdhci-xenon.c | 10 ----------
1 file changed, 10 deletions(-)
--- a/drivers/mmc/host/sdhci-xenon.c
+++ b/drivers/mmc/host/sdhci-xenon.c
@@ -243,16 +243,6 @@ static void xenon_voltage_switch(struct
{
/* Wait for 5ms after set 1.8V signal enable bit */
usleep_range(5000, 5500);
-
- /*
- * For some reason the controller's Host Control2 register reports
- * the bit representing 1.8V signaling as 0 when read after it was
- * written as 1. Subsequent read reports 1.
- *
- * Since this may cause some issues, do an empty read of the Host
- * Control2 register here to circumvent this.
- */
- sdhci_readw(host, SDHCI_HOST_CONTROL2);
}
static const struct sdhci_ops sdhci_xenon_ops = {
^ permalink raw reply [flat|nested] 364+ messages in thread
* [PATCH 4.19 314/338] mmc: renesas_sdhi: dont overwrite TAP settings when HS400 tuning is complete
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (312 preceding siblings ...)
2022-04-14 13:13 ` [PATCH 4.19 313/338] Revert "mmc: sdhci-xenon: fix annoying 1.8V regulator warning" Greg Kroah-Hartman
@ 2022-04-14 13:13 ` Greg Kroah-Hartman
2022-04-14 13:13 ` [PATCH 4.19 315/338] mmmremap.c: avoid pointless invalidate_range_start/end on mremap(old_size=0) Greg Kroah-Hartman
` (29 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:13 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Yoshihiro Shimoda, Wolfram Sang, Ulf Hansson
From: Wolfram Sang <wsa+renesas@sang-engineering.com>
commit 03e59b1e2f56245163b14c69e0a830c24b1a3a47 upstream.
When HS400 tuning is complete and HS400 is going to be activated, we
have to keep the current number of TAPs and should not overwrite them
with a hardcoded value. This was probably a copy&paste mistake when
upporting HS400 support from the BSP.
Fixes: 26eb2607fa28 ("mmc: renesas_sdhi: add eMMC HS400 mode support")
Reported-by: Yoshihiro Shimoda <yoshihiro.shimoda.uh@renesas.com>
Signed-off-by: Wolfram Sang <wsa+renesas@sang-engineering.com>
Reviewed-by: Yoshihiro Shimoda <yoshihiro.shimoda.uh@renesas.com>
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/20220404114902.12175-1-wsa+renesas@sang-engineering.com
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/mmc/host/renesas_sdhi_core.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/drivers/mmc/host/renesas_sdhi_core.c
+++ b/drivers/mmc/host/renesas_sdhi_core.c
@@ -302,10 +302,10 @@ static void renesas_sdhi_hs400_complete(
SH_MOBILE_SDHI_SCC_TMPPORT2_HS400OSEL) |
sd_scc_read32(host, priv, SH_MOBILE_SDHI_SCC_TMPPORT2));
- /* Set the sampling clock selection range of HS400 mode */
sd_scc_write32(host, priv, SH_MOBILE_SDHI_SCC_DTCNTL,
SH_MOBILE_SDHI_SCC_DTCNTL_TAPEN |
- 0x4 << SH_MOBILE_SDHI_SCC_DTCNTL_TAPNUM_SHIFT);
+ sd_scc_read32(host, priv,
+ SH_MOBILE_SDHI_SCC_DTCNTL));
if (host->pdata->flags & TMIO_MMC_HAVE_4TAP_HS400)
^ permalink raw reply [flat|nested] 364+ messages in thread
* [PATCH 4.19 315/338] mmmremap.c: avoid pointless invalidate_range_start/end on mremap(old_size=0)
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (313 preceding siblings ...)
2022-04-14 13:13 ` [PATCH 4.19 314/338] mmc: renesas_sdhi: dont overwrite TAP settings when HS400 tuning is complete Greg Kroah-Hartman
@ 2022-04-14 13:13 ` Greg Kroah-Hartman
2022-04-14 13:13 ` [PATCH 4.19 316/338] mm/mempolicy: fix mpol_new leak in shared_policy_replace Greg Kroah-Hartman
` (28 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:13 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, syzbot+6bde52d89cfdf9f61425,
Paolo Bonzini, Sean Christopherson, Andrew Morton,
Linus Torvalds
From: Paolo Bonzini <pbonzini@redhat.com>
commit 01e67e04c28170c47700c2c226d732bbfedb1ad0 upstream.
If an mremap() syscall with old_size=0 ends up in move_page_tables(), it
will call invalidate_range_start()/invalidate_range_end() unnecessarily,
i.e. with an empty range.
This causes a WARN in KVM's mmu_notifier. In the past, empty ranges
have been diagnosed to be off-by-one bugs, hence the WARNing. Given the
low (so far) number of unique reports, the benefits of detecting more
buggy callers seem to outweigh the cost of having to fix cases such as
this one, where userspace is doing something silly. In this particular
case, an early return from move_page_tables() is enough to fix the
issue.
Link: https://lkml.kernel.org/r/20220329173155.172439-1-pbonzini@redhat.com
Reported-by: syzbot+6bde52d89cfdf9f61425@syzkaller.appspotmail.com
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Cc: Sean Christopherson <seanjc@google.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
mm/mremap.c | 3 +++
1 file changed, 3 insertions(+)
--- a/mm/mremap.c
+++ b/mm/mremap.c
@@ -201,6 +201,9 @@ unsigned long move_page_tables(struct vm
unsigned long mmun_start; /* For mmu_notifiers */
unsigned long mmun_end; /* For mmu_notifiers */
+ if (!len)
+ return 0;
+
old_end = old_addr + len;
flush_cache_range(vma, old_addr, old_end);
^ permalink raw reply [flat|nested] 364+ messages in thread
* [PATCH 4.19 316/338] mm/mempolicy: fix mpol_new leak in shared_policy_replace
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (314 preceding siblings ...)
2022-04-14 13:13 ` [PATCH 4.19 315/338] mmmremap.c: avoid pointless invalidate_range_start/end on mremap(old_size=0) Greg Kroah-Hartman
@ 2022-04-14 13:13 ` Greg Kroah-Hartman
2022-04-14 13:13 ` [PATCH 4.19 317/338] x86/pm: Save the MSR validity status at context setup Greg Kroah-Hartman
` (27 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:13 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Miaohe Lin, Michal Hocko,
KOSAKI Motohiro, Mel Gorman, Andrew Morton, Linus Torvalds
From: Miaohe Lin <linmiaohe@huawei.com>
commit 4ad099559b00ac01c3726e5c95dc3108ef47d03e upstream.
If mpol_new is allocated but not used in restart loop, mpol_new will be
freed via mpol_put before returning to the caller. But refcnt is not
initialized yet, so mpol_put could not do the right things and might
leak the unused mpol_new. This would happen if mempolicy was updated on
the shared shmem file while the sp->lock has been dropped during the
memory allocation.
This issue could be triggered easily with the below code snippet if
there are many processes doing the below work at the same time:
shmid = shmget((key_t)5566, 1024 * PAGE_SIZE, 0666|IPC_CREAT);
shm = shmat(shmid, 0, 0);
loop many times {
mbind(shm, 1024 * PAGE_SIZE, MPOL_LOCAL, mask, maxnode, 0);
mbind(shm + 128 * PAGE_SIZE, 128 * PAGE_SIZE, MPOL_DEFAULT, mask,
maxnode, 0);
}
Link: https://lkml.kernel.org/r/20220329111416.27954-1-linmiaohe@huawei.com
Fixes: 42288fe366c4 ("mm: mempolicy: Convert shared_policy mutex to spinlock")
Signed-off-by: Miaohe Lin <linmiaohe@huawei.com>
Acked-by: Michal Hocko <mhocko@suse.com>
Cc: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>
Cc: Mel Gorman <mgorman@suse.de>
Cc: <stable@vger.kernel.org> [3.8]
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
mm/mempolicy.c | 1 +
1 file changed, 1 insertion(+)
--- a/mm/mempolicy.c
+++ b/mm/mempolicy.c
@@ -2563,6 +2563,7 @@ alloc_new:
mpol_new = kmem_cache_alloc(policy_cache, GFP_KERNEL);
if (!mpol_new)
goto err_out;
+ atomic_set(&mpol_new->refcnt, 1);
goto restart;
}
^ permalink raw reply [flat|nested] 364+ messages in thread
* [PATCH 4.19 317/338] x86/pm: Save the MSR validity status at context setup
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (315 preceding siblings ...)
2022-04-14 13:13 ` [PATCH 4.19 316/338] mm/mempolicy: fix mpol_new leak in shared_policy_replace Greg Kroah-Hartman
@ 2022-04-14 13:13 ` Greg Kroah-Hartman
2022-04-14 13:13 ` [PATCH 4.19 318/338] x86/speculation: Restore speculation related MSRs during S3 resume Greg Kroah-Hartman
` (26 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:13 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dave Hansen, Pawan Gupta,
Borislav Petkov, Linus Torvalds
From: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
commit 73924ec4d560257004d5b5116b22a3647661e364 upstream.
The mechanism to save/restore MSRs during S3 suspend/resume checks for
the MSR validity during suspend, and only restores the MSR if its a
valid MSR. This is not optimal, as an invalid MSR will unnecessarily
throw an exception for every suspend cycle. The more invalid MSRs,
higher the impact will be.
Check and save the MSR validity at setup. This ensures that only valid
MSRs that are guaranteed to not throw an exception will be attempted
during suspend.
Fixes: 7a9c2dd08ead ("x86/pm: Introduce quirk framework to save/restore extra MSR registers around suspend/resume")
Suggested-by: Dave Hansen <dave.hansen@linux.intel.com>
Signed-off-by: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
Reviewed-by: Dave Hansen <dave.hansen@linux.intel.com>
Acked-by: Borislav Petkov <bp@suse.de>
Cc: stable@vger.kernel.org
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/power/cpu.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
--- a/arch/x86/power/cpu.c
+++ b/arch/x86/power/cpu.c
@@ -41,7 +41,8 @@ static void msr_save_context(struct save
struct saved_msr *end = msr + ctxt->saved_msrs.num;
while (msr < end) {
- msr->valid = !rdmsrl_safe(msr->info.msr_no, &msr->info.reg.q);
+ if (msr->valid)
+ rdmsrl(msr->info.msr_no, msr->info.reg.q);
msr++;
}
}
@@ -426,8 +427,10 @@ static int msr_build_context(const u32 *
}
for (i = saved_msrs->num, j = 0; i < total_num; i++, j++) {
+ u64 dummy;
+
msr_array[i].info.msr_no = msr_id[j];
- msr_array[i].valid = false;
+ msr_array[i].valid = !rdmsrl_safe(msr_id[j], &dummy);
msr_array[i].info.reg.q = 0;
}
saved_msrs->num = total_num;
^ permalink raw reply [flat|nested] 364+ messages in thread
* [PATCH 4.19 318/338] x86/speculation: Restore speculation related MSRs during S3 resume
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (316 preceding siblings ...)
2022-04-14 13:13 ` [PATCH 4.19 317/338] x86/pm: Save the MSR validity status at context setup Greg Kroah-Hartman
@ 2022-04-14 13:13 ` Greg Kroah-Hartman
2022-04-14 13:13 ` [PATCH 4.19 319/338] btrfs: fix qgroup reserve overflow the qgroup limit Greg Kroah-Hartman
` (25 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:13 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Neelima Krishnan, Pawan Gupta,
Borislav Petkov, Dave Hansen, Linus Torvalds
From: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
commit e2a1256b17b16f9b9adf1b6fea56819e7b68e463 upstream.
After resuming from suspend-to-RAM, the MSRs that control CPU's
speculative execution behavior are not being restored on the boot CPU.
These MSRs are used to mitigate speculative execution vulnerabilities.
Not restoring them correctly may leave the CPU vulnerable. Secondary
CPU's MSRs are correctly being restored at S3 resume by
identify_secondary_cpu().
During S3 resume, restore these MSRs for boot CPU when restoring its
processor state.
Fixes: 772439717dbf ("x86/bugs/intel: Set proper CPU features and setup RDS")
Reported-by: Neelima Krishnan <neelima.krishnan@intel.com>
Signed-off-by: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
Tested-by: Neelima Krishnan <neelima.krishnan@intel.com>
Acked-by: Borislav Petkov <bp@suse.de>
Reviewed-by: Dave Hansen <dave.hansen@linux.intel.com>
Cc: stable@vger.kernel.org
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/power/cpu.c | 14 ++++++++++++++
1 file changed, 14 insertions(+)
--- a/arch/x86/power/cpu.c
+++ b/arch/x86/power/cpu.c
@@ -517,10 +517,24 @@ static int pm_cpu_check(const struct x86
return ret;
}
+static void pm_save_spec_msr(void)
+{
+ u32 spec_msr_id[] = {
+ MSR_IA32_SPEC_CTRL,
+ MSR_IA32_TSX_CTRL,
+ MSR_TSX_FORCE_ABORT,
+ MSR_IA32_MCU_OPT_CTRL,
+ MSR_AMD64_LS_CFG,
+ };
+
+ msr_build_context(spec_msr_id, ARRAY_SIZE(spec_msr_id));
+}
+
static int pm_check_save_msr(void)
{
dmi_check_system(msr_save_dmi_table);
pm_cpu_check(msr_save_cpu_table);
+ pm_save_spec_msr();
return 0;
}
^ permalink raw reply [flat|nested] 364+ messages in thread
* [PATCH 4.19 319/338] btrfs: fix qgroup reserve overflow the qgroup limit
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (317 preceding siblings ...)
2022-04-14 13:13 ` [PATCH 4.19 318/338] x86/speculation: Restore speculation related MSRs during S3 resume Greg Kroah-Hartman
@ 2022-04-14 13:13 ` Greg Kroah-Hartman
2022-04-14 13:13 ` [PATCH 4.19 320/338] arm64: patch_text: Fixup last cpu should be master Greg Kroah-Hartman
` (24 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:13 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Qu Wenruo, Ethan Lien, David Sterba
From: Ethan Lien <ethanlien@synology.com>
commit b642b52d0b50f4d398cb4293f64992d0eed2e2ce upstream.
We use extent_changeset->bytes_changed in qgroup_reserve_data() to record
how many bytes we set for EXTENT_QGROUP_RESERVED state. Currently the
bytes_changed is set as "unsigned int", and it will overflow if we try to
fallocate a range larger than 4GiB. The result is we reserve less bytes
and eventually break the qgroup limit.
Unlike regular buffered/direct write, which we use one changeset for
each ordered extent, which can never be larger than 256M. For
fallocate, we use one changeset for the whole range, thus it no longer
respects the 256M per extent limit, and caused the problem.
The following example test script reproduces the problem:
$ cat qgroup-overflow.sh
#!/bin/bash
DEV=/dev/sdj
MNT=/mnt/sdj
mkfs.btrfs -f $DEV
mount $DEV $MNT
# Set qgroup limit to 2GiB.
btrfs quota enable $MNT
btrfs qgroup limit 2G $MNT
# Try to fallocate a 3GiB file. This should fail.
echo
echo "Try to fallocate a 3GiB file..."
fallocate -l 3G $MNT/3G.file
# Try to fallocate a 5GiB file.
echo
echo "Try to fallocate a 5GiB file..."
fallocate -l 5G $MNT/5G.file
# See we break the qgroup limit.
echo
sync
btrfs qgroup show -r $MNT
umount $MNT
When running the test:
$ ./qgroup-overflow.sh
(...)
Try to fallocate a 3GiB file...
fallocate: fallocate failed: Disk quota exceeded
Try to fallocate a 5GiB file...
qgroupid rfer excl max_rfer
-------- ---- ---- --------
0/5 5.00GiB 5.00GiB 2.00GiB
Since we have no control of how bytes_changed is used, it's better to
set it to u64.
CC: stable@vger.kernel.org # 4.14+
Reviewed-by: Qu Wenruo <wqu@suse.com>
Signed-off-by: Ethan Lien <ethanlien@synology.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/btrfs/extent_io.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/fs/btrfs/extent_io.h
+++ b/fs/btrfs/extent_io.h
@@ -197,7 +197,7 @@ struct extent_buffer {
*/
struct extent_changeset {
/* How many bytes are set/cleared in this operation */
- unsigned int bytes_changed;
+ u64 bytes_changed;
/* Changed ranges */
struct ulist range_changed;
^ permalink raw reply [flat|nested] 364+ messages in thread
* [PATCH 4.19 320/338] arm64: patch_text: Fixup last cpu should be master
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (318 preceding siblings ...)
2022-04-14 13:13 ` [PATCH 4.19 319/338] btrfs: fix qgroup reserve overflow the qgroup limit Greg Kroah-Hartman
@ 2022-04-14 13:13 ` Greg Kroah-Hartman
2022-04-14 13:13 ` [PATCH 4.19 321/338] ata: sata_dwc_460ex: Fix crash due to OOB write Greg Kroah-Hartman
` (23 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:13 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Guo Ren, Guo Ren, Catalin Marinas,
Masami Hiramatsu, Will Deacon
From: Guo Ren <guoren@linux.alibaba.com>
commit 31a099dbd91e69fcab55eef4be15ed7a8c984918 upstream.
These patch_text implementations are using stop_machine_cpuslocked
infrastructure with atomic cpu_count. The original idea: When the
master CPU patch_text, the others should wait for it. But current
implementation is using the first CPU as master, which couldn't
guarantee the remaining CPUs are waiting. This patch changes the
last CPU as the master to solve the potential risk.
Fixes: ae16480785de ("arm64: introduce interfaces to hotpatch kernel and module code")
Signed-off-by: Guo Ren <guoren@linux.alibaba.com>
Signed-off-by: Guo Ren <guoren@kernel.org>
Reviewed-by: Catalin Marinas <catalin.marinas@arm.com>
Reviewed-by: Masami Hiramatsu <mhiramat@kernel.org>
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20220407073323.743224-2-guoren@kernel.org
Signed-off-by: Will Deacon <will@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arm64/kernel/insn.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/arch/arm64/kernel/insn.c
+++ b/arch/arm64/kernel/insn.c
@@ -204,8 +204,8 @@ static int __kprobes aarch64_insn_patch_
int i, ret = 0;
struct aarch64_insn_patch *pp = arg;
- /* The first CPU becomes master */
- if (atomic_inc_return(&pp->cpu_count) == 1) {
+ /* The last CPU becomes master */
+ if (atomic_inc_return(&pp->cpu_count) == num_online_cpus()) {
for (i = 0; ret == 0 && i < pp->insn_cnt; i++)
ret = aarch64_insn_patch_text_nosync(pp->text_addrs[i],
pp->new_insns[i]);
^ permalink raw reply [flat|nested] 364+ messages in thread
* [PATCH 4.19 321/338] ata: sata_dwc_460ex: Fix crash due to OOB write
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (319 preceding siblings ...)
2022-04-14 13:13 ` [PATCH 4.19 320/338] arm64: patch_text: Fixup last cpu should be master Greg Kroah-Hartman
@ 2022-04-14 13:13 ` Greg Kroah-Hartman
2022-04-14 13:13 ` [PATCH 4.19 322/338] perf: qcom_l2_pmu: fix an incorrect NULL check on list iterator Greg Kroah-Hartman
` (22 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:13 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Christian Lamparter, Damien Le Moal, stable
From: Christian Lamparter <chunkeey@gmail.com>
commit 7aa8104a554713b685db729e66511b93d989dd6a upstream.
the driver uses libata's "tag" values from in various arrays.
Since the mentioned patch bumped the ATA_TAG_INTERNAL to 32,
the value of the SATA_DWC_QCMD_MAX needs to account for that.
Otherwise ATA_TAG_INTERNAL usage cause similar crashes like
this as reported by Tice Rex on the OpenWrt Forum and
reproduced (with symbols) here:
| BUG: Kernel NULL pointer dereference at 0x00000000
| Faulting instruction address: 0xc03ed4b8
| Oops: Kernel access of bad area, sig: 11 [#1]
| BE PAGE_SIZE=4K PowerPC 44x Platform
| CPU: 0 PID: 362 Comm: scsi_eh_1 Not tainted 5.4.163 #0
| NIP: c03ed4b8 LR: c03d27e8 CTR: c03ed36c
| REGS: cfa59950 TRAP: 0300 Not tainted (5.4.163)
| MSR: 00021000 <CE,ME> CR: 42000222 XER: 00000000
| DEAR: 00000000 ESR: 00000000
| GPR00: c03d27e8 cfa59a08 cfa55fe0 00000000 0fa46bc0 [...]
| [..]
| NIP [c03ed4b8] sata_dwc_qc_issue+0x14c/0x254
| LR [c03d27e8] ata_qc_issue+0x1c8/0x2dc
| Call Trace:
| [cfa59a08] [c003f4e0] __cancel_work_timer+0x124/0x194 (unreliable)
| [cfa59a78] [c03d27e8] ata_qc_issue+0x1c8/0x2dc
| [cfa59a98] [c03d2b3c] ata_exec_internal_sg+0x240/0x524
| [cfa59b08] [c03d2e98] ata_exec_internal+0x78/0xe0
| [cfa59b58] [c03d30fc] ata_read_log_page.part.38+0x1dc/0x204
| [cfa59bc8] [c03d324c] ata_identify_page_supported+0x68/0x130
| [...]
This is because sata_dwc_dma_xfer_complete() NULLs the
dma_pending's next neighbour "chan" (a *dma_chan struct) in
this '32' case right here (line ~735):
> hsdevp->dma_pending[tag] = SATA_DWC_DMA_PENDING_NONE;
Then the next time, a dma gets issued; dma_dwc_xfer_setup() passes
the NULL'd hsdevp->chan to the dmaengine_slave_config() which then
causes the crash.
With this patch, SATA_DWC_QCMD_MAX is now set to ATA_MAX_QUEUE + 1.
This avoids the OOB. But please note, there was a worthwhile discussion
on what ATA_TAG_INTERNAL and ATA_MAX_QUEUE is. And why there should not
be a "fake" 33 command-long queue size.
Ideally, the dw driver should account for the ATA_TAG_INTERNAL.
In Damien Le Moal's words: "... having looked at the driver, it
is a bigger change than just faking a 33rd "tag" that is in fact
not a command tag at all."
Fixes: 28361c403683c ("libata: add extra internal command")
Cc: stable@kernel.org # 4.18+
BugLink: https://github.com/openwrt/openwrt/issues/9505
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
Signed-off-by: Damien Le Moal <damien.lemoal@opensource.wdc.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/ata/sata_dwc_460ex.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
--- a/drivers/ata/sata_dwc_460ex.c
+++ b/drivers/ata/sata_dwc_460ex.c
@@ -149,7 +149,11 @@ struct sata_dwc_device {
#endif
};
-#define SATA_DWC_QCMD_MAX 32
+/*
+ * Allow one extra special slot for commands and DMA management
+ * to account for libata internal commands.
+ */
+#define SATA_DWC_QCMD_MAX (ATA_MAX_QUEUE + 1)
struct sata_dwc_device_port {
struct sata_dwc_device *hsdev;
^ permalink raw reply [flat|nested] 364+ messages in thread
* [PATCH 4.19 322/338] perf: qcom_l2_pmu: fix an incorrect NULL check on list iterator
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (320 preceding siblings ...)
2022-04-14 13:13 ` [PATCH 4.19 321/338] ata: sata_dwc_460ex: Fix crash due to OOB write Greg Kroah-Hartman
@ 2022-04-14 13:13 ` Greg Kroah-Hartman
2022-04-14 13:13 ` [PATCH 4.19 323/338] irqchip/gic-v3: Fix GICR_CTLR.RWP polling Greg Kroah-Hartman
` (21 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:13 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Xiaomeng Tong, Will Deacon
From: Xiaomeng Tong <xiam0nd.tong@gmail.com>
commit 2012a9e279013933885983cbe0a5fe828052563b upstream.
The bug is here:
return cluster;
The list iterator value 'cluster' will *always* be set and non-NULL
by list_for_each_entry(), so it is incorrect to assume that the
iterator value will be NULL if the list is empty or no element
is found.
To fix the bug, return 'cluster' when found, otherwise return NULL.
Cc: stable@vger.kernel.org
Fixes: 21bdbb7102ed ("perf: add qcom l2 cache perf events driver")
Signed-off-by: Xiaomeng Tong <xiam0nd.tong@gmail.com>
Link: https://lore.kernel.org/r/20220327055733.4070-1-xiam0nd.tong@gmail.com
Signed-off-by: Will Deacon <will@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/perf/qcom_l2_pmu.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
--- a/drivers/perf/qcom_l2_pmu.c
+++ b/drivers/perf/qcom_l2_pmu.c
@@ -797,7 +797,7 @@ static struct cluster_pmu *l2_cache_asso
{
u64 mpidr;
int cpu_cluster_id;
- struct cluster_pmu *cluster = NULL;
+ struct cluster_pmu *cluster;
/*
* This assumes that the cluster_id is in MPIDR[aff1] for
@@ -819,10 +819,10 @@ static struct cluster_pmu *l2_cache_asso
cluster->cluster_id);
cpumask_set_cpu(cpu, &cluster->cluster_cpus);
*per_cpu_ptr(l2cache_pmu->pmu_cluster, cpu) = cluster;
- break;
+ return cluster;
}
- return cluster;
+ return NULL;
}
static int l2cache_pmu_online_cpu(unsigned int cpu, struct hlist_node *node)
^ permalink raw reply [flat|nested] 364+ messages in thread
* [PATCH 4.19 323/338] irqchip/gic-v3: Fix GICR_CTLR.RWP polling
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (321 preceding siblings ...)
2022-04-14 13:13 ` [PATCH 4.19 322/338] perf: qcom_l2_pmu: fix an incorrect NULL check on list iterator Greg Kroah-Hartman
@ 2022-04-14 13:13 ` Greg Kroah-Hartman
2022-04-14 13:13 ` [PATCH 4.19 324/338] tools build: Filter out options and warnings not supported by clang Greg Kroah-Hartman
` (20 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:13 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Marc Zyngier, Andre Przywara,
Lorenzo Pieralisi
From: Marc Zyngier <maz@kernel.org>
commit 0df6664531a12cdd8fc873f0cac0dcb40243d3e9 upstream.
It turns out that our polling of RWP is totally wrong when checking
for it in the redistributors, as we test the *distributor* bit index,
whereas it is a different bit number in the RDs... Oopsie boo.
This is embarassing. Not only because it is wrong, but also because
it took *8 years* to notice the blunder...
Just fix the damn thing.
Fixes: 021f653791ad ("irqchip: gic-v3: Initial support for GICv3")
Signed-off-by: Marc Zyngier <maz@kernel.org>
Cc: stable@vger.kernel.org
Reviewed-by: Andre Przywara <andre.przywara@arm.com>
Reviewed-by: Lorenzo Pieralisi <lorenzo.pieralisi@arm.com>
Link: https://lore.kernel.org/r/20220315165034.794482-2-maz@kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/irqchip/irq-gic-v3.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
--- a/drivers/irqchip/irq-gic-v3.c
+++ b/drivers/irqchip/irq-gic-v3.c
@@ -95,11 +95,11 @@ static inline void __iomem *gic_dist_bas
return NULL;
}
-static void gic_do_wait_for_rwp(void __iomem *base)
+static void gic_do_wait_for_rwp(void __iomem *base, u32 bit)
{
u32 count = 1000000; /* 1s! */
- while (readl_relaxed(base + GICD_CTLR) & GICD_CTLR_RWP) {
+ while (readl_relaxed(base + GICD_CTLR) & bit) {
count--;
if (!count) {
pr_err_ratelimited("RWP timeout, gone fishing\n");
@@ -113,13 +113,13 @@ static void gic_do_wait_for_rwp(void __i
/* Wait for completion of a distributor change */
static void gic_dist_wait_for_rwp(void)
{
- gic_do_wait_for_rwp(gic_data.dist_base);
+ gic_do_wait_for_rwp(gic_data.dist_base, GICD_CTLR_RWP);
}
/* Wait for completion of a redistributor change */
static void gic_redist_wait_for_rwp(void)
{
- gic_do_wait_for_rwp(gic_data_rdist_rd_base());
+ gic_do_wait_for_rwp(gic_data_rdist_rd_base(), GICR_CTLR_RWP);
}
#ifdef CONFIG_ARM64
^ permalink raw reply [flat|nested] 364+ messages in thread
* [PATCH 4.19 324/338] tools build: Filter out options and warnings not supported by clang
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (322 preceding siblings ...)
2022-04-14 13:13 ` [PATCH 4.19 323/338] irqchip/gic-v3: Fix GICR_CTLR.RWP polling Greg Kroah-Hartman
@ 2022-04-14 13:13 ` Greg Kroah-Hartman
2022-04-14 13:13 ` [PATCH 4.19 325/338] tools build: Use $(shell ) instead of `` to get embedded libperls ccopts Greg Kroah-Hartman
` (19 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:13 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Adrian Hunter, Fangrui Song,
Florian Fainelli, Ian Rogers, Jiri Olsa, John Keeping, Leo Yan,
Michael Petlan, Namhyung Kim, Nathan Chancellor,
Nick Desaulniers, Arnaldo Carvalho de Melo, Sedat Dilek
From: Arnaldo Carvalho de Melo <acme@redhat.com>
commit 41caff459a5b956b3e23ba9ca759dd0629ad3dda upstream.
These make the feature check fail when using clang, so remove them just
like is done in tools/perf/Makefile.config to build perf itself.
Adding -Wno-compound-token-split-by-macro to tools/perf/Makefile.config
when building with clang is also necessary to avoid these warnings
turned into errors (-Werror):
CC /tmp/build/perf/util/scripting-engines/trace-event-perl.o
In file included from util/scripting-engines/trace-event-perl.c:35:
In file included from /usr/lib64/perl5/CORE/perl.h:4085:
In file included from /usr/lib64/perl5/CORE/hv.h:659:
In file included from /usr/lib64/perl5/CORE/hv_func.h:34:
In file included from /usr/lib64/perl5/CORE/sbox32_hash.h:4:
/usr/lib64/perl5/CORE/zaphod32_hash.h:150:5: error: '(' and '{' tokens introducing statement expression appear in different macro expansion contexts [-Werror,-Wcompound-token-split-by-macro]
ZAPHOD32_SCRAMBLE32(state[0],0x9fade23b);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
/usr/lib64/perl5/CORE/zaphod32_hash.h:80:38: note: expanded from macro 'ZAPHOD32_SCRAMBLE32'
#define ZAPHOD32_SCRAMBLE32(v,prime) STMT_START { \
^~~~~~~~~~
/usr/lib64/perl5/CORE/perl.h:737:29: note: expanded from macro 'STMT_START'
# define STMT_START (void)( /* gcc supports "({ STATEMENTS; })" */
^
/usr/lib64/perl5/CORE/zaphod32_hash.h:150:5: note: '{' token is here
ZAPHOD32_SCRAMBLE32(state[0],0x9fade23b);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
/usr/lib64/perl5/CORE/zaphod32_hash.h:80:49: note: expanded from macro 'ZAPHOD32_SCRAMBLE32'
#define ZAPHOD32_SCRAMBLE32(v,prime) STMT_START { \
^
/usr/lib64/perl5/CORE/zaphod32_hash.h:150:5: error: '}' and ')' tokens terminating statement expression appear in different macro expansion contexts [-Werror,-Wcompound-token-split-by-macro]
ZAPHOD32_SCRAMBLE32(state[0],0x9fade23b);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
/usr/lib64/perl5/CORE/zaphod32_hash.h:87:41: note: expanded from macro 'ZAPHOD32_SCRAMBLE32'
v ^= (v>>23); \
^
/usr/lib64/perl5/CORE/zaphod32_hash.h:150:5: note: ')' token is here
ZAPHOD32_SCRAMBLE32(state[0],0x9fade23b);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
/usr/lib64/perl5/CORE/zaphod32_hash.h:88:3: note: expanded from macro 'ZAPHOD32_SCRAMBLE32'
} STMT_END
^~~~~~~~
/usr/lib64/perl5/CORE/perl.h:738:21: note: expanded from macro 'STMT_END'
# define STMT_END )
^
Please refer to the discussion on the Link: tag below, where Nathan
clarifies the situation:
<quote>
acme> And then get to the problems at the end of this message, which seem
acme> similar to the problem described here:
acme>
acme> From Nathan Chancellor <>
acme> Subject [PATCH] mwifiex: Remove unnecessary braces from HostCmd_SET_SEQ_NO_BSS_INFO
acme>
acme> https://lkml.org/lkml/2020/9/1/135
acme>
acme> So perhaps in this case its better to disable that
acme> -Werror,-Wcompound-token-split-by-macro when building with clang?
Yes, I think that is probably the best solution. As far as I can tell,
at least in this file and context, the warning appears harmless, as the
"create a GNU C statement expression from two different macros" is very
much intentional, based on the presence of PERL_USE_GCC_BRACE_GROUPS.
The warning is fixed in upstream Perl by just avoiding creating GNU C
statement expressions using STMT_START and STMT_END:
https://github.com/Perl/perl5/issues/18780
https://github.com/Perl/perl5/pull/18984
If I am reading the source code correctly, an alternative to disabling
the warning would be specifying -DPERL_GCC_BRACE_GROUPS_FORBIDDEN but it
seems like that might end up impacting more than just this site,
according to the issue discussion above.
</quote>
Based-on-a-patch-by: Sedat Dilek <sedat.dilek@gmail.com>
Tested-by: Sedat Dilek <sedat.dilek@gmail.com> # Debian/Selfmade LLVM-14 (x86-64)
Cc: Adrian Hunter <adrian.hunter@intel.com>
Cc: Fangrui Song <maskray@google.com>
Cc: Florian Fainelli <f.fainelli@gmail.com>
Cc: Ian Rogers <irogers@google.com>
Cc: Jiri Olsa <jolsa@kernel.org>
Cc: John Keeping <john@metanate.com>
Cc: Leo Yan <leo.yan@linaro.org>
Cc: Michael Petlan <mpetlan@redhat.com>
Cc: Namhyung Kim <namhyung@kernel.org>
Cc: Nathan Chancellor <nathan@kernel.org>
Cc: Nick Desaulniers <ndesaulniers@google.com>
Link: http://lore.kernel.org/lkml/YkxWcYzph5pC1EK8@kernel.org
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
tools/build/feature/Makefile | 7 +++++++
tools/perf/Makefile.config | 3 +++
2 files changed, 10 insertions(+)
--- a/tools/build/feature/Makefile
+++ b/tools/build/feature/Makefile
@@ -196,6 +196,13 @@ PERL_EMBED_LIBADD = $(call grep-libs,$(P
PERL_EMBED_CCOPTS = `perl -MExtUtils::Embed -e ccopts 2>/dev/null`
FLAGS_PERL_EMBED=$(PERL_EMBED_CCOPTS) $(PERL_EMBED_LDOPTS)
+ifeq ($(CC_NO_CLANG), 0)
+ PERL_EMBED_LDOPTS := $(filter-out -specs=%,$(PERL_EMBED_LDOPTS))
+ PERL_EMBED_CCOPTS := $(filter-out -flto=auto -ffat-lto-objects, $(PERL_EMBED_CCOPTS))
+ PERL_EMBED_CCOPTS := $(filter-out -specs=%,$(PERL_EMBED_CCOPTS))
+ FLAGS_PERL_EMBED += -Wno-compound-token-split-by-macro
+endif
+
$(OUTPUT)test-libperl.bin:
$(BUILD) $(FLAGS_PERL_EMBED)
--- a/tools/perf/Makefile.config
+++ b/tools/perf/Makefile.config
@@ -662,6 +662,9 @@ else
LDFLAGS += $(PERL_EMBED_LDFLAGS)
EXTLIBS += $(PERL_EMBED_LIBADD)
CFLAGS += -DHAVE_LIBPERL_SUPPORT
+ ifeq ($(CC_NO_CLANG), 0)
+ CFLAGS += -Wno-compound-token-split-by-macro
+ endif
$(call detected,CONFIG_LIBPERL)
endif
endif
^ permalink raw reply [flat|nested] 364+ messages in thread
* [PATCH 4.19 325/338] tools build: Use $(shell ) instead of `` to get embedded libperls ccopts
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (323 preceding siblings ...)
2022-04-14 13:13 ` [PATCH 4.19 324/338] tools build: Filter out options and warnings not supported by clang Greg Kroah-Hartman
@ 2022-04-14 13:13 ` Greg Kroah-Hartman
2022-04-14 13:13 ` [PATCH 4.19 326/338] dmaengine: Revert "dmaengine: shdma: Fix runtime PM imbalance on error" Greg Kroah-Hartman
` (18 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:13 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Adrian Hunter, Fangrui Song,
Florian Fainelli, Ian Rogers, Jiri Olsa, John Keeping, Leo Yan,
Michael Petlan, Namhyung Kim, Nathan Chancellor,
Nick Desaulniers, Arnaldo Carvalho de Melo, Sedat Dilek
From: Arnaldo Carvalho de Melo <acme@redhat.com>
commit 541f695cbcb6932c22638b06e0cbe1d56177e2e9 upstream.
Just like its done for ldopts and for both in tools/perf/Makefile.config.
Using `` to initialize PERL_EMBED_CCOPTS somehow precludes using:
$(filter-out SOMETHING_TO_FILTER,$(PERL_EMBED_CCOPTS))
And we need to do it to allow for building with versions of clang where
some gcc options selected by distros are not available.
Tested-by: Sedat Dilek <sedat.dilek@gmail.com> # Debian/Selfmade LLVM-14 (x86-64)
Cc: Adrian Hunter <adrian.hunter@intel.com>
Cc: Fangrui Song <maskray@google.com>
Cc: Florian Fainelli <f.fainelli@gmail.com>
Cc: Ian Rogers <irogers@google.com>
Cc: Jiri Olsa <jolsa@kernel.org>
Cc: John Keeping <john@metanate.com>
Cc: Leo Yan <leo.yan@linaro.org>
Cc: Michael Petlan <mpetlan@redhat.com>
Cc: Namhyung Kim <namhyung@kernel.org>
Cc: Nathan Chancellor <nathan@kernel.org>
Cc: Nick Desaulniers <ndesaulniers@google.com>
Link: http://lore.kernel.org/lkml/YktYX2OnLtyobRYD@kernel.org
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
tools/build/feature/Makefile | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/tools/build/feature/Makefile
+++ b/tools/build/feature/Makefile
@@ -193,7 +193,7 @@ strip-libs = $(filter-out -l%,$(1))
PERL_EMBED_LDOPTS = $(shell perl -MExtUtils::Embed -e ldopts 2>/dev/null)
PERL_EMBED_LDFLAGS = $(call strip-libs,$(PERL_EMBED_LDOPTS))
PERL_EMBED_LIBADD = $(call grep-libs,$(PERL_EMBED_LDOPTS))
-PERL_EMBED_CCOPTS = `perl -MExtUtils::Embed -e ccopts 2>/dev/null`
+PERL_EMBED_CCOPTS = $(shell perl -MExtUtils::Embed -e ccopts 2>/dev/null)
FLAGS_PERL_EMBED=$(PERL_EMBED_CCOPTS) $(PERL_EMBED_LDOPTS)
ifeq ($(CC_NO_CLANG), 0)
^ permalink raw reply [flat|nested] 364+ messages in thread
* [PATCH 4.19 326/338] dmaengine: Revert "dmaengine: shdma: Fix runtime PM imbalance on error"
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (324 preceding siblings ...)
2022-04-14 13:13 ` [PATCH 4.19 325/338] tools build: Use $(shell ) instead of `` to get embedded libperls ccopts Greg Kroah-Hartman
@ 2022-04-14 13:13 ` Greg Kroah-Hartman
2022-04-14 13:13 ` [PATCH 4.19 327/338] mm: dont skip swap entry even if zap_details specified Greg Kroah-Hartman
` (17 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:13 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Vinod Koul
From: Vinod Koul <vkoul@kernel.org>
commit d143f939a95696d38ff800ada14402fa50ebbd6c upstream.
This reverts commit 455896c53d5b ("dmaengine: shdma: Fix runtime PM
imbalance on error") as the patch wrongly reduced the count on error and
did not bail out. So drop the count by reverting the patch .
Signed-off-by: Vinod Koul <vkoul@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/dma/sh/shdma-base.c | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
--- a/drivers/dma/sh/shdma-base.c
+++ b/drivers/dma/sh/shdma-base.c
@@ -118,10 +118,8 @@ static dma_cookie_t shdma_tx_submit(stru
ret = pm_runtime_get(schan->dev);
spin_unlock_irq(&schan->chan_lock);
- if (ret < 0) {
+ if (ret < 0)
dev_err(schan->dev, "%s(): GET = %d\n", __func__, ret);
- pm_runtime_put(schan->dev);
- }
pm_runtime_barrier(schan->dev);
^ permalink raw reply [flat|nested] 364+ messages in thread
* [PATCH 4.19 327/338] mm: dont skip swap entry even if zap_details specified
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (325 preceding siblings ...)
2022-04-14 13:13 ` [PATCH 4.19 326/338] dmaengine: Revert "dmaengine: shdma: Fix runtime PM imbalance on error" Greg Kroah-Hartman
@ 2022-04-14 13:13 ` Greg Kroah-Hartman
2022-04-14 13:13 ` [PATCH 4.19 328/338] arm64: module: remove (NOLOAD) from linker script Greg Kroah-Hartman
` (16 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:13 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Peter Xu, John Hubbard,
David Hildenbrand, Hugh Dickins, Alistair Popple,
Andrea Arcangeli, Kirill A . Shutemov, Matthew Wilcox,
Vlastimil Babka, Yang Shi, Andrew Morton, Linus Torvalds
From: Peter Xu <peterx@redhat.com>
commit 5abfd71d936a8aefd9f9ccd299dea7a164a5d455 upstream.
Patch series "mm: Rework zap ptes on swap entries", v5.
Patch 1 should fix a long standing bug for zap_pte_range() on
zap_details usage. The risk is we could have some swap entries skipped
while we should have zapped them.
Migration entries are not the major concern because file backed memory
always zap in the pattern that "first time without page lock, then
re-zap with page lock" hence the 2nd zap will always make sure all
migration entries are already recovered.
However there can be issues with real swap entries got skipped
errornoously. There's a reproducer provided in commit message of patch
1 for that.
Patch 2-4 are cleanups that are based on patch 1. After the whole
patchset applied, we should have a very clean view of zap_pte_range().
Only patch 1 needs to be backported to stable if necessary.
This patch (of 4):
The "details" pointer shouldn't be the token to decide whether we should
skip swap entries.
For example, when the callers specified details->zap_mapping==NULL, it
means the user wants to zap all the pages (including COWed pages), then
we need to look into swap entries because there can be private COWed
pages that was swapped out.
Skipping some swap entries when details is non-NULL may lead to wrongly
leaving some of the swap entries while we should have zapped them.
A reproducer of the problem:
===8<===
#define _GNU_SOURCE /* See feature_test_macros(7) */
#include <stdio.h>
#include <assert.h>
#include <unistd.h>
#include <sys/mman.h>
#include <sys/types.h>
int page_size;
int shmem_fd;
char *buffer;
void main(void)
{
int ret;
char val;
page_size = getpagesize();
shmem_fd = memfd_create("test", 0);
assert(shmem_fd >= 0);
ret = ftruncate(shmem_fd, page_size * 2);
assert(ret == 0);
buffer = mmap(NULL, page_size * 2, PROT_READ | PROT_WRITE,
MAP_PRIVATE, shmem_fd, 0);
assert(buffer != MAP_FAILED);
/* Write private page, swap it out */
buffer[page_size] = 1;
madvise(buffer, page_size * 2, MADV_PAGEOUT);
/* This should drop private buffer[page_size] already */
ret = ftruncate(shmem_fd, page_size);
assert(ret == 0);
/* Recover the size */
ret = ftruncate(shmem_fd, page_size * 2);
assert(ret == 0);
/* Re-read the data, it should be all zero */
val = buffer[page_size];
if (val == 0)
printf("Good\n");
else
printf("BUG\n");
}
===8<===
We don't need to touch up the pmd path, because pmd never had a issue with
swap entries. For example, shmem pmd migration will always be split into
pte level, and same to swapping on anonymous.
Add another helper should_zap_cows() so that we can also check whether we
should zap private mappings when there's no page pointer specified.
This patch drops that trick, so we handle swap ptes coherently. Meanwhile
we should do the same check upon migration entry, hwpoison entry and
genuine swap entries too.
To be explicit, we should still remember to keep the private entries if
even_cows==false, and always zap them when even_cows==true.
The issue seems to exist starting from the initial commit of git.
[peterx@redhat.com: comment tweaks]
Link: https://lkml.kernel.org/r/20220217060746.71256-2-peterx@redhat.com
Link: https://lkml.kernel.org/r/20220217060746.71256-1-peterx@redhat.com
Link: https://lkml.kernel.org/r/20220216094810.60572-1-peterx@redhat.com
Link: https://lkml.kernel.org/r/20220216094810.60572-2-peterx@redhat.com
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Signed-off-by: Peter Xu <peterx@redhat.com>
Reviewed-by: John Hubbard <jhubbard@nvidia.com>
Cc: David Hildenbrand <david@redhat.com>
Cc: Hugh Dickins <hughd@google.com>
Cc: Alistair Popple <apopple@nvidia.com>
Cc: Andrea Arcangeli <aarcange@redhat.com>
Cc: "Kirill A . Shutemov" <kirill@shutemov.name>
Cc: Matthew Wilcox <willy@infradead.org>
Cc: Vlastimil Babka <vbabka@suse.cz>
Cc: Yang Shi <shy828301@gmail.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
mm/memory.c | 25 +++++++++++++++++++------
1 file changed, 19 insertions(+), 6 deletions(-)
--- a/mm/memory.c
+++ b/mm/memory.c
@@ -1302,6 +1302,17 @@ int copy_page_range(struct mm_struct *ds
return ret;
}
+/* Whether we should zap all COWed (private) pages too */
+static inline bool should_zap_cows(struct zap_details *details)
+{
+ /* By default, zap all pages */
+ if (!details)
+ return true;
+
+ /* Or, we zap COWed pages only if the caller wants to */
+ return !details->check_mapping;
+}
+
static unsigned long zap_pte_range(struct mmu_gather *tlb,
struct vm_area_struct *vma, pmd_t *pmd,
unsigned long addr, unsigned long end,
@@ -1390,17 +1401,19 @@ again:
continue;
}
- /* If details->check_mapping, we leave swap entries. */
- if (unlikely(details))
- continue;
-
entry = pte_to_swp_entry(ptent);
- if (!non_swap_entry(entry))
+ if (!non_swap_entry(entry)) {
+ /* Genuine swap entry, hence a private anon page */
+ if (!should_zap_cows(details))
+ continue;
rss[MM_SWAPENTS]--;
- else if (is_migration_entry(entry)) {
+ } else if (is_migration_entry(entry)) {
struct page *page;
page = migration_entry_to_page(entry);
+ if (details && details->check_mapping &&
+ details->check_mapping != page_rmapping(page))
+ continue;
rss[mm_counter(page)]--;
}
if (unlikely(!free_swap_and_cache(entry)))
^ permalink raw reply [flat|nested] 364+ messages in thread
* [PATCH 4.19 328/338] arm64: module: remove (NOLOAD) from linker script
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (326 preceding siblings ...)
2022-04-14 13:13 ` [PATCH 4.19 327/338] mm: dont skip swap entry even if zap_details specified Greg Kroah-Hartman
@ 2022-04-14 13:13 ` Greg Kroah-Hartman
2022-04-14 13:13 ` [PATCH 4.19 329/338] mm/sparsemem: fix mem_section will never be NULL gcc 12 warning Greg Kroah-Hartman
` (15 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:13 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Nathan Chancellor, Fangrui Song,
Ard Biesheuvel, Will Deacon
From: Fangrui Song <maskray@google.com>
commit 4013e26670c590944abdab56c4fa797527b74325 upstream.
On ELF, (NOLOAD) sets the section type to SHT_NOBITS[1]. It is conceptually
inappropriate for .plt and .text.* sections which are always
SHT_PROGBITS.
In GNU ld, if PLT entries are needed, .plt will be SHT_PROGBITS anyway
and (NOLOAD) will be essentially ignored. In ld.lld, since
https://reviews.llvm.org/D118840 ("[ELF] Support (TYPE=<value>) to
customize the output section type"), ld.lld will report a `section type
mismatch` error. Just remove (NOLOAD) to fix the error.
[1] https://lld.llvm.org/ELF/linker_script.html As of today, "The
section should be marked as not loadable" on
https://sourceware.org/binutils/docs/ld/Output-Section-Type.html is
outdated for ELF.
Tested-by: Nathan Chancellor <nathan@kernel.org>
Reported-by: Nathan Chancellor <nathan@kernel.org>
Signed-off-by: Fangrui Song <maskray@google.com>
Acked-by: Ard Biesheuvel <ardb@kernel.org>
Link: https://lore.kernel.org/r/20220218081209.354383-1-maskray@google.com
Signed-off-by: Will Deacon <will@kernel.org>
[nathan: Fix conflicts due to lack of 596b0474d3d9]
Signed-off-by: Nathan Chancellor <nathan@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arm64/kernel/module.lds | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
--- a/arch/arm64/kernel/module.lds
+++ b/arch/arm64/kernel/module.lds
@@ -1,5 +1,5 @@
SECTIONS {
- .plt 0 (NOLOAD) : { BYTE(0) }
- .init.plt 0 (NOLOAD) : { BYTE(0) }
- .text.ftrace_trampoline 0 (NOLOAD) : { BYTE(0) }
+ .plt 0 : { BYTE(0) }
+ .init.plt 0 : { BYTE(0) }
+ .text.ftrace_trampoline 0 : { BYTE(0) }
}
^ permalink raw reply [flat|nested] 364+ messages in thread
* [PATCH 4.19 329/338] mm/sparsemem: fix mem_section will never be NULL gcc 12 warning
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (327 preceding siblings ...)
2022-04-14 13:13 ` [PATCH 4.19 328/338] arm64: module: remove (NOLOAD) from linker script Greg Kroah-Hartman
@ 2022-04-14 13:13 ` Greg Kroah-Hartman
2022-04-14 13:13 ` [PATCH 4.19 330/338] cgroup: Use open-time credentials for process migraton perm checks Greg Kroah-Hartman
` (14 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:13 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Waiman Long, Justin Forbes,
Kirill A . Shutemov, Ingo Molnar, Rafael Aquini, Andrew Morton,
Linus Torvalds
From: Waiman Long <longman@redhat.com>
commit a431dbbc540532b7465eae4fc8b56a85a9fc7d17 upstream.
The gcc 12 compiler reports a "'mem_section' will never be NULL" warning
on the following code:
static inline struct mem_section *__nr_to_section(unsigned long nr)
{
#ifdef CONFIG_SPARSEMEM_EXTREME
if (!mem_section)
return NULL;
#endif
if (!mem_section[SECTION_NR_TO_ROOT(nr)])
return NULL;
:
It happens with CONFIG_SPARSEMEM_EXTREME off. The mem_section definition
is
#ifdef CONFIG_SPARSEMEM_EXTREME
extern struct mem_section **mem_section;
#else
extern struct mem_section mem_section[NR_SECTION_ROOTS][SECTIONS_PER_ROOT];
#endif
In the !CONFIG_SPARSEMEM_EXTREME case, mem_section is a static
2-dimensional array and so the check "!mem_section[SECTION_NR_TO_ROOT(nr)]"
doesn't make sense.
Fix this warning by moving the "!mem_section[SECTION_NR_TO_ROOT(nr)]"
check up inside the CONFIG_SPARSEMEM_EXTREME block and adding an
explicit NR_SECTION_ROOTS check to make sure that there is no
out-of-bound array access.
Link: https://lkml.kernel.org/r/20220331180246.2746210-1-longman@redhat.com
Fixes: 3e347261a80b ("sparsemem extreme implementation")
Signed-off-by: Waiman Long <longman@redhat.com>
Reported-by: Justin Forbes <jforbes@redhat.com>
Cc: "Kirill A . Shutemov" <kirill.shutemov@linux.intel.com>
Cc: Ingo Molnar <mingo@kernel.org>
Cc: Rafael Aquini <aquini@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
include/linux/mmzone.h | 11 +++++++----
1 file changed, 7 insertions(+), 4 deletions(-)
--- a/include/linux/mmzone.h
+++ b/include/linux/mmzone.h
@@ -1155,13 +1155,16 @@ extern struct mem_section mem_section[NR
static inline struct mem_section *__nr_to_section(unsigned long nr)
{
+ unsigned long root = SECTION_NR_TO_ROOT(nr);
+
+ if (unlikely(root >= NR_SECTION_ROOTS))
+ return NULL;
+
#ifdef CONFIG_SPARSEMEM_EXTREME
- if (!mem_section)
+ if (!mem_section || !mem_section[root])
return NULL;
#endif
- if (!mem_section[SECTION_NR_TO_ROOT(nr)])
- return NULL;
- return &mem_section[SECTION_NR_TO_ROOT(nr)][nr & SECTION_ROOT_MASK];
+ return &mem_section[root][nr & SECTION_ROOT_MASK];
}
extern int __section_nr(struct mem_section* ms);
extern unsigned long usemap_size(void);
^ permalink raw reply [flat|nested] 364+ messages in thread
* [PATCH 4.19 330/338] cgroup: Use open-time credentials for process migraton perm checks
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (328 preceding siblings ...)
2022-04-14 13:13 ` [PATCH 4.19 329/338] mm/sparsemem: fix mem_section will never be NULL gcc 12 warning Greg Kroah-Hartman
@ 2022-04-14 13:13 ` Greg Kroah-Hartman
2022-04-14 13:13 ` [PATCH 4.19 331/338] cgroup: Allocate cgroup_file_ctx for kernfs_open_file->priv Greg Kroah-Hartman
` (13 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:13 UTC (permalink / raw)
To: linux-kernel, stable
Cc: Greg Kroah-Hartman, Eric W. Biederman, Linus Torvalds,
Michal Koutný,
Tejun Heo, Ovidiu Panait
From: Tejun Heo <tj@kernel.org>
commit 1756d7994ad85c2479af6ae5a9750b92324685af upstream.
cgroup process migration permission checks are performed at write time as
whether a given operation is allowed or not is dependent on the content of
the write - the PID. This currently uses current's credentials which is a
potential security weakness as it may allow scenarios where a less
privileged process tricks a more privileged one into writing into a fd that
it created.
This patch makes both cgroup2 and cgroup1 process migration interfaces to
use the credentials saved at the time of open (file->f_cred) instead of
current's.
Reported-by: "Eric W. Biederman" <ebiederm@xmission.com>
Suggested-by: Linus Torvalds <torvalds@linuxfoundation.org>
Fixes: 187fe84067bd ("cgroup: require write perm on common ancestor when moving processes on the default hierarchy")
Reviewed-by: Michal Koutný <mkoutny@suse.com>
Signed-off-by: Tejun Heo <tj@kernel.org>
[OP: backport to v4.19: apply original __cgroup_procs_write() changes to
cgroup_threads_write() and cgroup_procs_write()]
Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
kernel/cgroup/cgroup-v1.c | 7 ++++---
kernel/cgroup/cgroup.c | 17 ++++++++++++++++-
2 files changed, 20 insertions(+), 4 deletions(-)
--- a/kernel/cgroup/cgroup-v1.c
+++ b/kernel/cgroup/cgroup-v1.c
@@ -535,10 +535,11 @@ static ssize_t __cgroup1_procs_write(str
goto out_unlock;
/*
- * Even if we're attaching all tasks in the thread group, we only
- * need to check permissions on one of them.
+ * Even if we're attaching all tasks in the thread group, we only need
+ * to check permissions on one of them. Check permissions using the
+ * credentials from file open to protect against inherited fd attacks.
*/
- cred = current_cred();
+ cred = of->file->f_cred;
tcred = get_task_cred(task);
if (!uid_eq(cred->euid, GLOBAL_ROOT_UID) &&
!uid_eq(cred->euid, tcred->uid) &&
--- a/kernel/cgroup/cgroup.c
+++ b/kernel/cgroup/cgroup.c
@@ -4487,6 +4487,7 @@ static ssize_t cgroup_procs_write(struct
{
struct cgroup *src_cgrp, *dst_cgrp;
struct task_struct *task;
+ const struct cred *saved_cred;
ssize_t ret;
dst_cgrp = cgroup_kn_lock_live(of->kn, false);
@@ -4503,8 +4504,15 @@ static ssize_t cgroup_procs_write(struct
src_cgrp = task_cgroup_from_root(task, &cgrp_dfl_root);
spin_unlock_irq(&css_set_lock);
+ /*
+ * Process and thread migrations follow same delegation rule. Check
+ * permissions using the credentials from file open to protect against
+ * inherited fd attacks.
+ */
+ saved_cred = override_creds(of->file->f_cred);
ret = cgroup_procs_write_permission(src_cgrp, dst_cgrp,
of->file->f_path.dentry->d_sb);
+ revert_creds(saved_cred);
if (ret)
goto out_finish;
@@ -4528,6 +4536,7 @@ static ssize_t cgroup_threads_write(stru
{
struct cgroup *src_cgrp, *dst_cgrp;
struct task_struct *task;
+ const struct cred *saved_cred;
ssize_t ret;
buf = strstrip(buf);
@@ -4546,9 +4555,15 @@ static ssize_t cgroup_threads_write(stru
src_cgrp = task_cgroup_from_root(task, &cgrp_dfl_root);
spin_unlock_irq(&css_set_lock);
- /* thread migrations follow the cgroup.procs delegation rule */
+ /*
+ * Process and thread migrations follow same delegation rule. Check
+ * permissions using the credentials from file open to protect against
+ * inherited fd attacks.
+ */
+ saved_cred = override_creds(of->file->f_cred);
ret = cgroup_procs_write_permission(src_cgrp, dst_cgrp,
of->file->f_path.dentry->d_sb);
+ revert_creds(saved_cred);
if (ret)
goto out_finish;
^ permalink raw reply [flat|nested] 364+ messages in thread
* [PATCH 4.19 331/338] cgroup: Allocate cgroup_file_ctx for kernfs_open_file->priv
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (329 preceding siblings ...)
2022-04-14 13:13 ` [PATCH 4.19 330/338] cgroup: Use open-time credentials for process migraton perm checks Greg Kroah-Hartman
@ 2022-04-14 13:13 ` Greg Kroah-Hartman
2022-04-14 13:13 ` [PATCH 4.19 332/338] cgroup: Use open-time cgroup namespace for process migration perm checks Greg Kroah-Hartman
` (12 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:13 UTC (permalink / raw)
To: linux-kernel, stable
Cc: Greg Kroah-Hartman, Tejun Heo, Linus Torvalds, Michal Koutný,
Ovidiu Panait
From: Tejun Heo <tj@kernel.org>
commit 0d2b5955b36250a9428c832664f2079cbf723bec upstream.
of->priv is currently used by each interface file implementation to store
private information. This patch collects the current two private data usages
into struct cgroup_file_ctx which is allocated and freed by the common path.
This allows generic private data which applies to multiple files, which will
be used to in the following patch.
Note that cgroup_procs iterator is now embedded as procs.iter in the new
cgroup_file_ctx so that it doesn't need to be allocated and freed
separately.
v2: union dropped from cgroup_file_ctx and the procs iterator is embedded in
cgroup_file_ctx as suggested by Linus.
v3: Michal pointed out that cgroup1's procs pidlist uses of->priv too.
Converted. Didn't change to embedded allocation as cgroup1 pidlists get
stored for caching.
Signed-off-by: Tejun Heo <tj@kernel.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Reviewed-by: Michal Koutný <mkoutny@suse.com>
[mkoutny: v5.10: modify cgroup.pressure handlers, adjust context]
Signed-off-by: Michal Koutný <mkoutny@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[OP: backport to v4.19: drop changes to cgroup_pressure_*() functions]
Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
kernel/cgroup/cgroup-internal.h | 17 ++++++++++++++++
kernel/cgroup/cgroup-v1.c | 26 +++++++++++++-----------
kernel/cgroup/cgroup.c | 42 ++++++++++++++++++++++++----------------
3 files changed, 57 insertions(+), 28 deletions(-)
--- a/kernel/cgroup/cgroup-internal.h
+++ b/kernel/cgroup/cgroup-internal.h
@@ -34,6 +34,23 @@ extern char trace_cgroup_path[TRACE_CGRO
} \
} while (0)
+struct cgroup_pidlist;
+
+struct cgroup_file_ctx {
+ struct {
+ void *trigger;
+ } psi;
+
+ struct {
+ bool started;
+ struct css_task_iter iter;
+ } procs;
+
+ struct {
+ struct cgroup_pidlist *pidlist;
+ } procs1;
+};
+
/*
* A cgroup can be associated with multiple css_sets as different tasks may
* belong to different cgroups on different hierarchies. In the other
--- a/kernel/cgroup/cgroup-v1.c
+++ b/kernel/cgroup/cgroup-v1.c
@@ -426,6 +426,7 @@ static void *cgroup_pidlist_start(struct
* next pid to display, if any
*/
struct kernfs_open_file *of = s->private;
+ struct cgroup_file_ctx *ctx = of->priv;
struct cgroup *cgrp = seq_css(s)->cgroup;
struct cgroup_pidlist *l;
enum cgroup_filetype type = seq_cft(s)->private;
@@ -435,25 +436,24 @@ static void *cgroup_pidlist_start(struct
mutex_lock(&cgrp->pidlist_mutex);
/*
- * !NULL @of->priv indicates that this isn't the first start()
- * after open. If the matching pidlist is around, we can use that.
- * Look for it. Note that @of->priv can't be used directly. It
- * could already have been destroyed.
+ * !NULL @ctx->procs1.pidlist indicates that this isn't the first
+ * start() after open. If the matching pidlist is around, we can use
+ * that. Look for it. Note that @ctx->procs1.pidlist can't be used
+ * directly. It could already have been destroyed.
*/
- if (of->priv)
- of->priv = cgroup_pidlist_find(cgrp, type);
+ if (ctx->procs1.pidlist)
+ ctx->procs1.pidlist = cgroup_pidlist_find(cgrp, type);
/*
* Either this is the first start() after open or the matching
* pidlist has been destroyed inbetween. Create a new one.
*/
- if (!of->priv) {
- ret = pidlist_array_load(cgrp, type,
- (struct cgroup_pidlist **)&of->priv);
+ if (!ctx->procs1.pidlist) {
+ ret = pidlist_array_load(cgrp, type, &ctx->procs1.pidlist);
if (ret)
return ERR_PTR(ret);
}
- l = of->priv;
+ l = ctx->procs1.pidlist;
if (pid) {
int end = l->length;
@@ -481,7 +481,8 @@ static void *cgroup_pidlist_start(struct
static void cgroup_pidlist_stop(struct seq_file *s, void *v)
{
struct kernfs_open_file *of = s->private;
- struct cgroup_pidlist *l = of->priv;
+ struct cgroup_file_ctx *ctx = of->priv;
+ struct cgroup_pidlist *l = ctx->procs1.pidlist;
if (l)
mod_delayed_work(cgroup_pidlist_destroy_wq, &l->destroy_dwork,
@@ -492,7 +493,8 @@ static void cgroup_pidlist_stop(struct s
static void *cgroup_pidlist_next(struct seq_file *s, void *v, loff_t *pos)
{
struct kernfs_open_file *of = s->private;
- struct cgroup_pidlist *l = of->priv;
+ struct cgroup_file_ctx *ctx = of->priv;
+ struct cgroup_pidlist *l = ctx->procs1.pidlist;
pid_t *p = v;
pid_t *end = l->list + l->length;
/*
--- a/kernel/cgroup/cgroup.c
+++ b/kernel/cgroup/cgroup.c
@@ -3451,18 +3451,31 @@ static int cpu_stat_show(struct seq_file
static int cgroup_file_open(struct kernfs_open_file *of)
{
struct cftype *cft = of->kn->priv;
+ struct cgroup_file_ctx *ctx;
+ int ret;
- if (cft->open)
- return cft->open(of);
- return 0;
+ ctx = kzalloc(sizeof(*ctx), GFP_KERNEL);
+ if (!ctx)
+ return -ENOMEM;
+ of->priv = ctx;
+
+ if (!cft->open)
+ return 0;
+
+ ret = cft->open(of);
+ if (ret)
+ kfree(ctx);
+ return ret;
}
static void cgroup_file_release(struct kernfs_open_file *of)
{
struct cftype *cft = of->kn->priv;
+ struct cgroup_file_ctx *ctx = of->priv;
if (cft->release)
cft->release(of);
+ kfree(ctx);
}
static ssize_t cgroup_file_write(struct kernfs_open_file *of, char *buf,
@@ -4376,21 +4389,21 @@ void css_task_iter_end(struct css_task_i
static void cgroup_procs_release(struct kernfs_open_file *of)
{
- if (of->priv) {
- css_task_iter_end(of->priv);
- kfree(of->priv);
- }
+ struct cgroup_file_ctx *ctx = of->priv;
+
+ if (ctx->procs.started)
+ css_task_iter_end(&ctx->procs.iter);
}
static void *cgroup_procs_next(struct seq_file *s, void *v, loff_t *pos)
{
struct kernfs_open_file *of = s->private;
- struct css_task_iter *it = of->priv;
+ struct cgroup_file_ctx *ctx = of->priv;
if (pos)
(*pos)++;
- return css_task_iter_next(it);
+ return css_task_iter_next(&ctx->procs.iter);
}
static void *__cgroup_procs_start(struct seq_file *s, loff_t *pos,
@@ -4398,21 +4411,18 @@ static void *__cgroup_procs_start(struct
{
struct kernfs_open_file *of = s->private;
struct cgroup *cgrp = seq_css(s)->cgroup;
- struct css_task_iter *it = of->priv;
+ struct cgroup_file_ctx *ctx = of->priv;
+ struct css_task_iter *it = &ctx->procs.iter;
/*
* When a seq_file is seeked, it's always traversed sequentially
* from position 0, so we can simply keep iterating on !0 *pos.
*/
- if (!it) {
+ if (!ctx->procs.started) {
if (WARN_ON_ONCE((*pos)))
return ERR_PTR(-EINVAL);
-
- it = kzalloc(sizeof(*it), GFP_KERNEL);
- if (!it)
- return ERR_PTR(-ENOMEM);
- of->priv = it;
css_task_iter_start(&cgrp->self, iter_flags, it);
+ ctx->procs.started = true;
} else if (!(*pos)) {
css_task_iter_end(it);
css_task_iter_start(&cgrp->self, iter_flags, it);
^ permalink raw reply [flat|nested] 364+ messages in thread
* [PATCH 4.19 332/338] cgroup: Use open-time cgroup namespace for process migration perm checks
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (330 preceding siblings ...)
2022-04-14 13:13 ` [PATCH 4.19 331/338] cgroup: Allocate cgroup_file_ctx for kernfs_open_file->priv Greg Kroah-Hartman
@ 2022-04-14 13:13 ` Greg Kroah-Hartman
2022-04-14 13:13 ` [PATCH 4.19 333/338] selftests: cgroup: Make cg_create() use 0755 for permission instead of 0644 Greg Kroah-Hartman
` (11 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:13 UTC (permalink / raw)
To: linux-kernel, stable
Cc: Greg Kroah-Hartman, Eric W. Biederman, Linus Torvalds,
Michal Koutný,
Oleg Nesterov, syzbot+50f5cf33a284ce738b62, Tejun Heo,
Ovidiu Panait
From: Tejun Heo <tj@kernel.org>
commit e57457641613fef0d147ede8bd6a3047df588b95 upstream.
cgroup process migration permission checks are performed at write time as
whether a given operation is allowed or not is dependent on the content of
the write - the PID. This currently uses current's cgroup namespace which is
a potential security weakness as it may allow scenarios where a less
privileged process tricks a more privileged one into writing into a fd that
it created.
This patch makes cgroup remember the cgroup namespace at the time of open
and uses it for migration permission checks instad of current's. Note that
this only applies to cgroup2 as cgroup1 doesn't have namespace support.
This also fixes a use-after-free bug on cgroupns reported in
https://lore.kernel.org/r/00000000000048c15c05d0083397@google.com
Note that backporting this fix also requires the preceding patch.
Reported-by: "Eric W. Biederman" <ebiederm@xmission.com>
Suggested-by: Linus Torvalds <torvalds@linuxfoundation.org>
Cc: Michal Koutný <mkoutny@suse.com>
Cc: Oleg Nesterov <oleg@redhat.com>
Reviewed-by: Michal Koutný <mkoutny@suse.com>
Reported-by: syzbot+50f5cf33a284ce738b62@syzkaller.appspotmail.com
Link: https://lore.kernel.org/r/00000000000048c15c05d0083397@google.com
Fixes: 5136f6365ce3 ("cgroup: implement "nsdelegate" mount option")
Signed-off-by: Tejun Heo <tj@kernel.org>
[mkoutny: v5.10: duplicate ns check in procs/threads write handler, adjust context]
Signed-off-by: Michal Koutný <mkoutny@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[OP: backport to v4.19: drop changes to cgroup_attach_permissions() and
cgroup_css_set_fork(), adjust cgroup_procs_write_permission() calls]
Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
kernel/cgroup/cgroup-internal.h | 2 ++
kernel/cgroup/cgroup.c | 24 +++++++++++++++++-------
2 files changed, 19 insertions(+), 7 deletions(-)
--- a/kernel/cgroup/cgroup-internal.h
+++ b/kernel/cgroup/cgroup-internal.h
@@ -37,6 +37,8 @@ extern char trace_cgroup_path[TRACE_CGRO
struct cgroup_pidlist;
struct cgroup_file_ctx {
+ struct cgroup_namespace *ns;
+
struct {
void *trigger;
} psi;
--- a/kernel/cgroup/cgroup.c
+++ b/kernel/cgroup/cgroup.c
@@ -3457,14 +3457,19 @@ static int cgroup_file_open(struct kernf
ctx = kzalloc(sizeof(*ctx), GFP_KERNEL);
if (!ctx)
return -ENOMEM;
+
+ ctx->ns = current->nsproxy->cgroup_ns;
+ get_cgroup_ns(ctx->ns);
of->priv = ctx;
if (!cft->open)
return 0;
ret = cft->open(of);
- if (ret)
+ if (ret) {
+ put_cgroup_ns(ctx->ns);
kfree(ctx);
+ }
return ret;
}
@@ -3475,13 +3480,14 @@ static void cgroup_file_release(struct k
if (cft->release)
cft->release(of);
+ put_cgroup_ns(ctx->ns);
kfree(ctx);
}
static ssize_t cgroup_file_write(struct kernfs_open_file *of, char *buf,
size_t nbytes, loff_t off)
{
- struct cgroup_namespace *ns = current->nsproxy->cgroup_ns;
+ struct cgroup_file_ctx *ctx = of->priv;
struct cgroup *cgrp = of->kn->parent->priv;
struct cftype *cft = of->kn->priv;
struct cgroup_subsys_state *css;
@@ -3495,7 +3501,7 @@ static ssize_t cgroup_file_write(struct
*/
if ((cgrp->root->flags & CGRP_ROOT_NS_DELEGATE) &&
!(cft->flags & CFTYPE_NS_DELEGATABLE) &&
- ns != &init_cgroup_ns && ns->root_cset->dfl_cgrp == cgrp)
+ ctx->ns != &init_cgroup_ns && ctx->ns->root_cset->dfl_cgrp == cgrp)
return -EPERM;
if (cft->write)
@@ -4457,9 +4463,9 @@ static int cgroup_procs_show(struct seq_
static int cgroup_procs_write_permission(struct cgroup *src_cgrp,
struct cgroup *dst_cgrp,
- struct super_block *sb)
+ struct super_block *sb,
+ struct cgroup_namespace *ns)
{
- struct cgroup_namespace *ns = current->nsproxy->cgroup_ns;
struct cgroup *com_cgrp = src_cgrp;
struct inode *inode;
int ret;
@@ -4495,6 +4501,7 @@ static int cgroup_procs_write_permission
static ssize_t cgroup_procs_write(struct kernfs_open_file *of,
char *buf, size_t nbytes, loff_t off)
{
+ struct cgroup_file_ctx *ctx = of->priv;
struct cgroup *src_cgrp, *dst_cgrp;
struct task_struct *task;
const struct cred *saved_cred;
@@ -4521,7 +4528,8 @@ static ssize_t cgroup_procs_write(struct
*/
saved_cred = override_creds(of->file->f_cred);
ret = cgroup_procs_write_permission(src_cgrp, dst_cgrp,
- of->file->f_path.dentry->d_sb);
+ of->file->f_path.dentry->d_sb,
+ ctx->ns);
revert_creds(saved_cred);
if (ret)
goto out_finish;
@@ -4544,6 +4552,7 @@ static void *cgroup_threads_start(struct
static ssize_t cgroup_threads_write(struct kernfs_open_file *of,
char *buf, size_t nbytes, loff_t off)
{
+ struct cgroup_file_ctx *ctx = of->priv;
struct cgroup *src_cgrp, *dst_cgrp;
struct task_struct *task;
const struct cred *saved_cred;
@@ -4572,7 +4581,8 @@ static ssize_t cgroup_threads_write(stru
*/
saved_cred = override_creds(of->file->f_cred);
ret = cgroup_procs_write_permission(src_cgrp, dst_cgrp,
- of->file->f_path.dentry->d_sb);
+ of->file->f_path.dentry->d_sb,
+ ctx->ns);
revert_creds(saved_cred);
if (ret)
goto out_finish;
^ permalink raw reply [flat|nested] 364+ messages in thread
* [PATCH 4.19 333/338] selftests: cgroup: Make cg_create() use 0755 for permission instead of 0644
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (331 preceding siblings ...)
2022-04-14 13:13 ` [PATCH 4.19 332/338] cgroup: Use open-time cgroup namespace for process migration perm checks Greg Kroah-Hartman
@ 2022-04-14 13:13 ` Greg Kroah-Hartman
2022-04-14 13:13 ` [PATCH 4.19 334/338] selftests: cgroup: Test open-time credential usage for migration checks Greg Kroah-Hartman
` (10 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:13 UTC (permalink / raw)
To: linux-kernel, stable
Cc: Greg Kroah-Hartman, Michal Koutný, Tejun Heo, Ovidiu Panait
From: Tejun Heo <tj@kernel.org>
commit b09c2baa56347ae65795350dfcc633dedb1c2970 upstream.
0644 is an odd perm to create a cgroup which is a directory. Use the regular
0755 instead. This is necessary for euid switching test case.
Reviewed-by: Michal Koutný <mkoutny@suse.com>
Signed-off-by: Tejun Heo <tj@kernel.org>
[OP: backport to 4.19: adjust context]
Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
tools/testing/selftests/cgroup/cgroup_util.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/tools/testing/selftests/cgroup/cgroup_util.c
+++ b/tools/testing/selftests/cgroup/cgroup_util.c
@@ -192,7 +192,7 @@ int cg_find_unified_root(char *root, siz
int cg_create(const char *cgroup)
{
- return mkdir(cgroup, 0644);
+ return mkdir(cgroup, 0755);
}
static int cg_killall(const char *cgroup)
^ permalink raw reply [flat|nested] 364+ messages in thread
* [PATCH 4.19 334/338] selftests: cgroup: Test open-time credential usage for migration checks
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (332 preceding siblings ...)
2022-04-14 13:13 ` [PATCH 4.19 333/338] selftests: cgroup: Make cg_create() use 0755 for permission instead of 0644 Greg Kroah-Hartman
@ 2022-04-14 13:13 ` Greg Kroah-Hartman
2022-04-14 13:13 ` [PATCH 4.19 335/338] selftests: cgroup: Test open-time cgroup namespace " Greg Kroah-Hartman
` (9 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:13 UTC (permalink / raw)
To: linux-kernel, stable
Cc: Greg Kroah-Hartman, Michal Koutný, Tejun Heo, Ovidiu Panait
From: Tejun Heo <tj@kernel.org>
commit 613e040e4dc285367bff0f8f75ea59839bc10947 upstream.
When a task is writing to an fd opened by a different task, the perm check
should use the credentials of the latter task. Add a test for it.
Tested-by: Michal Koutný <mkoutny@suse.com>
Signed-off-by: Tejun Heo <tj@kernel.org>
[OP: backport to v4.19: adjust context]
Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
tools/testing/selftests/cgroup/test_core.c | 68 +++++++++++++++++++++++++++++
1 file changed, 68 insertions(+)
--- a/tools/testing/selftests/cgroup/test_core.c
+++ b/tools/testing/selftests/cgroup/test_core.c
@@ -354,6 +354,73 @@ cleanup:
return ret;
}
+/*
+ * cgroup migration permission check should be performed based on the
+ * credentials at the time of open instead of write.
+ */
+static int test_cgcore_lesser_euid_open(const char *root)
+{
+ const uid_t test_euid = 65534; /* usually nobody, any !root is fine */
+ int ret = KSFT_FAIL;
+ char *cg_test_a = NULL, *cg_test_b = NULL;
+ char *cg_test_a_procs = NULL, *cg_test_b_procs = NULL;
+ int cg_test_b_procs_fd = -1;
+ uid_t saved_uid;
+
+ cg_test_a = cg_name(root, "cg_test_a");
+ cg_test_b = cg_name(root, "cg_test_b");
+
+ if (!cg_test_a || !cg_test_b)
+ goto cleanup;
+
+ cg_test_a_procs = cg_name(cg_test_a, "cgroup.procs");
+ cg_test_b_procs = cg_name(cg_test_b, "cgroup.procs");
+
+ if (!cg_test_a_procs || !cg_test_b_procs)
+ goto cleanup;
+
+ if (cg_create(cg_test_a) || cg_create(cg_test_b))
+ goto cleanup;
+
+ if (cg_enter_current(cg_test_a))
+ goto cleanup;
+
+ if (chown(cg_test_a_procs, test_euid, -1) ||
+ chown(cg_test_b_procs, test_euid, -1))
+ goto cleanup;
+
+ saved_uid = geteuid();
+ if (seteuid(test_euid))
+ goto cleanup;
+
+ cg_test_b_procs_fd = open(cg_test_b_procs, O_RDWR);
+
+ if (seteuid(saved_uid))
+ goto cleanup;
+
+ if (cg_test_b_procs_fd < 0)
+ goto cleanup;
+
+ if (write(cg_test_b_procs_fd, "0", 1) >= 0 || errno != EACCES)
+ goto cleanup;
+
+ ret = KSFT_PASS;
+
+cleanup:
+ cg_enter_current(root);
+ if (cg_test_b_procs_fd >= 0)
+ close(cg_test_b_procs_fd);
+ if (cg_test_b)
+ cg_destroy(cg_test_b);
+ if (cg_test_a)
+ cg_destroy(cg_test_a);
+ free(cg_test_b_procs);
+ free(cg_test_a_procs);
+ free(cg_test_b);
+ free(cg_test_a);
+ return ret;
+}
+
#define T(x) { x, #x }
struct corecg_test {
int (*fn)(const char *root);
@@ -366,6 +433,7 @@ struct corecg_test {
T(test_cgcore_parent_becomes_threaded),
T(test_cgcore_invalid_domain),
T(test_cgcore_populated),
+ T(test_cgcore_lesser_euid_open),
};
#undef T
^ permalink raw reply [flat|nested] 364+ messages in thread
* [PATCH 4.19 335/338] selftests: cgroup: Test open-time cgroup namespace usage for migration checks
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (333 preceding siblings ...)
2022-04-14 13:13 ` [PATCH 4.19 334/338] selftests: cgroup: Test open-time credential usage for migration checks Greg Kroah-Hartman
@ 2022-04-14 13:13 ` Greg Kroah-Hartman
2022-04-14 13:13 ` [PATCH 4.19 336/338] xfrm: policy: match with both mark and mask on user interfaces Greg Kroah-Hartman
` (8 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:13 UTC (permalink / raw)
To: linux-kernel, stable
Cc: Greg Kroah-Hartman, Michal Koutný, Tejun Heo, Ovidiu Panait
From: Tejun Heo <tj@kernel.org>
commit bf35a7879f1dfb0d050fe779168bcf25c7de66f5 upstream.
When a task is writing to an fd opened by a different task, the perm check
should use the cgroup namespace of the latter task. Add a test for it.
Tested-by: Michal Koutný <mkoutny@suse.com>
Signed-off-by: Tejun Heo <tj@kernel.org>
[OP: backport to v4.19: adjust context, add wait.h and fcntl.h includes]
Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
tools/testing/selftests/cgroup/test_core.c | 99 +++++++++++++++++++++++++++++
1 file changed, 99 insertions(+)
--- a/tools/testing/selftests/cgroup/test_core.c
+++ b/tools/testing/selftests/cgroup/test_core.c
@@ -1,8 +1,13 @@
/* SPDX-License-Identifier: GPL-2.0 */
+#define _GNU_SOURCE
#include <linux/limits.h>
+#include <linux/sched.h>
#include <sys/types.h>
+#include <sys/wait.h>
#include <unistd.h>
+#include <fcntl.h>
+#include <sched.h>
#include <stdio.h>
#include <errno.h>
@@ -421,6 +426,99 @@ cleanup:
return ret;
}
+struct lesser_ns_open_thread_arg {
+ const char *path;
+ int fd;
+ int err;
+};
+
+static int lesser_ns_open_thread_fn(void *arg)
+{
+ struct lesser_ns_open_thread_arg *targ = arg;
+
+ targ->fd = open(targ->path, O_RDWR);
+ targ->err = errno;
+ return 0;
+}
+
+/*
+ * cgroup migration permission check should be performed based on the cgroup
+ * namespace at the time of open instead of write.
+ */
+static int test_cgcore_lesser_ns_open(const char *root)
+{
+ static char stack[65536];
+ const uid_t test_euid = 65534; /* usually nobody, any !root is fine */
+ int ret = KSFT_FAIL;
+ char *cg_test_a = NULL, *cg_test_b = NULL;
+ char *cg_test_a_procs = NULL, *cg_test_b_procs = NULL;
+ int cg_test_b_procs_fd = -1;
+ struct lesser_ns_open_thread_arg targ = { .fd = -1 };
+ pid_t pid;
+ int status;
+
+ cg_test_a = cg_name(root, "cg_test_a");
+ cg_test_b = cg_name(root, "cg_test_b");
+
+ if (!cg_test_a || !cg_test_b)
+ goto cleanup;
+
+ cg_test_a_procs = cg_name(cg_test_a, "cgroup.procs");
+ cg_test_b_procs = cg_name(cg_test_b, "cgroup.procs");
+
+ if (!cg_test_a_procs || !cg_test_b_procs)
+ goto cleanup;
+
+ if (cg_create(cg_test_a) || cg_create(cg_test_b))
+ goto cleanup;
+
+ if (cg_enter_current(cg_test_b))
+ goto cleanup;
+
+ if (chown(cg_test_a_procs, test_euid, -1) ||
+ chown(cg_test_b_procs, test_euid, -1))
+ goto cleanup;
+
+ targ.path = cg_test_b_procs;
+ pid = clone(lesser_ns_open_thread_fn, stack + sizeof(stack),
+ CLONE_NEWCGROUP | CLONE_FILES | CLONE_VM | SIGCHLD,
+ &targ);
+ if (pid < 0)
+ goto cleanup;
+
+ if (waitpid(pid, &status, 0) < 0)
+ goto cleanup;
+
+ if (!WIFEXITED(status))
+ goto cleanup;
+
+ cg_test_b_procs_fd = targ.fd;
+ if (cg_test_b_procs_fd < 0)
+ goto cleanup;
+
+ if (cg_enter_current(cg_test_a))
+ goto cleanup;
+
+ if ((status = write(cg_test_b_procs_fd, "0", 1)) >= 0 || errno != ENOENT)
+ goto cleanup;
+
+ ret = KSFT_PASS;
+
+cleanup:
+ cg_enter_current(root);
+ if (cg_test_b_procs_fd >= 0)
+ close(cg_test_b_procs_fd);
+ if (cg_test_b)
+ cg_destroy(cg_test_b);
+ if (cg_test_a)
+ cg_destroy(cg_test_a);
+ free(cg_test_b_procs);
+ free(cg_test_a_procs);
+ free(cg_test_b);
+ free(cg_test_a);
+ return ret;
+}
+
#define T(x) { x, #x }
struct corecg_test {
int (*fn)(const char *root);
@@ -434,6 +532,7 @@ struct corecg_test {
T(test_cgcore_invalid_domain),
T(test_cgcore_populated),
T(test_cgcore_lesser_euid_open),
+ T(test_cgcore_lesser_ns_open),
};
#undef T
^ permalink raw reply [flat|nested] 364+ messages in thread
* [PATCH 4.19 336/338] xfrm: policy: match with both mark and mask on user interfaces
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (334 preceding siblings ...)
2022-04-14 13:13 ` [PATCH 4.19 335/338] selftests: cgroup: Test open-time cgroup namespace " Greg Kroah-Hartman
@ 2022-04-14 13:13 ` Greg Kroah-Hartman
2022-04-14 13:14 ` [PATCH 4.19 337/338] drm/amdgpu: Check if fd really is an amdgpu fd Greg Kroah-Hartman
` (7 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:13 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Tobias Brunner, Xin Long, Steffen Klassert
From: Xin Long <lucien.xin@gmail.com>
commit 4f47e8ab6ab796b5380f74866fa5287aca4dcc58 upstream.
In commit ed17b8d377ea ("xfrm: fix a warning in xfrm_policy_insert_list"),
it would take 'priority' to make a policy unique, and allow duplicated
policies with different 'priority' to be added, which is not expected
by userland, as Tobias reported in strongswan.
To fix this duplicated policies issue, and also fix the issue in
commit ed17b8d377ea ("xfrm: fix a warning in xfrm_policy_insert_list"),
when doing add/del/get/update on user interfaces, this patch is to change
to look up a policy with both mark and mask by doing:
mark.v == pol->mark.v && mark.m == pol->mark.m
and leave the check:
(mark & pol->mark.m) == pol->mark.v
for tx/rx path only.
As the userland expects an exact mark and mask match to manage policies.
v1->v2:
- make xfrm_policy_mark_match inline and fix the changelog as
Tobias suggested.
Fixes: 295fae568885 ("xfrm: Allow user space manipulation of SPD mark")
Fixes: ed17b8d377ea ("xfrm: fix a warning in xfrm_policy_insert_list")
Reported-by: Tobias Brunner <tobias@strongswan.org>
Tested-by: Tobias Brunner <tobias@strongswan.org>
Signed-off-by: Xin Long <lucien.xin@gmail.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
include/net/xfrm.h | 11 +++++++----
net/key/af_key.c | 4 ++--
net/xfrm/xfrm_policy.c | 32 +++++++++++++-------------------
net/xfrm/xfrm_user.c | 18 +++++++++++-------
4 files changed, 33 insertions(+), 32 deletions(-)
--- a/include/net/xfrm.h
+++ b/include/net/xfrm.h
@@ -1739,13 +1739,16 @@ int xfrm_policy_walk(struct net *net, st
void *);
void xfrm_policy_walk_done(struct xfrm_policy_walk *walk, struct net *net);
int xfrm_policy_insert(int dir, struct xfrm_policy *policy, int excl);
-struct xfrm_policy *xfrm_policy_bysel_ctx(struct net *net, u32 mark, u32 if_id,
- u8 type, int dir,
+struct xfrm_policy *xfrm_policy_bysel_ctx(struct net *net,
+ const struct xfrm_mark *mark,
+ u32 if_id, u8 type, int dir,
struct xfrm_selector *sel,
struct xfrm_sec_ctx *ctx, int delete,
int *err);
-struct xfrm_policy *xfrm_policy_byid(struct net *net, u32 mark, u32 if_id, u8,
- int dir, u32 id, int delete, int *err);
+struct xfrm_policy *xfrm_policy_byid(struct net *net,
+ const struct xfrm_mark *mark, u32 if_id,
+ u8 type, int dir, u32 id, int delete,
+ int *err);
int xfrm_policy_flush(struct net *net, u8 type, bool task_valid);
void xfrm_policy_hash_rebuild(struct net *net);
u32 xfrm_get_acqseq(void);
--- a/net/key/af_key.c
+++ b/net/key/af_key.c
@@ -2413,7 +2413,7 @@ static int pfkey_spddelete(struct sock *
return err;
}
- xp = xfrm_policy_bysel_ctx(net, DUMMY_MARK, 0, XFRM_POLICY_TYPE_MAIN,
+ xp = xfrm_policy_bysel_ctx(net, &dummy_mark, 0, XFRM_POLICY_TYPE_MAIN,
pol->sadb_x_policy_dir - 1, &sel, pol_ctx,
1, &err);
security_xfrm_policy_free(pol_ctx);
@@ -2664,7 +2664,7 @@ static int pfkey_spdget(struct sock *sk,
return -EINVAL;
delete = (hdr->sadb_msg_type == SADB_X_SPDDELETE2);
- xp = xfrm_policy_byid(net, DUMMY_MARK, 0, XFRM_POLICY_TYPE_MAIN,
+ xp = xfrm_policy_byid(net, &dummy_mark, 0, XFRM_POLICY_TYPE_MAIN,
dir, pol->sadb_x_policy_id, delete, &err);
if (xp == NULL)
return -ENOENT;
--- a/net/xfrm/xfrm_policy.c
+++ b/net/xfrm/xfrm_policy.c
@@ -727,14 +727,10 @@ static void xfrm_policy_requeue(struct x
spin_unlock_bh(&pq->hold_queue.lock);
}
-static bool xfrm_policy_mark_match(struct xfrm_policy *policy,
- struct xfrm_policy *pol)
+static inline bool xfrm_policy_mark_match(const struct xfrm_mark *mark,
+ struct xfrm_policy *pol)
{
- if (policy->mark.v == pol->mark.v &&
- policy->priority == pol->priority)
- return true;
-
- return false;
+ return mark->v == pol->mark.v && mark->m == pol->mark.m;
}
int xfrm_policy_insert(int dir, struct xfrm_policy *policy, int excl)
@@ -753,7 +749,7 @@ int xfrm_policy_insert(int dir, struct x
if (pol->type == policy->type &&
pol->if_id == policy->if_id &&
!selector_cmp(&pol->selector, &policy->selector) &&
- xfrm_policy_mark_match(policy, pol) &&
+ xfrm_policy_mark_match(&policy->mark, pol) &&
xfrm_sec_ctx_match(pol->security, policy->security) &&
!WARN_ON(delpol)) {
if (excl) {
@@ -803,11 +799,10 @@ int xfrm_policy_insert(int dir, struct x
}
EXPORT_SYMBOL(xfrm_policy_insert);
-struct xfrm_policy *xfrm_policy_bysel_ctx(struct net *net, u32 mark, u32 if_id,
- u8 type, int dir,
- struct xfrm_selector *sel,
- struct xfrm_sec_ctx *ctx, int delete,
- int *err)
+struct xfrm_policy *
+xfrm_policy_bysel_ctx(struct net *net, const struct xfrm_mark *mark, u32 if_id,
+ u8 type, int dir, struct xfrm_selector *sel,
+ struct xfrm_sec_ctx *ctx, int delete, int *err)
{
struct xfrm_policy *pol, *ret;
struct hlist_head *chain;
@@ -819,7 +814,7 @@ struct xfrm_policy *xfrm_policy_bysel_ct
hlist_for_each_entry(pol, chain, bydst) {
if (pol->type == type &&
pol->if_id == if_id &&
- (mark & pol->mark.m) == pol->mark.v &&
+ xfrm_policy_mark_match(mark, pol) &&
!selector_cmp(sel, &pol->selector) &&
xfrm_sec_ctx_match(ctx, pol->security)) {
xfrm_pol_hold(pol);
@@ -844,9 +839,9 @@ struct xfrm_policy *xfrm_policy_bysel_ct
}
EXPORT_SYMBOL(xfrm_policy_bysel_ctx);
-struct xfrm_policy *xfrm_policy_byid(struct net *net, u32 mark, u32 if_id,
- u8 type, int dir, u32 id, int delete,
- int *err)
+struct xfrm_policy *
+xfrm_policy_byid(struct net *net, const struct xfrm_mark *mark, u32 if_id,
+ u8 type, int dir, u32 id, int delete, int *err)
{
struct xfrm_policy *pol, *ret;
struct hlist_head *chain;
@@ -861,8 +856,7 @@ struct xfrm_policy *xfrm_policy_byid(str
ret = NULL;
hlist_for_each_entry(pol, chain, byidx) {
if (pol->type == type && pol->index == id &&
- pol->if_id == if_id &&
- (mark & pol->mark.m) == pol->mark.v) {
+ pol->if_id == if_id && xfrm_policy_mark_match(mark, pol)) {
xfrm_pol_hold(pol);
if (delete) {
*err = security_xfrm_policy_delete(
--- a/net/xfrm/xfrm_user.c
+++ b/net/xfrm/xfrm_user.c
@@ -1862,7 +1862,6 @@ static int xfrm_get_policy(struct sk_buf
struct km_event c;
int delete;
struct xfrm_mark m;
- u32 mark = xfrm_mark_get(attrs, &m);
u32 if_id = 0;
p = nlmsg_data(nlh);
@@ -1879,8 +1878,11 @@ static int xfrm_get_policy(struct sk_buf
if (attrs[XFRMA_IF_ID])
if_id = nla_get_u32(attrs[XFRMA_IF_ID]);
+ xfrm_mark_get(attrs, &m);
+
if (p->index)
- xp = xfrm_policy_byid(net, mark, if_id, type, p->dir, p->index, delete, &err);
+ xp = xfrm_policy_byid(net, &m, if_id, type, p->dir,
+ p->index, delete, &err);
else {
struct nlattr *rt = attrs[XFRMA_SEC_CTX];
struct xfrm_sec_ctx *ctx;
@@ -1897,8 +1899,8 @@ static int xfrm_get_policy(struct sk_buf
if (err)
return err;
}
- xp = xfrm_policy_bysel_ctx(net, mark, if_id, type, p->dir, &p->sel,
- ctx, delete, &err);
+ xp = xfrm_policy_bysel_ctx(net, &m, if_id, type, p->dir,
+ &p->sel, ctx, delete, &err);
security_xfrm_policy_free(ctx);
}
if (xp == NULL)
@@ -2165,7 +2167,6 @@ static int xfrm_add_pol_expire(struct sk
u8 type = XFRM_POLICY_TYPE_MAIN;
int err = -ENOENT;
struct xfrm_mark m;
- u32 mark = xfrm_mark_get(attrs, &m);
u32 if_id = 0;
err = copy_from_user_policy_type(&type, attrs);
@@ -2179,8 +2180,11 @@ static int xfrm_add_pol_expire(struct sk
if (attrs[XFRMA_IF_ID])
if_id = nla_get_u32(attrs[XFRMA_IF_ID]);
+ xfrm_mark_get(attrs, &m);
+
if (p->index)
- xp = xfrm_policy_byid(net, mark, if_id, type, p->dir, p->index, 0, &err);
+ xp = xfrm_policy_byid(net, &m, if_id, type, p->dir, p->index,
+ 0, &err);
else {
struct nlattr *rt = attrs[XFRMA_SEC_CTX];
struct xfrm_sec_ctx *ctx;
@@ -2197,7 +2201,7 @@ static int xfrm_add_pol_expire(struct sk
if (err)
return err;
}
- xp = xfrm_policy_bysel_ctx(net, mark, if_id, type, p->dir,
+ xp = xfrm_policy_bysel_ctx(net, &m, if_id, type, p->dir,
&p->sel, ctx, 0, &err);
security_xfrm_policy_free(ctx);
}
^ permalink raw reply [flat|nested] 364+ messages in thread
* [PATCH 4.19 337/338] drm/amdgpu: Check if fd really is an amdgpu fd.
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (335 preceding siblings ...)
2022-04-14 13:13 ` [PATCH 4.19 336/338] xfrm: policy: match with both mark and mask on user interfaces Greg Kroah-Hartman
@ 2022-04-14 13:14 ` Greg Kroah-Hartman
2022-04-14 13:14 ` [PATCH 4.19 338/338] drm/amdkfd: Use drm_priv to pass VM from KFD to amdgpu Greg Kroah-Hartman
` (6 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:14 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Bas Nieuwenhuizen,
Christian König, Alex Deucher, Lee Jones
From: Bas Nieuwenhuizen <bas@basnieuwenhuizen.nl>
commit 021830d24ba55a578f602979274965344c8e6284 upstream.
Otherwise we interpret the file private data as drm & amdgpu data
while it might not be, possibly allowing one to get memory corruption.
Signed-off-by: Bas Nieuwenhuizen <bas@basnieuwenhuizen.nl>
Reviewed-by: Christian König <christian.koenig@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Lee Jones <lee.jones@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/amd/amdgpu/amdgpu.h | 2 ++
drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 16 ++++++++++++++++
drivers/gpu/drm/amd/amdgpu/amdgpu_sched.c | 10 +++++++---
3 files changed, 25 insertions(+), 3 deletions(-)
--- a/drivers/gpu/drm/amd/amdgpu/amdgpu.h
+++ b/drivers/gpu/drm/amd/amdgpu/amdgpu.h
@@ -955,6 +955,8 @@ struct amdgpu_gfx {
DECLARE_BITMAP (pipe_reserve_bitmap, AMDGPU_MAX_COMPUTE_QUEUES);
};
+int amdgpu_file_to_fpriv(struct file *filp, struct amdgpu_fpriv **fpriv);
+
int amdgpu_ib_get(struct amdgpu_device *adev, struct amdgpu_vm *vm,
unsigned size, struct amdgpu_ib *ib);
void amdgpu_ib_free(struct amdgpu_device *adev, struct amdgpu_ib *ib,
--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c
+++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c
@@ -1132,6 +1132,22 @@ static const struct file_operations amdg
#endif
};
+int amdgpu_file_to_fpriv(struct file *filp, struct amdgpu_fpriv **fpriv)
+{
+ struct drm_file *file;
+
+ if (!filp)
+ return -EINVAL;
+
+ if (filp->f_op != &amdgpu_driver_kms_fops) {
+ return -EINVAL;
+ }
+
+ file = filp->private_data;
+ *fpriv = file->driver_priv;
+ return 0;
+}
+
static bool
amdgpu_get_crtc_scanout_position(struct drm_device *dev, unsigned int pipe,
bool in_vblank_irq, int *vpos, int *hpos,
--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_sched.c
+++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_sched.c
@@ -54,16 +54,20 @@ static int amdgpu_sched_process_priority
enum drm_sched_priority priority)
{
struct file *filp = fget(fd);
- struct drm_file *file;
struct amdgpu_fpriv *fpriv;
struct amdgpu_ctx *ctx;
uint32_t id;
+ int r;
if (!filp)
return -EINVAL;
- file = filp->private_data;
- fpriv = file->driver_priv;
+ r = amdgpu_file_to_fpriv(filp, &fpriv);
+ if (r) {
+ fput(filp);
+ return r;
+ }
+
idr_for_each_entry(&fpriv->ctx_mgr.ctx_handles, ctx, id)
amdgpu_ctx_priority_override(ctx, priority);
^ permalink raw reply [flat|nested] 364+ messages in thread
* [PATCH 4.19 338/338] drm/amdkfd: Use drm_priv to pass VM from KFD to amdgpu
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (336 preceding siblings ...)
2022-04-14 13:14 ` [PATCH 4.19 337/338] drm/amdgpu: Check if fd really is an amdgpu fd Greg Kroah-Hartman
@ 2022-04-14 13:14 ` Greg Kroah-Hartman
2022-04-14 16:58 ` [PATCH 4.19 000/338] 4.19.238-rc1 review Pavel Machek
` (5 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:14 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Felix Kuehling, Philip Yang,
Alex Deucher, Lee Jones
From: Felix Kuehling <Felix.Kuehling@amd.com>
commit b40a6ab2cf9213923bf8e821ce7fa7f6a0a26990 upstream.
amdgpu_amdkfd_gpuvm_alloc_memory_of_gpu needs the drm_priv to allow mmap
to access the BO through the corresponding file descriptor. The VM can
also be extracted from drm_priv, so drm_priv can replace the vm parameter
in the kfd2kgd interface.
Signed-off-by: Felix Kuehling <Felix.Kuehling@amd.com>
Reviewed-by: Philip Yang <philip.yang@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
[ This is a partial cherry-pick of the commit. ]
Signed-off-by: Lee Jones <lee.jones@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gpuvm.c | 10 +++++++---
1 file changed, 7 insertions(+), 3 deletions(-)
--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gpuvm.c
+++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gpuvm.c
@@ -1044,11 +1044,15 @@ int amdgpu_amdkfd_gpuvm_acquire_process_
struct dma_fence **ef)
{
struct amdgpu_device *adev = get_amdgpu_device(kgd);
- struct drm_file *drm_priv = filp->private_data;
- struct amdgpu_fpriv *drv_priv = drm_priv->driver_priv;
- struct amdgpu_vm *avm = &drv_priv->vm;
+ struct amdgpu_fpriv *drv_priv;
+ struct amdgpu_vm *avm;
int ret;
+ ret = amdgpu_file_to_fpriv(filp, &drv_priv);
+ if (ret)
+ return ret;
+ avm = &drv_priv->vm;
+
/* Already a compute VM? */
if (avm->process_info)
return -EINVAL;
^ permalink raw reply [flat|nested] 364+ messages in thread
* Re: [PATCH 4.19 208/338] ARM: ftrace: avoid redundant loads or clobbering IP
2022-04-14 13:11 ` [PATCH 4.19 208/338] ARM: ftrace: avoid redundant loads or clobbering IP Greg Kroah-Hartman
@ 2022-04-14 13:25 ` Ard Biesheuvel
2022-04-14 13:34 ` Greg Kroah-Hartman
0 siblings, 1 reply; 364+ messages in thread
From: Ard Biesheuvel @ 2022-04-14 13:25 UTC (permalink / raw)
To: Greg Kroah-Hartman
Cc: Linux Kernel Mailing List, # 3.4.x, Steven Rostedt (Google), Sasha Levin
On Thu, 14 Apr 2022 at 15:23, Greg Kroah-Hartman
<gregkh@linuxfoundation.org> wrote:
>
> From: Ard Biesheuvel <ardb@kernel.org>
>
> [ Upstream commit d11967870815b5ab89843980e35aab616c97c463 ]
>
NAK. Please don't backport these patches to -stable, I thought I had
been clear on this.
> Tweak the ftrace return paths to avoid redundant loads of SP, as well as
> unnecessary clobbering of IP.
>
> This also fixes the inconsistency of using MOV to perform a function
> return, which is sub-optimal on recent micro-architectures but more
> importantly, does not perform an interworking return, unlike compiler
> generated function returns in Thumb2 builds.
>
> Let's fix this by popping PC from the stack like most ordinary code
> does.
>
> Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
> Reviewed-by: Steven Rostedt (Google) <rostedt@goodmis.org>
> Signed-off-by: Sasha Levin <sashal@kernel.org>
> ---
> arch/arm/kernel/entry-ftrace.S | 51 +++++++++++++++-------------------
> 1 file changed, 22 insertions(+), 29 deletions(-)
>
> diff --git a/arch/arm/kernel/entry-ftrace.S b/arch/arm/kernel/entry-ftrace.S
> index 1acf4d05e94c..393c342ecd51 100644
> --- a/arch/arm/kernel/entry-ftrace.S
> +++ b/arch/arm/kernel/entry-ftrace.S
> @@ -41,10 +41,7 @@
> * mcount can be thought of as a function called in the middle of a subroutine
> * call. As such, it needs to be transparent for both the caller and the
> * callee: the original lr needs to be restored when leaving mcount, and no
> - * registers should be clobbered. (In the __gnu_mcount_nc implementation, we
> - * clobber the ip register. This is OK because the ARM calling convention
> - * allows it to be clobbered in subroutines and doesn't use it to hold
> - * parameters.)
> + * registers should be clobbered.
> *
> * When using dynamic ftrace, we patch out the mcount call by a "mov r0, r0"
> * for the mcount case, and a "pop {lr}" for the __gnu_mcount_nc case (see
> @@ -96,26 +93,25 @@
>
> .macro __ftrace_regs_caller
>
> - sub sp, sp, #8 @ space for PC and CPSR OLD_R0,
> + str lr, [sp, #-8]! @ store LR as PC and make space for CPSR/OLD_R0,
> @ OLD_R0 will overwrite previous LR
>
> - add ip, sp, #12 @ move in IP the value of SP as it was
> - @ before the push {lr} of the mcount mechanism
> + ldr lr, [sp, #8] @ get previous LR
>
> - str lr, [sp, #0] @ store LR instead of PC
> + str r0, [sp, #8] @ write r0 as OLD_R0 over previous LR
>
> - ldr lr, [sp, #8] @ get previous LR
> + str lr, [sp, #-4]! @ store previous LR as LR
>
> - str r0, [sp, #8] @ write r0 as OLD_R0 over previous LR
> + add lr, sp, #16 @ move in LR the value of SP as it was
> + @ before the push {lr} of the mcount mechanism
>
> - stmdb sp!, {ip, lr}
> - stmdb sp!, {r0-r11, lr}
> + push {r0-r11, ip, lr}
>
> @ stack content at this point:
> @ 0 4 48 52 56 60 64 68 72
> - @ R0 | R1 | ... | LR | SP + 4 | previous LR | LR | PSR | OLD_R0 |
> + @ R0 | R1 | ... | IP | SP + 4 | previous LR | LR | PSR | OLD_R0 |
>
> - mov r3, sp @ struct pt_regs*
> + mov r3, sp @ struct pt_regs*
>
> ldr r2, =function_trace_op
> ldr r2, [r2] @ pointer to the current
> @@ -138,11 +134,9 @@ ftrace_graph_regs_call:
> #endif
>
> @ pop saved regs
> - ldmia sp!, {r0-r12} @ restore r0 through r12
> - ldr ip, [sp, #8] @ restore PC
> - ldr lr, [sp, #4] @ restore LR
> - ldr sp, [sp, #0] @ restore SP
> - mov pc, ip @ return
> + pop {r0-r11, ip, lr} @ restore r0 through r12
> + ldr lr, [sp], #4 @ restore LR
> + ldr pc, [sp], #12
> .endm
>
> #ifdef CONFIG_FUNCTION_GRAPH_TRACER
> @@ -158,11 +152,9 @@ ftrace_graph_regs_call:
> bl prepare_ftrace_return
>
> @ pop registers saved in ftrace_regs_caller
> - ldmia sp!, {r0-r12} @ restore r0 through r12
> - ldr ip, [sp, #8] @ restore PC
> - ldr lr, [sp, #4] @ restore LR
> - ldr sp, [sp, #0] @ restore SP
> - mov pc, ip @ return
> + pop {r0-r11, ip, lr} @ restore r0 through r12
> + ldr lr, [sp], #4 @ restore LR
> + ldr pc, [sp], #12
>
> .endm
> #endif
> @@ -273,16 +265,17 @@ ENDPROC(ftrace_graph_caller_old)
> .endm
>
> .macro mcount_exit
> - ldmia sp!, {r0-r3, ip, lr}
> - ret ip
> + ldmia sp!, {r0-r3}
> + ldr lr, [sp, #4]
> + ldr pc, [sp], #8
> .endm
>
> ENTRY(__gnu_mcount_nc)
> UNWIND(.fnstart)
> #ifdef CONFIG_DYNAMIC_FTRACE
> - mov ip, lr
> - ldmia sp!, {lr}
> - ret ip
> + push {lr}
> + ldr lr, [sp, #4]
> + ldr pc, [sp], #8
> #else
> __mcount
> #endif
> --
> 2.34.1
>
>
>
^ permalink raw reply [flat|nested] 364+ messages in thread
* Re: [PATCH 4.19 200/338] ext4: dont BUG if someone dirty pages without asking ext4 first
2022-04-14 13:11 ` [PATCH 4.19 200/338] ext4: dont BUG if someone dirty pages without asking ext4 first Greg Kroah-Hartman
@ 2022-04-14 13:25 ` syzbot
0 siblings, 0 replies; 364+ messages in thread
From: syzbot @ 2022-04-14 13:25 UTC (permalink / raw)
To: Greg Kroah-Hartman; +Cc: gregkh, lee.jones, linux-kernel, sashal, stable, tytso
> From: Theodore Ts'o <tytso@mit.edu>
>
> [ Upstream commit cc5095747edfb054ca2068d01af20be3fcc3634f ]
>
> [un]pin_user_pages_remote is dirtying pages without properly warning
> the file system in advance. A related race was noted by Jan Kara in
> 2018[1]; however, more recently instead of it being a very hard-to-hit
> race, it could be reliably triggered by process_vm_writev(2) which was
> discovered by Syzbot[2].
>
> This is technically a bug in mm/gup.c, but arguably ext4 is fragile in
> that if some other kernel subsystem dirty pages without properly
> notifying the file system using page_mkwrite(), ext4 will BUG, while
> other file systems will not BUG (although data will still be lost).
>
> So instead of crashing with a BUG, issue a warning (since there may be
> potential data loss) and just mark the page as clean to avoid
> unprivileged denial of service attacks until the problem can be
> properly fixed. More discussion and background can be found in the
> thread starting at [2].
>
> [1] https://lore.kernel.org/linux-mm/20180103100430.GE4911@quack2.suse.cz
> [2] https://lore.kernel.org/r/Yg0m6IjcNmfaSokM@google.com
>
> Reported-by: syzbot+d59332e2db681cf18f0318a06e994ebbb529a8db@syzkaller.appspotmail.com
> Reported-by: Lee Jones <lee.jones@linaro.org>
> Signed-off-by: Theodore Ts'o <tytso@mit.edu>
> Link: https://lore.kernel.org/r/YiDS9wVfq4mM2jGK@mit.edu
> Signed-off-by: Sasha Levin <sashal@kernel.org>
> ---
> fs/ext4/inode.c | 25 +++++++++++++++++++++++++
> 1 file changed, 25 insertions(+)
>
> diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c
> index 7959aae4857e..96cf0f57ca95 100644
> --- a/fs/ext4/inode.c
> +++ b/fs/ext4/inode.c
> @@ -2148,6 +2148,15 @@ static int ext4_writepage(struct page *page,
> else
> len = PAGE_SIZE;
>
> + /* Should never happen but for bugs in other kernel subsystems */
> + if (!page_has_buffers(page)) {
> + ext4_warning_inode(inode,
> + "page %lu does not have buffers attached", page->index);
> + ClearPageDirty(page);
> + unlock_page(page);
> + return 0;
> + }
> +
> page_bufs = page_buffers(page);
> /*
> * We cannot do block allocation or other extent handling in this
> @@ -2697,6 +2706,22 @@ static int mpage_prepare_extent_to_map(struct mpage_da_data *mpd)
> wait_on_page_writeback(page);
> BUG_ON(PageWriteback(page));
>
> + /*
> + * Should never happen but for buggy code in
> + * other subsystems that call
> + * set_page_dirty() without properly warning
> + * the file system first. See [1] for more
> + * information.
> + *
> + * [1] https://lore.kernel.org/linux-mm/20180103100430.GE4911@quack2.suse.cz
> + */
> + if (!page_has_buffers(page)) {
> + ext4_warning_inode(mpd->inode, "page %lu does not have buffers attached", page->index);
> + ClearPageDirty(page);
> + unlock_page(page);
> + continue;
> + }
> +
> if (mpd->map.m_len == 0)
> mpd->first_page = page->index;
> mpd->next_page = page->index + 1;
> --
> 2.34.1
>
>
>
I see the command but can't find the corresponding bug.
The email is sent to syzbot+HASH@syzkaller.appspotmail.com address
but the HASH does not correspond to any known bug.
Please double check the address.
^ permalink raw reply [flat|nested] 364+ messages in thread
* Re: [PATCH 4.19 208/338] ARM: ftrace: avoid redundant loads or clobbering IP
2022-04-14 13:25 ` Ard Biesheuvel
@ 2022-04-14 13:34 ` Greg Kroah-Hartman
2022-04-14 14:13 ` Ard Biesheuvel
0 siblings, 1 reply; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 13:34 UTC (permalink / raw)
To: Ard Biesheuvel
Cc: Linux Kernel Mailing List, # 3.4.x, Steven Rostedt (Google), Sasha Levin
On Thu, Apr 14, 2022 at 03:25:29PM +0200, Ard Biesheuvel wrote:
> On Thu, 14 Apr 2022 at 15:23, Greg Kroah-Hartman
> <gregkh@linuxfoundation.org> wrote:
> >
> > From: Ard Biesheuvel <ardb@kernel.org>
> >
> > [ Upstream commit d11967870815b5ab89843980e35aab616c97c463 ]
> >
>
> NAK. Please don't backport these patches to -stable, I thought I had
> been clear on this.
I dropped the patches you asked to be dropped, but this is a different
one and is already in the following releases:
5.10.110 5.15.33 5.16.19 5.17.2
I can also drop it from here and the 5.4 queue if you do not want it
there.
thanks,
greg k-h
^ permalink raw reply [flat|nested] 364+ messages in thread
* Re: [PATCH 4.19 208/338] ARM: ftrace: avoid redundant loads or clobbering IP
2022-04-14 13:34 ` Greg Kroah-Hartman
@ 2022-04-14 14:13 ` Ard Biesheuvel
2022-04-14 14:20 ` Greg Kroah-Hartman
0 siblings, 1 reply; 364+ messages in thread
From: Ard Biesheuvel @ 2022-04-14 14:13 UTC (permalink / raw)
To: Greg Kroah-Hartman
Cc: Linux Kernel Mailing List, # 3.4.x, Steven Rostedt (Google), Sasha Levin
On Thu, 14 Apr 2022 at 15:57, Greg Kroah-Hartman
<gregkh@linuxfoundation.org> wrote:
>
> On Thu, Apr 14, 2022 at 03:25:29PM +0200, Ard Biesheuvel wrote:
> > On Thu, 14 Apr 2022 at 15:23, Greg Kroah-Hartman
> > <gregkh@linuxfoundation.org> wrote:
> > >
> > > From: Ard Biesheuvel <ardb@kernel.org>
> > >
> > > [ Upstream commit d11967870815b5ab89843980e35aab616c97c463 ]
> > >
> >
> > NAK. Please don't backport these patches to -stable, I thought I had
> > been clear on this.
>
> I dropped the patches you asked to be dropped, but this is a different
> one and is already in the following releases:
> 5.10.110 5.15.33 5.16.19 5.17.2
>
> I can also drop it from here and the 5.4 queue if you do not want it
> there.
>
This is not how I remember it:
On Tue, 5 Apr 2022 at 18:52, Greg Kroah-Hartman
<gregkh@linuxfoundation.org> wrote:
>
> On Tue, Apr 05, 2022 at 12:01:19PM +0200, Ard Biesheuvel wrote:
> > On Tue, 5 Apr 2022 at 11:54, Greg Kroah-Hartman
> > <gregkh@linuxfoundation.org> wrote:
> > >
> > > From: Ard Biesheuvel <ardb@kernel.org>
> > >
> > > [ Upstream commit d11967870815b5ab89843980e35aab616c97c463 ]
> > >
..
> >
> > Please drop all the 32-bit ARM patches authored by me from the stable
> > queues except the ones that have fixes tags. These are highly likely
> > to cause an explosion of regressions, and they should have never been
> > selected, as I don't remember anyone proposing these for stable.
>
> From what I can tell, that is only this commit. I'll go drop it from
> all trees, thanks.
>
Can you *please* exclude all patches authored by me from consideration
by this bot? Consider this a blanket NAK to all AUTOSEL patches cc'ed
to me.
^ permalink raw reply [flat|nested] 364+ messages in thread
* Re: [PATCH 4.19 208/338] ARM: ftrace: avoid redundant loads or clobbering IP
2022-04-14 14:13 ` Ard Biesheuvel
@ 2022-04-14 14:20 ` Greg Kroah-Hartman
2022-04-14 14:22 ` Ard Biesheuvel
0 siblings, 1 reply; 364+ messages in thread
From: Greg Kroah-Hartman @ 2022-04-14 14:20 UTC (permalink / raw)
To: Ard Biesheuvel
Cc: Linux Kernel Mailing List, # 3.4.x, Steven Rostedt (Google), Sasha Levin
On Thu, Apr 14, 2022 at 04:13:06PM +0200, Ard Biesheuvel wrote:
> On Thu, 14 Apr 2022 at 15:57, Greg Kroah-Hartman
> <gregkh@linuxfoundation.org> wrote:
> >
> > On Thu, Apr 14, 2022 at 03:25:29PM +0200, Ard Biesheuvel wrote:
> > > On Thu, 14 Apr 2022 at 15:23, Greg Kroah-Hartman
> > > <gregkh@linuxfoundation.org> wrote:
> > > >
> > > > From: Ard Biesheuvel <ardb@kernel.org>
> > > >
> > > > [ Upstream commit d11967870815b5ab89843980e35aab616c97c463 ]
> > > >
> > >
> > > NAK. Please don't backport these patches to -stable, I thought I had
> > > been clear on this.
> >
> > I dropped the patches you asked to be dropped, but this is a different
> > one and is already in the following releases:
> > 5.10.110 5.15.33 5.16.19 5.17.2
> >
> > I can also drop it from here and the 5.4 queue if you do not want it
> > there.
> >
>
> This is not how I remember it:
>
> On Tue, 5 Apr 2022 at 18:52, Greg Kroah-Hartman
> <gregkh@linuxfoundation.org> wrote:
> >
> > On Tue, Apr 05, 2022 at 12:01:19PM +0200, Ard Biesheuvel wrote:
> > > On Tue, 5 Apr 2022 at 11:54, Greg Kroah-Hartman
> > > <gregkh@linuxfoundation.org> wrote:
> > > >
> > > > From: Ard Biesheuvel <ardb@kernel.org>
> > > >
> > > > [ Upstream commit d11967870815b5ab89843980e35aab616c97c463 ]
> > > >
> ..
> > >
> > > Please drop all the 32-bit ARM patches authored by me from the stable
> > > queues except the ones that have fixes tags. These are highly likely
> > > to cause an explosion of regressions, and they should have never been
> > > selected, as I don't remember anyone proposing these for stable.
> >
> > From what I can tell, that is only this commit. I'll go drop it from
> > all trees, thanks.
> >
>
> Can you *please* exclude all patches authored by me from consideration
> by this bot? Consider this a blanket NAK to all AUTOSEL patches cc'ed
> to me.
Ick, I thought I dropped this from everywhere, very odd, sorry about
that. Ah, I dropped dd88b03ff0c8 ("ARM: ftrace: ensure that ADR takes
the Thumb bit into account"), not this one. {sigh}
Let me try to drop this again...
greg k-h
^ permalink raw reply [flat|nested] 364+ messages in thread
* Re: [PATCH 4.19 208/338] ARM: ftrace: avoid redundant loads or clobbering IP
2022-04-14 14:20 ` Greg Kroah-Hartman
@ 2022-04-14 14:22 ` Ard Biesheuvel
0 siblings, 0 replies; 364+ messages in thread
From: Ard Biesheuvel @ 2022-04-14 14:22 UTC (permalink / raw)
To: Greg Kroah-Hartman
Cc: Linux Kernel Mailing List, # 3.4.x, Steven Rostedt (Google), Sasha Levin
On Thu, 14 Apr 2022 at 16:21, Greg Kroah-Hartman
<gregkh@linuxfoundation.org> wrote:
>
> On Thu, Apr 14, 2022 at 04:13:06PM +0200, Ard Biesheuvel wrote:
> > On Thu, 14 Apr 2022 at 15:57, Greg Kroah-Hartman
> > <gregkh@linuxfoundation.org> wrote:
> > >
> > > On Thu, Apr 14, 2022 at 03:25:29PM +0200, Ard Biesheuvel wrote:
> > > > On Thu, 14 Apr 2022 at 15:23, Greg Kroah-Hartman
> > > > <gregkh@linuxfoundation.org> wrote:
> > > > >
> > > > > From: Ard Biesheuvel <ardb@kernel.org>
> > > > >
> > > > > [ Upstream commit d11967870815b5ab89843980e35aab616c97c463 ]
> > > > >
> > > >
> > > > NAK. Please don't backport these patches to -stable, I thought I had
> > > > been clear on this.
> > >
> > > I dropped the patches you asked to be dropped, but this is a different
> > > one and is already in the following releases:
> > > 5.10.110 5.15.33 5.16.19 5.17.2
> > >
> > > I can also drop it from here and the 5.4 queue if you do not want it
> > > there.
> > >
> >
> > This is not how I remember it:
> >
> > On Tue, 5 Apr 2022 at 18:52, Greg Kroah-Hartman
> > <gregkh@linuxfoundation.org> wrote:
> > >
> > > On Tue, Apr 05, 2022 at 12:01:19PM +0200, Ard Biesheuvel wrote:
> > > > On Tue, 5 Apr 2022 at 11:54, Greg Kroah-Hartman
> > > > <gregkh@linuxfoundation.org> wrote:
> > > > >
> > > > > From: Ard Biesheuvel <ardb@kernel.org>
> > > > >
> > > > > [ Upstream commit d11967870815b5ab89843980e35aab616c97c463 ]
> > > > >
> > ..
> > > >
> > > > Please drop all the 32-bit ARM patches authored by me from the stable
> > > > queues except the ones that have fixes tags. These are highly likely
> > > > to cause an explosion of regressions, and they should have never been
> > > > selected, as I don't remember anyone proposing these for stable.
> > >
> > > From what I can tell, that is only this commit. I'll go drop it from
> > > all trees, thanks.
> > >
> >
> > Can you *please* exclude all patches authored by me from consideration
> > by this bot? Consider this a blanket NAK to all AUTOSEL patches cc'ed
> > to me.
>
> Ick, I thought I dropped this from everywhere, very odd, sorry about
> that. Ah, I dropped dd88b03ff0c8 ("ARM: ftrace: ensure that ADR takes
> the Thumb bit into account"), not this one. {sigh}
>
Ah, that's the only one that did have a fixes: tag :-)
^ permalink raw reply [flat|nested] 364+ messages in thread
* Re: [PATCH 4.19 155/338] net: bcmgenet: Use stronger register read/writes to assure ordering
2022-04-14 13:10 ` [PATCH 4.19 155/338] net: bcmgenet: Use stronger register read/writes to assure ordering Greg Kroah-Hartman
@ 2022-04-14 15:02 ` Jeremy Linton
0 siblings, 0 replies; 364+ messages in thread
From: Jeremy Linton @ 2022-04-14 15:02 UTC (permalink / raw)
To: Greg Kroah-Hartman, linux-kernel
Cc: stable, Peter Robinson, Florian Fainelli, Jakub Kicinski, Sasha Levin
Hi,
I would kill this commit too, since the final conclusion was that
underlying problem was a compiler bug (which has now been fixed).
Thanks,
On 4/14/22 08:10, Greg Kroah-Hartman wrote:
> From: Jeremy Linton <jeremy.linton@arm.com>
>
> [ Upstream commit 8d3ea3d402db94b61075617e71b67459a714a502 ]
>
> GCC12 appears to be much smarter about its dependency tracking and is
> aware that the relaxed variants are just normal loads and stores and
> this is causing problems like:
>
> [ 210.074549] ------------[ cut here ]------------
> [ 210.079223] NETDEV WATCHDOG: enabcm6e4ei0 (bcmgenet): transmit queue 1 timed out
> [ 210.086717] WARNING: CPU: 1 PID: 0 at net/sched/sch_generic.c:529 dev_watchdog+0x234/0x240
> [ 210.095044] Modules linked in: genet(E) nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct nft_chain_nat]
> [ 210.146561] ACPI CPPC: PCC check channel failed for ss: 0. ret=-110
> [ 210.146927] CPU: 1 PID: 0 Comm: swapper/1 Tainted: G E 5.17.0-rc7G12+ #58
> [ 210.153226] CPPC Cpufreq:cppc_scale_freq_workfn: failed to read perf counters
> [ 210.161349] Hardware name: Raspberry Pi Foundation Raspberry Pi 4 Model B/Raspberry Pi 4 Model B, BIOS EDK2-DEV 02/08/2022
> [ 210.161353] pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
> [ 210.161358] pc : dev_watchdog+0x234/0x240
> [ 210.161364] lr : dev_watchdog+0x234/0x240
> [ 210.161368] sp : ffff8000080a3a40
> [ 210.161370] x29: ffff8000080a3a40 x28: ffffcd425af87000 x27: ffff8000080a3b20
> [ 210.205150] x26: ffffcd425aa00000 x25: 0000000000000001 x24: ffffcd425af8ec08
> [ 210.212321] x23: 0000000000000100 x22: ffffcd425af87000 x21: ffff55b142688000
> [ 210.219491] x20: 0000000000000001 x19: ffff55b1426884c8 x18: ffffffffffffffff
> [ 210.226661] x17: 64656d6974203120 x16: 0000000000000001 x15: 6d736e617274203a
> [ 210.233831] x14: 2974656e65676d63 x13: ffffcd4259c300d8 x12: ffffcd425b07d5f0
> [ 210.241001] x11: 00000000ffffffff x10: ffffcd425b07d5f0 x9 : ffffcd4258bdad9c
> [ 210.248171] x8 : 00000000ffffdfff x7 : 000000000000003f x6 : 0000000000000000
> [ 210.255341] x5 : 0000000000000000 x4 : 0000000000000000 x3 : 0000000000001000
> [ 210.262511] x2 : 0000000000001000 x1 : 0000000000000005 x0 : 0000000000000044
> [ 210.269682] Call trace:
> [ 210.272133] dev_watchdog+0x234/0x240
> [ 210.275811] call_timer_fn+0x3c/0x15c
> [ 210.279489] __run_timers.part.0+0x288/0x310
> [ 210.283777] run_timer_softirq+0x48/0x80
> [ 210.287716] __do_softirq+0x128/0x360
> [ 210.291392] __irq_exit_rcu+0x138/0x140
> [ 210.295243] irq_exit_rcu+0x1c/0x30
> [ 210.298745] el1_interrupt+0x38/0x54
> [ 210.302334] el1h_64_irq_handler+0x18/0x24
> [ 210.306445] el1h_64_irq+0x7c/0x80
> [ 210.309857] arch_cpu_idle+0x18/0x2c
> [ 210.313445] default_idle_call+0x4c/0x140
> [ 210.317470] cpuidle_idle_call+0x14c/0x1a0
> [ 210.321584] do_idle+0xb0/0x100
> [ 210.324737] cpu_startup_entry+0x30/0x8c
> [ 210.328675] secondary_start_kernel+0xe4/0x110
> [ 210.333138] __secondary_switched+0x94/0x98
>
> The assumption when these were relaxed seems to be that device memory
> would be mapped non reordering, and that other constructs
> (spinlocks/etc) would provide the barriers to assure that packet data
> and in memory rings/queues were ordered with respect to device
> register reads/writes. This itself seems a bit sketchy, but the real
> problem with GCC12 is that it is moving the actual reads/writes around
> at will as though they were independent operations when in truth they
> are not, but the compiler can't know that. When looking at the
> assembly dumps for many of these routines its possible to see very
> clean, but not strictly in program order operations occurring as the
> compiler would be free to do if these weren't actually register
> reads/write operations.
>
> Its possible to suppress the timeout with a liberal bit of dma_mb()'s
> sprinkled around but the device still seems unable to reliably
> send/receive data. A better plan is to use the safer readl/writel
> everywhere.
>
> Since this partially reverts an older commit, which notes the use of
> the relaxed variants for performance reasons. I would suggest that
> any performance problems with this commit are targeted at relaxing only
> the performance critical code paths after assuring proper barriers.
>
> Fixes: 69d2ea9c79898 ("net: bcmgenet: Use correct I/O accessors")
> Reported-by: Peter Robinson <pbrobinson@gmail.com>
> Signed-off-by: Jeremy Linton <jeremy.linton@arm.com>
> Acked-by: Peter Robinson <pbrobinson@gmail.com>
> Tested-by: Peter Robinson <pbrobinson@gmail.com>
> Acked-by: Florian Fainelli <f.fainelli@gmail.com>
> Link: https://lore.kernel.org/r/20220310045358.224350-1-jeremy.linton@arm.com
> Signed-off-by: Jakub Kicinski <kuba@kernel.org>
> Signed-off-by: Sasha Levin <sashal@kernel.org>
> ---
> drivers/net/ethernet/broadcom/genet/bcmgenet.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/net/ethernet/broadcom/genet/bcmgenet.c b/drivers/net/ethernet/broadcom/genet/bcmgenet.c
> index d4be107ea4cd..c78b687a1443 100644
> --- a/drivers/net/ethernet/broadcom/genet/bcmgenet.c
> +++ b/drivers/net/ethernet/broadcom/genet/bcmgenet.c
> @@ -83,7 +83,7 @@ static inline void bcmgenet_writel(u32 value, void __iomem *offset)
> if (IS_ENABLED(CONFIG_MIPS) && IS_ENABLED(CONFIG_CPU_BIG_ENDIAN))
> __raw_writel(value, offset);
> else
> - writel_relaxed(value, offset);
> + writel(value, offset);
> }
>
> static inline u32 bcmgenet_readl(void __iomem *offset)
> @@ -91,7 +91,7 @@ static inline u32 bcmgenet_readl(void __iomem *offset)
> if (IS_ENABLED(CONFIG_MIPS) && IS_ENABLED(CONFIG_CPU_BIG_ENDIAN))
> return __raw_readl(offset);
> else
> - return readl_relaxed(offset);
> + return readl(offset);
> }
>
> static inline void dmadesc_set_length_status(struct bcmgenet_priv *priv,
^ permalink raw reply [flat|nested] 364+ messages in thread
* Re: [PATCH 4.19 003/338] hv: utils: add PTP_1588_CLOCK to Kconfig to fix build
2022-04-14 13:08 ` [PATCH 4.19 003/338] hv: utils: add PTP_1588_CLOCK to Kconfig to fix build Greg Kroah-Hartman
@ 2022-04-14 16:02 ` Randy Dunlap
0 siblings, 0 replies; 364+ messages in thread
From: Randy Dunlap @ 2022-04-14 16:02 UTC (permalink / raw)
To: Greg Kroah-Hartman, linux-kernel
Cc: stable, kernel test robot, Arnd Bergmann, K. Y. Srinivasan,
Haiyang Zhang, Stephen Hemminger, Wei Liu, Dexuan Cui,
linux-hyperv, Michael Kelley, Petr Štetiar
On 4/14/22 06:08, Greg Kroah-Hartman wrote:
> From: Randy Dunlap <rdunlap@infradead.org>
>
> commit 1dc2f2b81a6a9895da59f3915760f6c0c3074492 upstream.
>
> The hyperv utilities use PTP clock interfaces and should depend a
> a kconfig symbol such that they will be built as a loadable module or
> builtin so that linker errors do not happen.
>
> Prevents these build errors:
>
> ld: drivers/hv/hv_util.o: in function `hv_timesync_deinit':
> hv_util.c:(.text+0x37d): undefined reference to `ptp_clock_unregister'
> ld: drivers/hv/hv_util.o: in function `hv_timesync_init':
> hv_util.c:(.text+0x738): undefined reference to `ptp_clock_register'
>
> Fixes: 3716a49a81ba ("hv_utils: implement Hyper-V PTP source")
> Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
> Reported-by: kernel test robot <lkp@intel.com>
> Cc: Arnd Bergmann <arnd@arndb.de>
> Cc: "K. Y. Srinivasan" <kys@microsoft.com>
> Cc: Haiyang Zhang <haiyangz@microsoft.com>
> Cc: Stephen Hemminger <sthemmin@microsoft.com>
> Cc: Wei Liu <wei.liu@kernel.org>
> Cc: Dexuan Cui <decui@microsoft.com>
> Cc: linux-hyperv@vger.kernel.org
> Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
> Reviewed-by: Michael Kelley <mikelley@microsoft.com>
> Link: https://lore.kernel.org/r/20211126023316.25184-1-rdunlap@infradead.org
> Signed-off-by: Wei Liu <wei.liu@kernel.org>
> Cc: Petr Štetiar <ynezz@true.cz>
> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
> ---
> drivers/hv/Kconfig | 1 +
> 1 file changed, 1 insertion(+)
>
> --- a/drivers/hv/Kconfig
> +++ b/drivers/hv/Kconfig
> @@ -16,6 +16,7 @@ config HYPERV_TSCPAGE
> config HYPERV_UTILS
> tristate "Microsoft Hyper-V Utilities driver"
> depends on HYPERV && CONNECTOR && NLS
> + depends on PTP_1588_CLOCK_OPTIONAL
> help
> Select this option to enable the Hyper-V Utilities.
Please drop this one also. PTP_1588_CLOCK_OPTIONAL is not present
in 4.x kernels.
Sorry for the problem.
--
~Randy
^ permalink raw reply [flat|nested] 364+ messages in thread
* Re: [PATCH 4.19 000/338] 4.19.238-rc1 review
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (337 preceding siblings ...)
2022-04-14 13:14 ` [PATCH 4.19 338/338] drm/amdkfd: Use drm_priv to pass VM from KFD to amdgpu Greg Kroah-Hartman
@ 2022-04-14 16:58 ` Pavel Machek
2022-04-14 17:03 ` Shuah Khan
` (4 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Pavel Machek @ 2022-04-14 16:58 UTC (permalink / raw)
To: Greg Kroah-Hartman
Cc: linux-kernel, stable, torvalds, akpm, linux, shuah, patches,
lkft-triage, pavel, jonathanh, f.fainelli, sudipm.mukherjee,
slade
[-- Attachment #1: Type: text/plain, Size: 708 bytes --]
Hi!
> This is the start of the stable review cycle for the 4.19.238 release.
> There are 338 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
CIP testing did not find any kernel problems here (but we have some
problems with test):
https://gitlab.com/cip-project/cip-testing/linux-stable-rc-ci/-/tree/linux-4.19.y
Tested-by: Pavel Machek (CIP) <pavel@denx.de>
Best regards,
Pavel
--
DENX Software Engineering GmbH, Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 195 bytes --]
^ permalink raw reply [flat|nested] 364+ messages in thread
* Re: [PATCH 4.19 000/338] 4.19.238-rc1 review
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (338 preceding siblings ...)
2022-04-14 16:58 ` [PATCH 4.19 000/338] 4.19.238-rc1 review Pavel Machek
@ 2022-04-14 17:03 ` Shuah Khan
2022-04-15 0:54 ` Samuel Zou
` (3 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Shuah Khan @ 2022-04-14 17:03 UTC (permalink / raw)
To: Greg Kroah-Hartman, linux-kernel
Cc: stable, torvalds, akpm, linux, shuah, patches, lkft-triage,
pavel, jonathanh, f.fainelli, sudipm.mukherjee, slade,
Shuah Khan
On 4/14/22 7:08 AM, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 4.19.238 release.
> There are 338 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Sat, 16 Apr 2022 11:07:54 +0000.
> Anything received after that time might be too late.
>
> The whole patch series can be found in one patch at:
> https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.19.238-rc1.gz
> or in the git tree and branch at:
> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.19.y
> and the diffstat can be found below.
>
> thanks,
>
> greg k-h
>
Compiled and booted on my test system. No dmesg regressions.
Tested-by: Shuah Khan <skhan@linuxfoundation.org>
thanks,
-- Shuah
^ permalink raw reply [flat|nested] 364+ messages in thread
* Re: [PATCH 4.19 000/338] 4.19.238-rc1 review
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (339 preceding siblings ...)
2022-04-14 17:03 ` Shuah Khan
@ 2022-04-15 0:54 ` Samuel Zou
2022-04-15 1:10 ` Guenter Roeck
` (2 subsequent siblings)
343 siblings, 0 replies; 364+ messages in thread
From: Samuel Zou @ 2022-04-15 0:54 UTC (permalink / raw)
To: Greg Kroah-Hartman, linux-kernel
Cc: stable, torvalds, akpm, linux, shuah, patches, lkft-triage,
pavel, jonathanh, f.fainelli, sudipm.mukherjee, slade
On 2022/4/14 21:08, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 4.19.238 release.
> There are 338 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Sat, 16 Apr 2022 11:07:54 +0000.
> Anything received after that time might be too late.
>
> The whole patch series can be found in one patch at:
> https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.19.238-rc1.gz
> or in the git tree and branch at:
> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.19.y
> and the diffstat can be found below.
>
> thanks,
>
> greg k-h
>
Tested on arm64 and x86 for 4.19.238-rc1,
Kernel repo:
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git
Branch: linux-4.19.y
Version: 4.19.238-rc1
Commit: 3f08640122e30667d6aa2e90e4fa57f3d9f48ceb
Compiler: gcc version 7.3.0 (GCC)
arm64:
--------------------------------------------------------------------
Testcase Result Summary:
total: 8957
passed: 8957
failed: 0
timeout: 0
--------------------------------------------------------------------
x86:
--------------------------------------------------------------------
Testcase Result Summary:
total: 8957
passed: 8957
failed: 0
timeout: 0
--------------------------------------------------------------------
Tested-by: Hulk Robot <hulkrobot@huawei.com>
^ permalink raw reply [flat|nested] 364+ messages in thread
* Re: [PATCH 4.19 000/338] 4.19.238-rc1 review
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (340 preceding siblings ...)
2022-04-15 0:54 ` Samuel Zou
@ 2022-04-15 1:10 ` Guenter Roeck
2022-04-15 13:44 ` Daniel Díaz
2022-04-18 8:39 ` Naresh Kamboju
343 siblings, 0 replies; 364+ messages in thread
From: Guenter Roeck @ 2022-04-15 1:10 UTC (permalink / raw)
To: Greg Kroah-Hartman
Cc: linux-kernel, stable, torvalds, akpm, shuah, patches,
lkft-triage, pavel, jonathanh, f.fainelli, sudipm.mukherjee,
slade
On Thu, Apr 14, 2022 at 03:08:23PM +0200, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 4.19.238 release.
> There are 338 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
Build results:
total: 156 pass: 156 fail: 0
Qemu test results:
total: 425 pass: 425 fail: 0
Tested-by: Guenter Roeck <linux@roeck-us.net>
Guenter
^ permalink raw reply [flat|nested] 364+ messages in thread
* Re: [PATCH 4.19 000/338] 4.19.238-rc1 review
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (341 preceding siblings ...)
2022-04-15 1:10 ` Guenter Roeck
@ 2022-04-15 13:44 ` Daniel Díaz
2022-04-18 8:39 ` Naresh Kamboju
343 siblings, 0 replies; 364+ messages in thread
From: Daniel Díaz @ 2022-04-15 13:44 UTC (permalink / raw)
To: Greg Kroah-Hartman, linux-kernel
Cc: stable, torvalds, akpm, linux, shuah, patches, lkft-triage,
pavel, jonathanh, f.fainelli, sudipm.mukherjee, slade
Hello!
On 4/14/22 08:08, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 4.19.238 release.
> There are 338 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Sat, 16 Apr 2022 11:07:54 +0000.
> Anything received after that time might be too late.
>
> The whole patch series can be found in one patch at:
> https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.19.238-rc1.gz
> or in the git tree and branch at:
> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.19.y
> and the diffstat can be found below.
>
> thanks,
>
> greg k-h
Results from Linaro's test farm.
No regressions on arm64, arm, x86_64, and i386.
Tested-by: Linux Kernel Functional Testing <lkft@linaro.org>
## Build
* kernel: 4.19.238-rc1
* git: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git
* git branch: linux-4.19.y
* git commit: 3f08640122e30667d6aa2e90e4fa57f3d9f48ceb
* git describe: v4.19.237-339-g3f08640122e3
* test details: https://qa-reports.linaro.org/lkft/linux-stable-rc-linux-4.19.y/build/v4.19.237-339-g3f08640122e3
## No Test Regressions (compared to v4.19.237)
## No Metric Regressions (compared to v4.19.237)
## No Test Fixes (compared to v4.19.237)
## No Metric Fixes (compared to v4.19.237)
## Test result summary
total: 86571, pass: 69522, fail: 1159, skip: 13859, xfail: 2031
## Build Summary
* arm: 281 total, 275 passed, 6 failed
* arm64: 39 total, 39 passed, 0 failed
* dragonboard-410c: 1 total, 1 passed, 0 failed
* hi6220-hikey: 1 total, 1 passed, 0 failed
* i386: 19 total, 19 passed, 0 failed
* juno-r2: 1 total, 1 passed, 0 failed
* mips: 27 total, 27 passed, 0 failed
* powerpc: 60 total, 54 passed, 6 failed
* s390: 12 total, 12 passed, 0 failed
* sparc: 12 total, 12 passed, 0 failed
* x15: 1 total, 1 passed, 0 failed
* x86: 1 total, 1 passed, 0 failed
* x86_64: 38 total, 38 passed, 0 failed
## Test suites summary
* fwts
* kselftest-android
* kselftest-arm64
* kselftest-bpf
* kselftest-breakpoints
* kselftest-capabilities
* kselftest-cgroup
* kselftest-clone3
* kselftest-core
* kselftest-cpu-hotplug
* kselftest-cpufreq
* kselftest-drivers
* kselftest-efivarfs
* kselftest-filesystems
* kselftest-firmware
* kselftest-fpu
* kselftest-futex
* kselftest-gpio
* kselftest-intel_pstate
* kselftest-ipc
* kselftest-ir
* kselftest-kcmp
* kselftest-kexec
* kselftest-kvm
* kselftest-lib
* kselftest-livepatch
* kselftest-membarrier
* kselftest-memfd
* kselftest-memory-hotplug
* kselftest-mincore
* kselftest-mount
* kselftest-mqueue
* kselftest-net
* kselftest-netfilter
* kselftest-nsfs
* kselftest-openat2
* kselftest-pid_namespace
* kselftest-pidfd
* kselftest-proc
* kselftest-pstore
* kselftest-ptrace
* kselftest-rseq
* kselftest-rtc
* kselftest-seccomp
* kselftest-sigaltstack
* kselftest-size
* kselftest-splice
* kselftest-static_keys
* kselftest-sync
* kselftest-sysctl
* kselftest-tc-testing
* kselftest-timens
* kselftest-timers
* kselftest-tmpfs
* kselftest-tpm2
* kselftest-user
* kselftest-vm
* kselftest-x86
* kselftest-zram
* kvm-unit-tests
* libhugetlbfs
* linux-log-parser
* ltp-cap_bounds-tests
* ltp-commands-tests
* ltp-containers-tests
* ltp-controllers-tests
* ltp-cpuhotplug-tests
* ltp-crypto-tests
* ltp-cve-tests
* ltp-dio-tests
* ltp-fcntl-locktests-tests
* ltp-filecaps-tests
* ltp-fs-tests
* ltp-fs_bind-tests
* ltp-fs_perms_simple-tests
* ltp-fsx-tests
* ltp-hugetlb-tests
* ltp-io-tests
* ltp-ipc-tests
* ltp-math-tests
* ltp-mm-tests
* ltp-nptl-tests
* ltp-open-posix-tests
* ltp-pty-tests
* ltp-sched-tests
* ltp-securebits-tests
* ltp-syscalls-tests
* ltp-tracing-tests
* network-basic-tests
* packetdrill
* perf
* rcutorture
* ssuite
* v4l2-compliance
* vdso
Greetings!
Daniel Díaz
daniel.diaz@linaro.org
--
Linaro LKFT
https://lkft.linaro.org
^ permalink raw reply [flat|nested] 364+ messages in thread
* Re: [PATCH 4.19 000/338] 4.19.238-rc1 review
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
` (342 preceding siblings ...)
2022-04-15 13:44 ` Daniel Díaz
@ 2022-04-18 8:39 ` Naresh Kamboju
2022-04-20 23:48 ` Naresh Kamboju
343 siblings, 1 reply; 364+ messages in thread
From: Naresh Kamboju @ 2022-04-18 8:39 UTC (permalink / raw)
To: Greg Kroah-Hartman
Cc: linux-kernel, stable, torvalds, akpm, linux, shuah, patches,
lkft-triage, pavel, jonathanh, f.fainelli, sudipm.mukherjee,
slade, Netdev, David S. Miller, Jakub Kicinski, Paolo Abeni
On Thu, 14 Apr 2022 at 18:45, Greg Kroah-Hartman
<gregkh@linuxfoundation.org> wrote:
>
> This is the start of the stable review cycle for the 4.19.238 release.
> There are 338 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Sat, 16 Apr 2022 11:07:54 +0000.
> Anything received after that time might be too late.
>
> The whole patch series can be found in one patch at:
> https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.19.238-rc1.gz
> or in the git tree and branch at:
> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.19.y
> and the diffstat can be found below.
>
> thanks,
>
> greg k-h
Following kernel warning noticed on arm64 Juno-r2 while booting
stable-rc 4.19.238. Here is the full test log link [1].
[ 0.000000] Booting Linux on physical CPU 0x0000000100 [0x410fd033]
[ 0.000000] Linux version 4.19.238 (tuxmake@tuxmake) (gcc version
11.2.0 (Debian 11.2.0-18)) #1 SMP PREEMPT @1650206156
[ 0.000000] Machine model: ARM Juno development board (r2)
<trim>
[ 18.499895] ================================
[ 18.504172] WARNING: inconsistent lock state
[ 18.508451] 4.19.238 #1 Not tainted
[ 18.511944] --------------------------------
[ 18.516222] inconsistent {IN-SOFTIRQ-W} -> {SOFTIRQ-ON-W} usage.
[ 18.522242] kworker/u12:3/60 [HC0[0]:SC0[0]:HE1:SE1] takes:
[ 18.527826] (____ptrval____)
(&(&xprt->transport_lock)->rlock){+.?.}, at: xprt_destroy+0x70/0xe0
[ 18.536648] {IN-SOFTIRQ-W} state was registered at:
[ 18.541543] lock_acquire+0xc8/0x23c
[ 18.545216] _raw_spin_lock+0x50/0x64
[ 18.548973] xs_tcp_state_change+0x1b4/0x440
[ 18.553343] tcp_rcv_state_process+0x684/0x1300
[ 18.557972] tcp_v4_do_rcv+0x70/0x290
[ 18.561731] tcp_v4_rcv+0xc34/0xda0
[ 18.565316] ip_local_deliver_finish+0x16c/0x3c0
[ 18.570032] ip_local_deliver+0x6c/0x240
[ 18.574051] ip_rcv_finish+0x98/0xe4
[ 18.577722] ip_rcv+0x68/0x210
[ 18.580871] __netif_receive_skb_one_core+0x6c/0x9c
[ 18.585847] __netif_receive_skb+0x2c/0x74
[ 18.590039] netif_receive_skb_internal+0x88/0x20c
[ 18.594928] netif_receive_skb+0x68/0x1a0
[ 18.599036] smsc911x_poll+0x104/0x290
[ 18.602881] net_rx_action+0x124/0x4bc
[ 18.606727] __do_softirq+0x1d0/0x524
[ 18.610484] irq_exit+0x11c/0x144
[ 18.613894] __handle_domain_irq+0x84/0xe0
[ 18.618086] gic_handle_irq+0x5c/0xb0
[ 18.621843] el1_irq+0xb4/0x130
[ 18.625081] cpuidle_enter_state+0xc0/0x3ec
[ 18.629361] cpuidle_enter+0x38/0x4c
[ 18.633032] do_idle+0x200/0x2c0
[ 18.636353] cpu_startup_entry+0x30/0x50
[ 18.640372] rest_init+0x260/0x270
[ 18.643870] start_kernel+0x45c/0x490
[ 18.647625] irq event stamp: 18931
[ 18.651037] hardirqs last enabled at (18931): [<ffff00000832e800>]
kfree+0xe0/0x370
[ 18.658799] hardirqs last disabled at (18930): [<ffff00000832e7ec>]
kfree+0xcc/0x370
[ 18.666564] softirqs last enabled at (18920): [<ffff000008fbce94>]
rpc_wake_up_first_on_wq+0xb4/0x1b0
[ 18.675893] softirqs last disabled at (18918): [<ffff000008fbce18>]
rpc_wake_up_first_on_wq+0x38/0x1b0
[ 18.685217]
[ 18.685217] other info that might help us debug this:
[ 18.691758] Possible unsafe locking scenario:
[ 18.691758]
[ 18.697689] CPU0
[ 18.700137] ----
[ 18.702586] lock(&(&xprt->transport_lock)->rlock);
[ 18.707562] <Interrupt>
[ 18.710184] lock(&(&xprt->transport_lock)->rlock);
[ 18.715335]
[ 18.715335] *** DEADLOCK ***
[ 18.715335]
[ 18.721270] 2 locks held by kworker/u12:3/60:
[ 18.725633] #0: (____ptrval____)
((wq_completion)\"rpciod\"){+.+.}, at: process_one_work+0x1e0/0x6c0
[ 18.734711] #1: (____ptrval____)
((work_completion)(&task->u.tk_work)){+.+.}, at:
process_one_work+0x1e0/0x6c0
[ 18.744831]
[ 18.744831] stack backtrace:
[ 18.749202] CPU: 0 PID: 60 Comm: kworker/u12:3 Not tainted 4.19.238 #1
[ 18.755741] Hardware name: ARM Juno development board (r2) (DT)
[ 18.761678] Workqueue: rpciod rpc_async_schedule
[ 18.766305] Call trace:
[ 18.768758] dump_backtrace+0x0/0x190
[ 18.772427] show_stack+0x28/0x34
[ 18.775748] dump_stack+0xb0/0xf8
[ 18.779072] print_usage_bug.part.0+0x25c/0x270
[ 18.783613] mark_lock+0x5d0/0x6e0
[ 18.787023] __lock_acquire+0x6c4/0x16f0
[ 18.790955] lock_acquire+0xc8/0x23c
[ 18.794539] _raw_spin_lock+0x50/0x64
[ 18.798210] xprt_destroy+0x70/0xe0
[ 18.801708] xprt_put+0x44/0x50
[ 18.804857] rpc_task_release_client+0x7c/0x90
[ 18.809311] __rpc_execute+0x2a8/0x5f4
[ 18.813069] rpc_async_schedule+0x24/0x30
[ 18.817089] process_one_work+0x28c/0x6c0
[ 18.821108] worker_thread+0x6c/0x450
[ 18.824779] kthread+0x12c/0x16c
[ 18.828015] ret_from_fork+0x10/0x24
[ 18.931718] VFS: Mounted root (nfs filesystem) on device 0:17.
metadata:
git_ref: linux-4.19.y
git_repo: https://gitlab.com/Linaro/lkft/mirrors/stable/linux-stable-rc
git_sha: aaad8e56ca1e56fe34b5a33f30fb6f9279969020
git_describe: v4.19.238
kernel_version: 4.19.238
kernel-config: https://builds.tuxbuild.com/27vgbZzdS2aNU90tNu4Hl0IJuIP/config
--
Linaro LKFT
https://lkft.linaro.org
[1] https://lkft.validation.linaro.org/scheduler/job/4909565#L1141
^ permalink raw reply [flat|nested] 364+ messages in thread
* Re: [PATCH 4.19 000/338] 4.19.238-rc1 review
2022-04-18 8:39 ` Naresh Kamboju
@ 2022-04-20 23:48 ` Naresh Kamboju
2022-04-26 2:29 ` NeilBrown
0 siblings, 1 reply; 364+ messages in thread
From: Naresh Kamboju @ 2022-04-20 23:48 UTC (permalink / raw)
To: Greg Kroah-Hartman
Cc: linux-kernel, stable, torvalds, akpm, linux, shuah, patches,
lkft-triage, pavel, jonathanh, f.fainelli, sudipm.mukherjee,
slade, Netdev, David S. Miller, Jakub Kicinski, Paolo Abeni,
NeilBrown, Trond Myklebust, linux-nfs, Anna Schumaker
On Mon, 18 Apr 2022 at 14:09, Naresh Kamboju <naresh.kamboju@linaro.org> wrote:
>
> On Thu, 14 Apr 2022 at 18:45, Greg Kroah-Hartman
> <gregkh@linuxfoundation.org> wrote:
> >
> > This is the start of the stable review cycle for the 4.19.238 release.
> > There are 338 patches in this series, all will be posted as a response
> > to this one. If anyone has any issues with these being applied, please
> > let me know.
> >
> > Responses should be made by Sat, 16 Apr 2022 11:07:54 +0000.
> > Anything received after that time might be too late.
> >
> > The whole patch series can be found in one patch at:
> > https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.19.238-rc1.gz
> > or in the git tree and branch at:
> > git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.19.y
> > and the diffstat can be found below.
> >
> > thanks,
> >
> > greg k-h
>
>
> Following kernel warning noticed on arm64 Juno-r2 while booting
> stable-rc 4.19.238. Here is the full test log link [1].
>
> [ 0.000000] Booting Linux on physical CPU 0x0000000100 [0x410fd033]
> [ 0.000000] Linux version 4.19.238 (tuxmake@tuxmake) (gcc version
> 11.2.0 (Debian 11.2.0-18)) #1 SMP PREEMPT @1650206156
> [ 0.000000] Machine model: ARM Juno development board (r2)
> <trim>
> [ 18.499895] ================================
> [ 18.504172] WARNING: inconsistent lock state
> [ 18.508451] 4.19.238 #1 Not tainted
> [ 18.511944] --------------------------------
> [ 18.516222] inconsistent {IN-SOFTIRQ-W} -> {SOFTIRQ-ON-W} usage.
> [ 18.522242] kworker/u12:3/60 [HC0[0]:SC0[0]:HE1:SE1] takes:
> [ 18.527826] (____ptrval____)
> (&(&xprt->transport_lock)->rlock){+.?.}, at: xprt_destroy+0x70/0xe0
> [ 18.536648] {IN-SOFTIRQ-W} state was registered at:
> [ 18.541543] lock_acquire+0xc8/0x23c
> [ 18.545216] _raw_spin_lock+0x50/0x64
> [ 18.548973] xs_tcp_state_change+0x1b4/0x440
> [ 18.553343] tcp_rcv_state_process+0x684/0x1300
> [ 18.557972] tcp_v4_do_rcv+0x70/0x290
> [ 18.561731] tcp_v4_rcv+0xc34/0xda0
> [ 18.565316] ip_local_deliver_finish+0x16c/0x3c0
> [ 18.570032] ip_local_deliver+0x6c/0x240
> [ 18.574051] ip_rcv_finish+0x98/0xe4
> [ 18.577722] ip_rcv+0x68/0x210
> [ 18.580871] __netif_receive_skb_one_core+0x6c/0x9c
> [ 18.585847] __netif_receive_skb+0x2c/0x74
> [ 18.590039] netif_receive_skb_internal+0x88/0x20c
> [ 18.594928] netif_receive_skb+0x68/0x1a0
> [ 18.599036] smsc911x_poll+0x104/0x290
> [ 18.602881] net_rx_action+0x124/0x4bc
> [ 18.606727] __do_softirq+0x1d0/0x524
> [ 18.610484] irq_exit+0x11c/0x144
> [ 18.613894] __handle_domain_irq+0x84/0xe0
> [ 18.618086] gic_handle_irq+0x5c/0xb0
> [ 18.621843] el1_irq+0xb4/0x130
> [ 18.625081] cpuidle_enter_state+0xc0/0x3ec
> [ 18.629361] cpuidle_enter+0x38/0x4c
> [ 18.633032] do_idle+0x200/0x2c0
> [ 18.636353] cpu_startup_entry+0x30/0x50
> [ 18.640372] rest_init+0x260/0x270
> [ 18.643870] start_kernel+0x45c/0x490
> [ 18.647625] irq event stamp: 18931
> [ 18.651037] hardirqs last enabled at (18931): [<ffff00000832e800>]
> kfree+0xe0/0x370
> [ 18.658799] hardirqs last disabled at (18930): [<ffff00000832e7ec>]
> kfree+0xcc/0x370
> [ 18.666564] softirqs last enabled at (18920): [<ffff000008fbce94>]
> rpc_wake_up_first_on_wq+0xb4/0x1b0
> [ 18.675893] softirqs last disabled at (18918): [<ffff000008fbce18>]
> rpc_wake_up_first_on_wq+0x38/0x1b0
> [ 18.685217]
> [ 18.685217] other info that might help us debug this:
> [ 18.691758] Possible unsafe locking scenario:
> [ 18.691758]
> [ 18.697689] CPU0
> [ 18.700137] ----
> [ 18.702586] lock(&(&xprt->transport_lock)->rlock);
> [ 18.707562] <Interrupt>
> [ 18.710184] lock(&(&xprt->transport_lock)->rlock);
> [ 18.715335]
> [ 18.715335] *** DEADLOCK ***
My bisect script pointed to the following kernel commit,
BAT BISECTION OLD: This iteration (kernel rev
2d235d26dcf81d34c93ba8616d75c804b5ee5f3f) presents old behavior.
242a3e0c75b64b4ced82e29e07a6d6d98eeec826 is the first new commit
commit 242a3e0c75b64b4ced82e29e07a6d6d98eeec826
Author: NeilBrown <neilb@suse.de>
Date: Tue Mar 8 13:42:17 2022 +1100
SUNRPC: avoid race between mod_timer() and del_timer_sync()
commit 3848e96edf4788f772d83990022fa7023a233d83 upstream.
xprt_destory() claims XPRT_LOCKED and then calls del_timer_sync().
Both xprt_unlock_connect() and xprt_release() call
->release_xprt()
which drops XPRT_LOCKED and *then* xprt_schedule_autodisconnect()
which calls mod_timer().
This may result in mod_timer() being called *after* del_timer_sync().
When this happens, the timer may fire long after the xprt has been freed,
and run_timer_softirq() will probably crash.
The pairing of ->release_xprt() and xprt_schedule_autodisconnect() is
always called under ->transport_lock. So if we take ->transport_lock to
call del_timer_sync(), we can be sure that mod_timer() will run first
(if it runs at all).
Cc: stable@vger.kernel.org
Signed-off-by: NeilBrown <neilb@suse.de>
Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
net/sunrpc/xprt.c | 7 +++++++
1 file changed, 7 insertions(+)
Reported-by: Linux Kernel Functional Testing <lkft@linaro.org>
--
Linaro LKFT
https://lkft.linaro.org
^ permalink raw reply [flat|nested] 364+ messages in thread
* Re: [PATCH 4.19 000/338] 4.19.238-rc1 review
2022-04-20 23:48 ` Naresh Kamboju
@ 2022-04-26 2:29 ` NeilBrown
2022-12-16 18:31 ` Michael Trimarchi
0 siblings, 1 reply; 364+ messages in thread
From: NeilBrown @ 2022-04-26 2:29 UTC (permalink / raw)
To: Naresh Kamboju
Cc: Greg Kroah-Hartman, linux-kernel, stable, torvalds, akpm, linux,
shuah, patches, lkft-triage, pavel, jonathanh, f.fainelli,
sudipm.mukherjee, slade, Netdev, David S. Miller, Jakub Kicinski,
Paolo Abeni, Trond Myklebust, linux-nfs, Anna Schumaker
On Thu, 21 Apr 2022, Naresh Kamboju wrote:
> On Mon, 18 Apr 2022 at 14:09, Naresh Kamboju <naresh.kamboju@linaro.org> wrote:
> >
> > On Thu, 14 Apr 2022 at 18:45, Greg Kroah-Hartman
> > <gregkh@linuxfoundation.org> wrote:
> > >
> > > This is the start of the stable review cycle for the 4.19.238 release.
> > > There are 338 patches in this series, all will be posted as a response
> > > to this one. If anyone has any issues with these being applied, please
> > > let me know.
> > >
> > > Responses should be made by Sat, 16 Apr 2022 11:07:54 +0000.
> > > Anything received after that time might be too late.
> > >
> > > The whole patch series can be found in one patch at:
> > > https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.19.238-rc1.gz
> > > or in the git tree and branch at:
> > > git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.19.y
> > > and the diffstat can be found below.
> > >
> > > thanks,
> > >
> > > greg k-h
> >
> >
> > Following kernel warning noticed on arm64 Juno-r2 while booting
> > stable-rc 4.19.238. Here is the full test log link [1].
> >
> > [ 0.000000] Booting Linux on physical CPU 0x0000000100 [0x410fd033]
> > [ 0.000000] Linux version 4.19.238 (tuxmake@tuxmake) (gcc version
> > 11.2.0 (Debian 11.2.0-18)) #1 SMP PREEMPT @1650206156
> > [ 0.000000] Machine model: ARM Juno development board (r2)
> > <trim>
> > [ 18.499895] ================================
> > [ 18.504172] WARNING: inconsistent lock state
> > [ 18.508451] 4.19.238 #1 Not tainted
> > [ 18.511944] --------------------------------
> > [ 18.516222] inconsistent {IN-SOFTIRQ-W} -> {SOFTIRQ-ON-W} usage.
> > [ 18.522242] kworker/u12:3/60 [HC0[0]:SC0[0]:HE1:SE1] takes:
> > [ 18.527826] (____ptrval____)
> > (&(&xprt->transport_lock)->rlock){+.?.}, at: xprt_destroy+0x70/0xe0
> > [ 18.536648] {IN-SOFTIRQ-W} state was registered at:
> > [ 18.541543] lock_acquire+0xc8/0x23c
Prior to Linux 5.3, ->transport_lock needs spin_lock_bh() and
spin_unlock_bh().
Thanks,
NeilBrown
^ permalink raw reply [flat|nested] 364+ messages in thread
* Re: [PATCH 4.19 000/338] 4.19.238-rc1 review
2022-04-26 2:29 ` NeilBrown
@ 2022-12-16 18:31 ` Michael Trimarchi
2022-12-16 21:24 ` Trond Myklebust
0 siblings, 1 reply; 364+ messages in thread
From: Michael Trimarchi @ 2022-12-16 18:31 UTC (permalink / raw)
To: NeilBrown
Cc: Naresh Kamboju, Greg Kroah-Hartman, linux-kernel, stable,
torvalds, akpm, linux, shuah, patches, lkft-triage, pavel,
jonathanh, f.fainelli, sudipm.mukherjee, slade, Netdev,
David S. Miller, Jakub Kicinski, Paolo Abeni, Trond Myklebust,
linux-nfs, Anna Schumaker
Hi Neil
On Tue, Apr 26, 2022 at 12:29:55PM +1000, NeilBrown wrote:
> On Thu, 21 Apr 2022, Naresh Kamboju wrote:
> > On Mon, 18 Apr 2022 at 14:09, Naresh Kamboju <naresh.kamboju@linaro.org> wrote:
> > >
> > > On Thu, 14 Apr 2022 at 18:45, Greg Kroah-Hartman
> > > <gregkh@linuxfoundation.org> wrote:
> > > >
> > > > This is the start of the stable review cycle for the 4.19.238 release.
> > > > There are 338 patches in this series, all will be posted as a response
> > > > to this one. If anyone has any issues with these being applied, please
> > > > let me know.
> > > >
> > > > Responses should be made by Sat, 16 Apr 2022 11:07:54 +0000.
> > > > Anything received after that time might be too late.
> > > >
> > > > The whole patch series can be found in one patch at:
> > > > https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.19.238-rc1.gz
> > > > or in the git tree and branch at:
> > > > git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.19.y
> > > > and the diffstat can be found below.
> > > >
> > > > thanks,
> > > >
> > > > greg k-h
> > >
> > >
> > > Following kernel warning noticed on arm64 Juno-r2 while booting
> > > stable-rc 4.19.238. Here is the full test log link [1].
> > >
> > > [ 0.000000] Booting Linux on physical CPU 0x0000000100 [0x410fd033]
> > > [ 0.000000] Linux version 4.19.238 (tuxmake@tuxmake) (gcc version
> > > 11.2.0 (Debian 11.2.0-18)) #1 SMP PREEMPT @1650206156
> > > [ 0.000000] Machine model: ARM Juno development board (r2)
> > > <trim>
> > > [ 18.499895] ================================
> > > [ 18.504172] WARNING: inconsistent lock state
> > > [ 18.508451] 4.19.238 #1 Not tainted
> > > [ 18.511944] --------------------------------
> > > [ 18.516222] inconsistent {IN-SOFTIRQ-W} -> {SOFTIRQ-ON-W} usage.
> > > [ 18.522242] kworker/u12:3/60 [HC0[0]:SC0[0]:HE1:SE1] takes:
> > > [ 18.527826] (____ptrval____)
> > > (&(&xprt->transport_lock)->rlock){+.?.}, at: xprt_destroy+0x70/0xe0
> > > [ 18.536648] {IN-SOFTIRQ-W} state was registered at:
> > > [ 18.541543] lock_acquire+0xc8/0x23c
>
> Prior to Linux 5.3, ->transport_lock needs spin_lock_bh() and
> spin_unlock_bh().
>
We get the same deadlock or similar one and we think that
can be connected to this thread on 4.19.243. For us is a bit
difficult to hit but we are going to apply this change
net: sunrpc: Fix deadlock in xprt_destroy
Prior to Linux 5.3, ->transport_lock needs spin_lock_bh() and
spin_unlock_bh().
Signed-off-by: Michael Trimarchi <michael@amarulasolutions.com>
---
net/sunrpc/xprt.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/net/sunrpc/xprt.c b/net/sunrpc/xprt.c
index d05fa7c36d00..b1abf4848bbc 100644
--- a/net/sunrpc/xprt.c
+++ b/net/sunrpc/xprt.c
@@ -1550,9 +1550,9 @@ static void xprt_destroy(struct rpc_xprt *xprt)
* is cleared. We use ->transport_lock to ensure the mod_timer()
* can only run *before* del_time_sync(), never after.
*/
- spin_lock(&xprt->transport_lock);
+ spin_lock_bh(&xprt->transport_lock);
del_timer_sync(&xprt->timer);
- spin_unlock(&xprt->transport_lock);
+ spin_unlock_bh(&xprt->transport_lock);
/*
* Destroy sockets etc from the system workqueue so they can
--
2.37.2
> Thanks,
> NeilBrown
>
Thank you
^ permalink raw reply related [flat|nested] 364+ messages in thread
* Re: [PATCH 4.19 000/338] 4.19.238-rc1 review
2022-12-16 18:31 ` Michael Trimarchi
@ 2022-12-16 21:24 ` Trond Myklebust
2022-12-17 9:01 ` Michael Nazzareno Trimarchi
0 siblings, 1 reply; 364+ messages in thread
From: Trond Myklebust @ 2022-12-16 21:24 UTC (permalink / raw)
To: Michael Trimarchi
Cc: Neil Brown, Naresh Kamboju, Greg Kroah-Hartman,
Linux Kernel Mailing List, stable, Linus Torvalds, Andrew Morton,
linux, shuah, patches, lkft-triage, pavel, jonathanh, f.fainelli,
sudipm.mukherjee, slade, Netdev, David S. Miller, Jakub Kicinski,
Paolo Abeni, Trond Myklebust, linux-nfs, Anna Schumaker
> On Dec 16, 2022, at 13:31, Michael Trimarchi <michael@amarulasolutions.com> wrote:
>
> [You don't often get email from michael@amarulasolutions.com. Learn why this is important at https://aka.ms/LearnAboutSenderIdentification ]
>
> Hi Neil
>
> On Tue, Apr 26, 2022 at 12:29:55PM +1000, NeilBrown wrote:
>> On Thu, 21 Apr 2022, Naresh Kamboju wrote:
>>> On Mon, 18 Apr 2022 at 14:09, Naresh Kamboju <naresh.kamboju@linaro.org> wrote:
>>>>
>>>> On Thu, 14 Apr 2022 at 18:45, Greg Kroah-Hartman
>>>> <gregkh@linuxfoundation.org> wrote:
>>>>>
>>>>> This is the start of the stable review cycle for the 4.19.238 release.
>>>>> There are 338 patches in this series, all will be posted as a response
>>>>> to this one. If anyone has any issues with these being applied, please
>>>>> let me know.
>>>>>
>>>>> Responses should be made by Sat, 16 Apr 2022 11:07:54 +0000.
>>>>> Anything received after that time might be too late.
>>>>>
>>>>> The whole patch series can be found in one patch at:
>>>>> https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.19.238-rc1.gz
>>>>> or in the git tree and branch at:
>>>>> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.19.y
>>>>> and the diffstat can be found below.
>>>>>
>>>>> thanks,
>>>>>
>>>>> greg k-h
>>>>
>>>>
>>>> Following kernel warning noticed on arm64 Juno-r2 while booting
>>>> stable-rc 4.19.238. Here is the full test log link [1].
>>>>
>>>> [ 0.000000] Booting Linux on physical CPU 0x0000000100 [0x410fd033]
>>>> [ 0.000000] Linux version 4.19.238 (tuxmake@tuxmake) (gcc version
>>>> 11.2.0 (Debian 11.2.0-18)) #1 SMP PREEMPT @1650206156
>>>> [ 0.000000] Machine model: ARM Juno development board (r2)
>>>> <trim>
>>>> [ 18.499895] ================================
>>>> [ 18.504172] WARNING: inconsistent lock state
>>>> [ 18.508451] 4.19.238 #1 Not tainted
>>>> [ 18.511944] --------------------------------
>>>> [ 18.516222] inconsistent {IN-SOFTIRQ-W} -> {SOFTIRQ-ON-W} usage.
>>>> [ 18.522242] kworker/u12:3/60 [HC0[0]:SC0[0]:HE1:SE1] takes:
>>>> [ 18.527826] (____ptrval____)
>>>> (&(&xprt->transport_lock)->rlock){+.?.}, at: xprt_destroy+0x70/0xe0
>>>> [ 18.536648] {IN-SOFTIRQ-W} state was registered at:
>>>> [ 18.541543] lock_acquire+0xc8/0x23c
>>
>> Prior to Linux 5.3, ->transport_lock needs spin_lock_bh() and
>> spin_unlock_bh().
>>
>
> We get the same deadlock or similar one and we think that
> can be connected to this thread on 4.19.243. For us is a bit
> difficult to hit but we are going to apply this change
>
> net: sunrpc: Fix deadlock in xprt_destroy
>
> Prior to Linux 5.3, ->transport_lock needs spin_lock_bh() and
> spin_unlock_bh().
>
> Signed-off-by: Michael Trimarchi <michael@amarulasolutions.com>
> ---
> net/sunrpc/xprt.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/net/sunrpc/xprt.c b/net/sunrpc/xprt.c
> index d05fa7c36d00..b1abf4848bbc 100644
> --- a/net/sunrpc/xprt.c
> +++ b/net/sunrpc/xprt.c
> @@ -1550,9 +1550,9 @@ static void xprt_destroy(struct rpc_xprt *xprt)
> * is cleared. We use ->transport_lock to ensure the mod_timer()
> * can only run *before* del_time_sync(), never after.
> */
> - spin_lock(&xprt->transport_lock);
> + spin_lock_bh(&xprt->transport_lock);
> del_timer_sync(&xprt->timer);
> - spin_unlock(&xprt->transport_lock);
> + spin_unlock_bh(&xprt->transport_lock);
>
> /*
> * Destroy sockets etc from the system workqueue so they can
> —
Agreed. When backporting to kernels that are older than 5.3.x, the transport lock needs to be taken using the bh-safe spin lock variants.
Reviewed-by: Trond Myklebust <trond.myklebust@hammerspace.com <mailto:trond.myklebust@hammerspace.com>>
_________________________________
Trond Myklebust
Linux NFS client maintainer, Hammerspace
trond.myklebust@hammerspace.com
^ permalink raw reply [flat|nested] 364+ messages in thread
* Re: [PATCH 4.19 000/338] 4.19.238-rc1 review
2022-12-16 21:24 ` Trond Myklebust
@ 2022-12-17 9:01 ` Michael Nazzareno Trimarchi
0 siblings, 0 replies; 364+ messages in thread
From: Michael Nazzareno Trimarchi @ 2022-12-17 9:01 UTC (permalink / raw)
To: Trond Myklebust
Cc: Neil Brown, Naresh Kamboju, Greg Kroah-Hartman,
Linux Kernel Mailing List, stable, Linus Torvalds, Andrew Morton,
linux, shuah, patches, lkft-triage, pavel, jonathanh, f.fainelli,
sudipm.mukherjee, slade, Netdev, David S. Miller, Jakub Kicinski,
Paolo Abeni, linux-nfs, Anna Schumaker
Hi
On Fri, Dec 16, 2022 at 10:25 PM Trond Myklebust
<trondmy@hammerspace.com> wrote:
>
>
>
> > On Dec 16, 2022, at 13:31, Michael Trimarchi <michael@amarulasolutions.com> wrote:
> >
> > [You don't often get email from michael@amarulasolutions.com. Learn why this is important at https://aka.ms/LearnAboutSenderIdentification ]
> >
> > Hi Neil
> >
> > On Tue, Apr 26, 2022 at 12:29:55PM +1000, NeilBrown wrote:
> >> On Thu, 21 Apr 2022, Naresh Kamboju wrote:
> >>> On Mon, 18 Apr 2022 at 14:09, Naresh Kamboju <naresh.kamboju@linaro.org> wrote:
> >>>>
> >>>> On Thu, 14 Apr 2022 at 18:45, Greg Kroah-Hartman
> >>>> <gregkh@linuxfoundation.org> wrote:
> >>>>>
> >>>>> This is the start of the stable review cycle for the 4.19.238 release.
> >>>>> There are 338 patches in this series, all will be posted as a response
> >>>>> to this one. If anyone has any issues with these being applied, please
> >>>>> let me know.
> >>>>>
> >>>>> Responses should be made by Sat, 16 Apr 2022 11:07:54 +0000.
> >>>>> Anything received after that time might be too late.
> >>>>>
> >>>>> The whole patch series can be found in one patch at:
> >>>>> https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.19.238-rc1.gz
> >>>>> or in the git tree and branch at:
> >>>>> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.19.y
> >>>>> and the diffstat can be found below.
> >>>>>
> >>>>> thanks,
> >>>>>
> >>>>> greg k-h
> >>>>
> >>>>
> >>>> Following kernel warning noticed on arm64 Juno-r2 while booting
> >>>> stable-rc 4.19.238. Here is the full test log link [1].
> >>>>
> >>>> [ 0.000000] Booting Linux on physical CPU 0x0000000100 [0x410fd033]
> >>>> [ 0.000000] Linux version 4.19.238 (tuxmake@tuxmake) (gcc version
> >>>> 11.2.0 (Debian 11.2.0-18)) #1 SMP PREEMPT @1650206156
> >>>> [ 0.000000] Machine model: ARM Juno development board (r2)
> >>>> <trim>
> >>>> [ 18.499895] ================================
> >>>> [ 18.504172] WARNING: inconsistent lock state
> >>>> [ 18.508451] 4.19.238 #1 Not tainted
> >>>> [ 18.511944] --------------------------------
> >>>> [ 18.516222] inconsistent {IN-SOFTIRQ-W} -> {SOFTIRQ-ON-W} usage.
> >>>> [ 18.522242] kworker/u12:3/60 [HC0[0]:SC0[0]:HE1:SE1] takes:
> >>>> [ 18.527826] (____ptrval____)
> >>>> (&(&xprt->transport_lock)->rlock){+.?.}, at: xprt_destroy+0x70/0xe0
> >>>> [ 18.536648] {IN-SOFTIRQ-W} state was registered at:
> >>>> [ 18.541543] lock_acquire+0xc8/0x23c
> >>
> >> Prior to Linux 5.3, ->transport_lock needs spin_lock_bh() and
> >> spin_unlock_bh().
> >>
> >
> > We get the same deadlock or similar one and we think that
> > can be connected to this thread on 4.19.243. For us is a bit
> > difficult to hit but we are going to apply this change
> >
> > net: sunrpc: Fix deadlock in xprt_destroy
> >
> > Prior to Linux 5.3, ->transport_lock needs spin_lock_bh() and
> > spin_unlock_bh().
> >
> > Signed-off-by: Michael Trimarchi <michael@amarulasolutions.com>
> > ---
> > net/sunrpc/xprt.c | 4 ++--
> > 1 file changed, 2 insertions(+), 2 deletions(-)
> >
> > diff --git a/net/sunrpc/xprt.c b/net/sunrpc/xprt.c
> > index d05fa7c36d00..b1abf4848bbc 100644
> > --- a/net/sunrpc/xprt.c
> > +++ b/net/sunrpc/xprt.c
> > @@ -1550,9 +1550,9 @@ static void xprt_destroy(struct rpc_xprt *xprt)
> > * is cleared. We use ->transport_lock to ensure the mod_timer()
> > * can only run *before* del_time_sync(), never after.
> > */
> > - spin_lock(&xprt->transport_lock);
> > + spin_lock_bh(&xprt->transport_lock);
> > del_timer_sync(&xprt->timer);
> > - spin_unlock(&xprt->transport_lock);
> > + spin_unlock_bh(&xprt->transport_lock);
> >
> > /*
> > * Destroy sockets etc from the system workqueue so they can
> > —
>
> Agreed. When backporting to kernels that are older than 5.3.x, the transport lock needs to be taken using the bh-safe spin lock variants.
>
> Reviewed-by: Trond Myklebust <trond.myklebust@hammerspace.com <mailto:trond.myklebust@hammerspace.com>>
>
Seems already applied, but for some reason I miss it. I will re-align
to stable again
Michael
> _________________________________
> Trond Myklebust
> Linux NFS client maintainer, Hammerspace
> trond.myklebust@hammerspace.com
>
--
Michael Nazzareno Trimarchi
Co-Founder & Chief Executive Officer
M. +39 347 913 2170
michael@amarulasolutions.com
__________________________________
Amarula Solutions BV
Joop Geesinkweg 125, 1114 AB, Amsterdam, NL
T. +31 (0)85 111 9172
info@amarulasolutions.com
www.amarulasolutions.com
^ permalink raw reply [flat|nested] 364+ messages in thread
end of thread, other threads:[~2022-12-17 9:01 UTC | newest]
Thread overview: 364+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-04-14 13:08 [PATCH 4.19 000/338] 4.19.238-rc1 review Greg Kroah-Hartman
2022-04-14 13:08 ` [PATCH 4.19 001/338] USB: serial: pl2303: add IBM device IDs Greg Kroah-Hartman
2022-04-14 13:08 ` [PATCH 4.19 002/338] USB: serial: simple: add Nokia phone driver Greg Kroah-Hartman
2022-04-14 13:08 ` [PATCH 4.19 003/338] hv: utils: add PTP_1588_CLOCK to Kconfig to fix build Greg Kroah-Hartman
2022-04-14 16:02 ` Randy Dunlap
2022-04-14 13:08 ` [PATCH 4.19 004/338] netdevice: add the case if dev is NULL Greg Kroah-Hartman
2022-04-14 13:08 ` [PATCH 4.19 005/338] xfrm: fix tunnel model fragmentation behavior Greg Kroah-Hartman
2022-04-14 13:08 ` [PATCH 4.19 006/338] virtio_console: break out of buf poll on remove Greg Kroah-Hartman
2022-04-14 13:08 ` [PATCH 4.19 007/338] ethernet: sun: Free the coherent when failing in probing Greg Kroah-Hartman
2022-04-14 13:08 ` [PATCH 4.19 008/338] spi: Fix invalid sgs value Greg Kroah-Hartman
2022-04-14 13:08 ` [PATCH 4.19 009/338] net:mcf8390: Use platform_get_irq() to get the interrupt Greg Kroah-Hartman
2022-04-14 13:08 ` [PATCH 4.19 010/338] spi: Fix erroneous sgs value with min_t() Greg Kroah-Hartman
2022-04-14 13:08 ` [PATCH 4.19 011/338] af_key: add __GFP_ZERO flag for compose_sadb_supported in function pfkey_register Greg Kroah-Hartman
2022-04-14 13:08 ` [PATCH 4.19 012/338] fuse: fix pipe buffer lifetime for direct_io Greg Kroah-Hartman
2022-04-14 13:08 ` [PATCH 4.19 013/338] tpm: fix reference counting for struct tpm_chip Greg Kroah-Hartman
2022-04-14 13:08 ` [PATCH 4.19 014/338] block: Add a helper to validate the block size Greg Kroah-Hartman
2022-04-14 13:08 ` [PATCH 4.19 015/338] virtio-blk: Use blk_validate_block_size() to validate " Greg Kroah-Hartman
2022-04-14 13:08 ` [PATCH 4.19 016/338] USB: usb-storage: Fix use of bitfields for hardware data in ene_ub6250.c Greg Kroah-Hartman
2022-04-14 13:08 ` [PATCH 4.19 017/338] xhci: make xhci_handshake timeout for xhci_reset() adjustable Greg Kroah-Hartman
2022-04-14 13:08 ` [PATCH 4.19 018/338] coresight: Fix TRCCONFIGR.QE sysfs interface Greg Kroah-Hartman
2022-04-14 13:08 ` [PATCH 4.19 019/338] iio: afe: rescale: use s64 for temporary scale calculations Greg Kroah-Hartman
2022-04-14 13:08 ` [PATCH 4.19 020/338] iio: inkern: apply consumer scale on IIO_VAL_INT cases Greg Kroah-Hartman
2022-04-14 13:08 ` [PATCH 4.19 021/338] iio: inkern: apply consumer scale when no channel scale is available Greg Kroah-Hartman
2022-04-14 13:08 ` [PATCH 4.19 022/338] iio: inkern: make a best effort on offset calculation Greg Kroah-Hartman
2022-04-14 13:08 ` [PATCH 4.19 023/338] clk: uniphier: Fix fixed-rate initialization Greg Kroah-Hartman
2022-04-14 13:08 ` [PATCH 4.19 024/338] ptrace: Check PTRACE_O_SUSPEND_SECCOMP permission on PTRACE_SEIZE Greg Kroah-Hartman
2022-04-14 13:08 ` [PATCH 4.19 025/338] Documentation: add link to stable release candidate tree Greg Kroah-Hartman
2022-04-14 13:08 ` [PATCH 4.19 026/338] Documentation: update stable tree link Greg Kroah-Hartman
2022-04-14 13:08 ` [PATCH 4.19 027/338] SUNRPC: avoid race between mod_timer() and del_timer_sync() Greg Kroah-Hartman
2022-04-14 13:08 ` [PATCH 4.19 028/338] NFSD: prevent underflow in nfssvc_decode_writeargs() Greg Kroah-Hartman
2022-04-14 13:08 ` [PATCH 4.19 029/338] NFSD: prevent integer overflow on 32 bit systems Greg Kroah-Hartman
2022-04-14 13:08 ` [PATCH 4.19 030/338] f2fs: fix to unlock page correctly in error path of is_alive() Greg Kroah-Hartman
2022-04-14 13:08 ` [PATCH 4.19 031/338] pinctrl: samsung: drop pin banks references on error paths Greg Kroah-Hartman
2022-04-14 13:08 ` [PATCH 4.19 032/338] can: ems_usb: ems_usb_start_xmit(): fix double dev_kfree_skb() in error path Greg Kroah-Hartman
2022-04-14 13:08 ` [PATCH 4.19 033/338] jffs2: fix use-after-free in jffs2_clear_xattr_subsystem Greg Kroah-Hartman
2022-04-14 13:08 ` [PATCH 4.19 034/338] jffs2: fix memory leak in jffs2_do_mount_fs Greg Kroah-Hartman
2022-04-14 13:08 ` [PATCH 4.19 035/338] jffs2: fix memory leak in jffs2_scan_medium Greg Kroah-Hartman
2022-04-14 13:08 ` [PATCH 4.19 036/338] mm/pages_alloc.c: dont create ZONE_MOVABLE beyond the end of a node Greg Kroah-Hartman
2022-04-14 13:09 ` [PATCH 4.19 037/338] mm: invalidate hwpoison page cache page in fault path Greg Kroah-Hartman
2022-04-14 13:09 ` [PATCH 4.19 038/338] mempolicy: mbind_range() set_policy() after vma_merge() Greg Kroah-Hartman
2022-04-14 13:09 ` [PATCH 4.19 039/338] scsi: libsas: Fix sas_ata_qc_issue() handling of NCQ NON DATA commands Greg Kroah-Hartman
2022-04-14 13:09 ` [PATCH 4.19 040/338] qed: display VF trust config Greg Kroah-Hartman
2022-04-14 13:09 ` [PATCH 4.19 041/338] qed: validate and restrict untrusted VFs vlan promisc mode Greg Kroah-Hartman
2022-04-14 13:09 ` [PATCH 4.19 042/338] Revert "Input: clear BTN_RIGHT/MIDDLE on buttonpads" Greg Kroah-Hartman
2022-04-14 13:09 ` [PATCH 4.19 043/338] ALSA: cs4236: fix an incorrect NULL check on list iterator Greg Kroah-Hartman
2022-04-14 13:09 ` [PATCH 4.19 044/338] ALSA: hda/realtek: Fix audio regression on Mi Notebook Pro 2020 Greg Kroah-Hartman
2022-04-14 13:09 ` [PATCH 4.19 045/338] mm,hwpoison: unmap poisoned page before invalidation Greg Kroah-Hartman
2022-04-14 13:09 ` [PATCH 4.19 046/338] drbd: fix potential silent data corruption Greg Kroah-Hartman
2022-04-14 13:09 ` [PATCH 4.19 047/338] powerpc/kvm: Fix kvm_use_magic_page Greg Kroah-Hartman
2022-04-14 13:09 ` [PATCH 4.19 048/338] ACPI: properties: Consistently return -ENOENT if there are no more references Greg Kroah-Hartman
2022-04-14 13:09 ` [PATCH 4.19 049/338] drivers: hamradio: 6pack: fix UAF bug caused by mod_timer() Greg Kroah-Hartman
2022-04-14 13:09 ` [PATCH 4.19 050/338] block: dont merge across cgroup boundaries if blkcg is enabled Greg Kroah-Hartman
2022-04-14 13:09 ` [Intel-gfx] [PATCH 4.19 051/338] drm/edid: check basic audio support on CEA extension block Greg Kroah-Hartman
2022-04-14 13:09 ` Greg Kroah-Hartman
2022-04-14 13:09 ` [PATCH 4.19 052/338] video: fbdev: sm712fb: Fix crash in smtcfb_read() Greg Kroah-Hartman
2022-04-14 13:09 ` [PATCH 4.19 053/338] video: fbdev: atari: Atari 2 bpp (STe) palette bugfix Greg Kroah-Hartman
2022-04-14 13:09 ` [PATCH 4.19 054/338] ARM: dts: at91: sama5d2: Fix PMERRLOC resource size Greg Kroah-Hartman
2022-04-14 13:09 ` [PATCH 4.19 055/338] ARM: dts: exynos: fix UART3 pins configuration in Exynos5250 Greg Kroah-Hartman
2022-04-14 13:09 ` [PATCH 4.19 056/338] ARM: dts: exynos: add missing HDMI supplies on SMDK5250 Greg Kroah-Hartman
2022-04-14 13:09 ` [PATCH 4.19 057/338] ARM: dts: exynos: add missing HDMI supplies on SMDK5420 Greg Kroah-Hartman
2022-04-14 13:09 ` [PATCH 4.19 058/338] carl9170: fix missing bit-wise or operator for tx_params Greg Kroah-Hartman
2022-04-14 13:09 ` [PATCH 4.19 059/338] thermal: int340x: Increase bitmap size Greg Kroah-Hartman
2022-04-14 13:09 ` [PATCH 4.19 060/338] lib/raid6/test: fix multiple definition linking error Greg Kroah-Hartman
2022-04-14 13:09 ` [PATCH 4.19 061/338] DEC: Limit PMAX memory probing to R3k systems Greg Kroah-Hartman
2022-04-14 13:09 ` [PATCH 4.19 062/338] media: davinci: vpif: fix unbalanced runtime PM get Greg Kroah-Hartman
2022-04-14 13:09 ` [PATCH 4.19 063/338] brcmfmac: firmware: Allocate space for default boardrev in nvram Greg Kroah-Hartman
2022-04-14 13:09 ` [PATCH 4.19 064/338] brcmfmac: pcie: Replace brcmf_pcie_copy_mem_todev with memcpy_toio Greg Kroah-Hartman
2022-04-14 13:09 ` [PATCH 4.19 065/338] PCI: pciehp: Clear cmd_busy bit in polling mode Greg Kroah-Hartman
2022-04-14 13:09 ` [PATCH 4.19 066/338] regulator: qcom_smd: fix for_each_child.cocci warnings Greg Kroah-Hartman
2022-04-14 13:09 ` [PATCH 4.19 067/338] crypto: authenc - Fix sleep in atomic context in decrypt_tail Greg Kroah-Hartman
2022-04-14 13:09 ` [PATCH 4.19 068/338] crypto: mxs-dcp - Fix scatterlist processing Greg Kroah-Hartman
2022-04-14 13:09 ` [PATCH 4.19 069/338] spi: tegra114: Add missing IRQ check in tegra_spi_probe Greg Kroah-Hartman
2022-04-14 13:09 ` [PATCH 4.19 070/338] selftests/x86: Add validity check and allow field splitting Greg Kroah-Hartman
2022-04-14 13:09 ` [PATCH 4.19 071/338] spi: pxa2xx-pci: Balance reference count for PCI DMA device Greg Kroah-Hartman
2022-04-14 13:09 ` [PATCH 4.19 072/338] hwmon: (pmbus) Add mutex to regulator ops Greg Kroah-Hartman
2022-04-14 13:09 ` [PATCH 4.19 073/338] hwmon: (sch56xx-common) Replace WDOG_ACTIVE with WDOG_HW_RUNNING Greg Kroah-Hartman
2022-04-14 13:09 ` [PATCH 4.19 074/338] block: dont delete queue kobject before its children Greg Kroah-Hartman
2022-04-14 13:09 ` [PATCH 4.19 075/338] PM: hibernate: fix __setup handler error handling Greg Kroah-Hartman
2022-04-14 13:09 ` [PATCH 4.19 076/338] PM: suspend: fix return value of __setup handler Greg Kroah-Hartman
2022-04-14 13:09 ` [PATCH 4.19 077/338] hwrng: atmel - disable trng on failure path Greg Kroah-Hartman
2022-04-14 13:09 ` [PATCH 4.19 078/338] crypto: vmx - add missing dependencies Greg Kroah-Hartman
2022-04-14 13:09 ` [PATCH 4.19 079/338] clocksource/drivers/timer-of: Check return value of of_iomap in timer_of_base_init() Greg Kroah-Hartman
2022-04-14 13:09 ` [PATCH 4.19 080/338] ACPI: APEI: fix return value of __setup handlers Greg Kroah-Hartman
2022-04-14 13:09 ` [PATCH 4.19 081/338] crypto: ccp - ccp_dmaengine_unregister release dma channels Greg Kroah-Hartman
2022-04-14 13:09 ` [PATCH 4.19 082/338] hwmon: (pmbus) Add Vin unit off handling Greg Kroah-Hartman
2022-04-14 13:09 ` [PATCH 4.19 083/338] clocksource: acpi_pm: fix return value of __setup handler Greg Kroah-Hartman
2022-04-14 13:09 ` [PATCH 4.19 084/338] sched/debug: Remove mpol_get/put and task_lock/unlock from sched_show_numa Greg Kroah-Hartman
2022-04-14 13:09 ` [PATCH 4.19 085/338] perf/core: Fix address filter parser for multiple filters Greg Kroah-Hartman
2022-04-14 13:09 ` [PATCH 4.19 086/338] perf/x86/intel/pt: Fix address filter config for 32-bit kernel Greg Kroah-Hartman
2022-04-14 13:09 ` [PATCH 4.19 087/338] media: coda: Fix missing put_device() call in coda_get_vdoa_data Greg Kroah-Hartman
2022-04-14 13:09 ` [PATCH 4.19 088/338] video: fbdev: smscufx: Fix null-ptr-deref in ufx_usb_probe() Greg Kroah-Hartman
2022-04-14 13:09 ` [PATCH 4.19 089/338] video: fbdev: fbcvt.c: fix printing in fb_cvt_print_name() Greg Kroah-Hartman
2022-04-14 13:09 ` [PATCH 4.19 090/338] ARM: dts: qcom: ipq4019: fix sleep clock Greg Kroah-Hartman
2022-04-14 13:09 ` [PATCH 4.19 091/338] soc: ti: wkup_m3_ipc: Fix IRQ check in wkup_m3_ipc_probe Greg Kroah-Hartman
2022-04-14 13:09 ` [PATCH 4.19 092/338] media: em28xx: initialize refcount before kref_get Greg Kroah-Hartman
2022-04-14 13:09 ` [PATCH 4.19 093/338] media: usb: go7007: s2250-board: fix leak in probe() Greg Kroah-Hartman
2022-04-14 13:09 ` [PATCH 4.19 094/338] ASoC: rt5663: check the return value of devm_kzalloc() in rt5663_parse_dp() Greg Kroah-Hartman
2022-04-14 13:09 ` [PATCH 4.19 095/338] ASoC: ti: davinci-i2s: Add check for clk_enable() Greg Kroah-Hartman
2022-04-14 13:09 ` [PATCH 4.19 096/338] ALSA: spi: " Greg Kroah-Hartman
2022-04-14 13:10 ` [PATCH 4.19 097/338] arm64: dts: ns2: Fix spi-cpol and spi-cpha property Greg Kroah-Hartman
2022-04-14 13:10 ` [PATCH 4.19 098/338] arm64: dts: broadcom: Fix sata nodename Greg Kroah-Hartman
2022-04-14 13:10 ` [PATCH 4.19 099/338] printk: fix return value of printk.devkmsg __setup handler Greg Kroah-Hartman
2022-04-14 13:10 ` [PATCH 4.19 100/338] ASoC: mxs-saif: Handle errors for clk_enable Greg Kroah-Hartman
2022-04-14 13:10 ` [PATCH 4.19 101/338] ASoC: atmel_ssc_dai: " Greg Kroah-Hartman
2022-04-14 13:10 ` [PATCH 4.19 102/338] memory: emif: Add check for setup_interrupts Greg Kroah-Hartman
2022-04-14 13:10 ` [PATCH 4.19 103/338] memory: emif: check the pointer temp in get_device_details() Greg Kroah-Hartman
2022-04-14 13:10 ` [PATCH 4.19 104/338] ALSA: firewire-lib: fix uninitialized flag for AV/C deferred transaction Greg Kroah-Hartman
2022-04-14 13:10 ` [PATCH 4.19 105/338] media: stk1160: If start stream fails, return buffers with VB2_BUF_STATE_QUEUED Greg Kroah-Hartman
2022-04-14 13:10 ` [PATCH 4.19 106/338] ASoC: atmel: Add missing of_node_put() in at91sam9g20ek_audio_probe Greg Kroah-Hartman
2022-04-14 13:10 ` [PATCH 4.19 107/338] ASoC: wm8350: Handle error for wm8350_register_irq Greg Kroah-Hartman
2022-04-14 13:10 ` [PATCH 4.19 108/338] ASoC: fsi: Add check for clk_enable Greg Kroah-Hartman
2022-04-14 13:10 ` [PATCH 4.19 109/338] video: fbdev: omapfb: Add missing of_node_put() in dvic_probe_of Greg Kroah-Hartman
2022-04-14 13:10 ` [PATCH 4.19 110/338] ASoC: dmaengine: do not use a NULL prepare_slave_config() callback Greg Kroah-Hartman
2022-04-14 13:10 ` [PATCH 4.19 111/338] ASoC: mxs: Fix error handling in mxs_sgtl5000_probe Greg Kroah-Hartman
2022-04-14 13:10 ` [PATCH 4.19 112/338] ASoC: imx-es8328: Fix error return code in imx_es8328_probe() Greg Kroah-Hartman
2022-04-14 13:10 ` [PATCH 4.19 113/338] ASoC: msm8916-wcd-digital: Fix missing clk_disable_unprepare() in msm8916_wcd_digital_probe Greg Kroah-Hartman
2022-04-14 13:10 ` [PATCH 4.19 114/338] mmc: davinci_mmc: Handle error for clk_enable Greg Kroah-Hartman
2022-04-14 13:10 ` [PATCH 4.19 115/338] drm/bridge: Fix free wrong object in sii8620_init_rcp_input_dev Greg Kroah-Hartman
2022-04-14 13:10 ` [PATCH 4.19 116/338] ath10k: fix memory overwrite of the WoWLAN wakeup packet pattern Greg Kroah-Hartman
2022-04-14 13:10 ` [PATCH 4.19 117/338] Bluetooth: hci_serdev: call init_rwsem() before p->open() Greg Kroah-Hartman
2022-04-14 13:10 ` [PATCH 4.19 118/338] mtd: onenand: Check for error irq Greg Kroah-Hartman
2022-04-14 13:10 ` [PATCH 4.19 119/338] drm/edid: Dont clear formats if using deep color Greg Kroah-Hartman
2022-04-14 13:10 ` [PATCH 4.19 120/338] drm/amd/display: Fix a NULL pointer dereference in amdgpu_dm_connector_add_common_modes() Greg Kroah-Hartman
2022-04-14 13:10 ` [PATCH 4.19 121/338] ath9k_htc: fix uninit value bugs Greg Kroah-Hartman
2022-04-14 13:10 ` [PATCH 4.19 122/338] KVM: PPC: Fix vmx/vsx mixup in mmio emulation Greg Kroah-Hartman
2022-04-14 13:10 ` [PATCH 4.19 123/338] power: reset: gemini-poweroff: Fix IRQ check in gemini_poweroff_probe Greg Kroah-Hartman
2022-04-14 13:10 ` [PATCH 4.19 124/338] ray_cs: Check ioremap return value Greg Kroah-Hartman
2022-04-14 13:10 ` [PATCH 4.19 125/338] power: supply: ab8500: Fix memory leak in ab8500_fg_sysfs_init Greg Kroah-Hartman
2022-04-14 13:10 ` [PATCH 4.19 126/338] HID: i2c-hid: fix GET/SET_REPORT for unnumbered reports Greg Kroah-Hartman
2022-04-14 13:10 ` [PATCH 4.19 127/338] iwlwifi: Fix -EIO error code that is never returned Greg Kroah-Hartman
2022-04-14 13:10 ` [PATCH 4.19 128/338] dm crypt: fix get_key_size compiler warning if !CONFIG_KEYS Greg Kroah-Hartman
2022-04-14 13:10 ` [PATCH 4.19 129/338] scsi: pm8001: Fix command initialization in pm80XX_send_read_log() Greg Kroah-Hartman
2022-04-14 13:10 ` [PATCH 4.19 130/338] scsi: pm8001: Fix command initialization in pm8001_chip_ssp_tm_req() Greg Kroah-Hartman
2022-04-14 13:10 ` [PATCH 4.19 131/338] scsi: pm8001: Fix payload initialization in pm80xx_set_thermal_config() Greg Kroah-Hartman
2022-04-14 13:10 ` [PATCH 4.19 132/338] scsi: pm8001: Fix abort all task initialization Greg Kroah-Hartman
2022-04-14 13:10 ` [PATCH 4.19 133/338] TOMOYO: fix __setup handlers return values Greg Kroah-Hartman
2022-04-14 13:10 ` [PATCH 4.19 134/338] ext2: correct max file size computing Greg Kroah-Hartman
2022-04-14 13:10 ` [PATCH 4.19 135/338] drm/tegra: Fix reference leak in tegra_dsi_ganged_probe Greg Kroah-Hartman
2022-04-14 13:10 ` [PATCH 4.19 136/338] power: supply: bq24190_charger: Fix bq24190_vbus_is_enabled() wrong false return Greg Kroah-Hartman
2022-04-14 13:10 ` [PATCH 4.19 137/338] drm/bridge: cdns-dsi: Make sure to to create proper aliases for dt Greg Kroah-Hartman
2022-04-14 13:10 ` [PATCH 4.19 138/338] powerpc/Makefile: Dont pass -mcpu=powerpc64 when building 32-bit Greg Kroah-Hartman
2022-04-14 13:10 ` [PATCH 4.19 139/338] KVM: x86: Fix emulation in writing cr8 Greg Kroah-Hartman
2022-04-14 13:10 ` [PATCH 4.19 140/338] KVM: x86/emulator: Defer not-present segment check in __load_segment_descriptor() Greg Kroah-Hartman
2022-04-14 13:10 ` [PATCH 4.19 141/338] hv_balloon: rate-limit "Unhandled message" warning Greg Kroah-Hartman
2022-04-14 13:10 ` [PATCH 4.19 142/338] i2c: xiic: Make bus names unique Greg Kroah-Hartman
2022-04-14 13:10 ` [PATCH 4.19 143/338] power: supply: wm8350-power: Handle error for wm8350_register_irq Greg Kroah-Hartman
2022-04-14 13:10 ` [PATCH 4.19 144/338] power: supply: wm8350-power: Add missing free in free_charger_irq Greg Kroah-Hartman
2022-04-14 13:10 ` [PATCH 4.19 145/338] PCI: Reduce warnings on possible RW1C corruption Greg Kroah-Hartman
2022-04-14 13:10 ` [PATCH 4.19 146/338] powerpc/sysdev: fix incorrect use to determine if list is empty Greg Kroah-Hartman
2022-04-14 13:10 ` [PATCH 4.19 147/338] mfd: mc13xxx: Add check for mc13xxx_irq_request Greg Kroah-Hartman
2022-04-14 13:10 ` [PATCH 4.19 148/338] vxcan: enable local echo for sent CAN frames Greg Kroah-Hartman
2022-04-14 13:10 ` [PATCH 4.19 149/338] MIPS: RB532: fix return value of __setup handler Greg Kroah-Hartman
2022-04-14 13:10 ` [PATCH 4.19 150/338] mtd: rawnand: atmel: fix refcount issue in atmel_nand_controller_init Greg Kroah-Hartman
2022-04-14 13:10 ` [PATCH 4.19 151/338] USB: storage: ums-realtek: fix error code in rts51x_read_mem() Greg Kroah-Hartman
2022-04-14 13:10 ` [PATCH 4.19 152/338] af_netlink: Fix shift out of bounds in group mask calculation Greg Kroah-Hartman
2022-04-14 13:10 ` [PATCH 4.19 153/338] i2c: mux: demux-pinctrl: do not deactivate a master that is not active Greg Kroah-Hartman
2022-04-14 13:10 ` [PATCH 4.19 154/338] selftests/bpf/test_lirc_mode2.sh: Exit with proper code Greg Kroah-Hartman
2022-04-14 13:10 ` [PATCH 4.19 155/338] net: bcmgenet: Use stronger register read/writes to assure ordering Greg Kroah-Hartman
2022-04-14 15:02 ` Jeremy Linton
2022-04-14 13:10 ` [PATCH 4.19 156/338] tcp: ensure PMTU updates are processed during fastopen Greg Kroah-Hartman
2022-04-14 13:11 ` [PATCH 4.19 157/338] mfd: asic3: Add missing iounmap() on error asic3_mfd_probe Greg Kroah-Hartman
2022-04-14 13:11 ` [PATCH 4.19 158/338] mxser: fix xmit_buf leak in activate when LSR == 0xff Greg Kroah-Hartman
2022-04-14 13:11 ` [PATCH 4.19 159/338] pwm: lpc18xx-sct: Initialize driver data and hardware before pwmchip_add() Greg Kroah-Hartman
2022-04-14 13:11 ` [PATCH 4.19 160/338] staging:iio:adc:ad7280a: Fix handing of device address bit reversing Greg Kroah-Hartman
2022-04-14 13:11 ` [PATCH 4.19 161/338] clk: qcom: ipq8074: Use floor ops for SDCC1 clock Greg Kroah-Hartman
2022-04-14 13:11 ` [PATCH 4.19 162/338] serial: 8250_mid: Balance reference count for PCI DMA device Greg Kroah-Hartman
2022-04-14 13:11 ` [PATCH 4.19 163/338] serial: 8250: Fix race condition in RTS-after-send handling Greg Kroah-Hartman
2022-04-14 13:11 ` [PATCH 4.19 164/338] iio: adc: Add check for devm_request_threaded_irq Greg Kroah-Hartman
2022-04-14 13:11 ` [PATCH 4.19 165/338] dma-debug: fix return value of __setup handlers Greg Kroah-Hartman
2022-04-14 13:11 ` Greg Kroah-Hartman
2022-04-14 13:11 ` [PATCH 4.19 166/338] clk: qcom: clk-rcg2: Update the frac table for pixel clock Greg Kroah-Hartman
2022-04-14 13:11 ` [PATCH 4.19 167/338] remoteproc: qcom_wcnss: Add missing of_node_put() in wcnss_alloc_memory_region Greg Kroah-Hartman
2022-04-14 13:11 ` [PATCH 4.19 168/338] clk: actions: Terminate clk_div_table with sentinel element Greg Kroah-Hartman
2022-04-14 13:11 ` [PATCH 4.19 169/338] clk: loongson1: " Greg Kroah-Hartman
2022-04-14 13:11 ` [PATCH 4.19 170/338] clk: clps711x: " Greg Kroah-Hartman
2022-04-14 13:11 ` [PATCH 4.19 171/338] clk: tegra: tegra124-emc: Fix missing put_device() call in emc_ensure_emc_driver Greg Kroah-Hartman
2022-04-14 13:11 ` [PATCH 4.19 172/338] NFS: remove unneeded check in decode_devicenotify_args() Greg Kroah-Hartman
2022-04-14 13:11 ` [PATCH 4.19 173/338] pinctrl: mediatek: Fix missing of_node_put() in mtk_pctrl_init Greg Kroah-Hartman
2022-04-14 13:11 ` [PATCH 4.19 174/338] pinctrl: nomadik: Add missing of_node_put() in nmk_pinctrl_probe Greg Kroah-Hartman
2022-04-14 13:11 ` [PATCH 4.19 175/338] pinctrl/rockchip: Add missing of_node_put() in rockchip_pinctrl_probe Greg Kroah-Hartman
2022-04-14 13:11 ` [PATCH 4.19 176/338] tty: hvc: fix return value of __setup handler Greg Kroah-Hartman
2022-04-14 13:11 ` Greg Kroah-Hartman
2022-04-14 13:11 ` [PATCH 4.19 177/338] kgdboc: " Greg Kroah-Hartman
2022-04-14 13:11 ` [PATCH 4.19 178/338] kgdbts: " Greg Kroah-Hartman
2022-04-14 13:11 ` [PATCH 4.19 179/338] jfs: fix divide error in dbNextAG Greg Kroah-Hartman
2022-04-14 13:11 ` [PATCH 4.19 180/338] netfilter: nf_conntrack_tcp: preserve liberal flag in tcp options Greg Kroah-Hartman
2022-04-14 13:11 ` [PATCH 4.19 181/338] clk: qcom: gcc-msm8994: Fix gpll4 width Greg Kroah-Hartman
2022-04-14 13:11 ` [PATCH 4.19 182/338] xen: fix is_xen_pmu() Greg Kroah-Hartman
2022-04-14 13:11 ` [PATCH 4.19 183/338] net: phy: broadcom: Fix brcm_fet_config_init() Greg Kroah-Hartman
2022-04-14 13:11 ` [PATCH 4.19 184/338] qlcnic: dcb: default to returning -EOPNOTSUPP Greg Kroah-Hartman
2022-04-14 13:11 ` [PATCH 4.19 185/338] net/x25: Fix null-ptr-deref caused by x25_disconnect Greg Kroah-Hartman
2022-04-14 13:11 ` [PATCH 4.19 186/338] NFSv4/pNFS: Fix another issue with a list iterator pointing to the head Greg Kroah-Hartman
2022-04-14 13:11 ` [PATCH 4.19 187/338] lib/test: use after free in register_test_dev_kmod() Greg Kroah-Hartman
2022-04-14 13:11 ` [PATCH 4.19 188/338] selinux: use correct type for context length Greg Kroah-Hartman
2022-04-14 13:11 ` [PATCH 4.19 189/338] loop: use sysfs_emit() in the sysfs xxx show() Greg Kroah-Hartman
2022-04-14 13:11 ` [PATCH 4.19 190/338] Fix incorrect type in assignment of ipv6 port for audit Greg Kroah-Hartman
2022-04-14 13:11 ` [PATCH 4.19 191/338] irqchip/qcom-pdc: Fix broken locking Greg Kroah-Hartman
2022-04-14 13:11 ` [PATCH 4.19 192/338] irqchip/nvic: Release nvic_base upon failure Greg Kroah-Hartman
2022-04-14 13:11 ` [PATCH 4.19 193/338] bfq: fix use-after-free in bfq_dispatch_request Greg Kroah-Hartman
2022-04-14 13:11 ` [PATCH 4.19 194/338] ACPICA: Avoid walking the ACPI Namespace if it is not there Greg Kroah-Hartman
2022-04-14 13:11 ` [PATCH 4.19 195/338] lib/raid6/test/Makefile: Use $(pound) instead of \# for Make 4.3 Greg Kroah-Hartman
2022-04-14 13:11 ` [PATCH 4.19 196/338] Revert "Revert "block, bfq: honor already-setup queue merges"" Greg Kroah-Hartman
2022-04-14 13:11 ` [PATCH 4.19 197/338] ACPI/APEI: Limit printable size of BERT table data Greg Kroah-Hartman
2022-04-14 13:11 ` [PATCH 4.19 198/338] PM: core: keep irq flags in device_pm_check_callbacks() Greg Kroah-Hartman
2022-04-14 13:11 ` [PATCH 4.19 199/338] spi: tegra20: Use of_device_get_match_data() Greg Kroah-Hartman
2022-04-14 13:11 ` [PATCH 4.19 200/338] ext4: dont BUG if someone dirty pages without asking ext4 first Greg Kroah-Hartman
2022-04-14 13:25 ` syzbot
2022-04-14 13:11 ` [PATCH 4.19 201/338] ntfs: add sanity check on allocation size Greg Kroah-Hartman
2022-04-14 13:11 ` [PATCH 4.19 202/338] video: fbdev: nvidiafb: Use strscpy() to prevent buffer overflow Greg Kroah-Hartman
2022-04-14 13:11 ` Greg Kroah-Hartman
2022-04-14 13:11 ` [PATCH 4.19 203/338] video: fbdev: w100fb: Reset global state Greg Kroah-Hartman
2022-04-14 13:11 ` [PATCH 4.19 204/338] video: fbdev: cirrusfb: check pixclock to avoid divide by zero Greg Kroah-Hartman
2022-04-14 13:11 ` [PATCH 4.19 205/338] video: fbdev: omapfb: acx565akm: replace snprintf with sysfs_emit Greg Kroah-Hartman
2022-04-14 13:11 ` [PATCH 4.19 206/338] ARM: dts: qcom: fix gic_irq_domain_translate warnings for msm8960 Greg Kroah-Hartman
2022-04-14 13:11 ` [PATCH 4.19 207/338] ARM: dts: bcm2837: Add the missing L1/L2 cache information Greg Kroah-Hartman
2022-04-14 13:11 ` [PATCH 4.19 208/338] ARM: ftrace: avoid redundant loads or clobbering IP Greg Kroah-Hartman
2022-04-14 13:25 ` Ard Biesheuvel
2022-04-14 13:34 ` Greg Kroah-Hartman
2022-04-14 14:13 ` Ard Biesheuvel
2022-04-14 14:20 ` Greg Kroah-Hartman
2022-04-14 14:22 ` Ard Biesheuvel
2022-04-14 13:11 ` [PATCH 4.19 209/338] video: fbdev: omapfb: panel-dsi-cm: Use sysfs_emit() instead of snprintf() Greg Kroah-Hartman
2022-04-14 13:11 ` [PATCH 4.19 210/338] video: fbdev: omapfb: panel-tpo-td043mtea1: " Greg Kroah-Hartman
2022-04-14 13:11 ` [PATCH 4.19 211/338] video: fbdev: udlfb: replace snprintf in show functions with sysfs_emit Greg Kroah-Hartman
2022-04-14 13:11 ` [PATCH 4.19 212/338] ASoC: soc-core: skip zero num_dai component in searching dai name Greg Kroah-Hartman
2022-04-14 13:11 ` [PATCH 4.19 213/338] media: cx88-mpeg: clear interrupt status register before streaming video Greg Kroah-Hartman
2022-04-14 13:11 ` [PATCH 4.19 214/338] ARM: tegra: tamonten: Fix I2C3 pad setting Greg Kroah-Hartman
2022-04-14 13:11 ` [PATCH 4.19 215/338] ARM: mmp: Fix failure to remove sram device Greg Kroah-Hartman
2022-04-14 13:11 ` [PATCH 4.19 216/338] video: fbdev: sm712fb: Fix crash in smtcfb_write() Greg Kroah-Hartman
2022-04-14 13:12 ` [PATCH 4.19 217/338] media: Revert "media: em28xx: add missing em28xx_close_extension" Greg Kroah-Hartman
2022-04-14 13:12 ` [PATCH 4.19 218/338] media: hdpvr: initialize dev->worker at hdpvr_register_videodev Greg Kroah-Hartman
2022-04-14 13:12 ` [PATCH 4.19 219/338] mmc: host: Return an error when ->enable_sdio_irq() ops is missing Greg Kroah-Hartman
2022-04-14 13:12 ` [PATCH 4.19 220/338] powerpc/lib/sstep: Fix sthcx instruction Greg Kroah-Hartman
2022-04-14 13:12 ` [PATCH 4.19 221/338] powerpc/lib/sstep: Fix build errors with newer binutils Greg Kroah-Hartman
2022-04-14 13:12 ` [PATCH 4.19 222/338] powerpc: " Greg Kroah-Hartman
2022-04-14 13:12 ` [PATCH 4.19 223/338] scsi: qla2xxx: Fix stuck session in gpdb Greg Kroah-Hartman
2022-04-14 13:12 ` [PATCH 4.19 224/338] scsi: qla2xxx: Fix warning for missing error code Greg Kroah-Hartman
2022-04-14 13:12 ` [PATCH 4.19 225/338] scsi: qla2xxx: Check for firmware dump already collected Greg Kroah-Hartman
2022-04-14 13:12 ` [PATCH 4.19 226/338] scsi: qla2xxx: Suppress a kernel complaint in qla_create_qpair() Greg Kroah-Hartman
2022-04-14 13:12 ` [PATCH 4.19 227/338] scsi: qla2xxx: Fix incorrect reporting of task management failure Greg Kroah-Hartman
2022-04-14 13:12 ` [PATCH 4.19 228/338] scsi: qla2xxx: Fix hang due to session stuck Greg Kroah-Hartman
2022-04-14 13:12 ` [PATCH 4.19 229/338] scsi: qla2xxx: Reduce false trigger to login Greg Kroah-Hartman
2022-04-14 13:12 ` [PATCH 4.19 230/338] scsi: qla2xxx: Use correct feature type field during RFF_ID processing Greg Kroah-Hartman
2022-04-14 13:12 ` [PATCH 4.19 231/338] KVM: Prevent module exit until all VMs are freed Greg Kroah-Hartman
2022-04-14 13:12 ` [PATCH 4.19 232/338] KVM: x86: fix sending PV IPI Greg Kroah-Hartman
2022-04-14 13:12 ` [PATCH 4.19 233/338] ubifs: rename_whiteout: Fix double free for whiteout_ui->data Greg Kroah-Hartman
2022-04-14 13:12 ` [PATCH 4.19 234/338] ubifs: Fix deadlock in concurrent rename whiteout and inode writeback Greg Kroah-Hartman
2022-04-14 13:12 ` [PATCH 4.19 235/338] ubifs: Add missing iput if do_tmpfile() failed in rename whiteout Greg Kroah-Hartman
2022-04-14 13:12 ` [PATCH 4.19 236/338] ubifs: setflags: Make dirtied_ino_d 8 bytes aligned Greg Kroah-Hartman
2022-04-14 13:12 ` [PATCH 4.19 237/338] ubifs: Fix read out-of-bounds in ubifs_wbuf_write_nolock() Greg Kroah-Hartman
2022-04-14 13:12 ` [PATCH 4.19 238/338] ubifs: rename_whiteout: correct old_dir size computing Greg Kroah-Hartman
2022-04-14 13:12 ` [PATCH 4.19 239/338] can: mcba_usb: mcba_usb_start_xmit(): fix double dev_kfree_skb in error path Greg Kroah-Hartman
2022-04-14 13:12 ` [PATCH 4.19 240/338] can: mcba_usb: properly check endpoint type Greg Kroah-Hartman
2022-04-14 13:12 ` [PATCH 4.19 241/338] gfs2: Make sure FITRIM minlen is rounded up to fs block size Greg Kroah-Hartman
2022-04-14 13:12 ` [PATCH 4.19 242/338] pinctrl: pinconf-generic: Print arguments for bias-pull-* Greg Kroah-Hartman
2022-04-14 13:12 ` [PATCH 4.19 243/338] ubi: Fix race condition between ctrl_cdev_ioctl and ubi_cdev_ioctl Greg Kroah-Hartman
2022-04-14 13:12 ` [PATCH 4.19 244/338] ACPI: CPPC: Avoid out of bounds access when parsing _CPC data Greg Kroah-Hartman
2022-04-14 13:12 ` [PATCH 4.19 245/338] mm/mmap: return 1 from stack_guard_gap __setup() handler Greg Kroah-Hartman
2022-04-14 13:12 ` [PATCH 4.19 246/338] mm/memcontrol: return 1 from cgroup.memory " Greg Kroah-Hartman
2022-04-14 13:12 ` [PATCH 4.19 247/338] mm/usercopy: return 1 from hardened_usercopy " Greg Kroah-Hartman
2022-04-14 13:12 ` [PATCH 4.19 248/338] bpf: Fix comment for helper bpf_current_task_under_cgroup() Greg Kroah-Hartman
2022-04-14 13:12 ` [PATCH 4.19 249/338] ubi: fastmap: Return error code if memory allocation fails in add_aeb() Greg Kroah-Hartman
2022-04-14 13:12 ` [PATCH 4.19 250/338] ASoC: topology: Allow TLV control to be either read or write Greg Kroah-Hartman
2022-04-14 13:12 ` [PATCH 4.19 251/338] ARM: dts: spear1340: Update serial node properties Greg Kroah-Hartman
2022-04-14 13:12 ` [PATCH 4.19 252/338] ARM: dts: spear13xx: Update SPI dma properties Greg Kroah-Hartman
2022-04-14 13:12 ` [PATCH 4.19 253/338] um: Fix uml_mconsole stop/go Greg Kroah-Hartman
2022-04-14 13:12 ` [PATCH 4.19 254/338] openvswitch: Fixed nd target mask field in the flow dump Greg Kroah-Hartman
2022-04-14 13:12 ` [PATCH 4.19 255/338] KVM: x86: Forbid VMM to set SYNIC/STIMER MSRs when SynIC wasnt activated Greg Kroah-Hartman
2022-04-14 13:12 ` [PATCH 4.19 256/338] ubifs: Rectify space amount budget for mkdir/tmpfile operations Greg Kroah-Hartman
2022-04-14 13:12 ` [PATCH 4.19 257/338] rtc: wm8350: Handle error for wm8350_register_irq Greg Kroah-Hartman
2022-04-14 13:12 ` [PATCH 4.19 258/338] riscv module: remove (NOLOAD) Greg Kroah-Hartman
2022-04-14 13:12 ` [PATCH 4.19 259/338] ARM: 9187/1: JIVE: fix return value of __setup handler Greg Kroah-Hartman
2022-04-14 13:12 ` Greg Kroah-Hartman
2022-04-14 13:12 ` [PATCH 4.19 260/338] KVM: x86/svm: Clear reserved bits written to PerfEvtSeln MSRs Greg Kroah-Hartman
2022-04-14 13:12 ` [PATCH 4.19 261/338] drm: Add orientation quirk for GPD Win Max Greg Kroah-Hartman
2022-04-14 13:12 ` [PATCH 4.19 262/338] ath5k: fix OOB in ath5k_eeprom_read_pcal_info_5111 Greg Kroah-Hartman
2022-04-14 13:12 ` [PATCH 4.19 263/338] drm/amd/amdgpu/amdgpu_cs: fix refcount leak of a dma_fence obj Greg Kroah-Hartman
2022-04-14 13:12 ` [PATCH 4.19 264/338] ptp: replace snprintf with sysfs_emit Greg Kroah-Hartman
2022-04-14 13:12 ` [PATCH 4.19 265/338] powerpc: dts: t104xrdb: fix phy type for FMAN 4/5 Greg Kroah-Hartman
2022-04-14 13:12 ` [PATCH 4.19 266/338] scsi: mvsas: Replace snprintf() with sysfs_emit() Greg Kroah-Hartman
2022-04-14 13:12 ` [PATCH 4.19 267/338] scsi: bfa: " Greg Kroah-Hartman
2022-04-14 13:12 ` [PATCH 4.19 268/338] power: supply: axp20x_battery: properly report current when discharging Greg Kroah-Hartman
2022-04-14 13:12 ` [PATCH 4.19 269/338] powerpc: Set crashkernel offset to mid of RMA region Greg Kroah-Hartman
2022-04-14 13:12 ` [PATCH 4.19 270/338] PCI: aardvark: Fix support for MSI interrupts Greg Kroah-Hartman
2022-04-14 13:12 ` [PATCH 4.19 271/338] iommu/arm-smmu-v3: fix event handling soft lockup Greg Kroah-Hartman
2022-04-14 13:12 ` [PATCH 4.19 272/338] usb: ehci: add pci device support for Aspeed platforms Greg Kroah-Hartman
2022-04-14 13:12 ` [PATCH 4.19 273/338] PCI: pciehp: Add Qualcomm quirk for Command Completed erratum Greg Kroah-Hartman
2022-04-14 13:12 ` [PATCH 4.19 274/338] ipv4: Invalidate neighbour for broadcast address upon address addition Greg Kroah-Hartman
2022-04-14 13:12 ` [PATCH 4.19 275/338] dm ioctl: prevent potential spectre v1 gadget Greg Kroah-Hartman
2022-04-14 13:12 ` [PATCH 4.19 276/338] drm/amdkfd: make CRAT table missing message informational only Greg Kroah-Hartman
2022-04-14 13:13 ` [PATCH 4.19 277/338] scsi: pm8001: Fix pm8001_mpi_task_abort_resp() Greg Kroah-Hartman
2022-04-14 13:13 ` [PATCH 4.19 278/338] scsi: aha152x: Fix aha152x_setup() __setup handler return value Greg Kroah-Hartman
2022-04-14 13:13 ` [PATCH 4.19 279/338] net/smc: correct settings of RMB window update limit Greg Kroah-Hartman
2022-04-14 13:13 ` [PATCH 4.19 280/338] macvtap: advertise link netns via netlink Greg Kroah-Hartman
2022-04-14 13:13 ` [PATCH 4.19 281/338] bnxt_en: Eliminate unintended link toggle during FW reset Greg Kroah-Hartman
2022-04-14 13:13 ` [PATCH 4.19 282/338] MIPS: fix fortify panic when copying asm exception handlers Greg Kroah-Hartman
2022-04-14 13:13 ` [PATCH 4.19 283/338] scsi: libfc: Fix use after free in fc_exch_abts_resp() Greg Kroah-Hartman
2022-04-14 13:13 ` [PATCH 4.19 284/338] usb: dwc3: omap: fix "unbalanced disables for smps10_out1" on omap5evm Greg Kroah-Hartman
2022-04-14 13:13 ` [PATCH 4.19 285/338] xtensa: fix DTC warning unit_address_format Greg Kroah-Hartman
2022-04-14 13:13 ` [PATCH 4.19 286/338] Bluetooth: Fix use after free in hci_send_acl Greg Kroah-Hartman
2022-04-14 13:13 ` [PATCH 4.19 287/338] init/main.c: return 1 from handled __setup() functions Greg Kroah-Hartman
2022-04-14 13:13 ` [PATCH 4.19 288/338] minix: fix bug when opening a file with O_DIRECT Greg Kroah-Hartman
2022-04-14 13:13 ` [PATCH 4.19 289/338] w1: w1_therm: fixes w1_seq for ds28ea00 sensors Greg Kroah-Hartman
2022-04-14 13:13 ` [PATCH 4.19 290/338] NFSv4: Protect the state recovery thread against direct reclaim Greg Kroah-Hartman
2022-04-14 13:13 ` [PATCH 4.19 291/338] xen: delay xen_hvm_init_time_ops() if kdump is boot on vcpu>=32 Greg Kroah-Hartman
2022-04-14 13:13 ` [PATCH 4.19 292/338] clk: Enforce that disjoints limits are invalid Greg Kroah-Hartman
2022-04-14 13:13 ` [PATCH 4.19 293/338] SUNRPC/call_alloc: async tasks mustnt block waiting for memory Greg Kroah-Hartman
2022-04-14 13:13 ` [PATCH 4.19 294/338] NFS: swap IO handling is slightly different for O_DIRECT IO Greg Kroah-Hartman
2022-04-14 13:13 ` [PATCH 4.19 295/338] NFS: swap-out must always use STABLE writes Greg Kroah-Hartman
2022-04-14 13:13 ` [PATCH 4.19 296/338] serial: samsung_tty: do not unlock port->lock for uart_write_wakeup() Greg Kroah-Hartman
2022-04-14 13:13 ` [PATCH 4.19 297/338] virtio_console: eliminate anonymous module_init & module_exit Greg Kroah-Hartman
2022-04-14 13:13 ` Greg Kroah-Hartman
2022-04-14 13:13 ` [PATCH 4.19 298/338] jfs: prevent NULL deref in diFree Greg Kroah-Hartman
2022-04-14 13:13 ` [PATCH 4.19 299/338] parisc: Fix CPU affinity for Lasi, WAX and Dino chips Greg Kroah-Hartman
2022-04-14 13:13 ` [PATCH 4.19 300/338] net: add missing SOF_TIMESTAMPING_OPT_ID support Greg Kroah-Hartman
2022-04-14 13:13 ` [PATCH 4.19 301/338] mm: fix race between MADV_FREE reclaim and blkdev direct IO read Greg Kroah-Hartman
2022-04-14 13:13 ` [PATCH 4.19 302/338] KVM: arm64: Check arm64_get_bp_hardening_data() didnt return NULL Greg Kroah-Hartman
2022-04-14 13:13 ` [PATCH 4.19 303/338] drm/amdgpu: fix off by one in amdgpu_gfx_kiq_acquire() Greg Kroah-Hartman
2022-04-14 13:13 ` [PATCH 4.19 304/338] Drivers: hv: vmbus: Fix potential crash on module unload Greg Kroah-Hartman
2022-04-14 13:13 ` [PATCH 4.19 305/338] scsi: zorro7xx: Fix a resource leak in zorro7xx_remove_one() Greg Kroah-Hartman
2022-04-14 13:13 ` [PATCH 4.19 306/338] net: stmmac: Fix unset max_speed difference between DT and non-DT platforms Greg Kroah-Hartman
2022-04-14 13:13 ` [PATCH 4.19 307/338] drm/imx: Fix memory leak in imx_pd_connector_get_modes Greg Kroah-Hartman
2022-04-14 13:13 ` [PATCH 4.19 308/338] net: openvswitch: dont send internal clone attribute to the userspace Greg Kroah-Hartman
2022-04-14 13:13 ` [PATCH 4.19 309/338] rxrpc: fix a race in rxrpc_exit_net() Greg Kroah-Hartman
2022-04-14 13:13 ` [PATCH 4.19 310/338] qede: confirm skb is allocated before using Greg Kroah-Hartman
2022-04-14 13:13 ` [PATCH 4.19 311/338] spi: bcm-qspi: fix MSPI only access with bcm_qspi_exec_mem_op() Greg Kroah-Hartman
2022-04-14 13:13 ` [PATCH 4.19 312/338] drbd: Fix five use after free bugs in get_initial_state Greg Kroah-Hartman
2022-04-14 13:13 ` [PATCH 4.19 313/338] Revert "mmc: sdhci-xenon: fix annoying 1.8V regulator warning" Greg Kroah-Hartman
2022-04-14 13:13 ` [PATCH 4.19 314/338] mmc: renesas_sdhi: dont overwrite TAP settings when HS400 tuning is complete Greg Kroah-Hartman
2022-04-14 13:13 ` [PATCH 4.19 315/338] mmmremap.c: avoid pointless invalidate_range_start/end on mremap(old_size=0) Greg Kroah-Hartman
2022-04-14 13:13 ` [PATCH 4.19 316/338] mm/mempolicy: fix mpol_new leak in shared_policy_replace Greg Kroah-Hartman
2022-04-14 13:13 ` [PATCH 4.19 317/338] x86/pm: Save the MSR validity status at context setup Greg Kroah-Hartman
2022-04-14 13:13 ` [PATCH 4.19 318/338] x86/speculation: Restore speculation related MSRs during S3 resume Greg Kroah-Hartman
2022-04-14 13:13 ` [PATCH 4.19 319/338] btrfs: fix qgroup reserve overflow the qgroup limit Greg Kroah-Hartman
2022-04-14 13:13 ` [PATCH 4.19 320/338] arm64: patch_text: Fixup last cpu should be master Greg Kroah-Hartman
2022-04-14 13:13 ` [PATCH 4.19 321/338] ata: sata_dwc_460ex: Fix crash due to OOB write Greg Kroah-Hartman
2022-04-14 13:13 ` [PATCH 4.19 322/338] perf: qcom_l2_pmu: fix an incorrect NULL check on list iterator Greg Kroah-Hartman
2022-04-14 13:13 ` [PATCH 4.19 323/338] irqchip/gic-v3: Fix GICR_CTLR.RWP polling Greg Kroah-Hartman
2022-04-14 13:13 ` [PATCH 4.19 324/338] tools build: Filter out options and warnings not supported by clang Greg Kroah-Hartman
2022-04-14 13:13 ` [PATCH 4.19 325/338] tools build: Use $(shell ) instead of `` to get embedded libperls ccopts Greg Kroah-Hartman
2022-04-14 13:13 ` [PATCH 4.19 326/338] dmaengine: Revert "dmaengine: shdma: Fix runtime PM imbalance on error" Greg Kroah-Hartman
2022-04-14 13:13 ` [PATCH 4.19 327/338] mm: dont skip swap entry even if zap_details specified Greg Kroah-Hartman
2022-04-14 13:13 ` [PATCH 4.19 328/338] arm64: module: remove (NOLOAD) from linker script Greg Kroah-Hartman
2022-04-14 13:13 ` [PATCH 4.19 329/338] mm/sparsemem: fix mem_section will never be NULL gcc 12 warning Greg Kroah-Hartman
2022-04-14 13:13 ` [PATCH 4.19 330/338] cgroup: Use open-time credentials for process migraton perm checks Greg Kroah-Hartman
2022-04-14 13:13 ` [PATCH 4.19 331/338] cgroup: Allocate cgroup_file_ctx for kernfs_open_file->priv Greg Kroah-Hartman
2022-04-14 13:13 ` [PATCH 4.19 332/338] cgroup: Use open-time cgroup namespace for process migration perm checks Greg Kroah-Hartman
2022-04-14 13:13 ` [PATCH 4.19 333/338] selftests: cgroup: Make cg_create() use 0755 for permission instead of 0644 Greg Kroah-Hartman
2022-04-14 13:13 ` [PATCH 4.19 334/338] selftests: cgroup: Test open-time credential usage for migration checks Greg Kroah-Hartman
2022-04-14 13:13 ` [PATCH 4.19 335/338] selftests: cgroup: Test open-time cgroup namespace " Greg Kroah-Hartman
2022-04-14 13:13 ` [PATCH 4.19 336/338] xfrm: policy: match with both mark and mask on user interfaces Greg Kroah-Hartman
2022-04-14 13:14 ` [PATCH 4.19 337/338] drm/amdgpu: Check if fd really is an amdgpu fd Greg Kroah-Hartman
2022-04-14 13:14 ` [PATCH 4.19 338/338] drm/amdkfd: Use drm_priv to pass VM from KFD to amdgpu Greg Kroah-Hartman
2022-04-14 16:58 ` [PATCH 4.19 000/338] 4.19.238-rc1 review Pavel Machek
2022-04-14 17:03 ` Shuah Khan
2022-04-15 0:54 ` Samuel Zou
2022-04-15 1:10 ` Guenter Roeck
2022-04-15 13:44 ` Daniel Díaz
2022-04-18 8:39 ` Naresh Kamboju
2022-04-20 23:48 ` Naresh Kamboju
2022-04-26 2:29 ` NeilBrown
2022-12-16 18:31 ` Michael Trimarchi
2022-12-16 21:24 ` Trond Myklebust
2022-12-17 9:01 ` Michael Nazzareno Trimarchi
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.