* [PATCH 5.18 000/879] 5.18.3-rc1 review
@ 2022-06-07 16:51 Greg Kroah-Hartman
2022-06-07 16:51 ` [PATCH 5.18 001/879] arm64: Initialize jump labels before setup_machine_fdt() Greg Kroah-Hartman
` (888 more replies)
0 siblings, 889 replies; 898+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:51 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, torvalds, akpm, linux, shuah,
patches, lkft-triage, pavel, jonathanh, f.fainelli,
sudipm.mukherjee, slade
This is the start of the stable review cycle for the 5.18.3 release.
There are 879 patches in this series, all will be posted as a response
to this one. If anyone has any issues with these being applied, please
let me know.
Responses should be made by Thu, 09 Jun 2022 16:48:02 +0000.
Anything received after that time might be too late.
The whole patch series can be found in one patch at:
https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.18.3-rc1.gz
or in the git tree and branch at:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.18.y
and the diffstat can be found below.
thanks,
greg k-h
-------------
Pseudo-Shortlog of commits:
Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Linux 5.18.3-rc1
Tony Lindgren <tony@atomide.com>
tty: n_gsm: Fix packet data hex dump output
Ziyang Xuan <william.xuanziyang@huawei.com>
macsec: fix UAF bug for real_dev
Jia-Ju Bai <baijiaju1990@gmail.com>
md: bcache: check the return value of kzalloc() in detached_dev_do_request()
Xiao Ni <xni@redhat.com>
md: fix double free of io_acct_set bioset
Xiao Ni <xni@redhat.com>
md: Don't set mddev private to NULL in raid0 pers->free
Namjae Jeon <linkinjeon@kernel.org>
fs/ntfs3: Fix invalid free in log_replay
Christian Brauner <brauner@kernel.org>
exportfs: support idmapped mounts
Christian Brauner <brauner@kernel.org>
fs: add two trivial lookup helpers
Eric Biggers <ebiggers@google.com>
ext4: only allow test_dummy_encryption when supported
Xiao Yang <yangx.jy@fujitsu.com>
RDMA/rxe: Generate a completion for unsupported/invalid opcode
Yixing Liu <liuyixing1@huawei.com>
RDMA/hns: Remove the num_cqc_timer variable
Carlos Llamas <cmllamas@google.com>
binder: fix sender_euid type in uapi header
Dan Carpenter <dan.carpenter@oracle.com>
staging: r8188eu: delete rtw_wx_read/write32()
Jason A. Donenfeld <Jason@zx2c4.com>
Revert "random: use static branch for crng_ready()"
Zhengjun Xing <zhengjun.xing@linux.intel.com>
perf evlist: Extend arch_evsel__must_be_in_group to support hybrid systems
Waiman Long <longman@redhat.com>
kseltest/cgroup: Make test_stress.sh work if run interactively
Sean Young <sean@mess.org>
media: lirc: add missing exceptions for lirc uapi header file
Alex Elder <elder@linaro.org>
net: ipa: fix page free in ipa_endpoint_replenish_one()
Alex Elder <elder@linaro.org>
net: ipa: fix page free in ipa_endpoint_trans_release()
Johan Hovold <johan+linaro@kernel.org>
phy: qcom-qmp: fix reset-controller leak on probe errors
Mao Jinlong <quic_jinlmao@quicinc.com>
coresight: core: Fix coresight device probe failure issue
Tejun Heo <tj@kernel.org>
blk-iolatency: Fix inflight count imbalances and IO hangs on offline
Eugenio Pérez <eperezma@redhat.com>
vdpasim: allow to enable a vq repeatedly
Dinh Nguyen <dinguyen@kernel.org>
dt-bindings: gpio: altera: correct interrupt-cells
Akira Yokosawa <akiyks@gmail.com>
docs/conf.py: Cope with removal of language=None in Sphinx 5.0.0
Steve French <stfrench@microsoft.com>
SMB3: EBADF/EIO errors in rename/open caused by race condition in smb2_compound_op
Srinivas Kandagatla <srinivas.kandagatla@linaro.org>
misc: fastrpc: fix list iterator in fastrpc_req_mem_unmap_impl
Luís Henriques <lhenriques@suse.de>
ceph: fix decoding of client session messages flags
Arnd Bergmann <arnd@arndb.de>
ARM: pxa: maybe fix gpio lookup tables
Jonathan Bakker <xc-racer2@live.ca>
ARM: dts: s5pv210: Remove spi-cs-high on panel in Aries
Johan Hovold <johan+linaro@kernel.org>
phy: qcom-qmp: fix struct clk leak on probe errors
Diogo Ivo <diogo.ivo@tecnico.ulisboa.pt>
clk: tegra: Add missing reset deassertion
Diogo Ivo <diogo.ivo@tecnico.ulisboa.pt>
arm64: tegra: Add missing DFLL reset on Tegra210
Kathiravan T <quic_kathirav@quicinc.com>
arm64: dts: qcom: ipq8074: fix the sleep clock frequency
Xiaomeng Tong <xiam0nd.tong@gmail.com>
gma500: fix an incorrect NULL check on list iterator
Xiaomeng Tong <xiam0nd.tong@gmail.com>
tilcdc: tilcdc_external: fix an incorrect NULL check on list iterator
Jiri Slaby <jirislaby@kernel.org>
serial: pch: don't overwrite xmit->buf[0] by x_char
Coly Li <colyli@suse.de>
bcache: avoid journal no-space deadlock by reserving 1 journal bucket
Coly Li <colyli@suse.de>
bcache: remove incremental dirty sector counting for bch_sectors_dirty_init()
Coly Li <colyli@suse.de>
bcache: improve multithreaded bch_sectors_dirty_init()
Coly Li <colyli@suse.de>
bcache: improve multithreaded bch_btree_check()
Xiaomeng Tong <xiam0nd.tong@gmail.com>
stm: ltdc: fix two incorrect NULL checks on list iterator
Xiaomeng Tong <xiam0nd.tong@gmail.com>
carl9170: tx: fix an incorrect use of list iterator
Mark Brown <broonie@kernel.org>
ASoC: rt5514: Fix event generation for "DSP Voice Wake Up" control
Alexander Wetzel <alexander@wetzel-home.de>
rtl818x: Prevent using not initialized queues
Yi Yang <yiyang13@huawei.com>
xtensa/simdisk: fix proc_read_simdisk()
Miaohe Lin <linmiaohe@huawei.com>
mm/memremap: fix missing call to untrack_pfn() in pagemap_range()
Mike Kravetz <mike.kravetz@oracle.com>
hugetlb: fix huge_pmd_unshare address update
Christophe de Dinechin <dinechin@redhat.com>
nodemask.h: fix compilation error with GCC12
Mel Gorman <mgorman@techsingularity.net>
mm/page_alloc: always attempt to allocate at least one page during bulk allocation
Eric Dumazet <edumazet@google.com>
mm/page_owner: use strscpy() instead of strlcpy()
Dong Aisheng <aisheng.dong@nxp.com>
Revert "mm/cma.c: remove redundant cma_mutex lock"
Masami Hiramatsu <mhiramat@kernel.org>
kprobes: Fix build errors with CONFIG_KRETPROBES=n
Yunfei Wang <yf.wang@mediatek.com>
iommu/dma: Fix iova map result check bug
Xiaomeng Tong <xiam0nd.tong@gmail.com>
iommu/msm: Fix an incorrect NULL check on list iterator
Hyunchul Lee <hyc.lee@gmail.com>
ksmbd: fix outstanding credits related bugs
Song Liu <song@kernel.org>
ftrace: Clean up hash direct_functions on register failures
Naveen N. Rao <naveen.n.rao@linux.vnet.ibm.com>
kexec_file: drop weak attribute from arch_kexec_apply_relocations[_add]
Maciej W. Rozycki <macro@orcam.me.uk>
MIPS: IP30: Remove incorrect `cpu_has_fpu' override
Maciej W. Rozycki <macro@orcam.me.uk>
MIPS: IP27: Remove incorrect `cpu_has_fpu' override
Vincent Whitchurch <vincent.whitchurch@axis.com>
um: Fix out-of-bounds read in LDT setup
Johannes Berg <johannes.berg@intel.com>
um: chan_user: Fix winch_tramp() return value
Johannes Berg <johannes.berg@intel.com>
um: Use asm-generic/dma-mapping.h
Johannes Berg <johannes.berg@intel.com>
um: virtio_uml: Fix broken device handling in time-travel
Felix Fietkau <nbd@nbd.name>
mac80211: upgrade passive scan to active scan on DFS channels after beacon rx
Dimitri John Ledkov <dimitri.ledkov@canonical.com>
cfg80211: declare MODULE_FIRMWARE for regulatory.db
Felix Fietkau <nbd@nbd.name>
mt76: fix use-after-free by removing a non-RCU wcid pointer
Kant Fan <kant@allwinnertech.com>
thermal: devfreq_cooling: use local ops instead of global ops
Max Filippov <jcmvbkbc@gmail.com>
irqchip: irq-xtensa-mx: fix initial IRQ affinity
Pali Rohár <pali@kernel.org>
irqchip/armada-370-xp: Do not touch Performance Counter Overflow on A375, A38x, A39x
Guo Ren <guoren@kernel.org>
csky: patch_text: Fixup last cpu should be master
Bean Huo <beanhuo@micron.com>
mmc: core: Allows to override the timeout value for ioctl() path
Dennis Dalessandro <dennis.dalessandro@cornelisnetworks.com>
RDMA/hfi1: Fix potential integer multiplication overflow errors
Puyou Lu <puyou.lu@gmail.com>
lib/string_helpers: fix not adding strarray to device's resource list
Sean Christopherson <seanjc@google.com>
Kconfig: Add option for asm goto w/ tied outputs to workaround clang-13 bug
GUO Zihua <guozihua@huawei.com>
ima: remove the IMA_TEMPLATE Kconfig option
Nicolas Dufresne <nicolas.dufresne@collabora.com>
media: coda: Add more H264 levels for CODA960
Nicolas Dufresne <nicolas.dufresne@collabora.com>
media: coda: Fix reported H264 profile
Tokunori Ikegami <ikegami.t@gmail.com>
mtd: cfi_cmdset_0002: Use chip_ready() for write on S29GL064N
Tokunori Ikegami <ikegami.t@gmail.com>
mtd: cfi_cmdset_0002: Move and rename chip_check/chip_ready/chip_good_for_write
Xiaomeng Tong <xiam0nd.tong@gmail.com>
md: fix an incorrect NULL check in md_reload_sb
Xiaomeng Tong <xiam0nd.tong@gmail.com>
md: fix an incorrect NULL check in does_sb_need_changing
Jani Nikula <jani.nikula@intel.com>
drm/i915/dsi: fix VBT send packet port selection for ICL+
Brian Norris <briannorris@chromium.org>
drm/bridge: analogix_dp: Grab runtime PM reference for DP-AUX
Xiaomeng Tong <xiam0nd.tong@gmail.com>
drm/nouveau/kms/nv50-: atom: fix an incorrect NULL check on list iterator
Xiaomeng Tong <xiam0nd.tong@gmail.com>
drm/nouveau/clk: Fix an incorrect NULL check on list iterator
Lucas Stach <l.stach@pengutronix.de>
drm/etnaviv: check for reaped mapping in etnaviv_iommu_unmap_gem
Lyude Paul <lyude@redhat.com>
drm/nouveau/subdev/bus: Ratelimit logging for fault errors
Dave Airlie <airlied@redhat.com>
drm/amdgpu/cs: make commands with 0 chunks illegal behaviour.
Mickaël Salaün <mic@digikod.net>
landlock: Fix same-layer rule unions
Mickaël Salaün <mic@digikod.net>
landlock: Create find_rule() from unmask_layers()
Mickaël Salaün <mic@digikod.net>
landlock: Reduce the maximum number of layers to 16
Mickaël Salaün <mic@digikod.net>
landlock: Define access_mask_t to enforce a consistent access mask size
Mickaël Salaün <mic@digikod.net>
selftests/landlock: Test landlock_create_ruleset(2) argument check ordering
Mickaël Salaün <mic@digikod.net>
landlock: Change landlock_restrict_self(2) check ordering
Mickaël Salaün <mic@digikod.net>
landlock: Change landlock_add_rule(2) argument check ordering
Mickaël Salaün <mic@digikod.net>
selftests/landlock: Add tests for O_PATH
Mickaël Salaün <mic@digikod.net>
selftests/landlock: Fully test file rename with "remove" access
Mickaël Salaün <mic@digikod.net>
selftests/landlock: Extend access right tests to directories
Mickaël Salaün <mic@digikod.net>
selftests/landlock: Add tests for unknown access rights
Mickaël Salaün <mic@digikod.net>
selftests/landlock: Extend tests for minimal valid attribute size
Mickaël Salaün <mic@digikod.net>
selftests/landlock: Make tests build with old libc
Mickaël Salaün <mic@digikod.net>
landlock: Fix landlock_add_rule(2) documentation
Mickaël Salaün <mic@digikod.net>
samples/landlock: Format with clang-format
Mickaël Salaün <mic@digikod.net>
samples/landlock: Add clang-format exceptions
Mickaël Salaün <mic@digikod.net>
selftests/landlock: Format with clang-format
Mickaël Salaün <mic@digikod.net>
selftests/landlock: Normalize array assignment
Mickaël Salaün <mic@digikod.net>
selftests/landlock: Add clang-format exceptions
Mickaël Salaün <mic@digikod.net>
landlock: Format with clang-format
Mickaël Salaün <mic@digikod.net>
landlock: Add clang-format exceptions
Manivannan Sadhasivam <mani@kernel.org>
scsi: ufs: qcom: Add a readl() to make sure ref_clk gets enabled
Xiaomeng Tong <xiam0nd.tong@gmail.com>
scsi: dc395x: Fix a missing check on list iterator
Junxiao Bi via Ocfs2-devel <ocfs2-devel@oss.oracle.com>
ocfs2: dlmfs: fix error handling of user_dlm_destroy_lock
Alexander Aring <aahringo@redhat.com>
dlm: fix missing lkb refcount handling
Alexander Aring <aahringo@redhat.com>
dlm: fix wake_up() calls for pending remove
Dan Carpenter <dan.carpenter@oracle.com>
dlm: uninitialized variable on error in dlm_listen_for_all()
Alexander Aring <aahringo@redhat.com>
dlm: fix plock invalid read
Sven Schnelle <svens@linux.ibm.com>
s390/stp: clock_delta should be signed
Nico Boehr <nrb@linux.ibm.com>
s390/perf: obtain sie_block from the right address
Rei Yamamoto <yamamoto.rei@jp.fujitsu.com>
mm, compaction: fast_find_migrateblock() should return pfn in the target zone
Damien Le Moal <damien.lemoal@opensource.wdc.com>
block: Fix potential deadlock in blk_ia_range_sysfs_show()
Denis Efremov <denis.e.efremov@oracle.com>
staging: r8188eu: prevent ->Ssid overflow in rtw_wx_set_scan()
Johan Hovold <johan+linaro@kernel.org>
PCI: qcom: Fix unbalanced PHY init on probe errors
Johan Hovold <johan+linaro@kernel.org>
PCI: qcom: Fix runtime PM imbalance on probe errors
Johan Hovold <johan+linaro@kernel.org>
PCI: qcom: Fix pipe clock imbalance
Bjorn Helgaas <bhelgaas@google.com>
PCI/PM: Fix bridge_d3_blacklist[] Elo i2 overwrite of Gigabyte X299
Alex Deucher <alexander.deucher@amd.com>
drm/amdgpu: add beige goby PCI ID
Gautam Menghani <gautammenghani201@gmail.com>
tracing: Initialize integer variable to prevent garbage return value
Wonhyuk Yang <vvghjk1234@gmail.com>
tracing: Fix return value of trace_pid_write()
Keita Suzuki <keitasuzuki.park@sslab.ics.keio.ac.jp>
tracing: Fix potential double free in create_var_ref()
Steven Rostedt (Google) <rostedt@goodmis.org>
tracing: Have event format check not flag %p* on __get_dynamic_array()
Laurent Vivier <laurent@vivier.eu>
tty: goldfish: Introduce gf_ioread32()/gf_iowrite32()
Sakari Ailus <sakari.ailus@linux.intel.com>
ACPI: property: Release subnode properties with data nodes
Jan Kara <jack@suse.cz>
ext4: avoid cycles in directory h-tree
Jan Kara <jack@suse.cz>
ext4: verify dir block before splitting it
Baokun Li <libaokun1@huawei.com>
ext4: fix bug_on in __es_tree_search
Theodore Ts'o <tytso@mit.edu>
ext4: filter out EXT4_FC_REPLAY from on-disk superblock field s_state
Ye Bin <yebin10@huawei.com>
ext4: fix bug_on in ext4_writepages
Eric Biggers <ebiggers@google.com>
ext4: fix memory leak in parse_apply_sb_mount_options()
Ye Bin <yebin10@huawei.com>
ext4: fix warning in ext4_handle_inode_extension
Baokun Li <libaokun1@huawei.com>
ext4: fix race condition between ext4_write and ext4_convert_inline_data
Ojaswin Mujoo <ojaswin@linux.ibm.com>
ext4: fix journal_ioprio mount option handling
Ye Bin <yebin10@huawei.com>
ext4: fix use-after-free in ext4_rename_dir_prepare
Dmitry Monakhov <dmtrmonakhov@yandex-team.ru>
ext4: mark group as trimmed only if it was fully scanned
Jan Kara <jack@suse.cz>
bfq: Make sure bfqg for which we are queueing requests is online
Jan Kara <jack@suse.cz>
bfq: Get rid of __bio_blkcg() usage
Jan Kara <jack@suse.cz>
bfq: Track whether bfq_group is still online
Jan Kara <jack@suse.cz>
bfq: Remove pointless bfq_init_rq() calls
Jan Kara <jack@suse.cz>
bfq: Drop pointless unlock-lock pair
Jan Kara <jack@suse.cz>
bfq: Update cgroup information before merging bio
Jan Kara <jack@suse.cz>
bfq: Split shared queues on move between cgroups
Jan Kara <jack@suse.cz>
bfq: Avoid merging queues with different parents
Jan Kara <jack@suse.cz>
bfq: Avoid false marking of bic as stably merged
Aditya Garg <gargaditya08@live.com>
efi: Do not import certificates from UEFI Secure Boot for T2 Macs
Zhihao Cheng <chengzhihao1@huawei.com>
fs-writeback: writeback_sb_inodes:Recalculate 'wrote' according skipped pages
Miaoqian Lin <linmq006@gmail.com>
ipmi:ipmb: Fix refcount leak in ipmi_ipmb_probe
Johannes Berg <johannes.berg@intel.com>
iwlwifi: mei: fix potential NULL-ptr deref
Avraham Stern <avraham.stern@intel.com>
iwlwifi: mei: clear the sap data header before sending
Emmanuel Grumbach <emmanuel.grumbach@intel.com>
iwlwifi: mvm: fix assert 1F04 upon reconfig
Johannes Berg <johannes.berg@intel.com>
iwlwifi: fw: init SAR GEO table only if data is present
Johannes Berg <johannes.berg@intel.com>
wifi: mac80211: fix use-after-free in chanctx code
Peter Zijlstra <peterz@infradead.org>
objtool: Fix symbol creation
Mikulas Patocka <mpatocka@redhat.com>
objtool: Fix objtool regression on x32 systems
Chao Yu <chao@kernel.org>
f2fs: fix to do sanity check for inline inode
Chao Yu <chao@kernel.org>
f2fs: fix fallocate to use file_modified to update permissions consistently
Eric Biggers <ebiggers@google.com>
f2fs: don't use casefolded comparison for "." and ".."
Chao Yu <chao@kernel.org>
f2fs: fix to do sanity check on total_data_blocks
Jaegeuk Kim <jaegeuk@kernel.org>
f2fs: don't need inode lock for system hidden quota
Chao Yu <chao@kernel.org>
f2fs: fix deadloop in foreground GC
Chao Yu <chao@kernel.org>
f2fs: fix to clear dirty inode in f2fs_evict_inode()
Chao Yu <chao@kernel.org>
f2fs: fix to do sanity check on block address in f2fs_do_zero_range()
Chao Yu <chao@kernel.org>
f2fs: fix to avoid f2fs_bug_on() in dec_valid_node_count()
Olga Kornievskaia <kolga@netapp.com>
NFSv4.1 mark qualified async operations as MOVEABLE tasks
Benjamin Coddington <bcodding@redhat.com>
NFSv4: Fix free of uninitialized nfs4_label on referral lookup.
Javier Martinez Canillas <javierm@redhat.com>
video: fbdev: vesafb: Fix a use-after-free due early fb_info cleanup
Zhengjun Xing <zhengjun.xing@linux.intel.com>
perf jevents: Fix event syntax error caused by ExtSel
Daniel Bristot de Oliveira <bristot@kernel.org>
tracing/timerlat: Notify IRQ new max latency only if stop tracing is set
Daniel Bristot de Oliveira <bristot@kernel.org>
rtla: Remove procps-ng dependency
Daniel Bristot de Oliveira <bristot@kernel.org>
rtla: Fix __set_sched_attr error message
John Kacur <jkacur@redhat.com>
rtla: Minor grammar fix for rtla README
John Kacur <jkacur@redhat.com>
rtla: Don't overwrite existing directory mode
Wan Jiabing <wanjiabing@vivo.com>
rtla: Avoid record NULL pointer dereference
Leo Yan <leo.yan@linaro.org>
perf c2c: Use stdio interface if slang is not supported
Jiri Olsa <jolsa@kernel.org>
perf build: Fix btf__load_from_kernel_by_id() feature check
Tiezhu Yang <yangtiezhu@loongson.cn>
MIPS: RALINK: Define pci_remap_iospace under CONFIG_PCI_DRIVERS_GENERIC
Palmer Dabbelt <palmer@rivosinc.com>
RISC-V: Fix the XIP build
Palmer Dabbelt <palmer@rivosinc.com>
RISC-V: Split out the XIP fixups into their own file
Li Huafei <lihuafei1@huawei.com>
tracing: Reset the function filter after completing trampoline/graph selftest
Kuninori Morimoto <kuninori.morimoto.gx@renesas.com>
i2c: rcar: fix PM ref counts in probe error paths
Tali Perry <tali.perry1@gmail.com>
i2c: npcm: Handle spurious interrupts
Tyrone Ting <kfting@nuvoton.com>
i2c: npcm: Correct register access width
Tali Perry <tali.perry1@gmail.com>
i2c: npcm: Fix timeout calculation
Joerg Roedel <jroedel@suse.de>
iommu/amd: Increase timeout waiting for GA log enablement
Amelie Delaunay <amelie.delaunay@foss.st.com>
dmaengine: stm32-mdma: fix chan initialization in stm32_mdma_irq_handler()
Amelie Delaunay <amelie.delaunay@foss.st.com>
dmaengine: stm32-mdma: remove GISR1 register
Miaoqian Lin <linmq006@gmail.com>
video: fbdev: clcdfb: Fix refcount leak in clcdfb_of_vram_setup
Dave Wysochanski <dwysocha@redhat.com>
NFS: Pass i_size to fscache_unuse_cookie() when a file is released
Trond Myklebust <trond.myklebust@hammerspace.com>
NFS: Further fixes to the writeback error handling
Trond Myklebust <trond.myklebust@hammerspace.com>
NFSv4/pNFS: Do not fail I/O when we fail to allocate the pNFS layout
Trond Myklebust <trond.myklebust@hammerspace.com>
NFS: Don't report errors from nfs_pageio_complete() more than once
Trond Myklebust <trond.myklebust@hammerspace.com>
NFS: Do not report flush errors in nfs_write_end()
Trond Myklebust <trond.myklebust@hammerspace.com>
NFS: Don't report ENOSPC write errors twice
Trond Myklebust <trond.myklebust@hammerspace.com>
NFS: fsync() should report filesystem errors over EINTR/ERESTARTSYS
Trond Myklebust <trond.myklebust@hammerspace.com>
NFS: Do not report EINTR/ERESTARTSYS as mapping errors
Christophe JAILLET <christophe.jaillet@wanadoo.fr>
dmaengine: idxd: Fix the error handling path in idxd_cdev_register()
Nathan Chancellor <nathan@kernel.org>
i2c: at91: Initialize dma_buf in at91_twi_xfer()
Miles Chen <miles.chen@mediatek.com>
iommu/mediatek: Fix NULL pointer dereference when printing dev_name
Guenter Roeck <linux@roeck-us.net>
MIPS: Loongson: Use hwmon_device_register_with_groups() to register hwmon
Jean-Philippe Brucker <jean-philippe@linaro.org>
iommu/arm-smmu-v3-sva: Fix mm use-after-free
Rex-BC Chen <rex-bc.chen@mediatek.com>
cpufreq: mediatek: Unregister platform device on exit
Jia-Wei Chang <jia-wei.chang@mediatek.com>
cpufreq: mediatek: Use module_init and add module_exit
Michael Walle <michael@walle.cc>
i2c: at91: use dma safe buffers
Yong Wu <yong.wu@mediatek.com>
iommu/mediatek: Add mutex for m4u_group and m4u_dom in data
Yong Wu <yong.wu@mediatek.com>
iommu/mediatek: Remove clk_disable in mtk_iommu_remove
Yong Wu <yong.wu@mediatek.com>
iommu/mediatek: Add list_del in mtk_iommu_remove
Yong Wu <yong.wu@mediatek.com>
iommu/mediatek: Fix 2 HW sharing pgtable issue
Suravee Suthikulpanit <suravee.suthikulpanit@amd.com>
iommu/amd: Do not call sleep while holding spinlock
Mario Limonciello <mario.limonciello@amd.com>
iommu/amd: Enable swiotlb in all cases
Guo Ren <guoren@kernel.org>
riscv: Fixup difference with defconfig
Jakob Koschel <jakobkoschel@gmail.com>
f2fs: fix dereference of stale list iterator after loop body
Chao Yu <chao@kernel.org>
f2fs: fix to do sanity check on inline_dots inode
Jayesh Choudhary <j-choudhary@ti.com>
dmaengine: ti: k3-psil-am62: Update PSIL thread for saul.
Dan Carpenter <dan.carpenter@oracle.com>
OPP: call of_node_put() on error path in _bandwidth_supported()
Dmitry Torokhov <dmitry.torokhov@gmail.com>
Input: stmfts - do not leave device disabled in stmfts_input_open
Wanpeng Li <wanpengli@tencent.com>
KVM: LAPIC: Drop pending LAPIC timer injection when canceling the timer
Hector Martin <marcan@marcan.st>
pinctrl: apple: Use a raw spinlock for the regmap
Douglas Miller <doug.miller@cornelisnetworks.com>
RDMA/hfi1: Prevent use of lock before it is initialized
Christophe JAILLET <christophe.jaillet@wanadoo.fr>
RDMA/rxe: Fix an error handling path in rxe_get_mcg()
Björn Ardö <bjorn.ardo@axis.com>
mailbox: forward the hrtimer if not queued and under a lock
Julian Schroeder <jumaco@amazon.com>
nfsd: destroy percpu stats counters after reply cache shutdown
Yang Yingliang <yangyingliang@huawei.com>
mfd: davinci_voicecodec: Fix possible null-ptr-deref davinci_vc_probe()
Christophe JAILLET <christophe.jaillet@wanadoo.fr>
gpio: sim: Use correct order for the parameters of devm_kcalloc()
Christophe Leroy <christophe.leroy@csgroup.eu>
powerpc/fsl_book3e: Don't set rodata RO too early
Vaibhav Jain <vaibhav@linux.ibm.com>
powerpc/papr_scm: Fix leaking nvdimm_events_map elements
Miaoqian Lin <linmq006@gmail.com>
powerpc/fsl_rio: Fix refcount leak in fsl_rio_setup
Miaoqian Lin <linmq006@gmail.com>
powerpc/xive: Fix refcount leak in xive_spapr_init
Randy Dunlap <rdunlap@infradead.org>
macintosh: via-pmu and via-cuda need RTC_LIB
Kajol Jain <kjain@linux.ibm.com>
powerpc/perf: Fix the threshold compare group constraint for power9
Kajol Jain <kjain@linux.ibm.com>
powerpc/perf: Fix the threshold compare group constraint for power10
Russell Currey <ruscur@russell.cc>
powerpc/powernv: Get STF barrier requirements from device-tree
Russell Currey <ruscur@russell.cc>
powerpc/powernv: Get L1D flush requirements from device-tree
Michael Ellerman <mpe@ellerman.id.au>
powerpc/64: Only WARN if __pa()/__va() called with bad addresses
Mario Limonciello <mario.limonciello@amd.com>
mailbox: pcc: Fix an invalid-load caught by the address sanitizer
Kan Liang <kan.liang@linux.intel.com>
perf stat: Always keep perf metrics topdown events in a group
Ian Rogers <irogers@google.com>
perf evlist: Keep topdown counters in weak group
Yang Yingliang <yangyingliang@huawei.com>
hwrng: omap3-rom - fix using wrong clk_disable() in omap_rom_rng_runtime_resume()
Dan Williams <dan.j.williams@intel.com>
cxl/mem: Drop mem_enabled check from wait_for_media()
Daire McNamara <daire.mcnamara@microchip.com>
PCI: microchip: Fix potential race in interrupt handling
Fabiano Rosas <farosas@linux.ibm.com>
KVM: PPC: Book3S HV: Fix vcore_blocked tracepoint
Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy@linux.intel.com>
PCI/AER: Clear MULTI_ERR_COR/UNCOR_RCV bits
Miaoqian Lin <linmq006@gmail.com>
Input: sparcspkr - fix refcount leak in bbc_beep_probe
Jane Chu <jane.chu@oracle.com>
mce: fix set_mce_nospec to always unmap the whole page
Jane Chu <jane.chu@oracle.com>
x86/mce: relocate set{clear}_mce_nospec() functions
Mina Almasry <almasrymina@google.com>
hugetlbfs: fix hugetlbfs_statfs() locking
Michael Walle <michael@walle.cc>
ARM: dts: lan966x: swap dma channels for crypto node
Eugen Hristev <eugen.hristev@microchip.com>
ARM: dts: at91: sama7g5: remove interrupt-parent from gic node
Sebastian Andrzej Siewior <bigeasy@linutronix.de>
crypto: cryptd - Protect per-CPU resource by disabling BH.
Corentin Labbe <clabbe@baylibre.com>
crypto: sun8i-ss - handle zero sized sg
Corentin Labbe <clabbe@baylibre.com>
crypto: sun8i-ss - rework handling of IV
Qi Zheng <zhengqi.arch@bytedance.com>
tty: fix deadlock caused by calling printk() under tty_port->lock
Alexey Dobriyan <adobriyan@gmail.com>
module: fix [e_shstrndx].sh_size=0 OOB access
Greg Kroah-Hartman <gregkh@linuxfoundation.org>
module.h: simplify MODULE_IMPORT_NS
AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
PCI: mediatek-gen3: Assert resets to ensure expected init state
Francesco Dolcini <francesco.dolcini@toradex.com>
PCI: imx6: Fix PERST# start-up sequence
Waiman Long <longman@redhat.com>
ipc/mqueue: use get_tree_nodev() in mqueue_get_tree()
Alexey Dobriyan <adobriyan@gmail.com>
proc: fix dentry/inode overinstantiating under /proc/${pid}/net
Charles Keepax <ckeepax@opensource.cirrus.com>
ASoC: atmel-classd: Remove endianness flag on class d component
Charles Keepax <ckeepax@opensource.cirrus.com>
ASoC: atmel-pdmic: Remove endianness flag on pdmic component
Robert Marko <robert.marko@sartura.hr>
arm64: dts: marvell: espressobin-ultra: enable front USB3 port
Robert Marko <robert.marko@sartura.hr>
arm64: dts: marvell: espressobin-ultra: fix SPI-NOR config
Yangyang Li <liyangyang20@huawei.com>
RDMA/hns: Add the detection for CMDQ status in the device initialization process
Randy Dunlap <rdunlap@infradead.org>
powerpc/4xx/cpm: Fix return value of __setup() handler
Randy Dunlap <rdunlap@infradead.org>
powerpc/idle: Fix return value of __setup() handler
Yang Yingliang <yangyingliang@huawei.com>
pinctrl: renesas: core: Fix possible null-ptr-deref in sh_pfc_map_resources()
Geert Uytterhoeven <geert+renesas@glider.be>
pinctrl: renesas: r8a779f0: Fix GPIO function on I2C-capable pins
Geert Uytterhoeven <geert+renesas@glider.be>
pinctrl: renesas: r8a779a0: Fix GPIO function on I2C-capable pins
Randy Dunlap <rdunlap@infradead.org>
powerpc/8xx: export 'cpm_setbrg' for modules
Lv Ruyi <lv.ruyi@zte.com.cn>
drm/msm/dpu: fix error check return value of irq_of_parse_and_map()
Kuniyuki Iwashima <kuniyu@amazon.co.jp>
list: fix a data-race around ep->rdllist
Heming Zhao via Ocfs2-devel <ocfs2-devel@oss.oracle.com>
ocfs2: fix mounting crash if journal is not alloced
Sudeep Holla <sudeep.holla@arm.com>
firmware: arm_ffa: Remove incorrect assignment of driver_data
Sudeep Holla <sudeep.holla@arm.com>
firmware: arm_ffa: Fix uuid parameter to ffa_partition_probe
Christophe JAILLET <christophe.jaillet@wanadoo.fr>
drivers/base/memory: fix an unlikely reference counting issue in __add_memory_block()
Muchun Song <songmuchun@bytedance.com>
dax: fix cache flush on PMD-mapped pages
Miaohe Lin <linmiaohe@huawei.com>
drivers/base/node.c: fix compaction sysfs file leak
Jacky Li <jackyli@google.com>
crypto: ccp - Fix the INIT_EX data file open failure
Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
pinctrl: mvebu: Fix irq_of_parse_and_map() return value
Dan Williams <dan.j.williams@intel.com>
nvdimm: Allow overwrite in the presence of disabled dimms
Dan Williams <dan.j.williams@intel.com>
nvdimm: Fix firmware activation deadlock scenarios
Cristian Marussi <cristian.marussi@arm.com>
firmware: arm_scmi: Fix list protocols enumeration in the base protocol
Lad Prabhakar <prabhakar.mahadev-lad.rj@bp.renesas.com>
ASoC: sh: rz-ssi: Release the DMA channels in rz_ssi_probe() error path
Lad Prabhakar <prabhakar.mahadev-lad.rj@bp.renesas.com>
ASoC: sh: rz-ssi: Propagate error codes returned from platform_get_irq_byname()
Matthias Schiffer <matthias.schiffer@ew.tq-group.com>
arm64: dts: ti: k3-am64-mcu: remove incorrect UART base clock rates
QintaoShen <unSimple1993@163.com>
soc: bcm: Check for NULL return of devm_kzalloc()
Gustavo A. R. Silva <gustavoars@kernel.org>
scsi: fcoe: Fix Wstringop-overflow warnings in fcoe_wwn_from_mac()
Lv Ruyi <lv.ruyi@zte.com.cn>
mfd: ipaq-micro: Fix error check return value of platform_get_irq()
Hari Bathini <hbathini@linux.ibm.com>
powerpc/fadump: fix PT_LOAD segment for boot memory area
Andrea Parri (Microsoft) <parri.andrea@gmail.com>
Drivers: hv: vmbus: Fix handling of messages with transaction ID of zero
Vinod Koul <vkoul@kernel.org>
arm64: dts: qcom: qrb5165-rb5: Fix can-clock node name
Fabien Parent <fparent@baylibre.com>
pinctrl: mediatek: mt8195: enable driver on mtk platforms
Caleb Connolly <kc@postmarketos.org>
pinctrl/rockchip: support deferring other gpio params
Chuanhong Guo <gch981213@gmail.com>
arm: mediatek: select arch timer for mt7629
Chia-I Wu <olvaffe@gmail.com>
drm/msm: return the average load over the polling period
Chia-I Wu <olvaffe@gmail.com>
drm/msm: simplify gpu_busy callback
Stefan Wahren <stefan.wahren@i2se.com>
pinctrl: bcm2835: implement hook for missing gpio-ranges
Stefan Wahren <stefan.wahren@i2se.com>
gpiolib: of: Introduce hook for missing gpio-ranges
Corentin Labbe <clabbe@baylibre.com>
crypto: marvell/cesa - ECB does not IV
Vladis Dronov <vdronov@redhat.com>
hwrng: cn10k - Make check_rng_health() return an error code
Vladis Dronov <vdronov@redhat.com>
hwrng: cn10k - Optimize cn10k_rng_read()
Hangyu Hua <hbh25y@gmail.com>
misc: ocxl: fix possible double free in ocxl_file_register_afu
Stefan Wahren <stefan.wahren@i2se.com>
ARM: dts: bcm2835-rpi-b: Fix GPIO line names
Phil Elwell <phil@raspberrypi.com>
ARM: dts: bcm2837-rpi-3-b-plus: Fix GPIO line name of power LED
Phil Elwell <phil@raspberrypi.com>
ARM: dts: bcm2837-rpi-cm3-io3: Fix GPIO line names for SMPS I2C
Phil Elwell <phil@raspberrypi.com>
ARM: dts: bcm2835-rpi-zero-w: Fix GPIO line name for Wifi/BT
Vinod Koul <vkoul@kernel.org>
arm64: dts: qcom: sm8450: Fix missing iommus for qup1
Vinod Koul <vkoul@kernel.org>
arm64: dts: qcom: sm8450: Fix missing iommus for qup
Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
ARM: dts: qcom: sdx55: remove wrong unit address from RPMH RSC clocks
Bryan O'Donoghue <bryan.odonoghue@linaro.org>
dt-bindings: soc: qcom: smd-rpm: Fix missing MSM8936 compatible
Marek Vasut <marex@denx.de>
ARM: dts: stm32: Fix PHY post-reset delay on Avenger96
Marc Kleine-Budde <mkl@pengutronix.de>
can: xilinx_can: mark bit timing constants as const
Guenter Roeck <linux@roeck-us.net>
platform/chrome: Re-introduce cros_ec_cmd_xfer and use it for ioctls
Max Krummenacher <max.krummenacher@toradex.com>
ARM: dts: imx6dl-colibri: Fix I2C pinmuxing
Tzung-Bi Shih <tzungbi@kernel.org>
platform/chrome: cros_ec: fix error handling in cros_ec_register()
Giovanni Cabiddu <giovanni.cabiddu@intel.com>
crypto: qat - set COMPRESSION capability for DH895XCC
Giovanni Cabiddu <giovanni.cabiddu@intel.com>
crypto: qat - set CIPHER capability for DH895XCC
Sudeep Holla <sudeep.holla@arm.com>
arm64: dts: juno: Fix SCMI power domain IDs for ETF and CS funnel
Sean Christopherson <seanjc@google.com>
KVM: nVMX: Clear IDT vectoring on nested VM-Exit for double/triple fault
Sean Christopherson <seanjc@google.com>
KVM: nVMX: Leave most VM-Exit info fields unmodified on failed VM-Entry
Dan Williams <dan.j.williams@intel.com>
cxl/pci: Make cxl_dvsec_ranges() failure not fatal to cxl_pci
Dan Williams <dan.j.williams@intel.com>
cxl/pci: Add debug for DVSEC range init failures
Bjorn Andersson <bjorn.andersson@linaro.org>
soc: qcom: llcc: Add MODULE_DEVICE_TABLE()
Stephen Boyd <swboyd@chromium.org>
arm64: dts: qcom: sc7280-herobrine: Drop outputs on fpmcu pins
Stephen Boyd <swboyd@chromium.org>
arm64: dts: qcom: sc7280: Fix sar1_irq_odl node name
Thorsten Scherer <t.scherer@eckelmann.de>
ARM: dts: ci4x10: Adapt to changes in imx6qdl.dtsi regarding fec clocks
Jiantao Zhang <water.zhangjiantao@huawei.com>
PCI: dwc: Fix setting error return on MSI DMA mapping failure
Miaoqian Lin <linmq006@gmail.com>
PCI: mediatek: Fix refcount leak in mtk_pcie_subsys_powerup()
Dan Carpenter <dan.carpenter@oracle.com>
PCI: rockchip: Fix find_first_zero_bit() limit
Dan Carpenter <dan.carpenter@oracle.com>
PCI: cadence: Fix find_first_zero_bit() limit
Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
arm64: defconfig: reenable SM_DISPCC_8250
Miaoqian Lin <linmq006@gmail.com>
soc: qcom: smsm: Fix missing of_node_put() in smsm_parse_ipc
Miaoqian Lin <linmq006@gmail.com>
soc: qcom: smp2p: Fix missing of_node_put() in smp2p_parse_ipc
Andre Przywara <andre.przywara@arm.com>
ARM: dts: suniv: F1C100: fix watchdog compatible
Rafał Miłecki <rafal@milecki.pl>
ARM: dts: BCM5301X: Update pin controller node name
Christophe JAILLET <christophe.jaillet@wanadoo.fr>
memory: samsung: exynos5422-dmc: Avoid some over memory allocation
Mario Limonciello <mario.limonciello@amd.com>
PCI/ACPI: Allow D3 only if Root Port can signal and wake from D3
Allen-KH Cheng <allen-kh.cheng@mediatek.com>
arm64: dts: mt8192: Fix nor_flash status disable typo
Shawn Lin <shawn.lin@rock-chips.com>
arm64: dts: rockchip: Move drive-impedance-ohm to emmc phy on rk3399
Sean Young <sean@mess.org>
media: lirc: revert removal of unused feature flags
liuyacan <liuyacan@corp.netease.com>
Revert "net/smc: fix listen processing for SMC-Rv2"
Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Bluetooth: hci_conn: Fix hci_connect_le_sync
Robin Murphy <robin.murphy@arm.com>
dma-direct: don't over-decrypt memory
liuyacan <liuyacan@corp.netease.com>
net/smc: fix listen processing for SMC-Rv2
liuyacan <liuyacan@corp.netease.com>
net/smc: postpone sk_refcnt increment in connect()
Randy Dunlap <rdunlap@infradead.org>
net: dsa: restrict SMSC_LAN9303_I2C kconfig
Ioana Ciornei <ioana.ciornei@nxp.com>
dpaa2-eth: unmap the SGT buffer before accessing its contents
Ioana Ciornei <ioana.ciornei@nxp.com>
dpaa2-eth: use the correct software annotation field
Ioana Ciornei <ioana.ciornei@nxp.com>
dpaa2-eth: retrieve the virtual address before dma_unmap
Christophe JAILLET <christophe.jaillet@wanadoo.fr>
hinic: Avoid some over memory allocation
David Howells <dhowells@redhat.com>
rxrpc: Fix decision on when to generate an IDLE ACK
David Howells <dhowells@redhat.com>
rxrpc: Don't let ack.previousPacket regress
David Howells <dhowells@redhat.com>
rxrpc: Fix overlapping ACK accounting
David Howells <dhowells@redhat.com>
rxrpc: Don't try to resend the request if we're receiving the reply
David Howells <dhowells@redhat.com>
rxrpc: Fix listen() setting the bar too high for the prealloc rings
David Howells <dhowells@redhat.com>
rxrpc: Fix locking issue
Adam Wujek <dev_public@wujek.eu>
hwmon: (pmbus) Check PEC support before reading other registers
Guenter Roeck <linux@roeck-us.net>
hwmon: (dimmtemp) Fix bitmap handling
Yongzhi Liu <lyz_cs@pku.edu.cn>
hv_netvsc: Fix potential dereference of NULL pointer
Taehee Yoo <ap420073@gmail.com>
amt: fix memory leak for advertisement message
Taehee Yoo <ap420073@gmail.com>
amt: fix gateway mode stuck
Jakub Kicinski <kuba@kernel.org>
net: stmmac: fix out-of-bounds access in a selftest
Kan Liang <kan.liang@linux.intel.com>
perf parse-events: Support different format of the topdown event name
Alexey Khoroshilov <khoroshilov@ispras.ru>
ASoC: max98090: Move check for invalid values before casting in max98090_put_enab_tlv()
Hangbin Liu <liuhangbin@gmail.com>
bonding: fix missed rcu protection
Duoming Zhou <duoming@zju.edu.cn>
NFC: hci: fix sleep in atomic context bugs in nfc_hci_hcp_message_tx
John Garry <john.garry@huawei.com>
scsi: hisi_sas: Fix memory ordering in hisi_sas_task_deliver()
John Garry <john.garry@huawei.com>
scsi: hisi_sas: Fix rescan after deleting a disk
Harini Katakam <harini.katakam@xilinx.com>
net: macb: Fix PTP one step sync support
Ulf Hansson <ulf.hansson@linaro.org>
PM: domains: Fix initialization of genpd's next_wakeup
Heikki Krogerus <heikki.krogerus@linux.intel.com>
platform/x86: intel_cht_int33fe: Set driver data
Ulf Hansson <ulf.hansson@linaro.org>
cpuidle: riscv-sbi: Fix code to allow a genpd governor to be used
Ulf Hansson <ulf.hansson@linaro.org>
cpuidle: psci: Fix regression leading to no genpd governor
Yang Yingliang <yangyingliang@huawei.com>
ASoC: wm2000: fix missing clk_disable_unprepare() on error in wm2000_anc_transition()
YueHaibing <yuehaibing@huawei.com>
ASoC: codecs: lpass: Fix passing zero to 'PTR_ERR'
Jan Kara <jack@suse.cz>
bfq: Allow current waker to defend against a tentative one
Jan Kara <jack@suse.cz>
bfq: Relax waker detection for shared queues
Miaoqian Lin <linmq006@gmail.com>
thermal/drivers/imx_sc_thermal: Fix refcount leak in imx_sc_thermal_probe
Yang Yingliang <yangyingliang@huawei.com>
thermal/core: Fix memory leak in __thermal_cooling_device_register()
Zheng Yongjun <zhengyongjun3@huawei.com>
thermal/drivers/broadcom: Fix potential NULL dereference in sr_thermal_probe
Stefan Wahren <stefan.wahren@i2se.com>
thermal/drivers/bcm2711: Don't clamp temperature at zero
Nathan Chancellor <nathan@kernel.org>
drm/i915: Fix CFI violation with show_dynamic_id()
Abhinav Kumar <quic_abhinavk@quicinc.com>
drm/msm/dpu: handle pm_runtime_get_sync() errors in bind path
Hangbin Liu <liuhangbin@gmail.com>
selftests/bpf: Add missed ima_setup.sh in Makefile
Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
drm/msm: don't free the IRQ if it was not requested
Lai Jiangshan <jiangshan.ljs@antgroup.com>
x86/sev: Annotate stack change in the #VC handler
Hangyu Hua <hbh25y@gmail.com>
drm: msm: fix possible memory leak in mdp5_crtc_cursor_set()
Miaoqian Lin <linmq006@gmail.com>
drm/msm/a6xx: Fix refcount leak in a6xx_gpu_init
Douglas Anderson <dianders@chromium.org>
drm/msm/dsi: don't powerup at modeset time for parade-ps8640
Eric Biggers <ebiggers@google.com>
ext4: reject the 'commit' option on ext2 filesystems
Moshe Tal <moshet@nvidia.com>
net/mlx5e: Correct the calculation of max channels for rep
Gao Xiang <hsiangkao@linux.alibaba.com>
erofs: fix buffer copy overflow of ztailpacking feature
Wolfgang Bumiller <w.bumiller@proxmox.com>
blk-cgroup: always terminate io.stat lines
Miaoqian Lin <linmq006@gmail.com>
regulator: scmi: Fix refcount leak in scmi_regulator_probe
Jonas Karlman <jonas@kwiboo.se>
media: rkvdec: h264: Fix bit depth wrap in pps packet
Nicolas Dufresne <nicolas.dufresne@collabora.com>
media: rkvdec: h264: Fix dpb_valid implementation
Nicolas Dufresne <nicolas.dufresne@collabora.com>
media: rkvdec: Stop overclocking the decoder
Yang Yingliang <yangyingliang@huawei.com>
media: i2c: ov5648: fix wrong pointer passed to IS_ERR() and PTR_ERR()
Mike Pagano <mpagano@gentoo.org>
media: i2c: ov2640: Depend on V4L2_ASYNC
Dongliang Mu <mudongliangabcd@gmail.com>
media: ov7670: remove ov7670_power_off from ov7670_remove
Andre Przywara <andre.przywara@arm.com>
kselftest/arm64: bti: force static linking
Miaoqian Lin <linmq006@gmail.com>
ASoC: ti: j721e-evm: Fix refcount leak in j721e_soc_probe_*
Zheng Bin <zhengbin13@huawei.com>
net: hinic: add missing destroy_workqueue in hinic_pf_to_mgmt_init
Eric Dumazet <edumazet@google.com>
sctp: read sk->sk_bound_dev_if once in sctp_rcv()
Eric Dumazet <edumazet@google.com>
net: annotate races around sk->sk_bound_dev_if
Geert Uytterhoeven <geert@linux-m68k.org>
m68k: math-emu: Fix dependencies of math emulation support
Keith Busch <kbusch@kernel.org>
nvme: set dma alignment to dword
Mark Rutland <mark.rutland@arm.com>
irqchip/gic-v3: Fix priority mask handling
Mark Rutland <mark.rutland@arm.com>
irqchip/gic-v3: Refactor ISB + EOIR at ack time
Mark Rutland <mark.rutland@arm.com>
irqchip/gic-v3: Ensure pseudo-NMIs have an ISB between ack and handling
Dylan Yudaken <dylany@fb.com>
io_uring: only wake when the correct events are set
Pavel Begunkov <asml.silence@gmail.com>
io_uring: avoid io-wq -EAGAIN looping for !IOPOLL
Yunfei Dong <yunfei.dong@mediatek.com>
media: mediatek: vcodec: Fix v4l2 compliance decoder cmd test fail
Sean Wang <sean.wang@mediatek.com>
Bluetooth: btmtksdio: fix the reset takes too long
Sean Wang <sean.wang@mediatek.com>
Bluetooth: btmtksdio: fix possible FW initialization failure
Sean Wang <sean.wang@mediatek.com>
Bluetooth: btmtksdio: fix use-after-free at btmtksdio_recv_event
Niels Dossche <dossche.niels@gmail.com>
Bluetooth: protect le accept and resolv lists with hdev->lock
Niels Dossche <dossche.niels@gmail.com>
Bluetooth: use hdev lock for accept_list and reject_list in conn req
Niels Dossche <dossche.niels@gmail.com>
Bluetooth: use hdev lock in activate_scan for hci_is_adv_monitoring
Ying Hsu <yinghsu@chromium.org>
Bluetooth: fix dangling sco_conn and use-after-free in sco_sock_timeout
Sean Wang <sean.wang@mediatek.com>
Bluetooth: mt7921s: Fix the incorrect pointer check
Benjamin Gaignard <benjamin.gaignard@collabora.com>
media: hantro: HEVC: Fix tile info buffer value computation
Eugen Hristev <eugen.hristev@microchip.com>
media: atmel: atmel-sama5d2-isc: fix wrong mask in YUYV format check
Michael Rodin <mrodin@de.adit-jv.com>
media: vsp1: Fix offset calculation for plane cropping
Randy Dunlap <rdunlap@infradead.org>
media: make RADIO_ADAPTERS tristate
Pavel Skripkin <paskripkin@gmail.com>
media: pvrusb2: fix array-index-out-of-bounds in pvr2_i2c_core_init
Miaoqian Lin <linmq006@gmail.com>
media: exynos4-is: Change clk_disable to clk_disable_unprepare
Laurentiu Palcu <laurentiu.palcu@oss.nxp.com>
media: i2c: rdacm2x: properly set subdev entity function
Miaoqian Lin <linmq006@gmail.com>
media: atmel: atmel-isc: Fix PM disable depth imbalance in atmel_isc_probe
Miaoqian Lin <linmq006@gmail.com>
media: st-delta: Fix PM disable depth imbalance in delta_probe
Peter Chiu <chui-hao.chiu@mediatek.com>
mt76: mt7915: fix twt table_mask to u16 in mt7915_dev
Felix Fietkau <nbd@nbd.name>
mt76: fix tx status related use-after-free race on station removal
Felix Fietkau <nbd@nbd.name>
mt76: do not attempt to reorder received 802.3 packets without agg session
Sean Wang <sean.wang@mediatek.com>
mt76: mt7921: fix kernel crash at mt7921_pci_remove
Deren Wu <deren.wu@mediatek.com>
mt76: fix antenna config missing in 6G cap
Lorenzo Bianconi <lorenzo@kernel.org>
mt76: mt7915: report rx mode value in mt7915_mac_fill_rx_rate
Lorenzo Bianconi <lorenzo@kernel.org>
mt76: mt7915: do not pass data pointer to mt7915_mcu_muru_debug_set
Lorenzo Bianconi <lorenzo@kernel.org>
mt76: mt7915: fix possible NULL pointer dereference in mt7915_mac_fill_rx_vector
Lorenzo Bianconi <lorenzo@kernel.org>
mt76: mt7915: fix possible uninitialized pointer dereference in mt7986_wmac_gpio_setup
Christophe JAILLET <christophe.jaillet@wanadoo.fr>
mt76: mt7921: Fix the error handling path of mt7921_pci_probe()
Lorenzo Bianconi <lorenzo@kernel.org>
mt76: mt7915: fix unbounded shift in mt7915_mcu_beacon_mbss
Lorenzo Bianconi <lorenzo@kernel.org>
mt76: mt7921: honor pm user configuration in mt7921_sniffer_interface_iter
Felix Fietkau <nbd@nbd.name>
mt76: mt7915: fix DBDC default band selection on MT7915D
Miaoqian Lin <linmq006@gmail.com>
media: exynos4-is: Fix PM disable depth imbalance in fimc_is_probe
Christophe JAILLET <christophe.jaillet@wanadoo.fr>
media: aspeed: Fix an error handling path in aspeed_video_probe()
Josh Poimboeuf <jpoimboe@kernel.org>
scripts/faddr2line: Fix overlapping text section failures
Phil Auld <pauld@redhat.com>
kselftest/cgroup: fix test_stress.sh to use OUTPUT dir
Bart Van Assche <bvanassche@acm.org>
block: Fix the bio.bi_opf comment
Miaoqian Lin <linmq006@gmail.com>
ASoC: samsung: Fix refcount leak in aries_audio_probe
Christoph Hellwig <hch@lst.de>
dma-direct: don't fail on highmem CMA pages in dma_direct_alloc_pages
Pierre Gondois <Pierre.Gondois@arm.com>
PM: EM: Decrement policy counter
Miaoqian Lin <linmq006@gmail.com>
regulator: pfuze100: Fix refcount leak in pfuze_parse_regulators_dt
Miaoqian Lin <linmq006@gmail.com>
ASoC: mxs-saif: Fix refcount leak in mxs_saif_probe
Miaoqian Lin <linmq006@gmail.com>
ASoC: imx-hdmi: Fix refcount leak in imx_hdmi_probe
Miaoqian Lin <linmq006@gmail.com>
ASoC: fsl: Fix refcount leak in imx_sgtl5000_probe
Basavaraj Natikar <Basavaraj.Natikar@amd.com>
HID: amd_sfh: Modify the hid name
Basavaraj Natikar <Basavaraj.Natikar@amd.com>
HID: amd_sfh: Modify the bus name
Ajay Singh <ajay.kathat@microchip.com>
wilc1000: fix crash observed in AP mode with cfg80211_register_netdevice()
James Smart <jsmart2021@gmail.com>
scsi: lpfc: Fix dmabuf ptr assignment in lpfc_ct_reject_event()
James Smart <jsmart2021@gmail.com>
scsi: lpfc: Fix element offset in __lpfc_sli_release_iocbq_s4()
Baochen Qiang <quic_bqiang@quicinc.com>
ath11k: Don't check arvif->is_started before sending management frames
Ravi Bangoria <ravi.bangoria@amd.com>
perf/amd/ibs: Use interrupt regs ip for stack unwinding
Jerome Marchand <jmarchan@redhat.com>
samples: bpf: Don't fail for a missing VMLINUX_BTF when VMLINUX_H is provided
Konrad Dybcio <konrad.dybcio@somainline.org>
regulator: qcom_smd: Fix up PM8950 regulator configuration
Viresh Kumar <viresh.kumar@linaro.org>
Revert "cpufreq: Fix possible race in cpufreq online error path"
Andrii Nakryiko <andrii@kernel.org>
selftests/bpf: Prevent skeleton generation race
Yang Yingliang <yangyingliang@huawei.com>
spi: spi-fsl-qspi: check return value after calling platform_get_resource_byname()
Andreas Gruenbacher <agruenba@redhat.com>
iomap: iomap_write_failed fix
Mark Rutland <mark.rutland@arm.com>
arm64: stackleak: fix current_top_of_stack()
Xiaomeng Tong <xiam0nd.tong@gmail.com>
media: uvcvideo: Fix missing check to determine if element is found in list
Dan Carpenter <dan.carpenter@oracle.com>
drm/msm: return an error pointer in msm_gem_prime_get_sg_table()
Jessica Zhang <quic_jesszhan@quicinc.com>
drm/msm/mdp5: Return error code in mdp5_mixer_release when deadlock is detected
Jessica Zhang <quic_jesszhan@quicinc.com>
drm/msm/mdp5: Return error code in mdp5_pipe_release when deadlock is detected
Kuogee Hsieh <quic_khsieh@quicinc.com>
drm/msm/dp: fix event thread stuck in wait_event after kthread_stop()
Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
drm/msm/dsi: fix address for second DSI PHY on SDM660
Vinod Polimera <quic_vpolimer@quicinc.com>
drm/msm/disp/dpu1: avoid clearing hw interrupts if hw_intr is null during drm uninit
Ilkka Koskinen <ilkka@os.amperecomputing.com>
ACPI: AGDI: Fix missing prototype warning for acpi_agdi_init()
Peter Zijlstra <peterz@infradead.org>
linkage: Fix issue with missing symbol size
H. Nikolaus Schaller <hns@goldelico.com>
wl1251: dynamically allocate memory used for DMA
Zev Weiss <zev@bewilderbeest.net>
regulator: core: Fix enable_count imbalance with EXCLUSIVE_GET
Tong Tiangen <tongtiangen@huawei.com>
arm64: fix types in copy_highpage()
Randy Dunlap <rdunlap@infradead.org>
x86/mm: Cleanup the control_va_addr_alignment() __setup handler
Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
irqchip/aspeed-scu-ic: Fix irq_of_parse_and_map() return value
Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
irqchip/aspeed-i2c-ic: Fix irq_of_parse_and_map() return value
Daniel Thompson <daniel.thompson@linaro.org>
irqchip/exiu: Fix acknowledgment of edge triggered interrupts
Randy Dunlap <rdunlap@infradead.org>
x86: Fix return value of __setup handlers
Johannes Berg <johannes.berg@intel.com>
nl80211: don't hold RTNL in color change request
Christoph Hellwig <hch@lst.de>
virtio_blk: fix the discard_granularity and discard_alignment queue limits
James Clark <james.clark@arm.com>
perf tools: Use Python devtools for version autodetection rather than runtime
Ian Abbott <abbotti@mev.co.uk>
spi: cadence-quadspi: fix Direct Access Mode disable for SoCFPGA
Yang Yingliang <yangyingliang@huawei.com>
drm/rockchip: vop: fix possible null-ptr-deref in vop_bind()
Daniel Latypov <dlatypov@google.com>
kunit: fix debugfs code to use enum kunit_status, not bool
Luca Weiss <luca@z3ntu.xyz>
drm/msm: Fix null pointer dereferences without iommu
Pin-Yen Lin <treapking@chromium.org>
drm/bridge: it6505: Send DPCD SET_POWER to downstream
Jagan Teki <jagan@amarulasolutions.com>
drm/panel: panel-simple: Fix proper bpc for AM-1280800N3TZQW-T00H
Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
drm/msm: add missing include to msm_drv.c
Lv Ruyi <lv.ruyi@zte.com.cn>
drm/msm/hdmi: fix error check return value of irq_of_parse_and_map()
Yang Yingliang <yangyingliang@huawei.com>
drm/msm/hdmi: check return value after calling platform_get_resource_byname()
Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
drm/msm/dsi: fix error checks and return values for DSI xmit functions
Kuogee Hsieh <quic_khsieh@quicinc.com>
drm/msm/dp: do not stop transmitting phy test pattern during DP phy compliance test
Kuogee Hsieh <quic_khsieh@quicinc.com>
drm/msm/dp: reset DP controller before transmit phy test pattern
Lv Ruyi <lv.ruyi@zte.com.cn>
drm/msm/dp: fix error check return value of irq_of_parse_and_map()
Kuogee Hsieh <quic_khsieh@quicinc.com>
drm/msm/dp: stop event kernel thread when DP unbind
Vinod Polimera <quic_vpolimer@quicinc.com>
drm/msm/disp/dpu1: set vbif hw config to NULL to avoid use after memory free during pm runtime resume
Yang Jihong <yangjihong1@huawei.com>
perf tools: Add missing headers needed by util/data.h
Nicolas Frattaroli <frattaroli.nicolas@gmail.com>
ASoC: rk3328: fix disabling mclk on pclk probe failure
Josh Poimboeuf <jpoimboe@redhat.com>
x86/speculation: Add missing prototype for unpriv_ebpf_notify()
Yang Yingliang <yangyingliang@huawei.com>
mtd: rawnand: intel: fix possible null-ptr-deref in ebu_nand_probe()
Yang Yingliang <yangyingliang@huawei.com>
mtd: rawnand: cadence: fix possible null-ptr-deref in cadence_nand_dt_probe()
Matthieu Baerts <matthieu.baerts@tessares.net>
x86/pm: Fix false positive kmemleak report in msr_build_context()
Chen-Tsung Hsieh <chentsung@chromium.org>
mtd: spi-nor: core: Check written SR value in spi_nor_write_16bit_sr_and_check()
Andrii Nakryiko <andrii@kernel.org>
libbpf: Fix logic for finding matching program for CO-RE relocation
Colin Ian King <colin.king@intel.com>
selftests/resctrl: Fix null pointer dereference on open failed
Colin Ian King <colin.king@intel.com>
drm/v3d: Fix null pointer dereference of pointer perfmon
Kiwoong Kim <kwmad.kim@samsung.com>
scsi: ufs: core: Exclude UECxx from SFR dump list
Bart Van Assche <bvanassche@acm.org>
scsi: ufs: qcom: Fix ufs_qcom_resume()
Dan Carpenter <dan.carpenter@oracle.com>
scsi: iscsi: Fix harmless double shift bug
Kuogee Hsieh <quic_khsieh@quicinc.com>
drm/msm/dpu: adjust display_v_end for eDP and DP
Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
drm/msm: properly add and remove internal bridges
Yuanchu Xie <yuanchu@google.com>
selftests/damon: add damon to selftests root Makefile
Nuno Sá <nuno.sa@analog.com>
of: overlay: do not break notify on NOTIFY_{OK|STOP}
Luca Ceresoli <luca.ceresoli@bootlin.com>
spi: rockchip: fix missing error on unsupported SPI_CS_HIGH
Amir Goldstein <amir73il@gmail.com>
fsnotify: fix wrong lockdep annotations
Amir Goldstein <amir73il@gmail.com>
inotify: show inotify mask flags in proc fdinfo
Bjørn Mork <bjorn@mork.no>
mtdblock: warn if opened on NAND
Colin Ian King <colin.king@intel.com>
ALSA: pcm: Check for null pointer of pointer substream before dereferencing it
Marek Vasut <marex@denx.de>
drm/panel: simple: Add missing bus flags for Innolux G070Y2-L01
Laurent Pinchart <laurent.pinchart@ideasonboard.com>
media: imx: imx-mipi-csis: Fix active format initialization on source pad
Laurent Pinchart <laurent.pinchart@ideasonboard.com>
media: imx: imx-mipi-csis: Rename csi_state to mipi_csis_device
Chen-Yu Tsai <wenst@chromium.org>
media: hantro: Empty encoder capture buffers by default
Chen-Yu Tsai <wenst@chromium.org>
media: hantro: Implement support for encoder commands
Ming Qian <ming.qian@nxp.com>
media: amphion: fix decoder's interlaced field
Laurentiu Palcu <laurentiu.palcu@oss.nxp.com>
media: i2c: max9286: fix kernel oops when removing module
Dan Carpenter <dan.carpenter@oracle.com>
ath9k_htc: fix potential out of bounds access with invalid rxstatus->rs_keyix
John Ogness <john.ogness@linutronix.de>
printk: wake waiters for safe and NMI contexts
John Ogness <john.ogness@linutronix.de>
printk: add missing memory barrier to wake_up_klogd()
Schspa Shi <schspa@gmail.com>
cpufreq: Fix possible race in cpufreq online error path
Robert Foss <robert.foss@linaro.org>
drm/bridge: Fix it6505 Kconfig DRM_DP_AUX_BUS dependency
Zheng Yongjun <zhengyongjun3@huawei.com>
spi: img-spfi: Fix pm_runtime_get_sync() error checking
Chengming Zhou <zhouchengming@bytedance.com>
sched/psi: report zeroes for CPU full at the system level
Chengming Zhou <zhouchengming@bytedance.com>
sched/fair: Fix cfs_rq_clock_pelt() for throttled cfs_rq
Marco Elver <elver@google.com>
signal: Deliver SIGTRAP on perf event asynchronously if blocked
Nícolas F. R. A. Prado <nfraprado@collabora.com>
drm/mediatek: dpi: Use mt8183 output formats for mt8192
Wei Yongjun <weiyongjun1@huawei.com>
regulator: da9121: Fix uninit-value in da9121_assign_chip_model()
Miaoqian Lin <linmq006@gmail.com>
drm/bridge: Fix error handling in analogix_dp_probe
Miaoqian Lin <linmq006@gmail.com>
HID: elan: Fix potential double free in elan_input_configured
Jonathan Teh <jonathan.teh@outlook.com>
HID: hid-led: fix maximum brightness for Dream Cheeky
Zheyu Ma <zheyuma97@gmail.com>
mtd: rawnand: denali: Use managed device resources
Nícolas F. R. A. Prado <nfraprado@collabora.com>
drm/bridge: anx7625: Use uint8 for lane-swing arrays
Stanislav Fomichev <sdf@google.com>
bpf: Move rcu lock management out of BPF_PROG_RUN routines
Tyler Hicks <tyhicks@linux.microsoft.com>
EDAC/dmc520: Don't print an error for each unconfigured interrupt line
Arnd Bergmann <arnd@arndb.de>
drbd: fix duplicate array initializer
Christoph Hellwig <hch@lst.de>
drbd: use bdev_alignment_offset instead of queue_alignment_offset
Christoph Hellwig <hch@lst.de>
drbd: use bdev based limit helpers in drbd_send_sizes
Christoph Hellwig <hch@lst.de>
drbd: remove assign_p_sizes_qlim
Christoph Hellwig <hch@lst.de>
target: remove an incorrect unmap zeroes data deduction
Ansuel Smith <ansuelsmth@gmail.com>
net: dsa: qca8k: correctly handle mdio read error
Gavin Wan <Gavin.Wan@amd.com>
drm/amd/amdgpu: Remove static from variable in RLCG Reg RW
Andy Shevchenko <andriy.shevchenko@linux.intel.com>
device property: Allow error pointer to be passed to fwnode APIs
Jan Kiszka <jan.kiszka@siemens.com>
efi: Add missing prototype for efi_capsule_setup_info
Javier Martinez Canillas <javierm@redhat.com>
efi: Allow to enable EFI runtime services by default on RT
Kevin Hao <haokexin@gmail.com>
cpufreq: governor: Use kobject release() method to free dbs_data
Lin Ma <linma@zju.edu.cn>
NFC: NULL out the dev->rfkill to prevent UAF
Lv Ruyi <lv.ruyi@zte.com.cn>
ixp4xx_eth: fix error check return value of platform_get_irq()
Russell King (Oracle) <rmk+kernel@armlinux.org.uk>
net: dsa: mt7530: 1G can also support 1000BASE-X link mode
YueHaibing <yuehaibing@huawei.com>
net: ethernet: ti: am65-cpsw: Fix build error without PHYLINK
Paul E. McKenney <paulmck@kernel.org>
scftorture: Fix distribution of short handler delays
Miaoqian Lin <linmq006@gmail.com>
spi: spi-ti-qspi: Fix return value handling of wait_for_completion_timeout
Yongqiang Sun <yongqiang.sun@amd.com>
drm/amd/amdgpu: Fix asm/hypervisor.h build error.
Jiasheng Jiang <jiasheng@iscas.ac.cn>
drm: mali-dp: potential dereference of null pointer
Zhou Qingyang <zhou1615@umn.edu>
drm/komeda: Fix an undefined behavior bug in komeda_plane_add()
Johannes Berg <johannes.berg@intel.com>
nl80211: show SSID for P2P_GO interfaces
Paolo Abeni <pabeni@redhat.com>
mptcp: reset the packet scheduler on PRIO change
Paolo Abeni <pabeni@redhat.com>
mptcp: reset the packet scheduler on incoming MP_PRIO
Paolo Abeni <pabeni@redhat.com>
mptcp: optimize release_cb for the common case
Maciej W. Rozycki <macro@orcam.me.uk>
x86/PCI: Fix ALi M1487 (IBC) PIRQ router link value interpretation
Andrii Nakryiko <andrii@kernel.org>
libbpf: Don't error out on CO-RE relos for overriden weak subprogs
Maxime Ripard <maxime@cerno.tech>
drm/vc4: txp: Force alpha to be 0xff if it's disabled
Maxime Ripard <maxime@cerno.tech>
drm/vc4: txp: Don't set TXP_VSTART_AT_EOF
Maxime Ripard <maxime@cerno.tech>
drm/vc4: hvs: Reset muxes at probe time
Yongqiang Sun <yongqiang.sun@amd.com>
drm/amd/amdgpu: Only reserve vram for firmware with vega9 MS_HYPERV host.
Miles Chen <miles.chen@mediatek.com>
drm/mediatek: Fix mtk_cec_mask()
Maxime Ripard <maxime@cerno.tech>
drm/vc4: hvs: Fix frame count register readout
Maxime Ripard <maxime@cerno.tech>
drm/vc4: kms: Take old state core clock rate into account
Chen-Yu Tsai <wenst@chromium.org>
drm/mediatek: Fix DPI component detection for MT8192
Rex-BC Chen <rex-bc.chen@mediatek.com>
drm/mediatek: Add vblank register/unregister callback functions
Ammar Faizi <ammarfaizi2@gnuweeb.org>
x86/delay: Fix the wrong asm constraint in delay_loop()
Akira Yokosawa <akiyks@gmail.com>
docs: driver-api/thermal/intel_dptf: Use copyright symbol
Miaoqian Lin <linmq006@gmail.com>
ASoC: mediatek: Fix missing of_node_put in mt2701_wm8960_machine_probe
Miaoqian Lin <linmq006@gmail.com>
ASoC: mediatek: Fix error handling in mt8173_max98090_dev_probe
Peter Ujfalusi <peter.ujfalusi@linux.intel.com>
ASoC: SOF: ipc3-topology: Set scontrol->priv to NULL after freeing it
Hui Wang <hui.wang@canonical.com>
ASoC: cs35l41: Fix an out-of-bounds access in otp_packed_element_t
Srinivasa Rao Mandadapu <quic_srivasam@quicinc.com>
ASoC: codecs: Fix error handling in power domain init and exit handlers
Kuldeep Singh <singh.kuldeep87k@gmail.com>
spi: qcom-qspi: Add minItems to interconnect-names
Chuanhong Guo <gch981213@gmail.com>
mtd: spinand: gigadevice: fix Quad IO for GD5F1GQ5UExxG
Marek Vasut <marex@denx.de>
drm: bridge: icn6211: Fix HFP_HSW_HBP_HI and HFP_MIN handling
Marek Vasut <marex@denx.de>
drm: bridge: icn6211: Fix register layout
Lucas Stach <l.stach@pengutronix.de>
drm/bridge: adv7511: clean up CEC adapter when probe fails
Yang Yingliang <yangyingliang@huawei.com>
drm/bridge: anx7625: add missing destroy_workqueue() in anx7625_i2c_probe()
Jani Nikula <jani.nikula@intel.com>
drm/edid: fix invalid EDID extension block filtering
Wenli Looi <wlooi@ucalgary.ca>
ath9k: fix ar9003_get_eepmisc
YueHaibing <yuehaibing@huawei.com>
drm/bridge: it6505: Fix build error
Nicolas Belin <nbelin@baylibre.com>
drm: bridge: it66121: Fix the register page length
Niels Dossche <dossche.niels@gmail.com>
ath11k: acquire ab->base_lock in unassign when finding the peer by addr
Zack Rusin <zackr@vmware.com>
drm/vmwgfx: Fix an invalid read
Chuansheng Liu <chuansheng.liu@intel.com>
fbdev: defio: fix the pagelist corruption
Geert Uytterhoeven <geert@linux-m68k.org>
drm/ssd130x: Reduce temporary buffer sizes
Geert Uytterhoeven <geert@linux-m68k.org>
drm/ssd130x: Fix rectangle updates
Geert Uytterhoeven <geert@linux-m68k.org>
drm/format-helper: Fix XRGB888 to monochrome conversion
Geert Uytterhoeven <geert@linux-m68k.org>
drm/format-helper: Rename drm_fb_xrgb8888_to_mono_reversed()
YueHaibing <yuehaibing@huawei.com>
drm/solomon: Make DRM_SSD130X depends on MMU
Chen-Yu Tsai <wens@csie.org>
drm: ssd130x: Always apply segment remap setting
Chen-Yu Tsai <wens@csie.org>
drm: ssd130x: Fix COM scan direction register mask
Tom Rix <trix@redhat.com>
drm/bridge: anx7625: check the return on anx7625_aux_trans
Noralf Trønnes <noralf@tronnes.org>
dt-bindings: display: sitronix, st7735r: Fix backlight in example
Wan Jiabing <wanjiabing@vivo.com>
drm/omap: fix NULL but dereferenced coccicheck error
Dan Carpenter <dan.carpenter@oracle.com>
drm/selftests: missing error code in igt_buddy_alloc_smoke()
Nikita Yushchenko <nikita.yoush@cogentembedded.com>
drm/bridge_connector: enable HPD by default if supported
Linus Torvalds <torvalds@linux-foundation.org>
drm: fix EDID struct for old ARM OABI format
Lad Prabhakar <prabhakar.mahadev-lad.rj@bp.renesas.com>
Input: gpio-keys - cancel delayed work only in case of GPIO
Shyam Prasad N <sprasad@microsoft.com>
cifs: do not use tcpStatus after negotiate completes
Douglas Miller <doug.miller@cornelisnetworks.com>
RDMA/hfi1: Prevent panic when SDMA is disabled
Steve French <stfrench@microsoft.com>
smb3: check for null tcon
Vasily Averin <vasily.averin@linux.dev>
fanotify: fix incorrect fmode_t casts
Peng Wu <wupeng58@huawei.com>
powerpc/iommu: Add missing of_node_put in iommu_init_early_dart
Finn Thain <fthain@linux-m68k.org>
macintosh/via-pmu: Fix build failure when CONFIG_INPUT is disabled
Lv Ruyi <lv.ruyi@zte.com.cn>
powerpc/powernv: fix missing of_node_put in uv_init()
Lv Ruyi <lv.ruyi@zte.com.cn>
powerpc/xics: fix refcount leak in icp_opal_init()
Haren Myneni <haren@linux.ibm.com>
powerpc/powernv/vas: Assign real address to rx_fifo in vas_rx_win_attr
Enzo Matsumiya <ematsumiya@suse.de>
cifs: return ENOENT for DFS lookup_cache_entry()
Vasily Averin <vasily.averin@linux.dev>
tracing: incorrect isolate_mote_t cast in mm_vmscan_lru_isolate
Matthew Wilcox (Oracle) <willy@infradead.org>
alpha: fix alloc_zeroed_user_highpage_movable()
Nicholas Piggin <npiggin@gmail.com>
KVM: PPC: Book3S HV Nested: L2 LPCR should inherit L1 LPES setting
Parshuram Thombare <pthombar@cadence.com>
PCI: cadence: Clear FLR in device capabilities register
Yicong Yang <yangyicong@hisilicon.com>
PCI: Avoid pci_dev_lock() AB/BA deadlock with sriov_numvfs_store()
Laurent Dufour <ldufour@linux.ibm.com>
powerpc/rtas: Keep MSR[RI] set when calling RTAS
Conor Dooley <conor.dooley@microchip.com>
PCI: microchip: Add missing chained_irq_enter()/exit() calls
Viresh Kumar <viresh.kumar@linaro.org>
cpufreq: Avoid unnecessary frequency updates due to mismatch
Peng Wu <wupeng58@huawei.com>
ARM: hisi: Add missing of_node_put after of_find_compatible_node
Vijaya Krishna Nivarthi <quic_vnivarth@quicinc.com>
arm64: dts: qcom: sc7280-qcard: Configure CTS pin to bias-bus-hold for bluetooth
Vijaya Krishna Nivarthi <quic_vnivarth@quicinc.com>
arm64: dts: qcom: sc7280-idp: Configure CTS pin to bias-bus-hold for bluetooth
Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
ARM: dts: exynos: add atmel,24c128 fallback to Samsung EEPROM
Peng Wu <wupeng58@huawei.com>
ARM: versatile: Add missing of_node_put in dcscb_init
Yang Yingliang <yangyingliang@huawei.com>
pinctrl: renesas: rzn1: Fix possible null-ptr-deref in sh_pfc_map_resources()
OGAWA Hirofumi <hirofumi@mail.parknet.co.jp>
fat: add ratelimit to fat*_ent_bread()
Hari Bathini <hbathini@linux.ibm.com>
powerpc/fadump: Fix fadump to work with a different endian capture kernel
Janusz Krzysztofik <jmkrzyszt@gmail.com>
ARM: OMAP1: clock: Fix UART rate reporting algorithm
Takashi Iwai <tiwai@suse.de>
ALSA: usb-audio: Move generic implicit fb quirk entries into quirks.c
Takashi Iwai <tiwai@suse.de>
ALSA: usb-audio: Add quirk bits for enabling/disabling generic implicit fb
Joel Selvaraj <jo@jsfamily.in>
arm64: dts: qcom: sdm845-xiaomi-beryllium: fix typo in panel's vddio-supply property
Zixuan Fu <r33s3n6@gmail.com>
fs: jfs: fix possible NULL pointer dereference in dbFree()
QintaoShen <unSimple1993@163.com>
soc: ti: ti_sci_pm_domains: Check for null return of devm_kcalloc
Marco Chiappero <marco.chiappero@intel.com>
crypto: qat - fix off-by-one error in PFVF debug print
Gilad Ben-Yossef <gilad@benyossef.com>
crypto: ccree - use fine grained DMA mapping dir
Brian Norris <briannorris@chromium.org>
PM / devfreq: rk3399_dmc: Disable edev on remove()
Konrad Dybcio <konrad.dybcio@somainline.org>
arm64: dts: qcom: msm8994: Fix BLSP[12]_DMA channels count
Konrad Dybcio <konrad.dybcio@somainline.org>
arm64: dts: qcom: msm8994: Fix the cont_splash_mem address
Mario Limonciello <mario.limonciello@amd.com>
ASoC: amd: Add driver data to acp6x machine driver
Krzysztof Kozlowski <krzk@kernel.org>
ARM: dts: s5pv210: align DMA channels with dtschema
Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
ARM: dts: socfpga: align interrupt controller node name with dtschema
Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
ARM: dts: ox820: align interrupt controller node name with dtschema
Mika Westerberg <mika.westerberg@linux.intel.com>
PCI/ASPM: Make Intel DG2 L1 acceptable latency unlimited
Niels Dossche <dossche.niels@gmail.com>
IB/rdmavt: add missing locks in rvt_ruc_loopback
Daniel Latypov <dlatypov@google.com>
kunit: fix executor OOM error handling logic on non-UML
Bodo Stroesser <bostroesser@gmail.com>
scsi: target: tcmu: Avoid holding XArray lock when calling lock_page
Linus Torvalds <torvalds@linux-foundation.org>
linux/types.h: reinstate "__bitwise__" macro for user space use
Bob Peterson <rpeterso@redhat.com>
gfs2: use i_lock spin_lock for inode qadata
Yonghong Song <yhs@fb.com>
selftests/bpf: fix btf_dump/btf_dump due to recent clang change
Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
char: tpm: cr50_i2c: Suppress duplicated error message in .remove()
Jakub Kicinski <kuba@kernel.org>
eth: tg3: silence the GCC 12 array-bounds warning
David Howells <dhowells@redhat.com>
afs: Adjust ACK interpretation to try and cope with NAT
David Howells <dhowells@redhat.com>
rxrpc, afs: Fix selection of abort codes
David Howells <dhowells@redhat.com>
rxrpc: Return an error to sendmsg if call failed
Mårten Lindahl <marten.lindahl@axis.com>
hwmon: (pmbus) Add get_voltage/set_voltage ops
Geert Uytterhoeven <geert@linux-m68k.org>
m68k: atari: Make Atari ROM port I/O write macros return void
Yuntao Wang <ytcoode@gmail.com>
selftests/bpf: Add missing trampoline program type to trampoline_count test
Alex Elder <elder@linaro.org>
net: ipa: ignore endianness if there is no header
Borislav Petkov <bp@suse.de>
x86/microcode: Add explicit CPU vendor dependency
Vincent Mailhol <mailhol.vincent@wanadoo.fr>
can: mcp251xfd: silence clang's -Wunaligned-access warning
Chaitanya Kulkarni <kch@nvidia.com>
nvme: set non-mdts limits in nvme_scan_work
Pierre Gondois <Pierre.Gondois@arm.com>
ACPI: CPPC: Assume no transition latency if no PCCT
Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
ASoC: rt1015p: remove dependency on GPIOLIB
Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
ASoC: max98357a: remove dependency on GPIOLIB
Laibin Qiu <qiulaibin@huawei.com>
blk-throttle: Set BIO_THROTTLED when bio has been throttled
Andre Przywara <andre.przywara@arm.com>
of/fdt: Ignore disabled memory nodes
Ping-Ke Shih <pkshih@realtek.com>
rtw89: cfo: check mac_id to avoid out-of-bounds
Nicolas Dufresne <nicolas.dufresne@collabora.com>
media: hantro: Stop using H.264 parameter pic_num
Kwanghoon Son <k.son@samsung.com>
media: exynos4-is: Fix compile warning
Fabio Estevam <festevam@denx.de>
net: phy: micrel: Allow probing without .driver_data
Daniel Latypov <dlatypov@google.com>
kunit: tool: make parser stop overwriting status of suites w/ no_tests
Omar Sandoval <osandov@fb.com>
btrfs: fix anon_dev leak in create_subvol()
Hans de Goede <hdegoede@redhat.com>
drm/amdgpu: Move mutex_init(&smu->message_lock) to smu_early_init()
Sathishkumar S <sathishkumar.sundararaju@amd.com>
drm/amd/pm: update smartshift powerboost calc for smu13
Sathishkumar S <sathishkumar.sundararaju@amd.com>
drm/amd/pm: update smartshift powerboost calc for smu12
Xie Yongji <xieyongji@bytedance.com>
nbd: Fix hung on disconnect request if socket is closed before
Lin Ma <linma@zju.edu.cn>
ASoC: rt5645: Fix errorenous cleanup order
Smith, Kyle Miller (Nimble Kernel) <kyles@hpe.com>
nvme-pci: fix a NULL pointer dereference in nvme_alloc_admin_tags
Jason A. Donenfeld <Jason@zx2c4.com>
openrisc: start CPU timer early in boot
Yunfei Dong <yunfei.dong@mediatek.com>
media: mediatek: vcodec: prevent kernel crash when rmmod mtk-vcodec-dec.ko
Pavan Chebbi <pavan.chebbi@broadcom.com>
bnxt_en: Configure ptp filters during bnxt open
Zijun Hu <quic_zijuhu@quicinc.com>
Bluetooth: btusb: Set HCI_QUIRK_BROKEN_ERR_DATA_REPORTING for QCA
Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Bluetooth: btusb: Set HCI_QUIRK_BROKEN_ENHANCED_SETUP_SYNC_CONN for QCA
Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Bluetooth: HCI: Add HCI_QUIRK_BROKEN_ENHANCED_SETUP_SYNC_CONN quirk
Lukas Wunner <lukas@wunner.de>
usbnet: Run unregister_netdev() before unbind() again
Hans Verkuil <hverkuil-cisco@xs4all.nl>
media: cec-adap.c: fix is_configuring state
Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
media: imon: reorganize serialization
Hans Verkuil <hverkuil-cisco@xs4all.nl>
media: ccs-core.c: fix failure to call clk_disable_unprepare
Benjamin Gaignard <benjamin.gaignard@collabora.com>
media: hantro: HEVC: unconditionnaly set pps_{cb/cr}_qp_offset values
Philipp Zabel <p.zabel@pengutronix.de>
media: coda: limit frame interval enumeration to supported encoder frame sizes
Hangyu Hua <hbh25y@gmail.com>
media: rga: fix possible memory leak in rga_probe
Felix Fietkau <nbd@nbd.name>
mt76: fix encap offload ethernet type check
Felix Fietkau <nbd@nbd.name>
mt76: mt7921: accept rx frames with non-standard VHT MCS10-11
Felix Fietkau <nbd@nbd.name>
mt76: mt7915: accept rx frames with non-standard VHT MCS10-11
Dongliang Mu <mudongliangabcd@gmail.com>
rtlwifi: Use pr_warn instead of WARN_ONCE
Daniel Latypov <dlatypov@google.com>
kunit: bail out of test filtering logic quicker if OOM
Corey Minyard <cminyard@mvista.com>
ipmi: Fix pr_fmt to avoid compilation issues
Corey Minyard <cminyard@mvista.com>
ipmi: Add an intializer for ipmi_smi_msg struct
Corey Minyard <cminyard@mvista.com>
ipmi:ssif: Check for NULL msg when handling events and messages
Mario Limonciello <mario.limonciello@amd.com>
ACPI: PM: Block ASUS B1400CEAE from suspend to idle by default
Zheng Bin <zhengbin13@huawei.com>
ASoC: SOF: amd: add missing platform_device_unregister in acp_pci_rn_probe
Christian Brauner <brauner@kernel.org>
fs: hold writers when changing mount's idmapping
Mikulas Patocka <mpatocka@redhat.com>
dma-debug: change allocation mode from GFP_NOWAIT to GFP_ATIOMIC
Patrice Chotard <patrice.chotard@foss.st.com>
spi: stm32-qspi: Fix wait_cmd timeout in APM mode
Hao Jia <jiahao.os@bytedance.com>
sched/core: Avoid obvious double update_rq_clock warning
Ravi Bangoria <ravi.bangoria@amd.com>
perf/amd/ibs: Cascade pmu init functions' return value
Heiko Carstens <hca@linux.ibm.com>
s390/preempt: disable __preempt_count_add() optimization for PROFILE_ALL_BRANCHES
Eric Dumazet <edumazet@google.com>
net: remove two BUG() from skb_checksum_help()
James Smart <jsmart2021@gmail.com>
scsi: lpfc: Alter FPIN stat accounting logic
James Smart <jsmart2021@gmail.com>
scsi: lpfc: Inhibit aborts if external loopback plug is inserted
Xiang Chen <chenxiang66@hisilicon.com>
scsi: hisi_sas: Undo RPM resume for failed notify phy event for v3 HW
Brent Lu <brent.lu@intel.com>
ASoC: Intel: sof_ssp_amp: fix no DMIC BE Link on Chromebooks
Gavin Li <gavinl@nvidia.com>
net/mlx5: Increase FW pre-init timeout for health recovery
Charles Keepax <ckeepax@opensource.cirrus.com>
ASoC: tscs454: Add endianness flag in snd_soc_component_driver
Zhen Lei <thunder.leizhen@huawei.com>
of: Support more than one crash kernel regions for kexec -s
Thierry Reding <treding@nvidia.com>
drm/tegra: gem: Do not try to dereference ERR_PTR()
Dongliang Mu <mudongliangabcd@gmail.com>
HID: bigben: fix slab-out-of-bounds Write in bigben_probe
Jacob Keller <jacob.e.keller@intel.com>
ice: always check VF VSI pointer values
Nícolas F. R. A. Prado <nfraprado@collabora.com>
regulator: mt6315: Enforce regulator-compatible, not name
Alice Wong <shiwei.wong@amd.com>
drm/amdgpu/ucode: Remove firmware load type check in amdgpu_ucode_free_bo
Alex Deucher <alexander.deucher@amd.com>
drm/amdgpu/psp: move PSP memory alloc from hw_init to sw_init
Petr Machata <petrm@nvidia.com>
mlxsw: Treat LLDP packets as control
Petr Machata <petrm@nvidia.com>
mlxsw: spectrum_dcb: Do not warn about priority changes
Peter Ujfalusi <peter.ujfalusi@linux.intel.com>
ASoC: SOF: ipc3-topology: Correct get_control_data for non bytes payload
Mark Brown <broonie@kernel.org>
ASoC: dapm: Don't fold register value changes into notifications
Mark Bloch <mbloch@nvidia.com>
net/mlx5: fs, delete the FTE when there are no rules attached to it
Ziyang Xuan <william.xuanziyang@huawei.com>
net/mlx5: use kvfree() for kvzalloc() in mlx5_ct_fs_smfs_matcher_create
jianghaoran <jianghaoran@kylinos.cn>
ipv6: Don't send rs packets to the interface of ARPHRD_TUNNEL
Xiaoguang Wang <xiaoguang.wang@linux.alibaba.com>
scsi: target: tcmu: Fix possible data corruption
Wen Gong <quic_wgong@quicinc.com>
ath11k: fix warning of not found station for bssid in message
Max Filippov <jcmvbkbc@gmail.com>
xtensa: move trace_hardirqs_off call back to entry.S
Jessica Zhang <quic_jesszhan@quicinc.com>
drm/msm/dpu: Clean up CRC debug logs
Lv Ruyi <lv.ruyi@zte.com.cn>
drm: msm: fix error check return value of irq_of_parse_and_map()
Alexandru Elisei <alexandru.elisei@arm.com>
arm64: compat: Do not treat syscall number as ESR_ELx for a bad syscall
Abhishek Kumar <kuabhs@chromium.org>
ath10k: skip ath10k_halt during suspend for driver state RESTARTING
Evan Quan <evan.quan@amd.com>
drm/amd/pm: fix the compile warning
Mukul Joshi <mukul.joshi@amd.com>
drm/amdkfd: Fix circular lock dependency warning
Steven Price <steven.price@arm.com>
drm/plane: Move range check for format_count earlier
Hans de Goede <hdegoede@redhat.com>
ASoC: Intel: bytcr_rt5640: Add quirk for the HP Pro Tablet 408
Hari Chandrakanthan <quic_haric@quicinc.com>
ath11k: disable spectral scan during spectral deinit
James Smart <jsmart2021@gmail.com>
scsi: lpfc: Fix resource leak in lpfc_sli4_send_seq_to_ulp()
Minghao Chi <chi.minghao@zte.com.cn>
scsi: ufs: Use pm_runtime_resume_and_get() instead of pm_runtime_get_sync()
Haohui Mai <ricetons@gmail.com>
drm/amdgpu/sdma: Fix incorrect calculations of the wptr of the doorbells
Lv Ruyi <lv.ruyi@zte.com.cn>
scsi: megaraid: Fix error check return value of register_chrdev()
Vignesh Raghavendra <vigneshr@ti.com>
drivers: mmc: sdhci_am654: Add the quirk to set TESTCD bit
Aidan MacDonald <aidanmacdonald.0x0@gmail.com>
mmc: jz4740: Apply DMA engine limits to maximum segment size
Heming Zhao <heming.zhao@suse.com>
md/bitmap: don't set sb values if can't pass sanity check
Zheyu Ma <zheyuma97@gmail.com>
media: cx25821: Fix the warning when removing the module
Zheyu Ma <zheyuma97@gmail.com>
media: pci: cx23885: Fix the error handling in cx23885_initdev()
Vikash Garodia <quic_vgarodia@quicinc.com>
media: venus: do not queue internal buffers from previous sequence
Luca Weiss <luca.weiss@fairphone.com>
media: venus: hfi: avoid null dereference in deinit
Zheyu Ma <zheyuma97@gmail.com>
media: i2c: dw9714: Disable the regulator when the driver fails to probe
Sakari Ailus <sakari.ailus@linux.intel.com>
media: Revert "media: dw9768: activate runtime PM and turn off device"
Thibaut VARÈNE <hacks+kernel@slashdirt.org>
ath9k: fix QCA9561 PA bias level
Radhey Shyam Pandey <radhey.shyam.pandey@xilinx.com>
net: macb: In ZynqMP initialization make SGMII phy configuration optional
Kuninori Morimoto <kuninori.morimoto.gx@renesas.com>
ASoC: rsnd: care return value from rsnd_node_fixed_index()
Kuninori Morimoto <kuninori.morimoto.gx@renesas.com>
ASoC: rsnd: care default case on rsnd_ssiu_busif_err_status_clear()
Keita Suzuki <keitasuzuki.park@sslab.ics.keio.ac.jp>
drm/amd/pm: fix double free in si_parse_power_table()
Huang Rui <ray.huang@amd.com>
drm/amdgpu/pm: fix the null pointer while the smu is disabled
Ulf Hansson <ulf.hansson@linaro.org>
cpuidle: PSCI: Improve support for suspend-to-RAM for PSCI OSI mode
James Smart <jsmart2021@gmail.com>
scsi: lpfc: Fix call trace observed during I/O with CMF enabled
James Smart <jsmart2021@gmail.com>
scsi: lpfc: Protect memory leak for NPIV ports sending PLOGI_RJT
James Smart <jsmart2021@gmail.com>
scsi: lpfc: Fix null pointer dereference after failing to issue FLOGI and PLOGI
James Smart <jsmart2021@gmail.com>
scsi: lpfc: Fix SCSI I/O completion and abort handler deadlock
James Smart <jsmart2021@gmail.com>
scsi: lpfc: Move cfg_log_verbose check before calling lpfc_dmp_dbg()
Christoph Hellwig <hch@lst.de>
loop: implement ->free_disk
Eric Dumazet <edumazet@google.com>
tcp: consume incoming skb leading to a reset
Len Brown <len.brown@intel.com>
tools/power turbostat: fix ICX DRAM power numbers
Biju Das <biju.das.jz@bp.renesas.com>
spi: spi-rspi: Remove setting {src,dst}_{addr,addr_width} based on DMA direction
Po-Hao Huang <phhuang@realtek.com>
rtw88: 8821c: fix debugfs rssi value
Po-Hao Huang <phhuang@realtek.com>
rtw88: fix incorrect frequency reported
Amadeusz Sławiński <amadeuszx.slawinski@linux.intel.com>
ALSA: jack: Access input_dev under mutex
Haowen Bai <baihaowen@meizu.com>
sfc: ef10: Fix assigning negative value to unsigned variable
Paul E. McKenney <paulmck@kernel.org>
rcu: Make TASKS_RUDE_RCU select IRQ_WORK
Paul E. McKenney <paulmck@kernel.org>
rcu-tasks: Handle sparse cpu_possible_mask in rcu_tasks_invoke_cbs()
Padmanabha Srinivasaiah <treasure4paddy@gmail.com>
rcu-tasks: Fix race in schedule and flush work
Saaem Rizvi <syerizvi@amd.com>
drm/amd/display: Disabling Z10 on DCN31
Liviu Dudau <liviu.dudau@arm.com>
drm/komeda: return early if drm_universal_plane_init() fails.
Peter Seiderer <ps.report@gmx.net>
mac80211: minstrel_ht: fix where rate stats are stored (fixes debugfs output)
Runqing Yang <rainkin1993@gmail.com>
libbpf: Fix a bug with checking bpf_probe_read_kernel() support in old kernels
Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
ACPICA: Avoid cache flush inside virtual machines
Mike Travis <mike.travis@hpe.com>
x86/platform/uv: Update TSC sync state for UV5
Daniel Vetter <daniel.vetter@ffwll.ch>
fbcon: Consistently protect deferred_takeover with console_lock()
Niels Dossche <dossche.niels@gmail.com>
ipv6: fix locking issues with loops over idev->addr_list
Haowen Bai <baihaowen@meizu.com>
ipw2x00: Fix potential NULL dereference in libipw_xmit()
Haowen Bai <baihaowen@meizu.com>
b43: Fix assigning negative value to unsigned variable
Haowen Bai <baihaowen@meizu.com>
b43legacy: Fix assigning negative value to unsigned variable
Niels Dossche <dossche.niels@gmail.com>
mwifiex: add mutex lock for call in mwifiex_dfs_chan_sw_work_queue
Po Hao Huang <phhuang@realtek.com>
rtw89: fix misconfiguration on hw_scan channel time
Zong-Zhe Yang <kevin_yang@realtek.com>
rtw89: ser: fix CAM leaks occurring in L2 reset
Yuntao Wang <ytcoode@gmail.com>
selftests/bpf: Fix file descriptor leak in load_kallsyms()
Karthikeyan Kathirvel <quic_kathirve@quicinc.com>
ath11k: Change max no of active probe SSID and BSSID to fw capability
Quentin Monnet <quentin@isovalent.com>
selftests/bpf: Fix parsing of prog types in UAPI hdr for bpftool sync
Nikolay Borisov <nborisov@suse.com>
selftests/bpf: Fix vfs_link kprobe definition
Liu Zixian <liuzixian4@huawei.com>
drm/virtio: fix NULL pointer dereference in virtio_gpu_conn_get_modes
Wen Gong <quic_wgong@quicinc.com>
ath11k: fix the warning of dev_wake in mhi_pm_disable_transition()
Zack Rusin <zackr@vmware.com>
drm/vmwgfx: validate the screen formats
Arunpravin <Arunpravin.PaneerSelvam@amd.com>
drm/selftests: fix a shift-out-of-bounds bug
Tejas Upadhyay <tejaskumarx.surendrakumar.upadhyay@intel.com>
iommu/vt-d: Add RPLS to quirk list to skip TE disabling
Naohiro Aota <naohiro.aota@wdc.com>
btrfs: zoned: fix comparison of alloc_offset vs meta_write_pointer
Naohiro Aota <naohiro.aota@wdc.com>
btrfs: zoned: finish block group when there are no more allocatable bytes left
Naohiro Aota <naohiro.aota@wdc.com>
btrfs: zoned: zone finish unused block group
Naohiro Aota <naohiro.aota@wdc.com>
btrfs: zoned: properly finish block group on metadata write
Filipe Manana <fdmanana@suse.com>
btrfs: fix deadlock between concurrent dio writes when low on free data space
Qu Wenruo <wqu@suse.com>
btrfs: fix the error handling for submit_extent_page() for btrfs_do_readpage()
Qu Wenruo <wqu@suse.com>
btrfs: repair super block num_devices automatically
Qu Wenruo <wqu@suse.com>
btrfs: return correct error number for __extent_writepage_io()
Qu Wenruo <wqu@suse.com>
btrfs: add "0x" prefix for unsupported optional features
Eric W. Biederman <ebiederm@xmission.com>
ptrace: Reimplement PTRACE_KILL by always sending SIGKILL
Eric W. Biederman <ebiederm@xmission.com>
ptrace/xtensa: Replace PT_SINGLESTEP with TIF_SINGLESTEP
Eric W. Biederman <ebiederm@xmission.com>
ptrace/um: Replace PT_DTRACE with TIF_SINGLESTEP
Eric W. Biederman <ebiederm@xmission.com>
kthread: Don't allocate kthread_struct for init and umh
Kristen Carlson Accardi <kristen@linux.intel.com>
x86/sgx: Set active memcg prior to shmem allocation
Baoquan He <bhe@redhat.com>
x86/kexec: fix memory leak of elf header buffer
Kan Liang <kan.liang@linux.intel.com>
perf/x86/intel: Fix event constraints for ICL
Ammar Faizi <ammarfaizi2@gnuweeb.org>
x86/MCE/AMD: Fix memory leak when threshold_create_bank() fails
Michael Niewöhner <linux@mniewoehner.de>
platform/x86: intel-hid: fix _DSM function index handling
Mathias Nyman <mathias.nyman@linux.intel.com>
xhci: Allow host runtime PM as default for Intel Alder Lake N xHCI
Kishon Vijay Abraham I <kishon@ti.com>
xhci: Set HCD flag to defer primary roothub registration
Ronnie Sahlberg <lsahlber@redhat.com>
cifs: when extending a file with falloc we should make files not-sparse
Ronnie Sahlberg <lsahlber@redhat.com>
cifs: fix potential double free during failed mount
Paulo Alcantara <pc@cjr.nz>
cifs: fix ntlmssp on old servers
Enzo Matsumiya <ematsumiya@suse.de>
cifs: don't call cifs_dfs_query_info_nonascii_quirk() if nodfs was set
Konstantin Komarov <almaz.alexandrovich@paragon-software.com>
fs/ntfs3: Restore ntfs_xattr_get_acl and ntfs_xattr_set_acl functions
Konstantin Komarov <almaz.alexandrovich@paragon-software.com>
fs/ntfs3: Update i_ctime when xattr is added
Christophe JAILLET <christophe.jaillet@wanadoo.fr>
fs/ntfs3: Fix some memory leaks in an error handling path of 'log_replay()'
Konstantin Komarov <almaz.alexandrovich@paragon-software.com>
fs/ntfs3: In function ntfs_set_acl_ex do not change inode->i_mode if called from function ntfs_init_acl
Konstantin Komarov <almaz.alexandrovich@paragon-software.com>
fs/ntfs3: Check new size for limits
Konstantin Komarov <almaz.alexandrovich@paragon-software.com>
fs/ntfs3: Keep preallocated only if option prealloc enabled
Konstantin Komarov <almaz.alexandrovich@paragon-software.com>
fs/ntfs3: Fix fiemap + fix shrink file size (to remove preallocated space)
Konstantin Komarov <almaz.alexandrovich@paragon-software.com>
fs/ntfs3: Update valid size if -EIOCBQUEUED
Mikulas Patocka <mpatocka@redhat.com>
fs/ntfs3: provide block_invalidate_folio to fix memory leak
Kishon Vijay Abraham I <kishon@ti.com>
usb: core: hcd: Add support for deferring roothub registration
Albert Wang <albertccwang@google.com>
usb: dwc3: gadget: Move null pinter check to proper place
Linus Walleij <linus.walleij@linaro.org>
usb: isp1760: Fix out-of-bounds array access
Monish Kumar R <monish.kumar.r@intel.com>
USB: new quirk for Dell Gen 2 devices
Carl Yin(殷张成) <carl.yin@quectel.com>
USB: serial: option: add Quectel BG95 modem
Johan Hovold <johan@kernel.org>
USB: serial: pl2303: fix type detection for odd device
Takashi Iwai <tiwai@suse.de>
ALSA: usb-audio: Cancel pending work at closing a MIDI substream
Marios Levogiannis <marios.levogiannis@gmail.com>
ALSA: hda/realtek - Fix microphone noise on ASUS TUF B550M-PLUS
Rik van der Kemp <rik@upto11.nl>
ALSA: hda/realtek: Enable 4-speaker output for Dell XPS 15 9520 laptop
Kailang Yang <kailang@realtek.com>
ALSA: hda/realtek - Add new type for ALC245
Nathan Chancellor <nathan@kernel.org>
riscv: Move alternative length validation into subsection
Tobias Klauser <tklauser@distanz.ch>
riscv: Wire up memfd_secret in UAPI header
Samuel Holland <samuel@sholland.org>
riscv: Fix irq_work when SMP is disabled
Alexandre Ghiti <alexandre.ghiti@canonical.com>
riscv: Initialize thread pointer before calling C functions
Xianting Tian <xianting.tian@linux.alibaba.com>
RISC-V: Mark IORESOURCE_EXCLUSIVE for reserved mem instead of IORESOURCE_BUSY
Helge Deller <deller@gmx.de>
parisc/stifb: Keep track of hardware path of graphics card
Helge Deller <deller@gmx.de>
parisc/stifb: Implement fb_is_primary_device()
Mikulas Patocka <mpatocka@redhat.com>
parisc: fix a crash with multicore scheduler
Niklas Cassel <niklas.cassel@wdc.com>
binfmt_flat: do not stop relocating GOT entries prematurely on riscv
Stephen Boyd <swboyd@chromium.org>
arm64: Initialize jump labels before setup_machine_fdt()
-------------
Diffstat:
Documentation/accounting/psi.rst | 9 +-
Documentation/conf.py | 2 +-
.../bindings/display/sitronix,st7735r.yaml | 1 +
.../devicetree/bindings/gpio/gpio-altera.txt | 5 +-
.../bindings/regulator/mt6315-regulator.yaml | 2 +-
.../devicetree/bindings/soc/qcom/qcom,smd-rpm.yaml | 1 +
.../bindings/spi/qcom,spi-qcom-qspi.yaml | 1 +
Documentation/driver-api/thermal/intel_dptf.rst | 2 +-
Documentation/sound/alsa-configuration.rst | 4 +-
Documentation/userspace-api/landlock.rst | 4 +-
.../userspace-api/media/lirc.h.rst.exceptions | 2 +
Makefile | 4 +-
arch/alpha/include/asm/page.h | 2 +-
arch/arm/boot/dts/bcm2835-rpi-b.dts | 13 +-
arch/arm/boot/dts/bcm2835-rpi-zero-w.dts | 22 +-
arch/arm/boot/dts/bcm2837-rpi-3-b-plus.dts | 2 +-
arch/arm/boot/dts/bcm2837-rpi-cm3-io3.dts | 4 +-
arch/arm/boot/dts/bcm5301x.dtsi | 2 +-
arch/arm/boot/dts/exynos5250-smdk5250.dts | 4 +-
arch/arm/boot/dts/imx6dl-eckelmann-ci4x10.dts | 6 +-
arch/arm/boot/dts/imx6qdl-colibri.dtsi | 6 +-
arch/arm/boot/dts/lan966x.dtsi | 6 +-
arch/arm/boot/dts/ox820.dtsi | 2 +-
arch/arm/boot/dts/qcom-sdx65.dtsi | 2 +-
arch/arm/boot/dts/s5pv210-aries.dtsi | 3 +-
arch/arm/boot/dts/s5pv210.dtsi | 12 +-
arch/arm/boot/dts/sama7g5.dtsi | 1 -
arch/arm/boot/dts/socfpga.dtsi | 2 +-
arch/arm/boot/dts/socfpga_arria10.dtsi | 2 +-
arch/arm/boot/dts/stm32mp15xx-dhcor-avenger96.dtsi | 1 +
arch/arm/boot/dts/suniv-f1c100s.dtsi | 4 +-
arch/arm/include/asm/arch_gicv3.h | 7 +-
arch/arm/kernel/signal.c | 1 +
arch/arm/mach-hisi/platsmp.c | 4 +
arch/arm/mach-mediatek/Kconfig | 1 +
arch/arm/mach-omap1/clock.c | 2 +-
arch/arm/mach-pxa/cm-x300.c | 8 +-
arch/arm/mach-pxa/magician.c | 2 +-
arch/arm/mach-pxa/tosa.c | 4 +-
arch/arm/mach-vexpress/dcscb.c | 1 +
arch/arm64/Kconfig.platforms | 1 +
arch/arm64/boot/dts/arm/juno-r1-scmi.dts | 4 +-
arch/arm64/boot/dts/arm/juno-r2-scmi.dts | 4 +-
.../dts/marvell/armada-3720-espressobin-ultra.dts | 5 -
arch/arm64/boot/dts/mediatek/mt8192.dtsi | 2 +-
arch/arm64/boot/dts/nvidia/tegra210.dtsi | 5 +-
arch/arm64/boot/dts/qcom/ipq8074.dtsi | 2 +-
arch/arm64/boot/dts/qcom/msm8994.dtsi | 8 +-
arch/arm64/boot/dts/qcom/qrb5165-rb5.dts | 2 +-
arch/arm64/boot/dts/qcom/sc7280-herobrine.dtsi | 4 +-
arch/arm64/boot/dts/qcom/sc7280-idp.dtsi | 18 +-
arch/arm64/boot/dts/qcom/sc7280-qcard.dtsi | 19 +-
.../boot/dts/qcom/sdm845-xiaomi-beryllium.dts | 2 +-
arch/arm64/boot/dts/qcom/sm8450.dtsi | 6 +
arch/arm64/boot/dts/rockchip/rk3399.dtsi | 2 +-
arch/arm64/boot/dts/ti/k3-am64-mcu.dtsi | 2 -
arch/arm64/configs/defconfig | 1 +
arch/arm64/include/asm/arch_gicv3.h | 6 -
arch/arm64/include/asm/processor.h | 10 +-
arch/arm64/kernel/setup.c | 7 +-
arch/arm64/kernel/signal.c | 1 +
arch/arm64/kernel/signal32.c | 1 +
arch/arm64/kernel/sys_compat.c | 2 +-
arch/arm64/mm/copypage.c | 4 +-
arch/csky/kernel/probes/kprobes.c | 2 +-
arch/m68k/Kconfig.cpu | 2 +-
arch/m68k/include/asm/raw_io.h | 6 +-
arch/m68k/kernel/signal.c | 1 +
.../include/asm/mach-ip27/cpu-feature-overrides.h | 1 -
.../include/asm/mach-ip30/cpu-feature-overrides.h | 1 -
arch/mips/include/asm/mach-ralink/spaces.h | 2 +
arch/openrisc/include/asm/timex.h | 1 +
arch/openrisc/kernel/head.S | 9 +
arch/parisc/include/asm/fb.h | 4 +
arch/parisc/kernel/processor.c | 2 -
arch/parisc/kernel/topology.c | 16 +-
arch/powerpc/include/asm/page.h | 7 +-
arch/powerpc/include/asm/vas.h | 2 +-
arch/powerpc/kernel/entry_64.S | 24 +-
arch/powerpc/kernel/fadump.c | 8 +-
arch/powerpc/kernel/idle.c | 2 +-
arch/powerpc/kernel/rtas.c | 9 +
arch/powerpc/kvm/book3s_hv.c | 12 +-
arch/powerpc/kvm/book3s_hv_nested.c | 3 +-
arch/powerpc/kvm/trace_hv.h | 8 +-
arch/powerpc/mm/nohash/fsl_book3e.c | 15 +-
arch/powerpc/perf/isa207-common.c | 12 +-
arch/powerpc/platforms/4xx/cpm.c | 2 +-
arch/powerpc/platforms/8xx/cpm1.c | 1 +
arch/powerpc/platforms/powernv/opal-fadump.c | 94 +--
arch/powerpc/platforms/powernv/opal-fadump.h | 10 +-
arch/powerpc/platforms/powernv/setup.c | 9 +
arch/powerpc/platforms/powernv/ultravisor.c | 1 +
arch/powerpc/platforms/powernv/vas-fault.c | 2 +-
arch/powerpc/platforms/powernv/vas-window.c | 4 +-
arch/powerpc/platforms/powernv/vas.h | 2 +-
arch/powerpc/platforms/pseries/papr_scm.c | 54 +-
arch/powerpc/sysdev/dart_iommu.c | 6 +-
arch/powerpc/sysdev/fsl_rio.c | 2 +
arch/powerpc/sysdev/xics/icp-opal.c | 1 +
arch/powerpc/sysdev/xive/spapr.c | 7 +-
arch/riscv/Makefile | 4 +
arch/riscv/include/asm/alternative-macros.h | 4 +-
arch/riscv/include/asm/asm.h | 26 -
arch/riscv/include/asm/irq_work.h | 2 +-
arch/riscv/include/asm/unistd.h | 1 -
arch/riscv/include/asm/xip_fixup.h | 31 +
arch/riscv/include/uapi/asm/unistd.h | 1 +
arch/riscv/kernel/head.S | 2 +
arch/riscv/kernel/setup.c | 4 +-
arch/riscv/kernel/suspend_entry.S | 1 +
arch/riscv/mm/init.c | 2 +-
arch/s390/include/asm/cio.h | 2 +-
arch/s390/include/asm/kexec.h | 10 +
arch/s390/include/asm/preempt.h | 15 +-
arch/s390/kernel/perf_event.c | 2 +-
arch/s390/kernel/time.c | 8 +-
arch/sparc/kernel/signal32.c | 1 +
arch/sparc/kernel/signal_64.c | 1 +
arch/um/drivers/chan_user.c | 9 +-
arch/um/drivers/virtio_uml.c | 33 +-
arch/um/include/asm/Kbuild | 1 +
arch/um/include/asm/thread_info.h | 2 +
arch/um/kernel/exec.c | 2 +-
arch/um/kernel/process.c | 2 +-
arch/um/kernel/ptrace.c | 8 +-
arch/um/kernel/signal.c | 4 +-
arch/x86/Kconfig | 4 +-
arch/x86/entry/entry_64.S | 1 +
arch/x86/entry/vdso/vma.c | 2 +-
arch/x86/events/amd/ibs.c | 55 +-
arch/x86/events/intel/core.c | 2 +-
arch/x86/include/asm/acenv.h | 14 +-
arch/x86/include/asm/kexec.h | 8 +
arch/x86/include/asm/set_memory.h | 52 --
arch/x86/include/asm/suspend_32.h | 2 +-
arch/x86/include/asm/suspend_64.h | 12 +-
arch/x86/kernel/apic/apic.c | 2 +-
arch/x86/kernel/apic/x2apic_uv_x.c | 8 +-
arch/x86/kernel/cpu/intel.c | 2 +-
arch/x86/kernel/cpu/mce/amd.c | 32 +-
arch/x86/kernel/cpu/mce/core.c | 6 +-
arch/x86/kernel/cpu/sgx/encl.c | 105 ++-
arch/x86/kernel/cpu/sgx/encl.h | 7 +-
arch/x86/kernel/cpu/sgx/main.c | 9 +-
arch/x86/kernel/machine_kexec_64.c | 12 +-
arch/x86/kernel/signal_compat.c | 2 +
arch/x86/kernel/step.c | 3 +-
arch/x86/kernel/sys_x86_64.c | 7 +-
arch/x86/kvm/lapic.c | 1 +
arch/x86/kvm/vmx/nested.c | 45 +-
arch/x86/kvm/vmx/vmcs.h | 5 +
arch/x86/lib/delay.c | 4 +-
arch/x86/mm/pat/memtype.c | 2 +-
arch/x86/mm/pat/set_memory.c | 49 +-
arch/x86/pci/irq.c | 19 +-
arch/x86/um/ldt.c | 6 +-
arch/xtensa/kernel/entry.S | 19 +-
arch/xtensa/kernel/ptrace.c | 4 +-
arch/xtensa/kernel/signal.c | 4 +-
arch/xtensa/kernel/traps.c | 11 +-
arch/xtensa/platforms/iss/simdisk.c | 18 +-
block/bfq-cgroup.c | 111 +--
block/bfq-iosched.c | 64 +-
block/bfq-iosched.h | 7 +-
block/blk-cgroup.c | 9 +-
block/blk-cgroup.h | 2 +-
block/blk-ia-ranges.c | 7 +-
block/blk-iocost.c | 5 +-
block/blk-iolatency.c | 130 ++--
block/blk-throttle.c | 3 +-
crypto/cryptd.c | 23 +-
drivers/acpi/arm64/agdi.c | 1 +
drivers/acpi/cppc_acpi.c | 17 +-
drivers/acpi/property.c | 18 +-
drivers/acpi/sleep.c | 12 +
drivers/base/memory.c | 5 +-
drivers/base/node.c | 1 +
drivers/base/power/domain.c | 1 +
drivers/base/property.c | 89 +--
drivers/block/drbd/drbd_main.c | 62 +-
drivers/block/loop.c | 16 +-
drivers/block/nbd.c | 13 +-
drivers/block/virtio_blk.c | 7 +-
drivers/bluetooth/btmtksdio.c | 26 +-
drivers/bluetooth/btusb.c | 6 +
drivers/char/hw_random/cn10k-rng.c | 31 +-
drivers/char/hw_random/omap3-rom-rng.c | 2 +-
drivers/char/ipmi/ipmi_ipmb.c | 1 +
drivers/char/ipmi/ipmi_msghandler.c | 4 +-
drivers/char/ipmi/ipmi_poweroff.c | 4 +-
drivers/char/ipmi/ipmi_ssif.c | 23 +
drivers/char/ipmi/ipmi_watchdog.c | 14 +-
drivers/char/random.c | 12 +-
drivers/char/tpm/tpm_tis_i2c_cr50.c | 4 +-
drivers/clk/tegra/clk-dfll.c | 12 +
drivers/cpufreq/cpufreq.c | 11 +
drivers/cpufreq/cpufreq_governor.c | 20 +-
drivers/cpufreq/cpufreq_governor.h | 1 +
drivers/cpufreq/mediatek-cpufreq.c | 18 +-
drivers/cpuidle/cpuidle-psci-domain.c | 4 +-
drivers/cpuidle/cpuidle-psci.c | 46 ++
drivers/cpuidle/cpuidle-riscv-sbi.c | 4 +-
.../crypto/allwinner/sun8i-ss/sun8i-ss-cipher.c | 115 ++--
drivers/crypto/allwinner/sun8i-ss/sun8i-ss-core.c | 30 +-
drivers/crypto/allwinner/sun8i-ss/sun8i-ss-hash.c | 10 +-
drivers/crypto/allwinner/sun8i-ss/sun8i-ss.h | 14 +-
drivers/crypto/ccp/sev-dev.c | 30 +-
drivers/crypto/ccree/cc_buffer_mgr.c | 27 +-
drivers/crypto/marvell/cesa/cipher.c | 1 -
drivers/crypto/nx/nx-common-powernv.c | 2 +-
drivers/crypto/qat/qat_common/adf_pfvf_pf_proto.c | 2 +-
.../crypto/qat/qat_dh895xcc/adf_dh895xcc_hw_data.c | 13 +-
drivers/cxl/mem.c | 4 -
drivers/cxl/pci.c | 40 +-
drivers/devfreq/rk3399_dmc.c | 2 +
drivers/dma/idxd/cdev.c | 8 +-
drivers/dma/stm32-mdma.c | 23 +-
drivers/dma/ti/k3-psil-am62.c | 8 +-
drivers/edac/dmc520_edac.c | 2 +-
drivers/firmware/arm_ffa/driver.c | 4 +-
drivers/firmware/arm_scmi/base.c | 2 +-
drivers/firmware/efi/Kconfig | 15 +
drivers/firmware/efi/efi.c | 2 +-
drivers/gpio/gpio-rockchip.c | 24 +-
drivers/gpio/gpio-sim.c | 4 +-
drivers/gpio/gpiolib-of.c | 5 +
drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c | 2 +-
drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 1 +
drivers/gpu/drm/amd/amdgpu/amdgpu_gmc.c | 13 +-
drivers/gpu/drm/amd/amdgpu/amdgpu_psp.c | 95 ++-
drivers/gpu/drm/amd/amdgpu/amdgpu_ucode.c | 3 +-
drivers/gpu/drm/amd/amdgpu/amdgpu_virt.c | 10 +-
drivers/gpu/drm/amd/amdgpu/sdma_v4_0.c | 4 +-
drivers/gpu/drm/amd/amdgpu/sdma_v5_0.c | 8 +-
drivers/gpu/drm/amd/amdgpu/sdma_v5_2.c | 8 +-
drivers/gpu/drm/amd/amdkfd/kfd_chardev.c | 7 +-
drivers/gpu/drm/amd/amdkfd/kfd_crat.c | 2 +-
drivers/gpu/drm/amd/amdkfd/kfd_device.c | 2 +
drivers/gpu/drm/amd/amdkfd/kfd_priv.h | 1 +
drivers/gpu/drm/amd/amdkfd/kfd_topology.c | 7 +-
.../gpu/drm/amd/display/dc/dcn31/dcn31_resource.c | 1 +
drivers/gpu/drm/amd/pm/amdgpu_dpm.c | 2 +-
drivers/gpu/drm/amd/pm/legacy-dpm/kv_dpm.c | 14 +-
drivers/gpu/drm/amd/pm/legacy-dpm/si_dpm.c | 8 +-
drivers/gpu/drm/amd/pm/swsmu/amdgpu_smu.c | 4 +-
drivers/gpu/drm/amd/pm/swsmu/smu12/renoir_ppt.c | 60 +-
.../gpu/drm/amd/pm/swsmu/smu13/yellow_carp_ppt.c | 62 +-
drivers/gpu/drm/arm/display/komeda/komeda_plane.c | 10 +-
drivers/gpu/drm/arm/malidp_crtc.c | 5 +-
drivers/gpu/drm/bridge/Kconfig | 2 +
drivers/gpu/drm/bridge/adv7511/adv7511_drv.c | 1 +
drivers/gpu/drm/bridge/analogix/analogix_dp_core.c | 31 +-
drivers/gpu/drm/bridge/analogix/anx7625.c | 21 +-
drivers/gpu/drm/bridge/analogix/anx7625.h | 4 +-
drivers/gpu/drm/bridge/chipone-icn6211.c | 155 ++++-
drivers/gpu/drm/bridge/ite-it6505.c | 29 +-
drivers/gpu/drm/bridge/ite-it66121.c | 2 +-
drivers/gpu/drm/drm_bridge_connector.c | 4 +-
drivers/gpu/drm/drm_edid.c | 6 +-
drivers/gpu/drm/drm_format_helper.c | 74 +-
drivers/gpu/drm/drm_plane.c | 14 +-
drivers/gpu/drm/etnaviv/etnaviv_mmu.c | 6 +
drivers/gpu/drm/gma500/psb_intel_display.c | 7 +-
drivers/gpu/drm/i915/display/intel_dsi_vbt.c | 33 +-
drivers/gpu/drm/i915/i915_perf.c | 4 +-
drivers/gpu/drm/i915/i915_perf_types.h | 2 +-
drivers/gpu/drm/mediatek/mtk_cec.c | 2 +-
drivers/gpu/drm/mediatek/mtk_disp_drv.h | 16 +-
drivers/gpu/drm/mediatek/mtk_disp_ovl.c | 22 +-
drivers/gpu/drm/mediatek/mtk_disp_rdma.c | 20 +-
drivers/gpu/drm/mediatek/mtk_dpi.c | 4 +-
drivers/gpu/drm/mediatek/mtk_drm_crtc.c | 14 +-
drivers/gpu/drm/mediatek/mtk_drm_ddp_comp.c | 4 +
drivers/gpu/drm/mediatek/mtk_drm_ddp_comp.h | 29 +-
drivers/gpu/drm/mediatek/mtk_drm_drv.c | 2 +
drivers/gpu/drm/msm/adreno/a5xx_gpu.c | 19 +-
drivers/gpu/drm/msm/adreno/a6xx_gpu.c | 16 +-
drivers/gpu/drm/msm/adreno/adreno_gpu.c | 5 +-
drivers/gpu/drm/msm/disp/dpu1/dpu_crtc.c | 3 +-
drivers/gpu/drm/msm/disp/dpu1/dpu_hw_interrupts.c | 3 +
drivers/gpu/drm/msm/disp/dpu1/dpu_hw_intf.c | 1 +
drivers/gpu/drm/msm/disp/dpu1/dpu_hw_lm.c | 2 +-
drivers/gpu/drm/msm/disp/dpu1/dpu_kms.c | 10 +-
drivers/gpu/drm/msm/disp/mdp5/mdp5_crtc.c | 14 +-
drivers/gpu/drm/msm/disp/mdp5/mdp5_kms.c | 6 +-
drivers/gpu/drm/msm/disp/mdp5/mdp5_mixer.c | 15 +-
drivers/gpu/drm/msm/disp/mdp5/mdp5_mixer.h | 4 +-
drivers/gpu/drm/msm/disp/mdp5/mdp5_pipe.c | 15 +-
drivers/gpu/drm/msm/disp/mdp5/mdp5_pipe.h | 2 +-
drivers/gpu/drm/msm/disp/mdp5/mdp5_plane.c | 20 +-
drivers/gpu/drm/msm/dp/dp_ctrl.c | 16 +-
drivers/gpu/drm/msm/dp/dp_display.c | 55 +-
drivers/gpu/drm/msm/dp/dp_drm.c | 4 +
drivers/gpu/drm/msm/dsi/dsi_host.c | 21 +-
drivers/gpu/drm/msm/dsi/dsi_manager.c | 35 +-
drivers/gpu/drm/msm/dsi/phy/dsi_phy_14nm.c | 2 +-
drivers/gpu/drm/msm/hdmi/hdmi.c | 10 +-
drivers/gpu/drm/msm/hdmi/hdmi_bridge.c | 3 +
drivers/gpu/drm/msm/msm_drv.c | 11 +-
drivers/gpu/drm/msm/msm_gem_prime.c | 2 +-
drivers/gpu/drm/msm/msm_gpu.c | 3 +-
drivers/gpu/drm/msm/msm_gpu.h | 12 +-
drivers/gpu/drm/msm/msm_gpu_devfreq.c | 90 ++-
drivers/gpu/drm/msm/msm_kms.h | 1 +
drivers/gpu/drm/nouveau/dispnv50/atom.h | 6 +-
drivers/gpu/drm/nouveau/dispnv50/crc.c | 27 +-
drivers/gpu/drm/nouveau/include/nvkm/core/subdev.h | 2 +
drivers/gpu/drm/nouveau/nvkm/subdev/bus/gf100.c | 14 +-
drivers/gpu/drm/nouveau/nvkm/subdev/bus/nv31.c | 6 +-
drivers/gpu/drm/nouveau/nvkm/subdev/bus/nv50.c | 6 +-
drivers/gpu/drm/nouveau/nvkm/subdev/clk/base.c | 6 +-
drivers/gpu/drm/omapdrm/omap_overlay.c | 2 +-
drivers/gpu/drm/panel/panel-simple.c | 3 +-
drivers/gpu/drm/rockchip/rockchip_drm_vop.c | 2 +-
drivers/gpu/drm/selftests/test-drm_buddy.c | 10 +-
drivers/gpu/drm/solomon/Kconfig | 2 +-
drivers/gpu/drm/solomon/ssd130x.c | 42 +-
drivers/gpu/drm/stm/ltdc.c | 16 +-
drivers/gpu/drm/tegra/gem.c | 1 +
drivers/gpu/drm/tilcdc/tilcdc_external.c | 8 +-
drivers/gpu/drm/tiny/repaper.c | 2 +-
drivers/gpu/drm/v3d/v3d_perfmon.c | 3 +-
drivers/gpu/drm/vc4/vc4_crtc.c | 2 +-
drivers/gpu/drm/vc4/vc4_drv.h | 1 +
drivers/gpu/drm/vc4/vc4_hvs.c | 49 +-
drivers/gpu/drm/vc4/vc4_kms.c | 5 +-
drivers/gpu/drm/vc4/vc4_regs.h | 12 +-
drivers/gpu/drm/vc4/vc4_txp.c | 8 +-
drivers/gpu/drm/virtio/virtgpu_display.c | 2 +
drivers/gpu/drm/vmwgfx/vmwgfx_kms.c | 30 +-
drivers/gpu/drm/vmwgfx/vmwgfx_kms.h | 1 -
drivers/gpu/drm/vmwgfx/vmwgfx_resource.c | 14 +-
drivers/hid/amd-sfh-hid/amd_sfh_hid.c | 4 +-
drivers/hid/amd-sfh-hid/amd_sfh_hid.h | 2 +-
drivers/hid/hid-bigbenff.c | 6 +
drivers/hid/hid-elan.c | 2 -
drivers/hid/hid-led.c | 2 +-
drivers/hv/channel.c | 6 +-
drivers/hwmon/peci/dimmtemp.c | 6 +-
drivers/hwmon/pmbus/pmbus_core.c | 95 ++-
drivers/hwtracing/coresight/coresight-core.c | 33 +-
drivers/i2c/busses/i2c-at91-master.c | 11 +
drivers/i2c/busses/i2c-npcm7xx.c | 103 ++-
drivers/i2c/busses/i2c-rcar.c | 15 +-
drivers/infiniband/hw/hfi1/file_ops.c | 2 +
drivers/infiniband/hw/hfi1/init.c | 2 +-
drivers/infiniband/hw/hfi1/sdma.c | 12 +-
drivers/infiniband/hw/hns/hns_roce_device.h | 7 +-
drivers/infiniband/hw/hns/hns_roce_hw_v2.c | 24 +-
drivers/infiniband/hw/hns/hns_roce_hw_v2.h | 2 +-
drivers/infiniband/hw/hns/hns_roce_main.c | 2 +-
drivers/infiniband/sw/rdmavt/qp.c | 6 +-
drivers/infiniband/sw/rxe/rxe_mcast.c | 6 +-
drivers/infiniband/sw/rxe/rxe_req.c | 2 +-
drivers/input/keyboard/gpio_keys.c | 2 +-
drivers/input/misc/sparcspkr.c | 1 +
drivers/input/touchscreen/stmfts.c | 16 +-
drivers/iommu/amd/init.c | 2 +-
drivers/iommu/amd/iommu.c | 7 -
drivers/iommu/amd/iommu_v2.c | 12 +-
drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3-sva.c | 13 +-
drivers/iommu/dma-iommu.c | 7 +-
drivers/iommu/intel/iommu.c | 2 +-
drivers/iommu/msm_iommu.c | 11 +-
drivers/iommu/mtk_iommu.c | 30 +-
drivers/iommu/mtk_iommu.h | 2 +
drivers/iommu/mtk_iommu_v1.c | 7 +
drivers/irqchip/irq-armada-370-xp.c | 11 +-
drivers/irqchip/irq-aspeed-i2c-ic.c | 4 +-
drivers/irqchip/irq-aspeed-scu-ic.c | 4 +-
drivers/irqchip/irq-gic-v3.c | 183 +++--
drivers/irqchip/irq-sni-exiu.c | 25 +-
drivers/irqchip/irq-xtensa-mx.c | 18 +-
drivers/macintosh/Kconfig | 6 +
drivers/macintosh/Makefile | 3 +-
drivers/macintosh/via-pmu.c | 2 +-
drivers/mailbox/mailbox.c | 19 +-
drivers/mailbox/pcc.c | 2 +-
drivers/md/bcache/btree.c | 58 +-
drivers/md/bcache/btree.h | 2 +-
drivers/md/bcache/journal.c | 31 +-
drivers/md/bcache/journal.h | 2 +
drivers/md/bcache/request.c | 6 +
drivers/md/bcache/super.c | 1 +
drivers/md/bcache/writeback.c | 101 +--
drivers/md/bcache/writeback.h | 2 +-
drivers/md/md-bitmap.c | 44 +-
drivers/md/md.c | 22 +-
drivers/md/raid0.c | 1 -
drivers/media/cec/core/cec-adap.c | 6 +-
drivers/media/i2c/Kconfig | 1 +
drivers/media/i2c/ccs/ccs-core.c | 7 +-
drivers/media/i2c/dw9714.c | 1 +
drivers/media/i2c/dw9768.c | 6 -
drivers/media/i2c/max9286.c | 19 +-
drivers/media/i2c/ov5648.c | 4 +-
drivers/media/i2c/ov7670.c | 1 -
drivers/media/i2c/rdacm20.c | 2 +-
drivers/media/i2c/rdacm21.c | 2 +-
drivers/media/pci/cx23885/cx23885-core.c | 6 +-
drivers/media/pci/cx25821/cx25821-core.c | 2 +-
drivers/media/platform/amphion/vdec.c | 2 +-
drivers/media/platform/aspeed/aspeed-video.c | 4 +-
drivers/media/platform/atmel/atmel-sama5d2-isc.c | 7 +-
drivers/media/platform/chips-media/coda-common.c | 35 +-
.../platform/mediatek/vcodec/mtk_vcodec_dec.c | 13 +-
.../platform/mediatek/vcodec/mtk_vcodec_dec_drv.c | 6 +-
drivers/media/platform/nxp/imx-mipi-csis.c | 561 ++++++++-------
drivers/media/platform/qcom/venus/helpers.c | 34 +-
drivers/media/platform/qcom/venus/hfi.c | 3 +
drivers/media/platform/renesas/vsp1/vsp1_rpf.c | 6 +-
drivers/media/platform/rockchip/rga/rga.c | 6 +-
.../media/platform/samsung/exynos4-is/fimc-is.c | 6 +-
.../platform/samsung/exynos4-is/fimc-isp-video.h | 2 +-
drivers/media/platform/st/sti/delta/delta-v4l2.c | 6 +-
drivers/media/radio/Kconfig | 4 +-
drivers/media/rc/bpf-lirc.c | 8 +-
drivers/media/rc/imon.c | 99 ++-
drivers/media/usb/pvrusb2/pvrusb2-hdw.c | 7 +-
drivers/media/usb/uvc/uvc_v4l2.c | 20 +-
drivers/memory/samsung/exynos5422-dmc.c | 5 +-
drivers/mfd/davinci_voicecodec.c | 6 +-
drivers/mfd/ipaq-micro.c | 2 +-
drivers/misc/fastrpc.c | 9 +-
drivers/misc/ocxl/file.c | 2 +
drivers/mmc/core/block.c | 8 +-
drivers/mmc/host/jz4740_mmc.c | 20 +
drivers/mmc/host/sdhci_am654.c | 23 +-
drivers/mtd/chips/cfi_cmdset_0002.c | 103 ++-
drivers/mtd/mtdblock.c | 8 +-
drivers/mtd/nand/raw/cadence-nand-controller.c | 5 +-
drivers/mtd/nand/raw/denali_pci.c | 15 +-
drivers/mtd/nand/raw/intel-nand-controller.c | 2 +-
drivers/mtd/nand/spi/gigadevice.c | 10 +-
drivers/mtd/spi-nor/core.c | 9 +
drivers/net/amt.c | 11 +-
drivers/net/bonding/bond_main.c | 15 +-
drivers/net/can/spi/mcp251xfd/mcp251xfd.h | 2 +-
drivers/net/can/xilinx_can.c | 4 +-
drivers/net/dsa/Kconfig | 3 +-
drivers/net/dsa/mt7530.c | 14 +-
drivers/net/dsa/qca8k.c | 7 +-
drivers/net/ethernet/broadcom/Makefile | 5 +
drivers/net/ethernet/broadcom/bnxt/bnxt.c | 1 +
drivers/net/ethernet/broadcom/bnxt/bnxt_ptp.c | 56 +-
drivers/net/ethernet/broadcom/bnxt/bnxt_ptp.h | 2 +
drivers/net/ethernet/cadence/macb_main.c | 42 +-
drivers/net/ethernet/cadence/macb_ptp.c | 4 +-
drivers/net/ethernet/freescale/dpaa2/dpaa2-eth.c | 12 +-
drivers/net/ethernet/huawei/hinic/hinic_hw_mgmt.c | 2 +
drivers/net/ethernet/huawei/hinic/hinic_hw_wq.c | 2 +-
drivers/net/ethernet/intel/ice/ice_devlink.c | 5 +-
drivers/net/ethernet/intel/ice/ice_repr.c | 7 +-
drivers/net/ethernet/intel/ice/ice_sriov.c | 32 +-
drivers/net/ethernet/intel/ice/ice_vf_lib.c | 28 +-
drivers/net/ethernet/intel/ice/ice_virtchnl.c | 5 +
drivers/net/ethernet/intel/ice/ice_virtchnl_fdir.c | 7 +-
drivers/net/ethernet/mellanox/mlx5/core/devlink.c | 4 +-
drivers/net/ethernet/mellanox/mlx5/core/en.h | 1 +
.../ethernet/mellanox/mlx5/core/en/tc/ct_fs_smfs.c | 2 +-
drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 9 +
drivers/net/ethernet/mellanox/mlx5/core/en_rep.c | 10 +-
drivers/net/ethernet/mellanox/mlx5/core/fs_core.c | 10 +-
drivers/net/ethernet/mellanox/mlx5/core/fw_reset.c | 2 +-
drivers/net/ethernet/mellanox/mlx5/core/lib/tout.c | 1 +
drivers/net/ethernet/mellanox/mlx5/core/lib/tout.h | 1 +
drivers/net/ethernet/mellanox/mlx5/core/main.c | 23 +-
.../net/ethernet/mellanox/mlx5/core/mlx5_core.h | 2 +-
drivers/net/ethernet/mellanox/mlxsw/spectrum_dcb.c | 13 -
.../net/ethernet/mellanox/mlxsw/spectrum_trap.c | 2 +-
drivers/net/ethernet/sfc/ef10.c | 2 +-
.../net/ethernet/stmicro/stmmac/stmmac_selftests.c | 13 +-
drivers/net/ethernet/ti/Kconfig | 1 +
drivers/net/ethernet/xscale/ptp_ixp46x.c | 2 +-
drivers/net/hyperv/netvsc_drv.c | 5 +-
drivers/net/ipa/ipa_endpoint.c | 41 +-
drivers/net/macsec.c | 7 +
drivers/net/phy/micrel.c | 11 +-
drivers/net/usb/asix_devices.c | 6 +-
drivers/net/usb/smsc95xx.c | 3 +-
drivers/net/usb/usbnet.c | 6 +-
drivers/net/wireless/ath/ath10k/mac.c | 20 +-
drivers/net/wireless/ath/ath11k/mac.c | 16 +-
drivers/net/wireless/ath/ath11k/pci.c | 12 +-
drivers/net/wireless/ath/ath11k/spectral.c | 17 +-
drivers/net/wireless/ath/ath11k/wmi.c | 11 +-
drivers/net/wireless/ath/ath11k/wmi.h | 12 +-
drivers/net/wireless/ath/ath9k/ar9003_eeprom.c | 2 +-
drivers/net/wireless/ath/ath9k/ar9003_phy.h | 2 +-
drivers/net/wireless/ath/ath9k/htc_drv_txrx.c | 8 +
drivers/net/wireless/ath/carl9170/tx.c | 3 +
drivers/net/wireless/broadcom/b43/phy_n.c | 2 +-
drivers/net/wireless/broadcom/b43legacy/phy.c | 2 +-
drivers/net/wireless/intel/ipw2x00/libipw_tx.c | 2 +-
drivers/net/wireless/intel/iwlwifi/fw/acpi.c | 3 +
drivers/net/wireless/intel/iwlwifi/mei/main.c | 3 +
drivers/net/wireless/intel/iwlwifi/mvm/power.c | 3 +
drivers/net/wireless/marvell/mwifiex/11h.c | 2 +
drivers/net/wireless/mediatek/mt76/agg-rx.c | 5 +-
drivers/net/wireless/mediatek/mt76/mac80211.c | 8 +-
drivers/net/wireless/mediatek/mt76/mt76.h | 2 +-
drivers/net/wireless/mediatek/mt76/mt7603/main.c | 2 +-
drivers/net/wireless/mediatek/mt76/mt7615/main.c | 2 +-
drivers/net/wireless/mediatek/mt76/mt76x02_util.c | 4 +-
.../net/wireless/mediatek/mt76/mt7915/debugfs.c | 2 +-
drivers/net/wireless/mediatek/mt76/mt7915/eeprom.c | 2 +
drivers/net/wireless/mediatek/mt76/mt7915/mac.c | 35 +-
drivers/net/wireless/mediatek/mt76/mt7915/main.c | 2 +-
drivers/net/wireless/mediatek/mt76/mt7915/mcu.c | 20 +-
drivers/net/wireless/mediatek/mt76/mt7915/mt7915.h | 2 +-
drivers/net/wireless/mediatek/mt76/mt7915/soc.c | 2 +
drivers/net/wireless/mediatek/mt76/mt7921/mac.c | 6 +-
drivers/net/wireless/mediatek/mt76/mt7921/main.c | 6 +-
drivers/net/wireless/mediatek/mt76/mt7921/pci.c | 10 +-
drivers/net/wireless/mediatek/mt76/tx.c | 11 +-
drivers/net/wireless/microchip/wilc1000/mon.c | 4 +-
drivers/net/wireless/realtek/rtl818x/rtl8180/dev.c | 8 +-
drivers/net/wireless/realtek/rtlwifi/usb.c | 2 +-
drivers/net/wireless/realtek/rtw88/rtw8821c.c | 4 +
drivers/net/wireless/realtek/rtw88/rx.c | 3 +-
drivers/net/wireless/realtek/rtw89/cam.c | 14 +-
drivers/net/wireless/realtek/rtw89/fw.c | 2 +-
drivers/net/wireless/realtek/rtw89/phy.c | 5 +
drivers/net/wireless/realtek/rtw89/ser.c | 21 +
drivers/net/wireless/ti/wl1251/event.c | 22 +-
drivers/net/wireless/ti/wl1251/io.c | 20 +-
drivers/net/wireless/ti/wl1251/tx.c | 15 +-
drivers/nfc/st21nfca/se.c | 17 +-
drivers/nfc/st21nfca/st21nfca.h | 1 +
drivers/nvdimm/core.c | 9 -
drivers/nvdimm/pmem.c | 30 +-
drivers/nvdimm/security.c | 5 -
drivers/nvme/host/core.c | 21 +-
drivers/nvme/host/pci.c | 1 +
drivers/of/fdt.c | 3 +
drivers/of/kexec.c | 9 +
drivers/of/overlay.c | 4 +-
drivers/opp/of.c | 2 +-
drivers/pci/controller/cadence/pci-j721e.c | 3 +
drivers/pci/controller/cadence/pcie-cadence-ep.c | 21 +-
drivers/pci/controller/cadence/pcie-cadence.h | 3 +
drivers/pci/controller/dwc/pci-imx6.c | 23 +-
drivers/pci/controller/dwc/pcie-designware-host.c | 3 +-
drivers/pci/controller/dwc/pcie-qcom.c | 15 +-
drivers/pci/controller/pcie-mediatek-gen3.c | 8 +
drivers/pci/controller/pcie-mediatek.c | 1 +
drivers/pci/controller/pcie-microchip-host.c | 16 +-
drivers/pci/controller/pcie-rockchip-ep.c | 3 +-
drivers/pci/pci-acpi.c | 41 +-
drivers/pci/pci.c | 12 +-
drivers/pci/pcie/aer.c | 7 +-
drivers/pci/quirks.c | 47 ++
drivers/phy/qualcomm/phy-qcom-qmp.c | 11 +-
drivers/pinctrl/bcm/pinctrl-bcm2835.c | 18 +
drivers/pinctrl/mediatek/Kconfig | 1 +
drivers/pinctrl/mvebu/pinctrl-armada-37xx.c | 2 +-
drivers/pinctrl/pinctrl-apple-gpio.c | 1 +
drivers/pinctrl/pinctrl-rockchip.c | 54 +-
drivers/pinctrl/pinctrl-rockchip.h | 7 +-
drivers/pinctrl/renesas/core.c | 7 +-
drivers/pinctrl/renesas/pfc-r8a779a0.c | 29 +
drivers/pinctrl/renesas/pfc-r8a779f0.c | 21 +
drivers/pinctrl/renesas/pinctrl-rzn1.c | 10 +-
drivers/platform/chrome/cros_ec.c | 16 +-
drivers/platform/chrome/cros_ec_chardev.c | 2 +-
drivers/platform/chrome/cros_ec_proto.c | 50 +-
drivers/platform/mips/cpu_hwmon.c | 127 ++--
drivers/platform/x86/intel/chtwc_int33fe.c | 2 +
drivers/platform/x86/intel/hid.c | 2 +-
drivers/regulator/core.c | 7 +-
drivers/regulator/da9121-regulator.c | 2 +
drivers/regulator/pfuze100-regulator.c | 2 +
drivers/regulator/qcom_smd-regulator.c | 35 +-
drivers/regulator/scmi-regulator.c | 2 +-
drivers/s390/cio/chsc.c | 4 +-
drivers/scsi/dc395x.c | 15 +-
drivers/scsi/fcoe/fcoe_ctlr.c | 2 +-
drivers/scsi/hisi_sas/hisi_sas_main.c | 49 +-
drivers/scsi/hisi_sas/hisi_sas_v3_hw.c | 10 +-
drivers/scsi/lpfc/lpfc.h | 1 +
drivers/scsi/lpfc/lpfc_els.c | 112 +--
drivers/scsi/lpfc/lpfc_hbadisc.c | 3 +
drivers/scsi/lpfc/lpfc_init.c | 51 +-
drivers/scsi/lpfc/lpfc_logmsg.h | 6 +-
drivers/scsi/lpfc/lpfc_nportdisc.c | 10 +-
drivers/scsi/lpfc/lpfc_scsi.c | 37 +-
drivers/scsi/lpfc/lpfc_sli.c | 48 +-
drivers/scsi/megaraid.c | 2 +-
drivers/scsi/ufs/ti-j721e-ufs.c | 6 +-
drivers/scsi/ufs/ufs-qcom.c | 14 +-
drivers/scsi/ufs/ufshcd.c | 7 +-
drivers/soc/bcm/bcm63xx/bcm-pmb.c | 3 +
drivers/soc/qcom/llcc-qcom.c | 1 +
drivers/soc/qcom/smp2p.c | 1 +
drivers/soc/qcom/smsm.c | 1 +
drivers/soc/ti/ti_sci_pm_domains.c | 2 +
drivers/spi/spi-cadence-quadspi.c | 2 +-
drivers/spi/spi-fsl-qspi.c | 4 +
drivers/spi/spi-img-spfi.c | 2 +-
drivers/spi/spi-rockchip.c | 8 +
drivers/spi/spi-rspi.c | 15 +-
drivers/spi/spi-stm32-qspi.c | 3 +-
drivers/spi/spi-ti-qspi.c | 5 +-
drivers/staging/media/hantro/hantro_drv.c | 17 +-
drivers/staging/media/hantro/hantro_g2_hevc_dec.c | 11 +-
drivers/staging/media/hantro/hantro_h264.c | 2 -
drivers/staging/media/hantro/hantro_v4l2.c | 67 +-
drivers/staging/media/rkvdec/rkvdec-h264.c | 37 +-
drivers/staging/media/rkvdec/rkvdec.c | 6 -
drivers/staging/r8188eu/os_dep/ioctl_linux.c | 92 +--
drivers/target/target_core_device.c | 1 -
drivers/target/target_core_user.c | 50 +-
drivers/thermal/broadcom/bcm2711_thermal.c | 5 +-
drivers/thermal/broadcom/sr-thermal.c | 3 +
drivers/thermal/devfreq_cooling.c | 25 +-
drivers/thermal/imx_sc_thermal.c | 6 +-
drivers/thermal/thermal_core.c | 1 +
drivers/tty/goldfish.c | 20 +-
drivers/tty/n_gsm.c | 31 +-
drivers/tty/serial/pch_uart.c | 27 +-
drivers/tty/tty_buffer.c | 3 +-
drivers/usb/core/hcd.c | 29 +-
drivers/usb/core/quirks.c | 3 +
drivers/usb/dwc3/gadget.c | 6 +-
drivers/usb/host/xhci-pci.c | 2 +
drivers/usb/host/xhci.c | 2 +
drivers/usb/isp1760/isp1760-core.c | 8 +
drivers/usb/serial/option.c | 2 +
drivers/usb/serial/pl2303.c | 3 +
drivers/vdpa/vdpa_sim/vdpa_sim.c | 5 +-
drivers/video/console/sticon.c | 5 +-
drivers/video/console/sticore.c | 32 +-
drivers/video/fbdev/amba-clcd.c | 5 +-
drivers/video/fbdev/core/fb_defio.c | 9 +-
drivers/video/fbdev/core/fbcon.c | 5 +-
drivers/video/fbdev/sticore.h | 3 +
drivers/video/fbdev/stifb.c | 4 +-
drivers/video/fbdev/vesafb.c | 5 +-
fs/afs/misc.c | 5 +-
fs/afs/rotate.c | 4 +
fs/afs/rxrpc.c | 8 +-
fs/afs/write.c | 1 +
fs/binfmt_flat.c | 27 +-
fs/btrfs/block-group.c | 8 +
fs/btrfs/block-group.h | 2 +
fs/btrfs/disk-io.c | 4 +-
fs/btrfs/extent_io.c | 27 +-
fs/btrfs/extent_io.h | 1 -
fs/btrfs/inode.c | 81 ++-
fs/btrfs/ioctl.c | 49 +-
fs/btrfs/volumes.c | 8 +-
fs/btrfs/zoned.c | 44 +-
fs/btrfs/zoned.h | 5 +
fs/ceph/mds_client.c | 14 +-
fs/cifs/cifsfs.c | 10 +-
fs/cifs/cifsglob.h | 15 +-
fs/cifs/connect.c | 67 +-
fs/cifs/dfs_cache.c | 6 +-
fs/cifs/fs_context.c | 29 +-
fs/cifs/fs_context.h | 2 +-
fs/cifs/misc.c | 7 +-
fs/cifs/sess.c | 6 +-
fs/cifs/smb2inode.c | 2 -
fs/cifs/smb2ops.c | 9 +-
fs/cifs/smb2pdu.c | 3 +-
fs/cifs/smb2transport.c | 3 +-
fs/dax.c | 3 +-
fs/dlm/lock.c | 15 +-
fs/dlm/lowcomms.c | 2 +-
fs/dlm/plock.c | 12 +-
fs/erofs/decompressor.c | 5 +-
fs/exec.c | 6 +-
fs/exportfs/expfs.c | 5 +-
fs/ext4/ext4.h | 6 -
fs/ext4/extents.c | 20 +-
fs/ext4/inline.c | 12 +
fs/ext4/inode.c | 13 +-
fs/ext4/mballoc.c | 18 +-
fs/ext4/namei.c | 84 ++-
fs/ext4/super.c | 87 ++-
fs/f2fs/dir.c | 3 +-
fs/f2fs/f2fs.h | 29 +-
fs/f2fs/file.c | 20 +-
fs/f2fs/hash.c | 11 +-
fs/f2fs/inline.c | 29 +-
fs/f2fs/inode.c | 19 +-
fs/f2fs/namei.c | 7 +
fs/f2fs/segment.c | 42 +-
fs/f2fs/segment.h | 33 +-
fs/f2fs/super.c | 6 +-
fs/fat/fatent.c | 7 +-
fs/fs-writeback.c | 13 +-
fs/gfs2/quota.c | 32 +-
fs/hugetlbfs/inode.c | 4 +-
fs/io_uring.c | 7 +-
fs/iomap/buffered-io.c | 3 +-
fs/jfs/jfs_dmap.c | 3 +-
fs/ksmbd/connection.c | 2 +-
fs/ksmbd/smb2misc.c | 2 +-
fs/ksmbd/smb_common.c | 4 +-
fs/namei.c | 70 +-
fs/namespace.c | 5 +-
fs/nfs/file.c | 50 +-
fs/nfs/fscache.c | 7 +-
fs/nfs/nfs4namespace.c | 9 +-
fs/nfs/nfs4proc.c | 41 +-
fs/nfs/nfs4state.c | 9 +-
fs/nfs/nfs4xdr.c | 4 +-
fs/nfs/pagelist.c | 3 +
fs/nfs/pnfs.c | 2 +
fs/nfs/unlink.c | 8 +
fs/nfs/write.c | 54 +-
fs/nfsd/nfscache.c | 2 +-
fs/notify/fanotify/fanotify_user.c | 4 +-
fs/notify/fdinfo.c | 11 +-
fs/notify/inotify/inotify.h | 12 +
fs/notify/inotify/inotify_user.c | 2 +-
fs/notify/mark.c | 6 +-
fs/ntfs3/file.c | 12 +-
fs/ntfs3/frecord.c | 10 +-
fs/ntfs3/fslog.c | 12 +-
fs/ntfs3/inode.c | 9 +-
fs/ntfs3/xattr.c | 112 ++-
fs/ocfs2/dlmfs/userdlm.c | 16 +-
fs/ocfs2/inode.c | 4 +-
fs/ocfs2/journal.c | 33 +-
fs/ocfs2/journal.h | 2 +
fs/ocfs2/super.c | 15 +
fs/proc/generic.c | 3 +
fs/proc/proc_net.c | 3 +
fs/seq_file.c | 32 +
include/drm/drm_edid.h | 6 +-
include/drm/drm_format_helper.h | 5 +-
include/linux/blk_types.h | 5 +-
include/linux/bpf.h | 119 +---
include/linux/compat.h | 1 +
include/linux/efi.h | 2 +
include/linux/fwnode.h | 10 +-
include/linux/goldfish.h | 15 +-
include/linux/gpio/driver.h | 12 +
include/linux/ipmi_smi.h | 6 +
include/linux/kexec.h | 46 +-
include/linux/kprobes.h | 2 +-
include/linux/linkage.h | 15 +-
include/linux/list.h | 16 +-
include/linux/mailbox_controller.h | 1 +
include/linux/module.h | 3 +-
include/linux/mtd/cfi.h | 1 +
include/linux/namei.h | 6 +
include/linux/nfs_fs_sb.h | 1 +
include/linux/nfs_xdr.h | 2 +-
include/linux/nodemask.h | 13 +-
include/linux/platform_data/cros_ec_proto.h | 3 +
include/linux/ptp_classify.h | 3 +
include/linux/ptrace.h | 7 -
include/linux/sched/signal.h | 2 +-
include/linux/sched/task.h | 2 +
include/linux/seq_file.h | 4 +
include/linux/set_memory.h | 10 +-
include/linux/usb/hcd.h | 2 +
include/net/bluetooth/hci.h | 9 +
include/net/bluetooth/hci_core.h | 8 +-
include/net/if_inet6.h | 8 +
include/net/ip.h | 2 +-
include/net/sock.h | 5 +-
include/scsi/libfcoe.h | 3 +-
include/scsi/libiscsi.h | 6 +-
include/sound/cs35l41.h | 1 -
include/sound/jack.h | 1 +
include/trace/events/rxrpc.h | 2 +-
include/trace/events/vmscan.h | 4 +-
include/uapi/asm-generic/siginfo.h | 7 +
include/uapi/linux/android/binder.h | 2 +-
include/uapi/linux/landlock.h | 9 +-
include/uapi/linux/lirc.h | 7 +
include/uapi/linux/types.h | 3 +
init/Kconfig | 5 +
init/main.c | 2 +-
ipc/mqueue.c | 14 +
kernel/bpf/cgroup.c | 124 +++-
kernel/dma/debug.c | 2 +-
kernel/dma/direct.c | 31 +-
kernel/events/core.c | 4 +-
kernel/fork.c | 22 +-
kernel/kexec_file.c | 34 -
kernel/kprobes.c | 144 ++--
kernel/module.c | 4 +
kernel/power/energy_model.c | 2 +
kernel/printk/printk.c | 61 +-
kernel/ptrace.c | 5 +-
kernel/rcu/Kconfig | 1 +
kernel/rcu/tasks.h | 5 +-
kernel/scftorture.c | 5 +-
kernel/sched/core.c | 6 +-
kernel/sched/deadline.c | 5 +-
kernel/sched/fair.c | 8 +-
kernel/sched/pelt.h | 4 +-
kernel/sched/psi.c | 15 +-
kernel/sched/rt.c | 5 +-
kernel/sched/sched.h | 32 +-
kernel/signal.c | 18 +-
kernel/trace/bpf_trace.c | 5 +-
kernel/trace/ftrace.c | 5 +-
kernel/trace/trace.c | 6 +-
kernel/trace/trace_boot.c | 2 +-
kernel/trace/trace_events.c | 13 +-
kernel/trace/trace_events_hist.c | 3 +
kernel/trace/trace_osnoise.c | 9 +-
kernel/trace/trace_selftest.c | 3 +
kernel/umh.c | 6 +-
lib/kunit/debugfs.c | 2 +-
lib/kunit/executor.c | 32 +-
lib/kunit/executor_test.c | 4 +-
lib/string_helpers.c | 3 +
mm/cma.c | 4 +-
mm/compaction.c | 2 +
mm/hugetlb.c | 9 +-
mm/memremap.c | 2 +-
mm/page_alloc.c | 4 +-
mm/page_owner.c | 2 +-
net/bluetooth/hci_conn.c | 7 +-
net/bluetooth/hci_event.c | 35 +-
net/bluetooth/hci_request.c | 2 +
net/bluetooth/sco.c | 23 +-
net/core/dev.c | 8 +-
net/ipv4/tcp_input.c | 28 +-
net/ipv6/addrconf.c | 33 +-
net/ipv6/datagram.c | 6 +-
net/ipv6/udp.c | 11 +-
net/mac80211/chan.c | 7 +-
net/mac80211/ieee80211_i.h | 5 +
net/mac80211/rc80211_minstrel_ht.c | 3 +
net/mac80211/scan.c | 20 +
net/mptcp/pm.c | 19 +-
net/mptcp/pm_netlink.c | 2 +
net/mptcp/protocol.c | 18 +-
net/mptcp/protocol.h | 1 +
net/nfc/core.c | 1 +
net/rxrpc/ar-internal.h | 15 +-
net/rxrpc/call_accept.c | 6 +-
net/rxrpc/call_event.c | 7 +-
net/rxrpc/call_object.c | 18 +-
net/rxrpc/conn_object.c | 2 +-
net/rxrpc/input.c | 58 +-
net/rxrpc/net_ns.c | 2 +-
net/rxrpc/output.c | 20 +-
net/rxrpc/proc.c | 10 +-
net/rxrpc/recvmsg.c | 8 +-
net/rxrpc/sendmsg.c | 6 +
net/rxrpc/sysctl.c | 4 +-
net/sctp/input.c | 4 +-
net/smc/af_smc.c | 2 +-
net/wireless/nl80211.c | 4 +-
net/wireless/reg.c | 4 +
samples/bpf/Makefile | 9 +-
samples/landlock/sandboxer.c | 104 +--
scripts/faddr2line | 150 ++--
security/integrity/ima/Kconfig | 14 +-
.../integrity/platform_certs/keyring_handler.h | 8 +
security/integrity/platform_certs/load_uefi.c | 33 +
security/landlock/cred.c | 4 +-
security/landlock/cred.h | 8 +-
security/landlock/fs.c | 191 ++++--
security/landlock/fs.h | 11 +-
security/landlock/limits.h | 8 +-
security/landlock/object.c | 6 +-
security/landlock/object.h | 6 +-
security/landlock/ptrace.c | 10 +-
security/landlock/ruleset.c | 84 +--
security/landlock/ruleset.h | 35 +-
security/landlock/syscalls.c | 95 +--
sound/core/jack.c | 34 +-
sound/core/pcm_memory.c | 3 +-
sound/pci/hda/patch_realtek.c | 21 +-
sound/soc/amd/yc/acp6x-mach.c | 29 +-
sound/soc/atmel/atmel-classd.c | 1 -
sound/soc/atmel/atmel-pdmic.c | 1 -
sound/soc/codecs/Kconfig | 2 -
sound/soc/codecs/cs35l41-lib.c | 14 +-
sound/soc/codecs/lpass-macro-common.c | 35 +-
sound/soc/codecs/max98090.c | 6 +-
sound/soc/codecs/rk3328_codec.c | 2 +-
sound/soc/codecs/rt5514.c | 2 +-
sound/soc/codecs/rt5645.c | 7 +-
sound/soc/codecs/tscs454.c | 12 +-
sound/soc/codecs/wm2000.c | 6 +-
sound/soc/fsl/imx-hdmi.c | 1 +
sound/soc/fsl/imx-sgtl5000.c | 14 +-
sound/soc/intel/boards/bytcr_rt5640.c | 12 +
sound/soc/intel/boards/sof_ssp_amp.c | 16 +-
sound/soc/mediatek/mt2701/mt2701-wm8960.c | 9 +-
sound/soc/mediatek/mt8173/mt8173-max98090.c | 5 +-
sound/soc/mxs/mxs-saif.c | 1 +
sound/soc/samsung/aries_wm8994.c | 2 +-
sound/soc/sh/rcar/core.c | 15 +-
sound/soc/sh/rcar/dma.c | 9 +-
sound/soc/sh/rcar/rsnd.h | 2 +-
sound/soc/sh/rcar/src.c | 7 +-
sound/soc/sh/rcar/ssi.c | 14 +-
sound/soc/sh/rcar/ssiu.c | 11 +-
sound/soc/sh/rz-ssi.c | 22 +-
sound/soc/soc-dapm.c | 2 -
sound/soc/sof/amd/pci-rn.c | 1 +
sound/soc/sof/ipc3-topology.c | 40 +-
sound/soc/ti/j721e-evm.c | 44 +-
sound/usb/implicit.c | 10 +-
sound/usb/midi.c | 3 +
sound/usb/quirks.c | 6 +
sound/usb/usbaudio.h | 6 +
.../test-libbpf-btf__load_from_kernel_by_id.c | 5 +-
tools/lib/bpf/libbpf.c | 22 +-
tools/objtool/check.c | 9 +-
tools/objtool/elf.c | 200 ++++--
tools/objtool/include/objtool/elf.h | 4 +-
tools/perf/Makefile.config | 39 +-
tools/perf/arch/x86/util/evlist.c | 2 +-
tools/perf/arch/x86/util/evsel.c | 12 +
tools/perf/builtin-c2c.c | 6 +-
tools/perf/builtin-stat.c | 7 +-
tools/perf/pmu-events/jevents.c | 2 +-
tools/perf/util/data.h | 1 +
tools/perf/util/evlist.c | 12 +-
tools/perf/util/evsel.c | 19 +
tools/perf/util/evsel.h | 3 +
tools/power/x86/turbostat/turbostat.c | 1 +
tools/testing/kunit/kunit_parser.py | 7 +-
.../test_is_test_passed-no_tests_no_plan.log | 2 +-
tools/testing/selftests/Makefile | 1 +
tools/testing/selftests/arm64/bti/Makefile | 4 +-
tools/testing/selftests/bpf/Makefile | 12 +-
.../selftests/bpf/prog_tests/trampoline_count.c | 134 ++--
.../bpf/progs/btf_dump_test_case_syntax.c | 2 +-
tools/testing/selftests/bpf/progs/profiler.inc.h | 5 +-
.../selftests/bpf/progs/test_trampoline_count.c | 16 +-
.../selftests/bpf/test_bpftool_synctypes.py | 2 +-
tools/testing/selftests/bpf/trace_helpers.c | 9 +-
tools/testing/selftests/cgroup/test_stress.sh | 2 +-
tools/testing/selftests/landlock/base_test.c | 177 +++--
tools/testing/selftests/landlock/common.h | 66 +-
tools/testing/selftests/landlock/fs_test.c | 753 ++++++++++++++-------
tools/testing/selftests/landlock/ptrace_test.c | 40 +-
tools/testing/selftests/resctrl/fill_buf.c | 4 +-
tools/tracing/rtla/Makefile | 5 +-
tools/tracing/rtla/README.txt | 13 +-
tools/tracing/rtla/src/osnoise_hist.c | 5 +-
tools/tracing/rtla/src/osnoise_top.c | 9 +-
tools/tracing/rtla/src/timerlat_hist.c | 11 +-
tools/tracing/rtla/src/timerlat_top.c | 11 +-
tools/tracing/rtla/src/utils.c | 108 ++-
tools/tracing/rtla/src/utils.h | 3 +-
951 files changed, 9396 insertions(+), 5279 deletions(-)
^ permalink raw reply [flat|nested] 898+ messages in thread
* [PATCH 5.18 001/879] arm64: Initialize jump labels before setup_machine_fdt()
2022-06-07 16:51 [PATCH 5.18 000/879] 5.18.3-rc1 review Greg Kroah-Hartman
@ 2022-06-07 16:51 ` Greg Kroah-Hartman
2022-06-08 9:11 ` Catalin Marinas
2022-06-07 16:52 ` [PATCH 5.18 002/879] binfmt_flat: do not stop relocating GOT entries prematurely on riscv Greg Kroah-Hartman
` (887 subsequent siblings)
888 siblings, 1 reply; 898+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:51 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hsin-Yi Wang, Douglas Anderson,
Ard Biesheuvel, Steven Rostedt, Jason A. Donenfeld,
Dominik Brodowski, Stephen Boyd, Catalin Marinas
From: Stephen Boyd <swboyd@chromium.org>
commit 73e2d827a501d48dceeb5b9b267a4cd283d6b1ae upstream.
A static key warning splat appears during early boot on arm64 systems
that credit randomness from devicetrees that contain an "rng-seed"
property. This is because setup_machine_fdt() is called before
jump_label_init() during setup_arch(). Let's swap the order of these two
calls so that jump labels are initialized before the devicetree is
unflattened and the rng seed is credited.
static_key_enable_cpuslocked(): static key '0xffffffe51c6fcfc0' used before call to jump_label_init()
WARNING: CPU: 0 PID: 0 at kernel/jump_label.c:166 static_key_enable_cpuslocked+0xb0/0xb8
Modules linked in:
CPU: 0 PID: 0 Comm: swapper Not tainted 5.18.0+ #224 44b43e377bfc84bc99bb5ab885ff694984ee09ff
pstate: 600001c9 (nZCv dAIF -PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : static_key_enable_cpuslocked+0xb0/0xb8
lr : static_key_enable_cpuslocked+0xb0/0xb8
sp : ffffffe51c393cf0
x29: ffffffe51c393cf0 x28: 000000008185054c x27: 00000000f1042f10
x26: 0000000000000000 x25: 00000000f10302b2 x24: 0000002513200000
x23: 0000002513200000 x22: ffffffe51c1c9000 x21: fffffffdfdc00000
x20: ffffffe51c2f0831 x19: ffffffe51c6fcfc0 x18: 00000000ffff1020
x17: 00000000e1e2ac90 x16: 00000000000000e0 x15: ffffffe51b710708
x14: 0000000000000066 x13: 0000000000000018 x12: 0000000000000000
x11: 0000000000000000 x10: 00000000ffffffff x9 : 0000000000000000
x8 : 0000000000000000 x7 : 61632065726f6665 x6 : 6220646573752027
x5 : ffffffe51c641d25 x4 : ffffffe51c13142c x3 : ffff0a00ffffff05
x2 : 40000000ffffe003 x1 : 00000000000001c0 x0 : 0000000000000065
Call trace:
static_key_enable_cpuslocked+0xb0/0xb8
static_key_enable+0x2c/0x40
crng_set_ready+0x24/0x30
execute_in_process_context+0x80/0x90
_credit_init_bits+0x100/0x154
add_bootloader_randomness+0x64/0x78
early_init_dt_scan_chosen+0x140/0x184
early_init_dt_scan_nodes+0x28/0x4c
early_init_dt_scan+0x40/0x44
setup_machine_fdt+0x7c/0x120
setup_arch+0x74/0x1d8
start_kernel+0x84/0x44c
__primary_switched+0xc0/0xc8
---[ end trace 0000000000000000 ]---
random: crng init done
Machine model: Google Lazor (rev1 - 2) with LTE
Cc: Hsin-Yi Wang <hsinyi@chromium.org>
Cc: Douglas Anderson <dianders@chromium.org>
Cc: Ard Biesheuvel <ardb@kernel.org>
Cc: Steven Rostedt <rostedt@goodmis.org>
Cc: Jason A. Donenfeld <Jason@zx2c4.com>
Cc: Dominik Brodowski <linux@dominikbrodowski.net>
Fixes: f5bda35fba61 ("random: use static branch for crng_ready()")
Signed-off-by: Stephen Boyd <swboyd@chromium.org>
Reviewed-by: Jason A. Donenfeld <Jason@zx2c4.com>
Link: https://lore.kernel.org/r/20220602022109.780348-1-swboyd@chromium.org
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arm64/kernel/setup.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
--- a/arch/arm64/kernel/setup.c
+++ b/arch/arm64/kernel/setup.c
@@ -314,13 +314,14 @@ void __init __no_sanitize_address setup_
early_fixmap_init();
early_ioremap_init();
- setup_machine_fdt(__fdt_pointer);
-
/*
* Initialise the static keys early as they may be enabled by the
- * cpufeature code and early parameters.
+ * cpufeature code, early parameters, and DT setup.
*/
jump_label_init();
+
+ setup_machine_fdt(__fdt_pointer);
+
parse_early_param();
/*
^ permalink raw reply [flat|nested] 898+ messages in thread
* [PATCH 5.18 002/879] binfmt_flat: do not stop relocating GOT entries prematurely on riscv
2022-06-07 16:51 [PATCH 5.18 000/879] 5.18.3-rc1 review Greg Kroah-Hartman
2022-06-07 16:51 ` [PATCH 5.18 001/879] arm64: Initialize jump labels before setup_machine_fdt() Greg Kroah-Hartman
@ 2022-06-07 16:52 ` Greg Kroah-Hartman
2022-06-07 16:52 ` [PATCH 5.18 003/879] parisc: fix a crash with multicore scheduler Greg Kroah-Hartman
` (886 subsequent siblings)
888 siblings, 0 replies; 898+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:52 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Niklas Cassel, Damien Le Moal,
Kees Cook, kernel test robot
From: Niklas Cassel <niklas.cassel@wdc.com>
commit 6045ab5fea4c849153ebeb0acb532da5f29d69c4 upstream.
bFLT binaries are usually created using elf2flt.
The linker script used by elf2flt has defined the .data section like the
following for the last 19 years:
.data : {
_sdata = . ;
__data_start = . ;
data_start = . ;
*(.got.plt)
*(.got)
FILL(0) ;
. = ALIGN(0x20) ;
LONG(-1)
. = ALIGN(0x20) ;
...
}
It places the .got.plt input section before the .got input section.
The same is true for the default linker script (ld --verbose) on most
architectures except x86/x86-64.
The binfmt_flat loader should relocate all GOT entries until it encounters
a -1 (the LONG(-1) in the linker script).
The problem is that the .got.plt input section starts with a GOTPLT header
(which has size 16 bytes on elf64-riscv and 8 bytes on elf32-riscv), where
the first word is set to -1. See the binutils implementation for riscv [1].
This causes the binfmt_flat loader to stop relocating GOT entries
prematurely and thus causes the application to crash when running.
Fix this by skipping the whole GOTPLT header, since the whole GOTPLT header
is reserved for the dynamic linker.
The GOTPLT header will only be skipped for bFLT binaries with flag
FLAT_FLAG_GOTPIC set. This flag is unconditionally set by elf2flt if the
supplied ELF binary has the symbol _GLOBAL_OFFSET_TABLE_ defined.
ELF binaries without a .got input section should thus remain unaffected.
Tested on RISC-V Canaan Kendryte K210 and RISC-V QEMU nommu_virt_defconfig.
[1] https://sourceware.org/git/?p=binutils-gdb.git;a=blob;f=bfd/elfnn-riscv.c;hb=binutils-2_38#l3275
Cc: <stable@vger.kernel.org>
Signed-off-by: Niklas Cassel <niklas.cassel@wdc.com>
Reviewed-by: Damien Le Moal <damien.lemoal@opensource.wdc.com>
Link: https://lore.kernel.org/r/20220414091018.896737-1-niklas.cassel@wdc.com
Fixed-by: kernel test robot <lkp@intel.com>
Link: https://lore.kernel.org/lkml/202204182333.OIUOotK8-lkp@intel.com
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/binfmt_flat.c | 27 ++++++++++++++++++++++++++-
1 file changed, 26 insertions(+), 1 deletion(-)
--- a/fs/binfmt_flat.c
+++ b/fs/binfmt_flat.c
@@ -440,6 +440,30 @@ static void old_reloc(unsigned long rl)
/****************************************************************************/
+static inline u32 __user *skip_got_header(u32 __user *rp)
+{
+ if (IS_ENABLED(CONFIG_RISCV)) {
+ /*
+ * RISC-V has a 16 byte GOT PLT header for elf64-riscv
+ * and 8 byte GOT PLT header for elf32-riscv.
+ * Skip the whole GOT PLT header, since it is reserved
+ * for the dynamic linker (ld.so).
+ */
+ u32 rp_val0, rp_val1;
+
+ if (get_user(rp_val0, rp))
+ return rp;
+ if (get_user(rp_val1, rp + 1))
+ return rp;
+
+ if (rp_val0 == 0xffffffff && rp_val1 == 0xffffffff)
+ rp += 4;
+ else if (rp_val0 == 0xffffffff)
+ rp += 2;
+ }
+ return rp;
+}
+
static int load_flat_file(struct linux_binprm *bprm,
struct lib_info *libinfo, int id, unsigned long *extra_stack)
{
@@ -789,7 +813,8 @@ static int load_flat_file(struct linux_b
* image.
*/
if (flags & FLAT_FLAG_GOTPIC) {
- for (rp = (u32 __user *)datapos; ; rp++) {
+ rp = skip_got_header((u32 __user *) datapos);
+ for (; ; rp++) {
u32 addr, rp_val;
if (get_user(rp_val, rp))
return -EFAULT;
^ permalink raw reply [flat|nested] 898+ messages in thread
* [PATCH 5.18 003/879] parisc: fix a crash with multicore scheduler
2022-06-07 16:51 [PATCH 5.18 000/879] 5.18.3-rc1 review Greg Kroah-Hartman
2022-06-07 16:51 ` [PATCH 5.18 001/879] arm64: Initialize jump labels before setup_machine_fdt() Greg Kroah-Hartman
2022-06-07 16:52 ` [PATCH 5.18 002/879] binfmt_flat: do not stop relocating GOT entries prematurely on riscv Greg Kroah-Hartman
@ 2022-06-07 16:52 ` Greg Kroah-Hartman
2022-06-07 16:52 ` [PATCH 5.18 004/879] parisc/stifb: Implement fb_is_primary_device() Greg Kroah-Hartman
` (885 subsequent siblings)
888 siblings, 0 replies; 898+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:52 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Mikulas Patocka, Helge Deller
From: Mikulas Patocka <mpatocka@redhat.com>
commit 6ba688364856ad083be537f08e86ba97f433d405 upstream.
With the kernel 5.18, the system will hang on boot if it is compiled with
CONFIG_SCHED_MC. The last printed message is "Brought up 1 node, 1 CPU".
The crash happens in sd_init
tl->mask (which is cpu_coregroup_mask) returns an empty mask. This happens
because cpu_topology[0].core_sibling is empty.
Consequently, sd_span is set to an empty mask
sd_id = cpumask_first(sd_span) sets sd_id == NR_CPUS (because the mask is
empty)
sd->shared = *per_cpu_ptr(sdd->sds, sd_id); sets sd->shared to NULL
because sd_id is out of range
atomic_inc(&sd->shared->ref); crashes without printing anything
We can fix it by calling reset_cpu_topology() from init_cpu_topology() -
this will initialize the sibling masks on CPUs, so that they're not empty.
This patch also removes the variable "dualcores_found", it is useless,
because during boot, init_cpu_topology is called before
store_cpu_topology. Thus, set_sched_topology(parisc_mc_topology) is never
called. We don't need to call it at all because default_topology in
kernel/sched/topology.c contains the same items as parisc_mc_topology.
Note that we should not call store_cpu_topology() from init_per_cpu()
because it is called too early in the kernel initialization process and it
results in the message "Failure to register CPU0 device". Before this
patch, store_cpu_topology() would exit immediatelly because
cpuid_topo->core id was uninitialized and it was 0.
Signed-off-by: Mikulas Patocka <mpatocka@redhat.com>
Cc: stable@vger.kernel.org # v5.18
Signed-off-by: Helge Deller <deller@gmx.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/parisc/kernel/processor.c | 2 --
arch/parisc/kernel/topology.c | 16 +---------------
2 files changed, 1 insertion(+), 17 deletions(-)
diff --git a/arch/parisc/kernel/processor.c b/arch/parisc/kernel/processor.c
index 26eb568f8b96..dddaaa6e7a82 100644
--- a/arch/parisc/kernel/processor.c
+++ b/arch/parisc/kernel/processor.c
@@ -327,8 +327,6 @@ int init_per_cpu(int cpunum)
set_firmware_width();
ret = pdc_coproc_cfg(&coproc_cfg);
- store_cpu_topology(cpunum);
-
if(ret >= 0 && coproc_cfg.ccr_functional) {
mtctl(coproc_cfg.ccr_functional, 10); /* 10 == Coprocessor Control Reg */
diff --git a/arch/parisc/kernel/topology.c b/arch/parisc/kernel/topology.c
index 9696e3cb6a2a..b9d845e314f8 100644
--- a/arch/parisc/kernel/topology.c
+++ b/arch/parisc/kernel/topology.c
@@ -20,8 +20,6 @@
static DEFINE_PER_CPU(struct cpu, cpu_devices);
-static int dualcores_found;
-
/*
* store_cpu_topology is called at boot when only one cpu is running
* and with the mutex cpu_hotplug.lock locked, when several cpus have booted,
@@ -60,7 +58,6 @@ void store_cpu_topology(unsigned int cpuid)
if (p->cpu_loc) {
cpuid_topo->core_id++;
cpuid_topo->package_id = cpu_topology[cpu].package_id;
- dualcores_found = 1;
continue;
}
}
@@ -80,22 +77,11 @@ void store_cpu_topology(unsigned int cpuid)
cpu_topology[cpuid].package_id);
}
-static struct sched_domain_topology_level parisc_mc_topology[] = {
-#ifdef CONFIG_SCHED_MC
- { cpu_coregroup_mask, cpu_core_flags, SD_INIT_NAME(MC) },
-#endif
-
- { cpu_cpu_mask, SD_INIT_NAME(DIE) },
- { NULL, },
-};
-
/*
* init_cpu_topology is called at boot when only one cpu is running
* which prevent simultaneous write access to cpu_topology array
*/
void __init init_cpu_topology(void)
{
- /* Set scheduler topology descriptor */
- if (dualcores_found)
- set_sched_topology(parisc_mc_topology);
+ reset_cpu_topology();
}
--
2.36.1
^ permalink raw reply related [flat|nested] 898+ messages in thread
* [PATCH 5.18 004/879] parisc/stifb: Implement fb_is_primary_device()
2022-06-07 16:51 [PATCH 5.18 000/879] 5.18.3-rc1 review Greg Kroah-Hartman
` (2 preceding siblings ...)
2022-06-07 16:52 ` [PATCH 5.18 003/879] parisc: fix a crash with multicore scheduler Greg Kroah-Hartman
@ 2022-06-07 16:52 ` Greg Kroah-Hartman
2022-06-07 16:52 ` [PATCH 5.18 005/879] parisc/stifb: Keep track of hardware path of graphics card Greg Kroah-Hartman
` (884 subsequent siblings)
888 siblings, 0 replies; 898+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:52 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Helge Deller
From: Helge Deller <deller@gmx.de>
commit cf936af790a3ef5f41ff687ec91bfbffee141278 upstream.
Implement fb_is_primary_device() function, so that fbcon detects if this
framebuffer belongs to the default graphics card which was used to start
the system.
Signed-off-by: Helge Deller <deller@gmx.de>
Cc: stable@vger.kernel.org # v5.10+
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/parisc/include/asm/fb.h | 4 ++++
drivers/video/console/sticore.c | 17 +++++++++++++++++
drivers/video/fbdev/stifb.c | 4 ++--
3 files changed, 23 insertions(+), 2 deletions(-)
--- a/arch/parisc/include/asm/fb.h
+++ b/arch/parisc/include/asm/fb.h
@@ -12,9 +12,13 @@ static inline void fb_pgprotect(struct f
pgprot_val(vma->vm_page_prot) |= _PAGE_NO_CACHE;
}
+#if defined(CONFIG_STI_CONSOLE) || defined(CONFIG_FB_STI)
+int fb_is_primary_device(struct fb_info *info);
+#else
static inline int fb_is_primary_device(struct fb_info *info)
{
return 0;
}
+#endif
#endif /* _ASM_FB_H_ */
--- a/drivers/video/console/sticore.c
+++ b/drivers/video/console/sticore.c
@@ -30,6 +30,7 @@
#include <asm/pdc.h>
#include <asm/cacheflush.h>
#include <asm/grfioctl.h>
+#include <asm/fb.h>
#include "../fbdev/sticore.h"
@@ -1127,6 +1128,22 @@ int sti_call(const struct sti_struct *st
return ret;
}
+/* check if given fb_info is the primary device */
+int fb_is_primary_device(struct fb_info *info)
+{
+ struct sti_struct *sti;
+
+ sti = sti_get_rom(0);
+
+ /* if no built-in graphics card found, allow any fb driver as default */
+ if (!sti)
+ return true;
+
+ /* return true if it's the default built-in framebuffer driver */
+ return (sti->info == info);
+}
+EXPORT_SYMBOL(fb_is_primary_device);
+
MODULE_AUTHOR("Philipp Rumpf, Helge Deller, Thomas Bogendoerfer");
MODULE_DESCRIPTION("Core STI driver for HP's NGLE series graphics cards in HP PARISC machines");
MODULE_LICENSE("GPL v2");
--- a/drivers/video/fbdev/stifb.c
+++ b/drivers/video/fbdev/stifb.c
@@ -1358,11 +1358,11 @@ static int __init stifb_init_fb(struct s
goto out_err3;
}
+ /* save for primary gfx device detection & unregister_framebuffer() */
+ sti->info = info;
if (register_framebuffer(&fb->info) < 0)
goto out_err4;
- sti->info = info; /* save for unregister_framebuffer() */
-
fb_info(&fb->info, "%s %dx%d-%d frame buffer device, %s, id: %04x, mmio: 0x%04lx\n",
fix->id,
var->xres,
^ permalink raw reply [flat|nested] 898+ messages in thread
* [PATCH 5.18 005/879] parisc/stifb: Keep track of hardware path of graphics card
2022-06-07 16:51 [PATCH 5.18 000/879] 5.18.3-rc1 review Greg Kroah-Hartman
` (3 preceding siblings ...)
2022-06-07 16:52 ` [PATCH 5.18 004/879] parisc/stifb: Implement fb_is_primary_device() Greg Kroah-Hartman
@ 2022-06-07 16:52 ` Greg Kroah-Hartman
2022-06-07 16:52 ` [PATCH 5.18 006/879] RISC-V: Mark IORESOURCE_EXCLUSIVE for reserved mem instead of IORESOURCE_BUSY Greg Kroah-Hartman
` (883 subsequent siblings)
888 siblings, 0 replies; 898+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:52 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Helge Deller
From: Helge Deller <deller@gmx.de>
commit b046f984814af7985f444150ec28716d42d00d9a upstream.
Keep the pa_path (hardware path) of the graphics card in sti_struct and use
this info to give more useful info which card is currently being used.
Signed-off-by: Helge Deller <deller@gmx.de>
Cc: stable@vger.kernel.org # v5.10+
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/video/console/sticon.c | 5 ++++-
drivers/video/console/sticore.c | 15 +++++++--------
drivers/video/fbdev/sticore.h | 3 +++
3 files changed, 14 insertions(+), 9 deletions(-)
--- a/drivers/video/console/sticon.c
+++ b/drivers/video/console/sticon.c
@@ -46,6 +46,7 @@
#include <linux/slab.h>
#include <linux/font.h>
#include <linux/crc32.h>
+#include <linux/fb.h>
#include <asm/io.h>
@@ -392,7 +393,9 @@ static int __init sticonsole_init(void)
for (i = 0; i < MAX_NR_CONSOLES; i++)
font_data[i] = STI_DEF_FONT;
- pr_info("sticon: Initializing STI text console.\n");
+ pr_info("sticon: Initializing STI text console on %s at [%s]\n",
+ sticon_sti->sti_data->inq_outptr.dev_name,
+ sticon_sti->pa_path);
console_lock();
err = do_take_over_console(&sti_con, 0, MAX_NR_CONSOLES - 1,
PAGE0->mem_cons.cl_class != CL_DUPLEX);
--- a/drivers/video/console/sticore.c
+++ b/drivers/video/console/sticore.c
@@ -34,7 +34,7 @@
#include "../fbdev/sticore.h"
-#define STI_DRIVERVERSION "Version 0.9b"
+#define STI_DRIVERVERSION "Version 0.9c"
static struct sti_struct *default_sti __read_mostly;
@@ -503,7 +503,7 @@ sti_select_fbfont(struct sti_cooked_rom
if (!fbfont)
return NULL;
- pr_info("STI selected %ux%u framebuffer font %s for sticon\n",
+ pr_info(" using %ux%u framebuffer font %s\n",
fbfont->width, fbfont->height, fbfont->name);
bpc = ((fbfont->width+7)/8) * fbfont->height;
@@ -947,6 +947,7 @@ out_err:
static void sticore_check_for_default_sti(struct sti_struct *sti, char *path)
{
+ pr_info(" located at [%s]\n", sti->pa_path);
if (strcmp (path, default_sti_path) == 0)
default_sti = sti;
}
@@ -958,7 +959,6 @@ static void sticore_check_for_default_st
*/
static int __init sticore_pa_init(struct parisc_device *dev)
{
- char pa_path[21];
struct sti_struct *sti = NULL;
int hpa = dev->hpa.start;
@@ -971,8 +971,8 @@ static int __init sticore_pa_init(struct
if (!sti)
return 1;
- print_pa_hwpath(dev, pa_path);
- sticore_check_for_default_sti(sti, pa_path);
+ print_pa_hwpath(dev, sti->pa_path);
+ sticore_check_for_default_sti(sti, sti->pa_path);
return 0;
}
@@ -1008,9 +1008,8 @@ static int sticore_pci_init(struct pci_d
sti = sti_try_rom_generic(rom_base, fb_base, pd);
if (sti) {
- char pa_path[30];
- print_pci_hwpath(pd, pa_path);
- sticore_check_for_default_sti(sti, pa_path);
+ print_pci_hwpath(pd, sti->pa_path);
+ sticore_check_for_default_sti(sti, sti->pa_path);
}
if (!sti) {
--- a/drivers/video/fbdev/sticore.h
+++ b/drivers/video/fbdev/sticore.h
@@ -370,6 +370,9 @@ struct sti_struct {
/* pointer to all internal data */
struct sti_all_data *sti_data;
+
+ /* pa_path of this device */
+ char pa_path[24];
};
^ permalink raw reply [flat|nested] 898+ messages in thread
* [PATCH 5.18 006/879] RISC-V: Mark IORESOURCE_EXCLUSIVE for reserved mem instead of IORESOURCE_BUSY
2022-06-07 16:51 [PATCH 5.18 000/879] 5.18.3-rc1 review Greg Kroah-Hartman
` (4 preceding siblings ...)
2022-06-07 16:52 ` [PATCH 5.18 005/879] parisc/stifb: Keep track of hardware path of graphics card Greg Kroah-Hartman
@ 2022-06-07 16:52 ` Greg Kroah-Hartman
2022-06-07 16:52 ` [PATCH 5.18 007/879] riscv: Initialize thread pointer before calling C functions Greg Kroah-Hartman
` (882 subsequent siblings)
888 siblings, 0 replies; 898+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:52 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Huaming Jiang, Guo Ren,
Heiko Stuebner, Xianting Tian, Palmer Dabbelt, Nick Kossifidis
From: Xianting Tian <xianting.tian@linux.alibaba.com>
commit e61bf5c071148c80d091f8e7220b3b9130780ae3 upstream.
Commit 00ab027a3b82 ("RISC-V: Add kernel image sections to the resource tree")
marked IORESOURCE_BUSY for reserved memory, which caused resource map
failed in subsequent operations of related driver, so remove the
IORESOURCE_BUSY flag. In order to prohibit userland mapping reserved
memory, mark IORESOURCE_EXCLUSIVE for it.
The code to reproduce the issue,
dts:
mem0: memory@a0000000 {
reg = <0x0 0xa0000000 0 0x1000000>;
no-map;
};
&test {
status = "okay";
memory-region = <&mem0>;
};
code:
np = of_parse_phandle(pdev->dev.of_node, "memory-region", 0);
ret = of_address_to_resource(np, 0, &r);
base = devm_ioremap_resource(&pdev->dev, &r);
// base = -EBUSY
Fixes: 00ab027a3b82 ("RISC-V: Add kernel image sections to the resource tree")
Reported-by: Huaming Jiang <jianghuaming.jhm@alibaba-inc.com>
Reviewed-by: Guo Ren <guoren@kernel.org>
Reviewed-by: Heiko Stuebner <heiko@sntech.de>
Tested-by: Heiko Stuebner <heiko@sntech.de>
Co-developed-by: Nick Kossifidis <mick@ics.forth.gr>
Signed-off-by: Xianting Tian <xianting.tian@linux.alibaba.com>
Link: https://lore.kernel.org/r/20220518013428.1338983-1-xianting.tian@linux.alibaba.com
Cc: stable@vger.kernel.org
Signed-off-by: Palmer Dabbelt <palmer@rivosinc.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/riscv/kernel/setup.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/arch/riscv/kernel/setup.c
+++ b/arch/riscv/kernel/setup.c
@@ -189,7 +189,7 @@ static void __init init_resources(void)
res = &mem_res[res_idx--];
res->name = "Reserved";
- res->flags = IORESOURCE_MEM | IORESOURCE_BUSY;
+ res->flags = IORESOURCE_MEM | IORESOURCE_EXCLUSIVE;
res->start = __pfn_to_phys(memblock_region_reserved_base_pfn(region));
res->end = __pfn_to_phys(memblock_region_reserved_end_pfn(region)) - 1;
@@ -214,7 +214,7 @@ static void __init init_resources(void)
if (unlikely(memblock_is_nomap(region))) {
res->name = "Reserved";
- res->flags = IORESOURCE_MEM | IORESOURCE_BUSY;
+ res->flags = IORESOURCE_MEM | IORESOURCE_EXCLUSIVE;
} else {
res->name = "System RAM";
res->flags = IORESOURCE_SYSTEM_RAM | IORESOURCE_BUSY;
^ permalink raw reply [flat|nested] 898+ messages in thread
* [PATCH 5.18 007/879] riscv: Initialize thread pointer before calling C functions
2022-06-07 16:51 [PATCH 5.18 000/879] 5.18.3-rc1 review Greg Kroah-Hartman
` (5 preceding siblings ...)
2022-06-07 16:52 ` [PATCH 5.18 006/879] RISC-V: Mark IORESOURCE_EXCLUSIVE for reserved mem instead of IORESOURCE_BUSY Greg Kroah-Hartman
@ 2022-06-07 16:52 ` Greg Kroah-Hartman
2022-06-07 16:52 ` [PATCH 5.18 008/879] riscv: Fix irq_work when SMP is disabled Greg Kroah-Hartman
` (881 subsequent siblings)
888 siblings, 0 replies; 898+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:52 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Alexandre Ghiti, Palmer Dabbelt
From: Alexandre Ghiti <alexandre.ghiti@canonical.com>
commit 35d33c76d68dfacc330a8eb477b51cc647c5a847 upstream.
Because of the stack canary feature that reads from the current task
structure the stack canary value, the thread pointer register "tp" must
be set before calling any C function from head.S: by chance, setup_vm
and all the functions that it calls does not seem to be part of the
functions where the canary check is done, but in the following commits,
some functions will.
Fixes: f2c9699f65557a31 ("riscv: Add STACKPROTECTOR supported")
Signed-off-by: Alexandre Ghiti <alexandre.ghiti@canonical.com>
Cc: stable@vger.kernel.org
Signed-off-by: Palmer Dabbelt <palmer@rivosinc.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/riscv/kernel/head.S | 1 +
1 file changed, 1 insertion(+)
--- a/arch/riscv/kernel/head.S
+++ b/arch/riscv/kernel/head.S
@@ -297,6 +297,7 @@ clear_bss_done:
REG_S a0, (a2)
/* Initialize page tables and relocate to virtual addresses */
+ la tp, init_task
la sp, init_thread_union + THREAD_SIZE
XIP_FIXUP_OFFSET sp
#ifdef CONFIG_BUILTIN_DTB
^ permalink raw reply [flat|nested] 898+ messages in thread
* [PATCH 5.18 008/879] riscv: Fix irq_work when SMP is disabled
2022-06-07 16:51 [PATCH 5.18 000/879] 5.18.3-rc1 review Greg Kroah-Hartman
` (6 preceding siblings ...)
2022-06-07 16:52 ` [PATCH 5.18 007/879] riscv: Initialize thread pointer before calling C functions Greg Kroah-Hartman
@ 2022-06-07 16:52 ` Greg Kroah-Hartman
2022-06-07 16:52 ` [PATCH 5.18 009/879] riscv: Wire up memfd_secret in UAPI header Greg Kroah-Hartman
` (880 subsequent siblings)
888 siblings, 0 replies; 898+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:52 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Samuel Holland, Heiko Stuebner,
Palmer Dabbelt
From: Samuel Holland <samuel@sholland.org>
commit 2273272823db6f67d57761df8116ae32e7f05bed upstream.
irq_work is triggered via an IPI, but the IPI infrastructure is not
included in uniprocessor kernels. As a result, irq_work never runs.
Fall back to the tick-based irq_work implementation on uniprocessor
configurations.
Fixes: 298447928bb1 ("riscv: Support irq_work via self IPIs")
Signed-off-by: Samuel Holland <samuel@sholland.org>
Reviewed-by: Heiko Stuebner <heiko@sntech.de>
Link: https://lore.kernel.org/r/20220430030025.58405-1-samuel@sholland.org
Cc: stable@vger.kernel.org
Signed-off-by: Palmer Dabbelt <palmer@rivosinc.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/riscv/include/asm/irq_work.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/arch/riscv/include/asm/irq_work.h
+++ b/arch/riscv/include/asm/irq_work.h
@@ -4,7 +4,7 @@
static inline bool arch_irq_work_has_interrupt(void)
{
- return true;
+ return IS_ENABLED(CONFIG_SMP);
}
extern void arch_irq_work_raise(void);
#endif /* _ASM_RISCV_IRQ_WORK_H */
^ permalink raw reply [flat|nested] 898+ messages in thread
* [PATCH 5.18 009/879] riscv: Wire up memfd_secret in UAPI header
2022-06-07 16:51 [PATCH 5.18 000/879] 5.18.3-rc1 review Greg Kroah-Hartman
` (7 preceding siblings ...)
2022-06-07 16:52 ` [PATCH 5.18 008/879] riscv: Fix irq_work when SMP is disabled Greg Kroah-Hartman
@ 2022-06-07 16:52 ` Greg Kroah-Hartman
2022-06-07 16:52 ` [PATCH 5.18 010/879] riscv: Move alternative length validation into subsection Greg Kroah-Hartman
` (879 subsequent siblings)
888 siblings, 0 replies; 898+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:52 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Tobias Klauser, Palmer Dabbelt
From: Tobias Klauser <tklauser@distanz.ch>
commit 02d88b40cb2e9614e0117c3385afdce878f0d377 upstream.
Move the __ARCH_WANT_MEMFD_SECRET define added in commit 7bb7f2ac24a0
("arch, mm: wire up memfd_secret system call where relevant") to
<uapi/asm/unistd.h> so __NR_memfd_secret is defined when including
<unistd.h> in userspace.
This allows the memfd_secret selftest to pass on riscv.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
Link: https://lore.kernel.org/r/20220505081815.22808-1-tklauser@distanz.ch
Fixes: 7bb7f2ac24a0 ("arch, mm: wire up memfd_secret system call where relevant")
Cc: stable@vger.kernel.org
Signed-off-by: Palmer Dabbelt <palmer@rivosinc.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/riscv/include/asm/unistd.h | 1 -
arch/riscv/include/uapi/asm/unistd.h | 1 +
2 files changed, 1 insertion(+), 1 deletion(-)
--- a/arch/riscv/include/asm/unistd.h
+++ b/arch/riscv/include/asm/unistd.h
@@ -9,7 +9,6 @@
*/
#define __ARCH_WANT_SYS_CLONE
-#define __ARCH_WANT_MEMFD_SECRET
#include <uapi/asm/unistd.h>
--- a/arch/riscv/include/uapi/asm/unistd.h
+++ b/arch/riscv/include/uapi/asm/unistd.h
@@ -21,6 +21,7 @@
#endif /* __LP64__ */
#define __ARCH_WANT_SYS_CLONE3
+#define __ARCH_WANT_MEMFD_SECRET
#include <asm-generic/unistd.h>
^ permalink raw reply [flat|nested] 898+ messages in thread
* [PATCH 5.18 010/879] riscv: Move alternative length validation into subsection
2022-06-07 16:51 [PATCH 5.18 000/879] 5.18.3-rc1 review Greg Kroah-Hartman
` (8 preceding siblings ...)
2022-06-07 16:52 ` [PATCH 5.18 009/879] riscv: Wire up memfd_secret in UAPI header Greg Kroah-Hartman
@ 2022-06-07 16:52 ` Greg Kroah-Hartman
2022-06-07 16:52 ` [PATCH 5.18 011/879] ALSA: hda/realtek - Add new type for ALC245 Greg Kroah-Hartman
` (878 subsequent siblings)
888 siblings, 0 replies; 898+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:52 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, kernel test robot, Nathan Chancellor,
Heiko Stuebner, Palmer Dabbelt
From: Nathan Chancellor <nathan@kernel.org>
commit 61114e734ccb804bc12561ab4020745e02c468c2 upstream.
After commit 49b290e430d3 ("riscv: prevent compressed instructions in
alternatives"), builds with LLVM's integrated assembler fail:
In file included from arch/riscv/mm/init.c:10:
In file included from ./include/linux/mm.h:29:
In file included from ./include/linux/pgtable.h:6:
In file included from ./arch/riscv/include/asm/pgtable.h:108:
./arch/riscv/include/asm/tlbflush.h:23:2: error: expected assembly-time absolute expression
ALT_FLUSH_TLB_PAGE(__asm__ __volatile__ ("sfence.vma %0" : : "r" (addr) : "memory"));
^
./arch/riscv/include/asm/errata_list.h:33:5: note: expanded from macro 'ALT_FLUSH_TLB_PAGE'
asm(ALTERNATIVE("sfence.vma %0", "sfence.vma", SIFIVE_VENDOR_ID, \
^
./arch/riscv/include/asm/alternative-macros.h:187:2: note: expanded from macro 'ALTERNATIVE'
_ALTERNATIVE_CFG(old_content, new_content, vendor_id, errata_id, CONFIG_k)
^
./arch/riscv/include/asm/alternative-macros.h:113:2: note: expanded from macro '_ALTERNATIVE_CFG'
__ALTERNATIVE_CFG(old_c, new_c, vendor_id, errata_id, IS_ENABLED(CONFIG_k))
^
./arch/riscv/include/asm/alternative-macros.h:110:2: note: expanded from macro '__ALTERNATIVE_CFG'
ALT_NEW_CONTENT(vendor_id, errata_id, enable, new_c)
^
./arch/riscv/include/asm/alternative-macros.h:99:3: note: expanded from macro 'ALT_NEW_CONTENT'
".org . - (889b - 888b) + (887b - 886b)\n" \
^
<inline asm>:26:6: note: instantiated into assembly here
.org . - (889b - 888b) + (887b - 886b)
^
This error happens because LLVM's integrated assembler has a one-pass
design, which means it cannot figure out the instruction lengths when
the .org directive is outside of the subsection that contains the
instructions, which was changed by the .option directives added by the
above change.
Move the .org directives before the .previous directive so that these
directives are always within the same subsection, which resolves the
failures and does not introduce any new issues with GNU as. This was
done for arm64 in commit 966a0acce2fc ("arm64/alternatives: move length
validation inside the subsection") and commit 22315a2296f4 ("arm64:
alternatives: Move length validation in alternative_{insn, endif}").
While there is no error from the assembly versions of the macro, they
appear to have the same problem so just make the same change there as
well so that there are no problems in the future.
Link: https://github.com/ClangBuiltLinux/linux/issues/1640
Reported-by: kernel test robot <lkp@intel.com>
Signed-off-by: Nathan Chancellor <nathan@kernel.org>
Reviewed-by: Heiko Stuebner <heiko@sntech.de>
Tested-by: Heiko Stuebner <heiko@sntech.de>
Link: https://lore.kernel.org/r/20220516214520.3252074-1-nathan@kernel.org
Cc: stable@vger.kernel.org
Signed-off-by: Palmer Dabbelt <palmer@rivosinc.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/riscv/include/asm/alternative-macros.h | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/arch/riscv/include/asm/alternative-macros.h
+++ b/arch/riscv/include/asm/alternative-macros.h
@@ -23,9 +23,9 @@
888 :
\new_c
889 :
- .previous
.org . - (889b - 888b) + (887b - 886b)
.org . - (887b - 886b) + (889b - 888b)
+ .previous
.endif
.endm
@@ -60,9 +60,9 @@
"888 :\n" \
new_c "\n" \
"889 :\n" \
- ".previous\n" \
".org . - (887b - 886b) + (889b - 888b)\n" \
".org . - (889b - 888b) + (887b - 886b)\n" \
+ ".previous\n" \
".endif\n"
#define __ALTERNATIVE_CFG(old_c, new_c, vendor_id, errata_id, enable) \
^ permalink raw reply [flat|nested] 898+ messages in thread
* [PATCH 5.18 011/879] ALSA: hda/realtek - Add new type for ALC245
2022-06-07 16:51 [PATCH 5.18 000/879] 5.18.3-rc1 review Greg Kroah-Hartman
` (9 preceding siblings ...)
2022-06-07 16:52 ` [PATCH 5.18 010/879] riscv: Move alternative length validation into subsection Greg Kroah-Hartman
@ 2022-06-07 16:52 ` Greg Kroah-Hartman
2022-06-07 16:52 ` [PATCH 5.18 012/879] ALSA: hda/realtek: Enable 4-speaker output for Dell XPS 15 9520 laptop Greg Kroah-Hartman
` (877 subsequent siblings)
888 siblings, 0 replies; 898+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:52 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Kailang Yang, Takashi Iwai
From: Kailang Yang <kailang@realtek.com>
commit 60571929d06b028800f27b51a7c81de1144944cf upstream.
Add new type for ALC245.
Signed-off-by: Kailang Yang <kailang@realtek.com>
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/cef26a7cd3d146eb96a3994ce79e34d2@realtek.com
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
sound/pci/hda/patch_realtek.c | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
--- a/sound/pci/hda/patch_realtek.c
+++ b/sound/pci/hda/patch_realtek.c
@@ -3131,6 +3131,7 @@ enum {
ALC269_TYPE_ALC257,
ALC269_TYPE_ALC215,
ALC269_TYPE_ALC225,
+ ALC269_TYPE_ALC245,
ALC269_TYPE_ALC287,
ALC269_TYPE_ALC294,
ALC269_TYPE_ALC300,
@@ -3168,6 +3169,7 @@ static int alc269_parse_auto_config(stru
case ALC269_TYPE_ALC257:
case ALC269_TYPE_ALC215:
case ALC269_TYPE_ALC225:
+ case ALC269_TYPE_ALC245:
case ALC269_TYPE_ALC287:
case ALC269_TYPE_ALC294:
case ALC269_TYPE_ALC300:
@@ -3695,7 +3697,8 @@ static void alc225_init(struct hda_codec
hda_nid_t hp_pin = alc_get_hp_pin(spec);
bool hp1_pin_sense, hp2_pin_sense;
- if (spec->codec_variant != ALC269_TYPE_ALC287)
+ if (spec->codec_variant != ALC269_TYPE_ALC287 &&
+ spec->codec_variant != ALC269_TYPE_ALC245)
/* required only at boot or S3 and S4 resume time */
if (!spec->done_hp_init ||
is_s3_resume(codec) ||
@@ -10148,7 +10151,10 @@ static int patch_alc269(struct hda_codec
case 0x10ec0245:
case 0x10ec0285:
case 0x10ec0289:
- spec->codec_variant = ALC269_TYPE_ALC215;
+ if (alc_get_coef0(codec) & 0x0010)
+ spec->codec_variant = ALC269_TYPE_ALC245;
+ else
+ spec->codec_variant = ALC269_TYPE_ALC215;
spec->shutup = alc225_shutup;
spec->init_hook = alc225_init;
spec->gen.mixer_nid = 0;
^ permalink raw reply [flat|nested] 898+ messages in thread
* [PATCH 5.18 012/879] ALSA: hda/realtek: Enable 4-speaker output for Dell XPS 15 9520 laptop
2022-06-07 16:51 [PATCH 5.18 000/879] 5.18.3-rc1 review Greg Kroah-Hartman
` (10 preceding siblings ...)
2022-06-07 16:52 ` [PATCH 5.18 011/879] ALSA: hda/realtek - Add new type for ALC245 Greg Kroah-Hartman
@ 2022-06-07 16:52 ` Greg Kroah-Hartman
2022-06-07 16:52 ` [PATCH 5.18 013/879] ALSA: hda/realtek - Fix microphone noise on ASUS TUF B550M-PLUS Greg Kroah-Hartman
` (876 subsequent siblings)
888 siblings, 0 replies; 898+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:52 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Rik van der Kemp, Takashi Iwai
From: Rik van der Kemp <rik@upto11.nl>
commit 15dad62f4bdb5dc0f0efde8181d680db9963544c upstream.
The 2022-model XPS 15 appears to use the same 4-speakers-on-ALC289
audio setup as the Dell XPS 15 9510, so requires the same quirk to
enable woofer output. Tested on my own 9520.
[ Move the entry to the right position in the SSID order -- tiwai ]
BugLink: https://bugzilla.kernel.org/show_bug.cgi?id=216035
Cc: <stable@vger.kernel.org>
Signed-off-by: Rik van der Kemp <rik@upto11.nl>
Link: https://lore.kernel.org/r/181056a137b.d14baf90133058.8425453735588429828@upto11.nl
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
sound/pci/hda/patch_realtek.c | 1 +
1 file changed, 1 insertion(+)
--- a/sound/pci/hda/patch_realtek.c
+++ b/sound/pci/hda/patch_realtek.c
@@ -8957,6 +8957,7 @@ static const struct snd_pci_quirk alc269
SND_PCI_QUIRK(0x1028, 0x0a62, "Dell Precision 5560", ALC289_FIXUP_DUAL_SPK),
SND_PCI_QUIRK(0x1028, 0x0a9d, "Dell Latitude 5430", ALC269_FIXUP_DELL4_MIC_NO_PRESENCE),
SND_PCI_QUIRK(0x1028, 0x0a9e, "Dell Latitude 5430", ALC269_FIXUP_DELL4_MIC_NO_PRESENCE),
+ SND_PCI_QUIRK(0x1028, 0x0b19, "Dell XPS 15 9520", ALC289_FIXUP_DUAL_SPK),
SND_PCI_QUIRK(0x1028, 0x164a, "Dell", ALC293_FIXUP_DELL1_MIC_NO_PRESENCE),
SND_PCI_QUIRK(0x1028, 0x164b, "Dell", ALC293_FIXUP_DELL1_MIC_NO_PRESENCE),
SND_PCI_QUIRK(0x103c, 0x1586, "HP", ALC269_FIXUP_HP_MUTE_LED_MIC2),
^ permalink raw reply [flat|nested] 898+ messages in thread
* [PATCH 5.18 013/879] ALSA: hda/realtek - Fix microphone noise on ASUS TUF B550M-PLUS
2022-06-07 16:51 [PATCH 5.18 000/879] 5.18.3-rc1 review Greg Kroah-Hartman
` (11 preceding siblings ...)
2022-06-07 16:52 ` [PATCH 5.18 012/879] ALSA: hda/realtek: Enable 4-speaker output for Dell XPS 15 9520 laptop Greg Kroah-Hartman
@ 2022-06-07 16:52 ` Greg Kroah-Hartman
2022-06-07 16:52 ` [PATCH 5.18 014/879] ALSA: usb-audio: Cancel pending work at closing a MIDI substream Greg Kroah-Hartman
` (875 subsequent siblings)
888 siblings, 0 replies; 898+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:52 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Marios Levogiannis, Takashi Iwai
From: Marios Levogiannis <marios.levogiannis@gmail.com>
commit 9bfa7b36343c7d84370bc61c9ed774635b05e4eb upstream.
Set microphone pins 0x18 (rear) and 0x19 (front) to VREF_50 to fix the
microphone noise on ASUS TUF B550M-PLUS which uses the ALCS1200A codec.
The initial value was VREF_80.
The same issue is also present on Windows using both the default Windows
driver and all tested Realtek drivers before version 6.0.9049.1. Comparing
Realtek driver 6.0.9049.1 (the first one without the microphone noise) to
Realtek driver 6.0.9047.1 (the last one with the microphone noise)
revealed that the fix is the result of setting pins 0x18 and 0x19 to
VREF_50.
This fix may also work for other boards that have been reported to have
the same microphone issue and use the ALC1150 and ALCS1200A codecs, since
these codecs are similar and the fix in the Realtek driver on Windows is
common for both. However, it is currently enabled only for ASUS TUF
B550M-PLUS as this is the only board that could be tested.
Signed-off-by: Marios Levogiannis <marios.levogiannis@gmail.com>
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20220530074131.12258-1-marios.levogiannis@gmail.com
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
sound/pci/hda/patch_realtek.c | 10 ++++++++++
1 file changed, 10 insertions(+)
--- a/sound/pci/hda/patch_realtek.c
+++ b/sound/pci/hda/patch_realtek.c
@@ -1981,6 +1981,7 @@ enum {
ALC1220_FIXUP_CLEVO_PB51ED_PINS,
ALC887_FIXUP_ASUS_AUDIO,
ALC887_FIXUP_ASUS_HMIC,
+ ALCS1200A_FIXUP_MIC_VREF,
};
static void alc889_fixup_coef(struct hda_codec *codec,
@@ -2526,6 +2527,14 @@ static const struct hda_fixup alc882_fix
.chained = true,
.chain_id = ALC887_FIXUP_ASUS_AUDIO,
},
+ [ALCS1200A_FIXUP_MIC_VREF] = {
+ .type = HDA_FIXUP_PINCTLS,
+ .v.pins = (const struct hda_pintbl[]) {
+ { 0x18, PIN_VREF50 }, /* rear mic */
+ { 0x19, PIN_VREF50 }, /* front mic */
+ {}
+ }
+ },
};
static const struct snd_pci_quirk alc882_fixup_tbl[] = {
@@ -2563,6 +2572,7 @@ static const struct snd_pci_quirk alc882
SND_PCI_QUIRK(0x1043, 0x835f, "Asus Eee 1601", ALC888_FIXUP_EEE1601),
SND_PCI_QUIRK(0x1043, 0x84bc, "ASUS ET2700", ALC887_FIXUP_ASUS_BASS),
SND_PCI_QUIRK(0x1043, 0x8691, "ASUS ROG Ranger VIII", ALC882_FIXUP_GPIO3),
+ SND_PCI_QUIRK(0x1043, 0x8797, "ASUS TUF B550M-PLUS", ALCS1200A_FIXUP_MIC_VREF),
SND_PCI_QUIRK(0x104d, 0x9043, "Sony Vaio VGC-LN51JGB", ALC882_FIXUP_NO_PRIMARY_HP),
SND_PCI_QUIRK(0x104d, 0x9044, "Sony VAIO AiO", ALC882_FIXUP_NO_PRIMARY_HP),
SND_PCI_QUIRK(0x104d, 0x9047, "Sony Vaio TT", ALC889_FIXUP_VAIO_TT),
^ permalink raw reply [flat|nested] 898+ messages in thread
* [PATCH 5.18 014/879] ALSA: usb-audio: Cancel pending work at closing a MIDI substream
2022-06-07 16:51 [PATCH 5.18 000/879] 5.18.3-rc1 review Greg Kroah-Hartman
` (12 preceding siblings ...)
2022-06-07 16:52 ` [PATCH 5.18 013/879] ALSA: hda/realtek - Fix microphone noise on ASUS TUF B550M-PLUS Greg Kroah-Hartman
@ 2022-06-07 16:52 ` Greg Kroah-Hartman
2022-06-07 16:52 ` [PATCH 5.18 015/879] USB: serial: pl2303: fix type detection for odd device Greg Kroah-Hartman
` (874 subsequent siblings)
888 siblings, 0 replies; 898+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:52 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, syzbot+6912c9592caca7ca0e7d, Takashi Iwai
From: Takashi Iwai <tiwai@suse.de>
commit 0125de38122f0f66bf61336158d12a1aabfe6425 upstream.
At closing a USB MIDI output substream, there might be still a pending
work, which would eventually access the rawmidi runtime object that is
being released. For fixing the race, make sure to cancel the pending
work at closing.
Reported-by: syzbot+6912c9592caca7ca0e7d@syzkaller.appspotmail.com
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/000000000000e7e75005dfd07cf6@google.com
Link: https://lore.kernel.org/r/20220525131203.11299-1-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
sound/usb/midi.c | 3 +++
1 file changed, 3 insertions(+)
--- a/sound/usb/midi.c
+++ b/sound/usb/midi.c
@@ -1145,6 +1145,9 @@ static int snd_usbmidi_output_open(struc
static int snd_usbmidi_output_close(struct snd_rawmidi_substream *substream)
{
+ struct usbmidi_out_port *port = substream->runtime->private_data;
+
+ cancel_work_sync(&port->ep->work);
return substream_open(substream, 0, 0);
}
^ permalink raw reply [flat|nested] 898+ messages in thread
* [PATCH 5.18 015/879] USB: serial: pl2303: fix type detection for odd device
2022-06-07 16:51 [PATCH 5.18 000/879] 5.18.3-rc1 review Greg Kroah-Hartman
` (13 preceding siblings ...)
2022-06-07 16:52 ` [PATCH 5.18 014/879] ALSA: usb-audio: Cancel pending work at closing a MIDI substream Greg Kroah-Hartman
@ 2022-06-07 16:52 ` Greg Kroah-Hartman
2022-06-07 16:52 ` [PATCH 5.18 016/879] USB: serial: option: add Quectel BG95 modem Greg Kroah-Hartman
` (873 subsequent siblings)
888 siblings, 0 replies; 898+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:52 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Gary van der Merwe, Johan Hovold
From: Johan Hovold <johan@kernel.org>
commit e82e7c6dde91acd6748d672a44dc1980ce239f86 upstream.
At least one pl2303 device has a bcdUSB of 1.0.1 which most likely was
was intended as 1.1.
Allow bcdDevice 1.0.1 but interpret it as 1.1.
Fixes: 1e9faef4d26d ("USB: serial: pl2303: fix HX type detection")
Cc: stable@vger.kernel.org # 5.13
Link: https://lore.kernel.org/linux-usb/CAJixRzqf4a9-ZKZDgWxicc_BpfdZVE9qqGmkiO7xEstOXUbGvQ@mail.gmail.com
Reported-by: Gary van der Merwe <gary.vandermerwe@fnb.co.za>
Link: https://lore.kernel.org/r/20220517161736.13313-1-johan@kernel.org
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/serial/pl2303.c | 3 +++
1 file changed, 3 insertions(+)
--- a/drivers/usb/serial/pl2303.c
+++ b/drivers/usb/serial/pl2303.c
@@ -421,6 +421,9 @@ static int pl2303_detect_type(struct usb
bcdUSB = le16_to_cpu(desc->bcdUSB);
switch (bcdUSB) {
+ case 0x101:
+ /* USB 1.0.1? Let's assume they meant 1.1... */
+ fallthrough;
case 0x110:
switch (bcdDevice) {
case 0x300:
^ permalink raw reply [flat|nested] 898+ messages in thread
* [PATCH 5.18 016/879] USB: serial: option: add Quectel BG95 modem
2022-06-07 16:51 [PATCH 5.18 000/879] 5.18.3-rc1 review Greg Kroah-Hartman
` (14 preceding siblings ...)
2022-06-07 16:52 ` [PATCH 5.18 015/879] USB: serial: pl2303: fix type detection for odd device Greg Kroah-Hartman
@ 2022-06-07 16:52 ` Greg Kroah-Hartman
2022-06-07 16:52 ` [PATCH 5.18 017/879] USB: new quirk for Dell Gen 2 devices Greg Kroah-Hartman
` (872 subsequent siblings)
888 siblings, 0 replies; 898+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:52 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Carl Yin, Johan Hovold
From: Carl Yin(殷张成) <carl.yin@quectel.com>
commit 33b7af2f459df453feb0d44628d820c47fefe7a8 upstream.
The BG95 modem has 3 USB configurations that are configurable via the AT
command AT+QCFGEXT="usbnet",["ecm"|"modem"|"rmnet"] which make the modem
enumerate with the following interfaces, respectively:
"modem": Diag + GNSS + Modem + Modem
"ecm" : Diag + GNSS + Modem + ECM
"rmnet": Diag + GNSS + Modem + QMI
Don't support Full QMI messages (e.g WDS_START_NETWORK_INTERFACE)
A detailed description of the USB configuration for each mode follows:
+QCFGEXT: "usbnet","modem"
--------------------------
T: Bus=01 Lev=02 Prnt=02 Port=01 Cnt=01 Dev#= 3 Spd=480 MxCh= 0
D: Ver= 2.00 Cls=00(>ifc ) Sub=00 Prot=00 MxPS=64 #Cfgs= 1
P: Vendor=2c7c ProdID=0700 Rev= 0.00
S: Manufacturer=Quectel, Incorporated
S: Product=Quectel LPWA Module
S: SerialNumber=884328a2
C:* #Ifs= 4 Cfg#= 1 Atr=e0 MxPwr=500mA
I:* If#= 0 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=ff Driver=option
E: Ad=81(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=01(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
I:* If#= 1 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=ff Driver=option
E: Ad=82(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=02(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
I:* If#= 2 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=ff Driver=option
E: Ad=83(I) Atr=03(Int.) MxPS= 64 Ivl=2ms
E: Ad=84(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=03(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
I:* If#= 4 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=fe Prot=ff Driver=option
E: Ad=85(I) Atr=03(Int.) MxPS= 64 Ivl=2ms
E: Ad=86(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=04(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
+QCFGEXT: "usbnet","ecm"
------------------------
T: Bus=01 Lev=02 Prnt=02 Port=01 Cnt=01 Dev#= 4 Spd=480 MxCh= 0
D: Ver= 2.00 Cls=ef(misc ) Sub=02 Prot=01 MxPS=64 #Cfgs= 1
P: Vendor=2c7c ProdID=0700 Rev= 0.00
S: Manufacturer=Quectel, Incorporated
S: Product=Quectel LPWA Module
S: SerialNumber=884328a2
C:* #Ifs= 5 Cfg#= 1 Atr=e0 MxPwr=500mA
A: FirstIf#= 3 IfCount= 2 Cls=02(comm.) Sub=00 Prot=00
I:* If#= 0 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=ff Driver=option
E: Ad=81(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=01(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
I:* If#= 1 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=ff Driver=option
E: Ad=82(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=02(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
I:* If#= 2 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=ff Driver=option
E: Ad=83(I) Atr=03(Int.) MxPS= 64 Ivl=2ms
E: Ad=84(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=03(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
I:* If#= 3 Alt= 0 #EPs= 1 Cls=02(comm.) Sub=06 Prot=00 Driver=cdc_ether
E: Ad=85(I) Atr=03(Int.) MxPS= 64 Ivl=2ms
I: If#= 4 Alt= 0 #EPs= 0 Cls=0a(data ) Sub=00 Prot=00 Driver=cdc_ether
I:* If#= 4 Alt= 1 #EPs= 2 Cls=0a(data ) Sub=00 Prot=00 Driver=cdc_ether
E: Ad=86(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=04(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
+QCFGEXT: "usbnet","rmnet"
--------------------------
T: Bus=01 Lev=02 Prnt=02 Port=01 Cnt=01 Dev#= 4 Spd=480 MxCh= 0
D: Ver= 2.00 Cls=00(>ifc ) Sub=00 Prot=00 MxPS=64 #Cfgs= 1
P: Vendor=2c7c ProdID=0700 Rev= 0.00
S: Manufacturer=Quectel, Incorporated
S: Product=Quectel LPWA Module
S: SerialNumber=884328a2
C:* #Ifs= 4 Cfg#= 1 Atr=e0 MxPwr=500mA
I:* If#= 0 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=ff Driver=option
E: Ad=81(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=01(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
I:* If#= 1 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=ff Driver=option
E: Ad=82(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=02(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
I:* If#= 2 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=ff Driver=option
E: Ad=83(I) Atr=03(Int.) MxPS= 64 Ivl=2ms
E: Ad=84(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=03(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
I:* If#= 3 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=ff Driver=qmi_wwan
E: Ad=85(I) Atr=03(Int.) MxPS= 64 Ivl=2ms
E: Ad=86(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=04(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
Signed-off-by: Carl Yin <carl.yin@quectel.com>
Cc: stable@vger.kernel.org
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/serial/option.c | 2 ++
1 file changed, 2 insertions(+)
--- a/drivers/usb/serial/option.c
+++ b/drivers/usb/serial/option.c
@@ -1137,6 +1137,8 @@ static const struct usb_device_id option
{ USB_DEVICE_AND_INTERFACE_INFO(QUECTEL_VENDOR_ID, QUECTEL_PRODUCT_EM12, 0xff, 0, 0) },
{ USB_DEVICE_AND_INTERFACE_INFO(QUECTEL_VENDOR_ID, 0x0620, 0xff, 0xff, 0x30) }, /* EM160R-GL */
{ USB_DEVICE_AND_INTERFACE_INFO(QUECTEL_VENDOR_ID, 0x0620, 0xff, 0, 0) },
+ { USB_DEVICE_INTERFACE_CLASS(QUECTEL_VENDOR_ID, 0x0700, 0xff), /* BG95 */
+ .driver_info = RSVD(3) | ZLP },
{ USB_DEVICE_AND_INTERFACE_INFO(QUECTEL_VENDOR_ID, QUECTEL_PRODUCT_RM500Q, 0xff, 0xff, 0x30) },
{ USB_DEVICE_AND_INTERFACE_INFO(QUECTEL_VENDOR_ID, QUECTEL_PRODUCT_RM500Q, 0xff, 0, 0) },
{ USB_DEVICE_AND_INTERFACE_INFO(QUECTEL_VENDOR_ID, QUECTEL_PRODUCT_RM500Q, 0xff, 0xff, 0x10),
^ permalink raw reply [flat|nested] 898+ messages in thread
* [PATCH 5.18 017/879] USB: new quirk for Dell Gen 2 devices
2022-06-07 16:51 [PATCH 5.18 000/879] 5.18.3-rc1 review Greg Kroah-Hartman
` (15 preceding siblings ...)
2022-06-07 16:52 ` [PATCH 5.18 016/879] USB: serial: option: add Quectel BG95 modem Greg Kroah-Hartman
@ 2022-06-07 16:52 ` Greg Kroah-Hartman
2022-06-07 16:52 ` [PATCH 5.18 018/879] usb: isp1760: Fix out-of-bounds array access Greg Kroah-Hartman
` (871 subsequent siblings)
888 siblings, 0 replies; 898+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:52 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Monish Kumar R
From: Monish Kumar R <monish.kumar.r@intel.com>
commit 97fa5887cf283bb75ffff5f6b2c0e71794c02400 upstream.
Add USB_QUIRK_NO_LPM and USB_QUIRK_RESET_RESUME quirks for Dell usb gen
2 device to not fail during enumeration.
Found this bug on own testing
Signed-off-by: Monish Kumar R <monish.kumar.r@intel.com>
Cc: stable <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20220520130044.17303-1-monish.kumar.r@intel.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/core/quirks.c | 3 +++
1 file changed, 3 insertions(+)
--- a/drivers/usb/core/quirks.c
+++ b/drivers/usb/core/quirks.c
@@ -510,6 +510,9 @@ static const struct usb_device_id usb_qu
/* DJI CineSSD */
{ USB_DEVICE(0x2ca3, 0x0031), .driver_info = USB_QUIRK_NO_LPM },
+ /* DELL USB GEN2 */
+ { USB_DEVICE(0x413c, 0xb062), .driver_info = USB_QUIRK_NO_LPM | USB_QUIRK_RESET_RESUME },
+
/* VCOM device */
{ USB_DEVICE(0x4296, 0x7570), .driver_info = USB_QUIRK_CONFIG_INTF_STRINGS },
^ permalink raw reply [flat|nested] 898+ messages in thread
* [PATCH 5.18 018/879] usb: isp1760: Fix out-of-bounds array access
2022-06-07 16:51 [PATCH 5.18 000/879] 5.18.3-rc1 review Greg Kroah-Hartman
` (16 preceding siblings ...)
2022-06-07 16:52 ` [PATCH 5.18 017/879] USB: new quirk for Dell Gen 2 devices Greg Kroah-Hartman
@ 2022-06-07 16:52 ` Greg Kroah-Hartman
2022-06-07 16:52 ` [PATCH 5.18 019/879] usb: dwc3: gadget: Move null pinter check to proper place Greg Kroah-Hartman
` (870 subsequent siblings)
888 siblings, 0 replies; 898+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:52 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Rui Miguel Silva, Dietmar Eggemann,
Linus Walleij
From: Linus Walleij <linus.walleij@linaro.org>
commit 26ae2c942b5702f2e43d36b2a4389cfb7d616b6a upstream.
Running the driver through kasan gives an interesting splat:
BUG: KASAN: global-out-of-bounds in isp1760_register+0x180/0x70c
Read of size 20 at addr f1db2e64 by task swapper/0/1
(...)
isp1760_register from isp1760_plat_probe+0x1d8/0x220
(...)
This happens because the loop reading the regmap fields for the
different ISP1760 variants look like this:
for (i = 0; i < HC_FIELD_MAX; i++) { ... }
Meaning it expects the arrays to be at least HC_FIELD_MAX - 1 long.
However the arrays isp1760_hc_reg_fields[], isp1763_hc_reg_fields[],
isp1763_hc_volatile_ranges[] and isp1763_dc_volatile_ranges[] are
dynamically sized during compilation.
Fix this by putting an empty assignment to the [HC_FIELD_MAX]
and [DC_FIELD_MAX] array member at the end of each array.
This will make the array one member longer than it needs to be,
but avoids the risk of overwriting whatever is inside
[HC_FIELD_MAX - 1] and is simple and intuitive to read. Also
add comments explaining what is going on.
Fixes: 1da9e1c06873 ("usb: isp1760: move to regmap for register access")
Cc: stable@vger.kernel.org
Cc: Rui Miguel Silva <rui.silva@linaro.org>
Cc: Dietmar Eggemann <dietmar.eggemann@arm.com>
Reviewed-by: Rui Miguel Silva <rui.silva@linaro.org>
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Link: https://lore.kernel.org/r/20220516091424.391209-1-linus.walleij@linaro.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/isp1760/isp1760-core.c | 8 ++++++++
1 file changed, 8 insertions(+)
--- a/drivers/usb/isp1760/isp1760-core.c
+++ b/drivers/usb/isp1760/isp1760-core.c
@@ -251,6 +251,8 @@ static const struct reg_field isp1760_hc
[HW_DM_PULLDOWN] = REG_FIELD(ISP176x_HC_OTG_CTRL, 2, 2),
[HW_DP_PULLDOWN] = REG_FIELD(ISP176x_HC_OTG_CTRL, 1, 1),
[HW_DP_PULLUP] = REG_FIELD(ISP176x_HC_OTG_CTRL, 0, 0),
+ /* Make sure the array is sized properly during compilation */
+ [HC_FIELD_MAX] = {},
};
static const struct reg_field isp1763_hc_reg_fields[] = {
@@ -321,6 +323,8 @@ static const struct reg_field isp1763_hc
[HW_DM_PULLDOWN_CLEAR] = REG_FIELD(ISP1763_HC_OTG_CTRL_CLEAR, 2, 2),
[HW_DP_PULLDOWN_CLEAR] = REG_FIELD(ISP1763_HC_OTG_CTRL_CLEAR, 1, 1),
[HW_DP_PULLUP_CLEAR] = REG_FIELD(ISP1763_HC_OTG_CTRL_CLEAR, 0, 0),
+ /* Make sure the array is sized properly during compilation */
+ [HC_FIELD_MAX] = {},
};
static const struct regmap_range isp1763_hc_volatile_ranges[] = {
@@ -405,6 +409,8 @@ static const struct reg_field isp1761_dc
[DC_CHIP_ID_HIGH] = REG_FIELD(ISP176x_DC_CHIPID, 16, 31),
[DC_CHIP_ID_LOW] = REG_FIELD(ISP176x_DC_CHIPID, 0, 15),
[DC_SCRATCH] = REG_FIELD(ISP176x_DC_SCRATCH, 0, 15),
+ /* Make sure the array is sized properly during compilation */
+ [DC_FIELD_MAX] = {},
};
static const struct regmap_range isp1763_dc_volatile_ranges[] = {
@@ -458,6 +464,8 @@ static const struct reg_field isp1763_dc
[DC_CHIP_ID_HIGH] = REG_FIELD(ISP1763_DC_CHIPID_HIGH, 0, 15),
[DC_CHIP_ID_LOW] = REG_FIELD(ISP1763_DC_CHIPID_LOW, 0, 15),
[DC_SCRATCH] = REG_FIELD(ISP1763_DC_SCRATCH, 0, 15),
+ /* Make sure the array is sized properly during compilation */
+ [DC_FIELD_MAX] = {},
};
static const struct regmap_config isp1763_dc_regmap_conf = {
^ permalink raw reply [flat|nested] 898+ messages in thread
* [PATCH 5.18 019/879] usb: dwc3: gadget: Move null pinter check to proper place
2022-06-07 16:51 [PATCH 5.18 000/879] 5.18.3-rc1 review Greg Kroah-Hartman
` (17 preceding siblings ...)
2022-06-07 16:52 ` [PATCH 5.18 018/879] usb: isp1760: Fix out-of-bounds array access Greg Kroah-Hartman
@ 2022-06-07 16:52 ` Greg Kroah-Hartman
2022-06-07 16:52 ` [PATCH 5.18 020/879] usb: core: hcd: Add support for deferring roothub registration Greg Kroah-Hartman
` (869 subsequent siblings)
888 siblings, 0 replies; 898+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:52 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, stable, Albert Wang
From: Albert Wang <albertccwang@google.com>
commit 3c5880745b4439ac64eccdb040e37fc1cc4c5406 upstream.
When dwc3_gadget_ep_cleanup_completed_requests() called to
dwc3_gadget_giveback() where the dwc3 lock is released, other thread is
able to execute. In this situation, usb_ep_disable() gets the chance to
clear endpoint descriptor pointer which leds to the null pointer
dereference problem. So needs to move the null pointer check to a proper
place.
Example call stack:
Thread#1:
dwc3_thread_interrupt()
spin_lock
-> dwc3_process_event_buf()
-> dwc3_process_event_entry()
-> dwc3_endpoint_interrupt()
-> dwc3_gadget_endpoint_trbs_complete()
-> dwc3_gadget_ep_cleanup_completed_requests()
...
-> dwc3_giveback()
spin_unlock
Thread#2 executes
Thread#2:
configfs_composite_disconnect()
-> __composite_disconnect()
-> ffs_func_disable()
-> ffs_func_set_alt()
-> ffs_func_eps_disable()
-> usb_ep_disable()
wait for dwc3 spin_lock
Thread#1 released lock
clear endpoint.desc
Fixes: 26288448120b ("usb: dwc3: gadget: Fix null pointer exception")
Cc: stable <stable@kernel.org>
Signed-off-by: Albert Wang <albertccwang@google.com>
Link: https://lore.kernel.org/r/20220518061315.3359198-1-albertccwang@google.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/dwc3/gadget.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
--- a/drivers/usb/dwc3/gadget.c
+++ b/drivers/usb/dwc3/gadget.c
@@ -3380,14 +3380,14 @@ static bool dwc3_gadget_endpoint_trbs_co
struct dwc3 *dwc = dep->dwc;
bool no_started_trb = true;
- if (!dep->endpoint.desc)
- return no_started_trb;
-
dwc3_gadget_ep_cleanup_completed_requests(dep, event, status);
if (dep->flags & DWC3_EP_END_TRANSFER_PENDING)
goto out;
+ if (!dep->endpoint.desc)
+ return no_started_trb;
+
if (usb_endpoint_xfer_isoc(dep->endpoint.desc) &&
list_empty(&dep->started_list) &&
(list_empty(&dep->pending_list) || status == -EXDEV))
^ permalink raw reply [flat|nested] 898+ messages in thread
* [PATCH 5.18 020/879] usb: core: hcd: Add support for deferring roothub registration
2022-06-07 16:51 [PATCH 5.18 000/879] 5.18.3-rc1 review Greg Kroah-Hartman
` (18 preceding siblings ...)
2022-06-07 16:52 ` [PATCH 5.18 019/879] usb: dwc3: gadget: Move null pinter check to proper place Greg Kroah-Hartman
@ 2022-06-07 16:52 ` Greg Kroah-Hartman
2022-06-07 16:52 ` [PATCH 5.18 021/879] fs/ntfs3: provide block_invalidate_folio to fix memory leak Greg Kroah-Hartman
` (868 subsequent siblings)
888 siblings, 0 replies; 898+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:52 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Mathias Nyman, Chris Chiu,
Alan Stern, Kishon Vijay Abraham I
From: Kishon Vijay Abraham I <kishon@ti.com>
commit a44623d9279086c89f631201d993aa332f7c9e66 upstream.
It has been observed with certain PCIe USB cards (like Inateck connected
to AM64 EVM or J7200 EVM) that as soon as the primary roothub is
registered, port status change is handled even before xHC is running
leading to cold plug USB devices not detected. For such cases, registering
both the root hubs along with the second HCD is required. Add support for
deferring roothub registration in usb_add_hcd(), so that both primary and
secondary roothubs are registered along with the second HCD.
This patch has been added and reverted earier as it triggered a race
in usb device enumeration.
That race is now fixed in 5.16-rc3, and in stable back to 5.4
commit 6cca13de26ee ("usb: hub: Fix locking issues with address0_mutex")
commit 6ae6dc22d2d1 ("usb: hub: Fix usb enumeration issue due to address0
race")
CC: stable@vger.kernel.org # 5.4+
Suggested-by: Mathias Nyman <mathias.nyman@linux.intel.com>
Tested-by: Chris Chiu <chris.chiu@canonical.com>
Acked-by: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Kishon Vijay Abraham I <kishon@ti.com>
Link: https://lore.kernel.org/r/20220510091630.16564-2-kishon@ti.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/core/hcd.c | 29 +++++++++++++++++++++++------
include/linux/usb/hcd.h | 2 ++
2 files changed, 25 insertions(+), 6 deletions(-)
--- a/drivers/usb/core/hcd.c
+++ b/drivers/usb/core/hcd.c
@@ -2816,6 +2816,7 @@ int usb_add_hcd(struct usb_hcd *hcd,
{
int retval;
struct usb_device *rhdev;
+ struct usb_hcd *shared_hcd;
if (!hcd->skip_phy_initialization && usb_hcd_is_primary_hcd(hcd)) {
hcd->phy_roothub = usb_phy_roothub_alloc(hcd->self.sysdev);
@@ -2976,13 +2977,26 @@ int usb_add_hcd(struct usb_hcd *hcd,
goto err_hcd_driver_start;
}
+ /* starting here, usbcore will pay attention to the shared HCD roothub */
+ shared_hcd = hcd->shared_hcd;
+ if (!usb_hcd_is_primary_hcd(hcd) && shared_hcd && HCD_DEFER_RH_REGISTER(shared_hcd)) {
+ retval = register_root_hub(shared_hcd);
+ if (retval != 0)
+ goto err_register_root_hub;
+
+ if (shared_hcd->uses_new_polling && HCD_POLL_RH(shared_hcd))
+ usb_hcd_poll_rh_status(shared_hcd);
+ }
+
/* starting here, usbcore will pay attention to this root hub */
- retval = register_root_hub(hcd);
- if (retval != 0)
- goto err_register_root_hub;
+ if (!HCD_DEFER_RH_REGISTER(hcd)) {
+ retval = register_root_hub(hcd);
+ if (retval != 0)
+ goto err_register_root_hub;
- if (hcd->uses_new_polling && HCD_POLL_RH(hcd))
- usb_hcd_poll_rh_status(hcd);
+ if (hcd->uses_new_polling && HCD_POLL_RH(hcd))
+ usb_hcd_poll_rh_status(hcd);
+ }
return retval;
@@ -3020,6 +3034,7 @@ EXPORT_SYMBOL_GPL(usb_add_hcd);
void usb_remove_hcd(struct usb_hcd *hcd)
{
struct usb_device *rhdev = hcd->self.root_hub;
+ bool rh_registered;
dev_info(hcd->self.controller, "remove, state %x\n", hcd->state);
@@ -3030,6 +3045,7 @@ void usb_remove_hcd(struct usb_hcd *hcd)
dev_dbg(hcd->self.controller, "roothub graceful disconnect\n");
spin_lock_irq (&hcd_root_hub_lock);
+ rh_registered = hcd->rh_registered;
hcd->rh_registered = 0;
spin_unlock_irq (&hcd_root_hub_lock);
@@ -3039,7 +3055,8 @@ void usb_remove_hcd(struct usb_hcd *hcd)
cancel_work_sync(&hcd->died_work);
mutex_lock(&usb_bus_idr_lock);
- usb_disconnect(&rhdev); /* Sets rhdev to NULL */
+ if (rh_registered)
+ usb_disconnect(&rhdev); /* Sets rhdev to NULL */
mutex_unlock(&usb_bus_idr_lock);
/*
--- a/include/linux/usb/hcd.h
+++ b/include/linux/usb/hcd.h
@@ -124,6 +124,7 @@ struct usb_hcd {
#define HCD_FLAG_RH_RUNNING 5 /* root hub is running? */
#define HCD_FLAG_DEAD 6 /* controller has died? */
#define HCD_FLAG_INTF_AUTHORIZED 7 /* authorize interfaces? */
+#define HCD_FLAG_DEFER_RH_REGISTER 8 /* Defer roothub registration */
/* The flags can be tested using these macros; they are likely to
* be slightly faster than test_bit().
@@ -134,6 +135,7 @@ struct usb_hcd {
#define HCD_WAKEUP_PENDING(hcd) ((hcd)->flags & (1U << HCD_FLAG_WAKEUP_PENDING))
#define HCD_RH_RUNNING(hcd) ((hcd)->flags & (1U << HCD_FLAG_RH_RUNNING))
#define HCD_DEAD(hcd) ((hcd)->flags & (1U << HCD_FLAG_DEAD))
+#define HCD_DEFER_RH_REGISTER(hcd) ((hcd)->flags & (1U << HCD_FLAG_DEFER_RH_REGISTER))
/*
* Specifies if interfaces are authorized by default
^ permalink raw reply [flat|nested] 898+ messages in thread
* [PATCH 5.18 021/879] fs/ntfs3: provide block_invalidate_folio to fix memory leak
2022-06-07 16:51 [PATCH 5.18 000/879] 5.18.3-rc1 review Greg Kroah-Hartman
` (19 preceding siblings ...)
2022-06-07 16:52 ` [PATCH 5.18 020/879] usb: core: hcd: Add support for deferring roothub registration Greg Kroah-Hartman
@ 2022-06-07 16:52 ` Greg Kroah-Hartman
2022-06-07 16:52 ` [PATCH 5.18 022/879] fs/ntfs3: Update valid size if -EIOCBQUEUED Greg Kroah-Hartman
` (867 subsequent siblings)
888 siblings, 0 replies; 898+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:52 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, José Luis Lara Carrascal,
Mikulas Patocka, Matthew Wilcox (Oracle),
Namjae Jeon, Konstantin Komarov
From: Mikulas Patocka <mpatocka@redhat.com>
commit 724bbe49c5e427cb077357d72d240a649f2e4054 upstream.
The ntfs3 filesystem lacks the 'invalidate_folio' method and it causes
memory leak. If you write to the filesystem and then unmount it, the
cached written data are not freed and they are permanently leaked.
Fixes: 7ba13abbd31e ("fs: Turn block_invalidatepage into block_invalidate_folio")
Reported-by: José Luis Lara Carrascal <manualinux@yahoo.es>
Signed-off-by: Mikulas Patocka <mpatocka@redhat.com>
Acked-by: Matthew Wilcox (Oracle) <willy@infradead.org>
Reviewed-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Konstantin Komarov <almaz.alexandrovich@paragon-software.com>
Cc: stable@vger.kernel.org # v5.18
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/ntfs3/inode.c | 1 +
1 file changed, 1 insertion(+)
--- a/fs/ntfs3/inode.c
+++ b/fs/ntfs3/inode.c
@@ -1951,6 +1951,7 @@ const struct address_space_operations nt
.direct_IO = ntfs_direct_IO,
.bmap = ntfs_bmap,
.dirty_folio = block_dirty_folio,
+ .invalidate_folio = block_invalidate_folio,
};
const struct address_space_operations ntfs_aops_cmpr = {
^ permalink raw reply [flat|nested] 898+ messages in thread
* [PATCH 5.18 022/879] fs/ntfs3: Update valid size if -EIOCBQUEUED
2022-06-07 16:51 [PATCH 5.18 000/879] 5.18.3-rc1 review Greg Kroah-Hartman
` (20 preceding siblings ...)
2022-06-07 16:52 ` [PATCH 5.18 021/879] fs/ntfs3: provide block_invalidate_folio to fix memory leak Greg Kroah-Hartman
@ 2022-06-07 16:52 ` Greg Kroah-Hartman
2022-06-07 16:52 ` [PATCH 5.18 023/879] fs/ntfs3: Fix fiemap + fix shrink file size (to remove preallocated space) Greg Kroah-Hartman
` (866 subsequent siblings)
888 siblings, 0 replies; 898+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:52 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Konstantin Komarov
From: Konstantin Komarov <almaz.alexandrovich@paragon-software.com>
commit 52e00ea6b26e45fb8159e3b57cdde8d3f9bdd8e9 upstream.
Update valid size if write is still in I/O queue.
Fixes xfstest generic/240
Fixes: 82cae269cfa9 ("fs/ntfs3: Add initialization of super block")
Signed-off-by: Konstantin Komarov <almaz.alexandrovich@paragon-software.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/ntfs3/inode.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
--- a/fs/ntfs3/inode.c
+++ b/fs/ntfs3/inode.c
@@ -757,6 +757,7 @@ static ssize_t ntfs_direct_IO(struct kio
loff_t vbo = iocb->ki_pos;
loff_t end;
int wr = iov_iter_rw(iter) & WRITE;
+ size_t iter_count = iov_iter_count(iter);
loff_t valid;
ssize_t ret;
@@ -770,10 +771,13 @@ static ssize_t ntfs_direct_IO(struct kio
wr ? ntfs_get_block_direct_IO_W
: ntfs_get_block_direct_IO_R);
- if (ret <= 0)
+ if (ret > 0)
+ end = vbo + ret;
+ else if (wr && ret == -EIOCBQUEUED)
+ end = vbo + iter_count;
+ else
goto out;
- end = vbo + ret;
valid = ni->i_valid;
if (wr) {
if (end > valid && !S_ISBLK(inode->i_mode)) {
^ permalink raw reply [flat|nested] 898+ messages in thread
* [PATCH 5.18 023/879] fs/ntfs3: Fix fiemap + fix shrink file size (to remove preallocated space)
2022-06-07 16:51 [PATCH 5.18 000/879] 5.18.3-rc1 review Greg Kroah-Hartman
` (21 preceding siblings ...)
2022-06-07 16:52 ` [PATCH 5.18 022/879] fs/ntfs3: Update valid size if -EIOCBQUEUED Greg Kroah-Hartman
@ 2022-06-07 16:52 ` Greg Kroah-Hartman
2022-06-07 16:52 ` [PATCH 5.18 024/879] fs/ntfs3: Keep preallocated only if option prealloc enabled Greg Kroah-Hartman
` (865 subsequent siblings)
888 siblings, 0 replies; 898+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:52 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Konstantin Komarov
From: Konstantin Komarov <almaz.alexandrovich@paragon-software.com>
commit 3880f2b816a7e4ca889b7e8a42e6c62c5706ed36 upstream.
Two problems:
1. ntfs3_setattr can't truncate preallocated space;
2. if allocated fragment "cross" valid size, then fragment splits into two parts:
- normal part;
- unwritten part (here we must return FIEMAP_EXTENT_LAST).
Before this commit we returned FIEMAP_EXTENT_LAST for whole fragment.
Fixes xfstest generic/092
Fixes: 4342306f0f0d ("fs/ntfs3: Add file operations and implementation")
Signed-off-by: Konstantin Komarov <almaz.alexandrovich@paragon-software.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/ntfs3/file.c | 2 +-
fs/ntfs3/frecord.c | 10 +++++++---
2 files changed, 8 insertions(+), 4 deletions(-)
--- a/fs/ntfs3/file.c
+++ b/fs/ntfs3/file.c
@@ -762,7 +762,7 @@ int ntfs3_setattr(struct user_namespace
}
inode_dio_wait(inode);
- if (attr->ia_size < oldsize)
+ if (attr->ia_size <= oldsize)
err = ntfs_truncate(inode, attr->ia_size);
else if (attr->ia_size > oldsize)
err = ntfs_extend(inode, attr->ia_size, 0, NULL);
--- a/fs/ntfs3/frecord.c
+++ b/fs/ntfs3/frecord.c
@@ -1964,10 +1964,8 @@ int ni_fiemap(struct ntfs_inode *ni, str
vcn += clen;
- if (vbo + bytes >= end) {
+ if (vbo + bytes >= end)
bytes = end - vbo;
- flags |= FIEMAP_EXTENT_LAST;
- }
if (vbo + bytes <= valid) {
;
@@ -1977,6 +1975,9 @@ int ni_fiemap(struct ntfs_inode *ni, str
/* vbo < valid && valid < vbo + bytes */
u64 dlen = valid - vbo;
+ if (vbo + dlen >= end)
+ flags |= FIEMAP_EXTENT_LAST;
+
err = fiemap_fill_next_extent(fieinfo, vbo, lbo, dlen,
flags);
if (err < 0)
@@ -1995,6 +1996,9 @@ int ni_fiemap(struct ntfs_inode *ni, str
flags |= FIEMAP_EXTENT_UNWRITTEN;
}
+ if (vbo + bytes >= end)
+ flags |= FIEMAP_EXTENT_LAST;
+
err = fiemap_fill_next_extent(fieinfo, vbo, lbo, bytes, flags);
if (err < 0)
break;
^ permalink raw reply [flat|nested] 898+ messages in thread
* [PATCH 5.18 024/879] fs/ntfs3: Keep preallocated only if option prealloc enabled
2022-06-07 16:51 [PATCH 5.18 000/879] 5.18.3-rc1 review Greg Kroah-Hartman
` (22 preceding siblings ...)
2022-06-07 16:52 ` [PATCH 5.18 023/879] fs/ntfs3: Fix fiemap + fix shrink file size (to remove preallocated space) Greg Kroah-Hartman
@ 2022-06-07 16:52 ` Greg Kroah-Hartman
2022-06-07 16:52 ` [PATCH 5.18 025/879] fs/ntfs3: Check new size for limits Greg Kroah-Hartman
` (864 subsequent siblings)
888 siblings, 0 replies; 898+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:52 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Ganapathi Kamath, Kari Argillander,
Konstantin Komarov
From: Konstantin Komarov <almaz.alexandrovich@paragon-software.com>
commit e95113ed4d428219e3395044e29f5713fc446720 upstream.
If size of file was reduced, we still kept allocated blocks.
This commit makes ntfs3 work as other fs like btrfs.
Link: https://bugzilla.kernel.org/show_bug.cgi?id=214719
Fixes: 4342306f0f0d ("fs/ntfs3: Add file operations and implementation")
Reported-by: Ganapathi Kamath <hgkamath@hotmail.com>
Tested-by: Ganapathi Kamath <hgkamath@hotmail.com>
Reviewed-by: Kari Argillander <kari.argillander@gmail.com>
Signed-off-by: Konstantin Komarov <almaz.alexandrovich@paragon-software.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/ntfs3/file.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/fs/ntfs3/file.c
+++ b/fs/ntfs3/file.c
@@ -495,7 +495,7 @@ static int ntfs_truncate(struct inode *i
down_write(&ni->file.run_lock);
err = attr_set_size(ni, ATTR_DATA, NULL, 0, &ni->file.run, new_size,
- &new_valid, true, NULL);
+ &new_valid, ni->mi.sbi->options->prealloc, NULL);
up_write(&ni->file.run_lock);
if (new_valid < ni->i_valid)
^ permalink raw reply [flat|nested] 898+ messages in thread
* [PATCH 5.18 025/879] fs/ntfs3: Check new size for limits
2022-06-07 16:51 [PATCH 5.18 000/879] 5.18.3-rc1 review Greg Kroah-Hartman
` (23 preceding siblings ...)
2022-06-07 16:52 ` [PATCH 5.18 024/879] fs/ntfs3: Keep preallocated only if option prealloc enabled Greg Kroah-Hartman
@ 2022-06-07 16:52 ` Greg Kroah-Hartman
2022-06-07 16:52 ` [PATCH 5.18 026/879] fs/ntfs3: In function ntfs_set_acl_ex do not change inode->i_mode if called from function ntfs_init_acl Greg Kroah-Hartman
` (863 subsequent siblings)
888 siblings, 0 replies; 898+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:52 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Kari Argillander, Konstantin Komarov
From: Konstantin Komarov <almaz.alexandrovich@paragon-software.com>
commit 114346978cf61de02832cc3cc68432a3de70fb38 upstream.
We must check size before trying to allocate.
Size can be set for example by "ulimit -f".
Fixes xfstest generic/228
Fixes: 4342306f0f0d ("fs/ntfs3: Add file operations and implementation")
Reviewed-by: Kari Argillander <kari.argillander@gmail.com>
Signed-off-by: Konstantin Komarov <almaz.alexandrovich@paragon-software.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/ntfs3/file.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
--- a/fs/ntfs3/file.c
+++ b/fs/ntfs3/file.c
@@ -662,7 +662,13 @@ static long ntfs_fallocate(struct file *
/*
* Normal file: Allocate clusters, do not change 'valid' size.
*/
- err = ntfs_set_size(inode, max(end, i_size));
+ loff_t new_size = max(end, i_size);
+
+ err = inode_newsize_ok(inode, new_size);
+ if (err)
+ goto out;
+
+ err = ntfs_set_size(inode, new_size);
if (err)
goto out;
^ permalink raw reply [flat|nested] 898+ messages in thread
* [PATCH 5.18 026/879] fs/ntfs3: In function ntfs_set_acl_ex do not change inode->i_mode if called from function ntfs_init_acl
2022-06-07 16:51 [PATCH 5.18 000/879] 5.18.3-rc1 review Greg Kroah-Hartman
` (24 preceding siblings ...)
2022-06-07 16:52 ` [PATCH 5.18 025/879] fs/ntfs3: Check new size for limits Greg Kroah-Hartman
@ 2022-06-07 16:52 ` Greg Kroah-Hartman
2022-06-07 16:52 ` [PATCH 5.18 027/879] fs/ntfs3: Fix some memory leaks in an error handling path of log_replay() Greg Kroah-Hartman
` (862 subsequent siblings)
888 siblings, 0 replies; 898+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:52 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Joe Perches, Konstantin Komarov
From: Konstantin Komarov <almaz.alexandrovich@paragon-software.com>
commit 9186d472ee780fabf74424756c4c00545166157e upstream.
ntfs_init_acl sets mode. ntfs_init_acl calls ntfs_set_acl_ex.
ntfs_set_acl_ex must not change this mode.
Fixes xfstest generic/444
Fixes: be71b5cba2e6 ("fs/ntfs3: Add attrib operations")
Reviewed-by: Joe Perches <joe@perches.com>
Signed-off-by: Konstantin Komarov <almaz.alexandrovich@paragon-software.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/ntfs3/xattr.c | 13 +++++++------
1 file changed, 7 insertions(+), 6 deletions(-)
--- a/fs/ntfs3/xattr.c
+++ b/fs/ntfs3/xattr.c
@@ -541,7 +541,7 @@ struct posix_acl *ntfs_get_acl(struct in
static noinline int ntfs_set_acl_ex(struct user_namespace *mnt_userns,
struct inode *inode, struct posix_acl *acl,
- int type)
+ int type, bool init_acl)
{
const char *name;
size_t size, name_len;
@@ -554,8 +554,9 @@ static noinline int ntfs_set_acl_ex(stru
switch (type) {
case ACL_TYPE_ACCESS:
- if (acl) {
- umode_t mode = inode->i_mode;
+ /* Do not change i_mode if we are in init_acl */
+ if (acl && !init_acl) {
+ umode_t mode;
err = posix_acl_update_mode(mnt_userns, inode, &mode,
&acl);
@@ -616,7 +617,7 @@ out:
int ntfs_set_acl(struct user_namespace *mnt_userns, struct inode *inode,
struct posix_acl *acl, int type)
{
- return ntfs_set_acl_ex(mnt_userns, inode, acl, type);
+ return ntfs_set_acl_ex(mnt_userns, inode, acl, type, false);
}
/*
@@ -636,7 +637,7 @@ int ntfs_init_acl(struct user_namespace
if (default_acl) {
err = ntfs_set_acl_ex(mnt_userns, inode, default_acl,
- ACL_TYPE_DEFAULT);
+ ACL_TYPE_DEFAULT, true);
posix_acl_release(default_acl);
} else {
inode->i_default_acl = NULL;
@@ -647,7 +648,7 @@ int ntfs_init_acl(struct user_namespace
else {
if (!err)
err = ntfs_set_acl_ex(mnt_userns, inode, acl,
- ACL_TYPE_ACCESS);
+ ACL_TYPE_ACCESS, true);
posix_acl_release(acl);
}
^ permalink raw reply [flat|nested] 898+ messages in thread
* [PATCH 5.18 027/879] fs/ntfs3: Fix some memory leaks in an error handling path of log_replay()
2022-06-07 16:51 [PATCH 5.18 000/879] 5.18.3-rc1 review Greg Kroah-Hartman
` (25 preceding siblings ...)
2022-06-07 16:52 ` [PATCH 5.18 026/879] fs/ntfs3: In function ntfs_set_acl_ex do not change inode->i_mode if called from function ntfs_init_acl Greg Kroah-Hartman
@ 2022-06-07 16:52 ` Greg Kroah-Hartman
2022-06-07 16:52 ` [PATCH 5.18 028/879] fs/ntfs3: Update i_ctime when xattr is added Greg Kroah-Hartman
` (861 subsequent siblings)
888 siblings, 0 replies; 898+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:52 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Christophe JAILLET, Konstantin Komarov
From: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
commit e589f9b7078e1c0191613cd736f598e81d2390de upstream.
All error handling paths lead to 'out' where many resources are freed.
Do it as well here instead of a direct return, otherwise 'log', 'ra' and
'log->one_page_buf' (at least) will leak.
Fixes: b46acd6a6a62 ("fs/ntfs3: Add NTFS journal")
Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Signed-off-by: Konstantin Komarov <almaz.alexandrovich@paragon-software.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/ntfs3/fslog.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
--- a/fs/ntfs3/fslog.c
+++ b/fs/ntfs3/fslog.c
@@ -4085,8 +4085,10 @@ process_log:
if (client == LFS_NO_CLIENT_LE) {
/* Insert "NTFS" client LogFile. */
client = ra->client_idx[0];
- if (client == LFS_NO_CLIENT_LE)
- return -EINVAL;
+ if (client == LFS_NO_CLIENT_LE) {
+ err = -EINVAL;
+ goto out;
+ }
t16 = le16_to_cpu(client);
cr = ca + t16;
^ permalink raw reply [flat|nested] 898+ messages in thread
* [PATCH 5.18 028/879] fs/ntfs3: Update i_ctime when xattr is added
2022-06-07 16:51 [PATCH 5.18 000/879] 5.18.3-rc1 review Greg Kroah-Hartman
` (26 preceding siblings ...)
2022-06-07 16:52 ` [PATCH 5.18 027/879] fs/ntfs3: Fix some memory leaks in an error handling path of log_replay() Greg Kroah-Hartman
@ 2022-06-07 16:52 ` Greg Kroah-Hartman
2022-06-07 16:52 ` [PATCH 5.18 029/879] fs/ntfs3: Restore ntfs_xattr_get_acl and ntfs_xattr_set_acl functions Greg Kroah-Hartman
` (860 subsequent siblings)
888 siblings, 0 replies; 898+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:52 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Konstantin Komarov
From: Konstantin Komarov <almaz.alexandrovich@paragon-software.com>
commit 2d44667c306e7806848a3478820f87343feb5421 upstream.
Ctime wasn't updated after setfacl command.
This commit fixes xfstest generic/307
Fixes: be71b5cba2e6 ("fs/ntfs3: Add attrib operations")
Signed-off-by: Konstantin Komarov <almaz.alexandrovich@paragon-software.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/ntfs3/xattr.c | 3 +++
1 file changed, 3 insertions(+)
--- a/fs/ntfs3/xattr.c
+++ b/fs/ntfs3/xattr.c
@@ -902,6 +902,9 @@ set_new_fa:
err = ntfs_set_ea(inode, name, name_len, value, size, flags);
out:
+ inode->i_ctime = current_time(inode);
+ mark_inode_dirty(inode);
+
return err;
}
^ permalink raw reply [flat|nested] 898+ messages in thread
* [PATCH 5.18 029/879] fs/ntfs3: Restore ntfs_xattr_get_acl and ntfs_xattr_set_acl functions
2022-06-07 16:51 [PATCH 5.18 000/879] 5.18.3-rc1 review Greg Kroah-Hartman
` (27 preceding siblings ...)
2022-06-07 16:52 ` [PATCH 5.18 028/879] fs/ntfs3: Update i_ctime when xattr is added Greg Kroah-Hartman
@ 2022-06-07 16:52 ` Greg Kroah-Hartman
2022-06-07 16:52 ` [PATCH 5.18 030/879] cifs: dont call cifs_dfs_query_info_nonascii_quirk() if nodfs was set Greg Kroah-Hartman
` (859 subsequent siblings)
888 siblings, 0 replies; 898+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:52 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Kari Argillander, Konstantin Komarov
From: Konstantin Komarov <almaz.alexandrovich@paragon-software.com>
commit 87e21c99bad763524c953ff4d1a61ee19038ddc2 upstream.
Apparently we need to maintain these functions with
ntfs_get_acl_ex and ntfs_set_acl_ex.
This commit fixes xfstest generic/099
Fixes: 95dd8b2c1ed0 ("fs/ntfs3: Remove unnecessary functions")
Reviewed-by: Kari Argillander <kari.argillander@gmail.com>
Signed-off-by: Konstantin Komarov <almaz.alexandrovich@paragon-software.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/ntfs3/xattr.c | 96 ++++++++++++++++++++++++++++++++++++++++++++++++++++++-
1 file changed, 95 insertions(+), 1 deletion(-)
--- a/fs/ntfs3/xattr.c
+++ b/fs/ntfs3/xattr.c
@@ -112,7 +112,7 @@ static int ntfs_read_ea(struct ntfs_inod
return -ENOMEM;
if (!size) {
- ;
+ /* EA info persists, but xattr is empty. Looks like EA problem. */
} else if (attr_ea->non_res) {
struct runs_tree run;
@@ -620,6 +620,67 @@ int ntfs_set_acl(struct user_namespace *
return ntfs_set_acl_ex(mnt_userns, inode, acl, type, false);
}
+static int ntfs_xattr_get_acl(struct user_namespace *mnt_userns,
+ struct inode *inode, int type, void *buffer,
+ size_t size)
+{
+ struct posix_acl *acl;
+ int err;
+
+ if (!(inode->i_sb->s_flags & SB_POSIXACL)) {
+ ntfs_inode_warn(inode, "add mount option \"acl\" to use acl");
+ return -EOPNOTSUPP;
+ }
+
+ acl = ntfs_get_acl(inode, type, false);
+ if (IS_ERR(acl))
+ return PTR_ERR(acl);
+
+ if (!acl)
+ return -ENODATA;
+
+ err = posix_acl_to_xattr(mnt_userns, acl, buffer, size);
+ posix_acl_release(acl);
+
+ return err;
+}
+
+static int ntfs_xattr_set_acl(struct user_namespace *mnt_userns,
+ struct inode *inode, int type, const void *value,
+ size_t size)
+{
+ struct posix_acl *acl;
+ int err;
+
+ if (!(inode->i_sb->s_flags & SB_POSIXACL)) {
+ ntfs_inode_warn(inode, "add mount option \"acl\" to use acl");
+ return -EOPNOTSUPP;
+ }
+
+ if (!inode_owner_or_capable(mnt_userns, inode))
+ return -EPERM;
+
+ if (!value) {
+ acl = NULL;
+ } else {
+ acl = posix_acl_from_xattr(mnt_userns, value, size);
+ if (IS_ERR(acl))
+ return PTR_ERR(acl);
+
+ if (acl) {
+ err = posix_acl_valid(mnt_userns, acl);
+ if (err)
+ goto release_and_out;
+ }
+ }
+
+ err = ntfs_set_acl(mnt_userns, inode, acl, type);
+
+release_and_out:
+ posix_acl_release(acl);
+ return err;
+}
+
/*
* ntfs_init_acl - Initialize the ACLs of a new inode.
*
@@ -786,6 +847,23 @@ static int ntfs_getxattr(const struct xa
goto out;
}
+#ifdef CONFIG_NTFS3_FS_POSIX_ACL
+ if ((name_len == sizeof(XATTR_NAME_POSIX_ACL_ACCESS) - 1 &&
+ !memcmp(name, XATTR_NAME_POSIX_ACL_ACCESS,
+ sizeof(XATTR_NAME_POSIX_ACL_ACCESS))) ||
+ (name_len == sizeof(XATTR_NAME_POSIX_ACL_DEFAULT) - 1 &&
+ !memcmp(name, XATTR_NAME_POSIX_ACL_DEFAULT,
+ sizeof(XATTR_NAME_POSIX_ACL_DEFAULT)))) {
+ /* TODO: init_user_ns? */
+ err = ntfs_xattr_get_acl(
+ &init_user_ns, inode,
+ name_len == sizeof(XATTR_NAME_POSIX_ACL_ACCESS) - 1
+ ? ACL_TYPE_ACCESS
+ : ACL_TYPE_DEFAULT,
+ buffer, size);
+ goto out;
+ }
+#endif
/* Deal with NTFS extended attribute. */
err = ntfs_get_ea(inode, name, name_len, buffer, size, NULL);
@@ -898,6 +976,22 @@ set_new_fa:
goto out;
}
+#ifdef CONFIG_NTFS3_FS_POSIX_ACL
+ if ((name_len == sizeof(XATTR_NAME_POSIX_ACL_ACCESS) - 1 &&
+ !memcmp(name, XATTR_NAME_POSIX_ACL_ACCESS,
+ sizeof(XATTR_NAME_POSIX_ACL_ACCESS))) ||
+ (name_len == sizeof(XATTR_NAME_POSIX_ACL_DEFAULT) - 1 &&
+ !memcmp(name, XATTR_NAME_POSIX_ACL_DEFAULT,
+ sizeof(XATTR_NAME_POSIX_ACL_DEFAULT)))) {
+ err = ntfs_xattr_set_acl(
+ mnt_userns, inode,
+ name_len == sizeof(XATTR_NAME_POSIX_ACL_ACCESS) - 1
+ ? ACL_TYPE_ACCESS
+ : ACL_TYPE_DEFAULT,
+ value, size);
+ goto out;
+ }
+#endif
/* Deal with NTFS extended attribute. */
err = ntfs_set_ea(inode, name, name_len, value, size, flags);
^ permalink raw reply [flat|nested] 898+ messages in thread
* [PATCH 5.18 030/879] cifs: dont call cifs_dfs_query_info_nonascii_quirk() if nodfs was set
2022-06-07 16:51 [PATCH 5.18 000/879] 5.18.3-rc1 review Greg Kroah-Hartman
` (28 preceding siblings ...)
2022-06-07 16:52 ` [PATCH 5.18 029/879] fs/ntfs3: Restore ntfs_xattr_get_acl and ntfs_xattr_set_acl functions Greg Kroah-Hartman
@ 2022-06-07 16:52 ` Greg Kroah-Hartman
2022-06-07 16:52 ` [PATCH 5.18 031/879] cifs: fix ntlmssp on old servers Greg Kroah-Hartman
` (858 subsequent siblings)
888 siblings, 0 replies; 898+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:52 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Paulo Alcantara (SUSE),
Enzo Matsumiya, Steve French
From: Enzo Matsumiya <ematsumiya@suse.de>
commit 421ef3d56513b2ff02e563623688cb6ab4977c4f upstream.
Also return EOPNOTSUPP if path is remote but nodfs was set.
Fixes: a2809d0e1696 ("cifs: quirk for STATUS_OBJECT_NAME_INVALID returned for non-ASCII dfs refs")
Cc: stable@vger.kernel.org
Reviewed-by: Paulo Alcantara (SUSE) <pc@cjr.nz>
Signed-off-by: Enzo Matsumiya <ematsumiya@suse.de>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/cifs/connect.c | 16 ++++++++++++----
1 file changed, 12 insertions(+), 4 deletions(-)
--- a/fs/cifs/connect.c
+++ b/fs/cifs/connect.c
@@ -3432,6 +3432,7 @@ static int is_path_remote(struct mount_c
struct cifs_tcon *tcon = mnt_ctx->tcon;
struct smb3_fs_context *ctx = mnt_ctx->fs_ctx;
char *full_path;
+ bool nodfs = cifs_sb->mnt_cifs_flags & CIFS_MOUNT_NO_DFS;
if (!server->ops->is_path_accessible)
return -EOPNOTSUPP;
@@ -3449,14 +3450,20 @@ static int is_path_remote(struct mount_c
rc = server->ops->is_path_accessible(xid, tcon, cifs_sb,
full_path);
#ifdef CONFIG_CIFS_DFS_UPCALL
+ if (nodfs) {
+ if (rc == -EREMOTE)
+ rc = -EOPNOTSUPP;
+ goto out;
+ }
+
+ /* path *might* exist with non-ASCII characters in DFS root
+ * try again with full path (only if nodfs is not set) */
if (rc == -ENOENT && is_tcon_dfs(tcon))
rc = cifs_dfs_query_info_nonascii_quirk(xid, tcon, cifs_sb,
full_path);
#endif
- if (rc != 0 && rc != -EREMOTE) {
- kfree(full_path);
- return rc;
- }
+ if (rc != 0 && rc != -EREMOTE)
+ goto out;
if (rc != -EREMOTE) {
rc = cifs_are_all_path_components_accessible(server, xid, tcon,
@@ -3468,6 +3475,7 @@ static int is_path_remote(struct mount_c
}
}
+out:
kfree(full_path);
return rc;
}
^ permalink raw reply [flat|nested] 898+ messages in thread
* [PATCH 5.18 031/879] cifs: fix ntlmssp on old servers
2022-06-07 16:51 [PATCH 5.18 000/879] 5.18.3-rc1 review Greg Kroah-Hartman
` (29 preceding siblings ...)
2022-06-07 16:52 ` [PATCH 5.18 030/879] cifs: dont call cifs_dfs_query_info_nonascii_quirk() if nodfs was set Greg Kroah-Hartman
@ 2022-06-07 16:52 ` Greg Kroah-Hartman
2022-06-07 16:52 ` [PATCH 5.18 032/879] cifs: fix potential double free during failed mount Greg Kroah-Hartman
` (857 subsequent siblings)
888 siblings, 0 replies; 898+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:52 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Byron Stanoszek,
Paulo Alcantara (SUSE),
Steve French
From: Paulo Alcantara <pc@cjr.nz>
commit de3a9e943ddecba8d2ac1dde4cfff538e5c6a7b9 upstream.
Some older servers seem to require the workstation name during ntlmssp
to be at most 15 chars (RFC1001 name length), so truncate it before
sending when using insecure dialects.
Link: https://lore.kernel.org/r/e6837098-15d9-acb6-7e34-1923cf8c6fe1@winds.org
Reported-by: Byron Stanoszek <gandalf@winds.org>
Tested-by: Byron Stanoszek <gandalf@winds.org>
Fixes: 49bd49f983b5 ("cifs: send workstation name during ntlmssp session setup")
Cc: stable@vger.kernel.org
Signed-off-by: Paulo Alcantara (SUSE) <pc@cjr.nz>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/cifs/cifsglob.h | 15 ++++++++++++++-
fs/cifs/connect.c | 22 ++++------------------
fs/cifs/fs_context.c | 29 ++++-------------------------
fs/cifs/fs_context.h | 2 +-
fs/cifs/misc.c | 1 -
fs/cifs/sess.c | 6 +++---
6 files changed, 26 insertions(+), 49 deletions(-)
--- a/fs/cifs/cifsglob.h
+++ b/fs/cifs/cifsglob.h
@@ -944,7 +944,7 @@ struct cifs_ses {
and after mount option parsing we fill it */
char *domainName;
char *password;
- char *workstation_name;
+ char workstation_name[CIFS_MAX_WORKSTATION_LEN];
struct session_key auth_key;
struct ntlmssp_auth *ntlmssp; /* ciphertext, flags, server challenge */
enum securityEnum sectype; /* what security flavor was specified? */
@@ -1979,4 +1979,17 @@ static inline bool cifs_is_referral_serv
return is_tcon_dfs(tcon) || (ref && (ref->flags & DFSREF_REFERRAL_SERVER));
}
+static inline size_t ntlmssp_workstation_name_size(const struct cifs_ses *ses)
+{
+ if (WARN_ON_ONCE(!ses || !ses->server))
+ return 0;
+ /*
+ * Make workstation name no more than 15 chars when using insecure dialects as some legacy
+ * servers do require it during NTLMSSP.
+ */
+ if (ses->server->dialect <= SMB20_PROT_ID)
+ return min_t(size_t, sizeof(ses->workstation_name), RFC1001_NAME_LEN_WITH_NULL);
+ return sizeof(ses->workstation_name);
+}
+
#endif /* _CIFS_GLOB_H */
--- a/fs/cifs/connect.c
+++ b/fs/cifs/connect.c
@@ -2037,18 +2037,7 @@ cifs_set_cifscreds(struct smb3_fs_contex
}
}
- ctx->workstation_name = kstrdup(ses->workstation_name, GFP_KERNEL);
- if (!ctx->workstation_name) {
- cifs_dbg(FYI, "Unable to allocate memory for workstation_name\n");
- rc = -ENOMEM;
- kfree(ctx->username);
- ctx->username = NULL;
- kfree_sensitive(ctx->password);
- ctx->password = NULL;
- kfree(ctx->domainname);
- ctx->domainname = NULL;
- goto out_key_put;
- }
+ strscpy(ctx->workstation_name, ses->workstation_name, sizeof(ctx->workstation_name));
out_key_put:
up_read(&key->sem);
@@ -2157,12 +2146,9 @@ cifs_get_smb_ses(struct TCP_Server_Info
if (!ses->domainName)
goto get_ses_fail;
}
- if (ctx->workstation_name) {
- ses->workstation_name = kstrdup(ctx->workstation_name,
- GFP_KERNEL);
- if (!ses->workstation_name)
- goto get_ses_fail;
- }
+
+ strscpy(ses->workstation_name, ctx->workstation_name, sizeof(ses->workstation_name));
+
if (ctx->domainauto)
ses->domainAuto = ctx->domainauto;
ses->cred_uid = ctx->cred_uid;
--- a/fs/cifs/fs_context.c
+++ b/fs/cifs/fs_context.c
@@ -312,7 +312,6 @@ smb3_fs_context_dup(struct smb3_fs_conte
new_ctx->password = NULL;
new_ctx->server_hostname = NULL;
new_ctx->domainname = NULL;
- new_ctx->workstation_name = NULL;
new_ctx->UNC = NULL;
new_ctx->source = NULL;
new_ctx->iocharset = NULL;
@@ -327,7 +326,6 @@ smb3_fs_context_dup(struct smb3_fs_conte
DUP_CTX_STR(UNC);
DUP_CTX_STR(source);
DUP_CTX_STR(domainname);
- DUP_CTX_STR(workstation_name);
DUP_CTX_STR(nodename);
DUP_CTX_STR(iocharset);
@@ -766,8 +764,7 @@ static int smb3_verify_reconfigure_ctx(s
cifs_errorf(fc, "can not change domainname during remount\n");
return -EINVAL;
}
- if (new_ctx->workstation_name &&
- (!old_ctx->workstation_name || strcmp(new_ctx->workstation_name, old_ctx->workstation_name))) {
+ if (strcmp(new_ctx->workstation_name, old_ctx->workstation_name)) {
cifs_errorf(fc, "can not change workstation_name during remount\n");
return -EINVAL;
}
@@ -814,7 +811,6 @@ static int smb3_reconfigure(struct fs_co
STEAL_STRING(cifs_sb, ctx, username);
STEAL_STRING(cifs_sb, ctx, password);
STEAL_STRING(cifs_sb, ctx, domainname);
- STEAL_STRING(cifs_sb, ctx, workstation_name);
STEAL_STRING(cifs_sb, ctx, nodename);
STEAL_STRING(cifs_sb, ctx, iocharset);
@@ -1467,22 +1463,15 @@ static int smb3_fs_context_parse_param(s
int smb3_init_fs_context(struct fs_context *fc)
{
- int rc;
struct smb3_fs_context *ctx;
char *nodename = utsname()->nodename;
int i;
ctx = kzalloc(sizeof(struct smb3_fs_context), GFP_KERNEL);
- if (unlikely(!ctx)) {
- rc = -ENOMEM;
- goto err_exit;
- }
+ if (unlikely(!ctx))
+ return -ENOMEM;
- ctx->workstation_name = kstrdup(nodename, GFP_KERNEL);
- if (unlikely(!ctx->workstation_name)) {
- rc = -ENOMEM;
- goto err_exit;
- }
+ strscpy(ctx->workstation_name, nodename, sizeof(ctx->workstation_name));
/*
* does not have to be perfect mapping since field is
@@ -1555,14 +1544,6 @@ int smb3_init_fs_context(struct fs_conte
fc->fs_private = ctx;
fc->ops = &smb3_fs_context_ops;
return 0;
-
-err_exit:
- if (ctx) {
- kfree(ctx->workstation_name);
- kfree(ctx);
- }
-
- return rc;
}
void
@@ -1588,8 +1569,6 @@ smb3_cleanup_fs_context_contents(struct
ctx->source = NULL;
kfree(ctx->domainname);
ctx->domainname = NULL;
- kfree(ctx->workstation_name);
- ctx->workstation_name = NULL;
kfree(ctx->nodename);
ctx->nodename = NULL;
kfree(ctx->iocharset);
--- a/fs/cifs/fs_context.h
+++ b/fs/cifs/fs_context.h
@@ -170,7 +170,7 @@ struct smb3_fs_context {
char *server_hostname;
char *UNC;
char *nodename;
- char *workstation_name;
+ char workstation_name[CIFS_MAX_WORKSTATION_LEN];
char *iocharset; /* local code page for mapping to and from Unicode */
char source_rfc1001_name[RFC1001_NAME_LEN_WITH_NULL]; /* clnt nb name */
char target_rfc1001_name[RFC1001_NAME_LEN_WITH_NULL]; /* srvr nb name */
--- a/fs/cifs/misc.c
+++ b/fs/cifs/misc.c
@@ -95,7 +95,6 @@ sesInfoFree(struct cifs_ses *buf_to_free
kfree_sensitive(buf_to_free->password);
kfree(buf_to_free->user_name);
kfree(buf_to_free->domainName);
- kfree(buf_to_free->workstation_name);
kfree_sensitive(buf_to_free->auth_key.response);
kfree(buf_to_free->iface_list);
kfree_sensitive(buf_to_free);
--- a/fs/cifs/sess.c
+++ b/fs/cifs/sess.c
@@ -714,9 +714,9 @@ static int size_of_ntlmssp_blob(struct c
else
sz += sizeof(__le16);
- if (ses->workstation_name)
+ if (ses->workstation_name[0])
sz += sizeof(__le16) * strnlen(ses->workstation_name,
- CIFS_MAX_WORKSTATION_LEN);
+ ntlmssp_workstation_name_size(ses));
else
sz += sizeof(__le16);
@@ -960,7 +960,7 @@ int build_ntlmssp_auth_blob(unsigned cha
cifs_security_buffer_from_str(&sec_blob->WorkstationName,
ses->workstation_name,
- CIFS_MAX_WORKSTATION_LEN,
+ ntlmssp_workstation_name_size(ses),
*pbuffer, &tmp,
nls_cp);
^ permalink raw reply [flat|nested] 898+ messages in thread
* [PATCH 5.18 032/879] cifs: fix potential double free during failed mount
2022-06-07 16:51 [PATCH 5.18 000/879] 5.18.3-rc1 review Greg Kroah-Hartman
` (30 preceding siblings ...)
2022-06-07 16:52 ` [PATCH 5.18 031/879] cifs: fix ntlmssp on old servers Greg Kroah-Hartman
@ 2022-06-07 16:52 ` Greg Kroah-Hartman
2022-06-07 16:52 ` [PATCH 5.18 033/879] cifs: when extending a file with falloc we should make files not-sparse Greg Kroah-Hartman
` (856 subsequent siblings)
888 siblings, 0 replies; 898+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:52 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Roberto Bergantinos, Ronnie Sahlberg,
Steve French
From: Ronnie Sahlberg <lsahlber@redhat.com>
commit 8378a51e3f8140f60901fb27208cc7a6e47047b5 upstream.
RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=2088799
Cc: stable@vger.kernel.org
Signed-off-by: Roberto Bergantinos <rbergant@redhat.com>
Signed-off-by: Ronnie Sahlberg <lsahlber@redhat.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/cifs/cifsfs.c | 10 ++++++----
1 file changed, 6 insertions(+), 4 deletions(-)
--- a/fs/cifs/cifsfs.c
+++ b/fs/cifs/cifsfs.c
@@ -836,7 +836,7 @@ cifs_smb3_do_mount(struct file_system_ty
int flags, struct smb3_fs_context *old_ctx)
{
int rc;
- struct super_block *sb;
+ struct super_block *sb = NULL;
struct cifs_sb_info *cifs_sb = NULL;
struct cifs_mnt_data mnt_data;
struct dentry *root;
@@ -932,9 +932,11 @@ out_super:
return root;
out:
if (cifs_sb) {
- kfree(cifs_sb->prepath);
- smb3_cleanup_fs_context(cifs_sb->ctx);
- kfree(cifs_sb);
+ if (!sb || IS_ERR(sb)) { /* otherwise kill_sb will handle */
+ kfree(cifs_sb->prepath);
+ smb3_cleanup_fs_context(cifs_sb->ctx);
+ kfree(cifs_sb);
+ }
}
return root;
}
^ permalink raw reply [flat|nested] 898+ messages in thread
* [PATCH 5.18 033/879] cifs: when extending a file with falloc we should make files not-sparse
2022-06-07 16:51 [PATCH 5.18 000/879] 5.18.3-rc1 review Greg Kroah-Hartman
` (31 preceding siblings ...)
2022-06-07 16:52 ` [PATCH 5.18 032/879] cifs: fix potential double free during failed mount Greg Kroah-Hartman
@ 2022-06-07 16:52 ` Greg Kroah-Hartman
2022-06-07 16:52 ` [PATCH 5.18 034/879] xhci: Set HCD flag to defer primary roothub registration Greg Kroah-Hartman
` (855 subsequent siblings)
888 siblings, 0 replies; 898+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:52 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Ronnie Sahlberg, Steve French
From: Ronnie Sahlberg <lsahlber@redhat.com>
commit f66f8b94e7f2f4ac9fffe710be231ca8f25c5057 upstream.
as this is the only way to make sure the region is allocated.
Fix the conditional that was wrong and only tried to make already
non-sparse files non-sparse.
Cc: stable@vger.kernel.org
Signed-off-by: Ronnie Sahlberg <lsahlber@redhat.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/cifs/smb2ops.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/fs/cifs/smb2ops.c
+++ b/fs/cifs/smb2ops.c
@@ -3837,7 +3837,7 @@ static long smb3_simple_falloc(struct fi
if (rc)
goto out;
- if ((cifsi->cifsAttrs & FILE_ATTRIBUTE_SPARSE_FILE) == 0)
+ if (cifsi->cifsAttrs & FILE_ATTRIBUTE_SPARSE_FILE)
smb2_set_sparse(xid, tcon, cfile, inode, false);
eof = cpu_to_le64(off + len);
^ permalink raw reply [flat|nested] 898+ messages in thread
* [PATCH 5.18 034/879] xhci: Set HCD flag to defer primary roothub registration
2022-06-07 16:51 [PATCH 5.18 000/879] 5.18.3-rc1 review Greg Kroah-Hartman
` (32 preceding siblings ...)
2022-06-07 16:52 ` [PATCH 5.18 033/879] cifs: when extending a file with falloc we should make files not-sparse Greg Kroah-Hartman
@ 2022-06-07 16:52 ` Greg Kroah-Hartman
2022-06-07 16:52 ` [PATCH 5.18 035/879] xhci: Allow host runtime PM as default for Intel Alder Lake N xHCI Greg Kroah-Hartman
` (854 subsequent siblings)
888 siblings, 0 replies; 898+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:52 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Mathias Nyman, Chris Chiu,
Kishon Vijay Abraham I
From: Kishon Vijay Abraham I <kishon@ti.com>
commit b7a4f9b5d0e4b6dd937678c546c0b322dd1a4054 upstream.
Set "HCD_FLAG_DEFER_RH_REGISTER" to hcd->flags in xhci_run() to defer
registering primary roothub in usb_add_hcd() if xhci has two roothubs.
This will make sure both primary roothub and secondary roothub will be
registered along with the second HCD.
This is required for cold plugged USB devices to be detected in certain
PCIe USB cards (like Inateck USB card connected to AM64 EVM or J7200 EVM).
This patch has been added and reverted earier as it triggered a race
in usb device enumeration.
That race is now fixed in 5.16-rc3, and in stable back to 5.4
commit 6cca13de26ee ("usb: hub: Fix locking issues with address0_mutex")
commit 6ae6dc22d2d1 ("usb: hub: Fix usb enumeration issue due to address0
race")
[minor rebase change, and commit message update -Mathias]
CC: stable@vger.kernel.org # 5.4+
Suggested-by: Mathias Nyman <mathias.nyman@linux.intel.com>
Tested-by: Chris Chiu <chris.chiu@canonical.com>
Signed-off-by: Kishon Vijay Abraham I <kishon@ti.com>
Link: https://lore.kernel.org/r/20220510091630.16564-3-kishon@ti.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/host/xhci.c | 2 ++
1 file changed, 2 insertions(+)
--- a/drivers/usb/host/xhci.c
+++ b/drivers/usb/host/xhci.c
@@ -696,6 +696,8 @@ int xhci_run(struct usb_hcd *hcd)
xhci_dbg_trace(xhci, trace_xhci_dbg_init,
"Finished xhci_run for USB2 roothub");
+ set_bit(HCD_FLAG_DEFER_RH_REGISTER, &hcd->flags);
+
xhci_create_dbc_dev(xhci);
xhci_debugfs_init(xhci);
^ permalink raw reply [flat|nested] 898+ messages in thread
* [PATCH 5.18 035/879] xhci: Allow host runtime PM as default for Intel Alder Lake N xHCI
2022-06-07 16:51 [PATCH 5.18 000/879] 5.18.3-rc1 review Greg Kroah-Hartman
` (33 preceding siblings ...)
2022-06-07 16:52 ` [PATCH 5.18 034/879] xhci: Set HCD flag to defer primary roothub registration Greg Kroah-Hartman
@ 2022-06-07 16:52 ` Greg Kroah-Hartman
2022-06-07 16:52 ` [PATCH 5.18 036/879] platform/x86: intel-hid: fix _DSM function index handling Greg Kroah-Hartman
` (853 subsequent siblings)
888 siblings, 0 replies; 898+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:52 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, stable, Gopal Vamshi Krishna, Mathias Nyman
From: Mathias Nyman <mathias.nyman@linux.intel.com>
commit 74f55a62c4c354f43a6d75f77dd184c4f57b9a26 upstream.
Alder Lake N TCSS xHCI needs to be runtime suspended whenever possible
to allow the TCSS hardware block to enter D3 and thus save energy
Cc: stable@kernel.org
Suggested-by: Gopal Vamshi Krishna <vamshi.krishna.gopal@intel.com>
Signed-off-by: Mathias Nyman <mathias.nyman@linux.intel.com>
Link: https://lore.kernel.org/r/20220511220450.85367-10-mathias.nyman@linux.intel.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/host/xhci-pci.c | 2 ++
1 file changed, 2 insertions(+)
--- a/drivers/usb/host/xhci-pci.c
+++ b/drivers/usb/host/xhci-pci.c
@@ -59,6 +59,7 @@
#define PCI_DEVICE_ID_INTEL_TIGER_LAKE_XHCI 0x9a13
#define PCI_DEVICE_ID_INTEL_MAPLE_RIDGE_XHCI 0x1138
#define PCI_DEVICE_ID_INTEL_ALDER_LAKE_XHCI 0x461e
+#define PCI_DEVICE_ID_INTEL_ALDER_LAKE_N_XHCI 0x464e
#define PCI_DEVICE_ID_INTEL_ALDER_LAKE_PCH_XHCI 0x51ed
#define PCI_DEVICE_ID_AMD_RENOIR_XHCI 0x1639
@@ -268,6 +269,7 @@ static void xhci_pci_quirks(struct devic
pdev->device == PCI_DEVICE_ID_INTEL_TIGER_LAKE_XHCI ||
pdev->device == PCI_DEVICE_ID_INTEL_MAPLE_RIDGE_XHCI ||
pdev->device == PCI_DEVICE_ID_INTEL_ALDER_LAKE_XHCI ||
+ pdev->device == PCI_DEVICE_ID_INTEL_ALDER_LAKE_N_XHCI ||
pdev->device == PCI_DEVICE_ID_INTEL_ALDER_LAKE_PCH_XHCI))
xhci->quirks |= XHCI_DEFAULT_PM_RUNTIME_ALLOW;
^ permalink raw reply [flat|nested] 898+ messages in thread
* [PATCH 5.18 036/879] platform/x86: intel-hid: fix _DSM function index handling
2022-06-07 16:51 [PATCH 5.18 000/879] 5.18.3-rc1 review Greg Kroah-Hartman
` (34 preceding siblings ...)
2022-06-07 16:52 ` [PATCH 5.18 035/879] xhci: Allow host runtime PM as default for Intel Alder Lake N xHCI Greg Kroah-Hartman
@ 2022-06-07 16:52 ` Greg Kroah-Hartman
2022-06-07 16:52 ` [PATCH 5.18 037/879] x86/MCE/AMD: Fix memory leak when threshold_create_bank() fails Greg Kroah-Hartman
` (852 subsequent siblings)
888 siblings, 0 replies; 898+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:52 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Michael Niewöhner, Hans de Goede
From: Michael Niewöhner <linux@mniewoehner.de>
commit 1620c80bba53af8c547bab34a1d3bc58319fe608 upstream.
intel_hid_dsm_fn_mask is a bit mask containing one bit for each function
index. Fix the function index check in intel_hid_evaluate_method
accordingly, which was missed in commit 97ab4516205e ("platform/x86:
intel-hid: fix _DSM function index handling").
Fixes: 97ab4516205e ("platform/x86: intel-hid: fix _DSM function index handling")
Cc: stable@vger.kernel.org
Signed-off-by: Michael Niewöhner <linux@mniewoehner.de>
Link: https://lore.kernel.org/r/66f813f5bcc724a0f6dd5adefe6a9728dbe509e3.camel@mniewoehner.de
Reviewed-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/platform/x86/intel/hid.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/platform/x86/intel/hid.c
+++ b/drivers/platform/x86/intel/hid.c
@@ -238,7 +238,7 @@ static bool intel_hid_evaluate_method(ac
method_name = (char *)intel_hid_dsm_fn_to_method[fn_index];
- if (!(intel_hid_dsm_fn_mask & fn_index))
+ if (!(intel_hid_dsm_fn_mask & BIT(fn_index)))
goto skip_dsm_eval;
obj = acpi_evaluate_dsm_typed(handle, &intel_dsm_guid,
^ permalink raw reply [flat|nested] 898+ messages in thread
* [PATCH 5.18 037/879] x86/MCE/AMD: Fix memory leak when threshold_create_bank() fails
2022-06-07 16:51 [PATCH 5.18 000/879] 5.18.3-rc1 review Greg Kroah-Hartman
` (35 preceding siblings ...)
2022-06-07 16:52 ` [PATCH 5.18 036/879] platform/x86: intel-hid: fix _DSM function index handling Greg Kroah-Hartman
@ 2022-06-07 16:52 ` Greg Kroah-Hartman
2022-06-07 16:52 ` [PATCH 5.18 038/879] perf/x86/intel: Fix event constraints for ICL Greg Kroah-Hartman
` (851 subsequent siblings)
888 siblings, 0 replies; 898+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:52 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Alviro Iskandar Setiawan,
Yazen Ghannam, Ammar Faizi, Borislav Petkov
From: Ammar Faizi <ammarfaizi2@gnuweeb.org>
commit e5f28623ceb103e13fc3d7bd45edf9818b227fd0 upstream.
In mce_threshold_create_device(), if threshold_create_bank() fails, the
previously allocated threshold banks array @bp will be leaked because
the call to mce_threshold_remove_device() will not free it.
This happens because mce_threshold_remove_device() fetches the pointer
through the threshold_banks per-CPU variable but bp is written there
only after the bank creation is successful, and not before, when
threshold_create_bank() fails.
Add a helper which unwinds all the bank creation work previously done
and pass into it the previously allocated threshold banks array for
freeing.
[ bp: Massage. ]
Fixes: 6458de97fc15 ("x86/mce/amd: Straighten CPU hotplug path")
Co-developed-by: Alviro Iskandar Setiawan <alviro.iskandar@gnuweeb.org>
Signed-off-by: Alviro Iskandar Setiawan <alviro.iskandar@gnuweeb.org>
Co-developed-by: Yazen Ghannam <yazen.ghannam@amd.com>
Signed-off-by: Yazen Ghannam <yazen.ghannam@amd.com>
Signed-off-by: Ammar Faizi <ammarfaizi2@gnuweeb.org>
Signed-off-by: Borislav Petkov <bp@suse.de>
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20220329104705.65256-3-ammarfaizi2@gnuweeb.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/kernel/cpu/mce/amd.c | 32 +++++++++++++++++++-------------
1 file changed, 19 insertions(+), 13 deletions(-)
--- a/arch/x86/kernel/cpu/mce/amd.c
+++ b/arch/x86/kernel/cpu/mce/amd.c
@@ -1294,10 +1294,23 @@ out_free:
kfree(bank);
}
+static void __threshold_remove_device(struct threshold_bank **bp)
+{
+ unsigned int bank, numbanks = this_cpu_read(mce_num_banks);
+
+ for (bank = 0; bank < numbanks; bank++) {
+ if (!bp[bank])
+ continue;
+
+ threshold_remove_bank(bp[bank]);
+ bp[bank] = NULL;
+ }
+ kfree(bp);
+}
+
int mce_threshold_remove_device(unsigned int cpu)
{
struct threshold_bank **bp = this_cpu_read(threshold_banks);
- unsigned int bank, numbanks = this_cpu_read(mce_num_banks);
if (!bp)
return 0;
@@ -1308,13 +1321,7 @@ int mce_threshold_remove_device(unsigned
*/
this_cpu_write(threshold_banks, NULL);
- for (bank = 0; bank < numbanks; bank++) {
- if (bp[bank]) {
- threshold_remove_bank(bp[bank]);
- bp[bank] = NULL;
- }
- }
- kfree(bp);
+ __threshold_remove_device(bp);
return 0;
}
@@ -1351,15 +1358,14 @@ int mce_threshold_create_device(unsigned
if (!(this_cpu_read(bank_map) & (1 << bank)))
continue;
err = threshold_create_bank(bp, cpu, bank);
- if (err)
- goto out_err;
+ if (err) {
+ __threshold_remove_device(bp);
+ return err;
+ }
}
this_cpu_write(threshold_banks, bp);
if (thresholding_irq_en)
mce_threshold_vector = amd_threshold_interrupt;
return 0;
-out_err:
- mce_threshold_remove_device(cpu);
- return err;
}
^ permalink raw reply [flat|nested] 898+ messages in thread
* [PATCH 5.18 038/879] perf/x86/intel: Fix event constraints for ICL
2022-06-07 16:51 [PATCH 5.18 000/879] 5.18.3-rc1 review Greg Kroah-Hartman
` (36 preceding siblings ...)
2022-06-07 16:52 ` [PATCH 5.18 037/879] x86/MCE/AMD: Fix memory leak when threshold_create_bank() fails Greg Kroah-Hartman
@ 2022-06-07 16:52 ` Greg Kroah-Hartman
2022-06-07 16:52 ` [PATCH 5.18 039/879] x86/kexec: fix memory leak of elf header buffer Greg Kroah-Hartman
` (850 subsequent siblings)
888 siblings, 0 replies; 898+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:52 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Kan Liang, Ingo Molnar, Peter Zijlstra
From: Kan Liang <kan.liang@linux.intel.com>
commit 86dca369075b3e310c3c0adb0f81e513c562b5e4 upstream.
According to the latest event list, the event encoding 0x55
INST_DECODED.DECODERS and 0x56 UOPS_DECODED.DEC0 are only available on
the first 4 counters. Add them into the event constraints table.
Fixes: 6017608936c1 ("perf/x86/intel: Add Icelake support")
Signed-off-by: Kan Liang <kan.liang@linux.intel.com>
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Acked-by: Peter Zijlstra <peterz@infradead.org>
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/20220525133952.1660658-1-kan.liang@linux.intel.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/events/intel/core.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/arch/x86/events/intel/core.c
+++ b/arch/x86/events/intel/core.c
@@ -276,7 +276,7 @@ static struct event_constraint intel_icl
INTEL_EVENT_CONSTRAINT_RANGE(0x03, 0x0a, 0xf),
INTEL_EVENT_CONSTRAINT_RANGE(0x1f, 0x28, 0xf),
INTEL_EVENT_CONSTRAINT(0x32, 0xf), /* SW_PREFETCH_ACCESS.* */
- INTEL_EVENT_CONSTRAINT_RANGE(0x48, 0x54, 0xf),
+ INTEL_EVENT_CONSTRAINT_RANGE(0x48, 0x56, 0xf),
INTEL_EVENT_CONSTRAINT_RANGE(0x60, 0x8b, 0xf),
INTEL_UEVENT_CONSTRAINT(0x04a3, 0xff), /* CYCLE_ACTIVITY.STALLS_TOTAL */
INTEL_UEVENT_CONSTRAINT(0x10a3, 0xff), /* CYCLE_ACTIVITY.CYCLES_MEM_ANY */
^ permalink raw reply [flat|nested] 898+ messages in thread
* [PATCH 5.18 039/879] x86/kexec: fix memory leak of elf header buffer
2022-06-07 16:51 [PATCH 5.18 000/879] 5.18.3-rc1 review Greg Kroah-Hartman
` (37 preceding siblings ...)
2022-06-07 16:52 ` [PATCH 5.18 038/879] perf/x86/intel: Fix event constraints for ICL Greg Kroah-Hartman
@ 2022-06-07 16:52 ` Greg Kroah-Hartman
2022-06-07 16:52 ` [PATCH 5.18 040/879] x86/sgx: Set active memcg prior to shmem allocation Greg Kroah-Hartman
` (849 subsequent siblings)
888 siblings, 0 replies; 898+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:52 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Baoquan He, Dave Young, Andrew Morton
From: Baoquan He <bhe@redhat.com>
commit b3e34a47f98974d0844444c5121aaff123004e57 upstream.
This is reported by kmemleak detector:
unreferenced object 0xffffc900002a9000 (size 4096):
comm "kexec", pid 14950, jiffies 4295110793 (age 373.951s)
hex dump (first 32 bytes):
7f 45 4c 46 02 01 01 00 00 00 00 00 00 00 00 00 .ELF............
04 00 3e 00 01 00 00 00 00 00 00 00 00 00 00 00 ..>.............
backtrace:
[<0000000016a8ef9f>] __vmalloc_node_range+0x101/0x170
[<000000002b66b6c0>] __vmalloc_node+0xb4/0x160
[<00000000ad40107d>] crash_prepare_elf64_headers+0x8e/0xcd0
[<0000000019afff23>] crash_load_segments+0x260/0x470
[<0000000019ebe95c>] bzImage64_load+0x814/0xad0
[<0000000093e16b05>] arch_kexec_kernel_image_load+0x1be/0x2a0
[<000000009ef2fc88>] kimage_file_alloc_init+0x2ec/0x5a0
[<0000000038f5a97a>] __do_sys_kexec_file_load+0x28d/0x530
[<0000000087c19992>] do_syscall_64+0x3b/0x90
[<0000000066e063a4>] entry_SYSCALL_64_after_hwframe+0x44/0xae
In crash_prepare_elf64_headers(), a buffer is allocated via vmalloc() to
store elf headers. While it's not freed back to system correctly when
kdump kernel is reloaded or unloaded. Then memory leak is caused. Fix it
by introducing x86 specific function arch_kimage_file_post_load_cleanup(),
and freeing the buffer there.
And also remove the incorrect elf header buffer freeing code. Before
calling arch specific kexec_file loading function, the image instance has
been initialized. So 'image->elf_headers' must be NULL. It doesn't make
sense to free the elf header buffer in the place.
Three different people have reported three bugs about the memory leak on
x86_64 inside Redhat.
Link: https://lkml.kernel.org/r/20220223113225.63106-2-bhe@redhat.com
Signed-off-by: Baoquan He <bhe@redhat.com>
Acked-by: Dave Young <dyoung@redhat.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/kernel/machine_kexec_64.c | 12 +++++++++---
1 file changed, 9 insertions(+), 3 deletions(-)
--- a/arch/x86/kernel/machine_kexec_64.c
+++ b/arch/x86/kernel/machine_kexec_64.c
@@ -376,9 +376,6 @@ void machine_kexec(struct kimage *image)
#ifdef CONFIG_KEXEC_FILE
void *arch_kexec_kernel_image_load(struct kimage *image)
{
- vfree(image->elf_headers);
- image->elf_headers = NULL;
-
if (!image->fops || !image->fops->load)
return ERR_PTR(-ENOEXEC);
@@ -514,6 +511,15 @@ overflow:
(int)ELF64_R_TYPE(rel[i].r_info), value);
return -ENOEXEC;
}
+
+int arch_kimage_file_post_load_cleanup(struct kimage *image)
+{
+ vfree(image->elf_headers);
+ image->elf_headers = NULL;
+ image->elf_headers_sz = 0;
+
+ return kexec_image_post_load_cleanup_default(image);
+}
#endif /* CONFIG_KEXEC_FILE */
static int
^ permalink raw reply [flat|nested] 898+ messages in thread
* [PATCH 5.18 040/879] x86/sgx: Set active memcg prior to shmem allocation
2022-06-07 16:51 [PATCH 5.18 000/879] 5.18.3-rc1 review Greg Kroah-Hartman
` (38 preceding siblings ...)
2022-06-07 16:52 ` [PATCH 5.18 039/879] x86/kexec: fix memory leak of elf header buffer Greg Kroah-Hartman
@ 2022-06-07 16:52 ` Greg Kroah-Hartman
2022-06-07 16:52 ` [PATCH 5.18 041/879] kthread: Dont allocate kthread_struct for init and umh Greg Kroah-Hartman
` (848 subsequent siblings)
888 siblings, 0 replies; 898+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:52 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Kristen Carlson Accardi, Dave Hansen,
Shakeel Butt, Roman Gushchin
From: Kristen Carlson Accardi <kristen@linux.intel.com>
commit 0c9782e204d3cc5625b9e8bf4e8625d38dfe0139 upstream.
When the system runs out of enclave memory, SGX can reclaim EPC pages
by swapping to normal RAM. These backing pages are allocated via a
per-enclave shared memory area. Since SGX allows unlimited over
commit on EPC memory, the reclaimer thread can allocate a large
number of backing RAM pages in response to EPC memory pressure.
When the shared memory backing RAM allocation occurs during
the reclaimer thread context, the shared memory is charged to
the root memory control group, and the shmem usage of the enclave
is not properly accounted for, making cgroups ineffective at
limiting the amount of RAM an enclave can consume.
For example, when using a cgroup to launch a set of test
enclaves, the kernel does not properly account for 50% - 75% of
shmem page allocations on average. In the worst case, when
nearly all allocations occur during the reclaimer thread, the
kernel accounts less than a percent of the amount of shmem used
by the enclave's cgroup to the correct cgroup.
SGX stores a list of mm_structs that are associated with
an enclave. Pick one of them during reclaim and charge that
mm's memcg with the shmem allocation. The one that gets picked
is arbitrary, but this list almost always only has one mm. The
cases where there is more than one mm with different memcg's
are not worth considering.
Create a new function - sgx_encl_alloc_backing(). This function
is used whenever a new backing storage page needs to be
allocated. Previously the same function was used for page
allocation as well as retrieving a previously allocated page.
Prior to backing page allocation, if there is a mm_struct associated
with the enclave that is requesting the allocation, it is set
as the active memory control group.
[ dhansen: - fix merge conflict with ELDU fixes
- check against actual ksgxd_tsk, not ->mm ]
Cc: stable@vger.kernel.org
Signed-off-by: Kristen Carlson Accardi <kristen@linux.intel.com>
Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com>
Reviewed-by: Shakeel Butt <shakeelb@google.com>
Acked-by: Roman Gushchin <roman.gushchin@linux.dev>
Link: https://lkml.kernel.org/r/20220520174248.4918-1-kristen@linux.intel.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/kernel/cpu/sgx/encl.c | 105 ++++++++++++++++++++++++++++++++++++++++-
arch/x86/kernel/cpu/sgx/encl.h | 7 +-
arch/x86/kernel/cpu/sgx/main.c | 9 ++-
3 files changed, 115 insertions(+), 6 deletions(-)
--- a/arch/x86/kernel/cpu/sgx/encl.c
+++ b/arch/x86/kernel/cpu/sgx/encl.c
@@ -152,7 +152,7 @@ static int __sgx_encl_eldu(struct sgx_en
page_pcmd_off = sgx_encl_get_backing_page_pcmd_offset(encl, page_index);
- ret = sgx_encl_get_backing(encl, page_index, &b);
+ ret = sgx_encl_lookup_backing(encl, page_index, &b);
if (ret)
return ret;
@@ -718,7 +718,7 @@ static struct page *sgx_encl_get_backing
* 0 on success,
* -errno otherwise.
*/
-int sgx_encl_get_backing(struct sgx_encl *encl, unsigned long page_index,
+static int sgx_encl_get_backing(struct sgx_encl *encl, unsigned long page_index,
struct sgx_backing *backing)
{
pgoff_t page_pcmd_off = sgx_encl_get_backing_page_pcmd_offset(encl, page_index);
@@ -743,6 +743,107 @@ int sgx_encl_get_backing(struct sgx_encl
return 0;
}
+/*
+ * When called from ksgxd, returns the mem_cgroup of a struct mm stored
+ * in the enclave's mm_list. When not called from ksgxd, just returns
+ * the mem_cgroup of the current task.
+ */
+static struct mem_cgroup *sgx_encl_get_mem_cgroup(struct sgx_encl *encl)
+{
+ struct mem_cgroup *memcg = NULL;
+ struct sgx_encl_mm *encl_mm;
+ int idx;
+
+ /*
+ * If called from normal task context, return the mem_cgroup
+ * of the current task's mm. The remainder of the handling is for
+ * ksgxd.
+ */
+ if (!current_is_ksgxd())
+ return get_mem_cgroup_from_mm(current->mm);
+
+ /*
+ * Search the enclave's mm_list to find an mm associated with
+ * this enclave to charge the allocation to.
+ */
+ idx = srcu_read_lock(&encl->srcu);
+
+ list_for_each_entry_rcu(encl_mm, &encl->mm_list, list) {
+ if (!mmget_not_zero(encl_mm->mm))
+ continue;
+
+ memcg = get_mem_cgroup_from_mm(encl_mm->mm);
+
+ mmput_async(encl_mm->mm);
+
+ break;
+ }
+
+ srcu_read_unlock(&encl->srcu, idx);
+
+ /*
+ * In the rare case that there isn't an mm associated with
+ * the enclave, set memcg to the current active mem_cgroup.
+ * This will be the root mem_cgroup if there is no active
+ * mem_cgroup.
+ */
+ if (!memcg)
+ return get_mem_cgroup_from_mm(NULL);
+
+ return memcg;
+}
+
+/**
+ * sgx_encl_alloc_backing() - allocate a new backing storage page
+ * @encl: an enclave pointer
+ * @page_index: enclave page index
+ * @backing: data for accessing backing storage for the page
+ *
+ * When called from ksgxd, sets the active memcg from one of the
+ * mms in the enclave's mm_list prior to any backing page allocation,
+ * in order to ensure that shmem page allocations are charged to the
+ * enclave.
+ *
+ * Return:
+ * 0 on success,
+ * -errno otherwise.
+ */
+int sgx_encl_alloc_backing(struct sgx_encl *encl, unsigned long page_index,
+ struct sgx_backing *backing)
+{
+ struct mem_cgroup *encl_memcg = sgx_encl_get_mem_cgroup(encl);
+ struct mem_cgroup *memcg = set_active_memcg(encl_memcg);
+ int ret;
+
+ ret = sgx_encl_get_backing(encl, page_index, backing);
+
+ set_active_memcg(memcg);
+ mem_cgroup_put(encl_memcg);
+
+ return ret;
+}
+
+/**
+ * sgx_encl_lookup_backing() - retrieve an existing backing storage page
+ * @encl: an enclave pointer
+ * @page_index: enclave page index
+ * @backing: data for accessing backing storage for the page
+ *
+ * Retrieve a backing page for loading data back into an EPC page with ELDU.
+ * It is the caller's responsibility to ensure that it is appropriate to use
+ * sgx_encl_lookup_backing() rather than sgx_encl_alloc_backing(). If lookup is
+ * not used correctly, this will cause an allocation which is not accounted for.
+ *
+ * Return:
+ * 0 on success,
+ * -errno otherwise.
+ */
+int sgx_encl_lookup_backing(struct sgx_encl *encl, unsigned long page_index,
+ struct sgx_backing *backing)
+{
+ return sgx_encl_get_backing(encl, page_index, backing);
+}
+
/**
* sgx_encl_put_backing() - Unpin the backing storage
* @backing: data for accessing backing storage for the page
--- a/arch/x86/kernel/cpu/sgx/encl.h
+++ b/arch/x86/kernel/cpu/sgx/encl.h
@@ -103,10 +103,13 @@ static inline int sgx_encl_find(struct m
int sgx_encl_may_map(struct sgx_encl *encl, unsigned long start,
unsigned long end, unsigned long vm_flags);
+bool current_is_ksgxd(void);
void sgx_encl_release(struct kref *ref);
int sgx_encl_mm_add(struct sgx_encl *encl, struct mm_struct *mm);
-int sgx_encl_get_backing(struct sgx_encl *encl, unsigned long page_index,
- struct sgx_backing *backing);
+int sgx_encl_lookup_backing(struct sgx_encl *encl, unsigned long page_index,
+ struct sgx_backing *backing);
+int sgx_encl_alloc_backing(struct sgx_encl *encl, unsigned long page_index,
+ struct sgx_backing *backing);
void sgx_encl_put_backing(struct sgx_backing *backing);
int sgx_encl_test_and_clear_young(struct mm_struct *mm,
struct sgx_encl_page *page);
--- a/arch/x86/kernel/cpu/sgx/main.c
+++ b/arch/x86/kernel/cpu/sgx/main.c
@@ -313,7 +313,7 @@ static void sgx_reclaimer_write(struct s
sgx_encl_put_backing(backing);
if (!encl->secs_child_cnt && test_bit(SGX_ENCL_INITIALIZED, &encl->flags)) {
- ret = sgx_encl_get_backing(encl, PFN_DOWN(encl->size),
+ ret = sgx_encl_alloc_backing(encl, PFN_DOWN(encl->size),
&secs_backing);
if (ret)
goto out;
@@ -384,7 +384,7 @@ static void sgx_reclaim_pages(void)
page_index = PFN_DOWN(encl_page->desc - encl_page->encl->base);
mutex_lock(&encl_page->encl->lock);
- ret = sgx_encl_get_backing(encl_page->encl, page_index, &backing[i]);
+ ret = sgx_encl_alloc_backing(encl_page->encl, page_index, &backing[i]);
if (ret) {
mutex_unlock(&encl_page->encl->lock);
goto skip;
@@ -475,6 +475,11 @@ static bool __init sgx_page_reclaimer_in
return true;
}
+bool current_is_ksgxd(void)
+{
+ return current == ksgxd_tsk;
+}
+
static struct sgx_epc_page *__sgx_alloc_epc_page_from_node(int nid)
{
struct sgx_numa_node *node = &sgx_numa_nodes[nid];
^ permalink raw reply [flat|nested] 898+ messages in thread
* [PATCH 5.18 041/879] kthread: Dont allocate kthread_struct for init and umh
2022-06-07 16:51 [PATCH 5.18 000/879] 5.18.3-rc1 review Greg Kroah-Hartman
` (39 preceding siblings ...)
2022-06-07 16:52 ` [PATCH 5.18 040/879] x86/sgx: Set active memcg prior to shmem allocation Greg Kroah-Hartman
@ 2022-06-07 16:52 ` Greg Kroah-Hartman
2022-06-07 16:52 ` [PATCH 5.18 042/879] ptrace/um: Replace PT_DTRACE with TIF_SINGLESTEP Greg Kroah-Hartman
` (847 subsequent siblings)
888 siblings, 0 replies; 898+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:52 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable,
Максим
Кутявин,
Eric W. Biederman
From: Eric W. Biederman <ebiederm@xmission.com>
commit 343f4c49f2438d8920f1f76fa823ee59b91f02e4 upstream.
If kthread_is_per_cpu runs concurrently with free_kthread_struct the
kthread_struct that was just freed may be read from.
This bug was introduced by commit 40966e316f86 ("kthread: Ensure
struct kthread is present for all kthreads"). When kthread_struct
started to be allocated for all tasks that have PF_KTHREAD set. This
in turn required the kthread_struct to be freed in kernel_execve and
violated the assumption that kthread_struct will have the same
lifetime as the task.
Looking a bit deeper this only applies to callers of kernel_execve
which is just the init process and the user mode helper processes.
These processes really don't want to be kernel threads but are for
historical reasons. Mostly that copy_thread does not know how to take
a kernel mode function to the process with for processes without
PF_KTHREAD or PF_IO_WORKER set.
Solve this by not allocating kthread_struct for the init process and
the user mode helper processes.
This is done by adding a kthread member to struct kernel_clone_args.
Setting kthread in fork_idle and kernel_thread. Adding
user_mode_thread that works like kernel_thread except it does not set
kthread. In fork only allocating the kthread_struct if .kthread is set.
I have looked at kernel/kthread.c and since commit 40966e316f86
("kthread: Ensure struct kthread is present for all kthreads") there
have been no assumptions added that to_kthread or __to_kthread will
not return NULL.
There are a few callers of to_kthread or __to_kthread that assume a
non-NULL struct kthread pointer will be returned. These functions are
kthread_data(), kthread_parmme(), kthread_exit(), kthread(),
kthread_park(), kthread_unpark(), kthread_stop(). All of those functions
can reasonably expected to be called when it is know that a task is a
kthread so that assumption seems reasonable.
Cc: stable@vger.kernel.org
Fixes: 40966e316f86 ("kthread: Ensure struct kthread is present for all kthreads")
Reported-by: Максим Кутявин <maximkabox13@gmail.com>
Link: https://lkml.kernel.org/r/20220506141512.516114-1-ebiederm@xmission.com
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/exec.c | 6 ++++--
include/linux/sched/task.h | 2 ++
init/main.c | 2 +-
kernel/fork.c | 22 ++++++++++++++++++++--
kernel/umh.c | 6 +++---
5 files changed, 30 insertions(+), 8 deletions(-)
--- a/fs/exec.c
+++ b/fs/exec.c
@@ -1308,8 +1308,6 @@ int begin_new_exec(struct linux_binprm *
if (retval)
goto out_unlock;
- if (me->flags & PF_KTHREAD)
- free_kthread_struct(me);
me->flags &= ~(PF_RANDOMIZE | PF_FORKNOEXEC | PF_KTHREAD |
PF_NOFREEZE | PF_NO_SETAFFINITY);
flush_thread();
@@ -1955,6 +1953,10 @@ int kernel_execve(const char *kernel_fil
int fd = AT_FDCWD;
int retval;
+ if (WARN_ON_ONCE((current->flags & PF_KTHREAD) &&
+ (current->worker_private)))
+ return -EINVAL;
+
filename = getname_kernel(kernel_filename);
if (IS_ERR(filename))
return PTR_ERR(filename);
--- a/include/linux/sched/task.h
+++ b/include/linux/sched/task.h
@@ -32,6 +32,7 @@ struct kernel_clone_args {
size_t set_tid_size;
int cgroup;
int io_thread;
+ int kthread;
struct cgroup *cgrp;
struct css_set *cset;
};
@@ -89,6 +90,7 @@ struct task_struct *create_io_thread(int
struct task_struct *fork_idle(int);
struct mm_struct *copy_init_mm(void);
extern pid_t kernel_thread(int (*fn)(void *), void *arg, unsigned long flags);
+extern pid_t user_mode_thread(int (*fn)(void *), void *arg, unsigned long flags);
extern long kernel_wait4(pid_t, int __user *, int, struct rusage *);
int kernel_wait(pid_t pid, int *stat);
--- a/init/main.c
+++ b/init/main.c
@@ -688,7 +688,7 @@ noinline void __ref rest_init(void)
* the init task will end up wanting to create kthreads, which, if
* we schedule it before we create kthreadd, will OOPS.
*/
- pid = kernel_thread(kernel_init, NULL, CLONE_FS);
+ pid = user_mode_thread(kernel_init, NULL, CLONE_FS);
/*
* Pin init on the boot CPU. Task migration is not properly working
* until sched_init_smp() has been run. It will set the allowed
--- a/kernel/fork.c
+++ b/kernel/fork.c
@@ -2157,7 +2157,7 @@ static __latent_entropy struct task_stru
p->io_context = NULL;
audit_set_context(p, NULL);
cgroup_fork(p);
- if (p->flags & PF_KTHREAD) {
+ if (args->kthread) {
if (!set_kthread_struct(p))
goto bad_fork_cleanup_delayacct;
}
@@ -2548,7 +2548,8 @@ struct task_struct * __init fork_idle(in
{
struct task_struct *task;
struct kernel_clone_args args = {
- .flags = CLONE_VM,
+ .flags = CLONE_VM,
+ .kthread = 1,
};
task = copy_process(&init_struct_pid, 0, cpu_to_node(cpu), &args);
@@ -2682,6 +2683,23 @@ pid_t kernel_thread(int (*fn)(void *), v
{
struct kernel_clone_args args = {
.flags = ((lower_32_bits(flags) | CLONE_VM |
+ CLONE_UNTRACED) & ~CSIGNAL),
+ .exit_signal = (lower_32_bits(flags) & CSIGNAL),
+ .stack = (unsigned long)fn,
+ .stack_size = (unsigned long)arg,
+ .kthread = 1,
+ };
+
+ return kernel_clone(&args);
+}
+
+/*
+ * Create a user mode thread.
+ */
+pid_t user_mode_thread(int (*fn)(void *), void *arg, unsigned long flags)
+{
+ struct kernel_clone_args args = {
+ .flags = ((lower_32_bits(flags) | CLONE_VM |
CLONE_UNTRACED) & ~CSIGNAL),
.exit_signal = (lower_32_bits(flags) & CSIGNAL),
.stack = (unsigned long)fn,
--- a/kernel/umh.c
+++ b/kernel/umh.c
@@ -132,7 +132,7 @@ static void call_usermodehelper_exec_syn
/* If SIGCLD is ignored do_wait won't populate the status. */
kernel_sigaction(SIGCHLD, SIG_DFL);
- pid = kernel_thread(call_usermodehelper_exec_async, sub_info, SIGCHLD);
+ pid = user_mode_thread(call_usermodehelper_exec_async, sub_info, SIGCHLD);
if (pid < 0)
sub_info->retval = pid;
else
@@ -171,8 +171,8 @@ static void call_usermodehelper_exec_wor
* want to pollute current->children, and we need a parent
* that always ignores SIGCHLD to ensure auto-reaping.
*/
- pid = kernel_thread(call_usermodehelper_exec_async, sub_info,
- CLONE_PARENT | SIGCHLD);
+ pid = user_mode_thread(call_usermodehelper_exec_async, sub_info,
+ CLONE_PARENT | SIGCHLD);
if (pid < 0) {
sub_info->retval = pid;
umh_complete(sub_info);
^ permalink raw reply [flat|nested] 898+ messages in thread
* [PATCH 5.18 042/879] ptrace/um: Replace PT_DTRACE with TIF_SINGLESTEP
2022-06-07 16:51 [PATCH 5.18 000/879] 5.18.3-rc1 review Greg Kroah-Hartman
` (40 preceding siblings ...)
2022-06-07 16:52 ` [PATCH 5.18 041/879] kthread: Dont allocate kthread_struct for init and umh Greg Kroah-Hartman
@ 2022-06-07 16:52 ` Greg Kroah-Hartman
2022-06-07 16:52 ` [PATCH 5.18 043/879] ptrace/xtensa: Replace PT_SINGLESTEP " Greg Kroah-Hartman
` (846 subsequent siblings)
888 siblings, 0 replies; 898+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:52 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Johannes Berg, Kees Cook,
Oleg Nesterov, Eric W. Biederman
From: Eric W. Biederman <ebiederm@xmission.com>
commit c200e4bb44e80b343c09841e7caaaca0aac5e5fa upstream.
User mode linux is the last user of the PT_DTRACE flag. Using the flag to indicate
single stepping is a little confusing and worse changing tsk->ptrace without locking
could potentionally cause problems.
So use a thread info flag with a better name instead of flag in tsk->ptrace.
Remove the definition PT_DTRACE as uml is the last user.
Cc: stable@vger.kernel.org
Acked-by: Johannes Berg <johannes@sipsolutions.net>
Tested-by: Kees Cook <keescook@chromium.org>
Reviewed-by: Oleg Nesterov <oleg@redhat.com>
Link: https://lkml.kernel.org/r/20220505182645.497868-3-ebiederm@xmission.com
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/um/include/asm/thread_info.h | 2 ++
arch/um/kernel/exec.c | 2 +-
arch/um/kernel/process.c | 2 +-
arch/um/kernel/ptrace.c | 8 ++++----
arch/um/kernel/signal.c | 4 ++--
include/linux/ptrace.h | 1 -
6 files changed, 10 insertions(+), 9 deletions(-)
--- a/arch/um/include/asm/thread_info.h
+++ b/arch/um/include/asm/thread_info.h
@@ -60,6 +60,7 @@ static inline struct thread_info *curren
#define TIF_RESTORE_SIGMASK 7
#define TIF_NOTIFY_RESUME 8
#define TIF_SECCOMP 9 /* secure computing */
+#define TIF_SINGLESTEP 10 /* single stepping userspace */
#define _TIF_SYSCALL_TRACE (1 << TIF_SYSCALL_TRACE)
#define _TIF_SIGPENDING (1 << TIF_SIGPENDING)
@@ -68,5 +69,6 @@ static inline struct thread_info *curren
#define _TIF_MEMDIE (1 << TIF_MEMDIE)
#define _TIF_SYSCALL_AUDIT (1 << TIF_SYSCALL_AUDIT)
#define _TIF_SECCOMP (1 << TIF_SECCOMP)
+#define _TIF_SINGLESTEP (1 << TIF_SINGLESTEP)
#endif
--- a/arch/um/kernel/exec.c
+++ b/arch/um/kernel/exec.c
@@ -43,7 +43,7 @@ void start_thread(struct pt_regs *regs,
{
PT_REGS_IP(regs) = eip;
PT_REGS_SP(regs) = esp;
- current->ptrace &= ~PT_DTRACE;
+ clear_thread_flag(TIF_SINGLESTEP);
#ifdef SUBARCH_EXECVE1
SUBARCH_EXECVE1(regs->regs);
#endif
--- a/arch/um/kernel/process.c
+++ b/arch/um/kernel/process.c
@@ -335,7 +335,7 @@ int singlestepping(void * t)
{
struct task_struct *task = t ? t : current;
- if (!(task->ptrace & PT_DTRACE))
+ if (!test_thread_flag(TIF_SINGLESTEP))
return 0;
if (task->thread.singlestep_syscall)
--- a/arch/um/kernel/ptrace.c
+++ b/arch/um/kernel/ptrace.c
@@ -11,7 +11,7 @@
void user_enable_single_step(struct task_struct *child)
{
- child->ptrace |= PT_DTRACE;
+ set_tsk_thread_flag(child, TIF_SINGLESTEP);
child->thread.singlestep_syscall = 0;
#ifdef SUBARCH_SET_SINGLESTEPPING
@@ -21,7 +21,7 @@ void user_enable_single_step(struct task
void user_disable_single_step(struct task_struct *child)
{
- child->ptrace &= ~PT_DTRACE;
+ clear_tsk_thread_flag(child, TIF_SINGLESTEP);
child->thread.singlestep_syscall = 0;
#ifdef SUBARCH_SET_SINGLESTEPPING
@@ -120,7 +120,7 @@ static void send_sigtrap(struct uml_pt_r
}
/*
- * XXX Check PT_DTRACE vs TIF_SINGLESTEP for singlestepping check and
+ * XXX Check TIF_SINGLESTEP for singlestepping check and
* PT_PTRACED vs TIF_SYSCALL_TRACE for syscall tracing check
*/
int syscall_trace_enter(struct pt_regs *regs)
@@ -144,7 +144,7 @@ void syscall_trace_leave(struct pt_regs
audit_syscall_exit(regs);
/* Fake a debug trap */
- if (ptraced & PT_DTRACE)
+ if (test_thread_flag(TIF_SINGLESTEP))
send_sigtrap(®s->regs, 0);
if (!test_thread_flag(TIF_SYSCALL_TRACE))
--- a/arch/um/kernel/signal.c
+++ b/arch/um/kernel/signal.c
@@ -53,7 +53,7 @@ static void handle_signal(struct ksignal
unsigned long sp;
int err;
- if ((current->ptrace & PT_DTRACE) && (current->ptrace & PT_PTRACED))
+ if (test_thread_flag(TIF_SINGLESTEP) && (current->ptrace & PT_PTRACED))
singlestep = 1;
/* Did we come from a system call? */
@@ -128,7 +128,7 @@ void do_signal(struct pt_regs *regs)
* on the host. The tracing thread will check this flag and
* PTRACE_SYSCALL if necessary.
*/
- if (current->ptrace & PT_DTRACE)
+ if (test_thread_flag(TIF_SINGLESTEP))
current->thread.singlestep_syscall =
is_syscall(PT_REGS_IP(¤t->thread.regs));
--- a/include/linux/ptrace.h
+++ b/include/linux/ptrace.h
@@ -30,7 +30,6 @@ extern int ptrace_access_vm(struct task_
#define PT_SEIZED 0x00010000 /* SEIZE used, enable new behavior */
#define PT_PTRACED 0x00000001
-#define PT_DTRACE 0x00000002 /* delayed trace (used on m68k, i386) */
#define PT_OPT_FLAG_SHIFT 3
/* PT_TRACE_* event enable flags */
^ permalink raw reply [flat|nested] 898+ messages in thread
* [PATCH 5.18 043/879] ptrace/xtensa: Replace PT_SINGLESTEP with TIF_SINGLESTEP
2022-06-07 16:51 [PATCH 5.18 000/879] 5.18.3-rc1 review Greg Kroah-Hartman
` (41 preceding siblings ...)
2022-06-07 16:52 ` [PATCH 5.18 042/879] ptrace/um: Replace PT_DTRACE with TIF_SINGLESTEP Greg Kroah-Hartman
@ 2022-06-07 16:52 ` Greg Kroah-Hartman
2022-06-07 16:52 ` [PATCH 5.18 044/879] ptrace: Reimplement PTRACE_KILL by always sending SIGKILL Greg Kroah-Hartman
` (845 subsequent siblings)
888 siblings, 0 replies; 898+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:52 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Max Filippov, Kees Cook,
Oleg Nesterov, Eric W. Biederman
From: Eric W. Biederman <ebiederm@xmission.com>
commit 4a3d2717d140401df7501a95e454180831a0c5af upstream.
xtensa is the last user of the PT_SINGLESTEP flag. Changing tsk->ptrace in
user_enable_single_step and user_disable_single_step without locking could
potentiallly cause problems.
So use a thread info flag instead of a flag in tsk->ptrace. Use TIF_SINGLESTEP
that xtensa already had defined but unused.
Remove the definitions of PT_SINGLESTEP and PT_BLOCKSTEP as they have no more users.
Cc: stable@vger.kernel.org
Acked-by: Max Filippov <jcmvbkbc@gmail.com>
Tested-by: Kees Cook <keescook@chromium.org>
Reviewed-by: Oleg Nesterov <oleg@redhat.com>
Link: https://lkml.kernel.org/r/20220505182645.497868-4-ebiederm@xmission.com
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/xtensa/kernel/ptrace.c | 4 ++--
arch/xtensa/kernel/signal.c | 4 ++--
include/linux/ptrace.h | 6 ------
3 files changed, 4 insertions(+), 10 deletions(-)
--- a/arch/xtensa/kernel/ptrace.c
+++ b/arch/xtensa/kernel/ptrace.c
@@ -225,12 +225,12 @@ const struct user_regset_view *task_user
void user_enable_single_step(struct task_struct *child)
{
- child->ptrace |= PT_SINGLESTEP;
+ set_tsk_thread_flag(child, TIF_SINGLESTEP);
}
void user_disable_single_step(struct task_struct *child)
{
- child->ptrace &= ~PT_SINGLESTEP;
+ clear_tsk_thread_flag(child, TIF_SINGLESTEP);
}
/*
--- a/arch/xtensa/kernel/signal.c
+++ b/arch/xtensa/kernel/signal.c
@@ -473,7 +473,7 @@ static void do_signal(struct pt_regs *re
/* Set up the stack frame */
ret = setup_frame(&ksig, sigmask_to_save(), regs);
signal_setup_done(ret, &ksig, 0);
- if (current->ptrace & PT_SINGLESTEP)
+ if (test_thread_flag(TIF_SINGLESTEP))
task_pt_regs(current)->icountlevel = 1;
return;
@@ -499,7 +499,7 @@ static void do_signal(struct pt_regs *re
/* If there's no signal to deliver, we just restore the saved mask. */
restore_saved_sigmask();
- if (current->ptrace & PT_SINGLESTEP)
+ if (test_thread_flag(TIF_SINGLESTEP))
task_pt_regs(current)->icountlevel = 1;
return;
}
--- a/include/linux/ptrace.h
+++ b/include/linux/ptrace.h
@@ -46,12 +46,6 @@ extern int ptrace_access_vm(struct task_
#define PT_EXITKILL (PTRACE_O_EXITKILL << PT_OPT_FLAG_SHIFT)
#define PT_SUSPEND_SECCOMP (PTRACE_O_SUSPEND_SECCOMP << PT_OPT_FLAG_SHIFT)
-/* single stepping state bits (used on ARM and PA-RISC) */
-#define PT_SINGLESTEP_BIT 31
-#define PT_SINGLESTEP (1<<PT_SINGLESTEP_BIT)
-#define PT_BLOCKSTEP_BIT 30
-#define PT_BLOCKSTEP (1<<PT_BLOCKSTEP_BIT)
-
extern long arch_ptrace(struct task_struct *child, long request,
unsigned long addr, unsigned long data);
extern int ptrace_readdata(struct task_struct *tsk, unsigned long src, char __user *dst, int len);
^ permalink raw reply [flat|nested] 898+ messages in thread
* [PATCH 5.18 044/879] ptrace: Reimplement PTRACE_KILL by always sending SIGKILL
2022-06-07 16:51 [PATCH 5.18 000/879] 5.18.3-rc1 review Greg Kroah-Hartman
` (42 preceding siblings ...)
2022-06-07 16:52 ` [PATCH 5.18 043/879] ptrace/xtensa: Replace PT_SINGLESTEP " Greg Kroah-Hartman
@ 2022-06-07 16:52 ` Greg Kroah-Hartman
2022-06-07 16:52 ` [PATCH 5.18 045/879] btrfs: add "0x" prefix for unsupported optional features Greg Kroah-Hartman
` (844 subsequent siblings)
888 siblings, 0 replies; 898+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:52 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Al Viro, Kees Cook, Oleg Nesterov,
Eric W. Biederman
From: Eric W. Biederman <ebiederm@xmission.com>
commit 6a2d90ba027adba528509ffa27097cffd3879257 upstream.
The current implementation of PTRACE_KILL is buggy and has been for
many years as it assumes it's target has stopped in ptrace_stop. At a
quick skim it looks like this assumption has existed since ptrace
support was added in linux v1.0.
While PTRACE_KILL has been deprecated we can not remove it as
a quick search with google code search reveals many existing
programs calling it.
When the ptracee is not stopped at ptrace_stop some fields would be
set that are ignored except in ptrace_stop. Making the userspace
visible behavior of PTRACE_KILL a noop in those case.
As the usual rules are not obeyed it is not clear what the
consequences are of calling PTRACE_KILL on a running process.
Presumably userspace does not do this as it achieves nothing.
Replace the implementation of PTRACE_KILL with a simple
send_sig_info(SIGKILL) followed by a return 0. This changes the
observable user space behavior only in that PTRACE_KILL on a process
not stopped in ptrace_stop will also kill it. As that has always
been the intent of the code this seems like a reasonable change.
Cc: stable@vger.kernel.org
Reported-by: Al Viro <viro@zeniv.linux.org.uk>
Suggested-by: Al Viro <viro@zeniv.linux.org.uk>
Tested-by: Kees Cook <keescook@chromium.org>
Reviewed-by: Oleg Nesterov <oleg@redhat.com>
Link: https://lkml.kernel.org/r/20220505182645.497868-7-ebiederm@xmission.com
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/kernel/step.c | 3 +--
kernel/ptrace.c | 5 ++---
2 files changed, 3 insertions(+), 5 deletions(-)
--- a/arch/x86/kernel/step.c
+++ b/arch/x86/kernel/step.c
@@ -180,8 +180,7 @@ void set_task_blockstep(struct task_stru
*
* NOTE: this means that set/clear TIF_BLOCKSTEP is only safe if
* task is current or it can't be running, otherwise we can race
- * with __switch_to_xtra(). We rely on ptrace_freeze_traced() but
- * PTRACE_KILL is not safe.
+ * with __switch_to_xtra(). We rely on ptrace_freeze_traced().
*/
local_irq_disable();
debugctl = get_debugctlmsr();
--- a/kernel/ptrace.c
+++ b/kernel/ptrace.c
@@ -1236,9 +1236,8 @@ int ptrace_request(struct task_struct *c
return ptrace_resume(child, request, data);
case PTRACE_KILL:
- if (child->exit_state) /* already dead */
- return 0;
- return ptrace_resume(child, request, SIGKILL);
+ send_sig_info(SIGKILL, SEND_SIG_NOINFO, child);
+ return 0;
#ifdef CONFIG_HAVE_ARCH_TRACEHOOK
case PTRACE_GETREGSET:
^ permalink raw reply [flat|nested] 898+ messages in thread
* [PATCH 5.18 045/879] btrfs: add "0x" prefix for unsupported optional features
2022-06-07 16:51 [PATCH 5.18 000/879] 5.18.3-rc1 review Greg Kroah-Hartman
` (43 preceding siblings ...)
2022-06-07 16:52 ` [PATCH 5.18 044/879] ptrace: Reimplement PTRACE_KILL by always sending SIGKILL Greg Kroah-Hartman
@ 2022-06-07 16:52 ` Greg Kroah-Hartman
2022-06-07 16:52 ` [PATCH 5.18 046/879] btrfs: return correct error number for __extent_writepage_io() Greg Kroah-Hartman
` (843 subsequent siblings)
888 siblings, 0 replies; 898+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:52 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Nikolay Borisov, Qu Wenruo, David Sterba
From: Qu Wenruo <wqu@suse.com>
commit d5321a0fa8bc49f11bea0b470800962c17d92d8f upstream.
The following error message lack the "0x" obviously:
cannot mount because of unsupported optional features (4000)
Add the prefix to make it less confusing. This can happen on older
kernels that try to mount a filesystem with newer features so it makes
sense to backport to older trees.
CC: stable@vger.kernel.org # 4.14+
Reviewed-by: Nikolay Borisov <nborisov@suse.com>
Signed-off-by: Qu Wenruo <wqu@suse.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/btrfs/disk-io.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/fs/btrfs/disk-io.c
+++ b/fs/btrfs/disk-io.c
@@ -3611,7 +3611,7 @@ int __cold open_ctree(struct super_block
~BTRFS_FEATURE_INCOMPAT_SUPP;
if (features) {
btrfs_err(fs_info,
- "cannot mount because of unsupported optional features (%llx)",
+ "cannot mount because of unsupported optional features (0x%llx)",
features);
err = -EINVAL;
goto fail_alloc;
@@ -3649,7 +3649,7 @@ int __cold open_ctree(struct super_block
~BTRFS_FEATURE_COMPAT_RO_SUPP;
if (!sb_rdonly(sb) && features) {
btrfs_err(fs_info,
- "cannot mount read-write because of unsupported optional features (%llx)",
+ "cannot mount read-write because of unsupported optional features (0x%llx)",
features);
err = -EINVAL;
goto fail_alloc;
^ permalink raw reply [flat|nested] 898+ messages in thread
* [PATCH 5.18 046/879] btrfs: return correct error number for __extent_writepage_io()
2022-06-07 16:51 [PATCH 5.18 000/879] 5.18.3-rc1 review Greg Kroah-Hartman
` (44 preceding siblings ...)
2022-06-07 16:52 ` [PATCH 5.18 045/879] btrfs: add "0x" prefix for unsupported optional features Greg Kroah-Hartman
@ 2022-06-07 16:52 ` Greg Kroah-Hartman
2022-06-07 16:52 ` [PATCH 5.18 047/879] btrfs: repair super block num_devices automatically Greg Kroah-Hartman
` (842 subsequent siblings)
888 siblings, 0 replies; 898+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:52 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Qu Wenruo, David Sterba
From: Qu Wenruo <wqu@suse.com>
commit 44e5801fada6925d2bba1987c7b59cbcc9d0d592 upstream.
[BUG]
If we hit an error from submit_extent_page() inside
__extent_writepage_io(), we could still return 0 to the caller, and
even trigger the warning in btrfs_page_assert_not_dirty().
[CAUSE]
In __extent_writepage_io(), if we hit an error from
submit_extent_page(), we will just clean up the range and continue.
This is completely fine for regular PAGE_SIZE == sectorsize, as we can
only hit one sector in one page, thus after the error we're ensured to
exit and @ret will be saved.
But for subpage case, we may have other dirty subpage range in the page,
and in the next loop, we may succeeded submitting the next range.
In that case, @ret will be overwritten, and we return 0 to the caller,
while we have hit some error.
[FIX]
Introduce @has_error and @saved_ret to record the first error we hit, so
we will never forget what error we hit.
CC: stable@vger.kernel.org # 5.15+
Signed-off-by: Qu Wenruo <wqu@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/btrfs/extent_io.c | 13 ++++++++++++-
1 file changed, 12 insertions(+), 1 deletion(-)
--- a/fs/btrfs/extent_io.c
+++ b/fs/btrfs/extent_io.c
@@ -3920,10 +3920,12 @@ static noinline_for_stack int __extent_w
u64 extent_offset;
u64 block_start;
struct extent_map *em;
+ int saved_ret = 0;
int ret = 0;
int nr = 0;
u32 opf = REQ_OP_WRITE;
const unsigned int write_flags = wbc_to_write_flags(wbc);
+ bool has_error = false;
bool compressed;
ret = btrfs_writepage_cow_fixup(page);
@@ -3973,6 +3975,9 @@ static noinline_for_stack int __extent_w
if (IS_ERR(em)) {
btrfs_page_set_error(fs_info, page, cur, end - cur + 1);
ret = PTR_ERR_OR_ZERO(em);
+ has_error = true;
+ if (!saved_ret)
+ saved_ret = ret;
break;
}
@@ -4036,6 +4041,10 @@ static noinline_for_stack int __extent_w
end_bio_extent_writepage,
0, 0, false);
if (ret) {
+ has_error = true;
+ if (!saved_ret)
+ saved_ret = ret;
+
btrfs_page_set_error(fs_info, page, cur, iosize);
if (PageWriteback(page))
btrfs_page_clear_writeback(fs_info, page, cur,
@@ -4049,8 +4058,10 @@ static noinline_for_stack int __extent_w
* If we finish without problem, we should not only clear page dirty,
* but also empty subpage dirty bits
*/
- if (!ret)
+ if (!has_error)
btrfs_page_assert_not_dirty(fs_info, page);
+ else
+ ret = saved_ret;
*nr_ret = nr;
return ret;
}
^ permalink raw reply [flat|nested] 898+ messages in thread
* [PATCH 5.18 047/879] btrfs: repair super block num_devices automatically
2022-06-07 16:51 [PATCH 5.18 000/879] 5.18.3-rc1 review Greg Kroah-Hartman
` (45 preceding siblings ...)
2022-06-07 16:52 ` [PATCH 5.18 046/879] btrfs: return correct error number for __extent_writepage_io() Greg Kroah-Hartman
@ 2022-06-07 16:52 ` Greg Kroah-Hartman
2022-06-07 16:52 ` [PATCH 5.18 048/879] btrfs: fix the error handling for submit_extent_page() for btrfs_do_readpage() Greg Kroah-Hartman
` (841 subsequent siblings)
888 siblings, 0 replies; 898+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:52 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Luca Béla Palkovics, Qu Wenruo,
David Sterba
From: Qu Wenruo <wqu@suse.com>
commit d201238ccd2f30b9bfcfadaeae0972e3a486a176 upstream.
[BUG]
There is a report that a btrfs has a bad super block num devices.
This makes btrfs to reject the fs completely.
BTRFS error (device sdd3): super_num_devices 3 mismatch with num_devices 2 found here
BTRFS error (device sdd3): failed to read chunk tree: -22
BTRFS error (device sdd3): open_ctree failed
[CAUSE]
During btrfs device removal, chunk tree and super block num devs are
updated in two different transactions:
btrfs_rm_device()
|- btrfs_rm_dev_item(device)
| |- trans = btrfs_start_transaction()
| | Now we got transaction X
| |
| |- btrfs_del_item()
| | Now device item is removed from chunk tree
| |
| |- btrfs_commit_transaction()
| Transaction X got committed, super num devs untouched,
| but device item removed from chunk tree.
| (AKA, super num devs is already incorrect)
|
|- cur_devices->num_devices--;
|- cur_devices->total_devices--;
|- btrfs_set_super_num_devices()
All those operations are not in transaction X, thus it will
only be written back to disk in next transaction.
So after the transaction X in btrfs_rm_dev_item() committed, but before
transaction X+1 (which can be minutes away), a power loss happen, then
we got the super num mismatch.
This has been fixed by commit bbac58698a55 ("btrfs: remove device item
and update super block in the same transaction").
[FIX]
Make the super_num_devices check less strict, converting it from a hard
error to a warning, and reset the value to a correct one for the current
or next transaction commit.
As the number of device items is the critical information where the
super block num_devices is only a cached value (and also useful for
cross checking), it's safe to automatically update it. Other device
related problems like missing device are handled after that and may
require other means to resolve, like degraded mount. With this fix,
potentially affected filesystems won't fail mount and require the manual
repair by btrfs check.
Reported-by: Luca Béla Palkovics <luca.bela.palkovics@gmail.com>
Link: https://lore.kernel.org/linux-btrfs/CA+8xDSpvdm_U0QLBAnrH=zqDq_cWCOH5TiV46CKmp3igr44okQ@mail.gmail.com/
CC: stable@vger.kernel.org # 4.14+
Signed-off-by: Qu Wenruo <wqu@suse.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/btrfs/volumes.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
--- a/fs/btrfs/volumes.c
+++ b/fs/btrfs/volumes.c
@@ -7671,12 +7671,12 @@ int btrfs_read_chunk_tree(struct btrfs_f
* do another round of validation checks.
*/
if (total_dev != fs_info->fs_devices->total_devices) {
- btrfs_err(fs_info,
- "super_num_devices %llu mismatch with num_devices %llu found here",
+ btrfs_warn(fs_info,
+"super block num_devices %llu mismatch with DEV_ITEM count %llu, will be repaired on next transaction commit",
btrfs_super_num_devices(fs_info->super_copy),
total_dev);
- ret = -EINVAL;
- goto error;
+ fs_info->fs_devices->total_devices = total_dev;
+ btrfs_set_super_num_devices(fs_info->super_copy, total_dev);
}
if (btrfs_super_total_bytes(fs_info->super_copy) <
fs_info->fs_devices->total_rw_bytes) {
^ permalink raw reply [flat|nested] 898+ messages in thread
* [PATCH 5.18 048/879] btrfs: fix the error handling for submit_extent_page() for btrfs_do_readpage()
2022-06-07 16:51 [PATCH 5.18 000/879] 5.18.3-rc1 review Greg Kroah-Hartman
` (46 preceding siblings ...)
2022-06-07 16:52 ` [PATCH 5.18 047/879] btrfs: repair super block num_devices automatically Greg Kroah-Hartman
@ 2022-06-07 16:52 ` Greg Kroah-Hartman
2022-06-07 16:52 ` [PATCH 5.18 049/879] btrfs: fix deadlock between concurrent dio writes when low on free data space Greg Kroah-Hartman
` (840 subsequent siblings)
888 siblings, 0 replies; 898+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:52 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Qu Wenruo, David Sterba
From: Qu Wenruo <wqu@suse.com>
commit 10f7f6f879c28f8368d6516ab1ccf3517a1f5d3d upstream.
[BUG]
Test case generic/475 have a very high chance (almost 100%) to hit a fs
hang, where a data page will never be unlocked and hang all later
operations.
[CAUSE]
In btrfs_do_readpage(), if we hit an error from submit_extent_page() we
will try to do the cleanup for our current io range, and exit.
This works fine for PAGE_SIZE == sectorsize cases, but not for subpage.
For subpage btrfs_do_readpage() will lock the full page first, which can
contain several different sectors and extents:
btrfs_do_readpage()
|- begin_page_read()
| |- btrfs_subpage_start_reader();
| Now the page will have PAGE_SIZE / sectorsize reader pending,
| and the page is locked.
|
|- end_page_read() for different branches
| This function will reduce subpage readers, and when readers
| reach 0, it will unlock the page.
But when submit_extent_page() failed, we only cleanup the current
io range, while the remaining io range will never be cleaned up, and the
page remains locked forever.
[FIX]
Update the error handling of submit_extent_page() to cleanup all the
remaining subpage range before exiting the loop.
Please note that, now submit_extent_page() can only fail due to
sanity check in alloc_new_bio().
Thus regular IO errors are impossible to trigger the error path.
CC: stable@vger.kernel.org # 5.15+
Signed-off-by: Qu Wenruo <wqu@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/btrfs/extent_io.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
--- a/fs/btrfs/extent_io.c
+++ b/fs/btrfs/extent_io.c
@@ -3743,8 +3743,12 @@ int btrfs_do_readpage(struct page *page,
this_bio_flag,
force_bio_submit);
if (ret) {
- unlock_extent(tree, cur, cur + iosize - 1);
- end_page_read(page, false, cur, iosize);
+ /*
+ * We have to unlock the remaining range, or the page
+ * will never be unlocked.
+ */
+ unlock_extent(tree, cur, end);
+ end_page_read(page, false, cur, end + 1 - cur);
goto out;
}
cur = cur + iosize;
^ permalink raw reply [flat|nested] 898+ messages in thread
* [PATCH 5.18 049/879] btrfs: fix deadlock between concurrent dio writes when low on free data space
2022-06-07 16:51 [PATCH 5.18 000/879] 5.18.3-rc1 review Greg Kroah-Hartman
` (47 preceding siblings ...)
2022-06-07 16:52 ` [PATCH 5.18 048/879] btrfs: fix the error handling for submit_extent_page() for btrfs_do_readpage() Greg Kroah-Hartman
@ 2022-06-07 16:52 ` Greg Kroah-Hartman
2022-06-07 16:52 ` [PATCH 5.18 050/879] btrfs: zoned: properly finish block group on metadata write Greg Kroah-Hartman
` (839 subsequent siblings)
888 siblings, 0 replies; 898+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:52 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Filipe Manana, David Sterba
From: Filipe Manana <fdmanana@suse.com>
commit f5585f4f0ef5b17026bbd60fbff6fcc91b99d5bf upstream.
When reserving data space for a direct IO write we can end up deadlocking
if we have multiple tasks attempting a write to the same file range, there
are multiple extents covered by that file range, we are low on available
space for data and the writes don't expand the inode's i_size.
The deadlock can happen like this:
1) We have a file with an i_size of 1M, at offset 0 it has an extent with
a size of 128K and at offset 128K it has another extent also with a
size of 128K;
2) Task A does a direct IO write against file range [0, 256K), and because
the write is within the i_size boundary, it takes the inode's lock (VFS
level) in shared mode;
3) Task A locks the file range [0, 256K) at btrfs_dio_iomap_begin(), and
then gets the extent map for the extent covering the range [0, 128K).
At btrfs_get_blocks_direct_write(), it creates an ordered extent for
that file range ([0, 128K));
4) Before returning from btrfs_dio_iomap_begin(), it unlocks the file
range [0, 256K);
5) Task A executes btrfs_dio_iomap_begin() again, this time for the file
range [128K, 256K), and locks the file range [128K, 256K);
6) Task B starts a direct IO write against file range [0, 256K) as well.
It also locks the inode in shared mode, as it's within the i_size limit,
and then tries to lock file range [0, 256K). It is able to lock the
subrange [0, 128K) but then blocks waiting for the range [128K, 256K),
as it is currently locked by task A;
7) Task A enters btrfs_get_blocks_direct_write() and tries to reserve data
space. Because we are low on available free space, it triggers the
async data reclaim task, and waits for it to reserve data space;
8) The async reclaim task decides to wait for all existing ordered extents
to complete (through btrfs_wait_ordered_roots()).
It finds the ordered extent previously created by task A for the file
range [0, 128K) and waits for it to complete;
9) The ordered extent for the file range [0, 128K) can not complete
because it blocks at btrfs_finish_ordered_io() when trying to lock the
file range [0, 128K).
This results in a deadlock, because:
- task B is holding the file range [0, 128K) locked, waiting for the
range [128K, 256K) to be unlocked by task A;
- task A is holding the file range [128K, 256K) locked and it's waiting
for the async data reclaim task to satisfy its space reservation
request;
- the async data reclaim task is waiting for ordered extent [0, 128K)
to complete, but the ordered extent can not complete because the
file range [0, 128K) is currently locked by task B, which is waiting
on task A to unlock file range [128K, 256K) and task A waiting
on the async data reclaim task.
This results in a deadlock between 4 task: task A, task B, the async
data reclaim task and the task doing ordered extent completion (a work
queue task).
This type of deadlock can sporadically be triggered by the test case
generic/300 from fstests, and results in a stack trace like the following:
[12084.033689] INFO: task kworker/u16:7:123749 blocked for more than 241 seconds.
[12084.034877] Not tainted 5.18.0-rc2-btrfs-next-115 #1
[12084.035562] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[12084.036548] task:kworker/u16:7 state:D stack: 0 pid:123749 ppid: 2 flags:0x00004000
[12084.036554] Workqueue: btrfs-flush_delalloc btrfs_work_helper [btrfs]
[12084.036599] Call Trace:
[12084.036601] <TASK>
[12084.036606] __schedule+0x3cb/0xed0
[12084.036616] schedule+0x4e/0xb0
[12084.036620] btrfs_start_ordered_extent+0x109/0x1c0 [btrfs]
[12084.036651] ? prepare_to_wait_exclusive+0xc0/0xc0
[12084.036659] btrfs_run_ordered_extent_work+0x1a/0x30 [btrfs]
[12084.036688] btrfs_work_helper+0xf8/0x400 [btrfs]
[12084.036719] ? lock_is_held_type+0xe8/0x140
[12084.036727] process_one_work+0x252/0x5a0
[12084.036736] ? process_one_work+0x5a0/0x5a0
[12084.036738] worker_thread+0x52/0x3b0
[12084.036743] ? process_one_work+0x5a0/0x5a0
[12084.036745] kthread+0xf2/0x120
[12084.036747] ? kthread_complete_and_exit+0x20/0x20
[12084.036751] ret_from_fork+0x22/0x30
[12084.036765] </TASK>
[12084.036769] INFO: task kworker/u16:11:153787 blocked for more than 241 seconds.
[12084.037702] Not tainted 5.18.0-rc2-btrfs-next-115 #1
[12084.038540] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[12084.039506] task:kworker/u16:11 state:D stack: 0 pid:153787 ppid: 2 flags:0x00004000
[12084.039511] Workqueue: events_unbound btrfs_async_reclaim_data_space [btrfs]
[12084.039551] Call Trace:
[12084.039553] <TASK>
[12084.039557] __schedule+0x3cb/0xed0
[12084.039566] schedule+0x4e/0xb0
[12084.039569] schedule_timeout+0xed/0x130
[12084.039573] ? mark_held_locks+0x50/0x80
[12084.039578] ? _raw_spin_unlock_irq+0x24/0x50
[12084.039580] ? lockdep_hardirqs_on+0x7d/0x100
[12084.039585] __wait_for_common+0xaf/0x1f0
[12084.039587] ? usleep_range_state+0xb0/0xb0
[12084.039596] btrfs_wait_ordered_extents+0x3d6/0x470 [btrfs]
[12084.039636] btrfs_wait_ordered_roots+0x175/0x240 [btrfs]
[12084.039670] flush_space+0x25b/0x630 [btrfs]
[12084.039712] btrfs_async_reclaim_data_space+0x108/0x1b0 [btrfs]
[12084.039747] process_one_work+0x252/0x5a0
[12084.039756] ? process_one_work+0x5a0/0x5a0
[12084.039758] worker_thread+0x52/0x3b0
[12084.039762] ? process_one_work+0x5a0/0x5a0
[12084.039765] kthread+0xf2/0x120
[12084.039766] ? kthread_complete_and_exit+0x20/0x20
[12084.039770] ret_from_fork+0x22/0x30
[12084.039783] </TASK>
[12084.039800] INFO: task kworker/u16:17:217907 blocked for more than 241 seconds.
[12084.040709] Not tainted 5.18.0-rc2-btrfs-next-115 #1
[12084.041398] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[12084.042404] task:kworker/u16:17 state:D stack: 0 pid:217907 ppid: 2 flags:0x00004000
[12084.042411] Workqueue: btrfs-endio-write btrfs_work_helper [btrfs]
[12084.042461] Call Trace:
[12084.042463] <TASK>
[12084.042471] __schedule+0x3cb/0xed0
[12084.042485] schedule+0x4e/0xb0
[12084.042490] wait_extent_bit.constprop.0+0x1eb/0x260 [btrfs]
[12084.042539] ? prepare_to_wait_exclusive+0xc0/0xc0
[12084.042551] lock_extent_bits+0x37/0x90 [btrfs]
[12084.042601] btrfs_finish_ordered_io.isra.0+0x3fd/0x960 [btrfs]
[12084.042656] ? lock_is_held_type+0xe8/0x140
[12084.042667] btrfs_work_helper+0xf8/0x400 [btrfs]
[12084.042716] ? lock_is_held_type+0xe8/0x140
[12084.042727] process_one_work+0x252/0x5a0
[12084.042742] worker_thread+0x52/0x3b0
[12084.042750] ? process_one_work+0x5a0/0x5a0
[12084.042754] kthread+0xf2/0x120
[12084.042757] ? kthread_complete_and_exit+0x20/0x20
[12084.042763] ret_from_fork+0x22/0x30
[12084.042783] </TASK>
[12084.042798] INFO: task fio:234517 blocked for more than 241 seconds.
[12084.043598] Not tainted 5.18.0-rc2-btrfs-next-115 #1
[12084.044282] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[12084.045244] task:fio state:D stack: 0 pid:234517 ppid:234515 flags:0x00004000
[12084.045248] Call Trace:
[12084.045250] <TASK>
[12084.045254] __schedule+0x3cb/0xed0
[12084.045263] schedule+0x4e/0xb0
[12084.045266] wait_extent_bit.constprop.0+0x1eb/0x260 [btrfs]
[12084.045298] ? prepare_to_wait_exclusive+0xc0/0xc0
[12084.045306] lock_extent_bits+0x37/0x90 [btrfs]
[12084.045336] btrfs_dio_iomap_begin+0x336/0xc60 [btrfs]
[12084.045370] ? lock_is_held_type+0xe8/0x140
[12084.045378] iomap_iter+0x184/0x4c0
[12084.045383] __iomap_dio_rw+0x2c6/0x8a0
[12084.045406] iomap_dio_rw+0xa/0x30
[12084.045408] btrfs_do_write_iter+0x370/0x5e0 [btrfs]
[12084.045440] aio_write+0xfa/0x2c0
[12084.045448] ? __might_fault+0x2a/0x70
[12084.045451] ? kvm_sched_clock_read+0x14/0x40
[12084.045455] ? lock_release+0x153/0x4a0
[12084.045463] io_submit_one+0x615/0x9f0
[12084.045467] ? __might_fault+0x2a/0x70
[12084.045469] ? kvm_sched_clock_read+0x14/0x40
[12084.045478] __x64_sys_io_submit+0x83/0x160
[12084.045483] ? syscall_enter_from_user_mode+0x1d/0x50
[12084.045489] do_syscall_64+0x3b/0x90
[12084.045517] entry_SYSCALL_64_after_hwframe+0x44/0xae
[12084.045521] RIP: 0033:0x7fa76511af79
[12084.045525] RSP: 002b:00007ffd6d6b9058 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1
[12084.045530] RAX: ffffffffffffffda RBX: 00007fa75ba6e760 RCX: 00007fa76511af79
[12084.045532] RDX: 0000557b304ff3f0 RSI: 0000000000000001 RDI: 00007fa75ba4c000
[12084.045535] RBP: 00007fa75ba4c000 R08: 00007fa751b76000 R09: 0000000000000330
[12084.045537] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[12084.045540] R13: 0000000000000000 R14: 0000557b304ff3f0 R15: 0000557b30521eb0
[12084.045561] </TASK>
Fix this issue by always reserving data space before locking a file range
at btrfs_dio_iomap_begin(). If we can't reserve the space, then we don't
error out immediately - instead after locking the file range, check if we
can do a NOCOW write, and if we can we don't error out since we don't need
to allocate a data extent, however if we can't NOCOW then error out with
-ENOSPC. This also implies that we may end up reserving space when it's
not needed because the write will end up being done in NOCOW mode - in that
case we just release the space after we noticed we did a NOCOW write - this
is the same type of logic that is done in the path for buffered IO writes.
Fixes: f0bfa76a11e93d ("btrfs: fix ENOSPC failure when attempting direct IO write into NOCOW range")
CC: stable@vger.kernel.org # 5.17+
Signed-off-by: Filipe Manana <fdmanana@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/btrfs/inode.c | 81 +++++++++++++++++++++++++++++++++++++++++++------------
1 file changed, 64 insertions(+), 17 deletions(-)
--- a/fs/btrfs/inode.c
+++ b/fs/btrfs/inode.c
@@ -64,6 +64,8 @@ struct btrfs_iget_args {
struct btrfs_dio_data {
ssize_t submitted;
struct extent_changeset *data_reserved;
+ bool data_space_reserved;
+ bool nocow_done;
};
struct btrfs_rename_ctx {
@@ -7489,15 +7491,25 @@ static int btrfs_get_blocks_direct_write
ret = PTR_ERR(em2);
goto out;
}
+
+ dio_data->nocow_done = true;
} else {
/* Our caller expects us to free the input extent map. */
free_extent_map(em);
*map = NULL;
- /* We have to COW, so need to reserve metadata and data space. */
- ret = btrfs_delalloc_reserve_space(BTRFS_I(inode),
- &dio_data->data_reserved,
- start, len);
+ /*
+ * If we could not allocate data space before locking the file
+ * range and we can't do a NOCOW write, then we have to fail.
+ */
+ if (!dio_data->data_space_reserved)
+ return -ENOSPC;
+
+ /*
+ * We have to COW and we have already reserved data space before,
+ * so now we reserve only metadata.
+ */
+ ret = btrfs_delalloc_reserve_metadata(BTRFS_I(inode), len, len);
if (ret < 0)
goto out;
space_reserved = true;
@@ -7510,10 +7522,8 @@ static int btrfs_get_blocks_direct_write
*map = em;
len = min(len, em->len - (start - em->start));
if (len < prev_len)
- btrfs_delalloc_release_space(BTRFS_I(inode),
- dio_data->data_reserved,
- start + len, prev_len - len,
- true);
+ btrfs_delalloc_release_metadata(BTRFS_I(inode),
+ prev_len - len, true);
}
/*
@@ -7531,15 +7541,7 @@ static int btrfs_get_blocks_direct_write
out:
if (ret && space_reserved) {
btrfs_delalloc_release_extents(BTRFS_I(inode), len);
- if (can_nocow) {
- btrfs_delalloc_release_metadata(BTRFS_I(inode), len, true);
- } else {
- btrfs_delalloc_release_space(BTRFS_I(inode),
- dio_data->data_reserved,
- start, len, true);
- extent_changeset_free(dio_data->data_reserved);
- dio_data->data_reserved = NULL;
- }
+ btrfs_delalloc_release_metadata(BTRFS_I(inode), len, true);
}
return ret;
}
@@ -7556,6 +7558,7 @@ static int btrfs_dio_iomap_begin(struct
const bool write = !!(flags & IOMAP_WRITE);
int ret = 0;
u64 len = length;
+ const u64 data_alloc_len = length;
bool unlock_extents = false;
if (!write)
@@ -7584,6 +7587,25 @@ static int btrfs_dio_iomap_begin(struct
iomap->private = dio_data;
+ /*
+ * We always try to allocate data space and must do it before locking
+ * the file range, to avoid deadlocks with concurrent writes to the same
+ * range if the range has several extents and the writes don't expand the
+ * current i_size (the inode lock is taken in shared mode). If we fail to
+ * allocate data space here we continue and later, after locking the
+ * file range, we fail with ENOSPC only if we figure out we can not do a
+ * NOCOW write.
+ */
+ if (write && !(flags & IOMAP_NOWAIT)) {
+ ret = btrfs_check_data_free_space(BTRFS_I(inode),
+ &dio_data->data_reserved,
+ start, data_alloc_len);
+ if (!ret)
+ dio_data->data_space_reserved = true;
+ else if (ret && !(BTRFS_I(inode)->flags &
+ (BTRFS_INODE_NODATACOW | BTRFS_INODE_PREALLOC)))
+ goto err;
+ }
/*
* If this errors out it's because we couldn't invalidate pagecache for
@@ -7658,6 +7680,24 @@ static int btrfs_dio_iomap_begin(struct
unlock_extents = true;
/* Recalc len in case the new em is smaller than requested */
len = min(len, em->len - (start - em->start));
+ if (dio_data->data_space_reserved) {
+ u64 release_offset;
+ u64 release_len = 0;
+
+ if (dio_data->nocow_done) {
+ release_offset = start;
+ release_len = data_alloc_len;
+ } else if (len < data_alloc_len) {
+ release_offset = start + len;
+ release_len = data_alloc_len - len;
+ }
+
+ if (release_len > 0)
+ btrfs_free_reserved_data_space(BTRFS_I(inode),
+ dio_data->data_reserved,
+ release_offset,
+ release_len);
+ }
} else {
/*
* We need to unlock only the end area that we aren't using.
@@ -7702,6 +7742,13 @@ unlock_err:
unlock_extent_cached(&BTRFS_I(inode)->io_tree, lockstart, lockend,
&cached_state);
err:
+ if (dio_data->data_space_reserved) {
+ btrfs_free_reserved_data_space(BTRFS_I(inode),
+ dio_data->data_reserved,
+ start, data_alloc_len);
+ extent_changeset_free(dio_data->data_reserved);
+ }
+
kfree(dio_data);
return ret;
^ permalink raw reply [flat|nested] 898+ messages in thread
* [PATCH 5.18 050/879] btrfs: zoned: properly finish block group on metadata write
2022-06-07 16:51 [PATCH 5.18 000/879] 5.18.3-rc1 review Greg Kroah-Hartman
` (48 preceding siblings ...)
2022-06-07 16:52 ` [PATCH 5.18 049/879] btrfs: fix deadlock between concurrent dio writes when low on free data space Greg Kroah-Hartman
@ 2022-06-07 16:52 ` Greg Kroah-Hartman
2022-06-07 16:52 ` [PATCH 5.18 051/879] btrfs: zoned: zone finish unused block group Greg Kroah-Hartman
` (838 subsequent siblings)
888 siblings, 0 replies; 898+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:52 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Johannes Thumshirn, Naohiro Aota,
David Sterba
From: Naohiro Aota <naohiro.aota@wdc.com>
commit 56fbb0a4e8b3e929e41cc846e6ef89eb01152201 upstream.
Commit be1a1d7a5d24 ("btrfs: zoned: finish fully written block group")
introduced zone finishing code both for data and metadata end_io path.
However, the metadata side is not working as it should. First, it
compares logical address (eb->start + eb->len) with offset within a
block group (cache->zone_capacity) in submit_eb_page(). That essentially
disabled zone finishing on metadata end_io path.
Furthermore, fixing the issue above revealed we cannot call
btrfs_zone_finish_endio() in end_extent_buffer_writeback(). We cannot
call btrfs_lookup_block_group() which require spin lock inside end_io
context.
Introduce btrfs_schedule_zone_finish_bg() to wait for the extent buffer
writeback and do the zone finish IO in a workqueue.
Also, drop EXTENT_BUFFER_ZONE_FINISH as it is no longer used.
Fixes: be1a1d7a5d24 ("btrfs: zoned: finish fully written block group")
CC: stable@vger.kernel.org # 5.16+
Reviewed-by: Johannes Thumshirn <johannes.thumshirn@wdc.com>
Signed-off-by: Naohiro Aota <naohiro.aota@wdc.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/btrfs/block-group.h | 2 ++
fs/btrfs/extent_io.c | 6 +-----
fs/btrfs/extent_io.h | 1 -
fs/btrfs/zoned.c | 31 +++++++++++++++++++++++++++++++
fs/btrfs/zoned.h | 5 +++++
5 files changed, 39 insertions(+), 6 deletions(-)
--- a/fs/btrfs/block-group.h
+++ b/fs/btrfs/block-group.h
@@ -212,6 +212,8 @@ struct btrfs_block_group {
u64 meta_write_pointer;
struct map_lookup *physical_map;
struct list_head active_bg_list;
+ struct work_struct zone_finish_work;
+ struct extent_buffer *last_eb;
};
static inline u64 btrfs_block_group_end(struct btrfs_block_group *block_group)
--- a/fs/btrfs/extent_io.c
+++ b/fs/btrfs/extent_io.c
@@ -4196,9 +4196,6 @@ void wait_on_extent_buffer_writeback(str
static void end_extent_buffer_writeback(struct extent_buffer *eb)
{
- if (test_bit(EXTENT_BUFFER_ZONE_FINISH, &eb->bflags))
- btrfs_zone_finish_endio(eb->fs_info, eb->start, eb->len);
-
clear_bit(EXTENT_BUFFER_WRITEBACK, &eb->bflags);
smp_mb__after_atomic();
wake_up_bit(&eb->bflags, EXTENT_BUFFER_WRITEBACK);
@@ -4818,8 +4815,7 @@ static int submit_eb_page(struct page *p
/*
* Implies write in zoned mode. Mark the last eb in a block group.
*/
- if (cache->seq_zone && eb->start + eb->len == cache->zone_capacity)
- set_bit(EXTENT_BUFFER_ZONE_FINISH, &eb->bflags);
+ btrfs_schedule_zone_finish_bg(cache, eb);
btrfs_put_block_group(cache);
}
ret = write_one_eb(eb, wbc, epd);
--- a/fs/btrfs/extent_io.h
+++ b/fs/btrfs/extent_io.h
@@ -32,7 +32,6 @@ enum {
/* write IO error */
EXTENT_BUFFER_WRITE_ERR,
EXTENT_BUFFER_NO_CHECK,
- EXTENT_BUFFER_ZONE_FINISH,
};
/* these are flags for __process_pages_contig */
--- a/fs/btrfs/zoned.c
+++ b/fs/btrfs/zoned.c
@@ -2046,6 +2046,37 @@ out:
btrfs_put_block_group(block_group);
}
+static void btrfs_zone_finish_endio_workfn(struct work_struct *work)
+{
+ struct btrfs_block_group *bg =
+ container_of(work, struct btrfs_block_group, zone_finish_work);
+
+ wait_on_extent_buffer_writeback(bg->last_eb);
+ free_extent_buffer(bg->last_eb);
+ btrfs_zone_finish_endio(bg->fs_info, bg->start, bg->length);
+ btrfs_put_block_group(bg);
+}
+
+void btrfs_schedule_zone_finish_bg(struct btrfs_block_group *bg,
+ struct extent_buffer *eb)
+{
+ if (!bg->seq_zone || eb->start + eb->len * 2 <= bg->start + bg->zone_capacity)
+ return;
+
+ if (WARN_ON(bg->zone_finish_work.func == btrfs_zone_finish_endio_workfn)) {
+ btrfs_err(bg->fs_info, "double scheduling of bg %llu zone finishing",
+ bg->start);
+ return;
+ }
+
+ /* For the work */
+ btrfs_get_block_group(bg);
+ atomic_inc(&eb->refs);
+ bg->last_eb = eb;
+ INIT_WORK(&bg->zone_finish_work, btrfs_zone_finish_endio_workfn);
+ queue_work(system_unbound_wq, &bg->zone_finish_work);
+}
+
void btrfs_clear_data_reloc_bg(struct btrfs_block_group *bg)
{
struct btrfs_fs_info *fs_info = bg->fs_info;
--- a/fs/btrfs/zoned.h
+++ b/fs/btrfs/zoned.h
@@ -76,6 +76,8 @@ int btrfs_zone_finish(struct btrfs_block
bool btrfs_can_activate_zone(struct btrfs_fs_devices *fs_devices, u64 flags);
void btrfs_zone_finish_endio(struct btrfs_fs_info *fs_info, u64 logical,
u64 length);
+void btrfs_schedule_zone_finish_bg(struct btrfs_block_group *bg,
+ struct extent_buffer *eb);
void btrfs_clear_data_reloc_bg(struct btrfs_block_group *bg);
void btrfs_free_zone_cache(struct btrfs_fs_info *fs_info);
#else /* CONFIG_BLK_DEV_ZONED */
@@ -233,6 +235,9 @@ static inline bool btrfs_can_activate_zo
static inline void btrfs_zone_finish_endio(struct btrfs_fs_info *fs_info,
u64 logical, u64 length) { }
+static inline void btrfs_schedule_zone_finish_bg(struct btrfs_block_group *bg,
+ struct extent_buffer *eb) { }
+
static inline void btrfs_clear_data_reloc_bg(struct btrfs_block_group *bg) { }
static inline void btrfs_free_zone_cache(struct btrfs_fs_info *fs_info) { }
^ permalink raw reply [flat|nested] 898+ messages in thread
* [PATCH 5.18 051/879] btrfs: zoned: zone finish unused block group
2022-06-07 16:51 [PATCH 5.18 000/879] 5.18.3-rc1 review Greg Kroah-Hartman
` (49 preceding siblings ...)
2022-06-07 16:52 ` [PATCH 5.18 050/879] btrfs: zoned: properly finish block group on metadata write Greg Kroah-Hartman
@ 2022-06-07 16:52 ` Greg Kroah-Hartman
2022-06-07 16:52 ` [PATCH 5.18 052/879] btrfs: zoned: finish block group when there are no more allocatable bytes left Greg Kroah-Hartman
` (837 subsequent siblings)
888 siblings, 0 replies; 898+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:52 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Johannes Thumshirn, Naohiro Aota,
David Sterba
From: Naohiro Aota <naohiro.aota@wdc.com>
commit 74e91b12b11560f01d120751d99d91d54b265d3d upstream.
While the active zones within an active block group are reset, and their
active resource is released, the block group itself is kept in the active
block group list and marked as active. As a result, the list will contain
more than max_active_zones block groups. That itself is not fatal for the
device as the zones are properly reset.
However, that inflated list is, of course, strange. Also, a to-appear
patch series, which deactivates an active block group on demand, gets
confused with the wrong list.
So, fix the issue by finishing the unused block group once it gets
read-only, so that we can release the active resource in an early stage.
Fixes: be1a1d7a5d24 ("btrfs: zoned: finish fully written block group")
CC: stable@vger.kernel.org # 5.16+
Reviewed-by: Johannes Thumshirn <johannes.thumshirn@wdc.com>
Signed-off-by: Naohiro Aota <naohiro.aota@wdc.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/btrfs/block-group.c | 8 ++++++++
1 file changed, 8 insertions(+)
--- a/fs/btrfs/block-group.c
+++ b/fs/btrfs/block-group.c
@@ -1367,6 +1367,14 @@ void btrfs_delete_unused_bgs(struct btrf
goto next;
}
+ ret = btrfs_zone_finish(block_group);
+ if (ret < 0) {
+ btrfs_dec_block_group_ro(block_group);
+ if (ret == -EAGAIN)
+ ret = 0;
+ goto next;
+ }
+
/*
* Want to do this before we do anything else so we can recover
* properly if we fail to join the transaction.
^ permalink raw reply [flat|nested] 898+ messages in thread
* [PATCH 5.18 052/879] btrfs: zoned: finish block group when there are no more allocatable bytes left
2022-06-07 16:51 [PATCH 5.18 000/879] 5.18.3-rc1 review Greg Kroah-Hartman
` (50 preceding siblings ...)
2022-06-07 16:52 ` [PATCH 5.18 051/879] btrfs: zoned: zone finish unused block group Greg Kroah-Hartman
@ 2022-06-07 16:52 ` Greg Kroah-Hartman
2022-06-07 16:52 ` [PATCH 5.18 053/879] btrfs: zoned: fix comparison of alloc_offset vs meta_write_pointer Greg Kroah-Hartman
` (836 subsequent siblings)
888 siblings, 0 replies; 898+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:52 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Pankaj Raghav, Johannes Thumshirn,
Naohiro Aota, David Sterba
From: Naohiro Aota <naohiro.aota@wdc.com>
commit 8b8a53998caefebfe5c8da7a74c2b601caf5dd48 upstream.
Currently, btrfs_zone_finish_endio() finishes a block group only when the
written region reaches the end of the block group. We can also finish the
block group when no more allocation is possible.
Fixes: be1a1d7a5d24 ("btrfs: zoned: finish fully written block group")
CC: stable@vger.kernel.org # 5.16+
Reviewed-by: Pankaj Raghav <p.raghav@samsung.com>
Reviewed-by: Johannes Thumshirn <johannes.thumshirn@wdc.com>
Signed-off-by: Naohiro Aota <naohiro.aota@wdc.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/btrfs/zoned.c | 11 ++++++++++-
1 file changed, 10 insertions(+), 1 deletion(-)
--- a/fs/btrfs/zoned.c
+++ b/fs/btrfs/zoned.c
@@ -2000,6 +2000,7 @@ void btrfs_zone_finish_endio(struct btrf
struct btrfs_block_group *block_group;
struct map_lookup *map;
struct btrfs_device *device;
+ u64 min_alloc_bytes;
u64 physical;
if (!btrfs_is_zoned(fs_info))
@@ -2008,7 +2009,15 @@ void btrfs_zone_finish_endio(struct btrf
block_group = btrfs_lookup_block_group(fs_info, logical);
ASSERT(block_group);
- if (logical + length < block_group->start + block_group->zone_capacity)
+ /* No MIXED_BG on zoned btrfs. */
+ if (block_group->flags & BTRFS_BLOCK_GROUP_DATA)
+ min_alloc_bytes = fs_info->sectorsize;
+ else
+ min_alloc_bytes = fs_info->nodesize;
+
+ /* Bail out if we can allocate more data from this block group. */
+ if (logical + length + min_alloc_bytes <=
+ block_group->start + block_group->zone_capacity)
goto out;
spin_lock(&block_group->lock);
^ permalink raw reply [flat|nested] 898+ messages in thread
* [PATCH 5.18 053/879] btrfs: zoned: fix comparison of alloc_offset vs meta_write_pointer
2022-06-07 16:51 [PATCH 5.18 000/879] 5.18.3-rc1 review Greg Kroah-Hartman
` (51 preceding siblings ...)
2022-06-07 16:52 ` [PATCH 5.18 052/879] btrfs: zoned: finish block group when there are no more allocatable bytes left Greg Kroah-Hartman
@ 2022-06-07 16:52 ` Greg Kroah-Hartman
2022-06-07 16:52 ` [PATCH 5.18 054/879] iommu/vt-d: Add RPLS to quirk list to skip TE disabling Greg Kroah-Hartman
` (835 subsequent siblings)
888 siblings, 0 replies; 898+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:52 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Naohiro Aota, David Sterba
From: Naohiro Aota <naohiro.aota@wdc.com>
commit aa9ffadfcae33e611d8c2d476bcc2aa0d273b587 upstream.
The block_group->alloc_offset is an offset from the start of the block
group. OTOH, the ->meta_write_pointer is an address in the logical
space. So, we should compare the alloc_offset shifted with the
block_group->start.
Fixes: afba2bc036b0 ("btrfs: zoned: implement active zone tracking")
CC: stable@vger.kernel.org # 5.16+
Signed-off-by: Naohiro Aota <naohiro.aota@wdc.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/btrfs/zoned.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/fs/btrfs/zoned.c
+++ b/fs/btrfs/zoned.c
@@ -1896,7 +1896,7 @@ int btrfs_zone_finish(struct btrfs_block
/* Check if we have unwritten allocated space */
if ((block_group->flags &
(BTRFS_BLOCK_GROUP_METADATA | BTRFS_BLOCK_GROUP_SYSTEM)) &&
- block_group->alloc_offset > block_group->meta_write_pointer) {
+ block_group->start + block_group->alloc_offset > block_group->meta_write_pointer) {
spin_unlock(&block_group->lock);
return -EAGAIN;
}
^ permalink raw reply [flat|nested] 898+ messages in thread
* [PATCH 5.18 054/879] iommu/vt-d: Add RPLS to quirk list to skip TE disabling
2022-06-07 16:51 [PATCH 5.18 000/879] 5.18.3-rc1 review Greg Kroah-Hartman
` (52 preceding siblings ...)
2022-06-07 16:52 ` [PATCH 5.18 053/879] btrfs: zoned: fix comparison of alloc_offset vs meta_write_pointer Greg Kroah-Hartman
@ 2022-06-07 16:52 ` Greg Kroah-Hartman
2022-06-07 16:52 ` [PATCH 5.18 055/879] drm/selftests: fix a shift-out-of-bounds bug Greg Kroah-Hartman
` (834 subsequent siblings)
888 siblings, 0 replies; 898+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:52 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Raviteja Goud Talla, Rodrigo Vivi,
Lu Baolu, Tejas Upadhyay, Sasha Levin
From: Tejas Upadhyay <tejaskumarx.surendrakumar.upadhyay@intel.com>
[ Upstream commit 0a967f5bfd9134b89681cae58deb222e20840e76 ]
The VT-d spec requires (10.4.4 Global Command Register, TE
field) that:
Hardware implementations supporting DMA draining must drain
any in-flight DMA read/write requests queued within the
Root-Complex before completing the translation enable
command and reflecting the status of the command through
the TES field in the Global Status register.
Unfortunately, some integrated graphic devices fail to do
so after some kind of power state transition. As the
result, the system might stuck in iommu_disable_translati
on(), waiting for the completion of TE transition.
This adds RPLS to a quirk list for those devices and skips
TE disabling if the qurik hits.
Link: https://gitlab.freedesktop.org/drm/intel/-/issues/4898
Tested-by: Raviteja Goud Talla <ravitejax.goud.talla@intel.com>
Cc: Rodrigo Vivi <rodrigo.vivi@intel.com>
Acked-by: Lu Baolu <baolu.lu@linux.intel.com>
Signed-off-by: Tejas Upadhyay <tejaskumarx.surendrakumar.upadhyay@intel.com>
Reviewed-by: Rodrigo Vivi <rodrigo.vivi@intel.com>
Signed-off-by: Rodrigo Vivi <rodrigo.vivi@intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20220302043256.191529-1-tejaskumarx.surendrakumar.upadhyay@intel.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/iommu/intel/iommu.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/iommu/intel/iommu.c b/drivers/iommu/intel/iommu.c
index 0ea47e17b379..ba9a63cac47c 100644
--- a/drivers/iommu/intel/iommu.c
+++ b/drivers/iommu/intel/iommu.c
@@ -5031,7 +5031,7 @@ static void quirk_igfx_skip_te_disable(struct pci_dev *dev)
ver = (dev->device >> 8) & 0xff;
if (ver != 0x45 && ver != 0x46 && ver != 0x4c &&
ver != 0x4e && ver != 0x8a && ver != 0x98 &&
- ver != 0x9a)
+ ver != 0x9a && ver != 0xa7)
return;
if (risky_device(dev))
--
2.35.1
^ permalink raw reply related [flat|nested] 898+ messages in thread
* [PATCH 5.18 055/879] drm/selftests: fix a shift-out-of-bounds bug
2022-06-07 16:51 [PATCH 5.18 000/879] 5.18.3-rc1 review Greg Kroah-Hartman
` (53 preceding siblings ...)
2022-06-07 16:52 ` [PATCH 5.18 054/879] iommu/vt-d: Add RPLS to quirk list to skip TE disabling Greg Kroah-Hartman
@ 2022-06-07 16:52 ` Greg Kroah-Hartman
2022-06-07 16:52 ` [PATCH 5.18 056/879] drm/vmwgfx: validate the screen formats Greg Kroah-Hartman
` (833 subsequent siblings)
888 siblings, 0 replies; 898+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:52 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Arunpravin, kernel test robot,
Christian König, Sasha Levin
From: Arunpravin <Arunpravin.PaneerSelvam@amd.com>
[ Upstream commit fc3785fb56a27304c769af730d079f4337d4dc76 ]
pass the correct size value computed using the max_order.
<log snip>
[ 68.124177][ T1] UBSAN: shift-out-of-bounds in include/linux/log2.h:67:13
[ 68.125333][ T1] shift exponent 4294967295 is too large for 32-bit type 'long
unsigned int'
[ 68.126563][ T1] CPU: 0 PID: 1 Comm: swapper Not tainted
5.17.0-rc2-00311-g39ec47bbfd5d #2
[ 68.127758][ T1] Call Trace:
[ 68.128187][ T1] dump_stack_lvl (lib/dump_stack.c:108)
[ 68.128793][ T1] dump_stack (lib/dump_stack.c:114)
[ 68.129331][ T1] ubsan_epilogue (lib/ubsan.c:152)
[ 68.129958][ T1] __ubsan_handle_shift_out_of_bounds.cold (arch/x86/include/asm/smap.h:85)
[ 68.130791][ T1] ? drm_block_alloc+0x28/0x80
[ 68.131582][ T1] ? rcu_read_lock_sched_held (kernel/rcu/update.c:125)
[ 68.132215][ T1] ? kmem_cache_alloc (include/trace/events/kmem.h:54 mm/slab.c:3501)
[ 68.132878][ T1] ? mark_free+0x2e/0x80
[ 68.133524][ T1] drm_buddy_init.cold (include/linux/log2.h:67
drivers/gpu/drm/drm_buddy.c:131)
[ 68.134145][ T1] ? test_drm_cmdline_init (drivers/gpu/drm/selftests/test-drm_buddy.c:87)
[ 68.134770][ T1] igt_buddy_alloc_limit (drivers/gpu/drm/selftests/test-drm_buddy.c:30)
[ 68.135472][ T1] ? vprintk_default (kernel/printk/printk.c:2257)
[ 68.136057][ T1] ? test_drm_cmdline_init (drivers/gpu/drm/selftests/test-drm_buddy.c:87)
[ 68.136812][ T1] test_drm_buddy_init (drivers/gpu/drm/selftests/drm_selftest.c:77
drivers/gpu/drm/selftests/test-drm_buddy.c:95)
[ 68.137475][ T1] do_one_initcall (init/main.c:1300)
[ 68.138111][ T1] ? parse_args (kernel/params.c:609 kernel/params.c:146
kernel/params.c:188)
[ 68.138717][ T1] do_basic_setup (init/main.c:1372 init/main.c:1389 init/main.c:1408)
[ 68.139366][ T1] kernel_init_freeable (init/main.c:1617)
[ 68.140040][ T1] ? rest_init (init/main.c:1494)
[ 68.140634][ T1] kernel_init (init/main.c:1504)
[ 68.141155][ T1] ret_from_fork (arch/x86/entry/entry_32.S:772)
[ 68.141607][ T1]
================================================================================
[ 68.146730][ T1] ------------[ cut here ]------------
[ 68.147460][ T1] kernel BUG at drivers/gpu/drm/drm_buddy.c:140!
[ 68.148280][ T1] invalid opcode: 0000 [#1]
[ 68.148895][ T1] CPU: 0 PID: 1 Comm: swapper Not tainted
5.17.0-rc2-00311-g39ec47bbfd5d #2
[ 68.149896][ T1] EIP: drm_buddy_init (drivers/gpu/drm/drm_buddy.c:140 (discriminator 1))
For more details: https://lists.01.org/hyperkitty/list/lkp@lists.01.org/thread/FDIF3HCILZNN5UQAZMOR7E3MQSMHHKWU/
Signed-off-by: Arunpravin <Arunpravin.PaneerSelvam@amd.com>
Reported-by: kernel test robot <oliver.sang@intel.com>
Acked-by: Christian König <christian.koenig@amd.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20220303201602.2365-1-Arunpravin.PaneerSelvam@amd.com
Signed-off-by: Christian König <christian.koenig@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/selftests/test-drm_buddy.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/drivers/gpu/drm/selftests/test-drm_buddy.c b/drivers/gpu/drm/selftests/test-drm_buddy.c
index fa997f89522b..913cbd7eae04 100644
--- a/drivers/gpu/drm/selftests/test-drm_buddy.c
+++ b/drivers/gpu/drm/selftests/test-drm_buddy.c
@@ -902,14 +902,13 @@ static int igt_buddy_alloc_range(void *arg)
static int igt_buddy_alloc_limit(void *arg)
{
- u64 end, size = U64_MAX, start = 0;
+ u64 size = U64_MAX, start = 0;
struct drm_buddy_block *block;
unsigned long flags = 0;
LIST_HEAD(allocated);
struct drm_buddy mm;
int err;
- size = end = round_down(size, 4096);
err = drm_buddy_init(&mm, size, PAGE_SIZE);
if (err)
return err;
@@ -921,7 +920,8 @@ static int igt_buddy_alloc_limit(void *arg)
goto out_fini;
}
- err = drm_buddy_alloc_blocks(&mm, start, end, size,
+ size = mm.chunk_size << mm.max_order;
+ err = drm_buddy_alloc_blocks(&mm, start, size, size,
PAGE_SIZE, &allocated, flags);
if (unlikely(err))
--
2.35.1
^ permalink raw reply related [flat|nested] 898+ messages in thread
* [PATCH 5.18 056/879] drm/vmwgfx: validate the screen formats
2022-06-07 16:51 [PATCH 5.18 000/879] 5.18.3-rc1 review Greg Kroah-Hartman
` (54 preceding siblings ...)
2022-06-07 16:52 ` [PATCH 5.18 055/879] drm/selftests: fix a shift-out-of-bounds bug Greg Kroah-Hartman
@ 2022-06-07 16:52 ` Greg Kroah-Hartman
2022-06-07 16:52 ` [PATCH 5.18 057/879] ath11k: fix the warning of dev_wake in mhi_pm_disable_transition() Greg Kroah-Hartman
` (832 subsequent siblings)
888 siblings, 0 replies; 898+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:52 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Zack Rusin, Martin Krastev, Sasha Levin
From: Zack Rusin <zackr@vmware.com>
[ Upstream commit 8bb75aeb58bd688d70827ae179bd3da57b6d975b ]
The kms code wasn't validating the modifiers and was letting through
unsupported formats. rgb8 was never properly supported and has no
matching svga screen target format so remove it.
This fixes format/modifier failures in kms_addfb_basic from IGT.
Signed-off-by: Zack Rusin <zackr@vmware.com>
Reviewed-by: Martin Krastev <krastevm@vmware.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20220318174332.440068-4-zack@kde.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/vmwgfx/vmwgfx_kms.c | 30 +++++++++++++++--------------
drivers/gpu/drm/vmwgfx/vmwgfx_kms.h | 1 -
2 files changed, 16 insertions(+), 15 deletions(-)
diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_kms.c b/drivers/gpu/drm/vmwgfx/vmwgfx_kms.c
index 93431e8f6606..9410152f9d6f 100644
--- a/drivers/gpu/drm/vmwgfx/vmwgfx_kms.c
+++ b/drivers/gpu/drm/vmwgfx/vmwgfx_kms.c
@@ -914,6 +914,15 @@ static int vmw_kms_new_framebuffer_surface(struct vmw_private *dev_priv,
* Sanity checks.
*/
+ if (!drm_any_plane_has_format(&dev_priv->drm,
+ mode_cmd->pixel_format,
+ mode_cmd->modifier[0])) {
+ drm_dbg(&dev_priv->drm,
+ "unsupported pixel format %p4cc / modifier 0x%llx\n",
+ &mode_cmd->pixel_format, mode_cmd->modifier[0]);
+ return -EINVAL;
+ }
+
/* Surface must be marked as a scanout. */
if (unlikely(!surface->metadata.scanout))
return -EINVAL;
@@ -1236,20 +1245,13 @@ static int vmw_kms_new_framebuffer_bo(struct vmw_private *dev_priv,
return -EINVAL;
}
- /* Limited framebuffer color depth support for screen objects */
- if (dev_priv->active_display_unit == vmw_du_screen_object) {
- switch (mode_cmd->pixel_format) {
- case DRM_FORMAT_XRGB8888:
- case DRM_FORMAT_ARGB8888:
- break;
- case DRM_FORMAT_XRGB1555:
- case DRM_FORMAT_RGB565:
- break;
- default:
- DRM_ERROR("Invalid pixel format: %p4cc\n",
- &mode_cmd->pixel_format);
- return -EINVAL;
- }
+ if (!drm_any_plane_has_format(&dev_priv->drm,
+ mode_cmd->pixel_format,
+ mode_cmd->modifier[0])) {
+ drm_dbg(&dev_priv->drm,
+ "unsupported pixel format %p4cc / modifier 0x%llx\n",
+ &mode_cmd->pixel_format, mode_cmd->modifier[0]);
+ return -EINVAL;
}
vfbd = kzalloc(sizeof(*vfbd), GFP_KERNEL);
diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_kms.h b/drivers/gpu/drm/vmwgfx/vmwgfx_kms.h
index 4d36e8507380..d9ebd02099a6 100644
--- a/drivers/gpu/drm/vmwgfx/vmwgfx_kms.h
+++ b/drivers/gpu/drm/vmwgfx/vmwgfx_kms.h
@@ -247,7 +247,6 @@ struct vmw_framebuffer_bo {
static const uint32_t __maybe_unused vmw_primary_plane_formats[] = {
DRM_FORMAT_XRGB1555,
DRM_FORMAT_RGB565,
- DRM_FORMAT_RGB888,
DRM_FORMAT_XRGB8888,
DRM_FORMAT_ARGB8888,
};
--
2.35.1
^ permalink raw reply related [flat|nested] 898+ messages in thread
* [PATCH 5.18 057/879] ath11k: fix the warning of dev_wake in mhi_pm_disable_transition()
2022-06-07 16:51 [PATCH 5.18 000/879] 5.18.3-rc1 review Greg Kroah-Hartman
` (55 preceding siblings ...)
2022-06-07 16:52 ` [PATCH 5.18 056/879] drm/vmwgfx: validate the screen formats Greg Kroah-Hartman
@ 2022-06-07 16:52 ` Greg Kroah-Hartman
2022-06-07 16:52 ` [PATCH 5.18 058/879] drm/virtio: fix NULL pointer dereference in virtio_gpu_conn_get_modes Greg Kroah-Hartman
` (831 subsequent siblings)
888 siblings, 0 replies; 898+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:52 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Wen Gong, Kalle Valo, Sasha Levin
From: Wen Gong <quic_wgong@quicinc.com>
[ Upstream commit 0d7a8a6204ea9271f1d0a8c66a9fd2f54d2e3cbc ]
When test device recovery with below command, it has warning in message
as below.
echo assert > /sys/kernel/debug/ath11k/wcn6855\ hw2.0/simulate_fw_crash
echo assert > /sys/kernel/debug/ath11k/qca6390\ hw2.0/simulate_fw_crash
warning message:
[ 1965.642121] ath11k_pci 0000:06:00.0: simulating firmware assert crash
[ 1968.471364] ieee80211 phy0: Hardware restart was requested
[ 1968.511305] ------------[ cut here ]------------
[ 1968.511368] WARNING: CPU: 3 PID: 1546 at drivers/bus/mhi/core/pm.c:505 mhi_pm_disable_transition+0xb37/0xda0 [mhi]
[ 1968.511443] Modules linked in: ath11k_pci ath11k mac80211 libarc4 cfg80211 qmi_helpers qrtr_mhi mhi qrtr nvme nvme_core
[ 1968.511563] CPU: 3 PID: 1546 Comm: kworker/u17:0 Kdump: loaded Tainted: G W 5.17.0-rc3-wt-ath+ #579
[ 1968.511629] Hardware name: Intel(R) Client Systems NUC8i7HVK/NUC8i7HVB, BIOS HNKBLi70.86A.0067.2021.0528.1339 05/28/2021
[ 1968.511704] Workqueue: mhi_hiprio_wq mhi_pm_st_worker [mhi]
[ 1968.511787] RIP: 0010:mhi_pm_disable_transition+0xb37/0xda0 [mhi]
[ 1968.511870] Code: a9 fe ff ff 4c 89 ff 44 89 04 24 e8 03 46 f6 e5 44 8b 04 24 41 83 f8 01 0f 84 21 fe ff ff e9 4c fd ff ff 0f 0b e9 af f8 ff ff <0f> 0b e9 5c f8 ff ff 48 89 df e8 da 9e ee e3 e9 12 fd ff ff 4c 89
[ 1968.511923] RSP: 0018:ffffc900024efbf0 EFLAGS: 00010286
[ 1968.511969] RAX: 00000000ffffffff RBX: ffff88811d241250 RCX: ffffffffc0176922
[ 1968.512014] RDX: 0000000000000000 RSI: 0000000000000004 RDI: ffff888118a90a24
[ 1968.512059] RBP: ffff888118a90800 R08: 0000000000000000 R09: ffff888118a90a27
[ 1968.512102] R10: ffffed1023152144 R11: 0000000000000001 R12: ffff888118a908ac
[ 1968.512229] R13: ffff888118a90928 R14: dffffc0000000000 R15: ffff888118a90a24
[ 1968.512310] FS: 0000000000000000(0000) GS:ffff888234200000(0000) knlGS:0000000000000000
[ 1968.512405] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1968.512493] CR2: 00007f5538f443a8 CR3: 000000016dc28001 CR4: 00000000003706e0
[ 1968.512587] Call Trace:
[ 1968.512672] <TASK>
[ 1968.512751] ? _raw_spin_unlock_irq+0x1f/0x40
[ 1968.512859] mhi_pm_st_worker+0x3ac/0x790 [mhi]
[ 1968.512959] ? mhi_pm_mission_mode_transition.isra.0+0x7d0/0x7d0 [mhi]
[ 1968.513063] process_one_work+0x86a/0x1400
[ 1968.513184] ? pwq_dec_nr_in_flight+0x230/0x230
[ 1968.513312] ? move_linked_works+0x125/0x290
[ 1968.513416] worker_thread+0x6db/0xf60
[ 1968.513536] ? process_one_work+0x1400/0x1400
[ 1968.513627] kthread+0x241/0x2d0
[ 1968.513733] ? kthread_complete_and_exit+0x20/0x20
[ 1968.513821] ret_from_fork+0x22/0x30
[ 1968.513924] </TASK>
Reason is mhi_deassert_dev_wake() from mhi_device_put() is called
but mhi_assert_dev_wake() from __mhi_device_get_sync() is not called
in progress of recovery. Commit 8e0559921f9a ("bus: mhi: core:
Skip device wake in error or shutdown state") add check for the
pm_state of mhi in __mhi_device_get_sync(), and the pm_state is not
the normal state untill recovery is completed, so it leads the
dev_wake is not 0 and above warning print in mhi_pm_disable_transition()
while checking mhi_cntrl->dev_wake.
Add check in ath11k_pci_write32()/ath11k_pci_read32() to skip call
mhi_device_put() if mhi_device_get_sync() does not really do wake,
then the warning gone.
Tested-on: WCN6855 hw2.0 PCI WLAN.HSP.1.1-03003-QCAHSPSWPL_V1_V2_SILICONZ_LITE-2
Signed-off-by: Wen Gong <quic_wgong@quicinc.com>
Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com>
Link: https://lore.kernel.org/r/20220228064606.8981-5-quic_wgong@quicinc.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/ath/ath11k/pci.c | 12 ++++++++----
1 file changed, 8 insertions(+), 4 deletions(-)
diff --git a/drivers/net/wireless/ath/ath11k/pci.c b/drivers/net/wireless/ath/ath11k/pci.c
index 903758751c99..8a3ff12057e8 100644
--- a/drivers/net/wireless/ath/ath11k/pci.c
+++ b/drivers/net/wireless/ath/ath11k/pci.c
@@ -191,6 +191,7 @@ void ath11k_pci_write32(struct ath11k_base *ab, u32 offset, u32 value)
{
struct ath11k_pci *ab_pci = ath11k_pci_priv(ab);
u32 window_start;
+ int ret = 0;
/* for offset beyond BAR + 4K - 32, may
* need to wakeup MHI to access.
@@ -198,7 +199,7 @@ void ath11k_pci_write32(struct ath11k_base *ab, u32 offset, u32 value)
if (ab->hw_params.wakeup_mhi &&
test_bit(ATH11K_PCI_FLAG_INIT_DONE, &ab_pci->flags) &&
offset >= ACCESS_ALWAYS_OFF)
- mhi_device_get_sync(ab_pci->mhi_ctrl->mhi_dev);
+ ret = mhi_device_get_sync(ab_pci->mhi_ctrl->mhi_dev);
if (offset < WINDOW_START) {
iowrite32(value, ab->mem + offset);
@@ -222,7 +223,8 @@ void ath11k_pci_write32(struct ath11k_base *ab, u32 offset, u32 value)
if (ab->hw_params.wakeup_mhi &&
test_bit(ATH11K_PCI_FLAG_INIT_DONE, &ab_pci->flags) &&
- offset >= ACCESS_ALWAYS_OFF)
+ offset >= ACCESS_ALWAYS_OFF &&
+ !ret)
mhi_device_put(ab_pci->mhi_ctrl->mhi_dev);
}
@@ -230,6 +232,7 @@ u32 ath11k_pci_read32(struct ath11k_base *ab, u32 offset)
{
struct ath11k_pci *ab_pci = ath11k_pci_priv(ab);
u32 val, window_start;
+ int ret = 0;
/* for offset beyond BAR + 4K - 32, may
* need to wakeup MHI to access.
@@ -237,7 +240,7 @@ u32 ath11k_pci_read32(struct ath11k_base *ab, u32 offset)
if (ab->hw_params.wakeup_mhi &&
test_bit(ATH11K_PCI_FLAG_INIT_DONE, &ab_pci->flags) &&
offset >= ACCESS_ALWAYS_OFF)
- mhi_device_get_sync(ab_pci->mhi_ctrl->mhi_dev);
+ ret = mhi_device_get_sync(ab_pci->mhi_ctrl->mhi_dev);
if (offset < WINDOW_START) {
val = ioread32(ab->mem + offset);
@@ -261,7 +264,8 @@ u32 ath11k_pci_read32(struct ath11k_base *ab, u32 offset)
if (ab->hw_params.wakeup_mhi &&
test_bit(ATH11K_PCI_FLAG_INIT_DONE, &ab_pci->flags) &&
- offset >= ACCESS_ALWAYS_OFF)
+ offset >= ACCESS_ALWAYS_OFF &&
+ !ret)
mhi_device_put(ab_pci->mhi_ctrl->mhi_dev);
return val;
--
2.35.1
^ permalink raw reply related [flat|nested] 898+ messages in thread
* [PATCH 5.18 058/879] drm/virtio: fix NULL pointer dereference in virtio_gpu_conn_get_modes
2022-06-07 16:51 [PATCH 5.18 000/879] 5.18.3-rc1 review Greg Kroah-Hartman
` (56 preceding siblings ...)
2022-06-07 16:52 ` [PATCH 5.18 057/879] ath11k: fix the warning of dev_wake in mhi_pm_disable_transition() Greg Kroah-Hartman
@ 2022-06-07 16:52 ` Greg Kroah-Hartman
2022-06-07 16:52 ` [PATCH 5.18 059/879] selftests/bpf: Fix vfs_link kprobe definition Greg Kroah-Hartman
` (830 subsequent siblings)
888 siblings, 0 replies; 898+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:52 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Liu Zixian, Gerd Hoffmann, Sasha Levin
From: Liu Zixian <liuzixian4@huawei.com>
[ Upstream commit 194d250cdc4a40ccbd179afd522a9e9846957402 ]
drm_cvt_mode may return NULL and we should check it.
This bug is found by syzkaller:
FAULT_INJECTION stacktrace:
[ 168.567394] FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 1
[ 168.567403] CPU: 1 PID: 6425 Comm: syz Kdump: loaded Not tainted 4.19.90-vhulk2201.1.0.h1035.kasan.eulerosv2r10.aarch64 #1
[ 168.567406] Hardware name: QEMU KVM Virtual Machine, BIOS 0.0.0 02/06/2015
[ 168.567408] Call trace:
[ 168.567414] dump_backtrace+0x0/0x310
[ 168.567418] show_stack+0x28/0x38
[ 168.567423] dump_stack+0xec/0x15c
[ 168.567427] should_fail+0x3ac/0x3d0
[ 168.567437] __should_failslab+0xb8/0x120
[ 168.567441] should_failslab+0x28/0xc0
[ 168.567445] kmem_cache_alloc_trace+0x50/0x640
[ 168.567454] drm_mode_create+0x40/0x90
[ 168.567458] drm_cvt_mode+0x48/0xc78
[ 168.567477] virtio_gpu_conn_get_modes+0xa8/0x140 [virtio_gpu]
[ 168.567485] drm_helper_probe_single_connector_modes+0x3a4/0xd80
[ 168.567492] drm_mode_getconnector+0x2e0/0xa70
[ 168.567496] drm_ioctl_kernel+0x11c/0x1d8
[ 168.567514] drm_ioctl+0x558/0x6d0
[ 168.567522] do_vfs_ioctl+0x160/0xf30
[ 168.567525] ksys_ioctl+0x98/0xd8
[ 168.567530] __arm64_sys_ioctl+0x50/0xc8
[ 168.567536] el0_svc_common+0xc8/0x320
[ 168.567540] el0_svc_handler+0xf8/0x160
[ 168.567544] el0_svc+0x10/0x218
KASAN stacktrace:
[ 168.567561] BUG: KASAN: null-ptr-deref in virtio_gpu_conn_get_modes+0xb4/0x140 [virtio_gpu]
[ 168.567565] Read of size 4 at addr 0000000000000054 by task syz/6425
[ 168.567566]
[ 168.567571] CPU: 1 PID: 6425 Comm: syz Kdump: loaded Not tainted 4.19.90-vhulk2201.1.0.h1035.kasan.eulerosv2r10.aarch64 #1
[ 168.567573] Hardware name: QEMU KVM Virtual Machine, BIOS 0.0.0 02/06/2015
[ 168.567575] Call trace:
[ 168.567578] dump_backtrace+0x0/0x310
[ 168.567582] show_stack+0x28/0x38
[ 168.567586] dump_stack+0xec/0x15c
[ 168.567591] kasan_report+0x244/0x2f0
[ 168.567594] __asan_load4+0x58/0xb0
[ 168.567607] virtio_gpu_conn_get_modes+0xb4/0x140 [virtio_gpu]
[ 168.567612] drm_helper_probe_single_connector_modes+0x3a4/0xd80
[ 168.567617] drm_mode_getconnector+0x2e0/0xa70
[ 168.567621] drm_ioctl_kernel+0x11c/0x1d8
[ 168.567624] drm_ioctl+0x558/0x6d0
[ 168.567628] do_vfs_ioctl+0x160/0xf30
[ 168.567632] ksys_ioctl+0x98/0xd8
[ 168.567636] __arm64_sys_ioctl+0x50/0xc8
[ 168.567641] el0_svc_common+0xc8/0x320
[ 168.567645] el0_svc_handler+0xf8/0x160
[ 168.567649] el0_svc+0x10/0x218
Signed-off-by: Liu Zixian <liuzixian4@huawei.com>
Link: http://patchwork.freedesktop.org/patch/msgid/20220322091730.1653-1-liuzixian4@huawei.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/virtio/virtgpu_display.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/gpu/drm/virtio/virtgpu_display.c b/drivers/gpu/drm/virtio/virtgpu_display.c
index 5b00310ac4cd..f73352e7b832 100644
--- a/drivers/gpu/drm/virtio/virtgpu_display.c
+++ b/drivers/gpu/drm/virtio/virtgpu_display.c
@@ -179,6 +179,8 @@ static int virtio_gpu_conn_get_modes(struct drm_connector *connector)
DRM_DEBUG("add mode: %dx%d\n", width, height);
mode = drm_cvt_mode(connector->dev, width, height, 60,
false, false, false);
+ if (!mode)
+ return count;
mode->type |= DRM_MODE_TYPE_PREFERRED;
drm_mode_probed_add(connector, mode);
count++;
--
2.35.1
^ permalink raw reply related [flat|nested] 898+ messages in thread
* [PATCH 5.18 059/879] selftests/bpf: Fix vfs_link kprobe definition
2022-06-07 16:51 [PATCH 5.18 000/879] 5.18.3-rc1 review Greg Kroah-Hartman
` (57 preceding siblings ...)
2022-06-07 16:52 ` [PATCH 5.18 058/879] drm/virtio: fix NULL pointer dereference in virtio_gpu_conn_get_modes Greg Kroah-Hartman
@ 2022-06-07 16:52 ` Greg Kroah-Hartman
2022-06-07 16:52 ` [PATCH 5.18 060/879] selftests/bpf: Fix parsing of prog types in UAPI hdr for bpftool sync Greg Kroah-Hartman
` (829 subsequent siblings)
888 siblings, 0 replies; 898+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:52 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Nikolay Borisov, Andrii Nakryiko,
Sasha Levin
From: Nikolay Borisov <nborisov@suse.com>
[ Upstream commit e299bcd4d16ff86f46c48df1062c8aae0eca1ed8 ]
Since commit 6521f8917082 ("namei: prepare for idmapped mounts")
vfs_link's prototype was changed, the kprobe definition in
profiler selftest in turn wasn't updated. The result is that all
argument after the first are now stored in different registers. This
means that self-test has been broken ever since. Fix it by updating the
kprobe definition accordingly.
Signed-off-by: Nikolay Borisov <nborisov@suse.com>
Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
Link: https://lore.kernel.org/bpf/20220331140949.1410056-1-nborisov@suse.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/testing/selftests/bpf/progs/profiler.inc.h | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/tools/testing/selftests/bpf/progs/profiler.inc.h b/tools/testing/selftests/bpf/progs/profiler.inc.h
index 4896fdf816f7..92331053dba3 100644
--- a/tools/testing/selftests/bpf/progs/profiler.inc.h
+++ b/tools/testing/selftests/bpf/progs/profiler.inc.h
@@ -826,8 +826,9 @@ int kprobe_ret__do_filp_open(struct pt_regs* ctx)
SEC("kprobe/vfs_link")
int BPF_KPROBE(kprobe__vfs_link,
- struct dentry* old_dentry, struct inode* dir,
- struct dentry* new_dentry, struct inode** delegated_inode)
+ struct dentry* old_dentry, struct user_namespace *mnt_userns,
+ struct inode* dir, struct dentry* new_dentry,
+ struct inode** delegated_inode)
{
struct bpf_func_stats_ctx stats_ctx;
bpf_stats_enter(&stats_ctx, profiler_bpf_vfs_link);
--
2.35.1
^ permalink raw reply related [flat|nested] 898+ messages in thread
* [PATCH 5.18 060/879] selftests/bpf: Fix parsing of prog types in UAPI hdr for bpftool sync
2022-06-07 16:51 [PATCH 5.18 000/879] 5.18.3-rc1 review Greg Kroah-Hartman
` (58 preceding siblings ...)
2022-06-07 16:52 ` [PATCH 5.18 059/879] selftests/bpf: Fix vfs_link kprobe definition Greg Kroah-Hartman
@ 2022-06-07 16:52 ` Greg Kroah-Hartman
2022-06-07 16:52 ` [PATCH 5.18 061/879] ath11k: Change max no of active probe SSID and BSSID to fw capability Greg Kroah-Hartman
` (828 subsequent siblings)
888 siblings, 0 replies; 898+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:52 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Quentin Monnet, Andrii Nakryiko, Sasha Levin
From: Quentin Monnet <quentin@isovalent.com>
[ Upstream commit 4eeebce6ac4ad80ee8243bb847c98e0e55848d47 ]
The script for checking that various lists of types in bpftool remain in
sync with the UAPI BPF header uses a regex to parse enum bpf_prog_type.
If this enum contains a set of values different from the list of program
types in bpftool, it complains.
This script should have reported the addition, some time ago, of the new
BPF_PROG_TYPE_SYSCALL, which was not reported to bpftool's program types
list. It failed to do so, because it failed to parse that new type from
the enum. This is because the new value, in the BPF header, has an
explicative comment on the same line, and the regex does not support
that.
Let's update the script to support parsing enum values when they have
comments on the same line.
Signed-off-by: Quentin Monnet <quentin@isovalent.com>
Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
Link: https://lore.kernel.org/bpf/20220404140944.64744-1-quentin@isovalent.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/testing/selftests/bpf/test_bpftool_synctypes.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tools/testing/selftests/bpf/test_bpftool_synctypes.py b/tools/testing/selftests/bpf/test_bpftool_synctypes.py
index 6bf21e47882a..c0e7acd698ed 100755
--- a/tools/testing/selftests/bpf/test_bpftool_synctypes.py
+++ b/tools/testing/selftests/bpf/test_bpftool_synctypes.py
@@ -180,7 +180,7 @@ class FileExtractor(object):
@enum_name: name of the enum to parse
"""
start_marker = re.compile(f'enum {enum_name} {{\n')
- pattern = re.compile('^\s*(BPF_\w+),?$')
+ pattern = re.compile('^\s*(BPF_\w+),?(\s+/\*.*\*/)?$')
end_marker = re.compile('^};')
parser = BlockParser(self.reader)
parser.search_block(start_marker)
--
2.35.1
^ permalink raw reply related [flat|nested] 898+ messages in thread
* [PATCH 5.18 061/879] ath11k: Change max no of active probe SSID and BSSID to fw capability
2022-06-07 16:51 [PATCH 5.18 000/879] 5.18.3-rc1 review Greg Kroah-Hartman
` (59 preceding siblings ...)
2022-06-07 16:52 ` [PATCH 5.18 060/879] selftests/bpf: Fix parsing of prog types in UAPI hdr for bpftool sync Greg Kroah-Hartman
@ 2022-06-07 16:52 ` Greg Kroah-Hartman
2022-06-07 16:53 ` [PATCH 5.18 062/879] selftests/bpf: Fix file descriptor leak in load_kallsyms() Greg Kroah-Hartman
` (827 subsequent siblings)
888 siblings, 0 replies; 898+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:52 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Karthikeyan Kathirvel, Kalle Valo,
Sasha Levin
From: Karthikeyan Kathirvel <quic_kathirve@quicinc.com>
[ Upstream commit 50dc9ce9f80554a88e33b73c30851acf2be36ed3 ]
The maximum number of SSIDs in a for active probe requests is currently
reported as 16 (WLAN_SCAN_PARAMS_MAX_SSID) when registering the driver.
The scan_req_params structure only has the capacity to hold 10 SSIDs.
This leads to a buffer overflow which can be triggered from
wpa_supplicant in userspace. When copying the SSIDs into the
scan_req_params structure in the ath11k_mac_op_hw_scan route, it can
overwrite the extraie pointer.
Firmware supports 16 ssid * 4 bssid, for each ssid 4 bssid combo probe
request will be sent, so totally 64 probe requests supported. So
set both max ssid and bssid to 16 and 4 respectively. Remove the
redundant macros of ssid and bssid.
Tested-on: IPQ8074 hw2.0 AHB WLAN.HK.2.7.0.1-01300-QCAHKSWPL_SILICONZ-1
Signed-off-by: Karthikeyan Kathirvel <quic_kathirve@quicinc.com>
Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com>
Link: https://lore.kernel.org/r/20220329150221.21907-1-quic_kathirve@quicinc.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/ath/ath11k/wmi.h | 12 ++----------
1 file changed, 2 insertions(+), 10 deletions(-)
diff --git a/drivers/net/wireless/ath/ath11k/wmi.h b/drivers/net/wireless/ath/ath11k/wmi.h
index 587f42307250..b5b72483477d 100644
--- a/drivers/net/wireless/ath/ath11k/wmi.h
+++ b/drivers/net/wireless/ath/ath11k/wmi.h
@@ -3088,9 +3088,6 @@ enum scan_dwelltime_adaptive_mode {
SCAN_DWELL_MODE_STATIC = 4
};
-#define WLAN_SCAN_MAX_NUM_SSID 10
-#define WLAN_SCAN_MAX_NUM_BSSID 10
-
#define WLAN_SSID_MAX_LEN 32
struct element_info {
@@ -3105,7 +3102,6 @@ struct wlan_ssid {
#define WMI_IE_BITMAP_SIZE 8
-#define WMI_SCAN_MAX_NUM_SSID 0x0A
/* prefix used by scan requestor ids on the host */
#define WMI_HOST_SCAN_REQUESTOR_ID_PREFIX 0xA000
@@ -3113,10 +3109,6 @@ struct wlan_ssid {
/* host cycles through the lower 12 bits to generate ids */
#define WMI_HOST_SCAN_REQ_ID_PREFIX 0xA000
-#define WLAN_SCAN_PARAMS_MAX_SSID 16
-#define WLAN_SCAN_PARAMS_MAX_BSSID 4
-#define WLAN_SCAN_PARAMS_MAX_IE_LEN 256
-
/* Values lower than this may be refused by some firmware revisions with a scan
* completion with a timedout reason.
*/
@@ -3312,8 +3304,8 @@ struct scan_req_params {
u32 n_probes;
u32 *chan_list;
u32 notify_scan_events;
- struct wlan_ssid ssid[WLAN_SCAN_MAX_NUM_SSID];
- struct wmi_mac_addr bssid_list[WLAN_SCAN_MAX_NUM_BSSID];
+ struct wlan_ssid ssid[WLAN_SCAN_PARAMS_MAX_SSID];
+ struct wmi_mac_addr bssid_list[WLAN_SCAN_PARAMS_MAX_BSSID];
struct element_info extraie;
struct element_info htcap;
struct element_info vhtcap;
--
2.35.1
^ permalink raw reply related [flat|nested] 898+ messages in thread
* [PATCH 5.18 062/879] selftests/bpf: Fix file descriptor leak in load_kallsyms()
2022-06-07 16:51 [PATCH 5.18 000/879] 5.18.3-rc1 review Greg Kroah-Hartman
` (60 preceding siblings ...)
2022-06-07 16:52 ` [PATCH 5.18 061/879] ath11k: Change max no of active probe SSID and BSSID to fw capability Greg Kroah-Hartman
@ 2022-06-07 16:53 ` Greg Kroah-Hartman
2022-06-07 16:53 ` [PATCH 5.18 063/879] rtw89: ser: fix CAM leaks occurring in L2 reset Greg Kroah-Hartman
` (826 subsequent siblings)
888 siblings, 0 replies; 898+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:53 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Yuntao Wang, Andrii Nakryiko, Sasha Levin
From: Yuntao Wang <ytcoode@gmail.com>
[ Upstream commit 2d0df01974ce2b59b6f7d5bd3ea58d74f12ddf85 ]
Currently, if sym_cnt > 0, it just returns and does not close file, fix it.
Signed-off-by: Yuntao Wang <ytcoode@gmail.com>
Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
Link: https://lore.kernel.org/bpf/20220405145711.49543-1-ytcoode@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/testing/selftests/bpf/trace_helpers.c | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/tools/testing/selftests/bpf/trace_helpers.c b/tools/testing/selftests/bpf/trace_helpers.c
index 3d6217e3aff7..9c4be2cdb21a 100644
--- a/tools/testing/selftests/bpf/trace_helpers.c
+++ b/tools/testing/selftests/bpf/trace_helpers.c
@@ -25,15 +25,12 @@ static int ksym_cmp(const void *p1, const void *p2)
int load_kallsyms(void)
{
- FILE *f = fopen("/proc/kallsyms", "r");
+ FILE *f;
char func[256], buf[256];
char symbol;
void *addr;
int i = 0;
- if (!f)
- return -ENOENT;
-
/*
* This is called/used from multiplace places,
* load symbols just once.
@@ -41,6 +38,10 @@ int load_kallsyms(void)
if (sym_cnt)
return 0;
+ f = fopen("/proc/kallsyms", "r");
+ if (!f)
+ return -ENOENT;
+
while (fgets(buf, sizeof(buf), f)) {
if (sscanf(buf, "%p %c %s", &addr, &symbol, func) != 3)
break;
--
2.35.1
^ permalink raw reply related [flat|nested] 898+ messages in thread
* [PATCH 5.18 063/879] rtw89: ser: fix CAM leaks occurring in L2 reset
2022-06-07 16:51 [PATCH 5.18 000/879] 5.18.3-rc1 review Greg Kroah-Hartman
` (61 preceding siblings ...)
2022-06-07 16:53 ` [PATCH 5.18 062/879] selftests/bpf: Fix file descriptor leak in load_kallsyms() Greg Kroah-Hartman
@ 2022-06-07 16:53 ` Greg Kroah-Hartman
2022-06-07 16:53 ` [PATCH 5.18 064/879] rtw89: fix misconfiguration on hw_scan channel time Greg Kroah-Hartman
` (825 subsequent siblings)
888 siblings, 0 replies; 898+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:53 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Zong-Zhe Yang, Ping-Ke Shih,
Kalle Valo, Sasha Levin
From: Zong-Zhe Yang <kevin_yang@realtek.com>
[ Upstream commit b169f877f001a474fb89939842c390518160bcc5 ]
The CAM, meaning address CAM and bssid CAM here, will get leaks during
SER (system error recover) L2 reset process and ieee80211_restart_hw()
which is called by L2 reset process eventually.
The normal flow would be like
-> add interface (acquire 1)
-> enter ips (release 1)
-> leave ips (acquire 1)
-> connection (occupy 1) <(A) 1 leak after L2 reset if non-sec connection>
The ieee80211_restart_hw() flow (under connection)
-> ieee80211 reconfig
-> add interface (acquire 1)
-> leave ips (acquire 1)
-> connection (occupy (A) + 2) <(B) 1 more leak>
Originally, CAM is released before HW restart only if connection is under
security. Now, release CAM whatever connection it is to fix leak in (A).
OTOH, check if CAM is already valid to avoid acquiring multiple times to
fix (B).
Besides, if AP mode, release address CAM of all stations before HW restart.
Signed-off-by: Zong-Zhe Yang <kevin_yang@realtek.com>
Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20220314071250.40292-2-pkshih@realtek.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/realtek/rtw89/cam.c | 14 ++++++++++++--
drivers/net/wireless/realtek/rtw89/ser.c | 21 +++++++++++++++++++++
2 files changed, 33 insertions(+), 2 deletions(-)
diff --git a/drivers/net/wireless/realtek/rtw89/cam.c b/drivers/net/wireless/realtek/rtw89/cam.c
index 305dbbebff6b..26bef9fdd205 100644
--- a/drivers/net/wireless/realtek/rtw89/cam.c
+++ b/drivers/net/wireless/realtek/rtw89/cam.c
@@ -421,10 +421,8 @@ static void rtw89_cam_reset_key_iter(struct ieee80211_hw *hw,
void *data)
{
struct rtw89_dev *rtwdev = (struct rtw89_dev *)data;
- struct rtw89_vif *rtwvif = (struct rtw89_vif *)vif->drv_priv;
rtw89_cam_sec_key_del(rtwdev, vif, sta, key, false);
- rtw89_cam_deinit(rtwdev, rtwvif);
}
void rtw89_cam_deinit_addr_cam(struct rtw89_dev *rtwdev,
@@ -480,6 +478,12 @@ int rtw89_cam_init_addr_cam(struct rtw89_dev *rtwdev,
int i;
int ret;
+ if (unlikely(addr_cam->valid)) {
+ rtw89_debug(rtwdev, RTW89_DBG_FW,
+ "addr cam is already valid; skip init\n");
+ return 0;
+ }
+
ret = rtw89_cam_get_avail_addr_cam(rtwdev, &addr_cam_idx);
if (ret) {
rtw89_err(rtwdev, "failed to get available addr cam\n");
@@ -531,6 +535,12 @@ static int rtw89_cam_init_bssid_cam(struct rtw89_dev *rtwdev,
u8 bssid_cam_idx;
int ret;
+ if (unlikely(bssid_cam->valid)) {
+ rtw89_debug(rtwdev, RTW89_DBG_FW,
+ "bssid cam is already valid; skip init\n");
+ return 0;
+ }
+
ret = rtw89_cam_get_avail_bssid_cam(rtwdev, &bssid_cam_idx);
if (ret) {
rtw89_err(rtwdev, "failed to get available bssid cam\n");
diff --git a/drivers/net/wireless/realtek/rtw89/ser.c b/drivers/net/wireless/realtek/rtw89/ser.c
index 837cdc366a61..e86f3d89ef1b 100644
--- a/drivers/net/wireless/realtek/rtw89/ser.c
+++ b/drivers/net/wireless/realtek/rtw89/ser.c
@@ -220,11 +220,32 @@ static void ser_reset_vif(struct rtw89_dev *rtwdev, struct rtw89_vif *rtwvif)
rtwvif->trigger = false;
}
+static void ser_sta_deinit_addr_cam_iter(void *data, struct ieee80211_sta *sta)
+{
+ struct rtw89_dev *rtwdev = (struct rtw89_dev *)data;
+ struct rtw89_sta *rtwsta = (struct rtw89_sta *)sta->drv_priv;
+
+ rtw89_cam_deinit_addr_cam(rtwdev, &rtwsta->addr_cam);
+}
+
+static void ser_deinit_cam(struct rtw89_dev *rtwdev, struct rtw89_vif *rtwvif)
+{
+ if (rtwvif->net_type == RTW89_NET_TYPE_AP_MODE)
+ ieee80211_iterate_stations_atomic(rtwdev->hw,
+ ser_sta_deinit_addr_cam_iter,
+ rtwdev);
+
+ rtw89_cam_deinit(rtwdev, rtwvif);
+}
+
static void ser_reset_mac_binding(struct rtw89_dev *rtwdev)
{
struct rtw89_vif *rtwvif;
rtw89_cam_reset_keys(rtwdev);
+ rtw89_for_each_rtwvif(rtwdev, rtwvif)
+ ser_deinit_cam(rtwdev, rtwvif);
+
rtw89_core_release_all_bits_map(rtwdev->mac_id_map, RTW89_MAX_MAC_ID_NUM);
rtw89_for_each_rtwvif(rtwdev, rtwvif)
ser_reset_vif(rtwdev, rtwvif);
--
2.35.1
^ permalink raw reply related [flat|nested] 898+ messages in thread
* [PATCH 5.18 064/879] rtw89: fix misconfiguration on hw_scan channel time
2022-06-07 16:51 [PATCH 5.18 000/879] 5.18.3-rc1 review Greg Kroah-Hartman
` (62 preceding siblings ...)
2022-06-07 16:53 ` [PATCH 5.18 063/879] rtw89: ser: fix CAM leaks occurring in L2 reset Greg Kroah-Hartman
@ 2022-06-07 16:53 ` Greg Kroah-Hartman
2022-06-07 16:53 ` [PATCH 5.18 065/879] mwifiex: add mutex lock for call in mwifiex_dfs_chan_sw_work_queue Greg Kroah-Hartman
` (824 subsequent siblings)
888 siblings, 0 replies; 898+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:53 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Po Hao Huang, Ping-Ke Shih,
Kalle Valo, Sasha Levin
From: Po Hao Huang <phhuang@realtek.com>
[ Upstream commit 65ee4971a262a024e239e5d2b7f4dee1b3dff40e ]
Without this patch, hw scan won't stay long enough on DFS/passive
channels. Found previous logic error and fix it.
Signed-off-by: Po Hao Huang <phhuang@realtek.com>
Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20220401055043.12512-5-pkshih@realtek.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/realtek/rtw89/fw.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/wireless/realtek/rtw89/fw.c b/drivers/net/wireless/realtek/rtw89/fw.c
index 6deaf8eec6b4..a9b5315a517e 100644
--- a/drivers/net/wireless/realtek/rtw89/fw.c
+++ b/drivers/net/wireless/realtek/rtw89/fw.c
@@ -2065,7 +2065,7 @@ static void rtw89_hw_scan_add_chan(struct rtw89_dev *rtwdev, int chan_type,
ch_info->num_pkt = 0;
break;
case RTW89_CHAN_DFS:
- ch_info->period = min_t(u8, ch_info->period,
+ ch_info->period = max_t(u8, ch_info->period,
RTW89_DFS_CHAN_TIME);
ch_info->dwell_time = RTW89_DWELL_TIME;
break;
--
2.35.1
^ permalink raw reply related [flat|nested] 898+ messages in thread
* [PATCH 5.18 065/879] mwifiex: add mutex lock for call in mwifiex_dfs_chan_sw_work_queue
2022-06-07 16:51 [PATCH 5.18 000/879] 5.18.3-rc1 review Greg Kroah-Hartman
` (63 preceding siblings ...)
2022-06-07 16:53 ` [PATCH 5.18 064/879] rtw89: fix misconfiguration on hw_scan channel time Greg Kroah-Hartman
@ 2022-06-07 16:53 ` Greg Kroah-Hartman
2022-06-07 16:53 ` [PATCH 5.18 066/879] b43legacy: Fix assigning negative value to unsigned variable Greg Kroah-Hartman
` (823 subsequent siblings)
888 siblings, 0 replies; 898+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:53 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Brian Norris, Niels Dossche,
Kalle Valo, Sasha Levin
From: Niels Dossche <dossche.niels@gmail.com>
[ Upstream commit 3e12968f6d12a34b540c39cbd696a760cc4616f0 ]
cfg80211_ch_switch_notify uses ASSERT_WDEV_LOCK to assert that
net_device->ieee80211_ptr->mtx (which is the same as priv->wdev.mtx)
is held during the function's execution.
mwifiex_dfs_chan_sw_work_queue is one of its callers, which does not
hold that lock, therefore violating the assertion.
Add a lock around the call.
Disclaimer:
I am currently working on a static analyser to detect missing locks.
This was a reported case. I manually verified the report by looking
at the code, so that I do not send wrong information or patches.
After concluding that this seems to be a true positive, I created
this patch.
However, as I do not in fact have this particular hardware,
I was unable to test it.
Reviewed-by: Brian Norris <briannorris@chromium.org>
Signed-off-by: Niels Dossche <dossche.niels@gmail.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20220321225515.32113-1-dossche.niels@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/marvell/mwifiex/11h.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/net/wireless/marvell/mwifiex/11h.c b/drivers/net/wireless/marvell/mwifiex/11h.c
index d2ee6469e67b..3fa25cd64cda 100644
--- a/drivers/net/wireless/marvell/mwifiex/11h.c
+++ b/drivers/net/wireless/marvell/mwifiex/11h.c
@@ -303,5 +303,7 @@ void mwifiex_dfs_chan_sw_work_queue(struct work_struct *work)
mwifiex_dbg(priv->adapter, MSG,
"indicating channel switch completion to kernel\n");
+ mutex_lock(&priv->wdev.mtx);
cfg80211_ch_switch_notify(priv->netdev, &priv->dfs_chandef);
+ mutex_unlock(&priv->wdev.mtx);
}
--
2.35.1
^ permalink raw reply related [flat|nested] 898+ messages in thread
* [PATCH 5.18 066/879] b43legacy: Fix assigning negative value to unsigned variable
2022-06-07 16:51 [PATCH 5.18 000/879] 5.18.3-rc1 review Greg Kroah-Hartman
` (64 preceding siblings ...)
2022-06-07 16:53 ` [PATCH 5.18 065/879] mwifiex: add mutex lock for call in mwifiex_dfs_chan_sw_work_queue Greg Kroah-Hartman
@ 2022-06-07 16:53 ` Greg Kroah-Hartman
2022-06-07 16:53 ` [PATCH 5.18 067/879] b43: " Greg Kroah-Hartman
` (822 subsequent siblings)
888 siblings, 0 replies; 898+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:53 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Haowen Bai, Kalle Valo, Sasha Levin
From: Haowen Bai <baihaowen@meizu.com>
[ Upstream commit 3f6b867559b3d43a7ce1b4799b755e812fc0d503 ]
fix warning reported by smatch:
drivers/net/wireless/broadcom/b43legacy/phy.c:1181 b43legacy_phy_lo_b_measure()
warn: assigning (-772) to unsigned variable 'fval'
Signed-off-by: Haowen Bai <baihaowen@meizu.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/1648203433-8736-1-git-send-email-baihaowen@meizu.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/broadcom/b43legacy/phy.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/wireless/broadcom/b43legacy/phy.c b/drivers/net/wireless/broadcom/b43legacy/phy.c
index 05404fbd1e70..c1395e622759 100644
--- a/drivers/net/wireless/broadcom/b43legacy/phy.c
+++ b/drivers/net/wireless/broadcom/b43legacy/phy.c
@@ -1123,7 +1123,7 @@ void b43legacy_phy_lo_b_measure(struct b43legacy_wldev *dev)
struct b43legacy_phy *phy = &dev->phy;
u16 regstack[12] = { 0 };
u16 mls;
- u16 fval;
+ s16 fval;
int i;
int j;
--
2.35.1
^ permalink raw reply related [flat|nested] 898+ messages in thread
* [PATCH 5.18 067/879] b43: Fix assigning negative value to unsigned variable
2022-06-07 16:51 [PATCH 5.18 000/879] 5.18.3-rc1 review Greg Kroah-Hartman
` (65 preceding siblings ...)
2022-06-07 16:53 ` [PATCH 5.18 066/879] b43legacy: Fix assigning negative value to unsigned variable Greg Kroah-Hartman
@ 2022-06-07 16:53 ` Greg Kroah-Hartman
2022-06-07 16:53 ` [PATCH 5.18 068/879] ipw2x00: Fix potential NULL dereference in libipw_xmit() Greg Kroah-Hartman
` (821 subsequent siblings)
888 siblings, 0 replies; 898+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:53 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Haowen Bai, Kalle Valo, Sasha Levin
From: Haowen Bai <baihaowen@meizu.com>
[ Upstream commit 11800d893b38e0e12d636c170c1abc19c43c730c ]
fix warning reported by smatch:
drivers/net/wireless/broadcom/b43/phy_n.c:585 b43_nphy_adjust_lna_gain_table()
warn: assigning (-2) to unsigned variable '*(lna_gain[0])'
Signed-off-by: Haowen Bai <baihaowen@meizu.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/1648203315-28093-1-git-send-email-baihaowen@meizu.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/broadcom/b43/phy_n.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/wireless/broadcom/b43/phy_n.c b/drivers/net/wireless/broadcom/b43/phy_n.c
index cf3ccf4ddfe7..aa5c99465674 100644
--- a/drivers/net/wireless/broadcom/b43/phy_n.c
+++ b/drivers/net/wireless/broadcom/b43/phy_n.c
@@ -582,7 +582,7 @@ static void b43_nphy_adjust_lna_gain_table(struct b43_wldev *dev)
u16 data[4];
s16 gain[2];
u16 minmax[2];
- static const u16 lna_gain[4] = { -2, 10, 19, 25 };
+ static const s16 lna_gain[4] = { -2, 10, 19, 25 };
if (nphy->hang_avoid)
b43_nphy_stay_in_carrier_search(dev, 1);
--
2.35.1
^ permalink raw reply related [flat|nested] 898+ messages in thread
* [PATCH 5.18 068/879] ipw2x00: Fix potential NULL dereference in libipw_xmit()
2022-06-07 16:51 [PATCH 5.18 000/879] 5.18.3-rc1 review Greg Kroah-Hartman
` (66 preceding siblings ...)
2022-06-07 16:53 ` [PATCH 5.18 067/879] b43: " Greg Kroah-Hartman
@ 2022-06-07 16:53 ` Greg Kroah-Hartman
2022-06-07 16:53 ` [PATCH 5.18 069/879] ipv6: fix locking issues with loops over idev->addr_list Greg Kroah-Hartman
` (820 subsequent siblings)
888 siblings, 0 replies; 898+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:53 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Haowen Bai, Kalle Valo, Sasha Levin
From: Haowen Bai <baihaowen@meizu.com>
[ Upstream commit e8366bbabe1d207cf7c5b11ae50e223ae6fc278b ]
crypt and crypt->ops could be null, so we need to checking null
before dereference
Signed-off-by: Haowen Bai <baihaowen@meizu.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/1648797055-25730-1-git-send-email-baihaowen@meizu.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/intel/ipw2x00/libipw_tx.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/wireless/intel/ipw2x00/libipw_tx.c b/drivers/net/wireless/intel/ipw2x00/libipw_tx.c
index 36d1e6b2568d..4aec1fce1ae2 100644
--- a/drivers/net/wireless/intel/ipw2x00/libipw_tx.c
+++ b/drivers/net/wireless/intel/ipw2x00/libipw_tx.c
@@ -383,7 +383,7 @@ netdev_tx_t libipw_xmit(struct sk_buff *skb, struct net_device *dev)
/* Each fragment may need to have room for encryption
* pre/postfix */
- if (host_encrypt)
+ if (host_encrypt && crypt && crypt->ops)
bytes_per_frag -= crypt->ops->extra_mpdu_prefix_len +
crypt->ops->extra_mpdu_postfix_len;
--
2.35.1
^ permalink raw reply related [flat|nested] 898+ messages in thread
* [PATCH 5.18 069/879] ipv6: fix locking issues with loops over idev->addr_list
2022-06-07 16:51 [PATCH 5.18 000/879] 5.18.3-rc1 review Greg Kroah-Hartman
` (67 preceding siblings ...)
2022-06-07 16:53 ` [PATCH 5.18 068/879] ipw2x00: Fix potential NULL dereference in libipw_xmit() Greg Kroah-Hartman
@ 2022-06-07 16:53 ` Greg Kroah-Hartman
2022-06-07 16:53 ` [PATCH 5.18 070/879] fbcon: Consistently protect deferred_takeover with console_lock() Greg Kroah-Hartman
` (819 subsequent siblings)
888 siblings, 0 replies; 898+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:53 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Paolo Abeni, Niels Dossche,
Jakub Kicinski, Sasha Levin
From: Niels Dossche <dossche.niels@gmail.com>
[ Upstream commit 51454ea42c1ab4e0c2828bb0d4d53957976980de ]
idev->addr_list needs to be protected by idev->lock. However, it is not
always possible to do so while iterating and performing actions on
inet6_ifaddr instances. For example, multiple functions (like
addrconf_{join,leave}_anycast) eventually call down to other functions
that acquire the idev->lock. The current code temporarily unlocked the
idev->lock during the loops, which can cause race conditions. Moving the
locks up is also not an appropriate solution as the ordering of lock
acquisition will be inconsistent with for example mc_lock.
This solution adds an additional field to inet6_ifaddr that is used
to temporarily add the instances to a temporary list while holding
idev->lock. The temporary list can then be traversed without holding
idev->lock. This change was done in two places. In addrconf_ifdown, the
list_for_each_entry_safe variant of the list loop is also no longer
necessary as there is no deletion within that specific loop.
Suggested-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Niels Dossche <dossche.niels@gmail.com>
Acked-by: Paolo Abeni <pabeni@redhat.com>
Link: https://lore.kernel.org/r/20220403231523.45843-1-dossche.niels@gmail.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/net/if_inet6.h | 8 ++++++++
net/ipv6/addrconf.c | 30 ++++++++++++++++++++++++------
2 files changed, 32 insertions(+), 6 deletions(-)
diff --git a/include/net/if_inet6.h b/include/net/if_inet6.h
index 4cfdef6ca4f6..c8490729b4ae 100644
--- a/include/net/if_inet6.h
+++ b/include/net/if_inet6.h
@@ -64,6 +64,14 @@ struct inet6_ifaddr {
struct hlist_node addr_lst;
struct list_head if_list;
+ /*
+ * Used to safely traverse idev->addr_list in process context
+ * if the idev->lock needed to protect idev->addr_list cannot be held.
+ * In that case, add the items to this list temporarily and iterate
+ * without holding idev->lock.
+ * See addrconf_ifdown and dev_forward_change.
+ */
+ struct list_head if_list_aux;
struct list_head tmp_list;
struct inet6_ifaddr *ifpub;
diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c
index b22504176588..1afc4c024981 100644
--- a/net/ipv6/addrconf.c
+++ b/net/ipv6/addrconf.c
@@ -797,6 +797,7 @@ static void dev_forward_change(struct inet6_dev *idev)
{
struct net_device *dev;
struct inet6_ifaddr *ifa;
+ LIST_HEAD(tmp_addr_list);
if (!idev)
return;
@@ -815,14 +816,24 @@ static void dev_forward_change(struct inet6_dev *idev)
}
}
+ read_lock_bh(&idev->lock);
list_for_each_entry(ifa, &idev->addr_list, if_list) {
if (ifa->flags&IFA_F_TENTATIVE)
continue;
+ list_add_tail(&ifa->if_list_aux, &tmp_addr_list);
+ }
+ read_unlock_bh(&idev->lock);
+
+ while (!list_empty(&tmp_addr_list)) {
+ ifa = list_first_entry(&tmp_addr_list,
+ struct inet6_ifaddr, if_list_aux);
+ list_del(&ifa->if_list_aux);
if (idev->cnf.forwarding)
addrconf_join_anycast(ifa);
else
addrconf_leave_anycast(ifa);
}
+
inet6_netconf_notify_devconf(dev_net(dev), RTM_NEWNETCONF,
NETCONFA_FORWARDING,
dev->ifindex, &idev->cnf);
@@ -3728,7 +3739,8 @@ static int addrconf_ifdown(struct net_device *dev, bool unregister)
unsigned long event = unregister ? NETDEV_UNREGISTER : NETDEV_DOWN;
struct net *net = dev_net(dev);
struct inet6_dev *idev;
- struct inet6_ifaddr *ifa, *tmp;
+ struct inet6_ifaddr *ifa;
+ LIST_HEAD(tmp_addr_list);
bool keep_addr = false;
bool was_ready;
int state, i;
@@ -3820,16 +3832,23 @@ static int addrconf_ifdown(struct net_device *dev, bool unregister)
write_lock_bh(&idev->lock);
}
- list_for_each_entry_safe(ifa, tmp, &idev->addr_list, if_list) {
+ list_for_each_entry(ifa, &idev->addr_list, if_list)
+ list_add_tail(&ifa->if_list_aux, &tmp_addr_list);
+ write_unlock_bh(&idev->lock);
+
+ while (!list_empty(&tmp_addr_list)) {
struct fib6_info *rt = NULL;
bool keep;
+ ifa = list_first_entry(&tmp_addr_list,
+ struct inet6_ifaddr, if_list_aux);
+ list_del(&ifa->if_list_aux);
+
addrconf_del_dad_work(ifa);
keep = keep_addr && (ifa->flags & IFA_F_PERMANENT) &&
!addr_is_local(&ifa->addr);
- write_unlock_bh(&idev->lock);
spin_lock_bh(&ifa->lock);
if (keep) {
@@ -3860,15 +3879,14 @@ static int addrconf_ifdown(struct net_device *dev, bool unregister)
addrconf_leave_solict(ifa->idev, &ifa->addr);
}
- write_lock_bh(&idev->lock);
if (!keep) {
+ write_lock_bh(&idev->lock);
list_del_rcu(&ifa->if_list);
+ write_unlock_bh(&idev->lock);
in6_ifa_put(ifa);
}
}
- write_unlock_bh(&idev->lock);
-
/* Step 5: Discard anycast and multicast list */
if (unregister) {
ipv6_ac_destroy_dev(idev);
--
2.35.1
^ permalink raw reply related [flat|nested] 898+ messages in thread
* [PATCH 5.18 070/879] fbcon: Consistently protect deferred_takeover with console_lock()
2022-06-07 16:51 [PATCH 5.18 000/879] 5.18.3-rc1 review Greg Kroah-Hartman
` (68 preceding siblings ...)
2022-06-07 16:53 ` [PATCH 5.18 069/879] ipv6: fix locking issues with loops over idev->addr_list Greg Kroah-Hartman
@ 2022-06-07 16:53 ` Greg Kroah-Hartman
2022-06-07 16:53 ` [PATCH 5.18 071/879] x86/platform/uv: Update TSC sync state for UV5 Greg Kroah-Hartman
` (818 subsequent siblings)
888 siblings, 0 replies; 898+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:53 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Sam Ravnborg, Daniel Vetter,
Daniel Vetter, Du Cheng, Tetsuo Handa, Claudio Suarez,
Thomas Zimmermann, Sasha Levin
From: Daniel Vetter <daniel.vetter@ffwll.ch>
[ Upstream commit 43553559121ca90965b572cf8a1d6d0fd618b449 ]
This shouldn't be a problem in practice since until we've actually
taken over the console there's nothing we've registered with the
console/vt subsystem, so the exit/unbind path that check this can't
do the wrong thing. But it's confusing, so fix it by moving it a tad
later.
Acked-by: Sam Ravnborg <sam@ravnborg.org>
Signed-off-by: Daniel Vetter <daniel.vetter@intel.com>
Cc: Daniel Vetter <daniel@ffwll.ch>
Cc: Du Cheng <ducheng2@gmail.com>
Cc: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Cc: Claudio Suarez <cssk@net-c.es>
Cc: Thomas Zimmermann <tzimmermann@suse.de>
Link: https://patchwork.freedesktop.org/patch/msgid/20220405210335.3434130-14-daniel.vetter@ffwll.ch
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/video/fbdev/core/fbcon.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/drivers/video/fbdev/core/fbcon.c b/drivers/video/fbdev/core/fbcon.c
index 2fc1b80a26ad..9a8ae6fa6ecb 100644
--- a/drivers/video/fbdev/core/fbcon.c
+++ b/drivers/video/fbdev/core/fbcon.c
@@ -3265,6 +3265,9 @@ static void fbcon_register_existing_fbs(struct work_struct *work)
console_lock();
+ deferred_takeover = false;
+ logo_shown = FBCON_LOGO_DONTSHOW;
+
for_each_registered_fb(i)
fbcon_fb_registered(registered_fb[i]);
@@ -3282,8 +3285,6 @@ static int fbcon_output_notifier(struct notifier_block *nb,
pr_info("fbcon: Taking over console\n");
dummycon_unregister_output_notifier(&fbcon_output_nb);
- deferred_takeover = false;
- logo_shown = FBCON_LOGO_DONTSHOW;
/* We may get called in atomic context */
schedule_work(&fbcon_deferred_takeover_work);
--
2.35.1
^ permalink raw reply related [flat|nested] 898+ messages in thread
* [PATCH 5.18 071/879] x86/platform/uv: Update TSC sync state for UV5
2022-06-07 16:51 [PATCH 5.18 000/879] 5.18.3-rc1 review Greg Kroah-Hartman
` (69 preceding siblings ...)
2022-06-07 16:53 ` [PATCH 5.18 070/879] fbcon: Consistently protect deferred_takeover with console_lock() Greg Kroah-Hartman
@ 2022-06-07 16:53 ` Greg Kroah-Hartman
2022-06-07 16:53 ` [PATCH 5.18 072/879] ACPICA: Avoid cache flush inside virtual machines Greg Kroah-Hartman
` (817 subsequent siblings)
888 siblings, 0 replies; 898+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:53 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Mike Travis, Steve Wahl,
Borislav Petkov, Dimitri Sivanich, Thomas Gleixner, Sasha Levin
From: Mike Travis <mike.travis@hpe.com>
[ Upstream commit bb3ab81bdbd53f88f26ffabc9fb15bd8466486ec ]
The UV5 platform synchronizes the TSCs among all chassis, and will not
proceed to OS boot without achieving synchronization. Previous UV
platforms provided a register indicating successful synchronization.
This is no longer available on UV5. On this platform TSC_ADJUST
should not be reset by the kernel.
Signed-off-by: Mike Travis <mike.travis@hpe.com>
Signed-off-by: Steve Wahl <steve.wahl@hpe.com>
Signed-off-by: Borislav Petkov <bp@suse.de>
Reviewed-by: Dimitri Sivanich <dimitri.sivanich@hpe.com>
Acked-by: Thomas Gleixner <tglx@linutronix.de>
Link: https://lore.kernel.org/r/20220406195149.228164-3-steve.wahl@hpe.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/x86/kernel/apic/x2apic_uv_x.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/arch/x86/kernel/apic/x2apic_uv_x.c b/arch/x86/kernel/apic/x2apic_uv_x.c
index f5a48e66e4f5..a6e9c2794ef5 100644
--- a/arch/x86/kernel/apic/x2apic_uv_x.c
+++ b/arch/x86/kernel/apic/x2apic_uv_x.c
@@ -199,7 +199,13 @@ static void __init uv_tsc_check_sync(void)
int mmr_shift;
char *state;
- /* Different returns from different UV BIOS versions */
+ /* UV5 guarantees synced TSCs; do not zero TSC_ADJUST */
+ if (!is_uv(UV2|UV3|UV4)) {
+ mark_tsc_async_resets("UV5+");
+ return;
+ }
+
+ /* UV2,3,4, UV BIOS TSC sync state available */
mmr = uv_early_read_mmr(UVH_TSC_SYNC_MMR);
mmr_shift =
is_uv2_hub() ? UVH_TSC_SYNC_SHIFT_UV2K : UVH_TSC_SYNC_SHIFT;
--
2.35.1
^ permalink raw reply related [flat|nested] 898+ messages in thread
* [PATCH 5.18 072/879] ACPICA: Avoid cache flush inside virtual machines
2022-06-07 16:51 [PATCH 5.18 000/879] 5.18.3-rc1 review Greg Kroah-Hartman
` (70 preceding siblings ...)
2022-06-07 16:53 ` [PATCH 5.18 071/879] x86/platform/uv: Update TSC sync state for UV5 Greg Kroah-Hartman
@ 2022-06-07 16:53 ` Greg Kroah-Hartman
2022-06-07 16:53 ` [PATCH 5.18 073/879] libbpf: Fix a bug with checking bpf_probe_read_kernel() support in old kernels Greg Kroah-Hartman
` (816 subsequent siblings)
888 siblings, 0 replies; 898+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:53 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Kirill A. Shutemov, Dave Hansen,
Dan Williams, Thomas Gleixner, Sasha Levin
From: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
[ Upstream commit e2efb6359e620521d1e13f69b2257de8ceaa9475 ]
While running inside virtual machine, the kernel can bypass cache
flushing. Changing sleep state in a virtual machine doesn't affect the
host system sleep state and cannot lead to data loss.
Before entering sleep states, the ACPI code flushes caches to prevent
data loss using the WBINVD instruction. This mechanism is required on
bare metal.
But, any use WBINVD inside of a guest is worthless. Changing sleep
state in a virtual machine doesn't affect the host system sleep state
and cannot lead to data loss, so most hypervisors simply ignore it.
Despite this, the ACPI code calls WBINVD unconditionally anyway.
It's useless, but also normally harmless.
In TDX guests, though, WBINVD stops being harmless; it triggers a
virtualization exception (#VE). If the ACPI cache-flushing WBINVD
were left in place, TDX guests would need handling to recover from
the exception.
Avoid using WBINVD whenever running under a hypervisor. This both
removes the useless WBINVDs and saves TDX from implementing WBINVD
handling.
Signed-off-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com>
Reviewed-by: Dave Hansen <dave.hansen@linux.intel.com>
Reviewed-by: Dan Williams <dan.j.williams@intel.com>
Reviewed-by: Thomas Gleixner <tglx@linutronix.de>
Link: https://lkml.kernel.org/r/20220405232939.73860-30-kirill.shutemov@linux.intel.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/x86/include/asm/acenv.h | 14 +++++++++++++-
1 file changed, 13 insertions(+), 1 deletion(-)
diff --git a/arch/x86/include/asm/acenv.h b/arch/x86/include/asm/acenv.h
index 9aff97f0de7f..d937c55e717e 100644
--- a/arch/x86/include/asm/acenv.h
+++ b/arch/x86/include/asm/acenv.h
@@ -13,7 +13,19 @@
/* Asm macros */
-#define ACPI_FLUSH_CPU_CACHE() wbinvd()
+/*
+ * ACPI_FLUSH_CPU_CACHE() flushes caches on entering sleep states.
+ * It is required to prevent data loss.
+ *
+ * While running inside virtual machine, the kernel can bypass cache flushing.
+ * Changing sleep state in a virtual machine doesn't affect the host system
+ * sleep state and cannot lead to data loss.
+ */
+#define ACPI_FLUSH_CPU_CACHE() \
+do { \
+ if (!cpu_feature_enabled(X86_FEATURE_HYPERVISOR)) \
+ wbinvd(); \
+} while (0)
int __acpi_acquire_global_lock(unsigned int *lock);
int __acpi_release_global_lock(unsigned int *lock);
--
2.35.1
^ permalink raw reply related [flat|nested] 898+ messages in thread
* [PATCH 5.18 073/879] libbpf: Fix a bug with checking bpf_probe_read_kernel() support in old kernels
2022-06-07 16:51 [PATCH 5.18 000/879] 5.18.3-rc1 review Greg Kroah-Hartman
` (71 preceding siblings ...)
2022-06-07 16:53 ` [PATCH 5.18 072/879] ACPICA: Avoid cache flush inside virtual machines Greg Kroah-Hartman
@ 2022-06-07 16:53 ` Greg Kroah-Hartman
2022-06-07 16:53 ` [PATCH 5.18 074/879] mac80211: minstrel_ht: fix where rate stats are stored (fixes debugfs output) Greg Kroah-Hartman
` (815 subsequent siblings)
888 siblings, 0 replies; 898+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:53 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Runqing Yang, Andrii Nakryiko, Sasha Levin
From: Runqing Yang <rainkin1993@gmail.com>
[ Upstream commit d252a4a499a07bec21c65873f605c3a1ef52ffed ]
Background:
Libbpf automatically replaces calls to BPF bpf_probe_read_{kernel,user}
[_str]() helpers with bpf_probe_read[_str](), if libbpf detects that
kernel doesn't support new APIs. Specifically, libbpf invokes the
probe_kern_probe_read_kernel function to load a small eBPF program into
the kernel in which bpf_probe_read_kernel API is invoked and lets the
kernel checks whether the new API is valid. If the loading fails, libbpf
considers the new API invalid and replaces it with the old API.
static int probe_kern_probe_read_kernel(void)
{
struct bpf_insn insns[] = {
BPF_MOV64_REG(BPF_REG_1, BPF_REG_10), /* r1 = r10 (fp) */
BPF_ALU64_IMM(BPF_ADD, BPF_REG_1, -8), /* r1 += -8 */
BPF_MOV64_IMM(BPF_REG_2, 8), /* r2 = 8 */
BPF_MOV64_IMM(BPF_REG_3, 0), /* r3 = 0 */
BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_probe_read_kernel),
BPF_EXIT_INSN(),
};
int fd, insn_cnt = ARRAY_SIZE(insns);
fd = bpf_prog_load(BPF_PROG_TYPE_KPROBE, NULL,
"GPL", insns, insn_cnt, NULL);
return probe_fd(fd);
}
Bug:
On older kernel versions [0], the kernel checks whether the version
number provided in the bpf syscall, matches the LINUX_VERSION_CODE.
If not matched, the bpf syscall fails. eBPF However, the
probe_kern_probe_read_kernel code does not set the kernel version
number provided to the bpf syscall, which causes the loading process
alwasys fails for old versions. It means that libbpf will replace the
new API with the old one even the kernel supports the new one.
Solution:
After a discussion in [1], the solution is using BPF_PROG_TYPE_TRACEPOINT
program type instead of BPF_PROG_TYPE_KPROBE because kernel does not
enfoce version check for tracepoint programs. I test the patch in old
kernels (4.18 and 4.19) and it works well.
[0] https://elixir.bootlin.com/linux/v4.19/source/kernel/bpf/syscall.c#L1360
[1] Closes: https://github.com/libbpf/libbpf/issues/473
Signed-off-by: Runqing Yang <rainkin1993@gmail.com>
Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
Link: https://lore.kernel.org/bpf/20220409144928.27499-1-rainkin1993@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/lib/bpf/libbpf.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tools/lib/bpf/libbpf.c b/tools/lib/bpf/libbpf.c
index 809fe209cdcc..dabf9a1451c3 100644
--- a/tools/lib/bpf/libbpf.c
+++ b/tools/lib/bpf/libbpf.c
@@ -4587,7 +4587,7 @@ static int probe_kern_probe_read_kernel(void)
};
int fd, insn_cnt = ARRAY_SIZE(insns);
- fd = bpf_prog_load(BPF_PROG_TYPE_KPROBE, NULL, "GPL", insns, insn_cnt, NULL);
+ fd = bpf_prog_load(BPF_PROG_TYPE_TRACEPOINT, NULL, "GPL", insns, insn_cnt, NULL);
return probe_fd(fd);
}
--
2.35.1
^ permalink raw reply related [flat|nested] 898+ messages in thread
* [PATCH 5.18 074/879] mac80211: minstrel_ht: fix where rate stats are stored (fixes debugfs output)
2022-06-07 16:51 [PATCH 5.18 000/879] 5.18.3-rc1 review Greg Kroah-Hartman
` (72 preceding siblings ...)
2022-06-07 16:53 ` [PATCH 5.18 073/879] libbpf: Fix a bug with checking bpf_probe_read_kernel() support in old kernels Greg Kroah-Hartman
@ 2022-06-07 16:53 ` Greg Kroah-Hartman
2022-06-07 16:53 ` [PATCH 5.18 075/879] drm/komeda: return early if drm_universal_plane_init() fails Greg Kroah-Hartman
` (814 subsequent siblings)
888 siblings, 0 replies; 898+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:53 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Peter Seiderer, Johannes Berg, Sasha Levin
From: Peter Seiderer <ps.report@gmx.net>
[ Upstream commit 5c6dd7bd569b54c0d2904125d7366aa93f077f67 ]
Using an ath9k card the debugfs output of minstrel_ht looks like the following
(note the zero values for the first four rates sum-of success/attempts):
best ____________rate__________ ____statistics___ _____last____ ______sum-of________
mode guard # rate [name idx airtime max_tp] [avg(tp) avg(prob)] [retry|suc|att] [#success | #attempts]
OFDM 1 DP 6.0M 272 1640 5.2 3.1 53.8 3 0 0 0 0
OFDM 1 C 9.0M 273 1104 7.7 4.6 53.8 4 0 0 0 0
OFDM 1 B 12.0M 274 836 10.0 6.0 53.8 4 0 0 0 0
OFDM 1 A S 18.0M 275 568 14.3 8.5 53.8 5 0 0 0 0
OFDM 1 S 24.0M 276 436 18.1 0.0 0.0 5 0 1 80 1778
OFDM 1 36.0M 277 300 24.9 0.0 0.0 0 0 1 0 107
OFDM 1 S 48.0M 278 236 30.4 0.0 0.0 0 0 0 0 75
OFDM 1 54.0M 279 212 33.0 0.0 0.0 0 0 0 0 72
Total packet count:: ideal 16582 lookaround 885
Average # of aggregated frames per A-MPDU: 1.0
Debugging showed that the rate statistics for the first four rates where
stored in the MINSTREL_CCK_GROUP instead of the MINSTREL_OFDM_GROUP because
in minstrel_ht_get_stats() the supported check was not honoured as done in
various other places, e.g net/mac80211/rc80211_minstrel_ht_debugfs.c:
74 if (!(mi->supported[i] & BIT(j)))
75 continue;
With the patch applied the output looks good:
best ____________rate__________ ____statistics___ _____last____ ______sum-of________
mode guard # rate [name idx airtime max_tp] [avg(tp) avg(prob)] [retry|suc|att] [#success | #attempts]
OFDM 1 D 6.0M 272 1640 5.2 5.2 100.0 3 0 0 1 1
OFDM 1 C 9.0M 273 1104 7.7 7.7 100.0 4 0 0 38 38
OFDM 1 B 12.0M 274 836 10.0 9.9 89.5 4 2 2 372 395
OFDM 1 A P 18.0M 275 568 14.3 14.3 97.2 5 52 53 6956 7181
OFDM 1 S 24.0M 276 436 18.1 0.0 0.0 0 0 1 6 163
OFDM 1 36.0M 277 300 24.9 0.0 0.0 0 0 1 0 35
OFDM 1 S 48.0M 278 236 30.4 0.0 0.0 0 0 0 0 38
OFDM 1 S 54.0M 279 212 33.0 0.0 0.0 0 0 0 0 38
Total packet count:: ideal 7097 lookaround 287
Average # of aggregated frames per A-MPDU: 1.0
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Link: https://lore.kernel.org/r/20220404165414.1036-1-ps.report@gmx.net
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/mac80211/rc80211_minstrel_ht.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/net/mac80211/rc80211_minstrel_ht.c b/net/mac80211/rc80211_minstrel_ht.c
index 9c6ace858107..5a6bf46a4248 100644
--- a/net/mac80211/rc80211_minstrel_ht.c
+++ b/net/mac80211/rc80211_minstrel_ht.c
@@ -362,6 +362,9 @@ minstrel_ht_get_stats(struct minstrel_priv *mp, struct minstrel_ht_sta *mi,
group = MINSTREL_CCK_GROUP;
for (idx = 0; idx < ARRAY_SIZE(mp->cck_rates); idx++) {
+ if (!(mi->supported[group] & BIT(idx)))
+ continue;
+
if (rate->idx != mp->cck_rates[idx])
continue;
--
2.35.1
^ permalink raw reply related [flat|nested] 898+ messages in thread
* [PATCH 5.18 075/879] drm/komeda: return early if drm_universal_plane_init() fails.
2022-06-07 16:51 [PATCH 5.18 000/879] 5.18.3-rc1 review Greg Kroah-Hartman
` (73 preceding siblings ...)
2022-06-07 16:53 ` [PATCH 5.18 074/879] mac80211: minstrel_ht: fix where rate stats are stored (fixes debugfs output) Greg Kroah-Hartman
@ 2022-06-07 16:53 ` Greg Kroah-Hartman
2022-06-07 16:53 ` [PATCH 5.18 076/879] drm/amd/display: Disabling Z10 on DCN31 Greg Kroah-Hartman
` (813 subsequent siblings)
888 siblings, 0 replies; 898+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:53 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Steven Price, Liviu Dudau, Sasha Levin
From: Liviu Dudau <liviu.dudau@arm.com>
[ Upstream commit c8f76c37cc3668ee45e081e76a15f24a352ebbdd ]
If drm_universal_plane_init() fails early we jump to the common cleanup code
that calls komeda_plane_destroy() which in turn could access the uninitalised
drm_plane and crash. Return early if an error is detected without going through
the common code.
Reported-by: Steven Price <steven.price@arm.com>
Reviewed-by: Steven Price <steven.price@arm.com>
Signed-off-by: Liviu Dudau <liviu.dudau@arm.com>
Link: https://lore.kernel.org/dri-devel/20211203100946.2706922-1-liviu.dudau@arm.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/arm/display/komeda/komeda_plane.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/drivers/gpu/drm/arm/display/komeda/komeda_plane.c b/drivers/gpu/drm/arm/display/komeda/komeda_plane.c
index d63d83800a8a..d646e3ae1a23 100644
--- a/drivers/gpu/drm/arm/display/komeda/komeda_plane.c
+++ b/drivers/gpu/drm/arm/display/komeda/komeda_plane.c
@@ -275,8 +275,10 @@ static int komeda_plane_add(struct komeda_kms_dev *kms,
komeda_put_fourcc_list(formats);
- if (err)
- goto cleanup;
+ if (err) {
+ kfree(kplane);
+ return err;
+ }
drm_plane_helper_add(plane, &komeda_plane_helper_funcs);
--
2.35.1
^ permalink raw reply related [flat|nested] 898+ messages in thread
* [PATCH 5.18 076/879] drm/amd/display: Disabling Z10 on DCN31
2022-06-07 16:51 [PATCH 5.18 000/879] 5.18.3-rc1 review Greg Kroah-Hartman
` (74 preceding siblings ...)
2022-06-07 16:53 ` [PATCH 5.18 075/879] drm/komeda: return early if drm_universal_plane_init() fails Greg Kroah-Hartman
@ 2022-06-07 16:53 ` Greg Kroah-Hartman
2022-06-07 16:53 ` [PATCH 5.18 077/879] rcu-tasks: Fix race in schedule and flush work Greg Kroah-Hartman
` (812 subsequent siblings)
888 siblings, 0 replies; 898+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:53 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Eric Yang, Pavle Kotarac,
Saaem Rizvi, Alex Deucher, Sasha Levin
From: Saaem Rizvi <syerizvi@amd.com>
[ Upstream commit 5d5af34072c8b11f60960c3bea57ff9de5877791 ]
[WHY]
Z10 is should not be enabled by default on DCN31.
[HOW]
Using DC debug flags to disable Z10 by default on DCN31.
Reviewed-by: Eric Yang <Eric.Yang2@amd.com>
Acked-by: Pavle Kotarac <Pavle.Kotarac@amd.com>
Signed-off-by: Saaem Rizvi <syerizvi@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/amd/display/dc/dcn31/dcn31_resource.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/gpu/drm/amd/display/dc/dcn31/dcn31_resource.c b/drivers/gpu/drm/amd/display/dc/dcn31/dcn31_resource.c
index 63934ecf6be8..d71e625cc476 100644
--- a/drivers/gpu/drm/amd/display/dc/dcn31/dcn31_resource.c
+++ b/drivers/gpu/drm/amd/display/dc/dcn31/dcn31_resource.c
@@ -1030,6 +1030,7 @@ static const struct dc_debug_options debug_defaults_drv = {
.afmt = true,
}
},
+ .disable_z10 = true,
.optimize_edp_link_rate = true,
.enable_sw_cntl_psr = true,
.apply_vendor_specific_lttpr_wa = true,
--
2.35.1
^ permalink raw reply related [flat|nested] 898+ messages in thread
* [PATCH 5.18 077/879] rcu-tasks: Fix race in schedule and flush work
2022-06-07 16:51 [PATCH 5.18 000/879] 5.18.3-rc1 review Greg Kroah-Hartman
` (75 preceding siblings ...)
2022-06-07 16:53 ` [PATCH 5.18 076/879] drm/amd/display: Disabling Z10 on DCN31 Greg Kroah-Hartman
@ 2022-06-07 16:53 ` Greg Kroah-Hartman
2022-06-07 16:53 ` [PATCH 5.18 078/879] rcu-tasks: Handle sparse cpu_possible_mask in rcu_tasks_invoke_cbs() Greg Kroah-Hartman
` (811 subsequent siblings)
888 siblings, 0 replies; 898+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:53 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Paul E. McKenney,
Padmanabha Srinivasaiah, Sasha Levin
From: Padmanabha Srinivasaiah <treasure4paddy@gmail.com>
[ Upstream commit f75fd4b9221d93177c50dcfde671b2e907f53e86 ]
While booting secondary CPUs, cpus_read_[lock/unlock] is not keeping
online cpumask stable. The transient online mask results in below
calltrace.
[ 0.324121] CPU1: Booted secondary processor 0x0000000001 [0x410fd083]
[ 0.346652] Detected PIPT I-cache on CPU2
[ 0.347212] CPU2: Booted secondary processor 0x0000000002 [0x410fd083]
[ 0.377255] Detected PIPT I-cache on CPU3
[ 0.377823] CPU3: Booted secondary processor 0x0000000003 [0x410fd083]
[ 0.379040] ------------[ cut here ]------------
[ 0.383662] WARNING: CPU: 0 PID: 10 at kernel/workqueue.c:3084 __flush_work+0x12c/0x138
[ 0.384850] Modules linked in:
[ 0.385403] CPU: 0 PID: 10 Comm: rcu_tasks_rude_ Not tainted 5.17.0-rc3-v8+ #13
[ 0.386473] Hardware name: Raspberry Pi 4 Model B Rev 1.4 (DT)
[ 0.387289] pstate: 20000005 (nzCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)
[ 0.388308] pc : __flush_work+0x12c/0x138
[ 0.388970] lr : __flush_work+0x80/0x138
[ 0.389620] sp : ffffffc00aaf3c60
[ 0.390139] x29: ffffffc00aaf3d20 x28: ffffffc009c16af0 x27: ffffff80f761df48
[ 0.391316] x26: 0000000000000004 x25: 0000000000000003 x24: 0000000000000100
[ 0.392493] x23: ffffffffffffffff x22: ffffffc009c16b10 x21: ffffffc009c16b28
[ 0.393668] x20: ffffffc009e53861 x19: ffffff80f77fbf40 x18: 00000000d744fcc9
[ 0.394842] x17: 000000000000000b x16: 00000000000001c2 x15: ffffffc009e57550
[ 0.396016] x14: 0000000000000000 x13: ffffffffffffffff x12: 0000000100000000
[ 0.397190] x11: 0000000000000462 x10: ffffff8040258008 x9 : 0000000100000000
[ 0.398364] x8 : 0000000000000000 x7 : ffffffc0093c8bf4 x6 : 0000000000000000
[ 0.399538] x5 : 0000000000000000 x4 : ffffffc00a976e40 x3 : ffffffc00810444c
[ 0.400711] x2 : 0000000000000004 x1 : 0000000000000000 x0 : 0000000000000000
[ 0.401886] Call trace:
[ 0.402309] __flush_work+0x12c/0x138
[ 0.402941] schedule_on_each_cpu+0x228/0x278
[ 0.403693] rcu_tasks_rude_wait_gp+0x130/0x144
[ 0.404502] rcu_tasks_kthread+0x220/0x254
[ 0.405264] kthread+0x174/0x1ac
[ 0.405837] ret_from_fork+0x10/0x20
[ 0.406456] irq event stamp: 102
[ 0.406966] hardirqs last enabled at (101): [<ffffffc0093c8468>] _raw_spin_unlock_irq+0x78/0xb4
[ 0.408304] hardirqs last disabled at (102): [<ffffffc0093b8270>] el1_dbg+0x24/0x5c
[ 0.409410] softirqs last enabled at (54): [<ffffffc0081b80c8>] local_bh_enable+0xc/0x2c
[ 0.410645] softirqs last disabled at (50): [<ffffffc0081b809c>] local_bh_disable+0xc/0x2c
[ 0.411890] ---[ end trace 0000000000000000 ]---
[ 0.413000] smp: Brought up 1 node, 4 CPUs
[ 0.413762] SMP: Total of 4 processors activated.
[ 0.414566] CPU features: detected: 32-bit EL0 Support
[ 0.415414] CPU features: detected: 32-bit EL1 Support
[ 0.416278] CPU features: detected: CRC32 instructions
[ 0.447021] Callback from call_rcu_tasks_rude() invoked.
[ 0.506693] Callback from call_rcu_tasks() invoked.
This commit therefore fixes this issue by applying a single-CPU
optimization to the RCU Tasks Rude grace-period process. The key point
here is that the purpose of this RCU flavor is to force a schedule on
each online CPU since some past event. But the rcu_tasks_rude_wait_gp()
function runs in the context of the RCU Tasks Rude's grace-period kthread,
so there must already have been a context switch on the current CPU since
the call to either synchronize_rcu_tasks_rude() or call_rcu_tasks_rude().
So if there is only a single CPU online, RCU Tasks Rude's grace-period
kthread does not need to anything at all.
It turns out that the rcu_tasks_rude_wait_gp() function's call to
schedule_on_each_cpu() causes problems during early boot. During that
time, there is only one online CPU, namely the boot CPU. Therefore,
applying this single-CPU optimization fixes early-boot instances of
this problem.
Link: https://lore.kernel.org/lkml/20220210184319.25009-1-treasure4paddy@gmail.com/T/
Suggested-by: Paul E. McKenney <paulmck@kernel.org>
Signed-off-by: Padmanabha Srinivasaiah <treasure4paddy@gmail.com>
Signed-off-by: Paul E. McKenney <paulmck@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/rcu/tasks.h | 3 +++
1 file changed, 3 insertions(+)
diff --git a/kernel/rcu/tasks.h b/kernel/rcu/tasks.h
index 99cf3a13954c..b43320b149d2 100644
--- a/kernel/rcu/tasks.h
+++ b/kernel/rcu/tasks.h
@@ -950,6 +950,9 @@ static void rcu_tasks_be_rude(struct work_struct *work)
// Wait for one rude RCU-tasks grace period.
static void rcu_tasks_rude_wait_gp(struct rcu_tasks *rtp)
{
+ if (num_online_cpus() <= 1)
+ return; // Fastpath for only one CPU.
+
rtp->n_ipis += cpumask_weight(cpu_online_mask);
schedule_on_each_cpu(rcu_tasks_be_rude);
}
--
2.35.1
^ permalink raw reply related [flat|nested] 898+ messages in thread
* [PATCH 5.18 078/879] rcu-tasks: Handle sparse cpu_possible_mask in rcu_tasks_invoke_cbs()
2022-06-07 16:51 [PATCH 5.18 000/879] 5.18.3-rc1 review Greg Kroah-Hartman
` (76 preceding siblings ...)
2022-06-07 16:53 ` [PATCH 5.18 077/879] rcu-tasks: Fix race in schedule and flush work Greg Kroah-Hartman
@ 2022-06-07 16:53 ` Greg Kroah-Hartman
2022-06-07 16:53 ` [PATCH 5.18 079/879] rcu: Make TASKS_RUDE_RCU select IRQ_WORK Greg Kroah-Hartman
` (810 subsequent siblings)
888 siblings, 0 replies; 898+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:53 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Eric Dumazet, Paul E. McKenney, Sasha Levin
From: Paul E. McKenney <paulmck@kernel.org>
[ Upstream commit ab2756ea6b74987849b44ad0e33c3cfec159033b ]
If the cpu_possible_mask is sparse (for example, if bits are set only for
CPUs 0, 4, 8, ...), then rcu_tasks_invoke_cbs() will access per-CPU data
for a CPU not in cpu_possible_mask. It makes these accesses while doing
a workqueue-based binary search for non-empty callback lists. Although
this search must pass through CPUs not represented in cpu_possible_mask,
it has no need to check the callback list for such CPUs.
This commit therefore changes the rcu_tasks_invoke_cbs() function's
binary search so as to only check callback lists for CPUs present in
cpu_possible_mask.
Reported-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: Paul E. McKenney <paulmck@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/rcu/tasks.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/kernel/rcu/tasks.h b/kernel/rcu/tasks.h
index b43320b149d2..00ff0896fb00 100644
--- a/kernel/rcu/tasks.h
+++ b/kernel/rcu/tasks.h
@@ -460,7 +460,7 @@ static void rcu_tasks_invoke_cbs(struct rcu_tasks *rtp, struct rcu_tasks_percpu
}
}
- if (rcu_segcblist_empty(&rtpcp->cblist))
+ if (rcu_segcblist_empty(&rtpcp->cblist) || !cpu_possible(cpu))
return;
raw_spin_lock_irqsave_rcu_node(rtpcp, flags);
rcu_segcblist_advance(&rtpcp->cblist, rcu_seq_current(&rtp->tasks_gp_seq));
--
2.35.1
^ permalink raw reply related [flat|nested] 898+ messages in thread
* [PATCH 5.18 079/879] rcu: Make TASKS_RUDE_RCU select IRQ_WORK
2022-06-07 16:51 [PATCH 5.18 000/879] 5.18.3-rc1 review Greg Kroah-Hartman
` (77 preceding siblings ...)
2022-06-07 16:53 ` [PATCH 5.18 078/879] rcu-tasks: Handle sparse cpu_possible_mask in rcu_tasks_invoke_cbs() Greg Kroah-Hartman
@ 2022-06-07 16:53 ` Greg Kroah-Hartman
2022-06-07 16:53 ` [PATCH 5.18 080/879] sfc: ef10: Fix assigning negative value to unsigned variable Greg Kroah-Hartman
` (809 subsequent siblings)
888 siblings, 0 replies; 898+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:53 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hyeonggon Yoo, Paul E. McKenney, Sasha Levin
From: Paul E. McKenney <paulmck@kernel.org>
[ Upstream commit 46e861be589881e0905b9ade3d8439883858721c ]
The TASKS_RUDE_RCU does not select IRQ_WORK, which can result in build
failures for kernels that do not otherwise select IRQ_WORK. This commit
therefore causes the TASKS_RUDE_RCU Kconfig option to select IRQ_WORK.
Reported-by: Hyeonggon Yoo <42.hyeyoo@gmail.com>
Signed-off-by: Paul E. McKenney <paulmck@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/rcu/Kconfig | 1 +
1 file changed, 1 insertion(+)
diff --git a/kernel/rcu/Kconfig b/kernel/rcu/Kconfig
index bf8e341e75b4..f559870fbf8b 100644
--- a/kernel/rcu/Kconfig
+++ b/kernel/rcu/Kconfig
@@ -86,6 +86,7 @@ config TASKS_RCU
config TASKS_RUDE_RCU
def_bool 0
+ select IRQ_WORK
help
This option enables a task-based RCU implementation that uses
only context switch (including preemption) and user-mode
--
2.35.1
^ permalink raw reply related [flat|nested] 898+ messages in thread
* [PATCH 5.18 080/879] sfc: ef10: Fix assigning negative value to unsigned variable
2022-06-07 16:51 [PATCH 5.18 000/879] 5.18.3-rc1 review Greg Kroah-Hartman
` (78 preceding siblings ...)
2022-06-07 16:53 ` [PATCH 5.18 079/879] rcu: Make TASKS_RUDE_RCU select IRQ_WORK Greg Kroah-Hartman
@ 2022-06-07 16:53 ` Greg Kroah-Hartman
2022-06-07 16:53 ` [PATCH 5.18 081/879] ALSA: jack: Access input_dev under mutex Greg Kroah-Hartman
` (808 subsequent siblings)
888 siblings, 0 replies; 898+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:53 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Haowen Bai, Edward Cree,
Jakub Kicinski, Sasha Levin
From: Haowen Bai <baihaowen@meizu.com>
[ Upstream commit b8ff3395fbdf3b79a99d0ef410fc34c51044121e ]
fix warning reported by smatch:
251 drivers/net/ethernet/sfc/ef10.c:2259 efx_ef10_tx_tso_desc()
warn: assigning (-208) to unsigned variable 'ip_tot_len'
Signed-off-by: Haowen Bai <baihaowen@meizu.com>
Acked-by: Edward Cree <ecree.xilinx@gmail.com>
Link: https://lore.kernel.org/r/1649640757-30041-1-git-send-email-baihaowen@meizu.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/sfc/ef10.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/sfc/ef10.c b/drivers/net/ethernet/sfc/ef10.c
index f8edb3f1b73a..186cb28c03bd 100644
--- a/drivers/net/ethernet/sfc/ef10.c
+++ b/drivers/net/ethernet/sfc/ef10.c
@@ -2256,7 +2256,7 @@ int efx_ef10_tx_tso_desc(struct efx_tx_queue *tx_queue, struct sk_buff *skb,
* guaranteed to satisfy the second as we only attempt TSO if
* inner_network_header <= 208.
*/
- ip_tot_len = -EFX_TSO2_MAX_HDRLEN;
+ ip_tot_len = 0x10000 - EFX_TSO2_MAX_HDRLEN;
EFX_WARN_ON_ONCE_PARANOID(mss + EFX_TSO2_MAX_HDRLEN +
(tcp->doff << 2u) > ip_tot_len);
--
2.35.1
^ permalink raw reply related [flat|nested] 898+ messages in thread
* [PATCH 5.18 081/879] ALSA: jack: Access input_dev under mutex
2022-06-07 16:51 [PATCH 5.18 000/879] 5.18.3-rc1 review Greg Kroah-Hartman
` (79 preceding siblings ...)
2022-06-07 16:53 ` [PATCH 5.18 080/879] sfc: ef10: Fix assigning negative value to unsigned variable Greg Kroah-Hartman
@ 2022-06-07 16:53 ` Greg Kroah-Hartman
2022-06-07 16:53 ` [PATCH 5.18 082/879] rtw88: fix incorrect frequency reported Greg Kroah-Hartman
` (807 subsequent siblings)
888 siblings, 0 replies; 898+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:53 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Amadeusz Sławiński,
Cezary Rojewski, Takashi Iwai, Sasha Levin
From: Amadeusz Sławiński <amadeuszx.slawinski@linux.intel.com>
[ Upstream commit 1b6a6fc5280e97559287b61eade2d4b363e836f2 ]
It is possible when using ASoC that input_dev is unregistered while
calling snd_jack_report, which causes NULL pointer dereference.
In order to prevent this serialize access to input_dev using mutex lock.
Signed-off-by: Amadeusz Sławiński <amadeuszx.slawinski@linux.intel.com>
Reviewed-by: Cezary Rojewski <cezary.rojewski@intel.com>
Link: https://lore.kernel.org/r/20220412091628.3056922-1-amadeuszx.slawinski@linux.intel.com
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/sound/jack.h | 1 +
sound/core/jack.c | 34 +++++++++++++++++++++++++++-------
2 files changed, 28 insertions(+), 7 deletions(-)
diff --git a/include/sound/jack.h b/include/sound/jack.h
index 1181f536557e..1ed90e2109e9 100644
--- a/include/sound/jack.h
+++ b/include/sound/jack.h
@@ -62,6 +62,7 @@ struct snd_jack {
const char *id;
#ifdef CONFIG_SND_JACK_INPUT_DEV
struct input_dev *input_dev;
+ struct mutex input_dev_lock;
int registered;
int type;
char name[100];
diff --git a/sound/core/jack.c b/sound/core/jack.c
index d1e3055f2b6a..88493cc31914 100644
--- a/sound/core/jack.c
+++ b/sound/core/jack.c
@@ -42,8 +42,11 @@ static int snd_jack_dev_disconnect(struct snd_device *device)
#ifdef CONFIG_SND_JACK_INPUT_DEV
struct snd_jack *jack = device->device_data;
- if (!jack->input_dev)
+ mutex_lock(&jack->input_dev_lock);
+ if (!jack->input_dev) {
+ mutex_unlock(&jack->input_dev_lock);
return 0;
+ }
/* If the input device is registered with the input subsystem
* then we need to use a different deallocator. */
@@ -52,6 +55,7 @@ static int snd_jack_dev_disconnect(struct snd_device *device)
else
input_free_device(jack->input_dev);
jack->input_dev = NULL;
+ mutex_unlock(&jack->input_dev_lock);
#endif /* CONFIG_SND_JACK_INPUT_DEV */
return 0;
}
@@ -90,8 +94,11 @@ static int snd_jack_dev_register(struct snd_device *device)
snprintf(jack->name, sizeof(jack->name), "%s %s",
card->shortname, jack->id);
- if (!jack->input_dev)
+ mutex_lock(&jack->input_dev_lock);
+ if (!jack->input_dev) {
+ mutex_unlock(&jack->input_dev_lock);
return 0;
+ }
jack->input_dev->name = jack->name;
@@ -116,6 +123,7 @@ static int snd_jack_dev_register(struct snd_device *device)
if (err == 0)
jack->registered = 1;
+ mutex_unlock(&jack->input_dev_lock);
return err;
}
#endif /* CONFIG_SND_JACK_INPUT_DEV */
@@ -517,9 +525,11 @@ int snd_jack_new(struct snd_card *card, const char *id, int type,
return -ENOMEM;
}
- /* don't creat input device for phantom jack */
- if (!phantom_jack) {
#ifdef CONFIG_SND_JACK_INPUT_DEV
+ mutex_init(&jack->input_dev_lock);
+
+ /* don't create input device for phantom jack */
+ if (!phantom_jack) {
int i;
jack->input_dev = input_allocate_device();
@@ -537,8 +547,8 @@ int snd_jack_new(struct snd_card *card, const char *id, int type,
input_set_capability(jack->input_dev, EV_SW,
jack_switch_types[i]);
-#endif /* CONFIG_SND_JACK_INPUT_DEV */
}
+#endif /* CONFIG_SND_JACK_INPUT_DEV */
err = snd_device_new(card, SNDRV_DEV_JACK, jack, &ops);
if (err < 0)
@@ -578,10 +588,14 @@ EXPORT_SYMBOL(snd_jack_new);
void snd_jack_set_parent(struct snd_jack *jack, struct device *parent)
{
WARN_ON(jack->registered);
- if (!jack->input_dev)
+ mutex_lock(&jack->input_dev_lock);
+ if (!jack->input_dev) {
+ mutex_unlock(&jack->input_dev_lock);
return;
+ }
jack->input_dev->dev.parent = parent;
+ mutex_unlock(&jack->input_dev_lock);
}
EXPORT_SYMBOL(snd_jack_set_parent);
@@ -629,6 +643,8 @@ EXPORT_SYMBOL(snd_jack_set_key);
/**
* snd_jack_report - Report the current status of a jack
+ * Note: This function uses mutexes and should be called from a
+ * context which can sleep (such as a workqueue).
*
* @jack: The jack to report status for
* @status: The current status of the jack
@@ -654,8 +670,11 @@ void snd_jack_report(struct snd_jack *jack, int status)
status & jack_kctl->mask_bits);
#ifdef CONFIG_SND_JACK_INPUT_DEV
- if (!jack->input_dev)
+ mutex_lock(&jack->input_dev_lock);
+ if (!jack->input_dev) {
+ mutex_unlock(&jack->input_dev_lock);
return;
+ }
for (i = 0; i < ARRAY_SIZE(jack->key); i++) {
int testbit = ((SND_JACK_BTN_0 >> i) & ~mask_bits);
@@ -675,6 +694,7 @@ void snd_jack_report(struct snd_jack *jack, int status)
}
input_sync(jack->input_dev);
+ mutex_unlock(&jack->input_dev_lock);
#endif /* CONFIG_SND_JACK_INPUT_DEV */
}
EXPORT_SYMBOL(snd_jack_report);
--
2.35.1
^ permalink raw reply related [flat|nested] 898+ messages in thread
* [PATCH 5.18 082/879] rtw88: fix incorrect frequency reported
2022-06-07 16:51 [PATCH 5.18 000/879] 5.18.3-rc1 review Greg Kroah-Hartman
` (80 preceding siblings ...)
2022-06-07 16:53 ` [PATCH 5.18 081/879] ALSA: jack: Access input_dev under mutex Greg Kroah-Hartman
@ 2022-06-07 16:53 ` Greg Kroah-Hartman
2022-06-07 16:53 ` [PATCH 5.18 083/879] rtw88: 8821c: fix debugfs rssi value Greg Kroah-Hartman
` (806 subsequent siblings)
888 siblings, 0 replies; 898+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:53 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Po-Hao Huang, Ping-Ke Shih,
Kalle Valo, Sasha Levin
From: Po-Hao Huang <phhuang@realtek.com>
[ Upstream commit 6723c0cde84fde582a261c186ce84100dcfa0019 ]
We should only fill in frequency reported by firmware during scan.
Add this so frames won't be dropped by mac80211 due to frequency
mismatch.
Signed-off-by: Po-Hao Huang <phhuang@realtek.com>
Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20220407095858.46807-3-pkshih@realtek.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/realtek/rtw88/rx.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/net/wireless/realtek/rtw88/rx.c b/drivers/net/wireless/realtek/rtw88/rx.c
index d2d607e22198..84aedabdf285 100644
--- a/drivers/net/wireless/realtek/rtw88/rx.c
+++ b/drivers/net/wireless/realtek/rtw88/rx.c
@@ -158,7 +158,8 @@ void rtw_rx_fill_rx_status(struct rtw_dev *rtwdev,
memset(rx_status, 0, sizeof(*rx_status));
rx_status->freq = hw->conf.chandef.chan->center_freq;
rx_status->band = hw->conf.chandef.chan->band;
- if (rtw_fw_feature_check(&rtwdev->fw, FW_FEATURE_SCAN_OFFLOAD))
+ if (rtw_fw_feature_check(&rtwdev->fw, FW_FEATURE_SCAN_OFFLOAD) &&
+ test_bit(RTW_FLAG_SCANNING, rtwdev->flags))
rtw_set_rx_freq_by_pktstat(pkt_stat, rx_status);
if (pkt_stat->crc_err)
rx_status->flag |= RX_FLAG_FAILED_FCS_CRC;
--
2.35.1
^ permalink raw reply related [flat|nested] 898+ messages in thread
* [PATCH 5.18 083/879] rtw88: 8821c: fix debugfs rssi value
2022-06-07 16:51 [PATCH 5.18 000/879] 5.18.3-rc1 review Greg Kroah-Hartman
` (81 preceding siblings ...)
2022-06-07 16:53 ` [PATCH 5.18 082/879] rtw88: fix incorrect frequency reported Greg Kroah-Hartman
@ 2022-06-07 16:53 ` Greg Kroah-Hartman
2022-06-07 16:53 ` [PATCH 5.18 084/879] spi: spi-rspi: Remove setting {src,dst}_{addr,addr_width} based on DMA direction Greg Kroah-Hartman
` (805 subsequent siblings)
888 siblings, 0 replies; 898+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:53 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Po-Hao Huang, Ping-Ke Shih,
Kalle Valo, Sasha Levin
From: Po-Hao Huang <phhuang@realtek.com>
[ Upstream commit ece31c93d4d68f7eb8eea4431b052aacdb678de2 ]
RSSI value per frame is reported to mac80211 but not maintained in
our own statistics, add it back to help us debug.
Signed-off-by: Po-Hao Huang <phhuang@realtek.com>
Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20220407095858.46807-7-pkshih@realtek.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/realtek/rtw88/rtw8821c.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/drivers/net/wireless/realtek/rtw88/rtw8821c.c b/drivers/net/wireless/realtek/rtw88/rtw8821c.c
index 99eee128ae94..ec38a7c84951 100644
--- a/drivers/net/wireless/realtek/rtw88/rtw8821c.c
+++ b/drivers/net/wireless/realtek/rtw88/rtw8821c.c
@@ -512,6 +512,7 @@ static s8 get_cck_rx_pwr(struct rtw_dev *rtwdev, u8 lna_idx, u8 vga_idx)
static void query_phy_status_page0(struct rtw_dev *rtwdev, u8 *phy_status,
struct rtw_rx_pkt_stat *pkt_stat)
{
+ struct rtw_dm_info *dm_info = &rtwdev->dm_info;
s8 rx_power;
u8 lna_idx = 0;
u8 vga_idx = 0;
@@ -523,6 +524,7 @@ static void query_phy_status_page0(struct rtw_dev *rtwdev, u8 *phy_status,
pkt_stat->rx_power[RF_PATH_A] = rx_power;
pkt_stat->rssi = rtw_phy_rf_power_2_rssi(pkt_stat->rx_power, 1);
+ dm_info->rssi[RF_PATH_A] = pkt_stat->rssi;
pkt_stat->bw = RTW_CHANNEL_WIDTH_20;
pkt_stat->signal_power = rx_power;
}
@@ -530,6 +532,7 @@ static void query_phy_status_page0(struct rtw_dev *rtwdev, u8 *phy_status,
static void query_phy_status_page1(struct rtw_dev *rtwdev, u8 *phy_status,
struct rtw_rx_pkt_stat *pkt_stat)
{
+ struct rtw_dm_info *dm_info = &rtwdev->dm_info;
u8 rxsc, bw;
s8 min_rx_power = -120;
@@ -549,6 +552,7 @@ static void query_phy_status_page1(struct rtw_dev *rtwdev, u8 *phy_status,
pkt_stat->rx_power[RF_PATH_A] = GET_PHY_STAT_P1_PWDB_A(phy_status) - 110;
pkt_stat->rssi = rtw_phy_rf_power_2_rssi(pkt_stat->rx_power, 1);
+ dm_info->rssi[RF_PATH_A] = pkt_stat->rssi;
pkt_stat->bw = bw;
pkt_stat->signal_power = max(pkt_stat->rx_power[RF_PATH_A],
min_rx_power);
--
2.35.1
^ permalink raw reply related [flat|nested] 898+ messages in thread
* [PATCH 5.18 084/879] spi: spi-rspi: Remove setting {src,dst}_{addr,addr_width} based on DMA direction
2022-06-07 16:51 [PATCH 5.18 000/879] 5.18.3-rc1 review Greg Kroah-Hartman
` (82 preceding siblings ...)
2022-06-07 16:53 ` [PATCH 5.18 083/879] rtw88: 8821c: fix debugfs rssi value Greg Kroah-Hartman
@ 2022-06-07 16:53 ` Greg Kroah-Hartman
2022-06-07 16:53 ` [PATCH 5.18 085/879] tools/power turbostat: fix ICX DRAM power numbers Greg Kroah-Hartman
` (804 subsequent siblings)
888 siblings, 0 replies; 898+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:53 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Biju Das, Vinod Koul,
Geert Uytterhoeven, Mark Brown, Sasha Levin
From: Biju Das <biju.das.jz@bp.renesas.com>
[ Upstream commit 6f381481a5b236cb53d6de2c49c6ef83a4d0f432 ]
The direction field in the DMA config is deprecated. The rspi driver
sets {src,dst}_{addr,addr_width} based on the DMA direction and
it results in dmaengine_slave_config() failure as RZ DMAC driver
validates {src,dst}_addr_width values independent of DMA direction.
This patch fixes the issue by passing both {src,dst}_{addr,addr_width}
values independent of DMA direction.
Signed-off-by: Biju Das <biju.das.jz@bp.renesas.com>
Suggested-by: Vinod Koul <vkoul@kernel.org>
Reviewed-by: Vinod Koul <vkoul@kernel.org>
Reviewed-by: Geert Uytterhoeven <geert+renesas@glider.be>
Tested-by: Geert Uytterhoeven <geert+renesas@glider.be>
Link: https://lore.kernel.org/r/20220411173115.6619-1-biju.das.jz@bp.renesas.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/spi/spi-rspi.c | 15 ++++++---------
1 file changed, 6 insertions(+), 9 deletions(-)
diff --git a/drivers/spi/spi-rspi.c b/drivers/spi/spi-rspi.c
index bd5708d7e5a1..7a014eeec2d0 100644
--- a/drivers/spi/spi-rspi.c
+++ b/drivers/spi/spi-rspi.c
@@ -1108,14 +1108,11 @@ static struct dma_chan *rspi_request_dma_chan(struct device *dev,
}
memset(&cfg, 0, sizeof(cfg));
+ cfg.dst_addr = port_addr + RSPI_SPDR;
+ cfg.src_addr = port_addr + RSPI_SPDR;
+ cfg.dst_addr_width = DMA_SLAVE_BUSWIDTH_1_BYTE;
+ cfg.src_addr_width = DMA_SLAVE_BUSWIDTH_1_BYTE;
cfg.direction = dir;
- if (dir == DMA_MEM_TO_DEV) {
- cfg.dst_addr = port_addr;
- cfg.dst_addr_width = DMA_SLAVE_BUSWIDTH_1_BYTE;
- } else {
- cfg.src_addr = port_addr;
- cfg.src_addr_width = DMA_SLAVE_BUSWIDTH_1_BYTE;
- }
ret = dmaengine_slave_config(chan, &cfg);
if (ret) {
@@ -1146,12 +1143,12 @@ static int rspi_request_dma(struct device *dev, struct spi_controller *ctlr,
}
ctlr->dma_tx = rspi_request_dma_chan(dev, DMA_MEM_TO_DEV, dma_tx_id,
- res->start + RSPI_SPDR);
+ res->start);
if (!ctlr->dma_tx)
return -ENODEV;
ctlr->dma_rx = rspi_request_dma_chan(dev, DMA_DEV_TO_MEM, dma_rx_id,
- res->start + RSPI_SPDR);
+ res->start);
if (!ctlr->dma_rx) {
dma_release_channel(ctlr->dma_tx);
ctlr->dma_tx = NULL;
--
2.35.1
^ permalink raw reply related [flat|nested] 898+ messages in thread
* [PATCH 5.18 085/879] tools/power turbostat: fix ICX DRAM power numbers
2022-06-07 16:51 [PATCH 5.18 000/879] 5.18.3-rc1 review Greg Kroah-Hartman
` (83 preceding siblings ...)
2022-06-07 16:53 ` [PATCH 5.18 084/879] spi: spi-rspi: Remove setting {src,dst}_{addr,addr_width} based on DMA direction Greg Kroah-Hartman
@ 2022-06-07 16:53 ` Greg Kroah-Hartman
2022-06-07 16:53 ` [PATCH 5.18 086/879] tcp: consume incoming skb leading to a reset Greg Kroah-Hartman
` (803 subsequent siblings)
888 siblings, 0 replies; 898+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:53 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Srinivas Pandruvada, Len Brown, Sasha Levin
From: Len Brown <len.brown@intel.com>
[ Upstream commit 6397b6418935773a34b533b3348b03f4ce3d7050 ]
ICX (and its duplicates) require special hard-coded DRAM RAPL units,
rather than using the generic RAPL energy units.
Reported-by: Srinivas Pandruvada <srinivas.pandruvada@linux.intel.com>
Signed-off-by: Len Brown <len.brown@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/power/x86/turbostat/turbostat.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/tools/power/x86/turbostat/turbostat.c b/tools/power/x86/turbostat/turbostat.c
index bc5ae0872fed..babede4486de 100644
--- a/tools/power/x86/turbostat/turbostat.c
+++ b/tools/power/x86/turbostat/turbostat.c
@@ -4376,6 +4376,7 @@ static double rapl_dram_energy_units_probe(int model, double rapl_energy_units)
case INTEL_FAM6_BROADWELL_X: /* BDX */
case INTEL_FAM6_SKYLAKE_X: /* SKX */
case INTEL_FAM6_XEON_PHI_KNL: /* KNL */
+ case INTEL_FAM6_ICELAKE_X: /* ICX */
return (rapl_dram_energy_units = 15.3 / 1000000);
default:
return (rapl_energy_units);
--
2.35.1
^ permalink raw reply related [flat|nested] 898+ messages in thread
* [PATCH 5.18 086/879] tcp: consume incoming skb leading to a reset
2022-06-07 16:51 [PATCH 5.18 000/879] 5.18.3-rc1 review Greg Kroah-Hartman
` (84 preceding siblings ...)
2022-06-07 16:53 ` [PATCH 5.18 085/879] tools/power turbostat: fix ICX DRAM power numbers Greg Kroah-Hartman
@ 2022-06-07 16:53 ` Greg Kroah-Hartman
2022-06-07 16:53 ` [PATCH 5.18 087/879] loop: implement ->free_disk Greg Kroah-Hartman
` (802 subsequent siblings)
888 siblings, 0 replies; 898+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:53 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Eric Dumazet, David S. Miller, Sasha Levin
From: Eric Dumazet <edumazet@google.com>
[ Upstream commit d9d024f96609016628d750ebc8ee4a6f0d80e6e1 ]
Whenever tcp_validate_incoming() handles a valid RST packet,
we should not pretend the packet was dropped.
Create a special section at the end of tcp_validate_incoming()
to handle this case.
Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/ipv4/tcp_input.c | 28 ++++++++++++++++------------
1 file changed, 16 insertions(+), 12 deletions(-)
diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c
index 60f99e9fb6d1..1f3ce7aea716 100644
--- a/net/ipv4/tcp_input.c
+++ b/net/ipv4/tcp_input.c
@@ -5711,7 +5711,7 @@ static bool tcp_validate_incoming(struct sock *sk, struct sk_buff *skb,
&tp->last_oow_ack_time))
tcp_send_dupack(sk, skb);
} else if (tcp_reset_check(sk, skb)) {
- tcp_reset(sk, skb);
+ goto reset;
}
goto discard;
}
@@ -5747,17 +5747,16 @@ static bool tcp_validate_incoming(struct sock *sk, struct sk_buff *skb,
}
if (rst_seq_match)
- tcp_reset(sk, skb);
- else {
- /* Disable TFO if RST is out-of-order
- * and no data has been received
- * for current active TFO socket
- */
- if (tp->syn_fastopen && !tp->data_segs_in &&
- sk->sk_state == TCP_ESTABLISHED)
- tcp_fastopen_active_disable(sk);
- tcp_send_challenge_ack(sk);
- }
+ goto reset;
+
+ /* Disable TFO if RST is out-of-order
+ * and no data has been received
+ * for current active TFO socket
+ */
+ if (tp->syn_fastopen && !tp->data_segs_in &&
+ sk->sk_state == TCP_ESTABLISHED)
+ tcp_fastopen_active_disable(sk);
+ tcp_send_challenge_ack(sk);
goto discard;
}
@@ -5782,6 +5781,11 @@ static bool tcp_validate_incoming(struct sock *sk, struct sk_buff *skb,
discard:
tcp_drop(sk, skb);
return false;
+
+reset:
+ tcp_reset(sk, skb);
+ __kfree_skb(skb);
+ return false;
}
/*
--
2.35.1
^ permalink raw reply related [flat|nested] 898+ messages in thread
* [PATCH 5.18 087/879] loop: implement ->free_disk
2022-06-07 16:51 [PATCH 5.18 000/879] 5.18.3-rc1 review Greg Kroah-Hartman
` (85 preceding siblings ...)
2022-06-07 16:53 ` [PATCH 5.18 086/879] tcp: consume incoming skb leading to a reset Greg Kroah-Hartman
@ 2022-06-07 16:53 ` Greg Kroah-Hartman
2022-06-07 16:53 ` [PATCH 5.18 088/879] scsi: lpfc: Move cfg_log_verbose check before calling lpfc_dmp_dbg() Greg Kroah-Hartman
` (801 subsequent siblings)
888 siblings, 0 replies; 898+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:53 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Christoph Hellwig, Jan Kara,
Jens Axboe, Sasha Levin
From: Christoph Hellwig <hch@lst.de>
[ Upstream commit d2c7f56f8b5256d57f9e3fc7794c31361d43bdd9 ]
Ensure that the lo_device which is stored in the gendisk private
data is valid until the gendisk is freed. Currently the loop driver
uses a lot of effort to make sure a device is not freed when it is
still in use, but to to fix a potential deadlock this will be relaxed
a bit soon.
Signed-off-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Jan Kara <jack@suse.cz>
Link: https://lore.kernel.org/r/20220330052917.2566582-12-hch@lst.de
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/block/loop.c | 16 ++++++++++++----
1 file changed, 12 insertions(+), 4 deletions(-)
diff --git a/drivers/block/loop.c b/drivers/block/loop.c
index a58595f5ee2c..ed7bec11948c 100644
--- a/drivers/block/loop.c
+++ b/drivers/block/loop.c
@@ -1768,6 +1768,14 @@ static void lo_release(struct gendisk *disk, fmode_t mode)
mutex_unlock(&lo->lo_mutex);
}
+static void lo_free_disk(struct gendisk *disk)
+{
+ struct loop_device *lo = disk->private_data;
+
+ mutex_destroy(&lo->lo_mutex);
+ kfree(lo);
+}
+
static const struct block_device_operations lo_fops = {
.owner = THIS_MODULE,
.open = lo_open,
@@ -1776,6 +1784,7 @@ static const struct block_device_operations lo_fops = {
#ifdef CONFIG_COMPAT
.compat_ioctl = lo_compat_ioctl,
#endif
+ .free_disk = lo_free_disk,
};
/*
@@ -2090,15 +2099,14 @@ static void loop_remove(struct loop_device *lo)
{
/* Make this loop device unreachable from pathname. */
del_gendisk(lo->lo_disk);
- blk_cleanup_disk(lo->lo_disk);
+ blk_cleanup_queue(lo->lo_disk->queue);
blk_mq_free_tag_set(&lo->tag_set);
mutex_lock(&loop_ctl_mutex);
idr_remove(&loop_index_idr, lo->lo_number);
mutex_unlock(&loop_ctl_mutex);
- /* There is no route which can find this loop device. */
- mutex_destroy(&lo->lo_mutex);
- kfree(lo);
+
+ put_disk(lo->lo_disk);
}
static void loop_probe(dev_t dev)
--
2.35.1
^ permalink raw reply related [flat|nested] 898+ messages in thread
* [PATCH 5.18 088/879] scsi: lpfc: Move cfg_log_verbose check before calling lpfc_dmp_dbg()
2022-06-07 16:51 [PATCH 5.18 000/879] 5.18.3-rc1 review Greg Kroah-Hartman
` (86 preceding siblings ...)
2022-06-07 16:53 ` [PATCH 5.18 087/879] loop: implement ->free_disk Greg Kroah-Hartman
@ 2022-06-07 16:53 ` Greg Kroah-Hartman
2022-06-07 16:53 ` [PATCH 5.18 089/879] scsi: lpfc: Fix SCSI I/O completion and abort handler deadlock Greg Kroah-Hartman
` (800 subsequent siblings)
888 siblings, 0 replies; 898+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:53 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Justin Tee, James Smart,
Martin K. Petersen, Sasha Levin
From: James Smart <jsmart2021@gmail.com>
[ Upstream commit e294647b1aed4247fe52851f3a3b2b19ae906228 ]
In an attempt to log message 0126 with LOG_TRACE_EVENT, the following hard
lockup call trace hangs the system.
Call Trace:
_raw_spin_lock_irqsave+0x32/0x40
lpfc_dmp_dbg.part.32+0x28/0x220 [lpfc]
lpfc_cmpl_els_fdisc+0x145/0x460 [lpfc]
lpfc_sli_cancel_jobs+0x92/0xd0 [lpfc]
lpfc_els_flush_cmd+0x43c/0x670 [lpfc]
lpfc_els_flush_all_cmd+0x37/0x60 [lpfc]
lpfc_sli4_async_event_proc+0x956/0x1720 [lpfc]
lpfc_do_work+0x1485/0x1d70 [lpfc]
kthread+0x112/0x130
ret_from_fork+0x1f/0x40
Kernel panic - not syncing: Hard LOCKUP
The same CPU tries to claim the phba->port_list_lock twice.
Move the cfg_log_verbose checks as part of the lpfc_printf_vlog() and
lpfc_printf_log() macros before calling lpfc_dmp_dbg(). There is no need
to take the phba->port_list_lock within lpfc_dmp_dbg().
Link: https://lore.kernel.org/r/20220412222008.126521-3-jsmart2021@gmail.com
Co-developed-by: Justin Tee <justin.tee@broadcom.com>
Signed-off-by: Justin Tee <justin.tee@broadcom.com>
Signed-off-by: James Smart <jsmart2021@gmail.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/scsi/lpfc/lpfc_init.c | 29 +----------------------------
drivers/scsi/lpfc/lpfc_logmsg.h | 6 +++---
2 files changed, 4 insertions(+), 31 deletions(-)
diff --git a/drivers/scsi/lpfc/lpfc_init.c b/drivers/scsi/lpfc/lpfc_init.c
index 461d333b1b3a..f9cd4b72d949 100644
--- a/drivers/scsi/lpfc/lpfc_init.c
+++ b/drivers/scsi/lpfc/lpfc_init.c
@@ -15700,34 +15700,7 @@ void lpfc_dmp_dbg(struct lpfc_hba *phba)
unsigned int temp_idx;
int i;
int j = 0;
- unsigned long rem_nsec, iflags;
- bool log_verbose = false;
- struct lpfc_vport *port_iterator;
-
- /* Don't dump messages if we explicitly set log_verbose for the
- * physical port or any vport.
- */
- if (phba->cfg_log_verbose)
- return;
-
- spin_lock_irqsave(&phba->port_list_lock, iflags);
- list_for_each_entry(port_iterator, &phba->port_list, listentry) {
- if (port_iterator->load_flag & FC_UNLOADING)
- continue;
- if (scsi_host_get(lpfc_shost_from_vport(port_iterator))) {
- if (port_iterator->cfg_log_verbose)
- log_verbose = true;
-
- scsi_host_put(lpfc_shost_from_vport(port_iterator));
-
- if (log_verbose) {
- spin_unlock_irqrestore(&phba->port_list_lock,
- iflags);
- return;
- }
- }
- }
- spin_unlock_irqrestore(&phba->port_list_lock, iflags);
+ unsigned long rem_nsec;
if (atomic_cmpxchg(&phba->dbg_log_dmping, 0, 1) != 0)
return;
diff --git a/drivers/scsi/lpfc/lpfc_logmsg.h b/drivers/scsi/lpfc/lpfc_logmsg.h
index 7d480c798794..a5aafe230c74 100644
--- a/drivers/scsi/lpfc/lpfc_logmsg.h
+++ b/drivers/scsi/lpfc/lpfc_logmsg.h
@@ -73,7 +73,7 @@ do { \
#define lpfc_printf_vlog(vport, level, mask, fmt, arg...) \
do { \
{ if (((mask) & (vport)->cfg_log_verbose) || (level[1] <= '3')) { \
- if ((mask) & LOG_TRACE_EVENT) \
+ if ((mask) & LOG_TRACE_EVENT && !(vport)->cfg_log_verbose) \
lpfc_dmp_dbg((vport)->phba); \
dev_printk(level, &((vport)->phba->pcidev)->dev, "%d:(%d):" \
fmt, (vport)->phba->brd_no, vport->vpi, ##arg); \
@@ -89,11 +89,11 @@ do { \
(phba)->pport->cfg_log_verbose : \
(phba)->cfg_log_verbose; \
if (((mask) & log_verbose) || (level[1] <= '3')) { \
- if ((mask) & LOG_TRACE_EVENT) \
+ if ((mask) & LOG_TRACE_EVENT && !log_verbose) \
lpfc_dmp_dbg(phba); \
dev_printk(level, &((phba)->pcidev)->dev, "%d:" \
fmt, phba->brd_no, ##arg); \
- } else if (!(phba)->cfg_log_verbose)\
+ } else if (!log_verbose)\
lpfc_dbg_print(phba, "%d:" fmt, phba->brd_no, ##arg); \
} \
} while (0)
--
2.35.1
^ permalink raw reply related [flat|nested] 898+ messages in thread
* [PATCH 5.18 089/879] scsi: lpfc: Fix SCSI I/O completion and abort handler deadlock
2022-06-07 16:51 [PATCH 5.18 000/879] 5.18.3-rc1 review Greg Kroah-Hartman
` (87 preceding siblings ...)
2022-06-07 16:53 ` [PATCH 5.18 088/879] scsi: lpfc: Move cfg_log_verbose check before calling lpfc_dmp_dbg() Greg Kroah-Hartman
@ 2022-06-07 16:53 ` Greg Kroah-Hartman
2022-06-07 16:53 ` [PATCH 5.18 090/879] scsi: lpfc: Fix null pointer dereference after failing to issue FLOGI and PLOGI Greg Kroah-Hartman
` (799 subsequent siblings)
888 siblings, 0 replies; 898+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:53 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Justin Tee, James Smart,
Martin K. Petersen, Sasha Levin
From: James Smart <jsmart2021@gmail.com>
[ Upstream commit 03cbbd7c2f5ee288f648f4aeedc765a181188553 ]
During stress I/O tests with 500+ vports, hard LOCKUP call traces are
observed.
CPU A:
native_queued_spin_lock_slowpath+0x192
_raw_spin_lock_irqsave+0x32
lpfc_handle_fcp_err+0x4c6
lpfc_fcp_io_cmd_wqe_cmpl+0x964
lpfc_sli4_fp_handle_cqe+0x266
__lpfc_sli4_process_cq+0x105
__lpfc_sli4_hba_process_cq+0x3c
lpfc_cq_poll_hdler+0x16
irq_poll_softirq+0x76
__softirqentry_text_start+0xe4
irq_exit+0xf7
do_IRQ+0x7f
CPU B:
native_queued_spin_lock_slowpath+0x5b
_raw_spin_lock+0x1c
lpfc_abort_handler+0x13e
scmd_eh_abort_handler+0x85
process_one_work+0x1a7
worker_thread+0x30
kthread+0x112
ret_from_fork+0x1f
Diagram of lockup:
CPUA CPUB
---- ----
lpfc_cmd->buf_lock
phba->hbalock
lpfc_cmd->buf_lock
phba->hbalock
Fix by reordering the taking of the lpfc_cmd->buf_lock and phba->hbalock in
lpfc_abort_handler routine so that it tries to take the lpfc_cmd->buf_lock
first before phba->hbalock.
Link: https://lore.kernel.org/r/20220412222008.126521-7-jsmart2021@gmail.com
Co-developed-by: Justin Tee <justin.tee@broadcom.com>
Signed-off-by: Justin Tee <justin.tee@broadcom.com>
Signed-off-by: James Smart <jsmart2021@gmail.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/scsi/lpfc/lpfc_scsi.c | 33 +++++++++++++++------------------
1 file changed, 15 insertions(+), 18 deletions(-)
diff --git a/drivers/scsi/lpfc/lpfc_scsi.c b/drivers/scsi/lpfc/lpfc_scsi.c
index ba9dbb51b75f..c4fa7d68fe03 100644
--- a/drivers/scsi/lpfc/lpfc_scsi.c
+++ b/drivers/scsi/lpfc/lpfc_scsi.c
@@ -5864,25 +5864,25 @@ lpfc_abort_handler(struct scsi_cmnd *cmnd)
if (!lpfc_cmd)
return ret;
- spin_lock_irqsave(&phba->hbalock, flags);
+ /* Guard against IO completion being called at same time */
+ spin_lock_irqsave(&lpfc_cmd->buf_lock, flags);
+
+ spin_lock(&phba->hbalock);
/* driver queued commands are in process of being flushed */
if (phba->hba_flag & HBA_IOQ_FLUSH) {
lpfc_printf_vlog(vport, KERN_WARNING, LOG_FCP,
"3168 SCSI Layer abort requested I/O has been "
"flushed by LLD.\n");
ret = FAILED;
- goto out_unlock;
+ goto out_unlock_hba;
}
- /* Guard against IO completion being called at same time */
- spin_lock(&lpfc_cmd->buf_lock);
-
if (!lpfc_cmd->pCmd) {
lpfc_printf_vlog(vport, KERN_WARNING, LOG_FCP,
"2873 SCSI Layer I/O Abort Request IO CMPL Status "
"x%x ID %d LUN %llu\n",
SUCCESS, cmnd->device->id, cmnd->device->lun);
- goto out_unlock_buf;
+ goto out_unlock_hba;
}
iocb = &lpfc_cmd->cur_iocbq;
@@ -5890,7 +5890,7 @@ lpfc_abort_handler(struct scsi_cmnd *cmnd)
pring_s4 = phba->sli4_hba.hdwq[iocb->hba_wqidx].io_wq->pring;
if (!pring_s4) {
ret = FAILED;
- goto out_unlock_buf;
+ goto out_unlock_hba;
}
spin_lock(&pring_s4->ring_lock);
}
@@ -5923,8 +5923,8 @@ lpfc_abort_handler(struct scsi_cmnd *cmnd)
"3389 SCSI Layer I/O Abort Request is pending\n");
if (phba->sli_rev == LPFC_SLI_REV4)
spin_unlock(&pring_s4->ring_lock);
- spin_unlock(&lpfc_cmd->buf_lock);
- spin_unlock_irqrestore(&phba->hbalock, flags);
+ spin_unlock(&phba->hbalock);
+ spin_unlock_irqrestore(&lpfc_cmd->buf_lock, flags);
goto wait_for_cmpl;
}
@@ -5945,15 +5945,13 @@ lpfc_abort_handler(struct scsi_cmnd *cmnd)
if (ret_val != IOCB_SUCCESS) {
/* Indicate the IO is not being aborted by the driver. */
lpfc_cmd->waitq = NULL;
- spin_unlock(&lpfc_cmd->buf_lock);
- spin_unlock_irqrestore(&phba->hbalock, flags);
ret = FAILED;
- goto out;
+ goto out_unlock_hba;
}
/* no longer need the lock after this point */
- spin_unlock(&lpfc_cmd->buf_lock);
- spin_unlock_irqrestore(&phba->hbalock, flags);
+ spin_unlock(&phba->hbalock);
+ spin_unlock_irqrestore(&lpfc_cmd->buf_lock, flags);
if (phba->cfg_poll & DISABLE_FCP_RING_INT)
lpfc_sli_handle_fast_ring_event(phba,
@@ -5988,10 +5986,9 @@ lpfc_abort_handler(struct scsi_cmnd *cmnd)
out_unlock_ring:
if (phba->sli_rev == LPFC_SLI_REV4)
spin_unlock(&pring_s4->ring_lock);
-out_unlock_buf:
- spin_unlock(&lpfc_cmd->buf_lock);
-out_unlock:
- spin_unlock_irqrestore(&phba->hbalock, flags);
+out_unlock_hba:
+ spin_unlock(&phba->hbalock);
+ spin_unlock_irqrestore(&lpfc_cmd->buf_lock, flags);
out:
lpfc_printf_vlog(vport, KERN_WARNING, LOG_FCP,
"0749 SCSI Layer I/O Abort Request Status x%x ID %d "
--
2.35.1
^ permalink raw reply related [flat|nested] 898+ messages in thread
* [PATCH 5.18 090/879] scsi: lpfc: Fix null pointer dereference after failing to issue FLOGI and PLOGI
2022-06-07 16:51 [PATCH 5.18 000/879] 5.18.3-rc1 review Greg Kroah-Hartman
` (88 preceding siblings ...)
2022-06-07 16:53 ` [PATCH 5.18 089/879] scsi: lpfc: Fix SCSI I/O completion and abort handler deadlock Greg Kroah-Hartman
@ 2022-06-07 16:53 ` Greg Kroah-Hartman
2022-06-07 16:53 ` [PATCH 5.18 091/879] scsi: lpfc: Protect memory leak for NPIV ports sending PLOGI_RJT Greg Kroah-Hartman
` (798 subsequent siblings)
888 siblings, 0 replies; 898+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:53 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Justin Tee, James Smart,
Martin K. Petersen, Sasha Levin
From: James Smart <jsmart2021@gmail.com>
[ Upstream commit 577a942df3de2666f6947bdd3a5c9e8d30073424 ]
If lpfc_issue_els_flogi() fails and returns non-zero status, the node
reference count is decremented to trigger the release of the nodelist
structure. However, if there is a prior registration or dev-loss-evt work
pending, the node may be released prematurely. When dev-loss-evt
completes, the released node is referenced causing a use-after-free null
pointer dereference.
Similarly, when processing non-zero ELS PLOGI completion status in
lpfc_cmpl_els_plogi(), the ndlp flags are checked for a transport
registration before triggering node removal. If dev-loss-evt work is
pending, the node may be released prematurely and a subsequent call to
lpfc_dev_loss_tmo_handler() results in a use after free ndlp dereference.
Add test for pending dev-loss before decrementing the node reference count
for FLOGI, PLOGI, PRLI, and ADISC handling.
Link: https://lore.kernel.org/r/20220412222008.126521-9-jsmart2021@gmail.com
Co-developed-by: Justin Tee <justin.tee@broadcom.com>
Signed-off-by: Justin Tee <justin.tee@broadcom.com>
Signed-off-by: James Smart <jsmart2021@gmail.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/scsi/lpfc/lpfc_els.c | 51 +++++++++++++++++++++++++-----------
1 file changed, 35 insertions(+), 16 deletions(-)
diff --git a/drivers/scsi/lpfc/lpfc_els.c b/drivers/scsi/lpfc/lpfc_els.c
index 872a26376ccb..46a01a51b207 100644
--- a/drivers/scsi/lpfc/lpfc_els.c
+++ b/drivers/scsi/lpfc/lpfc_els.c
@@ -1532,10 +1532,13 @@ lpfc_initial_flogi(struct lpfc_vport *vport)
}
if (lpfc_issue_els_flogi(vport, ndlp, 0)) {
- /* This decrement of reference count to node shall kick off
- * the release of the node.
+ /* A node reference should be retained while registered with a
+ * transport or dev-loss-evt work is pending.
+ * Otherwise, decrement node reference to trigger release.
*/
- lpfc_nlp_put(ndlp);
+ if (!(ndlp->fc4_xpt_flags & (SCSI_XPT_REGD | NVME_XPT_REGD)) &&
+ !(ndlp->nlp_flag & NLP_IN_DEV_LOSS))
+ lpfc_nlp_put(ndlp);
return 0;
}
return 1;
@@ -1578,10 +1581,13 @@ lpfc_initial_fdisc(struct lpfc_vport *vport)
}
if (lpfc_issue_els_fdisc(vport, ndlp, 0)) {
- /* decrement node reference count to trigger the release of
- * the node.
+ /* A node reference should be retained while registered with a
+ * transport or dev-loss-evt work is pending.
+ * Otherwise, decrement node reference to trigger release.
*/
- lpfc_nlp_put(ndlp);
+ if (!(ndlp->fc4_xpt_flags & (SCSI_XPT_REGD | NVME_XPT_REGD)) &&
+ !(ndlp->nlp_flag & NLP_IN_DEV_LOSS))
+ lpfc_nlp_put(ndlp);
return 0;
}
return 1;
@@ -1983,6 +1989,7 @@ lpfc_cmpl_els_plogi(struct lpfc_hba *phba, struct lpfc_iocbq *cmdiocb,
int disc;
struct serv_parm *sp = NULL;
u32 ulp_status, ulp_word4, did, iotag;
+ bool release_node = false;
/* we pass cmdiocb to state machine which needs rspiocb as well */
cmdiocb->context_un.rsp_iocb = rspiocb;
@@ -2071,19 +2078,21 @@ lpfc_cmpl_els_plogi(struct lpfc_hba *phba, struct lpfc_iocbq *cmdiocb,
spin_unlock_irq(&ndlp->lock);
goto out;
}
- spin_unlock_irq(&ndlp->lock);
/* No PLOGI collision and the node is not registered with the
* scsi or nvme transport. It is no longer an active node. Just
* start the device remove process.
*/
if (!(ndlp->fc4_xpt_flags & (SCSI_XPT_REGD | NVME_XPT_REGD))) {
- spin_lock_irq(&ndlp->lock);
ndlp->nlp_flag &= ~NLP_NPR_2B_DISC;
- spin_unlock_irq(&ndlp->lock);
+ if (!(ndlp->nlp_flag & NLP_IN_DEV_LOSS))
+ release_node = true;
+ }
+ spin_unlock_irq(&ndlp->lock);
+
+ if (release_node)
lpfc_disc_state_machine(vport, ndlp, cmdiocb,
NLP_EVT_DEVICE_RM);
- }
} else {
/* Good status, call state machine */
prsp = list_entry(((struct lpfc_dmabuf *)
@@ -2294,6 +2303,7 @@ lpfc_cmpl_els_prli(struct lpfc_hba *phba, struct lpfc_iocbq *cmdiocb,
u32 loglevel;
u32 ulp_status;
u32 ulp_word4;
+ bool release_node = false;
/* we pass cmdiocb to state machine which needs rspiocb as well */
cmdiocb->context_un.rsp_iocb = rspiocb;
@@ -2370,14 +2380,18 @@ lpfc_cmpl_els_prli(struct lpfc_hba *phba, struct lpfc_iocbq *cmdiocb,
* it is no longer an active node. Otherwise devloss
* handles the final cleanup.
*/
+ spin_lock_irq(&ndlp->lock);
if (!(ndlp->fc4_xpt_flags & (SCSI_XPT_REGD | NVME_XPT_REGD)) &&
!ndlp->fc4_prli_sent) {
- spin_lock_irq(&ndlp->lock);
ndlp->nlp_flag &= ~NLP_NPR_2B_DISC;
- spin_unlock_irq(&ndlp->lock);
+ if (!(ndlp->nlp_flag & NLP_IN_DEV_LOSS))
+ release_node = true;
+ }
+ spin_unlock_irq(&ndlp->lock);
+
+ if (release_node)
lpfc_disc_state_machine(vport, ndlp, cmdiocb,
NLP_EVT_DEVICE_RM);
- }
} else {
/* Good status, call state machine. However, if another
* PRLI is outstanding, don't call the state machine
@@ -2749,6 +2763,7 @@ lpfc_cmpl_els_adisc(struct lpfc_hba *phba, struct lpfc_iocbq *cmdiocb,
struct lpfc_nodelist *ndlp;
int disc;
u32 ulp_status, ulp_word4, tmo;
+ bool release_node = false;
/* we pass cmdiocb to state machine which needs rspiocb as well */
cmdiocb->context_un.rsp_iocb = rspiocb;
@@ -2815,13 +2830,17 @@ lpfc_cmpl_els_adisc(struct lpfc_hba *phba, struct lpfc_iocbq *cmdiocb,
* transport, it is no longer an active node. Otherwise
* devloss handles the final cleanup.
*/
+ spin_lock_irq(&ndlp->lock);
if (!(ndlp->fc4_xpt_flags & (SCSI_XPT_REGD | NVME_XPT_REGD))) {
- spin_lock_irq(&ndlp->lock);
ndlp->nlp_flag &= ~NLP_NPR_2B_DISC;
- spin_unlock_irq(&ndlp->lock);
+ if (!(ndlp->nlp_flag & NLP_IN_DEV_LOSS))
+ release_node = true;
+ }
+ spin_unlock_irq(&ndlp->lock);
+
+ if (release_node)
lpfc_disc_state_machine(vport, ndlp, cmdiocb,
NLP_EVT_DEVICE_RM);
- }
} else
/* Good status, call state machine */
lpfc_disc_state_machine(vport, ndlp, cmdiocb,
--
2.35.1
^ permalink raw reply related [flat|nested] 898+ messages in thread
* [PATCH 5.18 091/879] scsi: lpfc: Protect memory leak for NPIV ports sending PLOGI_RJT
2022-06-07 16:51 [PATCH 5.18 000/879] 5.18.3-rc1 review Greg Kroah-Hartman
` (89 preceding siblings ...)
2022-06-07 16:53 ` [PATCH 5.18 090/879] scsi: lpfc: Fix null pointer dereference after failing to issue FLOGI and PLOGI Greg Kroah-Hartman
@ 2022-06-07 16:53 ` Greg Kroah-Hartman
2022-06-07 16:53 ` [PATCH 5.18 092/879] scsi: lpfc: Fix call trace observed during I/O with CMF enabled Greg Kroah-Hartman
` (797 subsequent siblings)
888 siblings, 0 replies; 898+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:53 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Justin Tee, James Smart,
Martin K. Petersen, Sasha Levin
From: James Smart <jsmart2021@gmail.com>
[ Upstream commit 672d1cb40551ea9c95efad43ab6d45e4ab4e015f ]
There is a potential memory leak in lpfc_ignore_els_cmpl() and
lpfc_els_rsp_reject() that was allocated from NPIV PLOGI_RJT
(lpfc_rcv_plogi()'s login_mbox).
Check if cmdiocb->context_un.mbox was allocated in lpfc_ignore_els_cmpl(),
and then free it back to phba->mbox_mem_pool along with mbox->ctx_buf for
service parameters.
For lpfc_els_rsp_reject() failure, free both the ctx_buf for service
parameters and the login_mbox.
Link: https://lore.kernel.org/r/20220412222008.126521-10-jsmart2021@gmail.com
Co-developed-by: Justin Tee <justin.tee@broadcom.com>
Signed-off-by: Justin Tee <justin.tee@broadcom.com>
Signed-off-by: James Smart <jsmart2021@gmail.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/scsi/lpfc/lpfc_nportdisc.c | 10 ++++++++--
drivers/scsi/lpfc/lpfc_sli.c | 17 +++++++++++++++++
2 files changed, 25 insertions(+), 2 deletions(-)
diff --git a/drivers/scsi/lpfc/lpfc_nportdisc.c b/drivers/scsi/lpfc/lpfc_nportdisc.c
index c4e1a07066a2..4b065c51ee1b 100644
--- a/drivers/scsi/lpfc/lpfc_nportdisc.c
+++ b/drivers/scsi/lpfc/lpfc_nportdisc.c
@@ -614,9 +614,15 @@ lpfc_rcv_plogi(struct lpfc_vport *vport, struct lpfc_nodelist *ndlp,
stat.un.b.lsRjtRsnCode = LSRJT_INVALID_CMD;
stat.un.b.lsRjtRsnCodeExp = LSEXP_NOTHING_MORE;
rc = lpfc_els_rsp_reject(vport, stat.un.lsRjtError, cmdiocb,
- ndlp, login_mbox);
- if (rc)
+ ndlp, login_mbox);
+ if (rc) {
+ mp = (struct lpfc_dmabuf *)login_mbox->ctx_buf;
+ if (mp) {
+ lpfc_mbuf_free(phba, mp->virt, mp->phys);
+ kfree(mp);
+ }
mempool_free(login_mbox, phba->mbox_mem_pool);
+ }
return 1;
}
diff --git a/drivers/scsi/lpfc/lpfc_sli.c b/drivers/scsi/lpfc/lpfc_sli.c
index 6adaf79e67cc..09a45f8ecf3f 100644
--- a/drivers/scsi/lpfc/lpfc_sli.c
+++ b/drivers/scsi/lpfc/lpfc_sli.c
@@ -12066,6 +12066,8 @@ lpfc_ignore_els_cmpl(struct lpfc_hba *phba, struct lpfc_iocbq *cmdiocb,
{
struct lpfc_nodelist *ndlp = NULL;
IOCB_t *irsp;
+ LPFC_MBOXQ_t *mbox;
+ struct lpfc_dmabuf *mp;
u32 ulp_command, ulp_status, ulp_word4, iotag;
ulp_command = get_job_cmnd(phba, cmdiocb);
@@ -12077,6 +12079,21 @@ lpfc_ignore_els_cmpl(struct lpfc_hba *phba, struct lpfc_iocbq *cmdiocb,
} else {
irsp = &rspiocb->iocb;
iotag = irsp->ulpIoTag;
+
+ /* It is possible a PLOGI_RJT for NPIV ports to get aborted.
+ * The MBX_REG_LOGIN64 mbox command is freed back to the
+ * mbox_mem_pool here.
+ */
+ if (cmdiocb->context_un.mbox) {
+ mbox = cmdiocb->context_un.mbox;
+ mp = (struct lpfc_dmabuf *)mbox->ctx_buf;
+ if (mp) {
+ lpfc_mbuf_free(phba, mp->virt, mp->phys);
+ kfree(mp);
+ }
+ mempool_free(mbox, phba->mbox_mem_pool);
+ cmdiocb->context_un.mbox = NULL;
+ }
}
/* ELS cmd tag <ulpIoTag> completes */
--
2.35.1
^ permalink raw reply related [flat|nested] 898+ messages in thread
* [PATCH 5.18 092/879] scsi: lpfc: Fix call trace observed during I/O with CMF enabled
2022-06-07 16:51 [PATCH 5.18 000/879] 5.18.3-rc1 review Greg Kroah-Hartman
` (90 preceding siblings ...)
2022-06-07 16:53 ` [PATCH 5.18 091/879] scsi: lpfc: Protect memory leak for NPIV ports sending PLOGI_RJT Greg Kroah-Hartman
@ 2022-06-07 16:53 ` Greg Kroah-Hartman
2022-06-07 16:53 ` [PATCH 5.18 093/879] cpuidle: PSCI: Improve support for suspend-to-RAM for PSCI OSI mode Greg Kroah-Hartman
` (796 subsequent siblings)
888 siblings, 0 replies; 898+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:53 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Justin Tee, James Smart,
Martin K. Petersen, Sasha Levin
From: James Smart <jsmart2021@gmail.com>
[ Upstream commit d6d45f67a11136cb88a70a29ab22ea6db8ae6bd5 ]
The following was seen with CMF enabled:
BUG: using smp_processor_id() in preemptible
code: systemd-udevd/31711
kernel: caller is lpfc_update_cmf_cmd+0x214/0x420 [lpfc]
kernel: CPU: 12 PID: 31711 Comm: systemd-udevd
kernel: Call Trace:
kernel: <TASK>
kernel: dump_stack_lvl+0x44/0x57
kernel: check_preemption_disabled+0xbf/0xe0
kernel: lpfc_update_cmf_cmd+0x214/0x420 [lpfc]
kernel: lpfc_nvme_fcp_io_submit+0x23b4/0x4df0 [lpfc]
this_cpu_ptr() calls smp_processor_id() in a preemptible context.
Fix by using per_cpu_ptr() with raw_smp_processor_id() instead.
Link: https://lore.kernel.org/r/20220412222008.126521-16-jsmart2021@gmail.com
Co-developed-by: Justin Tee <justin.tee@broadcom.com>
Signed-off-by: Justin Tee <justin.tee@broadcom.com>
Signed-off-by: James Smart <jsmart2021@gmail.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/scsi/lpfc/lpfc_scsi.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/scsi/lpfc/lpfc_scsi.c b/drivers/scsi/lpfc/lpfc_scsi.c
index c4fa7d68fe03..f617a2ef6b0f 100644
--- a/drivers/scsi/lpfc/lpfc_scsi.c
+++ b/drivers/scsi/lpfc/lpfc_scsi.c
@@ -3835,7 +3835,7 @@ lpfc_update_cmf_cmpl(struct lpfc_hba *phba,
else
time = div_u64(time + 500, 1000); /* round it */
- cgs = this_cpu_ptr(phba->cmf_stat);
+ cgs = per_cpu_ptr(phba->cmf_stat, raw_smp_processor_id());
atomic64_add(size, &cgs->rcv_bytes);
atomic64_add(time, &cgs->rx_latency);
atomic_inc(&cgs->rx_io_cnt);
@@ -3879,7 +3879,7 @@ lpfc_update_cmf_cmd(struct lpfc_hba *phba, uint32_t size)
atomic_set(&phba->rx_max_read_cnt, size);
}
- cgs = this_cpu_ptr(phba->cmf_stat);
+ cgs = per_cpu_ptr(phba->cmf_stat, raw_smp_processor_id());
atomic64_add(size, &cgs->total_bytes);
return 0;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 898+ messages in thread
* [PATCH 5.18 093/879] cpuidle: PSCI: Improve support for suspend-to-RAM for PSCI OSI mode
2022-06-07 16:51 [PATCH 5.18 000/879] 5.18.3-rc1 review Greg Kroah-Hartman
` (91 preceding siblings ...)
2022-06-07 16:53 ` [PATCH 5.18 092/879] scsi: lpfc: Fix call trace observed during I/O with CMF enabled Greg Kroah-Hartman
@ 2022-06-07 16:53 ` Greg Kroah-Hartman
2022-06-07 16:53 ` [PATCH 5.18 094/879] drm/amdgpu/pm: fix the null pointer while the smu is disabled Greg Kroah-Hartman
` (795 subsequent siblings)
888 siblings, 0 replies; 898+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:53 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Maulik Shah, Ulf Hansson,
Rafael J. Wysocki, Sasha Levin
From: Ulf Hansson <ulf.hansson@linaro.org>
[ Upstream commit 171b66e2e2e9d80b93c8cff799e6175074b22297 ]
When PSCI OSI mode is supported the syscore flag is set for the CPU devices
that becomes attached to their PM domains (genpds). In the suspend-to-idle
case, we call dev_pm_genpd_suspend|resume() to allow genpd to properly
manage the power-off/on operations (pick an idlestate and manage the on/off
notifications).
For suspend-to-ram, dev_pm_genpd_suspend|resume() is currently not being
called, which causes a problem that the genpd on/off notifiers do not get
sent as expected. This prevents the platform-specific operations from being
executed, typically needed just before/after the boot CPU is being turned
off/on.
To deal with this problem, let's register a syscore ops for cpuidle-psci
when PSCI OSI mode is being used and call dev_pm_genpd_suspend|resume()
from them. In this way, genpd regains control of the PM domain topology and
then sends the on/off notifications when it's appropriate.
Reported-by: Maulik Shah <quic_mkshah@quicinc.com>
Suggested-by: Maulik Shah <quic_mkshah@quicinc.com>
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Tested-by: Maulik Shah <quic_mkshah@quicinc.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/cpuidle/cpuidle-psci.c | 46 ++++++++++++++++++++++++++++++++++
1 file changed, 46 insertions(+)
diff --git a/drivers/cpuidle/cpuidle-psci.c b/drivers/cpuidle/cpuidle-psci.c
index b51b5df08450..540105ca0781 100644
--- a/drivers/cpuidle/cpuidle-psci.c
+++ b/drivers/cpuidle/cpuidle-psci.c
@@ -23,6 +23,7 @@
#include <linux/pm_runtime.h>
#include <linux/slab.h>
#include <linux/string.h>
+#include <linux/syscore_ops.h>
#include <asm/cpuidle.h>
@@ -131,6 +132,49 @@ static int psci_idle_cpuhp_down(unsigned int cpu)
return 0;
}
+static void psci_idle_syscore_switch(bool suspend)
+{
+ bool cleared = false;
+ struct device *dev;
+ int cpu;
+
+ for_each_possible_cpu(cpu) {
+ dev = per_cpu_ptr(&psci_cpuidle_data, cpu)->dev;
+
+ if (dev && suspend) {
+ dev_pm_genpd_suspend(dev);
+ } else if (dev) {
+ dev_pm_genpd_resume(dev);
+
+ /* Account for userspace having offlined a CPU. */
+ if (pm_runtime_status_suspended(dev))
+ pm_runtime_set_active(dev);
+
+ /* Clear domain state to re-start fresh. */
+ if (!cleared) {
+ psci_set_domain_state(0);
+ cleared = true;
+ }
+ }
+ }
+}
+
+static int psci_idle_syscore_suspend(void)
+{
+ psci_idle_syscore_switch(true);
+ return 0;
+}
+
+static void psci_idle_syscore_resume(void)
+{
+ psci_idle_syscore_switch(false);
+}
+
+static struct syscore_ops psci_idle_syscore_ops = {
+ .suspend = psci_idle_syscore_suspend,
+ .resume = psci_idle_syscore_resume,
+};
+
static void psci_idle_init_cpuhp(void)
{
int err;
@@ -138,6 +182,8 @@ static void psci_idle_init_cpuhp(void)
if (!psci_cpuidle_use_cpuhp)
return;
+ register_syscore_ops(&psci_idle_syscore_ops);
+
err = cpuhp_setup_state_nocalls(CPUHP_AP_CPU_PM_STARTING,
"cpuidle/psci:online",
psci_idle_cpuhp_up,
--
2.35.1
^ permalink raw reply related [flat|nested] 898+ messages in thread
* [PATCH 5.18 094/879] drm/amdgpu/pm: fix the null pointer while the smu is disabled
2022-06-07 16:51 [PATCH 5.18 000/879] 5.18.3-rc1 review Greg Kroah-Hartman
` (92 preceding siblings ...)
2022-06-07 16:53 ` [PATCH 5.18 093/879] cpuidle: PSCI: Improve support for suspend-to-RAM for PSCI OSI mode Greg Kroah-Hartman
@ 2022-06-07 16:53 ` Greg Kroah-Hartman
2022-06-07 16:53 ` [PATCH 5.18 095/879] drm/amd/pm: fix double free in si_parse_power_table() Greg Kroah-Hartman
` (794 subsequent siblings)
888 siblings, 0 replies; 898+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:53 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Huang Rui, Aaron Liu, Alex Deucher,
Sasha Levin
From: Huang Rui <ray.huang@amd.com>
[ Upstream commit eea5c7b3390c6e006ba4cbd906447dd8cea8cfbf ]
It needs to check if the pp_funcs is initialized while release the
context, otherwise it will trigger null pointer panic while the software
smu is not enabled.
[ 1109.404555] BUG: kernel NULL pointer dereference, address: 0000000000000078
[ 1109.404609] #PF: supervisor read access in kernel mode
[ 1109.404638] #PF: error_code(0x0000) - not-present page
[ 1109.404657] PGD 0 P4D 0
[ 1109.404672] Oops: 0000 [#1] PREEMPT SMP NOPTI
[ 1109.404701] CPU: 7 PID: 9150 Comm: amdgpu_test Tainted: G OEL 5.16.0-custom #1
[ 1109.404732] Hardware name: innotek GmbH VirtualBox/VirtualBox, BIOS VirtualBox 12/01/2006
[ 1109.404765] RIP: 0010:amdgpu_dpm_force_performance_level+0x1d/0x170 [amdgpu]
[ 1109.405109] Code: 5d c3 44 8b a3 f0 80 00 00 eb e5 66 90 0f 1f 44 00 00 55 48 89 e5 41 57 41 56 41 55 41 54 53 48 83 ec 08 4c 8b b7 f0 7d 00 00 <49> 83 7e 78 00 0f 84 f2 00 00 00 80 bf 87 80 00 00 00 48 89 fb 0f
[ 1109.405176] RSP: 0018:ffffaf3083ad7c20 EFLAGS: 00010282
[ 1109.405203] RAX: 0000000000000000 RBX: ffff9796b1c14600 RCX: 0000000002862007
[ 1109.405229] RDX: ffff97968591c8c0 RSI: 0000000000000001 RDI: ffff9796a3700000
[ 1109.405260] RBP: ffffaf3083ad7c50 R08: ffffffff9897de00 R09: ffff979688d9db60
[ 1109.405286] R10: 0000000000000000 R11: ffff979688d9db90 R12: 0000000000000001
[ 1109.405316] R13: ffff9796a3700000 R14: 0000000000000000 R15: ffff9796a3708fc0
[ 1109.405345] FS: 00007ff055cff180(0000) GS:ffff9796bfdc0000(0000) knlGS:0000000000000000
[ 1109.405378] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1109.405400] CR2: 0000000000000078 CR3: 000000000a394000 CR4: 00000000000506e0
[ 1109.405434] Call Trace:
[ 1109.405445] <TASK>
[ 1109.405456] ? delete_object_full+0x1d/0x20
[ 1109.405480] amdgpu_ctx_set_stable_pstate+0x7c/0xa0 [amdgpu]
[ 1109.405698] amdgpu_ctx_fini.part.0+0xcb/0x100 [amdgpu]
[ 1109.405911] amdgpu_ctx_do_release+0x71/0x80 [amdgpu]
[ 1109.406121] amdgpu_ctx_ioctl+0x52d/0x550 [amdgpu]
[ 1109.406327] ? _raw_spin_unlock+0x1a/0x30
[ 1109.406354] ? drm_gem_handle_delete+0x81/0xb0 [drm]
[ 1109.406400] ? amdgpu_ctx_get_entity+0x2c0/0x2c0 [amdgpu]
[ 1109.406609] drm_ioctl_kernel+0xb6/0x140 [drm]
Signed-off-by: Huang Rui <ray.huang@amd.com>
Reviewed-by: Aaron Liu <aaron.liu@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/amd/pm/amdgpu_dpm.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/amd/pm/amdgpu_dpm.c b/drivers/gpu/drm/amd/pm/amdgpu_dpm.c
index 72e7b5d40af6..5472f9936feb 100644
--- a/drivers/gpu/drm/amd/pm/amdgpu_dpm.c
+++ b/drivers/gpu/drm/amd/pm/amdgpu_dpm.c
@@ -790,7 +790,7 @@ int amdgpu_dpm_force_performance_level(struct amdgpu_device *adev,
AMD_DPM_FORCED_LEVEL_PROFILE_MIN_MCLK |
AMD_DPM_FORCED_LEVEL_PROFILE_PEAK;
- if (!pp_funcs->force_performance_level)
+ if (!pp_funcs || !pp_funcs->force_performance_level)
return 0;
if (adev->pm.dpm.thermal_active)
--
2.35.1
^ permalink raw reply related [flat|nested] 898+ messages in thread
* [PATCH 5.18 095/879] drm/amd/pm: fix double free in si_parse_power_table()
2022-06-07 16:51 [PATCH 5.18 000/879] 5.18.3-rc1 review Greg Kroah-Hartman
` (93 preceding siblings ...)
2022-06-07 16:53 ` [PATCH 5.18 094/879] drm/amdgpu/pm: fix the null pointer while the smu is disabled Greg Kroah-Hartman
@ 2022-06-07 16:53 ` Greg Kroah-Hartman
2022-06-07 16:53 ` [PATCH 5.18 096/879] ASoC: rsnd: care default case on rsnd_ssiu_busif_err_status_clear() Greg Kroah-Hartman
` (793 subsequent siblings)
888 siblings, 0 replies; 898+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:53 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Keita Suzuki, Alex Deucher, Sasha Levin
From: Keita Suzuki <keitasuzuki.park@sslab.ics.keio.ac.jp>
[ Upstream commit f3fa2becf2fc25b6ac7cf8d8b1a2e4a86b3b72bd ]
In function si_parse_power_table(), array adev->pm.dpm.ps and its member
is allocated. If the allocation of each member fails, the array itself
is freed and returned with an error code. However, the array is later
freed again in si_dpm_fini() function which is called when the function
returns an error.
This leads to potential double free of the array adev->pm.dpm.ps, as
well as leak of its array members, since the members are not freed in
the allocation function and the array is not nulled when freed.
In addition adev->pm.dpm.num_ps, which keeps track of the allocated
array member, is not updated until the member allocation is
successfully finished, this could also lead to either use after free,
or uninitialized variable access in si_dpm_fini().
Fix this by postponing the free of the array until si_dpm_fini() and
increment adev->pm.dpm.num_ps everytime the array member is allocated.
Signed-off-by: Keita Suzuki <keitasuzuki.park@sslab.ics.keio.ac.jp>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/amd/pm/legacy-dpm/si_dpm.c | 8 +++-----
1 file changed, 3 insertions(+), 5 deletions(-)
diff --git a/drivers/gpu/drm/amd/pm/legacy-dpm/si_dpm.c b/drivers/gpu/drm/amd/pm/legacy-dpm/si_dpm.c
index 633dab14f51c..49c398ec0aaf 100644
--- a/drivers/gpu/drm/amd/pm/legacy-dpm/si_dpm.c
+++ b/drivers/gpu/drm/amd/pm/legacy-dpm/si_dpm.c
@@ -7297,17 +7297,15 @@ static int si_parse_power_table(struct amdgpu_device *adev)
if (!adev->pm.dpm.ps)
return -ENOMEM;
power_state_offset = (u8 *)state_array->states;
- for (i = 0; i < state_array->ucNumEntries; i++) {
+ for (adev->pm.dpm.num_ps = 0, i = 0; i < state_array->ucNumEntries; i++) {
u8 *idx;
power_state = (union pplib_power_state *)power_state_offset;
non_clock_array_index = power_state->v2.nonClockInfoIndex;
non_clock_info = (struct _ATOM_PPLIB_NONCLOCK_INFO *)
&non_clock_info_array->nonClockInfo[non_clock_array_index];
ps = kzalloc(sizeof(struct si_ps), GFP_KERNEL);
- if (ps == NULL) {
- kfree(adev->pm.dpm.ps);
+ if (ps == NULL)
return -ENOMEM;
- }
adev->pm.dpm.ps[i].ps_priv = ps;
si_parse_pplib_non_clock_info(adev, &adev->pm.dpm.ps[i],
non_clock_info,
@@ -7329,8 +7327,8 @@ static int si_parse_power_table(struct amdgpu_device *adev)
k++;
}
power_state_offset += 2 + power_state->v2.ucNumDPMLevels;
+ adev->pm.dpm.num_ps++;
}
- adev->pm.dpm.num_ps = state_array->ucNumEntries;
/* fill in the vce power states */
for (i = 0; i < adev->pm.dpm.num_of_vce_states; i++) {
--
2.35.1
^ permalink raw reply related [flat|nested] 898+ messages in thread
* [PATCH 5.18 096/879] ASoC: rsnd: care default case on rsnd_ssiu_busif_err_status_clear()
2022-06-07 16:51 [PATCH 5.18 000/879] 5.18.3-rc1 review Greg Kroah-Hartman
` (94 preceding siblings ...)
2022-06-07 16:53 ` [PATCH 5.18 095/879] drm/amd/pm: fix double free in si_parse_power_table() Greg Kroah-Hartman
@ 2022-06-07 16:53 ` Greg Kroah-Hartman
2022-06-07 16:53 ` [PATCH 5.18 097/879] ASoC: rsnd: care return value from rsnd_node_fixed_index() Greg Kroah-Hartman
` (792 subsequent siblings)
888 siblings, 0 replies; 898+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:53 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, kernel test robot, Dan Carpenter,
Kuninori Morimoto, Mark Brown, Sasha Levin
From: Kuninori Morimoto <kuninori.morimoto.gx@renesas.com>
[ Upstream commit b1384d4c95088d01f4266237faabf165d3d605fc ]
commit cfb7b8bf1e2d66 ("ASoC: rsnd: tidyup
rsnd_ssiu_busif_err_status_clear()") merged duplicate code, but it didn't
care about default case, and causes smatch warnings.
smatch warnings:
sound/soc/sh/rcar/ssiu.c:112 rsnd_ssiu_busif_err_status_clear() \
error: uninitialized symbol 'offset'.
sound/soc/sh/rcar/ssiu.c:114 rsnd_ssiu_busif_err_status_clear() \
error: uninitialized symbol 'shift'.
This patch cares it.
Reported-by: kernel test robot <lkp@intel.com>
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Kuninori Morimoto <kuninori.morimoto.gx@renesas.com>
Link: https://lore.kernel.org/r/87r15rgn6p.wl-kuninori.morimoto.gx@renesas.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/sh/rcar/ssiu.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/sound/soc/sh/rcar/ssiu.c b/sound/soc/sh/rcar/ssiu.c
index 0d8f97633dd2..138f95dd9f4a 100644
--- a/sound/soc/sh/rcar/ssiu.c
+++ b/sound/soc/sh/rcar/ssiu.c
@@ -102,6 +102,8 @@ bool rsnd_ssiu_busif_err_status_clear(struct rsnd_mod *mod)
shift = 1;
offset = 1;
break;
+ default:
+ goto out;
}
for (i = 0; i < 4; i++) {
@@ -120,7 +122,7 @@ bool rsnd_ssiu_busif_err_status_clear(struct rsnd_mod *mod)
}
rsnd_mod_write(mod, reg, val);
}
-
+out:
return error;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 898+ messages in thread
* [PATCH 5.18 097/879] ASoC: rsnd: care return value from rsnd_node_fixed_index()
2022-06-07 16:51 [PATCH 5.18 000/879] 5.18.3-rc1 review Greg Kroah-Hartman
` (95 preceding siblings ...)
2022-06-07 16:53 ` [PATCH 5.18 096/879] ASoC: rsnd: care default case on rsnd_ssiu_busif_err_status_clear() Greg Kroah-Hartman
@ 2022-06-07 16:53 ` Greg Kroah-Hartman
2022-06-07 16:53 ` [PATCH 5.18 098/879] net: macb: In ZynqMP initialization make SGMII phy configuration optional Greg Kroah-Hartman
` (791 subsequent siblings)
888 siblings, 0 replies; 898+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:53 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, kernel test robot, Dan Carpenter,
Kuninori Morimoto, Mark Brown, Sasha Levin
From: Kuninori Morimoto <kuninori.morimoto.gx@renesas.com>
[ Upstream commit d09a7db431c65aaa8303eb456439d1831ca2e6b4 ]
Renesas Sound is very complex, and thus it needs to use
rsnd_node_fixed_index() to know enabled pin index.
It returns error if strange pin was selected,
but some codes didn't check it.
This patch 1) indicates error message, 2) check return
value.
Reported-by: kernel test robot <lkp@intel.com>
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Kuninori Morimoto <kuninori.morimoto.gx@renesas.com>
Link: https://lore.kernel.org/r/87pmlbgn5t.wl-kuninori.morimoto.gx@renesas.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/sh/rcar/core.c | 15 ++++++++++-----
sound/soc/sh/rcar/dma.c | 9 ++++++++-
sound/soc/sh/rcar/rsnd.h | 2 +-
sound/soc/sh/rcar/src.c | 7 ++++++-
sound/soc/sh/rcar/ssi.c | 14 ++++++++++++--
sound/soc/sh/rcar/ssiu.c | 7 ++++++-
6 files changed, 43 insertions(+), 11 deletions(-)
diff --git a/sound/soc/sh/rcar/core.c b/sound/soc/sh/rcar/core.c
index 6a8fe0da7670..af8ef2a27d34 100644
--- a/sound/soc/sh/rcar/core.c
+++ b/sound/soc/sh/rcar/core.c
@@ -1159,6 +1159,7 @@ void rsnd_parse_connect_common(struct rsnd_dai *rdai, char *name,
struct device_node *capture)
{
struct rsnd_priv *priv = rsnd_rdai_to_priv(rdai);
+ struct device *dev = rsnd_priv_to_dev(priv);
struct device_node *np;
int i;
@@ -1169,7 +1170,11 @@ void rsnd_parse_connect_common(struct rsnd_dai *rdai, char *name,
for_each_child_of_node(node, np) {
struct rsnd_mod *mod;
- i = rsnd_node_fixed_index(np, name, i);
+ i = rsnd_node_fixed_index(dev, np, name, i);
+ if (i < 0) {
+ of_node_put(np);
+ break;
+ }
mod = mod_get(priv, i);
@@ -1183,7 +1188,7 @@ void rsnd_parse_connect_common(struct rsnd_dai *rdai, char *name,
of_node_put(node);
}
-int rsnd_node_fixed_index(struct device_node *node, char *name, int idx)
+int rsnd_node_fixed_index(struct device *dev, struct device_node *node, char *name, int idx)
{
char node_name[16];
@@ -1210,6 +1215,8 @@ int rsnd_node_fixed_index(struct device_node *node, char *name, int idx)
return idx;
}
+ dev_err(dev, "strange node numbering (%s)",
+ of_node_full_name(node));
return -EINVAL;
}
@@ -1221,10 +1228,8 @@ int rsnd_node_count(struct rsnd_priv *priv, struct device_node *node, char *name
i = 0;
for_each_child_of_node(node, np) {
- i = rsnd_node_fixed_index(np, name, i);
+ i = rsnd_node_fixed_index(dev, np, name, i);
if (i < 0) {
- dev_err(dev, "strange node numbering (%s)",
- of_node_full_name(node));
of_node_put(np);
return 0;
}
diff --git a/sound/soc/sh/rcar/dma.c b/sound/soc/sh/rcar/dma.c
index 03e0d4eca781..463ab237d7bd 100644
--- a/sound/soc/sh/rcar/dma.c
+++ b/sound/soc/sh/rcar/dma.c
@@ -240,12 +240,19 @@ static int rsnd_dmaen_start(struct rsnd_mod *mod,
struct dma_chan *rsnd_dma_request_channel(struct device_node *of_node, char *name,
struct rsnd_mod *mod, char *x)
{
+ struct rsnd_priv *priv = rsnd_mod_to_priv(mod);
+ struct device *dev = rsnd_priv_to_dev(priv);
struct dma_chan *chan = NULL;
struct device_node *np;
int i = 0;
for_each_child_of_node(of_node, np) {
- i = rsnd_node_fixed_index(np, name, i);
+ i = rsnd_node_fixed_index(dev, np, name, i);
+ if (i < 0) {
+ chan = NULL;
+ of_node_put(np);
+ break;
+ }
if (i == rsnd_mod_id_raw(mod) && (!chan))
chan = of_dma_request_slave_channel(np, x);
diff --git a/sound/soc/sh/rcar/rsnd.h b/sound/soc/sh/rcar/rsnd.h
index 6580bab0e229..d9cd190d7e19 100644
--- a/sound/soc/sh/rcar/rsnd.h
+++ b/sound/soc/sh/rcar/rsnd.h
@@ -460,7 +460,7 @@ void rsnd_parse_connect_common(struct rsnd_dai *rdai, char *name,
struct device_node *playback,
struct device_node *capture);
int rsnd_node_count(struct rsnd_priv *priv, struct device_node *node, char *name);
-int rsnd_node_fixed_index(struct device_node *node, char *name, int idx);
+int rsnd_node_fixed_index(struct device *dev, struct device_node *node, char *name, int idx);
int rsnd_channel_normalization(int chan);
#define rsnd_runtime_channel_original(io) \
diff --git a/sound/soc/sh/rcar/src.c b/sound/soc/sh/rcar/src.c
index 42a100c6303d..0ea84ae57c6a 100644
--- a/sound/soc/sh/rcar/src.c
+++ b/sound/soc/sh/rcar/src.c
@@ -676,7 +676,12 @@ int rsnd_src_probe(struct rsnd_priv *priv)
if (!of_device_is_available(np))
goto skip;
- i = rsnd_node_fixed_index(np, SRC_NAME, i);
+ i = rsnd_node_fixed_index(dev, np, SRC_NAME, i);
+ if (i < 0) {
+ ret = -EINVAL;
+ of_node_put(np);
+ goto rsnd_src_probe_done;
+ }
src = rsnd_src_get(priv, i);
diff --git a/sound/soc/sh/rcar/ssi.c b/sound/soc/sh/rcar/ssi.c
index 87e606f688d3..43c5e27dc5c8 100644
--- a/sound/soc/sh/rcar/ssi.c
+++ b/sound/soc/sh/rcar/ssi.c
@@ -1105,6 +1105,7 @@ void rsnd_parse_connect_ssi(struct rsnd_dai *rdai,
struct device_node *capture)
{
struct rsnd_priv *priv = rsnd_rdai_to_priv(rdai);
+ struct device *dev = rsnd_priv_to_dev(priv);
struct device_node *node;
struct device_node *np;
int i;
@@ -1117,7 +1118,11 @@ void rsnd_parse_connect_ssi(struct rsnd_dai *rdai,
for_each_child_of_node(node, np) {
struct rsnd_mod *mod;
- i = rsnd_node_fixed_index(np, SSI_NAME, i);
+ i = rsnd_node_fixed_index(dev, np, SSI_NAME, i);
+ if (i < 0) {
+ of_node_put(np);
+ break;
+ }
mod = rsnd_ssi_mod_get(priv, i);
@@ -1182,7 +1187,12 @@ int rsnd_ssi_probe(struct rsnd_priv *priv)
if (!of_device_is_available(np))
goto skip;
- i = rsnd_node_fixed_index(np, SSI_NAME, i);
+ i = rsnd_node_fixed_index(dev, np, SSI_NAME, i);
+ if (i < 0) {
+ ret = -EINVAL;
+ of_node_put(np);
+ goto rsnd_ssi_probe_done;
+ }
ssi = rsnd_ssi_get(priv, i);
diff --git a/sound/soc/sh/rcar/ssiu.c b/sound/soc/sh/rcar/ssiu.c
index 138f95dd9f4a..4b8a63e336c7 100644
--- a/sound/soc/sh/rcar/ssiu.c
+++ b/sound/soc/sh/rcar/ssiu.c
@@ -462,6 +462,7 @@ void rsnd_parse_connect_ssiu(struct rsnd_dai *rdai,
struct device_node *capture)
{
struct rsnd_priv *priv = rsnd_rdai_to_priv(rdai);
+ struct device *dev = rsnd_priv_to_dev(priv);
struct device_node *node = rsnd_ssiu_of_node(priv);
struct rsnd_dai_stream *io_p = &rdai->playback;
struct rsnd_dai_stream *io_c = &rdai->capture;
@@ -474,7 +475,11 @@ void rsnd_parse_connect_ssiu(struct rsnd_dai *rdai,
for_each_child_of_node(node, np) {
struct rsnd_mod *mod;
- i = rsnd_node_fixed_index(np, SSIU_NAME, i);
+ i = rsnd_node_fixed_index(dev, np, SSIU_NAME, i);
+ if (i < 0) {
+ of_node_put(np);
+ break;
+ }
mod = rsnd_ssiu_mod_get(priv, i);
--
2.35.1
^ permalink raw reply related [flat|nested] 898+ messages in thread
* [PATCH 5.18 098/879] net: macb: In ZynqMP initialization make SGMII phy configuration optional
2022-06-07 16:51 [PATCH 5.18 000/879] 5.18.3-rc1 review Greg Kroah-Hartman
` (96 preceding siblings ...)
2022-06-07 16:53 ` [PATCH 5.18 097/879] ASoC: rsnd: care return value from rsnd_node_fixed_index() Greg Kroah-Hartman
@ 2022-06-07 16:53 ` Greg Kroah-Hartman
2022-06-07 16:53 ` [PATCH 5.18 099/879] ath9k: fix QCA9561 PA bias level Greg Kroah-Hartman
` (790 subsequent siblings)
888 siblings, 0 replies; 898+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:53 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Radhey Shyam Pandey, Michal Simek,
David S. Miller, Sasha Levin
From: Radhey Shyam Pandey <radhey.shyam.pandey@xilinx.com>
[ Upstream commit 29e96fe9e0ec0f0fe1dd306a4ccb7b8983eae67a ]
In the macb binding documentation "phys" is an optional property. Make
implementation in line with it. This change allows the traditional flow
in which first stage bootloader does PS-GT configuration to work along
with newer use cases in which PS-GT configuration is managed by the
phy-zynqmp driver.
It fixes below macb probe failure when macb DT node doesn't have SGMII
phys handle.
"macb ff0b0000.ethernet: error -ENODEV: failed to get PS-GTR PHY"
Signed-off-by: Radhey Shyam Pandey <radhey.shyam.pandey@xilinx.com>
Reviewed-by: Michal Simek <michal.simek@xilinx.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/cadence/macb_main.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/cadence/macb_main.c b/drivers/net/ethernet/cadence/macb_main.c
index 61284baa0496..ed7c2c2c4401 100644
--- a/drivers/net/ethernet/cadence/macb_main.c
+++ b/drivers/net/ethernet/cadence/macb_main.c
@@ -4594,7 +4594,7 @@ static int zynqmp_init(struct platform_device *pdev)
if (bp->phy_interface == PHY_INTERFACE_MODE_SGMII) {
/* Ensure PS-GTR PHY device used in SGMII mode is ready */
- bp->sgmii_phy = devm_phy_get(&pdev->dev, "sgmii-phy");
+ bp->sgmii_phy = devm_phy_optional_get(&pdev->dev, NULL);
if (IS_ERR(bp->sgmii_phy)) {
ret = PTR_ERR(bp->sgmii_phy);
--
2.35.1
^ permalink raw reply related [flat|nested] 898+ messages in thread
* [PATCH 5.18 099/879] ath9k: fix QCA9561 PA bias level
2022-06-07 16:51 [PATCH 5.18 000/879] 5.18.3-rc1 review Greg Kroah-Hartman
` (97 preceding siblings ...)
2022-06-07 16:53 ` [PATCH 5.18 098/879] net: macb: In ZynqMP initialization make SGMII phy configuration optional Greg Kroah-Hartman
@ 2022-06-07 16:53 ` Greg Kroah-Hartman
2022-06-07 16:53 ` [PATCH 5.18 100/879] media: Revert "media: dw9768: activate runtime PM and turn off device" Greg Kroah-Hartman
` (789 subsequent siblings)
888 siblings, 0 replies; 898+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:53 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Thibaut VARÈNE, Felix Fietkau,
Toke Høiland-Jørgensen, Kalle Valo, Sasha Levin
From: Thibaut VARÈNE <hacks+kernel@slashdirt.org>
[ Upstream commit e999a5da28a0e0f7de242d841ef7d5e48f4646ae ]
This patch fixes an invalid TX PA DC bias level on QCA9561, which
results in a very low output power and very low throughput as devices
are further away from the AP (compared to other 2.4GHz APs).
This patch was suggested by Felix Fietkau, who noted[1]:
"The value written to that register is wrong, because while the mask
definition AR_CH0_TOP2_XPABIASLVL uses a different value for 9561, the
shift definition AR_CH0_TOP2_XPABIASLVL_S is hardcoded to 12, which is
wrong for 9561."
In real life testing, without this patch the 2.4GHz throughput on
Yuncore XD3200 is around 10Mbps sitting next to the AP, and closer to
practical maximum with the patch applied.
[1] https://lore.kernel.org/all/91c58969-c60e-2f41-00ac-737786d435ae@nbd.name
Signed-off-by: Thibaut VARÈNE <hacks+kernel@slashdirt.org>
Acked-by: Felix Fietkau <nbd@nbd.name>
Acked-by: Toke Høiland-Jørgensen <toke@toke.dk>
Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com>
Link: https://lore.kernel.org/r/20220417145145.1847-1-hacks+kernel@slashdirt.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/ath/ath9k/ar9003_phy.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/wireless/ath/ath9k/ar9003_phy.h b/drivers/net/wireless/ath/ath9k/ar9003_phy.h
index a171dbb29fbb..ad949eb02f3d 100644
--- a/drivers/net/wireless/ath/ath9k/ar9003_phy.h
+++ b/drivers/net/wireless/ath/ath9k/ar9003_phy.h
@@ -720,7 +720,7 @@
#define AR_CH0_TOP2 (AR_SREV_9300(ah) ? 0x1628c : \
(AR_SREV_9462(ah) ? 0x16290 : 0x16284))
#define AR_CH0_TOP2_XPABIASLVL (AR_SREV_9561(ah) ? 0x1e00 : 0xf000)
-#define AR_CH0_TOP2_XPABIASLVL_S 12
+#define AR_CH0_TOP2_XPABIASLVL_S (AR_SREV_9561(ah) ? 9 : 12)
#define AR_CH0_XTAL (AR_SREV_9300(ah) ? 0x16294 : \
((AR_SREV_9462(ah) || AR_SREV_9565(ah)) ? 0x16298 : \
--
2.35.1
^ permalink raw reply related [flat|nested] 898+ messages in thread
* [PATCH 5.18 100/879] media: Revert "media: dw9768: activate runtime PM and turn off device"
2022-06-07 16:51 [PATCH 5.18 000/879] 5.18.3-rc1 review Greg Kroah-Hartman
` (98 preceding siblings ...)
2022-06-07 16:53 ` [PATCH 5.18 099/879] ath9k: fix QCA9561 PA bias level Greg Kroah-Hartman
@ 2022-06-07 16:53 ` Greg Kroah-Hartman
2022-06-07 16:53 ` [PATCH 5.18 101/879] media: i2c: dw9714: Disable the regulator when the driver fails to probe Greg Kroah-Hartman
` (788 subsequent siblings)
888 siblings, 0 replies; 898+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:53 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Sakari Ailus, Tomasz Figa,
Bingbu Cao, Mauro Carvalho Chehab, Sasha Levin
From: Sakari Ailus <sakari.ailus@linux.intel.com>
[ Upstream commit 7dd0f93a31af03cba81c684c4c361bba510ffe71 ]
This reverts commit c09d776eaa060534a1663e3b89d842db3e1d9076.
Revert the commit as it breaks runtime PM support on OF based systems.
More fixes to the driver are needed.
Signed-off-by: Sakari Ailus <sakari.ailus@linux.intel.com>
Reviewed-by: Tomasz Figa <tfiga@chromium.org>
Reviewed-by: Bingbu Cao <bingbu.cao@intel.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/i2c/dw9768.c | 6 ------
1 file changed, 6 deletions(-)
diff --git a/drivers/media/i2c/dw9768.c b/drivers/media/i2c/dw9768.c
index 65c6acf3ced9..c086580efac7 100644
--- a/drivers/media/i2c/dw9768.c
+++ b/drivers/media/i2c/dw9768.c
@@ -469,11 +469,6 @@ static int dw9768_probe(struct i2c_client *client)
dw9768->sd.entity.function = MEDIA_ENT_F_LENS;
- /*
- * Device is already turned on by i2c-core with ACPI domain PM.
- * Attempt to turn off the device to satisfy the privacy LED concerns.
- */
- pm_runtime_set_active(dev);
pm_runtime_enable(dev);
if (!pm_runtime_enabled(dev)) {
ret = dw9768_runtime_resume(dev);
@@ -488,7 +483,6 @@ static int dw9768_probe(struct i2c_client *client)
dev_err(dev, "failed to register V4L2 subdev: %d", ret);
goto err_power_off;
}
- pm_runtime_idle(dev);
return 0;
--
2.35.1
^ permalink raw reply related [flat|nested] 898+ messages in thread
* [PATCH 5.18 101/879] media: i2c: dw9714: Disable the regulator when the driver fails to probe
2022-06-07 16:51 [PATCH 5.18 000/879] 5.18.3-rc1 review Greg Kroah-Hartman
` (99 preceding siblings ...)
2022-06-07 16:53 ` [PATCH 5.18 100/879] media: Revert "media: dw9768: activate runtime PM and turn off device" Greg Kroah-Hartman
@ 2022-06-07 16:53 ` Greg Kroah-Hartman
2022-06-07 16:53 ` [PATCH 5.18 102/879] media: venus: hfi: avoid null dereference in deinit Greg Kroah-Hartman
` (787 subsequent siblings)
888 siblings, 0 replies; 898+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:53 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Zheyu Ma, Sakari Ailus,
Mauro Carvalho Chehab, Sasha Levin
From: Zheyu Ma <zheyuma97@gmail.com>
[ Upstream commit 02276e18defa2fccf16413b44440277d98c2b1ea ]
When the driver fails to probe, we will get the following splat:
[ 59.305988] ------------[ cut here ]------------
[ 59.306417] WARNING: CPU: 2 PID: 395 at drivers/regulator/core.c:2257 _regulator_put+0x3ec/0x4e0
[ 59.310345] RIP: 0010:_regulator_put+0x3ec/0x4e0
[ 59.318362] Call Trace:
[ 59.318582] <TASK>
[ 59.318765] regulator_put+0x1f/0x30
[ 59.319058] devres_release_group+0x319/0x3d0
[ 59.319420] i2c_device_probe+0x766/0x940
Fix this by disabling the regulator in error handling.
Signed-off-by: Zheyu Ma <zheyuma97@gmail.com>
Signed-off-by: Sakari Ailus <sakari.ailus@linux.intel.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/i2c/dw9714.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/media/i2c/dw9714.c b/drivers/media/i2c/dw9714.c
index cd7008ad8f2f..8c5797ba57d4 100644
--- a/drivers/media/i2c/dw9714.c
+++ b/drivers/media/i2c/dw9714.c
@@ -183,6 +183,7 @@ static int dw9714_probe(struct i2c_client *client)
return 0;
err_cleanup:
+ regulator_disable(dw9714_dev->vcc);
v4l2_ctrl_handler_free(&dw9714_dev->ctrls_vcm);
media_entity_cleanup(&dw9714_dev->sd.entity);
--
2.35.1
^ permalink raw reply related [flat|nested] 898+ messages in thread
* [PATCH 5.18 102/879] media: venus: hfi: avoid null dereference in deinit
2022-06-07 16:51 [PATCH 5.18 000/879] 5.18.3-rc1 review Greg Kroah-Hartman
` (100 preceding siblings ...)
2022-06-07 16:53 ` [PATCH 5.18 101/879] media: i2c: dw9714: Disable the regulator when the driver fails to probe Greg Kroah-Hartman
@ 2022-06-07 16:53 ` Greg Kroah-Hartman
2022-06-07 16:53 ` [PATCH 5.18 103/879] media: venus: do not queue internal buffers from previous sequence Greg Kroah-Hartman
` (786 subsequent siblings)
888 siblings, 0 replies; 898+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:53 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Luca Weiss, Stanimir Varbanov,
Mauro Carvalho Chehab, Sasha Levin
From: Luca Weiss <luca.weiss@fairphone.com>
[ Upstream commit 86594f6af867b5165d2ba7b5a71fae3a5961e56c ]
If venus_probe fails at pm_runtime_put_sync the error handling first
calls hfi_destroy and afterwards hfi_core_deinit. As hfi_destroy sets
core->ops to NULL, hfi_core_deinit cannot call the core_deinit function
anymore.
Avoid this null pointer derefence by skipping the call when necessary.
Signed-off-by: Luca Weiss <luca.weiss@fairphone.com>
Signed-off-by: Stanimir Varbanov <stanimir.varbanov@linaro.org>
Signed-off-by: Mauro Carvalho Chehab <mchehab@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/platform/qcom/venus/hfi.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/media/platform/qcom/venus/hfi.c b/drivers/media/platform/qcom/venus/hfi.c
index 4e2151fb47f0..1968f09ad177 100644
--- a/drivers/media/platform/qcom/venus/hfi.c
+++ b/drivers/media/platform/qcom/venus/hfi.c
@@ -104,6 +104,9 @@ int hfi_core_deinit(struct venus_core *core, bool blocking)
mutex_lock(&core->lock);
}
+ if (!core->ops)
+ goto unlock;
+
ret = core->ops->core_deinit(core);
if (!ret)
--
2.35.1
^ permalink raw reply related [flat|nested] 898+ messages in thread
* [PATCH 5.18 103/879] media: venus: do not queue internal buffers from previous sequence
2022-06-07 16:51 [PATCH 5.18 000/879] 5.18.3-rc1 review Greg Kroah-Hartman
` (101 preceding siblings ...)
2022-06-07 16:53 ` [PATCH 5.18 102/879] media: venus: hfi: avoid null dereference in deinit Greg Kroah-Hartman
@ 2022-06-07 16:53 ` Greg Kroah-Hartman
2022-06-07 16:53 ` [PATCH 5.18 104/879] media: pci: cx23885: Fix the error handling in cx23885_initdev() Greg Kroah-Hartman
` (785 subsequent siblings)
888 siblings, 0 replies; 898+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:53 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Vikash Garodia, Fritz Koenig,
Stanimir Varbanov, Mauro Carvalho Chehab, Sasha Levin
From: Vikash Garodia <quic_vgarodia@quicinc.com>
[ Upstream commit 73664f107c0fafb59cd91e576b81c986adb74610 ]
During reconfig (DRC) event from firmware, it is not guaranteed that
all the DPB(internal) buffers would be released by the firmware. Some
buffers might be released gradually while processing frames from the
new sequence. These buffers now stay idle in the dpblist.
In subsequent call to queue the DPBs to firmware, these idle buffers
should not be queued. The fix identifies those buffers and free them.
Signed-off-by: Vikash Garodia <quic_vgarodia@quicinc.com>
Tested-by: Fritz Koenig <frkoenig@chromium.org>
Signed-off-by: Stanimir Varbanov <stanimir.varbanov@linaro.org>
Signed-off-by: Mauro Carvalho Chehab <mchehab@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/platform/qcom/venus/helpers.c | 34 +++++++++++++++------
1 file changed, 25 insertions(+), 9 deletions(-)
diff --git a/drivers/media/platform/qcom/venus/helpers.c b/drivers/media/platform/qcom/venus/helpers.c
index 0bca95d01650..fa01edd54c03 100644
--- a/drivers/media/platform/qcom/venus/helpers.c
+++ b/drivers/media/platform/qcom/venus/helpers.c
@@ -90,12 +90,28 @@ bool venus_helper_check_codec(struct venus_inst *inst, u32 v4l2_pixfmt)
}
EXPORT_SYMBOL_GPL(venus_helper_check_codec);
+static void free_dpb_buf(struct venus_inst *inst, struct intbuf *buf)
+{
+ ida_free(&inst->dpb_ids, buf->dpb_out_tag);
+
+ list_del_init(&buf->list);
+ dma_free_attrs(inst->core->dev, buf->size, buf->va, buf->da,
+ buf->attrs);
+ kfree(buf);
+}
+
int venus_helper_queue_dpb_bufs(struct venus_inst *inst)
{
- struct intbuf *buf;
+ struct intbuf *buf, *next;
+ unsigned int dpb_size = 0;
int ret = 0;
- list_for_each_entry(buf, &inst->dpbbufs, list) {
+ if (inst->dpb_buftype == HFI_BUFFER_OUTPUT)
+ dpb_size = inst->output_buf_size;
+ else if (inst->dpb_buftype == HFI_BUFFER_OUTPUT2)
+ dpb_size = inst->output2_buf_size;
+
+ list_for_each_entry_safe(buf, next, &inst->dpbbufs, list) {
struct hfi_frame_data fdata;
memset(&fdata, 0, sizeof(fdata));
@@ -106,6 +122,12 @@ int venus_helper_queue_dpb_bufs(struct venus_inst *inst)
if (buf->owned_by == FIRMWARE)
continue;
+ /* free buffer from previous sequence which was released later */
+ if (dpb_size > buf->size) {
+ free_dpb_buf(inst, buf);
+ continue;
+ }
+
fdata.clnt_data = buf->dpb_out_tag;
ret = hfi_session_process_buf(inst, &fdata);
@@ -127,13 +149,7 @@ int venus_helper_free_dpb_bufs(struct venus_inst *inst)
list_for_each_entry_safe(buf, n, &inst->dpbbufs, list) {
if (buf->owned_by == FIRMWARE)
continue;
-
- ida_free(&inst->dpb_ids, buf->dpb_out_tag);
-
- list_del_init(&buf->list);
- dma_free_attrs(inst->core->dev, buf->size, buf->va, buf->da,
- buf->attrs);
- kfree(buf);
+ free_dpb_buf(inst, buf);
}
if (list_empty(&inst->dpbbufs))
--
2.35.1
^ permalink raw reply related [flat|nested] 898+ messages in thread
* [PATCH 5.18 104/879] media: pci: cx23885: Fix the error handling in cx23885_initdev()
2022-06-07 16:51 [PATCH 5.18 000/879] 5.18.3-rc1 review Greg Kroah-Hartman
` (102 preceding siblings ...)
2022-06-07 16:53 ` [PATCH 5.18 103/879] media: venus: do not queue internal buffers from previous sequence Greg Kroah-Hartman
@ 2022-06-07 16:53 ` Greg Kroah-Hartman
2022-06-07 16:53 ` [PATCH 5.18 105/879] media: cx25821: Fix the warning when removing the module Greg Kroah-Hartman
` (784 subsequent siblings)
888 siblings, 0 replies; 898+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:53 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Zheyu Ma, Hans Verkuil,
Mauro Carvalho Chehab, Sasha Levin
From: Zheyu Ma <zheyuma97@gmail.com>
[ Upstream commit e8123311cf06d7dae71e8c5fe78e0510d20cd30b ]
When the driver fails to call the dma_set_mask(), the driver will get
the following splat:
[ 55.853884] BUG: KASAN: use-after-free in __process_removed_driver+0x3c/0x240
[ 55.854486] Read of size 8 at addr ffff88810de60408 by task modprobe/590
[ 55.856822] Call Trace:
[ 55.860327] __process_removed_driver+0x3c/0x240
[ 55.861347] bus_for_each_dev+0x102/0x160
[ 55.861681] i2c_del_driver+0x2f/0x50
This is because the driver has initialized the i2c related resources
in cx23885_dev_setup() but not released them in error handling, fix this
bug by modifying the error path that jumps after failing to call the
dma_set_mask().
Signed-off-by: Zheyu Ma <zheyuma97@gmail.com>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/pci/cx23885/cx23885-core.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/drivers/media/pci/cx23885/cx23885-core.c b/drivers/media/pci/cx23885/cx23885-core.c
index f8f2ff3b00c3..a07b18f2034e 100644
--- a/drivers/media/pci/cx23885/cx23885-core.c
+++ b/drivers/media/pci/cx23885/cx23885-core.c
@@ -2165,7 +2165,7 @@ static int cx23885_initdev(struct pci_dev *pci_dev,
err = dma_set_mask(&pci_dev->dev, 0xffffffff);
if (err) {
pr_err("%s/0: Oops: no 32bit PCI DMA ???\n", dev->name);
- goto fail_ctrl;
+ goto fail_dma_set_mask;
}
err = request_irq(pci_dev->irq, cx23885_irq,
@@ -2173,7 +2173,7 @@ static int cx23885_initdev(struct pci_dev *pci_dev,
if (err < 0) {
pr_err("%s: can't get IRQ %d\n",
dev->name, pci_dev->irq);
- goto fail_irq;
+ goto fail_dma_set_mask;
}
switch (dev->board) {
@@ -2195,7 +2195,7 @@ static int cx23885_initdev(struct pci_dev *pci_dev,
return 0;
-fail_irq:
+fail_dma_set_mask:
cx23885_dev_unregister(dev);
fail_ctrl:
v4l2_ctrl_handler_free(hdl);
--
2.35.1
^ permalink raw reply related [flat|nested] 898+ messages in thread
* [PATCH 5.18 105/879] media: cx25821: Fix the warning when removing the module
2022-06-07 16:51 [PATCH 5.18 000/879] 5.18.3-rc1 review Greg Kroah-Hartman
` (103 preceding siblings ...)
2022-06-07 16:53 ` [PATCH 5.18 104/879] media: pci: cx23885: Fix the error handling in cx23885_initdev() Greg Kroah-Hartman
@ 2022-06-07 16:53 ` Greg Kroah-Hartman
2022-06-07 16:53 ` [PATCH 5.18 106/879] md/bitmap: dont set sb values if cant pass sanity check Greg Kroah-Hartman
` (783 subsequent siblings)
888 siblings, 0 replies; 898+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:53 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Zheyu Ma, Hans Verkuil,
Mauro Carvalho Chehab, Sasha Levin
From: Zheyu Ma <zheyuma97@gmail.com>
[ Upstream commit 2203436a4d24302871617373a7eb21bc17e38762 ]
When removing the module, we will get the following warning:
[ 14.746697] remove_proc_entry: removing non-empty directory 'irq/21', leaking at least 'cx25821[1]'
[ 14.747449] WARNING: CPU: 4 PID: 368 at fs/proc/generic.c:717 remove_proc_entry+0x389/0x3f0
[ 14.751611] RIP: 0010:remove_proc_entry+0x389/0x3f0
[ 14.759589] Call Trace:
[ 14.759792] <TASK>
[ 14.759975] unregister_irq_proc+0x14c/0x170
[ 14.760340] irq_free_descs+0x94/0xe0
[ 14.760640] mp_unmap_irq+0xb6/0x100
[ 14.760937] acpi_unregister_gsi_ioapic+0x27/0x40
[ 14.761334] acpi_pci_irq_disable+0x1d3/0x320
[ 14.761688] pci_disable_device+0x1ad/0x380
[ 14.762027] ? _raw_spin_unlock_irqrestore+0x2d/0x60
[ 14.762442] ? cx25821_shutdown+0x20/0x9f0 [cx25821]
[ 14.762848] cx25821_finidev+0x48/0xc0 [cx25821]
[ 14.763242] pci_device_remove+0x92/0x240
Fix this by freeing the irq before call pci_disable_device().
Signed-off-by: Zheyu Ma <zheyuma97@gmail.com>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/pci/cx25821/cx25821-core.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/media/pci/cx25821/cx25821-core.c b/drivers/media/pci/cx25821/cx25821-core.c
index 3078a39f0b95..6627fa9166d3 100644
--- a/drivers/media/pci/cx25821/cx25821-core.c
+++ b/drivers/media/pci/cx25821/cx25821-core.c
@@ -1332,11 +1332,11 @@ static void cx25821_finidev(struct pci_dev *pci_dev)
struct cx25821_dev *dev = get_cx25821(v4l2_dev);
cx25821_shutdown(dev);
- pci_disable_device(pci_dev);
/* unregister stuff */
if (pci_dev->irq)
free_irq(pci_dev->irq, dev);
+ pci_disable_device(pci_dev);
cx25821_dev_unregister(dev);
v4l2_device_unregister(v4l2_dev);
--
2.35.1
^ permalink raw reply related [flat|nested] 898+ messages in thread
* [PATCH 5.18 106/879] md/bitmap: dont set sb values if cant pass sanity check
2022-06-07 16:51 [PATCH 5.18 000/879] 5.18.3-rc1 review Greg Kroah-Hartman
` (104 preceding siblings ...)
2022-06-07 16:53 ` [PATCH 5.18 105/879] media: cx25821: Fix the warning when removing the module Greg Kroah-Hartman
@ 2022-06-07 16:53 ` Greg Kroah-Hartman
2022-06-07 16:53 ` [PATCH 5.18 107/879] mmc: jz4740: Apply DMA engine limits to maximum segment size Greg Kroah-Hartman
` (782 subsequent siblings)
888 siblings, 0 replies; 898+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:53 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, kernel test robot, Dan Carpenter,
Guoqing Jiang, Heming Zhao, Song Liu, Sasha Levin
From: Heming Zhao <heming.zhao@suse.com>
[ Upstream commit e68cb83a57a458b01c9739e2ad9cb70b04d1e6d2 ]
If bitmap area contains invalid data, kernel will crash then mdadm
triggers "Segmentation fault".
This is cluster-md speical bug. In non-clustered env, mdadm will
handle broken metadata case. In clustered array, only kernel space
handles bitmap slot info. But even this bug only happened in clustered
env, current sanity check is wrong, the code should be changed.
How to trigger: (faulty injection)
dd if=/dev/zero bs=1M count=1 oflag=direct of=/dev/sda
dd if=/dev/zero bs=1M count=1 oflag=direct of=/dev/sdb
mdadm -C /dev/md0 -b clustered -e 1.2 -n 2 -l mirror /dev/sda /dev/sdb
mdadm -Ss
echo aaa > magic.txt
== below modifying slot 2 bitmap data ==
dd if=magic.txt of=/dev/sda seek=16384 bs=1 count=3 <== destroy magic
dd if=/dev/zero of=/dev/sda seek=16436 bs=1 count=4 <== ZERO chunksize
mdadm -A /dev/md0 /dev/sda /dev/sdb
== kernel crashes. mdadm outputs "Segmentation fault" ==
Reason of kernel crash:
In md_bitmap_read_sb (called by md_bitmap_create), bad bitmap magic didn't
block chunksize assignment, and zero value made DIV_ROUND_UP_SECTOR_T()
trigger "divide error".
Crash log:
kernel: md: md0 stopped.
kernel: md/raid1:md0: not clean -- starting background reconstruction
kernel: md/raid1:md0: active with 2 out of 2 mirrors
kernel: dlm: ... ...
kernel: md-cluster: Joined cluster 44810aba-38bb-e6b8-daca-bc97a0b254aa slot 1
kernel: md0: invalid bitmap file superblock: bad magic
kernel: md_bitmap_copy_from_slot can't get bitmap from slot 2
kernel: md-cluster: Could not gather bitmaps from slot 2
kernel: divide error: 0000 [#1] SMP NOPTI
kernel: CPU: 0 PID: 1603 Comm: mdadm Not tainted 5.14.6-1-default
kernel: Hardware name: QEMU Standard PC (i440FX + PIIX, 1996)
kernel: RIP: 0010:md_bitmap_create+0x1d1/0x850 [md_mod]
kernel: RSP: 0018:ffffc22ac0843ba0 EFLAGS: 00010246
kernel: ... ...
kernel: Call Trace:
kernel: ? dlm_lock_sync+0xd0/0xd0 [md_cluster 77fe..7a0]
kernel: md_bitmap_copy_from_slot+0x2c/0x290 [md_mod 24ea..d3a]
kernel: load_bitmaps+0xec/0x210 [md_cluster 77fe..7a0]
kernel: md_bitmap_load+0x81/0x1e0 [md_mod 24ea..d3a]
kernel: do_md_run+0x30/0x100 [md_mod 24ea..d3a]
kernel: md_ioctl+0x1290/0x15a0 [md_mod 24ea....d3a]
kernel: ? mddev_unlock+0xaa/0x130 [md_mod 24ea..d3a]
kernel: ? blkdev_ioctl+0xb1/0x2b0
kernel: block_ioctl+0x3b/0x40
kernel: __x64_sys_ioctl+0x7f/0xb0
kernel: do_syscall_64+0x59/0x80
kernel: ? exit_to_user_mode_prepare+0x1ab/0x230
kernel: ? syscall_exit_to_user_mode+0x18/0x40
kernel: ? do_syscall_64+0x69/0x80
kernel: entry_SYSCALL_64_after_hwframe+0x44/0xae
kernel: RIP: 0033:0x7f4a15fa722b
kernel: ... ...
kernel: ---[ end trace 8afa7612f559c868 ]---
kernel: RIP: 0010:md_bitmap_create+0x1d1/0x850 [md_mod]
Reported-by: kernel test robot <lkp@intel.com>
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Acked-by: Guoqing Jiang <guoqing.jiang@linux.dev>
Signed-off-by: Heming Zhao <heming.zhao@suse.com>
Signed-off-by: Song Liu <song@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/md/md-bitmap.c | 44 ++++++++++++++++++++++--------------------
1 file changed, 23 insertions(+), 21 deletions(-)
diff --git a/drivers/md/md-bitmap.c b/drivers/md/md-bitmap.c
index bfd6026d7809..612460d2bdaf 100644
--- a/drivers/md/md-bitmap.c
+++ b/drivers/md/md-bitmap.c
@@ -639,14 +639,6 @@ static int md_bitmap_read_sb(struct bitmap *bitmap)
daemon_sleep = le32_to_cpu(sb->daemon_sleep) * HZ;
write_behind = le32_to_cpu(sb->write_behind);
sectors_reserved = le32_to_cpu(sb->sectors_reserved);
- /* Setup nodes/clustername only if bitmap version is
- * cluster-compatible
- */
- if (sb->version == cpu_to_le32(BITMAP_MAJOR_CLUSTERED)) {
- nodes = le32_to_cpu(sb->nodes);
- strlcpy(bitmap->mddev->bitmap_info.cluster_name,
- sb->cluster_name, 64);
- }
/* verify that the bitmap-specific fields are valid */
if (sb->magic != cpu_to_le32(BITMAP_MAGIC))
@@ -668,6 +660,16 @@ static int md_bitmap_read_sb(struct bitmap *bitmap)
goto out;
}
+ /*
+ * Setup nodes/clustername only if bitmap version is
+ * cluster-compatible
+ */
+ if (sb->version == cpu_to_le32(BITMAP_MAJOR_CLUSTERED)) {
+ nodes = le32_to_cpu(sb->nodes);
+ strlcpy(bitmap->mddev->bitmap_info.cluster_name,
+ sb->cluster_name, 64);
+ }
+
/* keep the array size field of the bitmap superblock up to date */
sb->sync_size = cpu_to_le64(bitmap->mddev->resync_max_sectors);
@@ -700,9 +702,9 @@ static int md_bitmap_read_sb(struct bitmap *bitmap)
out:
kunmap_atomic(sb);
- /* Assigning chunksize is required for "re_read" */
- bitmap->mddev->bitmap_info.chunksize = chunksize;
if (err == 0 && nodes && (bitmap->cluster_slot < 0)) {
+ /* Assigning chunksize is required for "re_read" */
+ bitmap->mddev->bitmap_info.chunksize = chunksize;
err = md_setup_cluster(bitmap->mddev, nodes);
if (err) {
pr_warn("%s: Could not setup cluster service (%d)\n",
@@ -713,18 +715,18 @@ static int md_bitmap_read_sb(struct bitmap *bitmap)
goto re_read;
}
-
out_no_sb:
- if (test_bit(BITMAP_STALE, &bitmap->flags))
- bitmap->events_cleared = bitmap->mddev->events;
- bitmap->mddev->bitmap_info.chunksize = chunksize;
- bitmap->mddev->bitmap_info.daemon_sleep = daemon_sleep;
- bitmap->mddev->bitmap_info.max_write_behind = write_behind;
- bitmap->mddev->bitmap_info.nodes = nodes;
- if (bitmap->mddev->bitmap_info.space == 0 ||
- bitmap->mddev->bitmap_info.space > sectors_reserved)
- bitmap->mddev->bitmap_info.space = sectors_reserved;
- if (err) {
+ if (err == 0) {
+ if (test_bit(BITMAP_STALE, &bitmap->flags))
+ bitmap->events_cleared = bitmap->mddev->events;
+ bitmap->mddev->bitmap_info.chunksize = chunksize;
+ bitmap->mddev->bitmap_info.daemon_sleep = daemon_sleep;
+ bitmap->mddev->bitmap_info.max_write_behind = write_behind;
+ bitmap->mddev->bitmap_info.nodes = nodes;
+ if (bitmap->mddev->bitmap_info.space == 0 ||
+ bitmap->mddev->bitmap_info.space > sectors_reserved)
+ bitmap->mddev->bitmap_info.space = sectors_reserved;
+ } else {
md_bitmap_print_sb(bitmap);
if (bitmap->cluster_slot < 0)
md_cluster_stop(bitmap->mddev);
--
2.35.1
^ permalink raw reply related [flat|nested] 898+ messages in thread
* [PATCH 5.18 107/879] mmc: jz4740: Apply DMA engine limits to maximum segment size
2022-06-07 16:51 [PATCH 5.18 000/879] 5.18.3-rc1 review Greg Kroah-Hartman
` (105 preceding siblings ...)
2022-06-07 16:53 ` [PATCH 5.18 106/879] md/bitmap: dont set sb values if cant pass sanity check Greg Kroah-Hartman
@ 2022-06-07 16:53 ` Greg Kroah-Hartman
2022-06-07 16:53 ` [PATCH 5.18 108/879] drivers: mmc: sdhci_am654: Add the quirk to set TESTCD bit Greg Kroah-Hartman
` (781 subsequent siblings)
888 siblings, 0 replies; 898+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:53 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Aidan MacDonald, Ulf Hansson, Sasha Levin
From: Aidan MacDonald <aidanmacdonald.0x0@gmail.com>
[ Upstream commit afadb04f1d6e74b18a253403f5274cde5e3fd7bd ]
Do what is done in other DMA-enabled MMC host drivers (cf. host/mmci.c) and
limit the maximum segment size based on the DMA engine's capabilities. This
is needed to avoid warnings like the following with CONFIG_DMA_API_DEBUG=y.
------------[ cut here ]------------
WARNING: CPU: 0 PID: 21 at kernel/dma/debug.c:1162 debug_dma_map_sg+0x2f4/0x39c
DMA-API: jz4780-dma 13420000.dma-controller: mapping sg segment longer than device claims to support [len=98304] [max=65536]
CPU: 0 PID: 21 Comm: kworker/0:1H Not tainted 5.18.0-rc1 #19
Workqueue: kblockd blk_mq_run_work_fn
Stack : 81575aec 00000004 80620000 80620000 80620000 805e7358 00000009 801537ac
814c832c 806276e3 806e34b4 80620000 81575aec 00000001 81575ab8 09291444
00000000 00000000 805e7358 81575958 ffffffea 8157596c 00000000 636f6c62
6220646b 80387a70 0000000f 6d5f6b6c 80620000 00000000 81575ba4 00000009
805e170c 80896640 00000001 00010000 00000000 00000000 00006098 806e0000
...
Call Trace:
[<80107670>] show_stack+0x84/0x120
[<80528cd8>] __warn+0xb8/0xec
[<80528d78>] warn_slowpath_fmt+0x6c/0xb8
[<8016f1d4>] debug_dma_map_sg+0x2f4/0x39c
[<80169d4c>] __dma_map_sg_attrs+0xf0/0x118
[<8016a27c>] dma_map_sg_attrs+0x14/0x28
[<804f66b4>] jz4740_mmc_prepare_dma_data+0x74/0xa4
[<804f6714>] jz4740_mmc_pre_request+0x30/0x54
[<804f4ff4>] mmc_blk_mq_issue_rq+0x6e0/0x7bc
[<804f5590>] mmc_mq_queue_rq+0x220/0x2d4
[<8038b2c0>] blk_mq_dispatch_rq_list+0x480/0x664
[<80391040>] blk_mq_do_dispatch_sched+0x2dc/0x370
[<80391468>] __blk_mq_sched_dispatch_requests+0xec/0x164
[<80391540>] blk_mq_sched_dispatch_requests+0x44/0x94
[<80387900>] __blk_mq_run_hw_queue+0xb0/0xcc
[<80134c14>] process_one_work+0x1b8/0x264
[<80134ff8>] worker_thread+0x2ec/0x3b8
[<8013b13c>] kthread+0x104/0x10c
[<80101dcc>] ret_from_kernel_thread+0x14/0x1c
---[ end trace 0000000000000000 ]---
Signed-off-by: Aidan MacDonald <aidanmacdonald.0x0@gmail.com>
Link: https://lore.kernel.org/r/20220411153753.50443-1-aidanmacdonald.0x0@gmail.com
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/mmc/host/jz4740_mmc.c | 20 ++++++++++++++++++++
1 file changed, 20 insertions(+)
diff --git a/drivers/mmc/host/jz4740_mmc.c b/drivers/mmc/host/jz4740_mmc.c
index 7ab1b38a7be5..b1d563b2ed1b 100644
--- a/drivers/mmc/host/jz4740_mmc.c
+++ b/drivers/mmc/host/jz4740_mmc.c
@@ -247,6 +247,26 @@ static int jz4740_mmc_acquire_dma_channels(struct jz4740_mmc_host *host)
return PTR_ERR(host->dma_rx);
}
+ /*
+ * Limit the maximum segment size in any SG entry according to
+ * the parameters of the DMA engine device.
+ */
+ if (host->dma_tx) {
+ struct device *dev = host->dma_tx->device->dev;
+ unsigned int max_seg_size = dma_get_max_seg_size(dev);
+
+ if (max_seg_size < host->mmc->max_seg_size)
+ host->mmc->max_seg_size = max_seg_size;
+ }
+
+ if (host->dma_rx) {
+ struct device *dev = host->dma_rx->device->dev;
+ unsigned int max_seg_size = dma_get_max_seg_size(dev);
+
+ if (max_seg_size < host->mmc->max_seg_size)
+ host->mmc->max_seg_size = max_seg_size;
+ }
+
return 0;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 898+ messages in thread
* [PATCH 5.18 108/879] drivers: mmc: sdhci_am654: Add the quirk to set TESTCD bit
2022-06-07 16:51 [PATCH 5.18 000/879] 5.18.3-rc1 review Greg Kroah-Hartman
` (106 preceding siblings ...)
2022-06-07 16:53 ` [PATCH 5.18 107/879] mmc: jz4740: Apply DMA engine limits to maximum segment size Greg Kroah-Hartman
@ 2022-06-07 16:53 ` Greg Kroah-Hartman
2022-06-07 16:53 ` [PATCH 5.18 109/879] scsi: megaraid: Fix error check return value of register_chrdev() Greg Kroah-Hartman
` (780 subsequent siblings)
888 siblings, 0 replies; 898+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:53 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Vignesh Raghavendra,
Aswath Govindraju, Ulf Hansson, Sasha Levin
From: Vignesh Raghavendra <vigneshr@ti.com>
[ Upstream commit c7666240ec76422cb7546bd07cc8ae80dc0ccdd2 ]
The ARASAN MMC controller on Keystone 3 class of devices need the SDCD
line to be connected for proper functioning. Similar to the issue pointed
out in sdhci-of-arasan.c driver, commit 3794c542641f ("mmc:
sdhci-of-arasan: Set controller to test mode when no CD bit").
In cases where this can't be connected, add a quirk to force the
controller into test mode and set the TESTCD bit. Use the flag
"ti,fails-without-test-cd", to implement this above quirk when required.
Signed-off-by: Vignesh Raghavendra <vigneshr@ti.com>
Signed-off-by: Aswath Govindraju <a-govindraju@ti.com>
Link: https://lore.kernel.org/r/20220425063120.10135-3-a-govindraju@ti.com
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/mmc/host/sdhci_am654.c | 23 ++++++++++++++++++++++-
1 file changed, 22 insertions(+), 1 deletion(-)
diff --git a/drivers/mmc/host/sdhci_am654.c b/drivers/mmc/host/sdhci_am654.c
index e54fe24d47e7..e7ced1496a07 100644
--- a/drivers/mmc/host/sdhci_am654.c
+++ b/drivers/mmc/host/sdhci_am654.c
@@ -147,6 +147,9 @@ struct sdhci_am654_data {
int drv_strength;
int strb_sel;
u32 flags;
+ u32 quirks;
+
+#define SDHCI_AM654_QUIRK_FORCE_CDTEST BIT(0)
};
struct sdhci_am654_driver_data {
@@ -369,6 +372,21 @@ static void sdhci_am654_write_b(struct sdhci_host *host, u8 val, int reg)
}
}
+static void sdhci_am654_reset(struct sdhci_host *host, u8 mask)
+{
+ u8 ctrl;
+ struct sdhci_pltfm_host *pltfm_host = sdhci_priv(host);
+ struct sdhci_am654_data *sdhci_am654 = sdhci_pltfm_priv(pltfm_host);
+
+ sdhci_reset(host, mask);
+
+ if (sdhci_am654->quirks & SDHCI_AM654_QUIRK_FORCE_CDTEST) {
+ ctrl = sdhci_readb(host, SDHCI_HOST_CONTROL);
+ ctrl |= SDHCI_CTRL_CDTEST_INS | SDHCI_CTRL_CDTEST_EN;
+ sdhci_writeb(host, ctrl, SDHCI_HOST_CONTROL);
+ }
+}
+
static int sdhci_am654_execute_tuning(struct mmc_host *mmc, u32 opcode)
{
struct sdhci_host *host = mmc_priv(mmc);
@@ -500,7 +518,7 @@ static struct sdhci_ops sdhci_j721e_4bit_ops = {
.set_clock = sdhci_j721e_4bit_set_clock,
.write_b = sdhci_am654_write_b,
.irq = sdhci_am654_cqhci_irq,
- .reset = sdhci_reset,
+ .reset = sdhci_am654_reset,
};
static const struct sdhci_pltfm_data sdhci_j721e_4bit_pdata = {
@@ -719,6 +737,9 @@ static int sdhci_am654_get_of_property(struct platform_device *pdev,
device_property_read_u32(dev, "ti,clkbuf-sel",
&sdhci_am654->clkbuf_sel);
+ if (device_property_read_bool(dev, "ti,fails-without-test-cd"))
+ sdhci_am654->quirks |= SDHCI_AM654_QUIRK_FORCE_CDTEST;
+
sdhci_get_of_property(pdev);
return 0;
--
2.35.1
^ permalink raw reply related [flat|nested] 898+ messages in thread
* [PATCH 5.18 109/879] scsi: megaraid: Fix error check return value of register_chrdev()
2022-06-07 16:51 [PATCH 5.18 000/879] 5.18.3-rc1 review Greg Kroah-Hartman
` (107 preceding siblings ...)
2022-06-07 16:53 ` [PATCH 5.18 108/879] drivers: mmc: sdhci_am654: Add the quirk to set TESTCD bit Greg Kroah-Hartman
@ 2022-06-07 16:53 ` Greg Kroah-Hartman
2022-06-07 16:53 ` [PATCH 5.18 110/879] drm/amdgpu/sdma: Fix incorrect calculations of the wptr of the doorbells Greg Kroah-Hartman
` (779 subsequent siblings)
888 siblings, 0 replies; 898+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:53 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Zeal Robot, Lv Ruyi,
Martin K. Petersen, Sasha Levin
From: Lv Ruyi <lv.ruyi@zte.com.cn>
[ Upstream commit c5acd61dbb32b6bda0f3a354108f2b8dcb788985 ]
If major equals 0, register_chrdev() returns an error code when it fails.
This function dynamically allocates a major and returns its number on
success, so we should use "< 0" to check it instead of "!".
Link: https://lore.kernel.org/r/20220418105755.2558828-1-lv.ruyi@zte.com.cn
Reported-by: Zeal Robot <zealci@zte.com.cn>
Signed-off-by: Lv Ruyi <lv.ruyi@zte.com.cn>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/scsi/megaraid.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/scsi/megaraid.c b/drivers/scsi/megaraid.c
index a5d8cee2d510..bf491af9f0d6 100644
--- a/drivers/scsi/megaraid.c
+++ b/drivers/scsi/megaraid.c
@@ -4607,7 +4607,7 @@ static int __init megaraid_init(void)
* major number allocation.
*/
major = register_chrdev(0, "megadev_legacy", &megadev_fops);
- if (!major) {
+ if (major < 0) {
printk(KERN_WARNING
"megaraid: failed to register char device\n");
}
--
2.35.1
^ permalink raw reply related [flat|nested] 898+ messages in thread
* [PATCH 5.18 110/879] drm/amdgpu/sdma: Fix incorrect calculations of the wptr of the doorbells
2022-06-07 16:51 [PATCH 5.18 000/879] 5.18.3-rc1 review Greg Kroah-Hartman
` (108 preceding siblings ...)
2022-06-07 16:53 ` [PATCH 5.18 109/879] scsi: megaraid: Fix error check return value of register_chrdev() Greg Kroah-Hartman
@ 2022-06-07 16:53 ` Greg Kroah-Hartman
2022-06-07 16:53 ` [PATCH 5.18 111/879] scsi: ufs: Use pm_runtime_resume_and_get() instead of pm_runtime_get_sync() Greg Kroah-Hartman
` (778 subsequent siblings)
888 siblings, 0 replies; 898+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:53 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Christian König, Haohui Mai,
Alex Deucher, Sasha Levin
From: Haohui Mai <ricetons@gmail.com>
[ Upstream commit 7dba6e838e741caadcf27ef717b6dcb561e77f89 ]
This patch fixes the issue where the driver miscomputes the 64-bit
values of the wptr of the SDMA doorbell when initializing the
hardware. SDMA engines v4 and later on have full 64-bit registers for
wptr thus they should be set properly.
Older generation hardwares like CIK / SI have only 16 / 20 / 24bits
for the WPTR, where the calls of lower_32_bits() will be removed in a
following patch.
Reviewed-by: Christian König <christian.koenig@amd.com>
Signed-off-by: Haohui Mai <ricetons@gmail.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/amd/amdgpu/sdma_v4_0.c | 4 ++--
drivers/gpu/drm/amd/amdgpu/sdma_v5_0.c | 8 ++++----
drivers/gpu/drm/amd/amdgpu/sdma_v5_2.c | 8 ++++----
3 files changed, 10 insertions(+), 10 deletions(-)
diff --git a/drivers/gpu/drm/amd/amdgpu/sdma_v4_0.c b/drivers/gpu/drm/amd/amdgpu/sdma_v4_0.c
index d7e8f7232364..ff86c43b63d1 100644
--- a/drivers/gpu/drm/amd/amdgpu/sdma_v4_0.c
+++ b/drivers/gpu/drm/amd/amdgpu/sdma_v4_0.c
@@ -772,8 +772,8 @@ static void sdma_v4_0_ring_set_wptr(struct amdgpu_ring *ring)
DRM_DEBUG("Using doorbell -- "
"wptr_offs == 0x%08x "
- "lower_32_bits(ring->wptr) << 2 == 0x%08x "
- "upper_32_bits(ring->wptr) << 2 == 0x%08x\n",
+ "lower_32_bits(ring->wptr << 2) == 0x%08x "
+ "upper_32_bits(ring->wptr << 2) == 0x%08x\n",
ring->wptr_offs,
lower_32_bits(ring->wptr << 2),
upper_32_bits(ring->wptr << 2));
diff --git a/drivers/gpu/drm/amd/amdgpu/sdma_v5_0.c b/drivers/gpu/drm/amd/amdgpu/sdma_v5_0.c
index a8d49c005f73..627eb1f147c2 100644
--- a/drivers/gpu/drm/amd/amdgpu/sdma_v5_0.c
+++ b/drivers/gpu/drm/amd/amdgpu/sdma_v5_0.c
@@ -394,8 +394,8 @@ static void sdma_v5_0_ring_set_wptr(struct amdgpu_ring *ring)
if (ring->use_doorbell) {
DRM_DEBUG("Using doorbell -- "
"wptr_offs == 0x%08x "
- "lower_32_bits(ring->wptr) << 2 == 0x%08x "
- "upper_32_bits(ring->wptr) << 2 == 0x%08x\n",
+ "lower_32_bits(ring->wptr << 2) == 0x%08x "
+ "upper_32_bits(ring->wptr << 2) == 0x%08x\n",
ring->wptr_offs,
lower_32_bits(ring->wptr << 2),
upper_32_bits(ring->wptr << 2));
@@ -774,9 +774,9 @@ static int sdma_v5_0_gfx_resume(struct amdgpu_device *adev)
if (!amdgpu_sriov_vf(adev)) { /* only bare-metal use register write for wptr */
WREG32(sdma_v5_0_get_reg_offset(adev, i, mmSDMA0_GFX_RB_WPTR),
- lower_32_bits(ring->wptr) << 2);
+ lower_32_bits(ring->wptr << 2));
WREG32(sdma_v5_0_get_reg_offset(adev, i, mmSDMA0_GFX_RB_WPTR_HI),
- upper_32_bits(ring->wptr) << 2);
+ upper_32_bits(ring->wptr << 2));
}
doorbell = RREG32_SOC15_IP(GC, sdma_v5_0_get_reg_offset(adev, i, mmSDMA0_GFX_DOORBELL));
diff --git a/drivers/gpu/drm/amd/amdgpu/sdma_v5_2.c b/drivers/gpu/drm/amd/amdgpu/sdma_v5_2.c
index 824eace69884..a5eb82bfeaa8 100644
--- a/drivers/gpu/drm/amd/amdgpu/sdma_v5_2.c
+++ b/drivers/gpu/drm/amd/amdgpu/sdma_v5_2.c
@@ -295,8 +295,8 @@ static void sdma_v5_2_ring_set_wptr(struct amdgpu_ring *ring)
if (ring->use_doorbell) {
DRM_DEBUG("Using doorbell -- "
"wptr_offs == 0x%08x "
- "lower_32_bits(ring->wptr) << 2 == 0x%08x "
- "upper_32_bits(ring->wptr) << 2 == 0x%08x\n",
+ "lower_32_bits(ring->wptr << 2) == 0x%08x "
+ "upper_32_bits(ring->wptr << 2) == 0x%08x\n",
ring->wptr_offs,
lower_32_bits(ring->wptr << 2),
upper_32_bits(ring->wptr << 2));
@@ -672,8 +672,8 @@ static int sdma_v5_2_gfx_resume(struct amdgpu_device *adev)
WREG32_SOC15_IP(GC, sdma_v5_2_get_reg_offset(adev, i, mmSDMA0_GFX_MINOR_PTR_UPDATE), 1);
if (!amdgpu_sriov_vf(adev)) { /* only bare-metal use register write for wptr */
- WREG32(sdma_v5_2_get_reg_offset(adev, i, mmSDMA0_GFX_RB_WPTR), lower_32_bits(ring->wptr) << 2);
- WREG32(sdma_v5_2_get_reg_offset(adev, i, mmSDMA0_GFX_RB_WPTR_HI), upper_32_bits(ring->wptr) << 2);
+ WREG32(sdma_v5_2_get_reg_offset(adev, i, mmSDMA0_GFX_RB_WPTR), lower_32_bits(ring->wptr << 2));
+ WREG32(sdma_v5_2_get_reg_offset(adev, i, mmSDMA0_GFX_RB_WPTR_HI), upper_32_bits(ring->wptr << 2));
}
doorbell = RREG32_SOC15_IP(GC, sdma_v5_2_get_reg_offset(adev, i, mmSDMA0_GFX_DOORBELL));
--
2.35.1
^ permalink raw reply related [flat|nested] 898+ messages in thread
* [PATCH 5.18 111/879] scsi: ufs: Use pm_runtime_resume_and_get() instead of pm_runtime_get_sync()
2022-06-07 16:51 [PATCH 5.18 000/879] 5.18.3-rc1 review Greg Kroah-Hartman
` (109 preceding siblings ...)
2022-06-07 16:53 ` [PATCH 5.18 110/879] drm/amdgpu/sdma: Fix incorrect calculations of the wptr of the doorbells Greg Kroah-Hartman
@ 2022-06-07 16:53 ` Greg Kroah-Hartman
2022-06-07 16:53 ` [PATCH 5.18 112/879] scsi: lpfc: Fix resource leak in lpfc_sli4_send_seq_to_ulp() Greg Kroah-Hartman
` (777 subsequent siblings)
888 siblings, 0 replies; 898+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:53 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Zeal Robot, Minghao Chi,
Martin K. Petersen, Sasha Levin
From: Minghao Chi <chi.minghao@zte.com.cn>
[ Upstream commit 75b8715e20a20bc7b4844835e4035543a2674200 ]
Using pm_runtime_resume_and_get() to replace pm_runtime_get_sync() and
pm_runtime_put_noidle(). This change is just to simplify the code, no
actual functional changes.
Link: https://lore.kernel.org/r/20220420090353.2588804-1-chi.minghao@zte.com.cn
Reported-by: Zeal Robot <zealci@zte.com.cn>
Signed-off-by: Minghao Chi <chi.minghao@zte.com.cn>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/scsi/ufs/ti-j721e-ufs.c | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/drivers/scsi/ufs/ti-j721e-ufs.c b/drivers/scsi/ufs/ti-j721e-ufs.c
index eafe0db98d54..122d650d0810 100644
--- a/drivers/scsi/ufs/ti-j721e-ufs.c
+++ b/drivers/scsi/ufs/ti-j721e-ufs.c
@@ -29,11 +29,9 @@ static int ti_j721e_ufs_probe(struct platform_device *pdev)
return PTR_ERR(regbase);
pm_runtime_enable(dev);
- ret = pm_runtime_get_sync(dev);
- if (ret < 0) {
- pm_runtime_put_noidle(dev);
+ ret = pm_runtime_resume_and_get(dev);
+ if (ret < 0)
goto disable_pm;
- }
/* Select MPHY refclk frequency */
clk = devm_clk_get(dev, NULL);
--
2.35.1
^ permalink raw reply related [flat|nested] 898+ messages in thread
* [PATCH 5.18 112/879] scsi: lpfc: Fix resource leak in lpfc_sli4_send_seq_to_ulp()
2022-06-07 16:51 [PATCH 5.18 000/879] 5.18.3-rc1 review Greg Kroah-Hartman
` (110 preceding siblings ...)
2022-06-07 16:53 ` [PATCH 5.18 111/879] scsi: ufs: Use pm_runtime_resume_and_get() instead of pm_runtime_get_sync() Greg Kroah-Hartman
@ 2022-06-07 16:53 ` Greg Kroah-Hartman
2022-06-07 16:53 ` [PATCH 5.18 113/879] ath11k: disable spectral scan during spectral deinit Greg Kroah-Hartman
` (776 subsequent siblings)
888 siblings, 0 replies; 898+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:53 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Justin Tee, James Smart,
Martin K. Petersen, Sasha Levin
From: James Smart <jsmart2021@gmail.com>
[ Upstream commit 646db1a560f44236b7278b822ca99a1d3b6ea72c ]
If no handler is found in lpfc_complete_unsol_iocb() to match the rctl of a
received frame, the frame is dropped and resources are leaked.
Fix by returning resources when discarding an unhandled frame type. Update
lpfc_fc_frame_check() handling of NOP basic link service.
Link: https://lore.kernel.org/r/20220426181419.9154-1-jsmart2021@gmail.com
Co-developed-by: Justin Tee <justin.tee@broadcom.com>
Signed-off-by: Justin Tee <justin.tee@broadcom.com>
Signed-off-by: James Smart <jsmart2021@gmail.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/scsi/lpfc/lpfc_sli.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/drivers/scsi/lpfc/lpfc_sli.c b/drivers/scsi/lpfc/lpfc_sli.c
index 09a45f8ecf3f..a174e06bd96e 100644
--- a/drivers/scsi/lpfc/lpfc_sli.c
+++ b/drivers/scsi/lpfc/lpfc_sli.c
@@ -18124,7 +18124,6 @@ lpfc_fc_frame_check(struct lpfc_hba *phba, struct fc_frame_header *fc_hdr)
case FC_RCTL_ELS_REP: /* extended link services reply */
case FC_RCTL_ELS4_REQ: /* FC-4 ELS request */
case FC_RCTL_ELS4_REP: /* FC-4 ELS reply */
- case FC_RCTL_BA_NOP: /* basic link service NOP */
case FC_RCTL_BA_ABTS: /* basic link service abort */
case FC_RCTL_BA_RMC: /* remove connection */
case FC_RCTL_BA_ACC: /* basic accept */
@@ -18145,6 +18144,7 @@ lpfc_fc_frame_check(struct lpfc_hba *phba, struct fc_frame_header *fc_hdr)
fc_vft_hdr = (struct fc_vft_header *)fc_hdr;
fc_hdr = &((struct fc_frame_header *)fc_vft_hdr)[1];
return lpfc_fc_frame_check(phba, fc_hdr);
+ case FC_RCTL_BA_NOP: /* basic link service NOP */
default:
goto drop;
}
@@ -18959,12 +18959,14 @@ lpfc_sli4_send_seq_to_ulp(struct lpfc_vport *vport,
if (!lpfc_complete_unsol_iocb(phba,
phba->sli4_hba.els_wq->pring,
iocbq, fc_hdr->fh_r_ctl,
- fc_hdr->fh_type))
+ fc_hdr->fh_type)) {
lpfc_printf_log(phba, KERN_ERR, LOG_TRACE_EVENT,
"2540 Ring %d handler: unexpected Rctl "
"x%x Type x%x received\n",
LPFC_ELS_RING,
fc_hdr->fh_r_ctl, fc_hdr->fh_type);
+ lpfc_in_buf_free(phba, &seq_dmabuf->dbuf);
+ }
/* Free iocb created in lpfc_prep_seq */
list_for_each_entry_safe(curr_iocb, next_iocb,
--
2.35.1
^ permalink raw reply related [flat|nested] 898+ messages in thread
* [PATCH 5.18 113/879] ath11k: disable spectral scan during spectral deinit
2022-06-07 16:51 [PATCH 5.18 000/879] 5.18.3-rc1 review Greg Kroah-Hartman
` (111 preceding siblings ...)
2022-06-07 16:53 ` [PATCH 5.18 112/879] scsi: lpfc: Fix resource leak in lpfc_sli4_send_seq_to_ulp() Greg Kroah-Hartman
@ 2022-06-07 16:53 ` Greg Kroah-Hartman
2022-06-07 16:53 ` [PATCH 5.18 114/879] ASoC: Intel: bytcr_rt5640: Add quirk for the HP Pro Tablet 408 Greg Kroah-Hartman
` (775 subsequent siblings)
888 siblings, 0 replies; 898+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:53 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hari Chandrakanthan, Kalle Valo, Sasha Levin
From: Hari Chandrakanthan <quic_haric@quicinc.com>
[ Upstream commit 161c64de239c7018e0295e7e0520a19f00aa32dc ]
When ath11k modules are removed using rmmod with spectral scan enabled,
crash is observed. Different crash trace is observed for each crash.
Send spectral scan disable WMI command to firmware before cleaning
the spectral dbring in the spectral_deinit API to avoid this crash.
call trace from one of the crash observed:
[ 1252.880802] Unable to handle kernel NULL pointer dereference at virtual address 00000008
[ 1252.882722] pgd = 0f42e886
[ 1252.890955] [00000008] *pgd=00000000
[ 1252.893478] Internal error: Oops: 5 [#1] PREEMPT SMP ARM
[ 1253.093035] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.4.89 #0
[ 1253.115261] Hardware name: Generic DT based system
[ 1253.121149] PC is at ath11k_spectral_process_data+0x434/0x574 [ath11k]
[ 1253.125940] LR is at 0x88e31017
[ 1253.132448] pc : [<7f9387b8>] lr : [<88e31017>] psr: a0000193
[ 1253.135488] sp : 80d01bc8 ip : 00000001 fp : 970e0000
[ 1253.141737] r10: 88e31000 r9 : 970ec000 r8 : 00000080
[ 1253.146946] r7 : 94734040 r6 : a0000113 r5 : 00000057 r4 : 00000000
[ 1253.152159] r3 : e18cb694 r2 : 00000217 r1 : 1df1f000 r0 : 00000001
[ 1253.158755] Flags: NzCv IRQs off FIQs on Mode SVC_32 ISA ARM Segment user
[ 1253.165266] Control: 10c0383d Table: 5e71006a DAC: 00000055
[ 1253.172472] Process swapper/0 (pid: 0, stack limit = 0x60870141)
[ 1253.458055] [<7f9387b8>] (ath11k_spectral_process_data [ath11k]) from [<7f917fdc>] (ath11k_dbring_buffer_release_event+0x214/0x2e4 [ath11k])
[ 1253.466139] [<7f917fdc>] (ath11k_dbring_buffer_release_event [ath11k]) from [<7f8ea3c4>] (ath11k_wmi_tlv_op_rx+0x1840/0x29cc [ath11k])
[ 1253.478807] [<7f8ea3c4>] (ath11k_wmi_tlv_op_rx [ath11k]) from [<7f8fe868>] (ath11k_htc_rx_completion_handler+0x180/0x4e0 [ath11k])
[ 1253.490699] [<7f8fe868>] (ath11k_htc_rx_completion_handler [ath11k]) from [<7f91308c>] (ath11k_ce_per_engine_service+0x2c4/0x3b4 [ath11k])
[ 1253.502386] [<7f91308c>] (ath11k_ce_per_engine_service [ath11k]) from [<7f9a4198>] (ath11k_pci_ce_tasklet+0x28/0x80 [ath11k_pci])
[ 1253.514811] [<7f9a4198>] (ath11k_pci_ce_tasklet [ath11k_pci]) from [<8032227c>] (tasklet_action_common.constprop.2+0x64/0xe8)
[ 1253.526476] [<8032227c>] (tasklet_action_common.constprop.2) from [<803021e8>] (__do_softirq+0x130/0x2d0)
[ 1253.537756] [<803021e8>] (__do_softirq) from [<80322610>] (irq_exit+0xcc/0xe8)
[ 1253.547304] [<80322610>] (irq_exit) from [<8036a4a4>] (__handle_domain_irq+0x60/0xb4)
[ 1253.554428] [<8036a4a4>] (__handle_domain_irq) from [<805eb348>] (gic_handle_irq+0x4c/0x90)
[ 1253.562321] [<805eb348>] (gic_handle_irq) from [<80301a78>] (__irq_svc+0x58/0x8c)
Tested-on: QCN6122 hw1.0 AHB WLAN.HK.2.6.0.1-00851-QCAHKSWPL_SILICONZ-1
Signed-off-by: Hari Chandrakanthan <quic_haric@quicinc.com>
Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com>
Link: https://lore.kernel.org/r/1649396345-349-1-git-send-email-quic_haric@quicinc.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/ath/ath11k/spectral.c | 17 +++++++++--------
1 file changed, 9 insertions(+), 8 deletions(-)
diff --git a/drivers/net/wireless/ath/ath11k/spectral.c b/drivers/net/wireless/ath/ath11k/spectral.c
index 2b18871d5f7c..516a7b4cd180 100644
--- a/drivers/net/wireless/ath/ath11k/spectral.c
+++ b/drivers/net/wireless/ath/ath11k/spectral.c
@@ -212,7 +212,10 @@ static int ath11k_spectral_scan_config(struct ath11k *ar,
return -ENODEV;
arvif->spectral_enabled = (mode != ATH11K_SPECTRAL_DISABLED);
+
+ spin_lock_bh(&ar->spectral.lock);
ar->spectral.mode = mode;
+ spin_unlock_bh(&ar->spectral.lock);
ret = ath11k_wmi_vdev_spectral_enable(ar, arvif->vdev_id,
ATH11K_WMI_SPECTRAL_TRIGGER_CMD_CLEAR,
@@ -843,9 +846,6 @@ static inline void ath11k_spectral_ring_free(struct ath11k *ar)
{
struct ath11k_spectral *sp = &ar->spectral;
- if (!sp->enabled)
- return;
-
ath11k_dbring_srng_cleanup(ar, &sp->rx_ring);
ath11k_dbring_buf_cleanup(ar, &sp->rx_ring);
}
@@ -897,15 +897,16 @@ void ath11k_spectral_deinit(struct ath11k_base *ab)
if (!sp->enabled)
continue;
- ath11k_spectral_debug_unregister(ar);
- ath11k_spectral_ring_free(ar);
+ mutex_lock(&ar->conf_mutex);
+ ath11k_spectral_scan_config(ar, ATH11K_SPECTRAL_DISABLED);
+ mutex_unlock(&ar->conf_mutex);
spin_lock_bh(&sp->lock);
-
- sp->mode = ATH11K_SPECTRAL_DISABLED;
sp->enabled = false;
-
spin_unlock_bh(&sp->lock);
+
+ ath11k_spectral_debug_unregister(ar);
+ ath11k_spectral_ring_free(ar);
}
}
--
2.35.1
^ permalink raw reply related [flat|nested] 898+ messages in thread
* [PATCH 5.18 114/879] ASoC: Intel: bytcr_rt5640: Add quirk for the HP Pro Tablet 408
2022-06-07 16:51 [PATCH 5.18 000/879] 5.18.3-rc1 review Greg Kroah-Hartman
` (112 preceding siblings ...)
2022-06-07 16:53 ` [PATCH 5.18 113/879] ath11k: disable spectral scan during spectral deinit Greg Kroah-Hartman
@ 2022-06-07 16:53 ` Greg Kroah-Hartman
2022-06-07 16:53 ` [PATCH 5.18 115/879] drm/plane: Move range check for format_count earlier Greg Kroah-Hartman
` (774 subsequent siblings)
888 siblings, 0 replies; 898+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:53 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hans de Goede, Pierre-Louis Bossart,
Mark Brown, Sasha Levin
From: Hans de Goede <hdegoede@redhat.com>
[ Upstream commit ce216cfa84a4e1c23b105e652c550bdeaac9e922 ]
Add a quirk for the HP Pro Tablet 408, this BYTCR tablet has no CHAN
package in its ACPI tables and uses SSP0-AIF1 rather then SSP0-AIF2 which
is the default for BYTCR devices.
It also uses DMIC1 for the internal mic rather then the default IN3
and it uses JD2 rather then the default JD1 for jack-detect.
BugLink: https://bugzilla.kernel.org/show_bug.cgi?id=211485
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Acked-by: Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
Link: https://lore.kernel.org/r/20220427134918.527381-1-hdegoede@redhat.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/intel/boards/bytcr_rt5640.c | 12 ++++++++++++
1 file changed, 12 insertions(+)
diff --git a/sound/soc/intel/boards/bytcr_rt5640.c b/sound/soc/intel/boards/bytcr_rt5640.c
index d76a505052fb..f81ae742faa7 100644
--- a/sound/soc/intel/boards/bytcr_rt5640.c
+++ b/sound/soc/intel/boards/bytcr_rt5640.c
@@ -773,6 +773,18 @@ static const struct dmi_system_id byt_rt5640_quirk_table[] = {
BYT_RT5640_OVCD_SF_0P75 |
BYT_RT5640_MCLK_EN),
},
+ { /* HP Pro Tablet 408 */
+ .matches = {
+ DMI_MATCH(DMI_SYS_VENDOR, "Hewlett-Packard"),
+ DMI_MATCH(DMI_PRODUCT_NAME, "HP Pro Tablet 408"),
+ },
+ .driver_data = (void *)(BYT_RT5640_DMIC1_MAP |
+ BYT_RT5640_JD_SRC_JD2_IN4N |
+ BYT_RT5640_OVCD_TH_1500UA |
+ BYT_RT5640_OVCD_SF_0P75 |
+ BYT_RT5640_SSP0_AIF1 |
+ BYT_RT5640_MCLK_EN),
+ },
{ /* HP Stream 7 */
.matches = {
DMI_EXACT_MATCH(DMI_SYS_VENDOR, "Hewlett-Packard"),
--
2.35.1
^ permalink raw reply related [flat|nested] 898+ messages in thread
* [PATCH 5.18 115/879] drm/plane: Move range check for format_count earlier
2022-06-07 16:51 [PATCH 5.18 000/879] 5.18.3-rc1 review Greg Kroah-Hartman
` (113 preceding siblings ...)
2022-06-07 16:53 ` [PATCH 5.18 114/879] ASoC: Intel: bytcr_rt5640: Add quirk for the HP Pro Tablet 408 Greg Kroah-Hartman
@ 2022-06-07 16:53 ` Greg Kroah-Hartman
2022-06-07 16:53 ` [PATCH 5.18 116/879] drm/amdkfd: Fix circular lock dependency warning Greg Kroah-Hartman
` (773 subsequent siblings)
888 siblings, 0 replies; 898+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:53 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Steven Price, Liviu Dudau, Sasha Levin
From: Steven Price <steven.price@arm.com>
[ Upstream commit 4b674dd69701c2e22e8e7770c1706a69f3b17269 ]
While the check for format_count > 64 in __drm_universal_plane_init()
shouldn't be hit (it's a WARN_ON), in its current position it will then
leak the plane->format_types array and fail to call
drm_mode_object_unregister() leaking the modeset identifier. Move it to
the start of the function to avoid allocating those resources in the
first place.
Signed-off-by: Steven Price <steven.price@arm.com>
Signed-off-by: Liviu Dudau <liviu.dudau@arm.com>
Link: https://lore.kernel.org/dri-devel/20211203102815.38624-1-steven.price@arm.com/
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/drm_plane.c | 14 +++++++-------
1 file changed, 7 insertions(+), 7 deletions(-)
diff --git a/drivers/gpu/drm/drm_plane.c b/drivers/gpu/drm/drm_plane.c
index bf0daa8d9bbd..726f2f163c26 100644
--- a/drivers/gpu/drm/drm_plane.c
+++ b/drivers/gpu/drm/drm_plane.c
@@ -247,6 +247,13 @@ static int __drm_universal_plane_init(struct drm_device *dev,
if (WARN_ON(config->num_total_plane >= 32))
return -EINVAL;
+ /*
+ * First driver to need more than 64 formats needs to fix this. Each
+ * format is encoded as a bit and the current code only supports a u64.
+ */
+ if (WARN_ON(format_count > 64))
+ return -EINVAL;
+
WARN_ON(drm_drv_uses_atomic_modeset(dev) &&
(!funcs->atomic_destroy_state ||
!funcs->atomic_duplicate_state));
@@ -268,13 +275,6 @@ static int __drm_universal_plane_init(struct drm_device *dev,
return -ENOMEM;
}
- /*
- * First driver to need more than 64 formats needs to fix this. Each
- * format is encoded as a bit and the current code only supports a u64.
- */
- if (WARN_ON(format_count > 64))
- return -EINVAL;
-
if (format_modifiers) {
const uint64_t *temp_modifiers = format_modifiers;
--
2.35.1
^ permalink raw reply related [flat|nested] 898+ messages in thread
* [PATCH 5.18 116/879] drm/amdkfd: Fix circular lock dependency warning
2022-06-07 16:51 [PATCH 5.18 000/879] 5.18.3-rc1 review Greg Kroah-Hartman
` (114 preceding siblings ...)
2022-06-07 16:53 ` [PATCH 5.18 115/879] drm/plane: Move range check for format_count earlier Greg Kroah-Hartman
@ 2022-06-07 16:53 ` Greg Kroah-Hartman
2022-06-07 16:53 ` [PATCH 5.18 117/879] drm/amd/pm: fix the compile warning Greg Kroah-Hartman
` (772 subsequent siblings)
888 siblings, 0 replies; 898+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:53 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Mukul Joshi, Felix Kuehling,
Alex Deucher, Sasha Levin
From: Mukul Joshi <mukul.joshi@amd.com>
[ Upstream commit b179fc28d521379ba7e0a38eec1a4c722e7ea634 ]
[ 168.544078] ======================================================
[ 168.550309] WARNING: possible circular locking dependency detected
[ 168.556523] 5.16.0-kfd-fkuehlin #148 Tainted: G E
[ 168.562558] ------------------------------------------------------
[ 168.568764] kfdtest/3479 is trying to acquire lock:
[ 168.573672] ffffffffc0927a70 (&topology_lock){++++}-{3:3}, at:
kfd_topology_device_by_id+0x16/0x60 [amdgpu] [ 168.583663]
but task is already holding lock:
[ 168.589529] ffff97d303dee668 (&mm->mmap_lock#2){++++}-{3:3}, at:
vm_mmap_pgoff+0xa9/0x180 [ 168.597755]
which lock already depends on the new lock.
[ 168.605970]
the existing dependency chain (in reverse order) is:
[ 168.613487]
-> #3 (&mm->mmap_lock#2){++++}-{3:3}:
[ 168.619700] lock_acquire+0xca/0x2e0
[ 168.623814] down_read+0x3e/0x140
[ 168.627676] do_user_addr_fault+0x40d/0x690
[ 168.632399] exc_page_fault+0x6f/0x270
[ 168.636692] asm_exc_page_fault+0x1e/0x30
[ 168.641249] filldir64+0xc8/0x1e0
[ 168.645115] call_filldir+0x7c/0x110
[ 168.649238] ext4_readdir+0x58e/0x940
[ 168.653442] iterate_dir+0x16a/0x1b0
[ 168.657558] __x64_sys_getdents64+0x83/0x140
[ 168.662375] do_syscall_64+0x35/0x80
[ 168.666492] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 168.672095]
-> #2 (&type->i_mutex_dir_key#6){++++}-{3:3}:
[ 168.679008] lock_acquire+0xca/0x2e0
[ 168.683122] down_read+0x3e/0x140
[ 168.686982] path_openat+0x5b2/0xa50
[ 168.691095] do_file_open_root+0xfc/0x190
[ 168.695652] file_open_root+0xd8/0x1b0
[ 168.702010] kernel_read_file_from_path_initns+0xc4/0x140
[ 168.709542] _request_firmware+0x2e9/0x5e0
[ 168.715741] request_firmware+0x32/0x50
[ 168.721667] amdgpu_cgs_get_firmware_info+0x370/0xdd0 [amdgpu]
[ 168.730060] smu7_upload_smu_firmware_image+0x53/0x190 [amdgpu]
[ 168.738414] fiji_start_smu+0xcf/0x4e0 [amdgpu]
[ 168.745539] pp_dpm_load_fw+0x21/0x30 [amdgpu]
[ 168.752503] amdgpu_pm_load_smu_firmware+0x4b/0x80 [amdgpu]
[ 168.760698] amdgpu_device_fw_loading+0xb8/0x140 [amdgpu]
[ 168.768412] amdgpu_device_init.cold+0xdf6/0x1716 [amdgpu]
[ 168.776285] amdgpu_driver_load_kms+0x15/0x120 [amdgpu]
[ 168.784034] amdgpu_pci_probe+0x19b/0x3a0 [amdgpu]
[ 168.791161] local_pci_probe+0x40/0x80
[ 168.797027] work_for_cpu_fn+0x10/0x20
[ 168.802839] process_one_work+0x273/0x5b0
[ 168.808903] worker_thread+0x20f/0x3d0
[ 168.814700] kthread+0x176/0x1a0
[ 168.819968] ret_from_fork+0x1f/0x30
[ 168.825563]
-> #1 (&adev->pm.mutex){+.+.}-{3:3}:
[ 168.834721] lock_acquire+0xca/0x2e0
[ 168.840364] __mutex_lock+0xa2/0x930
[ 168.846020] amdgpu_dpm_get_mclk+0x37/0x60 [amdgpu]
[ 168.853257] amdgpu_amdkfd_get_local_mem_info+0xba/0xe0 [amdgpu]
[ 168.861547] kfd_create_vcrat_image_gpu+0x1b1/0xbb0 [amdgpu]
[ 168.869478] kfd_create_crat_image_virtual+0x447/0x510 [amdgpu]
[ 168.877884] kfd_topology_add_device+0x5c8/0x6f0 [amdgpu]
[ 168.885556] kgd2kfd_device_init.cold+0x385/0x4c5 [amdgpu]
[ 168.893347] amdgpu_amdkfd_device_init+0x138/0x180 [amdgpu]
[ 168.901177] amdgpu_device_init.cold+0x141b/0x1716 [amdgpu]
[ 168.909025] amdgpu_driver_load_kms+0x15/0x120 [amdgpu]
[ 168.916458] amdgpu_pci_probe+0x19b/0x3a0 [amdgpu]
[ 168.923442] local_pci_probe+0x40/0x80
[ 168.929249] work_for_cpu_fn+0x10/0x20
[ 168.935008] process_one_work+0x273/0x5b0
[ 168.940944] worker_thread+0x20f/0x3d0
[ 168.946623] kthread+0x176/0x1a0
[ 168.951765] ret_from_fork+0x1f/0x30
[ 168.957277]
-> #0 (&topology_lock){++++}-{3:3}:
[ 168.965993] check_prev_add+0x8f/0xbf0
[ 168.971613] __lock_acquire+0x1299/0x1ca0
[ 168.977485] lock_acquire+0xca/0x2e0
[ 168.982877] down_read+0x3e/0x140
[ 168.987975] kfd_topology_device_by_id+0x16/0x60 [amdgpu]
[ 168.995583] kfd_device_by_id+0xa/0x20 [amdgpu]
[ 169.002180] kfd_mmap+0x95/0x200 [amdgpu]
[ 169.008293] mmap_region+0x337/0x5a0
[ 169.013679] do_mmap+0x3aa/0x540
[ 169.018678] vm_mmap_pgoff+0xdc/0x180
[ 169.024095] ksys_mmap_pgoff+0x186/0x1f0
[ 169.029734] do_syscall_64+0x35/0x80
[ 169.035005] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 169.041754]
other info that might help us debug this:
[ 169.053276] Chain exists of:
&topology_lock --> &type->i_mutex_dir_key#6 --> &mm->mmap_lock#2
[ 169.068389] Possible unsafe locking scenario:
[ 169.076661] CPU0 CPU1
[ 169.082383] ---- ----
[ 169.088087] lock(&mm->mmap_lock#2);
[ 169.092922] lock(&type->i_mutex_dir_key#6);
[ 169.100975] lock(&mm->mmap_lock#2);
[ 169.108320] lock(&topology_lock);
[ 169.112957]
*** DEADLOCK ***
This commit fixes the deadlock warning by ensuring pm.mutex is not
held while holding the topology lock. For this, kfd_local_mem_info
is moved into the KFD dev struct and filled during device init.
This cached value can then be used instead of querying the value
again and again.
Signed-off-by: Mukul Joshi <mukul.joshi@amd.com>
Reviewed-by: Felix Kuehling <Felix.Kuehling@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/amd/amdkfd/kfd_chardev.c | 7 ++-----
drivers/gpu/drm/amd/amdkfd/kfd_crat.c | 2 +-
drivers/gpu/drm/amd/amdkfd/kfd_device.c | 2 ++
drivers/gpu/drm/amd/amdkfd/kfd_priv.h | 1 +
drivers/gpu/drm/amd/amdkfd/kfd_topology.c | 7 ++-----
5 files changed, 8 insertions(+), 11 deletions(-)
diff --git a/drivers/gpu/drm/amd/amdkfd/kfd_chardev.c b/drivers/gpu/drm/amd/amdkfd/kfd_chardev.c
index 607f65ab39ac..10cc834a5ac3 100644
--- a/drivers/gpu/drm/amd/amdkfd/kfd_chardev.c
+++ b/drivers/gpu/drm/amd/amdkfd/kfd_chardev.c
@@ -944,8 +944,6 @@ static int kfd_ioctl_acquire_vm(struct file *filep, struct kfd_process *p,
bool kfd_dev_is_large_bar(struct kfd_dev *dev)
{
- struct kfd_local_mem_info mem_info;
-
if (debug_largebar) {
pr_debug("Simulate large-bar allocation on non large-bar machine\n");
return true;
@@ -954,9 +952,8 @@ bool kfd_dev_is_large_bar(struct kfd_dev *dev)
if (dev->use_iommu_v2)
return false;
- amdgpu_amdkfd_get_local_mem_info(dev->adev, &mem_info);
- if (mem_info.local_mem_size_private == 0 &&
- mem_info.local_mem_size_public > 0)
+ if (dev->local_mem_info.local_mem_size_private == 0 &&
+ dev->local_mem_info.local_mem_size_public > 0)
return true;
return false;
}
diff --git a/drivers/gpu/drm/amd/amdkfd/kfd_crat.c b/drivers/gpu/drm/amd/amdkfd/kfd_crat.c
index 1eaabd2cb41b..59b349a4c04a 100644
--- a/drivers/gpu/drm/amd/amdkfd/kfd_crat.c
+++ b/drivers/gpu/drm/amd/amdkfd/kfd_crat.c
@@ -2152,7 +2152,7 @@ static int kfd_create_vcrat_image_gpu(void *pcrat_image,
* report the total FB size (public+private) as a single
* private heap.
*/
- amdgpu_amdkfd_get_local_mem_info(kdev->adev, &local_mem_info);
+ local_mem_info = kdev->local_mem_info;
sub_type_hdr = (typeof(sub_type_hdr))((char *)sub_type_hdr +
sub_type_hdr->length);
diff --git a/drivers/gpu/drm/amd/amdkfd/kfd_device.c b/drivers/gpu/drm/amd/amdkfd/kfd_device.c
index 62aa6c9d5123..c96d521447fc 100644
--- a/drivers/gpu/drm/amd/amdkfd/kfd_device.c
+++ b/drivers/gpu/drm/amd/amdkfd/kfd_device.c
@@ -575,6 +575,8 @@ bool kgd2kfd_device_init(struct kfd_dev *kfd,
if (kfd_resume(kfd))
goto kfd_resume_error;
+ amdgpu_amdkfd_get_local_mem_info(kfd->adev, &kfd->local_mem_info);
+
if (kfd_topology_add_device(kfd)) {
dev_err(kfd_device, "Error adding device to topology\n");
goto kfd_topology_add_device_error;
diff --git a/drivers/gpu/drm/amd/amdkfd/kfd_priv.h b/drivers/gpu/drm/amd/amdkfd/kfd_priv.h
index 8f58fc491b28..49a29a60b71e 100644
--- a/drivers/gpu/drm/amd/amdkfd/kfd_priv.h
+++ b/drivers/gpu/drm/amd/amdkfd/kfd_priv.h
@@ -272,6 +272,7 @@ struct kfd_dev {
struct kgd2kfd_shared_resources shared_resources;
struct kfd_vmid_info vm_info;
+ struct kfd_local_mem_info local_mem_info;
const struct kfd2kgd_calls *kfd2kgd;
struct mutex doorbell_mutex;
diff --git a/drivers/gpu/drm/amd/amdkfd/kfd_topology.c b/drivers/gpu/drm/amd/amdkfd/kfd_topology.c
index 3bdcae239bc0..9fc24f6823df 100644
--- a/drivers/gpu/drm/amd/amdkfd/kfd_topology.c
+++ b/drivers/gpu/drm/amd/amdkfd/kfd_topology.c
@@ -1102,15 +1102,12 @@ static uint32_t kfd_generate_gpu_id(struct kfd_dev *gpu)
uint32_t buf[7];
uint64_t local_mem_size;
int i;
- struct kfd_local_mem_info local_mem_info;
if (!gpu)
return 0;
- amdgpu_amdkfd_get_local_mem_info(gpu->adev, &local_mem_info);
-
- local_mem_size = local_mem_info.local_mem_size_private +
- local_mem_info.local_mem_size_public;
+ local_mem_size = gpu->local_mem_info.local_mem_size_private +
+ gpu->local_mem_info.local_mem_size_public;
buf[0] = gpu->pdev->devfn;
buf[1] = gpu->pdev->subsystem_vendor |
--
2.35.1
^ permalink raw reply related [flat|nested] 898+ messages in thread
* [PATCH 5.18 117/879] drm/amd/pm: fix the compile warning
2022-06-07 16:51 [PATCH 5.18 000/879] 5.18.3-rc1 review Greg Kroah-Hartman
` (115 preceding siblings ...)
2022-06-07 16:53 ` [PATCH 5.18 116/879] drm/amdkfd: Fix circular lock dependency warning Greg Kroah-Hartman
@ 2022-06-07 16:53 ` Greg Kroah-Hartman
2022-06-07 16:53 ` [PATCH 5.18 118/879] ath10k: skip ath10k_halt during suspend for driver state RESTARTING Greg Kroah-Hartman
` (771 subsequent siblings)
888 siblings, 0 replies; 898+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:53 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, kernel test robot, Alex Deucher,
Evan Quan, Sasha Levin
From: Evan Quan <evan.quan@amd.com>
[ Upstream commit 555238d92ac32dbad2d77ad2bafc48d17391990c ]
Fix the compile warning below:
drivers/gpu/drm/amd/amdgpu/../pm/legacy-dpm/kv_dpm.c:1641
kv_get_acp_boot_level() warn: always true condition '(table->entries[i]->clk >= 0) => (0-u32max >= 0)'
Reported-by: kernel test robot <lkp@intel.com>
CC: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Evan Quan <evan.quan@amd.com>
Reviewed-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/amd/pm/legacy-dpm/kv_dpm.c | 14 +-------------
1 file changed, 1 insertion(+), 13 deletions(-)
diff --git a/drivers/gpu/drm/amd/pm/legacy-dpm/kv_dpm.c b/drivers/gpu/drm/amd/pm/legacy-dpm/kv_dpm.c
index 8b23cc9f098a..8fd0782a2b20 100644
--- a/drivers/gpu/drm/amd/pm/legacy-dpm/kv_dpm.c
+++ b/drivers/gpu/drm/amd/pm/legacy-dpm/kv_dpm.c
@@ -1623,19 +1623,7 @@ static int kv_update_samu_dpm(struct amdgpu_device *adev, bool gate)
static u8 kv_get_acp_boot_level(struct amdgpu_device *adev)
{
- u8 i;
- struct amdgpu_clock_voltage_dependency_table *table =
- &adev->pm.dpm.dyn_state.acp_clock_voltage_dependency_table;
-
- for (i = 0; i < table->count; i++) {
- if (table->entries[i].clk >= 0) /* XXX */
- break;
- }
-
- if (i >= table->count)
- i = table->count - 1;
-
- return i;
+ return 0;
}
static void kv_update_acp_boot_level(struct amdgpu_device *adev)
--
2.35.1
^ permalink raw reply related [flat|nested] 898+ messages in thread
* [PATCH 5.18 118/879] ath10k: skip ath10k_halt during suspend for driver state RESTARTING
2022-06-07 16:51 [PATCH 5.18 000/879] 5.18.3-rc1 review Greg Kroah-Hartman
` (116 preceding siblings ...)
2022-06-07 16:53 ` [PATCH 5.18 117/879] drm/amd/pm: fix the compile warning Greg Kroah-Hartman
@ 2022-06-07 16:53 ` Greg Kroah-Hartman
2022-06-07 16:53 ` [PATCH 5.18 119/879] arm64: compat: Do not treat syscall number as ESR_ELx for a bad syscall Greg Kroah-Hartman
` (770 subsequent siblings)
888 siblings, 0 replies; 898+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:53 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Wen Gong, Abhishek Kumar,
Brian Norris, Kalle Valo, Sasha Levin
From: Abhishek Kumar <kuabhs@chromium.org>
[ Upstream commit b72a4aff947ba807177bdabb43debaf2c66bee05 ]
Double free crash is observed when FW recovery(caused by wmi
timeout/crash) is followed by immediate suspend event. The FW recovery
is triggered by ath10k_core_restart() which calls driver clean up via
ath10k_halt(). When the suspend event occurs between the FW recovery,
the restart worker thread is put into frozen state until suspend completes.
The suspend event triggers ath10k_stop() which again triggers ath10k_halt()
The double invocation of ath10k_halt() causes ath10k_htt_rx_free() to be
called twice(Note: ath10k_htt_rx_alloc was not called by restart worker
thread because of its frozen state), causing the crash.
To fix this, during the suspend flow, skip call to ath10k_halt() in
ath10k_stop() when the current driver state is ATH10K_STATE_RESTARTING.
Also, for driver state ATH10K_STATE_RESTARTING, call
ath10k_wait_for_suspend() in ath10k_stop(). This is because call to
ath10k_wait_for_suspend() is skipped later in
[ath10k_halt() > ath10k_core_stop()] for the driver state
ATH10K_STATE_RESTARTING.
The frozen restart worker thread will be cancelled during resume when the
device comes out of suspend.
Below is the crash stack for reference:
[ 428.469167] ------------[ cut here ]------------
[ 428.469180] kernel BUG at mm/slub.c:4150!
[ 428.469193] invalid opcode: 0000 [#1] PREEMPT SMP NOPTI
[ 428.469219] Workqueue: events_unbound async_run_entry_fn
[ 428.469230] RIP: 0010:kfree+0x319/0x31b
[ 428.469241] RSP: 0018:ffffa1fac015fc30 EFLAGS: 00010246
[ 428.469247] RAX: ffffedb10419d108 RBX: ffff8c05262b0000
[ 428.469252] RDX: ffff8c04a8c07000 RSI: 0000000000000000
[ 428.469256] RBP: ffffa1fac015fc78 R08: 0000000000000000
[ 428.469276] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 428.469285] Call Trace:
[ 428.469295] ? dma_free_attrs+0x5f/0x7d
[ 428.469320] ath10k_core_stop+0x5b/0x6f
[ 428.469336] ath10k_halt+0x126/0x177
[ 428.469352] ath10k_stop+0x41/0x7e
[ 428.469387] drv_stop+0x88/0x10e
[ 428.469410] __ieee80211_suspend+0x297/0x411
[ 428.469441] rdev_suspend+0x6e/0xd0
[ 428.469462] wiphy_suspend+0xb1/0x105
[ 428.469483] ? name_show+0x2d/0x2d
[ 428.469490] dpm_run_callback+0x8c/0x126
[ 428.469511] ? name_show+0x2d/0x2d
[ 428.469517] __device_suspend+0x2e7/0x41b
[ 428.469523] async_suspend+0x1f/0x93
[ 428.469529] async_run_entry_fn+0x3d/0xd1
[ 428.469535] process_one_work+0x1b1/0x329
[ 428.469541] worker_thread+0x213/0x372
[ 428.469547] kthread+0x150/0x15f
[ 428.469552] ? pr_cont_work+0x58/0x58
[ 428.469558] ? kthread_blkcg+0x31/0x31
Tested-on: QCA6174 hw3.2 PCI WLAN.RM.4.4.1-00288-QCARMSWPZ-1
Co-developed-by: Wen Gong <quic_wgong@quicinc.com>
Signed-off-by: Wen Gong <quic_wgong@quicinc.com>
Signed-off-by: Abhishek Kumar <kuabhs@chromium.org>
Reviewed-by: Brian Norris <briannorris@chromium.org>
Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com>
Link: https://lore.kernel.org/r/20220426221859.v2.1.I650b809482e1af8d0156ed88b5dc2677a0711d46@changeid
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/ath/ath10k/mac.c | 20 ++++++++++++++++++--
1 file changed, 18 insertions(+), 2 deletions(-)
diff --git a/drivers/net/wireless/ath/ath10k/mac.c b/drivers/net/wireless/ath/ath10k/mac.c
index b11aaee8b8c0..a11b31191d5a 100644
--- a/drivers/net/wireless/ath/ath10k/mac.c
+++ b/drivers/net/wireless/ath/ath10k/mac.c
@@ -5339,13 +5339,29 @@ static int ath10k_start(struct ieee80211_hw *hw)
static void ath10k_stop(struct ieee80211_hw *hw)
{
struct ath10k *ar = hw->priv;
+ u32 opt;
ath10k_drain_tx(ar);
mutex_lock(&ar->conf_mutex);
if (ar->state != ATH10K_STATE_OFF) {
- if (!ar->hw_rfkill_on)
- ath10k_halt(ar);
+ if (!ar->hw_rfkill_on) {
+ /* If the current driver state is RESTARTING but not yet
+ * fully RESTARTED because of incoming suspend event,
+ * then ath10k_halt() is already called via
+ * ath10k_core_restart() and should not be called here.
+ */
+ if (ar->state != ATH10K_STATE_RESTARTING) {
+ ath10k_halt(ar);
+ } else {
+ /* Suspending here, because when in RESTARTING
+ * state, ath10k_core_stop() skips
+ * ath10k_wait_for_suspend().
+ */
+ opt = WMI_PDEV_SUSPEND_AND_DISABLE_INTR;
+ ath10k_wait_for_suspend(ar, opt);
+ }
+ }
ar->state = ATH10K_STATE_OFF;
}
mutex_unlock(&ar->conf_mutex);
--
2.35.1
^ permalink raw reply related [flat|nested] 898+ messages in thread
* [PATCH 5.18 119/879] arm64: compat: Do not treat syscall number as ESR_ELx for a bad syscall
2022-06-07 16:51 [PATCH 5.18 000/879] 5.18.3-rc1 review Greg Kroah-Hartman
` (117 preceding siblings ...)
2022-06-07 16:53 ` [PATCH 5.18 118/879] ath10k: skip ath10k_halt during suspend for driver state RESTARTING Greg Kroah-Hartman
@ 2022-06-07 16:53 ` Greg Kroah-Hartman
2022-06-07 16:53 ` [PATCH 5.18 120/879] drm: msm: fix error check return value of irq_of_parse_and_map() Greg Kroah-Hartman
` (769 subsequent siblings)
888 siblings, 0 replies; 898+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:53 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Alexandru Elisei, Marc Zyngier,
Catalin Marinas, Sasha Levin
From: Alexandru Elisei <alexandru.elisei@arm.com>
[ Upstream commit 3fed9e551417b84038b15117732ea4505eee386b ]
If a compat process tries to execute an unknown system call above the
__ARM_NR_COMPAT_END number, the kernel sends a SIGILL signal to the
offending process. Information about the error is printed to dmesg in
compat_arm_syscall() -> arm64_notify_die() -> arm64_force_sig_fault() ->
arm64_show_signal().
arm64_show_signal() interprets a non-zero value for
current->thread.fault_code as an exception syndrome and displays the
message associated with the ESR_ELx.EC field (bits 31:26).
current->thread.fault_code is set in compat_arm_syscall() ->
arm64_notify_die() with the bad syscall number instead of a valid ESR_ELx
value. This means that the ESR_ELx.EC field has the value that the user set
for the syscall number and the kernel can end up printing bogus exception
messages*. For example, for the syscall number 0x68000000, which evaluates
to ESR_ELx.EC value of 0x1A (ESR_ELx_EC_FPAC) the kernel prints this error:
[ 18.349161] syscall[300]: unhandled exception: ERET/ERETAA/ERETAB, ESR 0x68000000, Oops - bad compat syscall(2) in syscall[10000+50000]
[ 18.350639] CPU: 2 PID: 300 Comm: syscall Not tainted 5.18.0-rc1 #79
[ 18.351249] Hardware name: Pine64 RockPro64 v2.0 (DT)
[..]
which is misleading, as the bad compat syscall has nothing to do with
pointer authentication.
Stop arm64_show_signal() from printing exception syndrome information by
having compat_arm_syscall() set the ESR_ELx value to 0, as it has no
meaning for an invalid system call number. The example above now becomes:
[ 19.935275] syscall[301]: unhandled exception: Oops - bad compat syscall(2) in syscall[10000+50000]
[ 19.936124] CPU: 1 PID: 301 Comm: syscall Not tainted 5.18.0-rc1-00005-g7e08006d4102 #80
[ 19.936894] Hardware name: Pine64 RockPro64 v2.0 (DT)
[..]
which although shows less information because the syscall number,
wrongfully advertised as the ESR value, is missing, it is better than
showing plainly wrong information. The syscall number can be easily
obtained with strace.
*A 32-bit value above or equal to 0x8000_0000 is interpreted as a negative
integer in compat_arm_syscal() and the condition scno < __ARM_NR_COMPAT_END
evaluates to true; the syscall will exit to userspace in this case with the
ENOSYS error code instead of arm64_notify_die() being called.
Signed-off-by: Alexandru Elisei <alexandru.elisei@arm.com>
Reviewed-by: Marc Zyngier <maz@kernel.org>
Link: https://lore.kernel.org/r/20220425114444.368693-3-alexandru.elisei@arm.com
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/kernel/sys_compat.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/arm64/kernel/sys_compat.c b/arch/arm64/kernel/sys_compat.c
index 12c6864e51e1..df14336c3a29 100644
--- a/arch/arm64/kernel/sys_compat.c
+++ b/arch/arm64/kernel/sys_compat.c
@@ -113,6 +113,6 @@ long compat_arm_syscall(struct pt_regs *regs, int scno)
addr = instruction_pointer(regs) - (compat_thumb_mode(regs) ? 2 : 4);
arm64_notify_die("Oops - bad compat syscall(2)", regs,
- SIGILL, ILL_ILLTRP, addr, scno);
+ SIGILL, ILL_ILLTRP, addr, 0);
return 0;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 898+ messages in thread
* [PATCH 5.18 120/879] drm: msm: fix error check return value of irq_of_parse_and_map()
2022-06-07 16:51 [PATCH 5.18 000/879] 5.18.3-rc1 review Greg Kroah-Hartman
` (118 preceding siblings ...)
2022-06-07 16:53 ` [PATCH 5.18 119/879] arm64: compat: Do not treat syscall number as ESR_ELx for a bad syscall Greg Kroah-Hartman
@ 2022-06-07 16:53 ` Greg Kroah-Hartman
2022-06-07 16:53 ` [PATCH 5.18 121/879] drm/msm/dpu: Clean up CRC debug logs Greg Kroah-Hartman
` (768 subsequent siblings)
888 siblings, 0 replies; 898+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:53 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Zeal Robot, Lv Ruyi,
Dmitry Baryshkov, Sasha Levin
From: Lv Ruyi <lv.ruyi@zte.com.cn>
[ Upstream commit b9e4f1d2b505df8e2439b63e67afaa287c1c43e2 ]
The irq_of_parse_and_map() function returns 0 on failure, and does not
return an negative value.
Reported-by: Zeal Robot <zealci@zte.com.cn>
Signed-off-by: Lv Ruyi <lv.ruyi@zte.com.cn>
Reviewed-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Patchwork: https://patchwork.freedesktop.org/patch/483175/
Link: https://lore.kernel.org/r/20220424031959.3172406-1-lv.ruyi@zte.com.cn
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/msm/disp/mdp5/mdp5_kms.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/drivers/gpu/drm/msm/disp/mdp5/mdp5_kms.c b/drivers/gpu/drm/msm/disp/mdp5/mdp5_kms.c
index 3b92372e7bdf..1d4bbde29320 100644
--- a/drivers/gpu/drm/msm/disp/mdp5/mdp5_kms.c
+++ b/drivers/gpu/drm/msm/disp/mdp5/mdp5_kms.c
@@ -570,9 +570,9 @@ struct msm_kms *mdp5_kms_init(struct drm_device *dev)
}
irq = irq_of_parse_and_map(pdev->dev.of_node, 0);
- if (irq < 0) {
- ret = irq;
- DRM_DEV_ERROR(&pdev->dev, "failed to get irq: %d\n", ret);
+ if (!irq) {
+ ret = -EINVAL;
+ DRM_DEV_ERROR(&pdev->dev, "failed to get irq\n");
goto fail;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 898+ messages in thread
* [PATCH 5.18 121/879] drm/msm/dpu: Clean up CRC debug logs
2022-06-07 16:51 [PATCH 5.18 000/879] 5.18.3-rc1 review Greg Kroah-Hartman
` (119 preceding siblings ...)
2022-06-07 16:53 ` [PATCH 5.18 120/879] drm: msm: fix error check return value of irq_of_parse_and_map() Greg Kroah-Hartman
@ 2022-06-07 16:53 ` Greg Kroah-Hartman
2022-06-07 16:54 ` [PATCH 5.18 122/879] xtensa: move trace_hardirqs_off call back to entry.S Greg Kroah-Hartman
` (767 subsequent siblings)
888 siblings, 0 replies; 898+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:53 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dmitry Baryshkov, Rob Clark,
Jessica Zhang, Sasha Levin
From: Jessica Zhang <quic_jesszhan@quicinc.com>
[ Upstream commit 3ce8bdca394fc606b55e7c5ed779d171aaae5d09 ]
Currently, dpu_hw_lm_collect_misr returns EINVAL if CRC is disabled.
This causes a lot of spam in the DRM debug logs as it's called for every
vblank.
Instead of returning EINVAL when CRC is disabled in
dpu_hw_lm_collect_misr, let's return ENODATA and add an extra ENODATA check
before the debug log in dpu_crtc_get_crc.
Changes since V1:
- Added reported-by and suggested-by tags
Reported-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Suggested-by: Rob Clark <robdclark@chromium.org>
Signed-off-by: Jessica Zhang <quic_jesszhan@quicinc.com>
Tested-by: Jessica Zhang <quic_jesszhan@quicinc.com> # RB5 (qrb5165)
Reviewed-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Patchwork: https://patchwork.freedesktop.org/patch/484274/
Link: https://lore.kernel.org/r/20220430005210.339-1-quic_jesszhan@quicinc.com
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/msm/disp/dpu1/dpu_crtc.c | 3 ++-
drivers/gpu/drm/msm/disp/dpu1/dpu_hw_lm.c | 2 +-
2 files changed, 3 insertions(+), 2 deletions(-)
diff --git a/drivers/gpu/drm/msm/disp/dpu1/dpu_crtc.c b/drivers/gpu/drm/msm/disp/dpu1/dpu_crtc.c
index 7763558ef566..16ba9f9b9a78 100644
--- a/drivers/gpu/drm/msm/disp/dpu1/dpu_crtc.c
+++ b/drivers/gpu/drm/msm/disp/dpu1/dpu_crtc.c
@@ -204,7 +204,8 @@ static int dpu_crtc_get_crc(struct drm_crtc *crtc)
rc = m->hw_lm->ops.collect_misr(m->hw_lm, &crcs[i]);
if (rc) {
- DRM_DEBUG_DRIVER("MISR read failed\n");
+ if (rc != -ENODATA)
+ DRM_DEBUG_DRIVER("MISR read failed\n");
return rc;
}
}
diff --git a/drivers/gpu/drm/msm/disp/dpu1/dpu_hw_lm.c b/drivers/gpu/drm/msm/disp/dpu1/dpu_hw_lm.c
index 86363c0ec834..462f5082099e 100644
--- a/drivers/gpu/drm/msm/disp/dpu1/dpu_hw_lm.c
+++ b/drivers/gpu/drm/msm/disp/dpu1/dpu_hw_lm.c
@@ -138,7 +138,7 @@ static int dpu_hw_lm_collect_misr(struct dpu_hw_mixer *ctx, u32 *misr_value)
ctrl = DPU_REG_READ(c, LM_MISR_CTRL);
if (!(ctrl & LM_MISR_CTRL_ENABLE))
- return -EINVAL;
+ return -ENODATA;
if (!(ctrl & LM_MISR_CTRL_STATUS))
return -EINVAL;
--
2.35.1
^ permalink raw reply related [flat|nested] 898+ messages in thread
* [PATCH 5.18 122/879] xtensa: move trace_hardirqs_off call back to entry.S
2022-06-07 16:51 [PATCH 5.18 000/879] 5.18.3-rc1 review Greg Kroah-Hartman
` (120 preceding siblings ...)
2022-06-07 16:53 ` [PATCH 5.18 121/879] drm/msm/dpu: Clean up CRC debug logs Greg Kroah-Hartman
@ 2022-06-07 16:54 ` Greg Kroah-Hartman
2022-06-07 16:54 ` [PATCH 5.18 123/879] ath11k: fix warning of not found station for bssid in message Greg Kroah-Hartman
` (766 subsequent siblings)
888 siblings, 0 replies; 898+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:54 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Max Filippov, Sasha Levin
From: Max Filippov <jcmvbkbc@gmail.com>
[ Upstream commit de4415d0bac91192ee9c74e849bc61429efa9b42 ]
Context tracking call must be done after hardirq tracking call,
otherwise lockdep_assert_irqs_disabled called from rcu_eqs_exit gives
a warning. To avoid context tracking logic duplication for IRQ/exception
entry paths move trace_hardirqs_off call back to common entry code.
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/xtensa/kernel/entry.S | 19 +++++++++++++------
arch/xtensa/kernel/traps.c | 11 ++---------
2 files changed, 15 insertions(+), 15 deletions(-)
diff --git a/arch/xtensa/kernel/entry.S b/arch/xtensa/kernel/entry.S
index 6b6eff658795..07d683d94e17 100644
--- a/arch/xtensa/kernel/entry.S
+++ b/arch/xtensa/kernel/entry.S
@@ -442,7 +442,6 @@ KABI_W or a3, a3, a0
moveqz a3, a0, a2 # a3 = LOCKLEVEL iff interrupt
KABI_W movi a2, PS_WOE_MASK
KABI_W or a3, a3, a2
- rsr a2, exccause
#endif
/* restore return address (or 0 if return to userspace) */
@@ -469,19 +468,27 @@ KABI_W or a3, a3, a2
save_xtregs_opt a1 a3 a4 a5 a6 a7 PT_XTREGS_OPT
+#ifdef CONFIG_TRACE_IRQFLAGS
+ rsr abi_tmp0, ps
+ extui abi_tmp0, abi_tmp0, PS_INTLEVEL_SHIFT, PS_INTLEVEL_WIDTH
+ beqz abi_tmp0, 1f
+ abi_call trace_hardirqs_off
+1:
+#endif
+
/* Go to second-level dispatcher. Set up parameters to pass to the
* exception handler and call the exception handler.
*/
- rsr a4, excsave1
- addx4 a4, a2, a4
- l32i a4, a4, EXC_TABLE_DEFAULT # load handler
- mov abi_arg1, a2 # pass EXCCAUSE
+ l32i abi_arg1, a1, PT_EXCCAUSE # pass EXCCAUSE
+ rsr abi_tmp0, excsave1
+ addx4 abi_tmp0, abi_arg1, abi_tmp0
+ l32i abi_tmp0, abi_tmp0, EXC_TABLE_DEFAULT # load handler
mov abi_arg0, a1 # pass stack frame
/* Call the second-level handler */
- abi_callx a4
+ abi_callx abi_tmp0
/* Jump here for exception exit */
.global common_exception_return
diff --git a/arch/xtensa/kernel/traps.c b/arch/xtensa/kernel/traps.c
index 9345007d474d..5f86208c67c8 100644
--- a/arch/xtensa/kernel/traps.c
+++ b/arch/xtensa/kernel/traps.c
@@ -242,12 +242,8 @@ DEFINE_PER_CPU(unsigned long, nmi_count);
void do_nmi(struct pt_regs *regs)
{
- struct pt_regs *old_regs;
+ struct pt_regs *old_regs = set_irq_regs(regs);
- if ((regs->ps & PS_INTLEVEL_MASK) < LOCKLEVEL)
- trace_hardirqs_off();
-
- old_regs = set_irq_regs(regs);
nmi_enter();
++*this_cpu_ptr(&nmi_count);
check_valid_nmi();
@@ -269,12 +265,9 @@ void do_interrupt(struct pt_regs *regs)
XCHAL_INTLEVEL6_MASK,
XCHAL_INTLEVEL7_MASK,
};
- struct pt_regs *old_regs;
+ struct pt_regs *old_regs = set_irq_regs(regs);
unsigned unhandled = ~0u;
- trace_hardirqs_off();
-
- old_regs = set_irq_regs(regs);
irq_enter();
for (;;) {
--
2.35.1
^ permalink raw reply related [flat|nested] 898+ messages in thread
* [PATCH 5.18 123/879] ath11k: fix warning of not found station for bssid in message
2022-06-07 16:51 [PATCH 5.18 000/879] 5.18.3-rc1 review Greg Kroah-Hartman
` (121 preceding siblings ...)
2022-06-07 16:54 ` [PATCH 5.18 122/879] xtensa: move trace_hardirqs_off call back to entry.S Greg Kroah-Hartman
@ 2022-06-07 16:54 ` Greg Kroah-Hartman
2022-06-07 16:54 ` [PATCH 5.18 124/879] scsi: target: tcmu: Fix possible data corruption Greg Kroah-Hartman
` (765 subsequent siblings)
888 siblings, 0 replies; 898+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:54 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Wen Gong, Kalle Valo, Sasha Levin
From: Wen Gong <quic_wgong@quicinc.com>
[ Upstream commit 7330e1ec9748948177830c6e1a13379835d577f9 ]
When test connect/disconnect to an AP frequently with WCN6855, sometimes
it show below log.
[ 277.040121] wls1: deauthenticating from 8c:21:0a:b3:5a:64 by local choice (Reason: 3=DEAUTH_LEAVING)
[ 277.050906] ath11k_pci 0000:05:00.0: wmi stats vdev id 0 mac 00:03:7f:29:61:11
[ 277.050944] ath11k_pci 0000:05:00.0: wmi stats bssid 8c:21:0a:b3:5a:64 vif pK-error
[ 277.050954] ath11k_pci 0000:05:00.0: not found station for bssid 8c:21:0a:b3:5a:64
[ 277.050961] ath11k_pci 0000:05:00.0: failed to parse rssi chain -71
[ 277.050967] ath11k_pci 0000:05:00.0: failed to pull fw stats: -71
[ 277.050976] ath11k_pci 0000:05:00.0: wmi stats vdev id 0 mac 00:03:7f:29:61:11
[ 277.050983] ath11k_pci 0000:05:00.0: wmi stats bssid 8c:21:0a:b3:5a:64 vif pK-error
[ 277.050989] ath11k_pci 0000:05:00.0: not found station for bssid 8c:21:0a:b3:5a:64
[ 277.050995] ath11k_pci 0000:05:00.0: failed to parse rssi chain -71
[ 277.051000] ath11k_pci 0000:05:00.0: failed to pull fw stats: -71
[ 278.064050] ath11k_pci 0000:05:00.0: failed to request fw stats: -110
Reason is:
When running disconnect operation, sta_info removed from local->sta_hash
by __sta_info_destroy_part1() from __sta_info_flush(), after this,
ieee80211_find_sta_by_ifaddr() which called by
ath11k_wmi_tlv_fw_stats_data_parse() and ath11k_wmi_tlv_rssi_chain_parse()
cannot find this station, then failed log printed.
steps are like this:
1. when disconnect from AP, __sta_info_destroy() called __sta_info_destroy_part1()
and __sta_info_destroy_part2().
2. in __sta_info_destroy_part1(), it has "sta_info_hash_del(local, sta)"
and "list_del_rcu(&sta->list)", it will remove the ieee80211_sta from the
list of ieee80211_hw.
3. in __sta_info_destroy_part2(), it called drv_sta_state()->ath11k_mac_op_sta_state(),
then peer->sta is clear at this moment.
4. in __sta_info_destroy_part2(), it then called sta_set_sinfo()->drv_sta_statistics()
->ath11k_mac_op_sta_statistics(), then WMI_REQUEST_STATS_CMDID sent to firmware.
5. WMI_UPDATE_STATS_EVENTID reported from firmware, at this moment, the
ieee80211_sta can not be found again because it has remove from list in
step2 and also peer->sta is clear in step3.
6. in __sta_info_destroy_part2(), it then called cleanup_single_sta()->
sta_info_free()->kfree(sta), at this moment, the ieee80211_sta is freed
in memory, then the failed log will not happen because function
ath11k_mac_op_sta_state() will not be called.
Actually this print log is not a real error, it is only to skip parse the
info, so change to skip print by default debug setting.
Tested-on: WCN6855 hw2.0 PCI WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3
Signed-off-by: Wen Gong <quic_wgong@quicinc.com>
Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com>
Link: https://lore.kernel.org/r/20220428022426.2927-1-quic_wgong@quicinc.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/ath/ath11k/wmi.c | 11 ++++++-----
1 file changed, 6 insertions(+), 5 deletions(-)
diff --git a/drivers/net/wireless/ath/ath11k/wmi.c b/drivers/net/wireless/ath/ath11k/wmi.c
index 2751fe8814df..0900f75eef20 100644
--- a/drivers/net/wireless/ath/ath11k/wmi.c
+++ b/drivers/net/wireless/ath/ath11k/wmi.c
@@ -5789,9 +5789,9 @@ static int ath11k_wmi_tlv_rssi_chain_parse(struct ath11k_base *ab,
arvif->bssid,
NULL);
if (!sta) {
- ath11k_warn(ab, "not found station for bssid %pM\n",
- arvif->bssid);
- ret = -EPROTO;
+ ath11k_dbg(ab, ATH11K_DBG_WMI,
+ "not found station of bssid %pM for rssi chain\n",
+ arvif->bssid);
goto exit;
}
@@ -5889,8 +5889,9 @@ static int ath11k_wmi_tlv_fw_stats_data_parse(struct ath11k_base *ab,
"wmi stats vdev id %d snr %d\n",
src->vdev_id, src->beacon_snr);
} else {
- ath11k_warn(ab, "not found station for bssid %pM\n",
- arvif->bssid);
+ ath11k_dbg(ab, ATH11K_DBG_WMI,
+ "not found station of bssid %pM for vdev stat\n",
+ arvif->bssid);
}
}
--
2.35.1
^ permalink raw reply related [flat|nested] 898+ messages in thread
* [PATCH 5.18 124/879] scsi: target: tcmu: Fix possible data corruption
2022-06-07 16:51 [PATCH 5.18 000/879] 5.18.3-rc1 review Greg Kroah-Hartman
` (122 preceding siblings ...)
2022-06-07 16:54 ` [PATCH 5.18 123/879] ath11k: fix warning of not found station for bssid in message Greg Kroah-Hartman
@ 2022-06-07 16:54 ` Greg Kroah-Hartman
2022-06-07 16:54 ` [PATCH 5.18 125/879] ipv6: Dont send rs packets to the interface of ARPHRD_TUNNEL Greg Kroah-Hartman
` (764 subsequent siblings)
888 siblings, 0 replies; 898+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:54 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Bodo Stroesser, Xiaoguang Wang,
Martin K. Petersen, Sasha Levin
From: Xiaoguang Wang <xiaoguang.wang@linux.alibaba.com>
[ Upstream commit bb9b9eb0ae2e9d3f6036f0ad907c3a83dcd43485 ]
When tcmu_vma_fault() gets a page successfully, before the current context
completes page fault procedure, find_free_blocks() may run and call
unmap_mapping_range() to unmap the page. Assume that when
find_free_blocks() initially completes and the previous page fault
procedure starts to run again and completes, then one truncated page has
been mapped to userspace. But note that tcmu_vma_fault() has gotten a
refcount for the page so any other subsystem won't be able to use the page
unless the userspace address is unmapped later.
If another command subsequently runs and needs to extend dbi_thresh it may
reuse the corresponding slot for the previous page in data_bitmap. Then
though we'll allocate new page for this slot in data_area, no page fault
will happen because we have a valid map and the real request's data will be
lost.
Filesystem implementations will also run into this issue but they usually
lock the page when vm_operations_struct->fault gets a page and unlock the
page after finish_fault() completes. For truncate filesystems lock pages in
truncate_inode_pages() to protect against racing wrt. page faults.
To fix this possible data corruption scenario we can apply a method similar
to the filesystems. For pages that are to be freed, tcmu_blocks_release()
locks and unlocks. Make tcmu_vma_fault() also lock found page under
cmdr_lock. At the same time, since tcmu_vma_fault() gets an extra page
refcount, tcmu_blocks_release() won't free pages if pages are in page fault
procedure, which means it is safe to call tcmu_blocks_release() before
unmap_mapping_range().
With these changes tcmu_blocks_release() will wait for all page faults to
be completed before calling unmap_mapping_range(). And later, if
unmap_mapping_range() is called, it will ensure stale mappings are removed.
Link: https://lore.kernel.org/r/20220421023735.9018-1-xiaoguang.wang@linux.alibaba.com
Reviewed-by: Bodo Stroesser <bostroesser@gmail.com>
Signed-off-by: Xiaoguang Wang <xiaoguang.wang@linux.alibaba.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/target/target_core_user.c | 40 ++++++++++++++++++++++++++++---
1 file changed, 37 insertions(+), 3 deletions(-)
diff --git a/drivers/target/target_core_user.c b/drivers/target/target_core_user.c
index fd7267baa707..b1fd06edea59 100644
--- a/drivers/target/target_core_user.c
+++ b/drivers/target/target_core_user.c
@@ -20,6 +20,7 @@
#include <linux/configfs.h>
#include <linux/mutex.h>
#include <linux/workqueue.h>
+#include <linux/pagemap.h>
#include <net/genetlink.h>
#include <scsi/scsi_common.h>
#include <scsi/scsi_proto.h>
@@ -1667,6 +1668,26 @@ static u32 tcmu_blocks_release(struct tcmu_dev *udev, unsigned long first,
xas_lock(&xas);
xas_for_each(&xas, page, (last + 1) * udev->data_pages_per_blk - 1) {
xas_store(&xas, NULL);
+ /*
+ * While reaching here there may be page faults occurring on
+ * the to-be-released pages. A race condition may occur if
+ * unmap_mapping_range() is called before page faults on these
+ * pages have completed; a valid but stale map is created.
+ *
+ * If another command subsequently runs and needs to extend
+ * dbi_thresh, it may reuse the slot corresponding to the
+ * previous page in data_bitmap. Though we will allocate a new
+ * page for the slot in data_area, no page fault will happen
+ * because we have a valid map. Therefore the command's data
+ * will be lost.
+ *
+ * We lock and unlock pages that are to be released to ensure
+ * all page faults have completed. This way
+ * unmap_mapping_range() can ensure stale maps are cleanly
+ * removed.
+ */
+ lock_page(page);
+ unlock_page(page);
__free_page(page);
pages_freed++;
}
@@ -1822,6 +1843,7 @@ static struct page *tcmu_try_get_data_page(struct tcmu_dev *udev, uint32_t dpi)
page = xa_load(&udev->data_pages, dpi);
if (likely(page)) {
get_page(page);
+ lock_page(page);
mutex_unlock(&udev->cmdr_lock);
return page;
}
@@ -1863,6 +1885,7 @@ static vm_fault_t tcmu_vma_fault(struct vm_fault *vmf)
struct page *page;
unsigned long offset;
void *addr;
+ vm_fault_t ret = 0;
int mi = tcmu_find_mem_index(vmf->vma);
if (mi < 0)
@@ -1887,10 +1910,11 @@ static vm_fault_t tcmu_vma_fault(struct vm_fault *vmf)
page = tcmu_try_get_data_page(udev, dpi);
if (!page)
return VM_FAULT_SIGBUS;
+ ret = VM_FAULT_LOCKED;
}
vmf->page = page;
- return 0;
+ return ret;
}
static const struct vm_operations_struct tcmu_vm_ops = {
@@ -3205,12 +3229,22 @@ static void find_free_blocks(void)
udev->dbi_max = block;
}
+ /*
+ * Release the block pages.
+ *
+ * Also note that since tcmu_vma_fault() gets an extra page
+ * refcount, tcmu_blocks_release() won't free pages if pages
+ * are mapped. This means it is safe to call
+ * tcmu_blocks_release() before unmap_mapping_range() which
+ * drops the refcount of any pages it unmaps and thus releases
+ * them.
+ */
+ pages_freed = tcmu_blocks_release(udev, start, end - 1);
+
/* Here will truncate the data area from off */
off = udev->data_off + (loff_t)start * udev->data_blk_size;
unmap_mapping_range(udev->inode->i_mapping, off, 0, 1);
- /* Release the block pages */
- pages_freed = tcmu_blocks_release(udev, start, end - 1);
mutex_unlock(&udev->cmdr_lock);
total_pages_freed += pages_freed;
--
2.35.1
^ permalink raw reply related [flat|nested] 898+ messages in thread
* [PATCH 5.18 125/879] ipv6: Dont send rs packets to the interface of ARPHRD_TUNNEL
2022-06-07 16:51 [PATCH 5.18 000/879] 5.18.3-rc1 review Greg Kroah-Hartman
` (123 preceding siblings ...)
2022-06-07 16:54 ` [PATCH 5.18 124/879] scsi: target: tcmu: Fix possible data corruption Greg Kroah-Hartman
@ 2022-06-07 16:54 ` Greg Kroah-Hartman
2022-06-07 16:54 ` [PATCH 5.18 126/879] net/mlx5: use kvfree() for kvzalloc() in mlx5_ct_fs_smfs_matcher_create Greg Kroah-Hartman
` (763 subsequent siblings)
888 siblings, 0 replies; 898+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:54 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, jianghaoran, Jakub Kicinski, Sasha Levin
From: jianghaoran <jianghaoran@kylinos.cn>
[ Upstream commit b52e1cce31ca721e937d517411179f9196ee6135 ]
ARPHRD_TUNNEL interface can't process rs packets
and will generate TX errors
ex:
ip tunnel add ethn mode ipip local 192.168.1.1 remote 192.168.1.2
ifconfig ethn x.x.x.x
ethn: flags=209<UP,POINTOPOINT,RUNNING,NOARP> mtu 1480
inet x.x.x.x netmask 255.255.255.255 destination x.x.x.x
inet6 fe80::5efe:ac1e:3cdb prefixlen 64 scopeid 0x20<link>
tunnel txqueuelen 1000 (IPIP Tunnel)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 3 dropped 0 overruns 0 carrier 0 collisions 0
Signed-off-by: jianghaoran <jianghaoran@kylinos.cn>
Link: https://lore.kernel.org/r/20220429053802.246681-1-jianghaoran@kylinos.cn
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/ipv6/addrconf.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c
index 1afc4c024981..51e77dc6571a 100644
--- a/net/ipv6/addrconf.c
+++ b/net/ipv6/addrconf.c
@@ -4219,7 +4219,8 @@ static void addrconf_dad_completed(struct inet6_ifaddr *ifp, bool bump_id,
send_rs = send_mld &&
ipv6_accept_ra(ifp->idev) &&
ifp->idev->cnf.rtr_solicits != 0 &&
- (dev->flags&IFF_LOOPBACK) == 0;
+ (dev->flags & IFF_LOOPBACK) == 0 &&
+ (dev->type != ARPHRD_TUNNEL);
read_unlock_bh(&ifp->idev->lock);
/* While dad is in progress mld report's source address is in6_addrany.
--
2.35.1
^ permalink raw reply related [flat|nested] 898+ messages in thread
* [PATCH 5.18 126/879] net/mlx5: use kvfree() for kvzalloc() in mlx5_ct_fs_smfs_matcher_create
2022-06-07 16:51 [PATCH 5.18 000/879] 5.18.3-rc1 review Greg Kroah-Hartman
` (124 preceding siblings ...)
2022-06-07 16:54 ` [PATCH 5.18 125/879] ipv6: Dont send rs packets to the interface of ARPHRD_TUNNEL Greg Kroah-Hartman
@ 2022-06-07 16:54 ` Greg Kroah-Hartman
2022-06-07 16:54 ` [PATCH 5.18 127/879] net/mlx5: fs, delete the FTE when there are no rules attached to it Greg Kroah-Hartman
` (762 subsequent siblings)
888 siblings, 0 replies; 898+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:54 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Ziyang Xuan, Saeed Mahameed, Sasha Levin
From: Ziyang Xuan <william.xuanziyang@huawei.com>
[ Upstream commit c389362096be8ee69ec3a163a0699a31e84b8451 ]
The memory of spec is allocated with kvzalloc(), the corresponding
release function should not be kfree(), use kvfree() instead.
Generated by: scripts/coccinelle/api/kfree_mismatch.cocci
Signed-off-by: Ziyang Xuan <william.xuanziyang@huawei.com>
Signed-off-by: Saeed Mahameed <saeedm@nvidia.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/mellanox/mlx5/core/en/tc/ct_fs_smfs.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en/tc/ct_fs_smfs.c b/drivers/net/ethernet/mellanox/mlx5/core/en/tc/ct_fs_smfs.c
index bec9ed0103a9..2b80fe73549d 100644
--- a/drivers/net/ethernet/mellanox/mlx5/core/en/tc/ct_fs_smfs.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/en/tc/ct_fs_smfs.c
@@ -101,7 +101,7 @@ mlx5_ct_fs_smfs_matcher_create(struct mlx5_ct_fs *fs, struct mlx5dr_table *tbl,
spec->match_criteria_enable = MLX5_MATCH_MISC_PARAMETERS_2 | MLX5_MATCH_OUTER_HEADERS;
dr_matcher = mlx5_smfs_matcher_create(tbl, priority, spec);
- kfree(spec);
+ kvfree(spec);
if (!dr_matcher)
return ERR_PTR(-EINVAL);
--
2.35.1
^ permalink raw reply related [flat|nested] 898+ messages in thread
* [PATCH 5.18 127/879] net/mlx5: fs, delete the FTE when there are no rules attached to it
2022-06-07 16:51 [PATCH 5.18 000/879] 5.18.3-rc1 review Greg Kroah-Hartman
` (125 preceding siblings ...)
2022-06-07 16:54 ` [PATCH 5.18 126/879] net/mlx5: use kvfree() for kvzalloc() in mlx5_ct_fs_smfs_matcher_create Greg Kroah-Hartman
@ 2022-06-07 16:54 ` Greg Kroah-Hartman
2022-06-07 16:54 ` [PATCH 5.18 128/879] ASoC: dapm: Dont fold register value changes into notifications Greg Kroah-Hartman
` (761 subsequent siblings)
888 siblings, 0 replies; 898+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:54 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Mark Bloch, Maor Gottlieb,
Saeed Mahameed, Sasha Levin
From: Mark Bloch <mbloch@nvidia.com>
[ Upstream commit 7b0c6338597613f465d131bd939a51844a00455a ]
When an FTE has no children is means all the rules where removed
and the FTE can be deleted regardless of the dests_size value.
While dests_size should be 0 when there are no children
be extra careful not to leak memory or get firmware syndrome
if the proper bookkeeping of dests_size wasn't done.
Signed-off-by: Mark Bloch <mbloch@nvidia.com>
Reviewed-by: Maor Gottlieb <maorg@nvidia.com>
Signed-off-by: Saeed Mahameed <saeedm@nvidia.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/mellanox/mlx5/core/fs_core.c | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/drivers/net/ethernet/mellanox/mlx5/core/fs_core.c b/drivers/net/ethernet/mellanox/mlx5/core/fs_core.c
index 3ad67e6b5586..89ba72e8d109 100644
--- a/drivers/net/ethernet/mellanox/mlx5/core/fs_core.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/fs_core.c
@@ -2071,16 +2071,16 @@ void mlx5_del_flow_rules(struct mlx5_flow_handle *handle)
down_write_ref_node(&fte->node, false);
for (i = handle->num_rules - 1; i >= 0; i--)
tree_remove_node(&handle->rule[i]->node, true);
- if (fte->dests_size) {
- if (fte->modify_mask)
- modify_fte(fte);
- up_write_ref_node(&fte->node, false);
- } else if (list_empty(&fte->node.children)) {
+ if (list_empty(&fte->node.children)) {
del_hw_fte(&fte->node);
/* Avoid double call to del_hw_fte */
fte->node.del_hw_func = NULL;
up_write_ref_node(&fte->node, false);
tree_put_node(&fte->node, false);
+ } else if (fte->dests_size) {
+ if (fte->modify_mask)
+ modify_fte(fte);
+ up_write_ref_node(&fte->node, false);
} else {
up_write_ref_node(&fte->node, false);
}
--
2.35.1
^ permalink raw reply related [flat|nested] 898+ messages in thread
* [PATCH 5.18 128/879] ASoC: dapm: Dont fold register value changes into notifications
2022-06-07 16:51 [PATCH 5.18 000/879] 5.18.3-rc1 review Greg Kroah-Hartman
` (126 preceding siblings ...)
2022-06-07 16:54 ` [PATCH 5.18 127/879] net/mlx5: fs, delete the FTE when there are no rules attached to it Greg Kroah-Hartman
@ 2022-06-07 16:54 ` Greg Kroah-Hartman
2022-06-07 16:54 ` [PATCH 5.18 129/879] ASoC: SOF: ipc3-topology: Correct get_control_data for non bytes payload Greg Kroah-Hartman
` (760 subsequent siblings)
888 siblings, 0 replies; 898+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:54 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Mark Brown, Sasha Levin
From: Mark Brown <broonie@kernel.org>
[ Upstream commit ad685980469b9f9b99d4d6ea05f4cb8f57cb2234 ]
DAPM tracks and reports the value presented to the user from DAPM controls
separately to the register value, these may diverge during initialisation
or when an autodisable control is in use.
When writing DAPM controls we currently report that a change has occurred
if either the DAPM value or the value stored in the register has changed,
meaning that if the two are out of sync we may appear to report a spurious
event to userspace. Since we use this folded in value for nothing other
than the value reported to userspace simply drop the folding in of the
register change.
Signed-off-by: Mark Brown <broonie@kernel.org>
Link: https://lore.kernel.org/r/20220428161833.3690050-1-broonie@kernel.org
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/soc-dapm.c | 2 --
1 file changed, 2 deletions(-)
diff --git a/sound/soc/soc-dapm.c b/sound/soc/soc-dapm.c
index ca917a849c42..869c76506b66 100644
--- a/sound/soc/soc-dapm.c
+++ b/sound/soc/soc-dapm.c
@@ -3437,7 +3437,6 @@ int snd_soc_dapm_put_volsw(struct snd_kcontrol *kcontrol,
update.val = val;
card->update = &update;
}
- change |= reg_change;
ret = soc_dapm_mixer_update_power(card, kcontrol, connect,
rconnect);
@@ -3539,7 +3538,6 @@ int snd_soc_dapm_put_enum_double(struct snd_kcontrol *kcontrol,
update.val = val;
card->update = &update;
}
- change |= reg_change;
ret = soc_dapm_mux_update_power(card, kcontrol, item[0], e);
--
2.35.1
^ permalink raw reply related [flat|nested] 898+ messages in thread
* [PATCH 5.18 129/879] ASoC: SOF: ipc3-topology: Correct get_control_data for non bytes payload
2022-06-07 16:51 [PATCH 5.18 000/879] 5.18.3-rc1 review Greg Kroah-Hartman
` (127 preceding siblings ...)
2022-06-07 16:54 ` [PATCH 5.18 128/879] ASoC: dapm: Dont fold register value changes into notifications Greg Kroah-Hartman
@ 2022-06-07 16:54 ` Greg Kroah-Hartman
2022-06-07 16:54 ` [PATCH 5.18 130/879] mlxsw: spectrum_dcb: Do not warn about priority changes Greg Kroah-Hartman
` (759 subsequent siblings)
888 siblings, 0 replies; 898+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:54 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Sergey Senozhatsky, Peter Ujfalusi,
Mark Brown, Sasha Levin
From: Peter Ujfalusi <peter.ujfalusi@linux.intel.com>
[ Upstream commit a962890a5a3cce903ff7c7a19fadee63ed9efdc7 ]
It is possible to craft a topology where sof_get_control_data() would do
out of bounds access because it expects that it is only called when the
payload is bytes type.
Confusingly it also handles other types of controls, but the payload
parsing implementation is only valid for bytes.
Fix the code to count the non bytes controls and instead of storing a
pointer to sof_abi_hdr in sof_widget_data (which is only valid for bytes),
store the pointer to the data itself and add a new member to save the size
of the data.
In case of non bytes controls we store the pointer to the chanv itself,
which is just an array of values at the end.
In case of bytes control, drop the wrong cdata->data (wdata[i].pdata) check
against NULL since it is incorrect and invalid in this context.
The data is pointing to the end of cdata struct, so it should never be
null.
Reported-by: Sergey Senozhatsky <senozhatsky@chromium.org>
Signed-off-by: Peter Ujfalusi <peter.ujfalusi@linux.intel.com>
Reviewed-by: Sergey Senozhatsky <senozhatsky@chromium.org>
Tested-by: Sergey Senozhatsky <senozhatsky@chromium.org>
Link: https://lore.kernel.org/r/20220427185221.28928-1-peter.ujfalusi@linux.intel.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/sof/ipc3-topology.c | 39 +++++++++++++++++++++++------------
1 file changed, 26 insertions(+), 13 deletions(-)
diff --git a/sound/soc/sof/ipc3-topology.c b/sound/soc/sof/ipc3-topology.c
index 2f8450a8c0a1..af1bbd34213c 100644
--- a/sound/soc/sof/ipc3-topology.c
+++ b/sound/soc/sof/ipc3-topology.c
@@ -20,7 +20,8 @@
struct sof_widget_data {
int ctrl_type;
int ipc_cmd;
- struct sof_abi_hdr *pdata;
+ void *pdata;
+ size_t pdata_size;
struct snd_sof_control *control;
};
@@ -784,16 +785,26 @@ static int sof_get_control_data(struct snd_soc_component *scomp,
}
cdata = wdata[i].control->ipc_control_data;
- wdata[i].pdata = cdata->data;
- if (!wdata[i].pdata)
- return -EINVAL;
- /* make sure data is valid - data can be updated at runtime */
- if (widget->dobj.widget.kcontrol_type[i] == SND_SOC_TPLG_TYPE_BYTES &&
- wdata[i].pdata->magic != SOF_ABI_MAGIC)
- return -EINVAL;
+ if (widget->dobj.widget.kcontrol_type[i] == SND_SOC_TPLG_TYPE_BYTES) {
+ /* make sure data is valid - data can be updated at runtime */
+ if (cdata->data->magic != SOF_ABI_MAGIC)
+ return -EINVAL;
+
+ wdata[i].pdata = cdata->data->data;
+ wdata[i].pdata_size = cdata->data->size;
+ } else {
+ /* points to the control data union */
+ wdata[i].pdata = cdata->chanv;
+ /*
+ * wdata[i].control->size is calculated with struct_size
+ * and includes the size of struct sof_ipc_ctrl_data
+ */
+ wdata[i].pdata_size = wdata[i].control->size -
+ sizeof(struct sof_ipc_ctrl_data);
+ }
- *size += wdata[i].pdata->size;
+ *size += wdata[i].pdata_size;
/* get data type */
switch (cdata->cmd) {
@@ -876,10 +887,12 @@ static int sof_process_load(struct snd_soc_component *scomp,
*/
if (ipc_data_size) {
for (i = 0; i < widget->num_kcontrols; i++) {
- memcpy(&process->data[offset],
- wdata[i].pdata->data,
- wdata[i].pdata->size);
- offset += wdata[i].pdata->size;
+ if (!wdata[i].pdata_size)
+ continue;
+
+ memcpy(&process->data[offset], wdata[i].pdata,
+ wdata[i].pdata_size);
+ offset += wdata[i].pdata_size;
}
}
--
2.35.1
^ permalink raw reply related [flat|nested] 898+ messages in thread
* [PATCH 5.18 130/879] mlxsw: spectrum_dcb: Do not warn about priority changes
2022-06-07 16:51 [PATCH 5.18 000/879] 5.18.3-rc1 review Greg Kroah-Hartman
` (128 preceding siblings ...)
2022-06-07 16:54 ` [PATCH 5.18 129/879] ASoC: SOF: ipc3-topology: Correct get_control_data for non bytes payload Greg Kroah-Hartman
@ 2022-06-07 16:54 ` Greg Kroah-Hartman
2022-06-07 16:54 ` [PATCH 5.18 131/879] mlxsw: Treat LLDP packets as control Greg Kroah-Hartman
` (758 subsequent siblings)
888 siblings, 0 replies; 898+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:54 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Maksym Yaremchuk, Petr Machata,
Ido Schimmel, David S. Miller, Sasha Levin
From: Petr Machata <petrm@nvidia.com>
[ Upstream commit b6b584562cbe7dc357083459d6dd5b171e12cadb ]
The idea behind the warnings is that the user would get warned in case when
more than one priority is configured for a given DSCP value on a netdevice.
The warning is currently wrong, because dcb_ieee_getapp_mask() returns
the first matching entry, not all of them, and the warning will then claim
that some priority is "current", when in fact it is not.
But more importantly, the warning is misleading in general. Consider the
following commands:
# dcb app flush dev swp19 dscp-prio
# dcb app add dev swp19 dscp-prio 24:3
# dcb app replace dev swp19 dscp-prio 24:2
The last command will issue the following warning:
mlxsw_spectrum3 0000:07:00.0 swp19: Ignoring new priority 2 for DSCP 24 in favor of current value of 3
The reason is that the "replace" command works by first adding the new
value, and then removing all old values. This is the only way to make the
replacement without causing the traffic to be prioritized to whatever the
chip defaults to. The warning is issued in response to adding the new
priority, and then no warning is shown when the old priority is removed.
The upshot is that the canonical way to change traffic prioritization
always produces a warning about ignoring the new priority, but what gets
configured is in fact what the user intended.
An option to just emit warning every time that the prioritization changes
just to make it clear that it happened is obviously unsatisfactory.
Therefore, in this patch, remove the warnings.
Reported-by: Maksym Yaremchuk <maksymy@nvidia.com>
Signed-off-by: Petr Machata <petrm@nvidia.com>
Signed-off-by: Ido Schimmel <idosch@nvidia.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/mellanox/mlxsw/spectrum_dcb.c | 13 -------------
1 file changed, 13 deletions(-)
diff --git a/drivers/net/ethernet/mellanox/mlxsw/spectrum_dcb.c b/drivers/net/ethernet/mellanox/mlxsw/spectrum_dcb.c
index 5f92b1691360..aff6d4f35cd2 100644
--- a/drivers/net/ethernet/mellanox/mlxsw/spectrum_dcb.c
+++ b/drivers/net/ethernet/mellanox/mlxsw/spectrum_dcb.c
@@ -168,8 +168,6 @@ static int mlxsw_sp_dcbnl_ieee_setets(struct net_device *dev,
static int mlxsw_sp_dcbnl_app_validate(struct net_device *dev,
struct dcb_app *app)
{
- int prio;
-
if (app->priority >= IEEE_8021QAZ_MAX_TCS) {
netdev_err(dev, "APP entry with priority value %u is invalid\n",
app->priority);
@@ -183,17 +181,6 @@ static int mlxsw_sp_dcbnl_app_validate(struct net_device *dev,
app->protocol);
return -EINVAL;
}
-
- /* Warn about any DSCP APP entries with the same PID. */
- prio = fls(dcb_ieee_getapp_mask(dev, app));
- if (prio--) {
- if (prio < app->priority)
- netdev_warn(dev, "Choosing priority %d for DSCP %d in favor of previously-active value of %d\n",
- app->priority, app->protocol, prio);
- else if (prio > app->priority)
- netdev_warn(dev, "Ignoring new priority %d for DSCP %d in favor of current value of %d\n",
- app->priority, app->protocol, prio);
- }
break;
case IEEE_8021QAZ_APP_SEL_ETHERTYPE:
--
2.35.1
^ permalink raw reply related [flat|nested] 898+ messages in thread
* [PATCH 5.18 131/879] mlxsw: Treat LLDP packets as control
2022-06-07 16:51 [PATCH 5.18 000/879] 5.18.3-rc1 review Greg Kroah-Hartman
` (129 preceding siblings ...)
2022-06-07 16:54 ` [PATCH 5.18 130/879] mlxsw: spectrum_dcb: Do not warn about priority changes Greg Kroah-Hartman
@ 2022-06-07 16:54 ` Greg Kroah-Hartman
2022-06-07 16:54 ` [PATCH 5.18 132/879] drm/amdgpu/psp: move PSP memory alloc from hw_init to sw_init Greg Kroah-Hartman
` (757 subsequent siblings)
888 siblings, 0 replies; 898+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:54 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Maksym Yaremchuk, Petr Machata,
Ido Schimmel, David S. Miller, Sasha Levin
From: Petr Machata <petrm@nvidia.com>
[ Upstream commit 0106668cd2f91bf913fb78972840dedfba80a3c3 ]
When trapping packets for on-CPU processing, Spectrum machines
differentiate between control and non-control traps. Traffic trapped
through non-control traps is treated as data and kept in shared buffer in
pools 0-4. Traffic trapped through control traps is kept in the dedicated
control buffer 9. The advantage of marking traps as control is that
pressure in the data plane does not prevent the control traffic to be
processed.
When the LLDP trap was introduced, it was marked as a control trap. But
then in commit aed4b5721143 ("mlxsw: spectrum: PTP: Hook into packet
receive path"), PTP traps were introduced. Because Ethernet-encapsulated
PTP packets look to the Spectrum-1 ASIC as LLDP traffic and are trapped
under the LLDP trap, this trap was reconfigured as non-control, in sync
with the PTP traps.
There is however no requirement that PTP traffic be handled as data.
Besides, the usual encapsulation for PTP traffic is UDP, not bare Ethernet,
and that is in deployments that even need PTP, which is far less common
than LLDP. This is reflected by the default policer, which was not bumped
up to the 19Kpps / 24Kpps that is the expected load of a PTP-enabled
Spectrum-1 switch.
Marking of LLDP trap as non-control was therefore probably misguided. In
this patch, change it back to control.
Reported-by: Maksym Yaremchuk <maksymy@nvidia.com>
Signed-off-by: Petr Machata <petrm@nvidia.com>
Signed-off-by: Ido Schimmel <idosch@nvidia.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/mellanox/mlxsw/spectrum_trap.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/mellanox/mlxsw/spectrum_trap.c b/drivers/net/ethernet/mellanox/mlxsw/spectrum_trap.c
index 47b061b99160..ed4d0d3448f3 100644
--- a/drivers/net/ethernet/mellanox/mlxsw/spectrum_trap.c
+++ b/drivers/net/ethernet/mellanox/mlxsw/spectrum_trap.c
@@ -864,7 +864,7 @@ static const struct mlxsw_sp_trap_item mlxsw_sp_trap_items_arr[] = {
.trap = MLXSW_SP_TRAP_CONTROL(LLDP, LLDP, TRAP),
.listeners_arr = {
MLXSW_RXL(mlxsw_sp_rx_ptp_listener, LLDP, TRAP_TO_CPU,
- false, SP_LLDP, DISCARD),
+ true, SP_LLDP, DISCARD),
},
},
{
--
2.35.1
^ permalink raw reply related [flat|nested] 898+ messages in thread
* [PATCH 5.18 132/879] drm/amdgpu/psp: move PSP memory alloc from hw_init to sw_init
2022-06-07 16:51 [PATCH 5.18 000/879] 5.18.3-rc1 review Greg Kroah-Hartman
` (130 preceding siblings ...)
2022-06-07 16:54 ` [PATCH 5.18 131/879] mlxsw: Treat LLDP packets as control Greg Kroah-Hartman
@ 2022-06-07 16:54 ` Greg Kroah-Hartman
2022-06-07 16:54 ` [PATCH 5.18 133/879] drm/amdgpu/ucode: Remove firmware load type check in amdgpu_ucode_free_bo Greg Kroah-Hartman
` (756 subsequent siblings)
888 siblings, 0 replies; 898+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:54 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hawking Zhang, Alex Deucher, Sasha Levin
From: Alex Deucher <alexander.deucher@amd.com>
[ Upstream commit b95b5391684b39695887afb4a13cccee7820f5d6 ]
Memory allocations should be done in sw_init. hw_init should
just be hardware programming needed to initialize the IP block.
This is how most other IP blocks work. Move the GPU memory
allocations from psp hw_init to psp sw_init and move the memory
free to sw_fini. This also fixes a potential GPU memory leak
if psp hw_init fails.
Reviewed-by: Hawking Zhang <Hawking.Zhang@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/amd/amdgpu/amdgpu_psp.c | 95 ++++++++++++-------------
1 file changed, 47 insertions(+), 48 deletions(-)
diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_psp.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_psp.c
index a6acec1a6155..21aa556a6bef 100644
--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_psp.c
+++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_psp.c
@@ -357,7 +357,39 @@ static int psp_sw_init(void *handle)
}
}
+ ret = amdgpu_bo_create_kernel(adev, PSP_1_MEG, PSP_1_MEG,
+ amdgpu_sriov_vf(adev) ?
+ AMDGPU_GEM_DOMAIN_VRAM : AMDGPU_GEM_DOMAIN_GTT,
+ &psp->fw_pri_bo,
+ &psp->fw_pri_mc_addr,
+ &psp->fw_pri_buf);
+ if (ret)
+ return ret;
+
+ ret = amdgpu_bo_create_kernel(adev, PSP_FENCE_BUFFER_SIZE, PAGE_SIZE,
+ AMDGPU_GEM_DOMAIN_VRAM,
+ &psp->fence_buf_bo,
+ &psp->fence_buf_mc_addr,
+ &psp->fence_buf);
+ if (ret)
+ goto failed1;
+
+ ret = amdgpu_bo_create_kernel(adev, PSP_CMD_BUFFER_SIZE, PAGE_SIZE,
+ AMDGPU_GEM_DOMAIN_VRAM,
+ &psp->cmd_buf_bo, &psp->cmd_buf_mc_addr,
+ (void **)&psp->cmd_buf_mem);
+ if (ret)
+ goto failed2;
+
return 0;
+
+failed2:
+ amdgpu_bo_free_kernel(&psp->fw_pri_bo,
+ &psp->fw_pri_mc_addr, &psp->fw_pri_buf);
+failed1:
+ amdgpu_bo_free_kernel(&psp->fence_buf_bo,
+ &psp->fence_buf_mc_addr, &psp->fence_buf);
+ return ret;
}
static int psp_sw_fini(void *handle)
@@ -391,6 +423,13 @@ static int psp_sw_fini(void *handle)
kfree(cmd);
cmd = NULL;
+ amdgpu_bo_free_kernel(&psp->fw_pri_bo,
+ &psp->fw_pri_mc_addr, &psp->fw_pri_buf);
+ amdgpu_bo_free_kernel(&psp->fence_buf_bo,
+ &psp->fence_buf_mc_addr, &psp->fence_buf);
+ amdgpu_bo_free_kernel(&psp->cmd_buf_bo, &psp->cmd_buf_mc_addr,
+ (void **)&psp->cmd_buf_mem);
+
return 0;
}
@@ -2430,51 +2469,18 @@ static int psp_load_fw(struct amdgpu_device *adev)
struct psp_context *psp = &adev->psp;
if (amdgpu_sriov_vf(adev) && amdgpu_in_reset(adev)) {
- psp_ring_stop(psp, PSP_RING_TYPE__KM); /* should not destroy ring, only stop */
- goto skip_memalloc;
- }
-
- if (amdgpu_sriov_vf(adev)) {
- ret = amdgpu_bo_create_kernel(adev, PSP_1_MEG, PSP_1_MEG,
- AMDGPU_GEM_DOMAIN_VRAM,
- &psp->fw_pri_bo,
- &psp->fw_pri_mc_addr,
- &psp->fw_pri_buf);
+ /* should not destroy ring, only stop */
+ psp_ring_stop(psp, PSP_RING_TYPE__KM);
} else {
- ret = amdgpu_bo_create_kernel(adev, PSP_1_MEG, PSP_1_MEG,
- AMDGPU_GEM_DOMAIN_GTT,
- &psp->fw_pri_bo,
- &psp->fw_pri_mc_addr,
- &psp->fw_pri_buf);
- }
-
- if (ret)
- goto failed;
-
- ret = amdgpu_bo_create_kernel(adev, PSP_FENCE_BUFFER_SIZE, PAGE_SIZE,
- AMDGPU_GEM_DOMAIN_VRAM,
- &psp->fence_buf_bo,
- &psp->fence_buf_mc_addr,
- &psp->fence_buf);
- if (ret)
- goto failed;
-
- ret = amdgpu_bo_create_kernel(adev, PSP_CMD_BUFFER_SIZE, PAGE_SIZE,
- AMDGPU_GEM_DOMAIN_VRAM,
- &psp->cmd_buf_bo, &psp->cmd_buf_mc_addr,
- (void **)&psp->cmd_buf_mem);
- if (ret)
- goto failed;
+ memset(psp->fence_buf, 0, PSP_FENCE_BUFFER_SIZE);
- memset(psp->fence_buf, 0, PSP_FENCE_BUFFER_SIZE);
-
- ret = psp_ring_init(psp, PSP_RING_TYPE__KM);
- if (ret) {
- DRM_ERROR("PSP ring init failed!\n");
- goto failed;
+ ret = psp_ring_init(psp, PSP_RING_TYPE__KM);
+ if (ret) {
+ DRM_ERROR("PSP ring init failed!\n");
+ goto failed;
+ }
}
-skip_memalloc:
ret = psp_hw_start(psp);
if (ret)
goto failed;
@@ -2592,13 +2598,6 @@ static int psp_hw_fini(void *handle)
psp_tmr_terminate(psp);
psp_ring_destroy(psp, PSP_RING_TYPE__KM);
- amdgpu_bo_free_kernel(&psp->fw_pri_bo,
- &psp->fw_pri_mc_addr, &psp->fw_pri_buf);
- amdgpu_bo_free_kernel(&psp->fence_buf_bo,
- &psp->fence_buf_mc_addr, &psp->fence_buf);
- amdgpu_bo_free_kernel(&psp->cmd_buf_bo, &psp->cmd_buf_mc_addr,
- (void **)&psp->cmd_buf_mem);
-
return 0;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 898+ messages in thread
* [PATCH 5.18 133/879] drm/amdgpu/ucode: Remove firmware load type check in amdgpu_ucode_free_bo
2022-06-07 16:51 [PATCH 5.18 000/879] 5.18.3-rc1 review Greg Kroah-Hartman
` (131 preceding siblings ...)
2022-06-07 16:54 ` [PATCH 5.18 132/879] drm/amdgpu/psp: move PSP memory alloc from hw_init to sw_init Greg Kroah-Hartman
@ 2022-06-07 16:54 ` Greg Kroah-Hartman
2022-06-07 16:54 ` [PATCH 5.18 134/879] regulator: mt6315: Enforce regulator-compatible, not name Greg Kroah-Hartman
` (755 subsequent siblings)
888 siblings, 0 replies; 898+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:54 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Alice Wong, Alex Deucher, Sasha Levin
From: Alice Wong <shiwei.wong@amd.com>
[ Upstream commit ab0cd4a9ae5b4679b714d8dbfedc0901fecdce9f ]
When psp_hw_init failed, it will set the load_type to AMDGPU_FW_LOAD_DIRECT.
During amdgpu_device_ip_fini, amdgpu_ucode_free_bo checks that load_type is
AMDGPU_FW_LOAD_DIRECT and skips deallocating fw_buf causing memory leak.
Remove load_type check in amdgpu_ucode_free_bo.
Signed-off-by: Alice Wong <shiwei.wong@amd.com>
Reviewed-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/amd/amdgpu/amdgpu_ucode.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_ucode.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_ucode.c
index ca3350502618..aebafbc327fb 100644
--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_ucode.c
+++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_ucode.c
@@ -714,8 +714,7 @@ int amdgpu_ucode_create_bo(struct amdgpu_device *adev)
void amdgpu_ucode_free_bo(struct amdgpu_device *adev)
{
- if (adev->firmware.load_type != AMDGPU_FW_LOAD_DIRECT)
- amdgpu_bo_free_kernel(&adev->firmware.fw_buf,
+ amdgpu_bo_free_kernel(&adev->firmware.fw_buf,
&adev->firmware.fw_buf_mc,
&adev->firmware.fw_buf_ptr);
}
--
2.35.1
^ permalink raw reply related [flat|nested] 898+ messages in thread
* [PATCH 5.18 134/879] regulator: mt6315: Enforce regulator-compatible, not name
2022-06-07 16:51 [PATCH 5.18 000/879] 5.18.3-rc1 review Greg Kroah-Hartman
` (132 preceding siblings ...)
2022-06-07 16:54 ` [PATCH 5.18 133/879] drm/amdgpu/ucode: Remove firmware load type check in amdgpu_ucode_free_bo Greg Kroah-Hartman
@ 2022-06-07 16:54 ` Greg Kroah-Hartman
2022-06-07 16:54 ` [PATCH 5.18 135/879] ice: always check VF VSI pointer values Greg Kroah-Hartman
` (754 subsequent siblings)
888 siblings, 0 replies; 898+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:54 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Nícolas F . R . A . Prado,
Mark Brown, Sasha Levin
From: Nícolas F. R. A. Prado <nfraprado@collabora.com>
[ Upstream commit 6d435a94ba5bb4f2ad381c0828fbae89c66b50fe ]
The MT6315 PMIC dt-binding should enforce that one of the valid
regulator-compatible is set in each regulator node. However it was
mistakenly matching against regulator-name instead.
Fix the typo. This not only fixes the compatible verification, but also
lifts the regulator-name restriction, so that more meaningful names can
be set for each platform.
Signed-off-by: Nícolas F. R. A. Prado <nfraprado@collabora.com>
Link: https://lore.kernel.org/r/20220429201325.2205799-1-nfraprado@collabora.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
.../devicetree/bindings/regulator/mt6315-regulator.yaml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/Documentation/devicetree/bindings/regulator/mt6315-regulator.yaml b/Documentation/devicetree/bindings/regulator/mt6315-regulator.yaml
index 61dd5af80db6..5d2d989de893 100644
--- a/Documentation/devicetree/bindings/regulator/mt6315-regulator.yaml
+++ b/Documentation/devicetree/bindings/regulator/mt6315-regulator.yaml
@@ -31,7 +31,7 @@ properties:
$ref: "regulator.yaml#"
properties:
- regulator-name:
+ regulator-compatible:
pattern: "^vbuck[1-4]$"
additionalProperties: false
--
2.35.1
^ permalink raw reply related [flat|nested] 898+ messages in thread
* [PATCH 5.18 135/879] ice: always check VF VSI pointer values
2022-06-07 16:51 [PATCH 5.18 000/879] 5.18.3-rc1 review Greg Kroah-Hartman
` (133 preceding siblings ...)
2022-06-07 16:54 ` [PATCH 5.18 134/879] regulator: mt6315: Enforce regulator-compatible, not name Greg Kroah-Hartman
@ 2022-06-07 16:54 ` Greg Kroah-Hartman
2022-06-07 16:54 ` [PATCH 5.18 136/879] HID: bigben: fix slab-out-of-bounds Write in bigben_probe Greg Kroah-Hartman
` (753 subsequent siblings)
888 siblings, 0 replies; 898+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:54 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jacob Keller, Paul Menzel,
Konrad Jankowski, Tony Nguyen, Sasha Levin
From: Jacob Keller <jacob.e.keller@intel.com>
[ Upstream commit baeb705fd6a7245cc1fa69ed991a9cffdf44a174 ]
The ice_get_vf_vsi function can return NULL in some cases, such as if
handling messages during a reset where the VSI is being removed and
recreated.
Several places throughout the driver do not bother to check whether this
VSI pointer is valid. Static analysis tools maybe report issues because
they detect paths where a potentially NULL pointer could be dereferenced.
Fix this by checking the return value of ice_get_vf_vsi everywhere.
Signed-off-by: Jacob Keller <jacob.e.keller@intel.com>
Reviewed-by: Paul Menzel <pmenzel@molgen.mpg.de>
Tested-by: Konrad Jankowski <konrad0.jankowski@intel.com>
Signed-off-by: Tony Nguyen <anthony.l.nguyen@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/intel/ice/ice_devlink.c | 5 ++-
drivers/net/ethernet/intel/ice/ice_repr.c | 7 +++-
drivers/net/ethernet/intel/ice/ice_sriov.c | 32 +++++++++++++++++--
drivers/net/ethernet/intel/ice/ice_vf_lib.c | 28 +++++++++++++++-
drivers/net/ethernet/intel/ice/ice_virtchnl.c | 5 +++
.../ethernet/intel/ice/ice_virtchnl_fdir.c | 7 +++-
6 files changed, 77 insertions(+), 7 deletions(-)
diff --git a/drivers/net/ethernet/intel/ice/ice_devlink.c b/drivers/net/ethernet/intel/ice/ice_devlink.c
index a230edb38466..4a9de59121d8 100644
--- a/drivers/net/ethernet/intel/ice/ice_devlink.c
+++ b/drivers/net/ethernet/intel/ice/ice_devlink.c
@@ -753,9 +753,12 @@ int ice_devlink_create_vf_port(struct ice_vf *vf)
pf = vf->pf;
dev = ice_pf_to_dev(pf);
- vsi = ice_get_vf_vsi(vf);
devlink_port = &vf->devlink_port;
+ vsi = ice_get_vf_vsi(vf);
+ if (!vsi)
+ return -EINVAL;
+
attrs.flavour = DEVLINK_PORT_FLAVOUR_PCI_VF;
attrs.pci_vf.pf = pf->hw.bus.func;
attrs.pci_vf.vf = vf->vf_id;
diff --git a/drivers/net/ethernet/intel/ice/ice_repr.c b/drivers/net/ethernet/intel/ice/ice_repr.c
index 848f2adea563..a91b81c3088b 100644
--- a/drivers/net/ethernet/intel/ice/ice_repr.c
+++ b/drivers/net/ethernet/intel/ice/ice_repr.c
@@ -293,8 +293,13 @@ static int ice_repr_add(struct ice_vf *vf)
struct ice_q_vector *q_vector;
struct ice_netdev_priv *np;
struct ice_repr *repr;
+ struct ice_vsi *vsi;
int err;
+ vsi = ice_get_vf_vsi(vf);
+ if (!vsi)
+ return -EINVAL;
+
repr = kzalloc(sizeof(*repr), GFP_KERNEL);
if (!repr)
return -ENOMEM;
@@ -313,7 +318,7 @@ static int ice_repr_add(struct ice_vf *vf)
goto err_alloc;
}
- repr->src_vsi = ice_get_vf_vsi(vf);
+ repr->src_vsi = vsi;
repr->vf = vf;
vf->repr = repr;
np = netdev_priv(repr->netdev);
diff --git a/drivers/net/ethernet/intel/ice/ice_sriov.c b/drivers/net/ethernet/intel/ice/ice_sriov.c
index 0c438219f7a3..bb1721f1321d 100644
--- a/drivers/net/ethernet/intel/ice/ice_sriov.c
+++ b/drivers/net/ethernet/intel/ice/ice_sriov.c
@@ -46,7 +46,12 @@ static void ice_free_vf_entries(struct ice_pf *pf)
*/
static void ice_vf_vsi_release(struct ice_vf *vf)
{
- ice_vsi_release(ice_get_vf_vsi(vf));
+ struct ice_vsi *vsi = ice_get_vf_vsi(vf);
+
+ if (WARN_ON(!vsi))
+ return;
+
+ ice_vsi_release(vsi);
ice_vf_invalidate_vsi(vf);
}
@@ -104,6 +109,8 @@ static void ice_dis_vf_mappings(struct ice_vf *vf)
hw = &pf->hw;
vsi = ice_get_vf_vsi(vf);
+ if (WARN_ON(!vsi))
+ return;
dev = ice_pf_to_dev(pf);
wr32(hw, VPINT_ALLOC(vf->vf_id), 0);
@@ -341,6 +348,9 @@ static void ice_ena_vf_q_mappings(struct ice_vf *vf, u16 max_txq, u16 max_rxq)
struct ice_hw *hw = &vf->pf->hw;
u32 reg;
+ if (WARN_ON(!vsi))
+ return;
+
/* set regardless of mapping mode */
wr32(hw, VPLAN_TXQ_MAPENA(vf->vf_id), VPLAN_TXQ_MAPENA_TX_ENA_M);
@@ -386,6 +396,9 @@ static void ice_ena_vf_mappings(struct ice_vf *vf)
{
struct ice_vsi *vsi = ice_get_vf_vsi(vf);
+ if (WARN_ON(!vsi))
+ return;
+
ice_ena_vf_msix_mappings(vf);
ice_ena_vf_q_mappings(vf, vsi->alloc_txq, vsi->alloc_rxq);
}
@@ -1128,6 +1141,8 @@ static struct ice_vf *ice_get_vf_from_pfq(struct ice_pf *pf, u16 pfq)
u16 rxq_idx;
vsi = ice_get_vf_vsi(vf);
+ if (!vsi)
+ continue;
ice_for_each_rxq(vsi, rxq_idx)
if (vsi->rxq_map[rxq_idx] == pfq) {
@@ -1521,8 +1536,15 @@ static int ice_calc_all_vfs_min_tx_rate(struct ice_pf *pf)
static bool
ice_min_tx_rate_oversubscribed(struct ice_vf *vf, int min_tx_rate)
{
- int link_speed_mbps = ice_get_link_speed_mbps(ice_get_vf_vsi(vf));
- int all_vfs_min_tx_rate = ice_calc_all_vfs_min_tx_rate(vf->pf);
+ struct ice_vsi *vsi = ice_get_vf_vsi(vf);
+ int all_vfs_min_tx_rate;
+ int link_speed_mbps;
+
+ if (WARN_ON(!vsi))
+ return false;
+
+ link_speed_mbps = ice_get_link_speed_mbps(vsi);
+ all_vfs_min_tx_rate = ice_calc_all_vfs_min_tx_rate(vf->pf);
/* this VF's previous rate is being overwritten */
all_vfs_min_tx_rate -= vf->min_tx_rate;
@@ -1566,6 +1588,10 @@ ice_set_vf_bw(struct net_device *netdev, int vf_id, int min_tx_rate,
goto out_put_vf;
vsi = ice_get_vf_vsi(vf);
+ if (!vsi) {
+ ret = -EINVAL;
+ goto out_put_vf;
+ }
/* when max_tx_rate is zero that means no max Tx rate limiting, so only
* check if max_tx_rate is non-zero
diff --git a/drivers/net/ethernet/intel/ice/ice_vf_lib.c b/drivers/net/ethernet/intel/ice/ice_vf_lib.c
index 6578059d9479..aefd66a4db80 100644
--- a/drivers/net/ethernet/intel/ice/ice_vf_lib.c
+++ b/drivers/net/ethernet/intel/ice/ice_vf_lib.c
@@ -220,8 +220,10 @@ static void ice_vf_clear_counters(struct ice_vf *vf)
{
struct ice_vsi *vsi = ice_get_vf_vsi(vf);
+ if (vsi)
+ vsi->num_vlan = 0;
+
vf->num_mac = 0;
- vsi->num_vlan = 0;
memset(&vf->mdd_tx_events, 0, sizeof(vf->mdd_tx_events));
memset(&vf->mdd_rx_events, 0, sizeof(vf->mdd_rx_events));
}
@@ -251,6 +253,9 @@ static int ice_vf_rebuild_vsi(struct ice_vf *vf)
struct ice_vsi *vsi = ice_get_vf_vsi(vf);
struct ice_pf *pf = vf->pf;
+ if (WARN_ON(!vsi))
+ return -EINVAL;
+
if (ice_vsi_rebuild(vsi, true)) {
dev_err(ice_pf_to_dev(pf), "failed to rebuild VF %d VSI\n",
vf->vf_id);
@@ -514,6 +519,10 @@ int ice_reset_vf(struct ice_vf *vf, u32 flags)
ice_trigger_vf_reset(vf, flags & ICE_VF_RESET_VFLR, false);
vsi = ice_get_vf_vsi(vf);
+ if (WARN_ON(!vsi)) {
+ err = -EIO;
+ goto out_unlock;
+ }
ice_dis_vf_qs(vf);
@@ -572,6 +581,11 @@ int ice_reset_vf(struct ice_vf *vf, u32 flags)
vf->vf_ops->post_vsi_rebuild(vf);
vsi = ice_get_vf_vsi(vf);
+ if (WARN_ON(!vsi)) {
+ err = -EINVAL;
+ goto out_unlock;
+ }
+
ice_eswitch_update_repr(vsi);
ice_eswitch_replay_vf_mac_rule(vf);
@@ -610,6 +624,9 @@ void ice_dis_vf_qs(struct ice_vf *vf)
{
struct ice_vsi *vsi = ice_get_vf_vsi(vf);
+ if (WARN_ON(!vsi))
+ return;
+
ice_vsi_stop_lan_tx_rings(vsi, ICE_NO_RESET, vf->vf_id);
ice_vsi_stop_all_rx_rings(vsi);
ice_set_vf_state_qs_dis(vf);
@@ -790,6 +807,9 @@ static int ice_vf_rebuild_host_mac_cfg(struct ice_vf *vf)
u8 broadcast[ETH_ALEN];
int status;
+ if (WARN_ON(!vsi))
+ return -EINVAL;
+
if (ice_is_eswitch_mode_switchdev(vf->pf))
return 0;
@@ -875,6 +895,9 @@ static int ice_vf_rebuild_host_tx_rate_cfg(struct ice_vf *vf)
struct ice_vsi *vsi = ice_get_vf_vsi(vf);
int err;
+ if (WARN_ON(!vsi))
+ return -EINVAL;
+
if (vf->min_tx_rate) {
err = ice_set_min_bw_limit(vsi, (u64)vf->min_tx_rate * 1000);
if (err) {
@@ -938,6 +961,9 @@ void ice_vf_rebuild_host_cfg(struct ice_vf *vf)
struct device *dev = ice_pf_to_dev(vf->pf);
struct ice_vsi *vsi = ice_get_vf_vsi(vf);
+ if (WARN_ON(!vsi))
+ return;
+
ice_vf_set_host_trust_cfg(vf);
if (ice_vf_rebuild_host_mac_cfg(vf))
diff --git a/drivers/net/ethernet/intel/ice/ice_virtchnl.c b/drivers/net/ethernet/intel/ice/ice_virtchnl.c
index 2889e050a4c9..5405a0e752cf 100644
--- a/drivers/net/ethernet/intel/ice/ice_virtchnl.c
+++ b/drivers/net/ethernet/intel/ice/ice_virtchnl.c
@@ -2392,6 +2392,11 @@ static int ice_vc_ena_vlan_stripping(struct ice_vf *vf)
}
vsi = ice_get_vf_vsi(vf);
+ if (!vsi) {
+ v_ret = VIRTCHNL_STATUS_ERR_PARAM;
+ goto error_param;
+ }
+
if (vsi->inner_vlan_ops.ena_stripping(vsi, ETH_P_8021Q))
v_ret = VIRTCHNL_STATUS_ERR_PARAM;
diff --git a/drivers/net/ethernet/intel/ice/ice_virtchnl_fdir.c b/drivers/net/ethernet/intel/ice/ice_virtchnl_fdir.c
index 8e38ee2faf58..b74ccbd1591a 100644
--- a/drivers/net/ethernet/intel/ice/ice_virtchnl_fdir.c
+++ b/drivers/net/ethernet/intel/ice/ice_virtchnl_fdir.c
@@ -1344,7 +1344,12 @@ static void ice_vf_fdir_dump_info(struct ice_vf *vf)
pf = vf->pf;
hw = &pf->hw;
dev = ice_pf_to_dev(pf);
- vf_vsi = pf->vsi[vf->lan_vsi_idx];
+ vf_vsi = ice_get_vf_vsi(vf);
+ if (!vf_vsi) {
+ dev_dbg(dev, "VF %d: invalid VSI pointer\n", vf->vf_id);
+ return;
+ }
+
vsi_num = ice_get_hw_vsi_num(hw, vf_vsi->idx);
fd_size = rd32(hw, VSIQF_FD_SIZE(vsi_num));
--
2.35.1
^ permalink raw reply related [flat|nested] 898+ messages in thread
* [PATCH 5.18 136/879] HID: bigben: fix slab-out-of-bounds Write in bigben_probe
2022-06-07 16:51 [PATCH 5.18 000/879] 5.18.3-rc1 review Greg Kroah-Hartman
` (134 preceding siblings ...)
2022-06-07 16:54 ` [PATCH 5.18 135/879] ice: always check VF VSI pointer values Greg Kroah-Hartman
@ 2022-06-07 16:54 ` Greg Kroah-Hartman
2022-06-07 16:54 ` [PATCH 5.18 137/879] drm/tegra: gem: Do not try to dereference ERR_PTR() Greg Kroah-Hartman
` (752 subsequent siblings)
888 siblings, 0 replies; 898+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:54 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, syzkaller, Dongliang Mu, Jiri Kosina,
Sasha Levin
From: Dongliang Mu <mudongliangabcd@gmail.com>
[ Upstream commit fc4ef9d5724973193bfa5ebed181dba6de3a56db ]
There is a slab-out-of-bounds Write bug in hid-bigbenff driver.
The problem is the driver assumes the device must have an input but
some malicious devices violate this assumption.
Fix this by checking hid_device's input is non-empty before its usage.
Reported-by: syzkaller <syzkaller@googlegroups.com>
Signed-off-by: Dongliang Mu <mudongliangabcd@gmail.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/hid/hid-bigbenff.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/drivers/hid/hid-bigbenff.c b/drivers/hid/hid-bigbenff.c
index 74ad8bf98bfd..e8c5e3ac9fff 100644
--- a/drivers/hid/hid-bigbenff.c
+++ b/drivers/hid/hid-bigbenff.c
@@ -347,6 +347,12 @@ static int bigben_probe(struct hid_device *hid,
bigben->report = list_entry(report_list->next,
struct hid_report, list);
+ if (list_empty(&hid->inputs)) {
+ hid_err(hid, "no inputs found\n");
+ error = -ENODEV;
+ goto error_hw_stop;
+ }
+
hidinput = list_first_entry(&hid->inputs, struct hid_input, list);
set_bit(FF_RUMBLE, hidinput->input->ffbit);
--
2.35.1
^ permalink raw reply related [flat|nested] 898+ messages in thread
* [PATCH 5.18 137/879] drm/tegra: gem: Do not try to dereference ERR_PTR()
2022-06-07 16:51 [PATCH 5.18 000/879] 5.18.3-rc1 review Greg Kroah-Hartman
` (135 preceding siblings ...)
2022-06-07 16:54 ` [PATCH 5.18 136/879] HID: bigben: fix slab-out-of-bounds Write in bigben_probe Greg Kroah-Hartman
@ 2022-06-07 16:54 ` Greg Kroah-Hartman
2022-06-07 16:54 ` [PATCH 5.18 138/879] of: Support more than one crash kernel regions for kexec -s Greg Kroah-Hartman
` (751 subsequent siblings)
888 siblings, 0 replies; 898+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:54 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, kernel test robot, Dan Carpenter,
Thierry Reding, Sasha Levin
From: Thierry Reding <treding@nvidia.com>
[ Upstream commit cb7e1abc2c73633e1eefa168ab2dad6e838899c9 ]
When mapping the DMA-BUF attachment fails, map->sgt will be an ERR_PTR-
encoded error code and the cleanup code would try to free that memory,
which obviously would fail.
Zero out that pointer after extracting the error code when this happens
so that kfree() can do the right thing.
Reported-by: kernel test robot <lkp@intel.com>
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Thierry Reding <treding@nvidia.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/tegra/gem.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/gpu/drm/tegra/gem.c b/drivers/gpu/drm/tegra/gem.c
index 0063403ab5e1..7c7dd84e6db8 100644
--- a/drivers/gpu/drm/tegra/gem.c
+++ b/drivers/gpu/drm/tegra/gem.c
@@ -88,6 +88,7 @@ static struct host1x_bo_mapping *tegra_bo_pin(struct device *dev, struct host1x_
if (IS_ERR(map->sgt)) {
dma_buf_detach(buf, map->attach);
err = PTR_ERR(map->sgt);
+ map->sgt = NULL;
goto free;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 898+ messages in thread
* [PATCH 5.18 138/879] of: Support more than one crash kernel regions for kexec -s
2022-06-07 16:51 [PATCH 5.18 000/879] 5.18.3-rc1 review Greg Kroah-Hartman
` (136 preceding siblings ...)
2022-06-07 16:54 ` [PATCH 5.18 137/879] drm/tegra: gem: Do not try to dereference ERR_PTR() Greg Kroah-Hartman
@ 2022-06-07 16:54 ` Greg Kroah-Hartman
2022-06-07 16:54 ` [PATCH 5.18 139/879] ASoC: tscs454: Add endianness flag in snd_soc_component_driver Greg Kroah-Hartman
` (750 subsequent siblings)
888 siblings, 0 replies; 898+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:54 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Zhen Lei, Rob Herring, Baoquan He,
Catalin Marinas, Sasha Levin
From: Zhen Lei <thunder.leizhen@huawei.com>
[ Upstream commit 8af6b91f58341325bf74ecb0389ddc0039091d84 ]
When "crashkernel=X,high" is used, there may be two crash regions:
high=crashk_res and low=crashk_low_res. But now the syscall
kexec_file_load() only add crashk_res into "linux,usable-memory-range",
this may cause the second kernel to have no available dma memory.
Fix it like kexec-tools does for option -c, add both 'high' and 'low'
regions into the dtb.
Signed-off-by: Zhen Lei <thunder.leizhen@huawei.com>
Acked-by: Rob Herring <robh@kernel.org>
Acked-by: Baoquan He <bhe@redhat.com>
Link: https://lore.kernel.org/r/20220506114402.365-6-thunder.leizhen@huawei.com
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/of/kexec.c | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/drivers/of/kexec.c b/drivers/of/kexec.c
index b9bd1cff1793..8d374cc552be 100644
--- a/drivers/of/kexec.c
+++ b/drivers/of/kexec.c
@@ -386,6 +386,15 @@ void *of_kexec_alloc_and_setup_fdt(const struct kimage *image,
crashk_res.end - crashk_res.start + 1);
if (ret)
goto out;
+
+ if (crashk_low_res.end) {
+ ret = fdt_appendprop_addrrange(fdt, 0, chosen_node,
+ "linux,usable-memory-range",
+ crashk_low_res.start,
+ crashk_low_res.end - crashk_low_res.start + 1);
+ if (ret)
+ goto out;
+ }
}
/* add bootargs */
--
2.35.1
^ permalink raw reply related [flat|nested] 898+ messages in thread
* [PATCH 5.18 139/879] ASoC: tscs454: Add endianness flag in snd_soc_component_driver
2022-06-07 16:51 [PATCH 5.18 000/879] 5.18.3-rc1 review Greg Kroah-Hartman
` (137 preceding siblings ...)
2022-06-07 16:54 ` [PATCH 5.18 138/879] of: Support more than one crash kernel regions for kexec -s Greg Kroah-Hartman
@ 2022-06-07 16:54 ` Greg Kroah-Hartman
2022-06-07 16:54 ` [PATCH 5.18 140/879] net/mlx5: Increase FW pre-init timeout for health recovery Greg Kroah-Hartman
` (749 subsequent siblings)
888 siblings, 0 replies; 898+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:54 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Charles Keepax, Mark Brown, Sasha Levin
From: Charles Keepax <ckeepax@opensource.cirrus.com>
[ Upstream commit ff69ec96b87dccb3a29edef8cec5d4fefbbc2055 ]
The endianness flag is used on the CODEC side to specify an
ambivalence to endian, typically because it is lost over the hardware
link. This device receives audio over an I2S DAI and as such should
have endianness applied.
A fixup is also required to use the width directly rather than relying
on the format in hw_params, now both little and big endian would be
supported. It is worth noting this changes the behaviour of S24_LE to
use a word length of 24 rather than 32. This would appear to be a
correction since the fact S24_LE is stored as 32 bits should not be
presented over the bus.
Signed-off-by: Charles Keepax <ckeepax@opensource.cirrus.com>
Link: https://lore.kernel.org/r/20220504170905.332415-26-ckeepax@opensource.cirrus.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/codecs/tscs454.c | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/sound/soc/codecs/tscs454.c b/sound/soc/codecs/tscs454.c
index 7e1826d6f06f..32e6fa7b0a06 100644
--- a/sound/soc/codecs/tscs454.c
+++ b/sound/soc/codecs/tscs454.c
@@ -3120,18 +3120,17 @@ static int set_aif_sample_format(struct snd_soc_component *component,
unsigned int width;
int ret;
- switch (format) {
- case SNDRV_PCM_FORMAT_S16_LE:
+ switch (snd_pcm_format_width(format)) {
+ case 16:
width = FV_WL_16;
break;
- case SNDRV_PCM_FORMAT_S20_3LE:
+ case 20:
width = FV_WL_20;
break;
- case SNDRV_PCM_FORMAT_S24_3LE:
+ case 24:
width = FV_WL_24;
break;
- case SNDRV_PCM_FORMAT_S24_LE:
- case SNDRV_PCM_FORMAT_S32_LE:
+ case 32:
width = FV_WL_32;
break;
default:
@@ -3326,6 +3325,7 @@ static const struct snd_soc_component_driver soc_component_dev_tscs454 = {
.num_dapm_routes = ARRAY_SIZE(tscs454_intercon),
.controls = tscs454_snd_controls,
.num_controls = ARRAY_SIZE(tscs454_snd_controls),
+ .endianness = 1,
};
#define TSCS454_RATES SNDRV_PCM_RATE_8000_96000
--
2.35.1
^ permalink raw reply related [flat|nested] 898+ messages in thread
* [PATCH 5.18 140/879] net/mlx5: Increase FW pre-init timeout for health recovery
2022-06-07 16:51 [PATCH 5.18 000/879] 5.18.3-rc1 review Greg Kroah-Hartman
` (138 preceding siblings ...)
2022-06-07 16:54 ` [PATCH 5.18 139/879] ASoC: tscs454: Add endianness flag in snd_soc_component_driver Greg Kroah-Hartman
@ 2022-06-07 16:54 ` Greg Kroah-Hartman
2022-06-07 16:54 ` [PATCH 5.18 141/879] ASoC: Intel: sof_ssp_amp: fix no DMIC BE Link on Chromebooks Greg Kroah-Hartman
` (748 subsequent siblings)
888 siblings, 0 replies; 898+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:54 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Gavin Li, Moshe Shemesh, Shay Drory,
Saeed Mahameed, Sasha Levin
From: Gavin Li <gavinl@nvidia.com>
[ Upstream commit 37ca95e62ee23fa6d2c2c64e3dc40b4a0c0146dc ]
Currently, health recovery will reload driver to recover it from fatal
errors. During the driver's load process, it would wait for FW to set the
pre-init bit for up to 120 seconds, beyond this threshold it would abort
the load process. In some cases, such as a FW upgrade on the DPU, this
timeout period is insufficient, and the user has no way to recover the
host device.
To solve this issue, introduce a new FW pre-init timeout for health
recovery, which is set to 2 hours.
The timeout for devlink reload and probe will use the original one because
they are user triggered flows, and therefore should not have a
significantly long timeout, during which the user command would hang.
Signed-off-by: Gavin Li <gavinl@nvidia.com>
Reviewed-by: Moshe Shemesh <moshe@nvidia.com>
Reviewed-by: Shay Drory <shayd@nvidia.com>
Signed-off-by: Saeed Mahameed <saeedm@nvidia.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
.../net/ethernet/mellanox/mlx5/core/devlink.c | 4 ++--
.../ethernet/mellanox/mlx5/core/fw_reset.c | 2 +-
.../ethernet/mellanox/mlx5/core/lib/tout.c | 1 +
.../ethernet/mellanox/mlx5/core/lib/tout.h | 1 +
.../net/ethernet/mellanox/mlx5/core/main.c | 23 +++++++++++--------
.../ethernet/mellanox/mlx5/core/mlx5_core.h | 2 +-
6 files changed, 20 insertions(+), 13 deletions(-)
diff --git a/drivers/net/ethernet/mellanox/mlx5/core/devlink.c b/drivers/net/ethernet/mellanox/mlx5/core/devlink.c
index 057dde6f4417..9401127fb0ec 100644
--- a/drivers/net/ethernet/mellanox/mlx5/core/devlink.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/devlink.c
@@ -178,13 +178,13 @@ static int mlx5_devlink_reload_up(struct devlink *devlink, enum devlink_reload_a
*actions_performed = BIT(action);
switch (action) {
case DEVLINK_RELOAD_ACTION_DRIVER_REINIT:
- return mlx5_load_one(dev);
+ return mlx5_load_one(dev, false);
case DEVLINK_RELOAD_ACTION_FW_ACTIVATE:
if (limit == DEVLINK_RELOAD_LIMIT_NO_RESET)
break;
/* On fw_activate action, also driver is reloaded and reinit performed */
*actions_performed |= BIT(DEVLINK_RELOAD_ACTION_DRIVER_REINIT);
- return mlx5_load_one(dev);
+ return mlx5_load_one(dev, false);
default:
/* Unsupported action should not get to this function */
WARN_ON(1);
diff --git a/drivers/net/ethernet/mellanox/mlx5/core/fw_reset.c b/drivers/net/ethernet/mellanox/mlx5/core/fw_reset.c
index 81eb67fb95b0..052af4901c0b 100644
--- a/drivers/net/ethernet/mellanox/mlx5/core/fw_reset.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/fw_reset.c
@@ -149,7 +149,7 @@ static void mlx5_fw_reset_complete_reload(struct mlx5_core_dev *dev)
if (test_bit(MLX5_FW_RESET_FLAGS_PENDING_COMP, &fw_reset->reset_flags)) {
complete(&fw_reset->done);
} else {
- mlx5_load_one(dev);
+ mlx5_load_one(dev, false);
devlink_remote_reload_actions_performed(priv_to_devlink(dev), 0,
BIT(DEVLINK_RELOAD_ACTION_DRIVER_REINIT) |
BIT(DEVLINK_RELOAD_ACTION_FW_ACTIVATE));
diff --git a/drivers/net/ethernet/mellanox/mlx5/core/lib/tout.c b/drivers/net/ethernet/mellanox/mlx5/core/lib/tout.c
index c1df0d3595d8..d758848d34d0 100644
--- a/drivers/net/ethernet/mellanox/mlx5/core/lib/tout.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/lib/tout.c
@@ -10,6 +10,7 @@ struct mlx5_timeouts {
static const u32 tout_def_sw_val[MAX_TIMEOUT_TYPES] = {
[MLX5_TO_FW_PRE_INIT_TIMEOUT_MS] = 120000,
+ [MLX5_TO_FW_PRE_INIT_ON_RECOVERY_TIMEOUT_MS] = 7200000,
[MLX5_TO_FW_PRE_INIT_WARN_MESSAGE_INTERVAL_MS] = 20000,
[MLX5_TO_FW_PRE_INIT_WAIT_MS] = 2,
[MLX5_TO_FW_INIT_MS] = 2000,
diff --git a/drivers/net/ethernet/mellanox/mlx5/core/lib/tout.h b/drivers/net/ethernet/mellanox/mlx5/core/lib/tout.h
index 1c42ead782fa..257c03eeab36 100644
--- a/drivers/net/ethernet/mellanox/mlx5/core/lib/tout.h
+++ b/drivers/net/ethernet/mellanox/mlx5/core/lib/tout.h
@@ -7,6 +7,7 @@
enum mlx5_timeouts_types {
/* pre init timeouts (not read from FW) */
MLX5_TO_FW_PRE_INIT_TIMEOUT_MS,
+ MLX5_TO_FW_PRE_INIT_ON_RECOVERY_TIMEOUT_MS,
MLX5_TO_FW_PRE_INIT_WARN_MESSAGE_INTERVAL_MS,
MLX5_TO_FW_PRE_INIT_WAIT_MS,
diff --git a/drivers/net/ethernet/mellanox/mlx5/core/main.c b/drivers/net/ethernet/mellanox/mlx5/core/main.c
index ef196cb764e2..8b5263699994 100644
--- a/drivers/net/ethernet/mellanox/mlx5/core/main.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/main.c
@@ -1014,7 +1014,7 @@ static void mlx5_cleanup_once(struct mlx5_core_dev *dev)
mlx5_devcom_unregister_device(dev->priv.devcom);
}
-static int mlx5_function_setup(struct mlx5_core_dev *dev, bool boot)
+static int mlx5_function_setup(struct mlx5_core_dev *dev, u64 timeout)
{
int err;
@@ -1029,11 +1029,11 @@ static int mlx5_function_setup(struct mlx5_core_dev *dev, bool boot)
/* wait for firmware to accept initialization segments configurations
*/
- err = wait_fw_init(dev, mlx5_tout_ms(dev, FW_PRE_INIT_TIMEOUT),
+ err = wait_fw_init(dev, timeout,
mlx5_tout_ms(dev, FW_PRE_INIT_WARN_MESSAGE_INTERVAL));
if (err) {
mlx5_core_err(dev, "Firmware over %llu MS in pre-initializing state, aborting\n",
- mlx5_tout_ms(dev, FW_PRE_INIT_TIMEOUT));
+ timeout);
return err;
}
@@ -1296,7 +1296,7 @@ int mlx5_init_one(struct mlx5_core_dev *dev)
mutex_lock(&dev->intf_state_mutex);
dev->state = MLX5_DEVICE_STATE_UP;
- err = mlx5_function_setup(dev, true);
+ err = mlx5_function_setup(dev, mlx5_tout_ms(dev, FW_PRE_INIT_TIMEOUT));
if (err)
goto err_function;
@@ -1360,9 +1360,10 @@ void mlx5_uninit_one(struct mlx5_core_dev *dev)
mutex_unlock(&dev->intf_state_mutex);
}
-int mlx5_load_one(struct mlx5_core_dev *dev)
+int mlx5_load_one(struct mlx5_core_dev *dev, bool recovery)
{
int err = 0;
+ u64 timeout;
mutex_lock(&dev->intf_state_mutex);
if (test_bit(MLX5_INTERFACE_STATE_UP, &dev->intf_state)) {
@@ -1372,7 +1373,11 @@ int mlx5_load_one(struct mlx5_core_dev *dev)
/* remove any previous indication of internal error */
dev->state = MLX5_DEVICE_STATE_UP;
- err = mlx5_function_setup(dev, false);
+ if (recovery)
+ timeout = mlx5_tout_ms(dev, FW_PRE_INIT_ON_RECOVERY_TIMEOUT);
+ else
+ timeout = mlx5_tout_ms(dev, FW_PRE_INIT_TIMEOUT);
+ err = mlx5_function_setup(dev, timeout);
if (err)
goto err_function;
@@ -1746,7 +1751,7 @@ static void mlx5_pci_resume(struct pci_dev *pdev)
mlx5_pci_trace(dev, "Enter, loading driver..\n");
- err = mlx5_load_one(dev);
+ err = mlx5_load_one(dev, false);
mlx5_pci_trace(dev, "Done, err = %d, device %s\n", err,
!err ? "recovered" : "Failed");
@@ -1833,7 +1838,7 @@ static int mlx5_resume(struct pci_dev *pdev)
{
struct mlx5_core_dev *dev = pci_get_drvdata(pdev);
- return mlx5_load_one(dev);
+ return mlx5_load_one(dev, false);
}
static const struct pci_device_id mlx5_core_pci_table[] = {
@@ -1878,7 +1883,7 @@ int mlx5_recover_device(struct mlx5_core_dev *dev)
return -EIO;
}
- return mlx5_load_one(dev);
+ return mlx5_load_one(dev, true);
}
static struct pci_driver mlx5_core_driver = {
diff --git a/drivers/net/ethernet/mellanox/mlx5/core/mlx5_core.h b/drivers/net/ethernet/mellanox/mlx5/core/mlx5_core.h
index a9b2d6ead542..9026be1d6223 100644
--- a/drivers/net/ethernet/mellanox/mlx5/core/mlx5_core.h
+++ b/drivers/net/ethernet/mellanox/mlx5/core/mlx5_core.h
@@ -290,7 +290,7 @@ void mlx5_mdev_uninit(struct mlx5_core_dev *dev);
int mlx5_init_one(struct mlx5_core_dev *dev);
void mlx5_uninit_one(struct mlx5_core_dev *dev);
void mlx5_unload_one(struct mlx5_core_dev *dev);
-int mlx5_load_one(struct mlx5_core_dev *dev);
+int mlx5_load_one(struct mlx5_core_dev *dev, bool recovery);
int mlx5_vport_get_other_func_cap(struct mlx5_core_dev *dev, u16 function_id, void *out);
--
2.35.1
^ permalink raw reply related [flat|nested] 898+ messages in thread
* [PATCH 5.18 141/879] ASoC: Intel: sof_ssp_amp: fix no DMIC BE Link on Chromebooks
2022-06-07 16:51 [PATCH 5.18 000/879] 5.18.3-rc1 review Greg Kroah-Hartman
` (139 preceding siblings ...)
2022-06-07 16:54 ` [PATCH 5.18 140/879] net/mlx5: Increase FW pre-init timeout for health recovery Greg Kroah-Hartman
@ 2022-06-07 16:54 ` Greg Kroah-Hartman
2022-06-07 16:54 ` [PATCH 5.18 142/879] scsi: hisi_sas: Undo RPM resume for failed notify phy event for v3 HW Greg Kroah-Hartman
` (747 subsequent siblings)
888 siblings, 0 replies; 898+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:54 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Bard Liao, Brent Lu,
Pierre-Louis Bossart, Mark Brown, Sasha Levin
From: Brent Lu <brent.lu@intel.com>
[ Upstream commit d1c808765deb2bcd35d827402ed4d75d068aae18 ]
The SOF topology supports 2 BE Links(dmic01 and dmic16k) and each
link supports up to four DMICs. However, Chromebook does not implement
ACPI NHLT table so the mach->mach_params.dmic_num is always zero. We
add a quirk so machine driver knows it's running on a Chromebook and
need to create BE Links for DMIC.
Reviewed-by: Bard Liao <yung-chuan.liao@linux.intel.com>
Signed-off-by: Brent Lu <brent.lu@intel.com>
Signed-off-by: Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
Link: https://lore.kernel.org/r/20220509170922.54868-3-pierre-louis.bossart@linux.intel.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/intel/boards/sof_ssp_amp.c | 16 ++++++++++++++--
1 file changed, 14 insertions(+), 2 deletions(-)
diff --git a/sound/soc/intel/boards/sof_ssp_amp.c b/sound/soc/intel/boards/sof_ssp_amp.c
index 88530e9de543..ef70c6f27fe1 100644
--- a/sound/soc/intel/boards/sof_ssp_amp.c
+++ b/sound/soc/intel/boards/sof_ssp_amp.c
@@ -9,6 +9,7 @@
#include <linux/acpi.h>
#include <linux/delay.h>
+#include <linux/dmi.h>
#include <linux/module.h>
#include <linux/platform_device.h>
#include <sound/core.h>
@@ -78,6 +79,16 @@ struct sof_card_private {
bool idisp_codec;
};
+static const struct dmi_system_id chromebook_platforms[] = {
+ {
+ .ident = "Google Chromebooks",
+ .matches = {
+ DMI_MATCH(DMI_SYS_VENDOR, "Google"),
+ }
+ },
+ {},
+};
+
static const struct snd_soc_dapm_widget sof_ssp_amp_dapm_widgets[] = {
SND_SOC_DAPM_MIC("SoC DMIC", NULL),
};
@@ -371,7 +382,7 @@ static int sof_ssp_amp_probe(struct platform_device *pdev)
struct snd_soc_dai_link *dai_links;
struct snd_soc_acpi_mach *mach;
struct sof_card_private *ctx;
- int dmic_be_num, hdmi_num = 0;
+ int dmic_be_num = 0, hdmi_num = 0;
int ret, ssp_codec;
ctx = devm_kzalloc(&pdev->dev, sizeof(*ctx), GFP_KERNEL);
@@ -383,7 +394,8 @@ static int sof_ssp_amp_probe(struct platform_device *pdev)
mach = pdev->dev.platform_data;
- dmic_be_num = mach->mach_params.dmic_num;
+ if (dmi_check_system(chromebook_platforms) || mach->mach_params.dmic_num > 0)
+ dmic_be_num = 2;
ssp_codec = sof_ssp_amp_quirk & SOF_AMPLIFIER_SSP_MASK;
--
2.35.1
^ permalink raw reply related [flat|nested] 898+ messages in thread
* [PATCH 5.18 142/879] scsi: hisi_sas: Undo RPM resume for failed notify phy event for v3 HW
2022-06-07 16:51 [PATCH 5.18 000/879] 5.18.3-rc1 review Greg Kroah-Hartman
` (140 preceding siblings ...)
2022-06-07 16:54 ` [PATCH 5.18 141/879] ASoC: Intel: sof_ssp_amp: fix no DMIC BE Link on Chromebooks Greg Kroah-Hartman
@ 2022-06-07 16:54 ` Greg Kroah-Hartman
2022-06-07 16:54 ` [PATCH 5.18 143/879] scsi: lpfc: Inhibit aborts if external loopback plug is inserted Greg Kroah-Hartman
` (746 subsequent siblings)
888 siblings, 0 replies; 898+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:54 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Yihang Li, Xiang Chen, John Garry,
Martin K. Petersen, Sasha Levin
From: Xiang Chen <chenxiang66@hisilicon.com>
[ Upstream commit 9b5387fe5af38116b452259d87cd66594b6277c1 ]
If we fail to notify the phy up event then undo the RPM resume, as the phy
up notify event handling pairs with that RPM resume.
Link: https://lore.kernel.org/r/1651839939-101188-1-git-send-email-john.garry@huawei.com
Reported-by: Yihang Li <liyihang6@hisilicon.com>
Tested-by: Yihang Li <liyihang6@hisilicon.com>
Signed-off-by: Xiang Chen <chenxiang66@hisilicon.com>
Signed-off-by: John Garry <john.garry@huawei.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/scsi/hisi_sas/hisi_sas_v3_hw.c | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/drivers/scsi/hisi_sas/hisi_sas_v3_hw.c b/drivers/scsi/hisi_sas/hisi_sas_v3_hw.c
index 79f87d7c3e68..7d819fc0395e 100644
--- a/drivers/scsi/hisi_sas/hisi_sas_v3_hw.c
+++ b/drivers/scsi/hisi_sas/hisi_sas_v3_hw.c
@@ -1563,9 +1563,15 @@ static irqreturn_t phy_up_v3_hw(int phy_no, struct hisi_hba *hisi_hba)
phy->port_id = port_id;
- /* Call pm_runtime_put_sync() with pairs in hisi_sas_phyup_pm_work() */
+ /*
+ * Call pm_runtime_get_noresume() which pairs with
+ * hisi_sas_phyup_pm_work() -> pm_runtime_put_sync().
+ * For failure call pm_runtime_put() as we are in a hardirq context.
+ */
pm_runtime_get_noresume(dev);
- hisi_sas_notify_phy_event(phy, HISI_PHYE_PHY_UP_PM);
+ res = hisi_sas_notify_phy_event(phy, HISI_PHYE_PHY_UP_PM);
+ if (!res)
+ pm_runtime_put(dev);
res = IRQ_HANDLED;
--
2.35.1
^ permalink raw reply related [flat|nested] 898+ messages in thread
* [PATCH 5.18 143/879] scsi: lpfc: Inhibit aborts if external loopback plug is inserted
2022-06-07 16:51 [PATCH 5.18 000/879] 5.18.3-rc1 review Greg Kroah-Hartman
` (141 preceding siblings ...)
2022-06-07 16:54 ` [PATCH 5.18 142/879] scsi: hisi_sas: Undo RPM resume for failed notify phy event for v3 HW Greg Kroah-Hartman
@ 2022-06-07 16:54 ` Greg Kroah-Hartman
2022-06-07 16:54 ` [PATCH 5.18 144/879] scsi: lpfc: Alter FPIN stat accounting logic Greg Kroah-Hartman
` (745 subsequent siblings)
888 siblings, 0 replies; 898+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:54 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Justin Tee, James Smart,
Martin K. Petersen, Sasha Levin
From: James Smart <jsmart2021@gmail.com>
[ Upstream commit ead76d4c09b89f4c8d632648026a476a5a34fde8 ]
After running a short external loopback test, when the external loopback is
removed and a normal cable inserted that is directly connected to a target
device, the system oops in the llpfc_set_rrq_active() routine.
When the loopback was inserted an FLOGI was transmit. As we're looped back,
we receive the FLOGI request. The FLOGI is ABTS'd as we recognize the same
wppn thus understand it's a loopback. However, as the ABTS sends address
information the port is not set to (fffffe), the ABTS is dropped on the
wire. A short 1 frame loopback test is run and completes before the ABTS
times out. The looback is unplugged and the new cable plugged in, and the
an FLOGI to the new device occurs and completes. Due to a mixup in ref
counting the completion of the new FLOGI releases the fabric ndlp. Then the
original ABTS completes and references the released ndlp generating the
oops.
Correct by no-op'ing the ABTS when in loopback mode (it will be dropped
anyway). Added a flag to track the mode to recognize when it should be
no-op'd.
Link: https://lore.kernel.org/r/20220506035519.50908-5-jsmart2021@gmail.com
Co-developed-by: Justin Tee <justin.tee@broadcom.com>
Signed-off-by: Justin Tee <justin.tee@broadcom.com>
Signed-off-by: James Smart <jsmart2021@gmail.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/scsi/lpfc/lpfc.h | 1 +
drivers/scsi/lpfc/lpfc_els.c | 12 ++++++++++++
drivers/scsi/lpfc/lpfc_hbadisc.c | 3 +++
drivers/scsi/lpfc/lpfc_sli.c | 8 +++++---
4 files changed, 21 insertions(+), 3 deletions(-)
diff --git a/drivers/scsi/lpfc/lpfc.h b/drivers/scsi/lpfc/lpfc.h
index 0025760230e5..da5e91a91151 100644
--- a/drivers/scsi/lpfc/lpfc.h
+++ b/drivers/scsi/lpfc/lpfc.h
@@ -1025,6 +1025,7 @@ struct lpfc_hba {
#define LS_MDS_LINK_DOWN 0x8 /* MDS Diagnostics Link Down */
#define LS_MDS_LOOPBACK 0x10 /* MDS Diagnostics Link Up (Loopback) */
#define LS_CT_VEN_RPA 0x20 /* Vendor RPA sent to switch */
+#define LS_EXTERNAL_LOOPBACK 0x40 /* External loopback plug inserted */
uint32_t hba_flag; /* hba generic flags */
#define HBA_ERATT_HANDLED 0x1 /* This flag is set when eratt handled */
diff --git a/drivers/scsi/lpfc/lpfc_els.c b/drivers/scsi/lpfc/lpfc_els.c
index 46a01a51b207..9545a35f0777 100644
--- a/drivers/scsi/lpfc/lpfc_els.c
+++ b/drivers/scsi/lpfc/lpfc_els.c
@@ -1387,6 +1387,9 @@ lpfc_issue_els_flogi(struct lpfc_vport *vport, struct lpfc_nodelist *ndlp,
phba->hba_flag |= (HBA_FLOGI_ISSUED | HBA_FLOGI_OUTSTANDING);
+ /* Clear external loopback plug detected flag */
+ phba->link_flag &= ~LS_EXTERNAL_LOOPBACK;
+
/* Check for a deferred FLOGI ACC condition */
if (phba->defer_flogi_acc_flag) {
/* lookup ndlp for received FLOGI */
@@ -8182,6 +8185,9 @@ lpfc_els_rcv_flogi(struct lpfc_vport *vport, struct lpfc_iocbq *cmdiocb,
uint32_t fc_flag = 0;
uint32_t port_state = 0;
+ /* Clear external loopback plug detected flag */
+ phba->link_flag &= ~LS_EXTERNAL_LOOPBACK;
+
cmd = *lp++;
sp = (struct serv_parm *) lp;
@@ -8233,6 +8239,12 @@ lpfc_els_rcv_flogi(struct lpfc_vport *vport, struct lpfc_iocbq *cmdiocb,
return 1;
}
+ /* External loopback plug insertion detected */
+ phba->link_flag |= LS_EXTERNAL_LOOPBACK;
+
+ lpfc_printf_vlog(vport, KERN_INFO, LOG_ELS | LOG_LIBDFC,
+ "1119 External Loopback plug detected\n");
+
/* abort the flogi coming back to ourselves
* due to external loopback on the port.
*/
diff --git a/drivers/scsi/lpfc/lpfc_hbadisc.c b/drivers/scsi/lpfc/lpfc_hbadisc.c
index 2b877dff5ed4..6b6b3790d7b5 100644
--- a/drivers/scsi/lpfc/lpfc_hbadisc.c
+++ b/drivers/scsi/lpfc/lpfc_hbadisc.c
@@ -1221,6 +1221,9 @@ lpfc_linkdown(struct lpfc_hba *phba)
phba->defer_flogi_acc_flag = false;
+ /* Clear external loopback plug detected flag */
+ phba->link_flag &= ~LS_EXTERNAL_LOOPBACK;
+
spin_lock_irq(&phba->hbalock);
phba->fcf.fcf_flag &= ~(FCF_AVAILABLE | FCF_SCAN_DONE);
spin_unlock_irq(&phba->hbalock);
diff --git a/drivers/scsi/lpfc/lpfc_sli.c b/drivers/scsi/lpfc/lpfc_sli.c
index a174e06bd96e..11f907278f09 100644
--- a/drivers/scsi/lpfc/lpfc_sli.c
+++ b/drivers/scsi/lpfc/lpfc_sli.c
@@ -12202,7 +12202,8 @@ lpfc_sli_issue_abort_iotag(struct lpfc_hba *phba, struct lpfc_sli_ring *pring,
if (phba->link_state < LPFC_LINK_UP ||
(phba->sli_rev == LPFC_SLI_REV4 &&
- phba->sli4_hba.link_state.status == LPFC_FC_LA_TYPE_LINK_DOWN))
+ phba->sli4_hba.link_state.status == LPFC_FC_LA_TYPE_LINK_DOWN) ||
+ (phba->link_flag & LS_EXTERNAL_LOOPBACK))
ia = true;
else
ia = false;
@@ -12661,7 +12662,8 @@ lpfc_sli_abort_taskmgmt(struct lpfc_vport *vport, struct lpfc_sli_ring *pring,
ndlp = lpfc_cmd->rdata->pnode;
if (lpfc_is_link_up(phba) &&
- (ndlp && ndlp->nlp_state == NLP_STE_MAPPED_NODE))
+ (ndlp && ndlp->nlp_state == NLP_STE_MAPPED_NODE) &&
+ !(phba->link_flag & LS_EXTERNAL_LOOPBACK))
ia = false;
else
ia = true;
@@ -21126,7 +21128,7 @@ lpfc_sli4_issue_abort_iotag(struct lpfc_hba *phba, struct lpfc_iocbq *cmdiocb,
abtswqe = &abtsiocb->wqe;
memset(abtswqe, 0, sizeof(*abtswqe));
- if (!lpfc_is_link_up(phba))
+ if (!lpfc_is_link_up(phba) || (phba->link_flag & LS_EXTERNAL_LOOPBACK))
bf_set(abort_cmd_ia, &abtswqe->abort_cmd, 1);
bf_set(abort_cmd_criteria, &abtswqe->abort_cmd, T_XRI_TAG);
abtswqe->abort_cmd.rsrvd5 = 0;
--
2.35.1
^ permalink raw reply related [flat|nested] 898+ messages in thread
* [PATCH 5.18 144/879] scsi: lpfc: Alter FPIN stat accounting logic
2022-06-07 16:51 [PATCH 5.18 000/879] 5.18.3-rc1 review Greg Kroah-Hartman
` (142 preceding siblings ...)
2022-06-07 16:54 ` [PATCH 5.18 143/879] scsi: lpfc: Inhibit aborts if external loopback plug is inserted Greg Kroah-Hartman
@ 2022-06-07 16:54 ` Greg Kroah-Hartman
2022-06-07 16:54 ` [PATCH 5.18 145/879] net: remove two BUG() from skb_checksum_help() Greg Kroah-Hartman
` (744 subsequent siblings)
888 siblings, 0 replies; 898+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:54 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Justin Tee, James Smart,
Martin K. Petersen, Sasha Levin
From: James Smart <jsmart2021@gmail.com>
[ Upstream commit e6f51041450282a8668af3a8fc5c7744e81a447c ]
When configuring CMF management based on signals instead of FPINs, FPIN
alarm and warning statistics are not tracked.
Change the behavior so that FPIN alarms and warnings are always tracked
regardless of the configured mode.
Similar changes are made in the CMF signal stat accounting logic. Upon
receipt of a signal, only track signaled alarms and warnings. FPIN stats
should not be incremented upon receipt of a signal.
Link: https://lore.kernel.org/r/20220506035519.50908-11-jsmart2021@gmail.com
Co-developed-by: Justin Tee <justin.tee@broadcom.com>
Signed-off-by: Justin Tee <justin.tee@broadcom.com>
Signed-off-by: James Smart <jsmart2021@gmail.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/scsi/lpfc/lpfc_els.c | 49 +++++++++++------------------------
drivers/scsi/lpfc/lpfc_init.c | 22 ++--------------
2 files changed, 17 insertions(+), 54 deletions(-)
diff --git a/drivers/scsi/lpfc/lpfc_els.c b/drivers/scsi/lpfc/lpfc_els.c
index 9545a35f0777..892b3da1ba45 100644
--- a/drivers/scsi/lpfc/lpfc_els.c
+++ b/drivers/scsi/lpfc/lpfc_els.c
@@ -3877,9 +3877,6 @@ lpfc_least_capable_settings(struct lpfc_hba *phba,
{
u32 rsp_sig_cap = 0, drv_sig_cap = 0;
u32 rsp_sig_freq_cyc = 0, rsp_sig_freq_scale = 0;
- struct lpfc_cgn_info *cp;
- u32 crc;
- u16 sig_freq;
/* Get rsp signal and frequency capabilities. */
rsp_sig_cap = be32_to_cpu(pcgd->xmt_signal_capability);
@@ -3935,25 +3932,7 @@ lpfc_least_capable_settings(struct lpfc_hba *phba,
}
}
- if (!phba->cgn_i)
- return;
-
- /* Update signal frequency in congestion info buffer */
- cp = (struct lpfc_cgn_info *)phba->cgn_i->virt;
-
- /* Frequency (in ms) Signal Warning/Signal Congestion Notifications
- * are received by the HBA
- */
- sig_freq = phba->cgn_sig_freq;
-
- if (phba->cgn_reg_signal == EDC_CG_SIG_WARN_ONLY)
- cp->cgn_warn_freq = cpu_to_le16(sig_freq);
- if (phba->cgn_reg_signal == EDC_CG_SIG_WARN_ALARM) {
- cp->cgn_alarm_freq = cpu_to_le16(sig_freq);
- cp->cgn_warn_freq = cpu_to_le16(sig_freq);
- }
- crc = lpfc_cgn_calc_crc32(cp, LPFC_CGN_INFO_SZ, LPFC_CGN_CRC32_SEED);
- cp->cgn_info_crc = cpu_to_le32(crc);
+ /* We are NOT recording signal frequency in congestion info buffer */
return;
out_no_support:
@@ -9971,11 +9950,14 @@ lpfc_els_rcv_fpin_cgn(struct lpfc_hba *phba, struct fc_tlv_desc *tlv)
/* Take action here for an Alarm event */
if (phba->cmf_active_mode != LPFC_CFG_OFF) {
if (phba->cgn_reg_fpin & LPFC_CGN_FPIN_ALARM) {
- /* Track of alarm cnt for cgn_info */
- atomic_inc(&phba->cgn_fabric_alarm_cnt);
/* Track of alarm cnt for SYNC_WQE */
atomic_inc(&phba->cgn_sync_alarm_cnt);
}
+ /* Track alarm cnt for cgn_info regardless
+ * of whether CMF is configured for Signals
+ * or FPINs.
+ */
+ atomic_inc(&phba->cgn_fabric_alarm_cnt);
goto cleanup;
}
break;
@@ -9983,11 +9965,14 @@ lpfc_els_rcv_fpin_cgn(struct lpfc_hba *phba, struct fc_tlv_desc *tlv)
/* Take action here for a Warning event */
if (phba->cmf_active_mode != LPFC_CFG_OFF) {
if (phba->cgn_reg_fpin & LPFC_CGN_FPIN_WARN) {
- /* Track of warning cnt for cgn_info */
- atomic_inc(&phba->cgn_fabric_warn_cnt);
/* Track of warning cnt for SYNC_WQE */
atomic_inc(&phba->cgn_sync_warn_cnt);
}
+ /* Track warning cnt and freq for cgn_info
+ * regardless of whether CMF is configured for
+ * Signals or FPINs.
+ */
+ atomic_inc(&phba->cgn_fabric_warn_cnt);
cleanup:
/* Save frequency in ms */
phba->cgn_fpin_frequency =
@@ -9996,14 +9981,10 @@ lpfc_els_rcv_fpin_cgn(struct lpfc_hba *phba, struct fc_tlv_desc *tlv)
if (phba->cgn_i) {
cp = (struct lpfc_cgn_info *)
phba->cgn_i->virt;
- if (phba->cgn_reg_fpin &
- LPFC_CGN_FPIN_ALARM)
- cp->cgn_alarm_freq =
- cpu_to_le16(value);
- if (phba->cgn_reg_fpin &
- LPFC_CGN_FPIN_WARN)
- cp->cgn_warn_freq =
- cpu_to_le16(value);
+ cp->cgn_alarm_freq =
+ cpu_to_le16(value);
+ cp->cgn_warn_freq =
+ cpu_to_le16(value);
crc = lpfc_cgn_calc_crc32
(cp,
LPFC_CGN_INFO_SZ,
diff --git a/drivers/scsi/lpfc/lpfc_init.c b/drivers/scsi/lpfc/lpfc_init.c
index f9cd4b72d949..011849c1ed3c 100644
--- a/drivers/scsi/lpfc/lpfc_init.c
+++ b/drivers/scsi/lpfc/lpfc_init.c
@@ -5866,21 +5866,8 @@ lpfc_cgn_save_evt_cnt(struct lpfc_hba *phba)
/* Use the frequency found in the last rcv'ed FPIN */
value = phba->cgn_fpin_frequency;
- if (phba->cgn_reg_fpin & LPFC_CGN_FPIN_WARN)
- cp->cgn_warn_freq = cpu_to_le16(value);
- if (phba->cgn_reg_fpin & LPFC_CGN_FPIN_ALARM)
- cp->cgn_alarm_freq = cpu_to_le16(value);
-
- /* Frequency (in ms) Signal Warning/Signal Congestion Notifications
- * are received by the HBA
- */
- value = phba->cgn_sig_freq;
-
- if (phba->cgn_reg_signal == EDC_CG_SIG_WARN_ONLY ||
- phba->cgn_reg_signal == EDC_CG_SIG_WARN_ALARM)
- cp->cgn_warn_freq = cpu_to_le16(value);
- if (phba->cgn_reg_signal == EDC_CG_SIG_WARN_ALARM)
- cp->cgn_alarm_freq = cpu_to_le16(value);
+ cp->cgn_warn_freq = cpu_to_le16(value);
+ cp->cgn_alarm_freq = cpu_to_le16(value);
lvalue = lpfc_cgn_calc_crc32(cp, LPFC_CGN_INFO_SZ,
LPFC_CGN_CRC32_SEED);
@@ -6595,9 +6582,6 @@ lpfc_sli4_async_sli_evt(struct lpfc_hba *phba, struct lpfc_acqe_sli *acqe_sli)
/* Alarm overrides warning, so check that first */
if (cgn_signal->alarm_cnt) {
if (phba->cgn_reg_signal == EDC_CG_SIG_WARN_ALARM) {
- /* Keep track of alarm cnt for cgn_info */
- atomic_add(cgn_signal->alarm_cnt,
- &phba->cgn_fabric_alarm_cnt);
/* Keep track of alarm cnt for CMF_SYNC_WQE */
atomic_add(cgn_signal->alarm_cnt,
&phba->cgn_sync_alarm_cnt);
@@ -6606,8 +6590,6 @@ lpfc_sli4_async_sli_evt(struct lpfc_hba *phba, struct lpfc_acqe_sli *acqe_sli)
/* signal action needs to be taken */
if (phba->cgn_reg_signal == EDC_CG_SIG_WARN_ONLY ||
phba->cgn_reg_signal == EDC_CG_SIG_WARN_ALARM) {
- /* Keep track of warning cnt for cgn_info */
- atomic_add(cnt, &phba->cgn_fabric_warn_cnt);
/* Keep track of warning cnt for CMF_SYNC_WQE */
atomic_add(cnt, &phba->cgn_sync_warn_cnt);
}
--
2.35.1
^ permalink raw reply related [flat|nested] 898+ messages in thread
* [PATCH 5.18 145/879] net: remove two BUG() from skb_checksum_help()
2022-06-07 16:51 [PATCH 5.18 000/879] 5.18.3-rc1 review Greg Kroah-Hartman
` (143 preceding siblings ...)
2022-06-07 16:54 ` [PATCH 5.18 144/879] scsi: lpfc: Alter FPIN stat accounting logic Greg Kroah-Hartman
@ 2022-06-07 16:54 ` Greg Kroah-Hartman
2022-06-07 16:54 ` [PATCH 5.18 146/879] s390/preempt: disable __preempt_count_add() optimization for PROFILE_ALL_BRANCHES Greg Kroah-Hartman
` (743 subsequent siblings)
888 siblings, 0 replies; 898+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:54 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Eric Dumazet, David S. Miller, Sasha Levin
From: Eric Dumazet <edumazet@google.com>
[ Upstream commit d7ea0d9df2a6265b2b180d17ebc64b38105968fc ]
I have a syzbot report that managed to get a crash in skb_checksum_help()
If syzbot can trigger these BUG(), it makes sense to replace
them with more friendly WARN_ON_ONCE() since skb_checksum_help()
can instead return an error code.
Note that syzbot will still crash there, until real bug is fixed.
Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/core/dev.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/net/core/dev.c b/net/core/dev.c
index 2771fd22dc6a..0784c339cd7d 100644
--- a/net/core/dev.c
+++ b/net/core/dev.c
@@ -3215,11 +3215,15 @@ int skb_checksum_help(struct sk_buff *skb)
}
offset = skb_checksum_start_offset(skb);
- BUG_ON(offset >= skb_headlen(skb));
+ ret = -EINVAL;
+ if (WARN_ON_ONCE(offset >= skb_headlen(skb)))
+ goto out;
+
csum = skb_checksum(skb, offset, skb->len - offset, 0);
offset += skb->csum_offset;
- BUG_ON(offset + sizeof(__sum16) > skb_headlen(skb));
+ if (WARN_ON_ONCE(offset + sizeof(__sum16) > skb_headlen(skb)))
+ goto out;
ret = skb_ensure_writable(skb, offset + sizeof(__sum16));
if (ret)
--
2.35.1
^ permalink raw reply related [flat|nested] 898+ messages in thread
* [PATCH 5.18 146/879] s390/preempt: disable __preempt_count_add() optimization for PROFILE_ALL_BRANCHES
2022-06-07 16:51 [PATCH 5.18 000/879] 5.18.3-rc1 review Greg Kroah-Hartman
` (144 preceding siblings ...)
2022-06-07 16:54 ` [PATCH 5.18 145/879] net: remove two BUG() from skb_checksum_help() Greg Kroah-Hartman
@ 2022-06-07 16:54 ` Greg Kroah-Hartman
2022-06-07 16:54 ` [PATCH 5.18 147/879] perf/amd/ibs: Cascade pmu init functions return value Greg Kroah-Hartman
` (742 subsequent siblings)
888 siblings, 0 replies; 898+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:54 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Thomas Richter, Sven Schnelle,
Heiko Carstens, Sasha Levin
From: Heiko Carstens <hca@linux.ibm.com>
[ Upstream commit 63678eecec57fc51b778be3da35a397931287170 ]
gcc 12 does not (always) optimize away code that should only be generated
if parameters are constant and within in a certain range. This depends on
various obscure kernel config options, however in particular
PROFILE_ALL_BRANCHES can trigger this compile error:
In function ‘__atomic_add_const’,
inlined from ‘__preempt_count_add.part.0’ at ./arch/s390/include/asm/preempt.h:50:3:
./arch/s390/include/asm/atomic_ops.h:80:9: error: impossible constraint in ‘asm’
80 | asm volatile( \
| ^~~
Workaround this by simply disabling the optimization for
PROFILE_ALL_BRANCHES, since the kernel will be so slow, that this
optimization won't matter at all.
Reported-by: Thomas Richter <tmricht@linux.ibm.com>
Reviewed-by: Sven Schnelle <svens@linux.ibm.com>
Signed-off-by: Heiko Carstens <hca@linux.ibm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/s390/include/asm/preempt.h | 15 +++++++++++----
1 file changed, 11 insertions(+), 4 deletions(-)
diff --git a/arch/s390/include/asm/preempt.h b/arch/s390/include/asm/preempt.h
index d9d5350cc3ec..bf15da0fedbc 100644
--- a/arch/s390/include/asm/preempt.h
+++ b/arch/s390/include/asm/preempt.h
@@ -46,10 +46,17 @@ static inline bool test_preempt_need_resched(void)
static inline void __preempt_count_add(int val)
{
- if (__builtin_constant_p(val) && (val >= -128) && (val <= 127))
- __atomic_add_const(val, &S390_lowcore.preempt_count);
- else
- __atomic_add(val, &S390_lowcore.preempt_count);
+ /*
+ * With some obscure config options and CONFIG_PROFILE_ALL_BRANCHES
+ * enabled, gcc 12 fails to handle __builtin_constant_p().
+ */
+ if (!IS_ENABLED(CONFIG_PROFILE_ALL_BRANCHES)) {
+ if (__builtin_constant_p(val) && (val >= -128) && (val <= 127)) {
+ __atomic_add_const(val, &S390_lowcore.preempt_count);
+ return;
+ }
+ }
+ __atomic_add(val, &S390_lowcore.preempt_count);
}
static inline void __preempt_count_sub(int val)
--
2.35.1
^ permalink raw reply related [flat|nested] 898+ messages in thread
* [PATCH 5.18 147/879] perf/amd/ibs: Cascade pmu init functions return value
2022-06-07 16:51 [PATCH 5.18 000/879] 5.18.3-rc1 review Greg Kroah-Hartman
` (145 preceding siblings ...)
2022-06-07 16:54 ` [PATCH 5.18 146/879] s390/preempt: disable __preempt_count_add() optimization for PROFILE_ALL_BRANCHES Greg Kroah-Hartman
@ 2022-06-07 16:54 ` Greg Kroah-Hartman
2022-06-07 16:54 ` [PATCH 5.18 148/879] sched/core: Avoid obvious double update_rq_clock warning Greg Kroah-Hartman
` (741 subsequent siblings)
888 siblings, 0 replies; 898+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:54 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Ravi Bangoria, Peter Zijlstra (Intel),
Sasha Levin
From: Ravi Bangoria <ravi.bangoria@amd.com>
[ Upstream commit 39b2ca75eec8a33e2ffdb8aa0c4840ec3e3b472c ]
IBS pmu initialization code ignores return value provided by
callee functions. Fix it.
Signed-off-by: Ravi Bangoria <ravi.bangoria@amd.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Link: https://lore.kernel.org/r/20220509044914.1473-2-ravi.bangoria@amd.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/x86/events/amd/ibs.c | 37 +++++++++++++++++++++++++++++--------
1 file changed, 29 insertions(+), 8 deletions(-)
diff --git a/arch/x86/events/amd/ibs.c b/arch/x86/events/amd/ibs.c
index 9739019d4b67..367ca899e6e8 100644
--- a/arch/x86/events/amd/ibs.c
+++ b/arch/x86/events/amd/ibs.c
@@ -759,9 +759,10 @@ static __init int perf_ibs_pmu_init(struct perf_ibs *perf_ibs, char *name)
return ret;
}
-static __init void perf_event_ibs_init(void)
+static __init int perf_event_ibs_init(void)
{
struct attribute **attr = ibs_op_format_attrs;
+ int ret;
/*
* Some chips fail to reset the fetch count when it is written; instead
@@ -773,7 +774,9 @@ static __init void perf_event_ibs_init(void)
if (boot_cpu_data.x86 == 0x19 && boot_cpu_data.x86_model < 0x10)
perf_ibs_fetch.fetch_ignore_if_zero_rip = 1;
- perf_ibs_pmu_init(&perf_ibs_fetch, "ibs_fetch");
+ ret = perf_ibs_pmu_init(&perf_ibs_fetch, "ibs_fetch");
+ if (ret)
+ return ret;
if (ibs_caps & IBS_CAPS_OPCNT) {
perf_ibs_op.config_mask |= IBS_OP_CNT_CTL;
@@ -786,15 +789,35 @@ static __init void perf_event_ibs_init(void)
perf_ibs_op.cnt_mask |= IBS_OP_MAX_CNT_EXT_MASK;
}
- perf_ibs_pmu_init(&perf_ibs_op, "ibs_op");
+ ret = perf_ibs_pmu_init(&perf_ibs_op, "ibs_op");
+ if (ret)
+ goto err_op;
+
+ ret = register_nmi_handler(NMI_LOCAL, perf_ibs_nmi_handler, 0, "perf_ibs");
+ if (ret)
+ goto err_nmi;
- register_nmi_handler(NMI_LOCAL, perf_ibs_nmi_handler, 0, "perf_ibs");
pr_info("perf: AMD IBS detected (0x%08x)\n", ibs_caps);
+ return 0;
+
+err_nmi:
+ perf_pmu_unregister(&perf_ibs_op.pmu);
+ free_percpu(perf_ibs_op.pcpu);
+ perf_ibs_op.pcpu = NULL;
+err_op:
+ perf_pmu_unregister(&perf_ibs_fetch.pmu);
+ free_percpu(perf_ibs_fetch.pcpu);
+ perf_ibs_fetch.pcpu = NULL;
+
+ return ret;
}
#else /* defined(CONFIG_PERF_EVENTS) && defined(CONFIG_CPU_SUP_AMD) */
-static __init void perf_event_ibs_init(void) { }
+static __init int perf_event_ibs_init(void)
+{
+ return 0;
+}
#endif
@@ -1064,9 +1087,7 @@ static __init int amd_ibs_init(void)
x86_pmu_amd_ibs_starting_cpu,
x86_pmu_amd_ibs_dying_cpu);
- perf_event_ibs_init();
-
- return 0;
+ return perf_event_ibs_init();
}
/* Since we need the pci subsystem to init ibs we can't do this earlier: */
--
2.35.1
^ permalink raw reply related [flat|nested] 898+ messages in thread
* [PATCH 5.18 148/879] sched/core: Avoid obvious double update_rq_clock warning
2022-06-07 16:51 [PATCH 5.18 000/879] 5.18.3-rc1 review Greg Kroah-Hartman
` (146 preceding siblings ...)
2022-06-07 16:54 ` [PATCH 5.18 147/879] perf/amd/ibs: Cascade pmu init functions return value Greg Kroah-Hartman
@ 2022-06-07 16:54 ` Greg Kroah-Hartman
2022-06-07 16:54 ` [PATCH 5.18 149/879] spi: stm32-qspi: Fix wait_cmd timeout in APM mode Greg Kroah-Hartman
` (740 subsequent siblings)
888 siblings, 0 replies; 898+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:54 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hao Jia, Peter Zijlstra (Intel),
Dietmar Eggemann, Sasha Levin
From: Hao Jia <jiahao.os@bytedance.com>
[ Upstream commit 2679a83731d51a744657f718fc02c3b077e47562 ]
When we use raw_spin_rq_lock() to acquire the rq lock and have to
update the rq clock while holding the lock, the kernel may issue
a WARN_DOUBLE_CLOCK warning.
Since we directly use raw_spin_rq_lock() to acquire rq lock instead of
rq_lock(), there is no corresponding change to rq->clock_update_flags.
In particular, we have obtained the rq lock of other CPUs, the
rq->clock_update_flags of this CPU may be RQCF_UPDATED at this time, and
then calling update_rq_clock() will trigger the WARN_DOUBLE_CLOCK warning.
So we need to clear RQCF_UPDATED of rq->clock_update_flags to avoid
the WARN_DOUBLE_CLOCK warning.
For the sched_rt_period_timer() and migrate_task_rq_dl() cases
we simply replace raw_spin_rq_lock()/raw_spin_rq_unlock() with
rq_lock()/rq_unlock().
For the {pull,push}_{rt,dl}_task() cases, we add the
double_rq_clock_clear_update() function to clear RQCF_UPDATED of
rq->clock_update_flags, and call double_rq_clock_clear_update()
before double_lock_balance()/double_rq_lock() returns to avoid the
WARN_DOUBLE_CLOCK warning.
Some call trace reports:
Call Trace 1:
<IRQ>
sched_rt_period_timer+0x10f/0x3a0
? enqueue_top_rt_rq+0x110/0x110
__hrtimer_run_queues+0x1a9/0x490
hrtimer_interrupt+0x10b/0x240
__sysvec_apic_timer_interrupt+0x8a/0x250
sysvec_apic_timer_interrupt+0x9a/0xd0
</IRQ>
<TASK>
asm_sysvec_apic_timer_interrupt+0x12/0x20
Call Trace 2:
<TASK>
activate_task+0x8b/0x110
push_rt_task.part.108+0x241/0x2c0
push_rt_tasks+0x15/0x30
finish_task_switch+0xaa/0x2e0
? __switch_to+0x134/0x420
__schedule+0x343/0x8e0
? hrtimer_start_range_ns+0x101/0x340
schedule+0x4e/0xb0
do_nanosleep+0x8e/0x160
hrtimer_nanosleep+0x89/0x120
? hrtimer_init_sleeper+0x90/0x90
__x64_sys_nanosleep+0x96/0xd0
do_syscall_64+0x34/0x90
entry_SYSCALL_64_after_hwframe+0x44/0xae
Call Trace 3:
<TASK>
deactivate_task+0x93/0xe0
pull_rt_task+0x33e/0x400
balance_rt+0x7e/0x90
__schedule+0x62f/0x8e0
do_task_dead+0x3f/0x50
do_exit+0x7b8/0xbb0
do_group_exit+0x2d/0x90
get_signal+0x9df/0x9e0
? preempt_count_add+0x56/0xa0
? __remove_hrtimer+0x35/0x70
arch_do_signal_or_restart+0x36/0x720
? nanosleep_copyout+0x39/0x50
? do_nanosleep+0x131/0x160
? audit_filter_inodes+0xf5/0x120
exit_to_user_mode_prepare+0x10f/0x1e0
syscall_exit_to_user_mode+0x17/0x30
do_syscall_64+0x40/0x90
entry_SYSCALL_64_after_hwframe+0x44/0xae
Call Trace 4:
update_rq_clock+0x128/0x1a0
migrate_task_rq_dl+0xec/0x310
set_task_cpu+0x84/0x1e4
try_to_wake_up+0x1d8/0x5c0
wake_up_process+0x1c/0x30
hrtimer_wakeup+0x24/0x3c
__hrtimer_run_queues+0x114/0x270
hrtimer_interrupt+0xe8/0x244
arch_timer_handler_phys+0x30/0x50
handle_percpu_devid_irq+0x88/0x140
generic_handle_domain_irq+0x40/0x60
gic_handle_irq+0x48/0xe0
call_on_irq_stack+0x2c/0x60
do_interrupt_handler+0x80/0x84
Steps to reproduce:
1. Enable CONFIG_SCHED_DEBUG when compiling the kernel
2. echo 1 > /sys/kernel/debug/clear_warn_once
echo "WARN_DOUBLE_CLOCK" > /sys/kernel/debug/sched/features
echo "NO_RT_PUSH_IPI" > /sys/kernel/debug/sched/features
3. Run some rt/dl tasks that periodically work and sleep, e.g.
Create 2*n rt or dl (90% running) tasks via rt-app (on a system
with n CPUs), and Dietmar Eggemann reports Call Trace 4 when running
on PREEMPT_RT kernel.
Signed-off-by: Hao Jia <jiahao.os@bytedance.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Reviewed-by: Dietmar Eggemann <dietmar.eggemann@arm.com>
Link: https://lore.kernel.org/r/20220430085843.62939-2-jiahao.os@bytedance.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/sched/core.c | 6 +++---
kernel/sched/deadline.c | 5 +++--
kernel/sched/rt.c | 5 +++--
kernel/sched/sched.h | 28 ++++++++++++++++++++++++----
4 files changed, 33 insertions(+), 11 deletions(-)
diff --git a/kernel/sched/core.c b/kernel/sched/core.c
index d58c0389eb23..e58d894df207 100644
--- a/kernel/sched/core.c
+++ b/kernel/sched/core.c
@@ -610,10 +610,10 @@ void double_rq_lock(struct rq *rq1, struct rq *rq2)
swap(rq1, rq2);
raw_spin_rq_lock(rq1);
- if (__rq_lockp(rq1) == __rq_lockp(rq2))
- return;
+ if (__rq_lockp(rq1) != __rq_lockp(rq2))
+ raw_spin_rq_lock_nested(rq2, SINGLE_DEPTH_NESTING);
- raw_spin_rq_lock_nested(rq2, SINGLE_DEPTH_NESTING);
+ double_rq_clock_clear_update(rq1, rq2);
}
#endif
diff --git a/kernel/sched/deadline.c b/kernel/sched/deadline.c
index fb4255ae0b2c..b61281d10458 100644
--- a/kernel/sched/deadline.c
+++ b/kernel/sched/deadline.c
@@ -1832,6 +1832,7 @@ select_task_rq_dl(struct task_struct *p, int cpu, int flags)
static void migrate_task_rq_dl(struct task_struct *p, int new_cpu __maybe_unused)
{
+ struct rq_flags rf;
struct rq *rq;
if (READ_ONCE(p->__state) != TASK_WAKING)
@@ -1843,7 +1844,7 @@ static void migrate_task_rq_dl(struct task_struct *p, int new_cpu __maybe_unused
* from try_to_wake_up(). Hence, p->pi_lock is locked, but
* rq->lock is not... So, lock it
*/
- raw_spin_rq_lock(rq);
+ rq_lock(rq, &rf);
if (p->dl.dl_non_contending) {
update_rq_clock(rq);
sub_running_bw(&p->dl, &rq->dl);
@@ -1859,7 +1860,7 @@ static void migrate_task_rq_dl(struct task_struct *p, int new_cpu __maybe_unused
put_task_struct(p);
}
sub_rq_bw(&p->dl, &rq->dl);
- raw_spin_rq_unlock(rq);
+ rq_unlock(rq, &rf);
}
static void check_preempt_equal_dl(struct rq *rq, struct task_struct *p)
diff --git a/kernel/sched/rt.c b/kernel/sched/rt.c
index a32c46889af8..7891c0f0e1ff 100644
--- a/kernel/sched/rt.c
+++ b/kernel/sched/rt.c
@@ -871,6 +871,7 @@ static int do_sched_rt_period_timer(struct rt_bandwidth *rt_b, int overrun)
int enqueue = 0;
struct rt_rq *rt_rq = sched_rt_period_rt_rq(rt_b, i);
struct rq *rq = rq_of_rt_rq(rt_rq);
+ struct rq_flags rf;
int skip;
/*
@@ -885,7 +886,7 @@ static int do_sched_rt_period_timer(struct rt_bandwidth *rt_b, int overrun)
if (skip)
continue;
- raw_spin_rq_lock(rq);
+ rq_lock(rq, &rf);
update_rq_clock(rq);
if (rt_rq->rt_time) {
@@ -923,7 +924,7 @@ static int do_sched_rt_period_timer(struct rt_bandwidth *rt_b, int overrun)
if (enqueue)
sched_rt_rq_enqueue(rt_rq);
- raw_spin_rq_unlock(rq);
+ rq_unlock(rq, &rf);
}
if (!throttled && (!rt_bandwidth_enabled() || rt_b->rt_runtime == RUNTIME_INF))
diff --git a/kernel/sched/sched.h b/kernel/sched/sched.h
index 8dccb34eb190..2133aea22086 100644
--- a/kernel/sched/sched.h
+++ b/kernel/sched/sched.h
@@ -2478,6 +2478,24 @@ unsigned long arch_scale_freq_capacity(int cpu)
}
#endif
+#ifdef CONFIG_SCHED_DEBUG
+/*
+ * In double_lock_balance()/double_rq_lock(), we use raw_spin_rq_lock() to
+ * acquire rq lock instead of rq_lock(). So at the end of these two functions
+ * we need to call double_rq_clock_clear_update() to clear RQCF_UPDATED of
+ * rq->clock_update_flags to avoid the WARN_DOUBLE_CLOCK warning.
+ */
+static inline void double_rq_clock_clear_update(struct rq *rq1, struct rq *rq2)
+{
+ rq1->clock_update_flags &= (RQCF_REQ_SKIP|RQCF_ACT_SKIP);
+ /* rq1 == rq2 for !CONFIG_SMP, so just clear RQCF_UPDATED once. */
+#ifdef CONFIG_SMP
+ rq2->clock_update_flags &= (RQCF_REQ_SKIP|RQCF_ACT_SKIP);
+#endif
+}
+#else
+static inline void double_rq_clock_clear_update(struct rq *rq1, struct rq *rq2) {}
+#endif
#ifdef CONFIG_SMP
@@ -2543,14 +2561,15 @@ static inline int _double_lock_balance(struct rq *this_rq, struct rq *busiest)
__acquires(busiest->lock)
__acquires(this_rq->lock)
{
- if (__rq_lockp(this_rq) == __rq_lockp(busiest))
- return 0;
-
- if (likely(raw_spin_rq_trylock(busiest)))
+ if (__rq_lockp(this_rq) == __rq_lockp(busiest) ||
+ likely(raw_spin_rq_trylock(busiest))) {
+ double_rq_clock_clear_update(this_rq, busiest);
return 0;
+ }
if (rq_order_less(this_rq, busiest)) {
raw_spin_rq_lock_nested(busiest, SINGLE_DEPTH_NESTING);
+ double_rq_clock_clear_update(this_rq, busiest);
return 0;
}
@@ -2644,6 +2663,7 @@ static inline void double_rq_lock(struct rq *rq1, struct rq *rq2)
BUG_ON(rq1 != rq2);
raw_spin_rq_lock(rq1);
__acquire(rq2->lock); /* Fake it out ;) */
+ double_rq_clock_clear_update(rq1, rq2);
}
/*
--
2.35.1
^ permalink raw reply related [flat|nested] 898+ messages in thread
* [PATCH 5.18 149/879] spi: stm32-qspi: Fix wait_cmd timeout in APM mode
2022-06-07 16:51 [PATCH 5.18 000/879] 5.18.3-rc1 review Greg Kroah-Hartman
` (147 preceding siblings ...)
2022-06-07 16:54 ` [PATCH 5.18 148/879] sched/core: Avoid obvious double update_rq_clock warning Greg Kroah-Hartman
@ 2022-06-07 16:54 ` Greg Kroah-Hartman
2022-06-07 16:54 ` [PATCH 5.18 150/879] dma-debug: change allocation mode from GFP_NOWAIT to GFP_ATIOMIC Greg Kroah-Hartman
` (739 subsequent siblings)
888 siblings, 0 replies; 898+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:54 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Patrice Chotard, eberhard.stoll,
Mark Brown, Sasha Levin
From: Patrice Chotard <patrice.chotard@foss.st.com>
[ Upstream commit d83d89ea68b4726700fa87b22db075e4217e691c ]
In APM mode, TCF and TEF flags are not set. To avoid timeout in
stm32_qspi_wait_cmd(), don't check if TCF/TEF are set.
Signed-off-by: Patrice Chotard <patrice.chotard@foss.st.com>
Reported-by: eberhard.stoll@kontron.de
Link: https://lore.kernel.org/r/20220511074644.558874-2-patrice.chotard@foss.st.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/spi/spi-stm32-qspi.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/spi/spi-stm32-qspi.c b/drivers/spi/spi-stm32-qspi.c
index ffdc55f87e82..dd38cb8ffbc2 100644
--- a/drivers/spi/spi-stm32-qspi.c
+++ b/drivers/spi/spi-stm32-qspi.c
@@ -308,7 +308,8 @@ static int stm32_qspi_wait_cmd(struct stm32_qspi *qspi,
if (!op->data.nbytes)
goto wait_nobusy;
- if (readl_relaxed(qspi->io_base + QSPI_SR) & SR_TCF)
+ if ((readl_relaxed(qspi->io_base + QSPI_SR) & SR_TCF) ||
+ qspi->fmode == CCR_FMODE_APM)
goto out;
reinit_completion(&qspi->data_completion);
--
2.35.1
^ permalink raw reply related [flat|nested] 898+ messages in thread
* [PATCH 5.18 150/879] dma-debug: change allocation mode from GFP_NOWAIT to GFP_ATIOMIC
2022-06-07 16:51 [PATCH 5.18 000/879] 5.18.3-rc1 review Greg Kroah-Hartman
` (148 preceding siblings ...)
2022-06-07 16:54 ` [PATCH 5.18 149/879] spi: stm32-qspi: Fix wait_cmd timeout in APM mode Greg Kroah-Hartman
@ 2022-06-07 16:54 ` Greg Kroah-Hartman
2022-06-07 16:54 ` [PATCH 5.18 151/879] fs: hold writers when changing mounts idmapping Greg Kroah-Hartman
` (738 subsequent siblings)
888 siblings, 0 replies; 898+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:54 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Mikulas Patocka, Christoph Hellwig,
Sasha Levin
From: Mikulas Patocka <mpatocka@redhat.com>
[ Upstream commit 84bc4f1dbbbb5f8aa68706a96711dccb28b518e5 ]
We observed the error "cacheline tracking ENOMEM, dma-debug disabled"
during a light system load (copying some files). The reason for this error
is that the dma_active_cacheline radix tree uses GFP_NOWAIT allocation -
so it can't access the emergency memory reserves and it fails as soon as
anybody reaches the watermark.
This patch changes GFP_NOWAIT to GFP_ATOMIC, so that it can access the
emergency memory reserves.
Signed-off-by: Mikulas Patocka <mpatocka@redhat.com>
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/dma/debug.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/kernel/dma/debug.c b/kernel/dma/debug.c
index f8ff598596b8..ac740630c79c 100644
--- a/kernel/dma/debug.c
+++ b/kernel/dma/debug.c
@@ -448,7 +448,7 @@ void debug_dma_dump_mappings(struct device *dev)
* other hand, consumes a single dma_debug_entry, but inserts 'nents'
* entries into the tree.
*/
-static RADIX_TREE(dma_active_cacheline, GFP_NOWAIT);
+static RADIX_TREE(dma_active_cacheline, GFP_ATOMIC);
static DEFINE_SPINLOCK(radix_lock);
#define ACTIVE_CACHELINE_MAX_OVERLAP ((1 << RADIX_TREE_MAX_TAGS) - 1)
#define CACHELINE_PER_PAGE_SHIFT (PAGE_SHIFT - L1_CACHE_SHIFT)
--
2.35.1
^ permalink raw reply related [flat|nested] 898+ messages in thread
* [PATCH 5.18 151/879] fs: hold writers when changing mounts idmapping
2022-06-07 16:51 [PATCH 5.18 000/879] 5.18.3-rc1 review Greg Kroah-Hartman
` (149 preceding siblings ...)
2022-06-07 16:54 ` [PATCH 5.18 150/879] dma-debug: change allocation mode from GFP_NOWAIT to GFP_ATIOMIC Greg Kroah-Hartman
@ 2022-06-07 16:54 ` Greg Kroah-Hartman
2022-06-07 16:54 ` [PATCH 5.18 152/879] ASoC: SOF: amd: add missing platform_device_unregister in acp_pci_rn_probe Greg Kroah-Hartman
` (737 subsequent siblings)
888 siblings, 0 replies; 898+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:54 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Seth Forshee, Christoph Hellwig,
Al Viro, linux-fsdevel, Christian Brauner (Microsoft),
Sasha Levin
From: Christian Brauner <christian.brauner@ubuntu.com>
[ Upstream commit e1bbcd277a53e08d619ffeec56c5c9287f2bf42f ]
Hold writers when changing a mount's idmapping to make it more robust.
The vfs layer takes care to retrieve the idmapping of a mount once
ensuring that the idmapping used for vfs permission checking is
identical to the idmapping passed down to the filesystem.
For ioctl codepaths the filesystem itself is responsible for taking the
idmapping into account if they need to. While all filesystems with
FS_ALLOW_IDMAP raised take the same precautions as the vfs we should
enforce it explicitly by making sure there are no active writers on the
relevant mount while changing the idmapping.
This is similar to turning a mount ro with the difference that in
contrast to turning a mount ro changing the idmapping can only ever be
done once while a mount can transition between ro and rw as much as it
wants.
This is a minor user-visible change. But it is extremely unlikely to
matter. The caller must've created a detached mount via OPEN_TREE_CLONE
and then handed that O_PATH fd to another process or thread which then
must've gotten a writable fd for that mount and started creating files
in there while the caller is still changing mount properties. While not
impossible it will be an extremely rare corner-case and should in
general be considered a bug in the application. Consider making a mount
MOUNT_ATTR_NOEXEC or MOUNT_ATTR_NODEV while allowing someone else to
perform lookups or exec'ing in parallel by handing them a copy of the
OPEN_TREE_CLONE fd or another fd beneath that mount.
Link: https://lore.kernel.org/r/20220510095840.152264-1-brauner@kernel.org
Cc: Seth Forshee <seth.forshee@digitalocean.com>
Cc: Christoph Hellwig <hch@lst.de>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: linux-fsdevel@vger.kernel.org
Signed-off-by: Christian Brauner (Microsoft) <brauner@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/namespace.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/fs/namespace.c b/fs/namespace.c
index afe2b64b14f1..41461f55c039 100644
--- a/fs/namespace.c
+++ b/fs/namespace.c
@@ -4026,8 +4026,9 @@ static int can_idmap_mount(const struct mount_kattr *kattr, struct mount *mnt)
static inline bool mnt_allow_writers(const struct mount_kattr *kattr,
const struct mount *mnt)
{
- return !(kattr->attr_set & MNT_READONLY) ||
- (mnt->mnt.mnt_flags & MNT_READONLY);
+ return (!(kattr->attr_set & MNT_READONLY) ||
+ (mnt->mnt.mnt_flags & MNT_READONLY)) &&
+ !kattr->mnt_userns;
}
static int mount_setattr_prepare(struct mount_kattr *kattr, struct mount *mnt)
--
2.35.1
^ permalink raw reply related [flat|nested] 898+ messages in thread
* [PATCH 5.18 152/879] ASoC: SOF: amd: add missing platform_device_unregister in acp_pci_rn_probe
2022-06-07 16:51 [PATCH 5.18 000/879] 5.18.3-rc1 review Greg Kroah-Hartman
` (150 preceding siblings ...)
2022-06-07 16:54 ` [PATCH 5.18 151/879] fs: hold writers when changing mounts idmapping Greg Kroah-Hartman
@ 2022-06-07 16:54 ` Greg Kroah-Hartman
2022-06-07 16:54 ` [PATCH 5.18 153/879] ACPI: PM: Block ASUS B1400CEAE from suspend to idle by default Greg Kroah-Hartman
` (736 subsequent siblings)
888 siblings, 0 replies; 898+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:54 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Zheng Bin, Mark Brown, Sasha Levin
From: Zheng Bin <zhengbin13@huawei.com>
[ Upstream commit cbcab8cd737c74c20195c31d647e19f7cb49c9b8 ]
acp_pci_rn_probe misses a call platform_device_unregister in error path,
this patch fixes that.
Signed-off-by: Zheng Bin <zhengbin13@huawei.com>
Link: https://lore.kernel.org/r/20220512013728.4128903-1-zhengbin13@huawei.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/sof/amd/pci-rn.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/sound/soc/sof/amd/pci-rn.c b/sound/soc/sof/amd/pci-rn.c
index 392ffbdf6417..d809d151a38c 100644
--- a/sound/soc/sof/amd/pci-rn.c
+++ b/sound/soc/sof/amd/pci-rn.c
@@ -93,6 +93,7 @@ static int acp_pci_rn_probe(struct pci_dev *pci, const struct pci_device_id *pci
res = devm_kzalloc(&pci->dev, sizeof(struct resource) * ARRAY_SIZE(renoir_res), GFP_KERNEL);
if (!res) {
sof_pci_remove(pci);
+ platform_device_unregister(dmic_dev);
return -ENOMEM;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 898+ messages in thread
* [PATCH 5.18 153/879] ACPI: PM: Block ASUS B1400CEAE from suspend to idle by default
2022-06-07 16:51 [PATCH 5.18 000/879] 5.18.3-rc1 review Greg Kroah-Hartman
` (151 preceding siblings ...)
2022-06-07 16:54 ` [PATCH 5.18 152/879] ASoC: SOF: amd: add missing platform_device_unregister in acp_pci_rn_probe Greg Kroah-Hartman
@ 2022-06-07 16:54 ` Greg Kroah-Hartman
2022-06-07 16:54 ` [PATCH 5.18 154/879] ipmi:ssif: Check for NULL msg when handling events and messages Greg Kroah-Hartman
` (735 subsequent siblings)
888 siblings, 0 replies; 898+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:54 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jian-Hong Pan, Mario Limonciello,
Rafael J. Wysocki, Sasha Levin
From: Mario Limonciello <mario.limonciello@amd.com>
[ Upstream commit d52848620de00cde4a3a5df908e231b8c8868250 ]
ASUS B1400CEAE fails to resume from suspend to idle by default. This was
bisected back to commit df4f9bc4fb9c ("nvme-pci: add support for ACPI
StorageD3Enable property") but this is a red herring to the problem.
Before this commit the system wasn't getting into deepest sleep state.
Presumably this commit is allowing entry into deepest sleep state as
advertised by firmware, but there are some other problems related to
the wakeup.
As it is confirmed the system works properly with S3, set the default for
this system to S3.
Reported-by: Jian-Hong Pan <jhp@endlessos.org>
Link: https://bugzilla.kernel.org/show_bug.cgi?id=215742
Signed-off-by: Mario Limonciello <mario.limonciello@amd.com>
Tested-by: Jian-Hong Pan <jhp@endlessos.org>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/acpi/sleep.c | 12 ++++++++++++
1 file changed, 12 insertions(+)
diff --git a/drivers/acpi/sleep.c b/drivers/acpi/sleep.c
index c992e57b2c79..3147702710af 100644
--- a/drivers/acpi/sleep.c
+++ b/drivers/acpi/sleep.c
@@ -373,6 +373,18 @@ static const struct dmi_system_id acpisleep_dmi_table[] __initconst = {
DMI_MATCH(DMI_PRODUCT_NAME, "20GGA00L00"),
},
},
+ /*
+ * ASUS B1400CEAE hangs on resume from suspend (see
+ * https://bugzilla.kernel.org/show_bug.cgi?id=215742).
+ */
+ {
+ .callback = init_default_s3,
+ .ident = "ASUS B1400CEAE",
+ .matches = {
+ DMI_MATCH(DMI_SYS_VENDOR, "ASUSTeK COMPUTER INC."),
+ DMI_MATCH(DMI_PRODUCT_NAME, "ASUS EXPERTBOOK B1400CEAE"),
+ },
+ },
{},
};
--
2.35.1
^ permalink raw reply related [flat|nested] 898+ messages in thread
* [PATCH 5.18 154/879] ipmi:ssif: Check for NULL msg when handling events and messages
2022-06-07 16:51 [PATCH 5.18 000/879] 5.18.3-rc1 review Greg Kroah-Hartman
` (152 preceding siblings ...)
2022-06-07 16:54 ` [PATCH 5.18 153/879] ACPI: PM: Block ASUS B1400CEAE from suspend to idle by default Greg Kroah-Hartman
@ 2022-06-07 16:54 ` Greg Kroah-Hartman
2022-06-07 16:54 ` [PATCH 5.18 155/879] ipmi: Add an intializer for ipmi_smi_msg struct Greg Kroah-Hartman
` (734 subsequent siblings)
888 siblings, 0 replies; 898+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:54 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Haowen Bai, Corey Minyard, Sasha Levin
From: Corey Minyard <cminyard@mvista.com>
[ Upstream commit 7602b957e2404e5f98d9a40b68f1fd27f0028712 ]
Even though it's not possible to get into the SSIF_GETTING_MESSAGES and
SSIF_GETTING_EVENTS states without a valid message in the msg field,
it's probably best to be defensive here and check and print a log, since
that means something else went wrong.
Also add a default clause to that switch statement to release the lock
and print a log, in case the state variable gets messed up somehow.
Reported-by: Haowen Bai <baihaowen@meizu.com>
Signed-off-by: Corey Minyard <cminyard@mvista.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/char/ipmi/ipmi_ssif.c | 23 +++++++++++++++++++++++
1 file changed, 23 insertions(+)
diff --git a/drivers/char/ipmi/ipmi_ssif.c b/drivers/char/ipmi/ipmi_ssif.c
index f199cc194844..64c73ea9c915 100644
--- a/drivers/char/ipmi/ipmi_ssif.c
+++ b/drivers/char/ipmi/ipmi_ssif.c
@@ -814,6 +814,14 @@ static void msg_done_handler(struct ssif_info *ssif_info, int result,
break;
case SSIF_GETTING_EVENTS:
+ if (!msg) {
+ /* Should never happen, but just in case. */
+ dev_warn(&ssif_info->client->dev,
+ "No message set while getting events\n");
+ ipmi_ssif_unlock_cond(ssif_info, flags);
+ break;
+ }
+
if ((result < 0) || (len < 3) || (msg->rsp[2] != 0)) {
/* Error getting event, probably done. */
msg->done(msg);
@@ -838,6 +846,14 @@ static void msg_done_handler(struct ssif_info *ssif_info, int result,
break;
case SSIF_GETTING_MESSAGES:
+ if (!msg) {
+ /* Should never happen, but just in case. */
+ dev_warn(&ssif_info->client->dev,
+ "No message set while getting messages\n");
+ ipmi_ssif_unlock_cond(ssif_info, flags);
+ break;
+ }
+
if ((result < 0) || (len < 3) || (msg->rsp[2] != 0)) {
/* Error getting event, probably done. */
msg->done(msg);
@@ -861,6 +877,13 @@ static void msg_done_handler(struct ssif_info *ssif_info, int result,
deliver_recv_msg(ssif_info, msg);
}
break;
+
+ default:
+ /* Should never happen, but just in case. */
+ dev_warn(&ssif_info->client->dev,
+ "Invalid state in message done handling: %d\n",
+ ssif_info->ssif_state);
+ ipmi_ssif_unlock_cond(ssif_info, flags);
}
flags = ipmi_ssif_lock_cond(ssif_info, &oflags);
--
2.35.1
^ permalink raw reply related [flat|nested] 898+ messages in thread
* [PATCH 5.18 155/879] ipmi: Add an intializer for ipmi_smi_msg struct
2022-06-07 16:51 [PATCH 5.18 000/879] 5.18.3-rc1 review Greg Kroah-Hartman
` (153 preceding siblings ...)
2022-06-07 16:54 ` [PATCH 5.18 154/879] ipmi:ssif: Check for NULL msg when handling events and messages Greg Kroah-Hartman
@ 2022-06-07 16:54 ` Greg Kroah-Hartman
2022-06-07 16:54 ` [PATCH 5.18 156/879] ipmi: Fix pr_fmt to avoid compilation issues Greg Kroah-Hartman
` (733 subsequent siblings)
888 siblings, 0 replies; 898+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:54 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Joe Wiese, Corey Minyard, Sasha Levin
From: Corey Minyard <cminyard@mvista.com>
[ Upstream commit 9824117dd964ecebf5d81990dbf21dfb56445049 ]
There was a "type" element added to this structure, but some static
values were missed. The default value will be zero, which is correct,
but create an initializer for the type and initialize the type properly
in the initializer to avoid future issues.
Reported-by: Joe Wiese <jwiese@rackspace.com>
Signed-off-by: Corey Minyard <cminyard@mvista.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/char/ipmi/ipmi_poweroff.c | 4 +---
drivers/char/ipmi/ipmi_watchdog.c | 14 +++++---------
include/linux/ipmi_smi.h | 6 ++++++
3 files changed, 12 insertions(+), 12 deletions(-)
diff --git a/drivers/char/ipmi/ipmi_poweroff.c b/drivers/char/ipmi/ipmi_poweroff.c
index bc3a18daf97a..62e71c46ac5f 100644
--- a/drivers/char/ipmi/ipmi_poweroff.c
+++ b/drivers/char/ipmi/ipmi_poweroff.c
@@ -94,9 +94,7 @@ static void dummy_recv_free(struct ipmi_recv_msg *msg)
{
atomic_dec(&dummy_count);
}
-static struct ipmi_smi_msg halt_smi_msg = {
- .done = dummy_smi_free
-};
+static struct ipmi_smi_msg halt_smi_msg = INIT_IPMI_SMI_MSG(dummy_smi_free);
static struct ipmi_recv_msg halt_recv_msg = {
.done = dummy_recv_free
};
diff --git a/drivers/char/ipmi/ipmi_watchdog.c b/drivers/char/ipmi/ipmi_watchdog.c
index 0604abdd249a..4c1e9663ea47 100644
--- a/drivers/char/ipmi/ipmi_watchdog.c
+++ b/drivers/char/ipmi/ipmi_watchdog.c
@@ -354,9 +354,7 @@ static void msg_free_recv(struct ipmi_recv_msg *msg)
complete(&msg_wait);
}
}
-static struct ipmi_smi_msg smi_msg = {
- .done = msg_free_smi
-};
+static struct ipmi_smi_msg smi_msg = INIT_IPMI_SMI_MSG(msg_free_smi);
static struct ipmi_recv_msg recv_msg = {
.done = msg_free_recv
};
@@ -475,9 +473,8 @@ static void panic_recv_free(struct ipmi_recv_msg *msg)
atomic_dec(&panic_done_count);
}
-static struct ipmi_smi_msg panic_halt_heartbeat_smi_msg = {
- .done = panic_smi_free
-};
+static struct ipmi_smi_msg panic_halt_heartbeat_smi_msg =
+ INIT_IPMI_SMI_MSG(panic_smi_free);
static struct ipmi_recv_msg panic_halt_heartbeat_recv_msg = {
.done = panic_recv_free
};
@@ -516,9 +513,8 @@ static void panic_halt_ipmi_heartbeat(void)
atomic_sub(2, &panic_done_count);
}
-static struct ipmi_smi_msg panic_halt_smi_msg = {
- .done = panic_smi_free
-};
+static struct ipmi_smi_msg panic_halt_smi_msg =
+ INIT_IPMI_SMI_MSG(panic_smi_free);
static struct ipmi_recv_msg panic_halt_recv_msg = {
.done = panic_recv_free
};
diff --git a/include/linux/ipmi_smi.h b/include/linux/ipmi_smi.h
index 9277d21c2690..5d69820d8b02 100644
--- a/include/linux/ipmi_smi.h
+++ b/include/linux/ipmi_smi.h
@@ -125,6 +125,12 @@ struct ipmi_smi_msg {
void (*done)(struct ipmi_smi_msg *msg);
};
+#define INIT_IPMI_SMI_MSG(done_handler) \
+{ \
+ .done = done_handler, \
+ .type = IPMI_SMI_MSG_TYPE_NORMAL \
+}
+
struct ipmi_smi_handlers {
struct module *owner;
--
2.35.1
^ permalink raw reply related [flat|nested] 898+ messages in thread
* [PATCH 5.18 156/879] ipmi: Fix pr_fmt to avoid compilation issues
2022-06-07 16:51 [PATCH 5.18 000/879] 5.18.3-rc1 review Greg Kroah-Hartman
` (154 preceding siblings ...)
2022-06-07 16:54 ` [PATCH 5.18 155/879] ipmi: Add an intializer for ipmi_smi_msg struct Greg Kroah-Hartman
@ 2022-06-07 16:54 ` Greg Kroah-Hartman
2022-06-07 16:54 ` [PATCH 5.18 157/879] kunit: bail out of test filtering logic quicker if OOM Greg Kroah-Hartman
` (732 subsequent siblings)
888 siblings, 0 replies; 898+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:54 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, kernel test robot, Corey Minyard,
Sasha Levin
From: Corey Minyard <cminyard@mvista.com>
[ Upstream commit 2ebaf18a0b7fb764bba6c806af99fe868cee93de ]
The was it was wouldn't work in some situations, simplify it. What was
there was unnecessary complexity.
Reported-by: kernel test robot <lkp@intel.com>
Signed-off-by: Corey Minyard <cminyard@mvista.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/char/ipmi/ipmi_msghandler.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/char/ipmi/ipmi_msghandler.c b/drivers/char/ipmi/ipmi_msghandler.c
index f1827257ef0e..2610e809c802 100644
--- a/drivers/char/ipmi/ipmi_msghandler.c
+++ b/drivers/char/ipmi/ipmi_msghandler.c
@@ -11,8 +11,8 @@
* Copyright 2002 MontaVista Software Inc.
*/
-#define pr_fmt(fmt) "%s" fmt, "IPMI message handler: "
-#define dev_fmt pr_fmt
+#define pr_fmt(fmt) "IPMI message handler: " fmt
+#define dev_fmt(fmt) pr_fmt(fmt)
#include <linux/module.h>
#include <linux/errno.h>
--
2.35.1
^ permalink raw reply related [flat|nested] 898+ messages in thread
* [PATCH 5.18 157/879] kunit: bail out of test filtering logic quicker if OOM
2022-06-07 16:51 [PATCH 5.18 000/879] 5.18.3-rc1 review Greg Kroah-Hartman
` (155 preceding siblings ...)
2022-06-07 16:54 ` [PATCH 5.18 156/879] ipmi: Fix pr_fmt to avoid compilation issues Greg Kroah-Hartman
@ 2022-06-07 16:54 ` Greg Kroah-Hartman
2022-06-07 16:54 ` [PATCH 5.18 158/879] rtlwifi: Use pr_warn instead of WARN_ONCE Greg Kroah-Hartman
` (731 subsequent siblings)
888 siblings, 0 replies; 898+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:54 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Daniel Latypov, Zeal Robot, Lv Ruyi,
Brendan Higgins, Shuah Khan, Sasha Levin
From: Daniel Latypov <dlatypov@google.com>
[ Upstream commit a02353f491622e49c7ddedc6a6dc4f1d6ed2150a ]
When filtering what tests to run (suites and/or cases) via
kunit.filter_glob (e.g. kunit.py run <glob>), we allocate copies of
suites.
These allocations can fail, and we largely don't handle that.
Note: realistically, this probably doesn't matter much.
We're not allocating much memory and this happens early in boot, so if
we can't do that, then there's likely far bigger problems.
This patch makes us immediately bail out from the top-level function
(kunit_filter_suites) with -ENOMEM if any of the underlying kmalloc()
calls return NULL.
Implementation note: we used to return NULL pointers from some functions
to indicate either that all suites/tests were filtered out or there was
an error allocating the new array.
We'll log a short error in this case and not run any tests or print a
TAP header. From a kunit.py user's perspective, they'll get a message
about missing/invalid TAP output and have to dig into the test.log to
see it. Since hitting this error seems so unlikely, it's probably fine
to not invent a way to plumb this error message more visibly.
See also: https://lore.kernel.org/linux-kselftest/20220329103919.2376818-1-lv.ruyi@zte.com.cn/
Signed-off-by: Daniel Latypov <dlatypov@google.com>
Reported-by: Zeal Robot <zealci@zte.com.cn>
Reported-by: Lv Ruyi <lv.ruyi@zte.com.cn>
Reviewed-by: Brendan Higgins <brendanhiggins@google.com>
Signed-off-by: Shuah Khan <skhan@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
lib/kunit/executor.c | 27 ++++++++++++++++++++++-----
lib/kunit/executor_test.c | 4 +++-
2 files changed, 25 insertions(+), 6 deletions(-)
diff --git a/lib/kunit/executor.c b/lib/kunit/executor.c
index 22640c9ee819..2f73a6a35a7e 100644
--- a/lib/kunit/executor.c
+++ b/lib/kunit/executor.c
@@ -71,9 +71,13 @@ kunit_filter_tests(struct kunit_suite *const suite, const char *test_glob)
/* Use memcpy to workaround copy->name being const. */
copy = kmalloc(sizeof(*copy), GFP_KERNEL);
+ if (!copy)
+ return ERR_PTR(-ENOMEM);
memcpy(copy, suite, sizeof(*copy));
filtered = kcalloc(n + 1, sizeof(*filtered), GFP_KERNEL);
+ if (!filtered)
+ return ERR_PTR(-ENOMEM);
n = 0;
kunit_suite_for_each_test_case(suite, test_case) {
@@ -106,14 +110,16 @@ kunit_filter_subsuite(struct kunit_suite * const * const subsuite,
filtered = kmalloc_array(n + 1, sizeof(*filtered), GFP_KERNEL);
if (!filtered)
- return NULL;
+ return ERR_PTR(-ENOMEM);
n = 0;
for (i = 0; subsuite[i] != NULL; ++i) {
if (!glob_match(filter->suite_glob, subsuite[i]->name))
continue;
filtered_suite = kunit_filter_tests(subsuite[i], filter->test_glob);
- if (filtered_suite)
+ if (IS_ERR(filtered_suite))
+ return ERR_CAST(filtered_suite);
+ else if (filtered_suite)
filtered[n++] = filtered_suite;
}
filtered[n] = NULL;
@@ -146,7 +152,8 @@ static void kunit_free_suite_set(struct suite_set suite_set)
}
static struct suite_set kunit_filter_suites(const struct suite_set *suite_set,
- const char *filter_glob)
+ const char *filter_glob,
+ int *err)
{
int i;
struct kunit_suite * const **copy, * const *filtered_subsuite;
@@ -166,6 +173,10 @@ static struct suite_set kunit_filter_suites(const struct suite_set *suite_set,
for (i = 0; i < max; ++i) {
filtered_subsuite = kunit_filter_subsuite(suite_set->start[i], &filter);
+ if (IS_ERR(filtered_subsuite)) {
+ *err = PTR_ERR(filtered_subsuite);
+ return filtered;
+ }
if (filtered_subsuite)
*copy++ = filtered_subsuite;
}
@@ -236,9 +247,15 @@ int kunit_run_all_tests(void)
.start = __kunit_suites_start,
.end = __kunit_suites_end,
};
+ int err;
- if (filter_glob_param)
- suite_set = kunit_filter_suites(&suite_set, filter_glob_param);
+ if (filter_glob_param) {
+ suite_set = kunit_filter_suites(&suite_set, filter_glob_param, &err);
+ if (err) {
+ pr_err("kunit executor: error filtering suites: %d\n", err);
+ return err;
+ }
+ }
if (!action_param)
kunit_exec_run_tests(&suite_set);
diff --git a/lib/kunit/executor_test.c b/lib/kunit/executor_test.c
index 4ed57fd94e42..eac6ff480273 100644
--- a/lib/kunit/executor_test.c
+++ b/lib/kunit/executor_test.c
@@ -137,14 +137,16 @@ static void filter_suites_test(struct kunit *test)
.end = suites + 2,
};
struct suite_set filtered = {.start = NULL, .end = NULL};
+ int err = 0;
/* Emulate two files, each having one suite */
subsuites[0][0] = alloc_fake_suite(test, "suite0", dummy_test_cases);
subsuites[1][0] = alloc_fake_suite(test, "suite1", dummy_test_cases);
/* Filter out suite1 */
- filtered = kunit_filter_suites(&suite_set, "suite0");
+ filtered = kunit_filter_suites(&suite_set, "suite0", &err);
kfree_subsuites_at_end(test, &filtered); /* let us use ASSERTs without leaking */
+ KUNIT_EXPECT_EQ(test, err, 0);
KUNIT_ASSERT_EQ(test, filtered.end - filtered.start, (ptrdiff_t)1);
KUNIT_ASSERT_NOT_ERR_OR_NULL(test, filtered.start);
--
2.35.1
^ permalink raw reply related [flat|nested] 898+ messages in thread
* [PATCH 5.18 158/879] rtlwifi: Use pr_warn instead of WARN_ONCE
2022-06-07 16:51 [PATCH 5.18 000/879] 5.18.3-rc1 review Greg Kroah-Hartman
` (156 preceding siblings ...)
2022-06-07 16:54 ` [PATCH 5.18 157/879] kunit: bail out of test filtering logic quicker if OOM Greg Kroah-Hartman
@ 2022-06-07 16:54 ` Greg Kroah-Hartman
2022-06-07 16:54 ` [PATCH 5.18 159/879] mt76: mt7915: accept rx frames with non-standard VHT MCS10-11 Greg Kroah-Hartman
` (730 subsequent siblings)
888 siblings, 0 replies; 898+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:54 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, syzkaller, Dongliang Mu, Kalle Valo,
Sasha Levin
From: Dongliang Mu <mudongliangabcd@gmail.com>
[ Upstream commit ad732da434a2936128769216eddaece3b1af4588 ]
This memory allocation failure can be triggered by fault injection or
high pressure testing, resulting a WARN.
Fix this by replacing WARN with pr_warn.
Reported-by: syzkaller <syzkaller@googlegroups.com>
Signed-off-by: Dongliang Mu <mudongliangabcd@gmail.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20220511014453.1621366-1-dzm91@hust.edu.cn
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/realtek/rtlwifi/usb.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/wireless/realtek/rtlwifi/usb.c b/drivers/net/wireless/realtek/rtlwifi/usb.c
index 86a236873254..a8eebafb9a7e 100644
--- a/drivers/net/wireless/realtek/rtlwifi/usb.c
+++ b/drivers/net/wireless/realtek/rtlwifi/usb.c
@@ -1014,7 +1014,7 @@ int rtl_usb_probe(struct usb_interface *intf,
hw = ieee80211_alloc_hw(sizeof(struct rtl_priv) +
sizeof(struct rtl_usb_priv), &rtl_ops);
if (!hw) {
- WARN_ONCE(true, "rtl_usb: ieee80211 alloc failed\n");
+ pr_warn("rtl_usb: ieee80211 alloc failed\n");
return -ENOMEM;
}
rtlpriv = hw->priv;
--
2.35.1
^ permalink raw reply related [flat|nested] 898+ messages in thread
* [PATCH 5.18 159/879] mt76: mt7915: accept rx frames with non-standard VHT MCS10-11
2022-06-07 16:51 [PATCH 5.18 000/879] 5.18.3-rc1 review Greg Kroah-Hartman
` (157 preceding siblings ...)
2022-06-07 16:54 ` [PATCH 5.18 158/879] rtlwifi: Use pr_warn instead of WARN_ONCE Greg Kroah-Hartman
@ 2022-06-07 16:54 ` Greg Kroah-Hartman
2022-06-07 16:54 ` [PATCH 5.18 160/879] mt76: mt7921: " Greg Kroah-Hartman
` (729 subsequent siblings)
888 siblings, 0 replies; 898+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:54 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Felix Fietkau, Sasha Levin
From: Felix Fietkau <nbd@nbd.name>
[ Upstream commit 77045a3740fa3d2325293cf8623899532b39303e ]
The hardware receives them properly, they should not be dropped
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/mediatek/mt76/mt7915/mac.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/wireless/mediatek/mt76/mt7915/mac.c b/drivers/net/wireless/mediatek/mt76/mt7915/mac.c
index e9e7efbf350d..a8df65cc115f 100644
--- a/drivers/net/wireless/mediatek/mt76/mt7915/mac.c
+++ b/drivers/net/wireless/mediatek/mt76/mt7915/mac.c
@@ -521,7 +521,7 @@ mt7915_mac_fill_rx_rate(struct mt7915_dev *dev,
status->encoding = RX_ENC_VHT;
if (gi)
status->enc_flags |= RX_ENC_FLAG_SHORT_GI;
- if (i > 9)
+ if (i > 11)
return -EINVAL;
break;
case MT_PHY_TYPE_HE_MU:
--
2.35.1
^ permalink raw reply related [flat|nested] 898+ messages in thread
* [PATCH 5.18 160/879] mt76: mt7921: accept rx frames with non-standard VHT MCS10-11
2022-06-07 16:51 [PATCH 5.18 000/879] 5.18.3-rc1 review Greg Kroah-Hartman
` (158 preceding siblings ...)
2022-06-07 16:54 ` [PATCH 5.18 159/879] mt76: mt7915: accept rx frames with non-standard VHT MCS10-11 Greg Kroah-Hartman
@ 2022-06-07 16:54 ` Greg Kroah-Hartman
2022-06-07 16:54 ` [PATCH 5.18 161/879] mt76: fix encap offload ethernet type check Greg Kroah-Hartman
` (728 subsequent siblings)
888 siblings, 0 replies; 898+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:54 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Felix Fietkau, Sasha Levin
From: Felix Fietkau <nbd@nbd.name>
[ Upstream commit 3128ea016965ce9f91ddf4e1dd944724462d1698 ]
The hardware receives them properly, they should not be dropped
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/mediatek/mt76/mt7921/mac.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/wireless/mediatek/mt76/mt7921/mac.c b/drivers/net/wireless/mediatek/mt76/mt7921/mac.c
index 233998ca4857..f34070ca7bbe 100644
--- a/drivers/net/wireless/mediatek/mt76/mt7921/mac.c
+++ b/drivers/net/wireless/mediatek/mt76/mt7921/mac.c
@@ -696,7 +696,7 @@ mt7921_mac_fill_rx(struct mt7921_dev *dev, struct sk_buff *skb)
status->nss =
FIELD_GET(MT_PRXV_NSTS, v0) + 1;
status->encoding = RX_ENC_VHT;
- if (i > 9)
+ if (i > 11)
return -EINVAL;
break;
case MT_PHY_TYPE_HE_MU:
--
2.35.1
^ permalink raw reply related [flat|nested] 898+ messages in thread
* [PATCH 5.18 161/879] mt76: fix encap offload ethernet type check
2022-06-07 16:51 [PATCH 5.18 000/879] 5.18.3-rc1 review Greg Kroah-Hartman
` (159 preceding siblings ...)
2022-06-07 16:54 ` [PATCH 5.18 160/879] mt76: mt7921: " Greg Kroah-Hartman
@ 2022-06-07 16:54 ` Greg Kroah-Hartman
2022-06-07 16:54 ` [PATCH 5.18 162/879] media: rga: fix possible memory leak in rga_probe Greg Kroah-Hartman
` (727 subsequent siblings)
888 siblings, 0 replies; 898+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:54 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Thibaut VARÈNE, Felix Fietkau,
Sasha Levin
From: Felix Fietkau <nbd@nbd.name>
[ Upstream commit bc98e7fdd80d215b4b55eea001023231eb8ce12e ]
The driver needs to check if the format is 802.2 vs 802.3 in order to set
a tx descriptor flag. skb->protocol can't be used, since it may not be properly
initialized for packets coming in from a packet socket.
Fix misdetection by checking the ethertype from the skb data instead
Reported-by: Thibaut VARÈNE <hacks+kernel@slashdirt.org>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/mediatek/mt76/mt7915/mac.c | 4 +++-
drivers/net/wireless/mediatek/mt76/mt7921/mac.c | 4 +++-
2 files changed, 6 insertions(+), 2 deletions(-)
diff --git a/drivers/net/wireless/mediatek/mt76/mt7915/mac.c b/drivers/net/wireless/mediatek/mt76/mt7915/mac.c
index a8df65cc115f..eaa31f5e0b00 100644
--- a/drivers/net/wireless/mediatek/mt76/mt7915/mac.c
+++ b/drivers/net/wireless/mediatek/mt76/mt7915/mac.c
@@ -1017,6 +1017,7 @@ mt7915_mac_write_txwi_8023(struct mt7915_dev *dev, __le32 *txwi,
u8 tid = skb->priority & IEEE80211_QOS_CTL_TID_MASK;
u8 fc_type, fc_stype;
+ u16 ethertype;
bool wmm = false;
u32 val;
@@ -1030,7 +1031,8 @@ mt7915_mac_write_txwi_8023(struct mt7915_dev *dev, __le32 *txwi,
val = FIELD_PREP(MT_TXD1_HDR_FORMAT, MT_HDR_FORMAT_802_3) |
FIELD_PREP(MT_TXD1_TID, tid);
- if (be16_to_cpu(skb->protocol) >= ETH_P_802_3_MIN)
+ ethertype = get_unaligned_be16(&skb->data[12]);
+ if (ethertype >= ETH_P_802_3_MIN)
val |= MT_TXD1_ETH_802_3;
txwi[1] |= cpu_to_le32(val);
diff --git a/drivers/net/wireless/mediatek/mt76/mt7921/mac.c b/drivers/net/wireless/mediatek/mt76/mt7921/mac.c
index f34070ca7bbe..c5350e7a11e6 100644
--- a/drivers/net/wireless/mediatek/mt76/mt7921/mac.c
+++ b/drivers/net/wireless/mediatek/mt76/mt7921/mac.c
@@ -814,6 +814,7 @@ mt7921_mac_write_txwi_8023(struct mt7921_dev *dev, __le32 *txwi,
{
u8 tid = skb->priority & IEEE80211_QOS_CTL_TID_MASK;
u8 fc_type, fc_stype;
+ u16 ethertype;
bool wmm = false;
u32 val;
@@ -827,7 +828,8 @@ mt7921_mac_write_txwi_8023(struct mt7921_dev *dev, __le32 *txwi,
val = FIELD_PREP(MT_TXD1_HDR_FORMAT, MT_HDR_FORMAT_802_3) |
FIELD_PREP(MT_TXD1_TID, tid);
- if (be16_to_cpu(skb->protocol) >= ETH_P_802_3_MIN)
+ ethertype = get_unaligned_be16(&skb->data[12]);
+ if (ethertype >= ETH_P_802_3_MIN)
val |= MT_TXD1_ETH_802_3;
txwi[1] |= cpu_to_le32(val);
--
2.35.1
^ permalink raw reply related [flat|nested] 898+ messages in thread
* [PATCH 5.18 162/879] media: rga: fix possible memory leak in rga_probe
2022-06-07 16:51 [PATCH 5.18 000/879] 5.18.3-rc1 review Greg Kroah-Hartman
` (160 preceding siblings ...)
2022-06-07 16:54 ` [PATCH 5.18 161/879] mt76: fix encap offload ethernet type check Greg Kroah-Hartman
@ 2022-06-07 16:54 ` Greg Kroah-Hartman
2022-06-07 16:54 ` [PATCH 5.18 163/879] media: coda: limit frame interval enumeration to supported encoder frame sizes Greg Kroah-Hartman
` (726 subsequent siblings)
888 siblings, 0 replies; 898+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:54 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hangyu Hua, Hans Verkuil,
Mauro Carvalho Chehab, Sasha Levin
From: Hangyu Hua <hbh25y@gmail.com>
[ Upstream commit a71eb6025305192e646040cd76ccacb5bd48a1b5 ]
rg