* [PATCH 5.15 000/206] 5.15.81-rc1 review
@ 2022-11-30 18:20 Greg Kroah-Hartman
2022-11-30 18:20 ` [PATCH 5.15 001/206] ASoC: fsl_sai: use local device pointer Greg Kroah-Hartman
` (214 more replies)
0 siblings, 215 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:20 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, linux-kernel, torvalds, akpm, linux,
shuah, patches, lkft-triage, pavel, jonathanh, f.fainelli,
sudipm.mukherjee, srw, rwarsow
This is the start of the stable review cycle for the 5.15.81 release.
There are 206 patches in this series, all will be posted as a response
to this one. If anyone has any issues with these being applied, please
let me know.
Responses should be made by Fri, 02 Dec 2022 18:05:05 +0000.
Anything received after that time might be too late.
The whole patch series can be found in one patch at:
https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.15.81-rc1.gz
or in the git tree and branch at:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.15.y
and the diffstat can be found below.
thanks,
greg k-h
-------------
Pseudo-Shortlog of commits:
Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Linux 5.15.81-rc1
Andrzej Hajda <andrzej.hajda@intel.com>
drm/i915: fix TLB invalidation for Gen12 video and compute engines
Christian König <christian.koenig@amd.com>
drm/amdgpu: always register an MMU notifier for userptr
Ramesh Errabolu <Ramesh.Errabolu@amd.com>
drm/amdgpu: Enable Aldebaran devices to report CU Occupancy
Tsung-hua Lin <Tsung-hua.Lin@amd.com>
drm/amd/display: No display after resume from WB/CB
Lyude Paul <lyude@redhat.com>
drm/amd/dc/dce120: Fix audio register mapping, stop triggering KASAN
Zhen Lei <thunder.leizhen@huawei.com>
btrfs: sysfs: normalize the error handling branch in btrfs_init_sysfs()
Christoph Hellwig <hch@lst.de>
btrfs: use kvcalloc in btrfs_get_dev_zone_info
Christoph Hellwig <hch@lst.de>
btrfs: zoned: fix missing endianness conversion in sb_write_pointer
Anand Jain <anand.jain@oracle.com>
btrfs: free btrfs_path before copying subvol info to userspace
Anand Jain <anand.jain@oracle.com>
btrfs: free btrfs_path before copying fspath to userspace
Josef Bacik <josef@toxicpanda.com>
btrfs: free btrfs_path before copying root refs to userspace
Luiz Capitulino <luizcap@amazon.com>
genirq: Take the proposed affinity at face value if force==true
Luiz Capitulino <luizcap@amazon.com>
irqchip/gic-v3: Always trust the managed affinity provided by the core code
Luiz Capitulino <luizcap@amazon.com>
genirq: Always limit the affinity to online CPUs
Luiz Capitulino <luizcap@amazon.com>
genirq/msi: Shutdown managed interrupts with unsatifiable affinities
Phil Turnbull <philipturnbull@github.com>
wifi: wilc1000: validate number of channels
Phil Turnbull <philipturnbull@github.com>
wifi: wilc1000: validate length of IEEE80211_P2P_ATTR_CHANNEL_LIST attribute
Phil Turnbull <philipturnbull@github.com>
wifi: wilc1000: validate length of IEEE80211_P2P_ATTR_OPER_CHANNEL attribute
Phil Turnbull <philipturnbull@github.com>
wifi: wilc1000: validate pairwise and authentication suite offsets
Miklos Szeredi <mszeredi@redhat.com>
fuse: lock inode unconditionally in fuse_fallocate()
Mikulas Patocka <mpatocka@redhat.com>
dm integrity: clear the journal on suspend
Mikulas Patocka <mpatocka@redhat.com>
dm integrity: flush the journal on suspend
Robin Murphy <robin.murphy@arm.com>
gpu: host1x: Avoid trying to use GART on Tegra20
Zhou Guanghui <zhouguanghui1@huawei.com>
scsi: iscsi: Fix possible memory leak when device_register() failed
Enrico Sau <enrico.sau@gmail.com>
net: usb: qmi_wwan: add Telit 0x103a composition
Gleb Mazovetskiy <glex.spb@gmail.com>
tcp: configurable source port perturb table size
Arnav Rawat <arnavr3@illinois.edu>
platform/x86: ideapad-laptop: Fix interrupt storm on fn-lock toggle on some Yoga laptops
Kai-Heng Feng <kai.heng.feng@canonical.com>
platform/x86: hp-wmi: Ignore Smart Experience App event
Damien Le Moal <damien.lemoal@opensource.wdc.com>
zonefs: fix zone report size in __zonefs_io_error()
Guchun Chen <guchun.chen@amd.com>
drm/amdgpu: disable BACO support on more cards
Hans de Goede <hdegoede@redhat.com>
platform/x86: acer-wmi: Enable SW_TABLET_MODE on Switch V 10 (SW5-017)
Xiongfeng Wang <wangxiongfeng2@huawei.com>
platform/x86: asus-wmi: add missing pci_dev_put() in asus_wmi_set_xusb2pr()
ruanjinjie <ruanjinjie@huawei.com>
xen/platform-pci: add missing free_irq() in error path
Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>
xen-pciback: Allow setting PCI_MSIX_FLAGS_MASKALL too
Olivier Moysan <olivier.moysan@foss.st.com>
ASoC: stm32: dfsdm: manage cb buffers cleanup
Takashi Iwai <tiwai@suse.de>
Input: i8042 - apply probe defer to more ASUS ZenBook models
Hans de Goede <hdegoede@redhat.com>
Input: soc_button_array - add Acer Switch V 10 to dmi_use_low_level_irq[]
Hans de Goede <hdegoede@redhat.com>
Input: soc_button_array - add use_low_level_irq module parameter
Hans de Goede <hdegoede@redhat.com>
Input: goodix - try resetting the controller when no config is set
Lukas Wunner <lukas@wunner.de>
serial: 8250: 8250_omap: Avoid RS485 RTS glitch on ->set_termios()
Matti Vaittinen <mazziesaccount@gmail.com>
tools: iio: iio_generic_buffer: Fix read size
Hans de Goede <hdegoede@redhat.com>
ASoC: Intel: bytcht_es8316: Add quirk for the Nanote UMPC-01
Aman Dhoot <amandhoot12@gmail.com>
Input: synaptics - switch touchpad on HP Laptop 15-da3001TU to RMI mode
Michael Kelley <mikelley@microsoft.com>
x86/ioremap: Fix page aligned size calculation in __ioremap_caller()
Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
x86/pm: Add enumeration check before spec MSRs save/restore setup
Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
x86/tsx: Add a feature bit for TSX control MSR support
Maxim Levitsky <mlevitsk@redhat.com>
KVM: x86: remove exit_int_info warning in svm_handle_exit
Maxim Levitsky <mlevitsk@redhat.com>
KVM: x86: add kvm_leave_nested
Maxim Levitsky <mlevitsk@redhat.com>
KVM: x86: nSVM: harden svm_free_nested against freeing vmcb02 while still in use
Maxim Levitsky <mlevitsk@redhat.com>
KVM: x86: forcibly leave nested mode on vCPU reset
Maxim Levitsky <mlevitsk@redhat.com>
KVM: x86: nSVM: leave nested mode on vCPU free
Johannes Weiner <hannes@cmpxchg.org>
mm: vmscan: fix extreme overreclaim and swap floods
Mukesh Ojha <quic_mojha@quicinc.com>
gcov: clang: fix the buffer overflow issue
Chen Zhongjin <chenzhongjin@huawei.com>
nilfs2: fix nilfs_sufile_mark_dirty() not set segment usage as dirty
Thinh Nguyen <Thinh.Nguyen@synopsys.com>
usb: dwc3: gadget: Clear ep descriptor last
Thinh Nguyen <Thinh.Nguyen@synopsys.com>
usb: dwc3: gadget: Return -ESHUTDOWN on ep disable
Michael Grzeschik <m.grzeschik@pengutronix.de>
usb: dwc3: gadget: conditionally remove requests
Linus Walleij <linus.walleij@linaro.org>
bus: ixp4xx: Don't touch bit 7 on IXP42x
Chen Zhongjin <chenzhongjin@huawei.com>
iio: core: Fix entry not deleted when iio_register_sw_trigger_type() fails
Alejandro Concepción Rodríguez <asconcepcion@acoro.eu>
iio: light: apds9960: fix wrong register for gesture gain
Sam James <sam@gentoo.org>
kbuild: fix -Wimplicit-function-declaration in license_is_gpl_compatible
Jakob Unterwurzacher <jakob.unterwurzacher@theobroma-systems.com>
arm64: dts: rockchip: lower rk3399-puma-haikou SD controller clock frequency
Baokun Li <libaokun1@huawei.com>
ext4: fix use-after-free in ext4_ext_shift_extents
Pawel Laszczak <pawell@cadence.com>
usb: cdnsp: fix issue with ZLP - added TD_SIZE = 1
Pawel Laszczak <pawell@cadence.com>
usb: cdnsp: Fix issue with Clear Feature Halt Endpoint
Marek Szyprowski <m.szyprowski@samsung.com>
usb: dwc3: exynos: Fix remove() function
Marc Zyngier <maz@kernel.org>
KVM: arm64: pkvm: Fixup boot mode to reflect that the kernel resumes from EL1
Brian Norris <briannorris@chromium.org>
mmc: sdhci-brcmstb: Fix SDHCI_RESET_ALL for CQHCI
Al Cooper <alcooperx@gmail.com>
mmc: sdhci-brcmstb: Enable Clock Gating to save power
Al Cooper <alcooperx@gmail.com>
mmc: sdhci-brcmstb: Re-organize flags
Randy Dunlap <rdunlap@infradead.org>
nios2: add FORCE for vmlinuz.gz
Alexandre Belloni <alexandre.belloni@bootlin.com>
init/Kconfig: fix CC_HAS_ASM_GOTO_TIED_OUTPUT test with dash
Greg Kroah-Hartman <gregkh@linuxfoundation.org>
lib/vdso: use "grep -E" instead of "egrep"
Heiko Carstens <hca@linux.ibm.com>
s390/crashdump: fix TOD programmable field size
Yu Liao <liaoyu15@huawei.com>
net: thunderx: Fix the ACPI memory leak
Xiongfeng Wang <wangxiongfeng2@huawei.com>
octeontx2-af: Fix reference count issue in rvu_sdp_init()
Jiasheng Jiang <jiasheng@iscas.ac.cn>
octeontx2-pf: Add check for devm_kcalloc
Vladimir Oltean <vladimir.oltean@nxp.com>
net: enetc: preserve TX ring priority across reconfiguration
Vladimir Oltean <vladimir.oltean@nxp.com>
net: enetc: cache accesses to &priv->si->hw
Vladimir Oltean <vladimir.oltean@nxp.com>
net: enetc: manage ENETC_F_QBV in priv->active_offloads only when enabled
Martin Faltesek <mfaltesek@google.com>
nfc: st-nci: fix incorrect sizing calculations in EVT_TRANSACTION
Martin Faltesek <mfaltesek@google.com>
nfc: st-nci: fix memory leaks in EVT_TRANSACTION
Martin Faltesek <mfaltesek@google.com>
nfc: st-nci: fix incorrect validating logic in EVT_TRANSACTION
Stefan Haberland <sth@linux.ibm.com>
s390/dasd: fix no record found for raw_track_access
Wang Hai <wanghai38@huawei.com>
arcnet: fix potential memory leak in com20020_probe()
Ziyang Xuan <william.xuanziyang@huawei.com>
ipv4: Fix error return code in fib_table_insert()
Kuniyuki Iwashima <kuniyu@amazon.com>
dccp/tcp: Reset saddr on failure after inet6?_hash_connect().
Svyatoslav Feldsherov <feldsherov@google.com>
fs: do not update freeing inode i_io_list
Felix Fietkau <nbd@nbd.name>
netfilter: flowtable_offload: add missing locking
Jozsef Kadlecsik <kadlec@netfilter.org>
netfilter: ipset: restore allowing 64 clashing elements in hash:net,iface
Dawei Li <set_pte_at@outlook.com>
dma-buf: fix racing conflict of dma_heap_add()
Yang Yingliang <yangyingliang@huawei.com>
bnx2x: fix pci device refcount leak in bnx2x_vf_is_pcie_pending()
Andreas Kemnade <andreas@kemnade.info>
regulator: twl6030: re-add TWL6032_SUBCLASS
Liu Shixin <liushixin2@huawei.com>
NFC: nci: fix memory leak in nci_rx_data_packet()
Xin Long <lucien.xin@gmail.com>
net: sched: allow act_ct to be built without NF_NAT
Liu Jian <liujian56@huawei.com>
net: sparx5: fix error handling in sparx5_port_open()
Zhang Changzhong <zhangchangzhong@huawei.com>
sfc: fix potential memleak in __ef100_hard_start_xmit()
Wang ShaoBo <bobo.shaobowang@huawei.com>
net: wwan: iosm: use ACPI_FREE() but not kfree() in ipc_pcie_read_bios_cfg()
Chen Zhongjin <chenzhongjin@huawei.com>
xfrm: Fix ignored return value in xfrm6_init()
Thomas Jarosch <thomas.jarosch@intra2net.com>
xfrm: Fix oops in __xfrm_state_delete()
YueHaibing <yuehaibing@huawei.com>
tipc: check skb_linearize() return value in tipc_disc_rcv()
Xin Long <lucien.xin@gmail.com>
tipc: add an extra conn_get in tipc_conn_alloc
Xin Long <lucien.xin@gmail.com>
tipc: set con sock in tipc_conn_alloc
Moshe Shemesh <moshe@nvidia.com>
net/mlx5: Fix handling of entry refcount when command is not issued to FW
Moshe Shemesh <moshe@nvidia.com>
net/mlx5: Fix FW tracer timestamp calculation
Roy Novich <royno@nvidia.com>
net/mlx5: Do not query pci info while pci disabled
Vishwanath Pai <vpai@akamai.com>
netfilter: ipset: regression in ip_set_hash_ip.c
Yang Yingliang <yangyingliang@huawei.com>
Drivers: hv: vmbus: fix possible memory leak in vmbus_device_register()
Yang Yingliang <yangyingliang@huawei.com>
Drivers: hv: vmbus: fix double free in the error path of vmbus_add_channel_work()
YueHaibing <yuehaibing@huawei.com>
macsec: Fix invalid error code set
Jaco Coetzee <jaco.coetzee@corigine.com>
nfp: add port from netdev validation for EEPROM access
Diana Wang <na.wang@corigine.com>
nfp: fill splittable of devlink_port_attrs correctly
Yang Yingliang <yangyingliang@huawei.com>
net: pch_gbe: fix pci device refcount leak while module exiting
Yang Yingliang <yangyingliang@huawei.com>
octeontx2-af: debugsfs: fix pci device refcount leak
Zhang Changzhong <zhangchangzhong@huawei.com>
net/qla3xxx: fix potential memleak in ql3xxx_send()
Hui Tang <tanghui20@huawei.com>
net: mvpp2: fix possible invalid pointer dereference
Peter Kosyh <pkosyh@yandex.ru>
net/mlx4: Check retval of mlx4_bitmap_init
Liu Jian <liujian56@huawei.com>
net: ethernet: mtk_eth_soc: fix error handling in mtk_open()
Fabio Estevam <festevam@denx.de>
ARM: dts: imx6q-prti6q: Fix ref/tcxo-clock-frequency properties
Zheng Yongjun <zhengyongjun3@huawei.com>
ARM: mxs: fix memory leak in mxs_machine_init()
Slawomir Laba <slawomirx.laba@intel.com>
iavf: Fix race condition between iavf_shutdown and iavf_remove
Ivan Vecera <ivecera@redhat.com>
iavf: Do not restart Tx queues after reset task failure
Ivan Vecera <ivecera@redhat.com>
iavf: Fix a crash during reset task
Pablo Neira Ayuso <pablo@netfilter.org>
netfilter: nf_tables: do not set up extensions for end interval
Daniel Xu <dxu@dxuuu.xyz>
netfilter: conntrack: Fix data-races around ct mark
Zhengchao Shao <shaozhengchao@huawei.com>
9p/fd: fix issue of list_del corruption in p9_fd_cancel()
Wang Hai <wanghai38@huawei.com>
net: pch_gbe: fix potential memleak in pch_gbe_tx_queue()
Lin Ma <linma@zju.edu.cn>
nfc/nci: fix race with opening and closing
Vladimir Oltean <vladimir.oltean@nxp.com>
net: dsa: sja1105: disallow C45 transactions on the BASE-TX MDIO bus
David Howells <dhowells@redhat.com>
rxrpc: Fix race between conn bundle lookup and bundle removal [ZDI-CAN-15975]
David Howells <dhowells@redhat.com>
rxrpc: Use refcount_t rather than atomic_t
David Howells <dhowells@redhat.com>
rxrpc: Allow list of in-use local UDP endpoints to be viewed in /proc
Leon Romanovsky <leon@kernel.org>
net: liquidio: simplify if expression
Matthieu Baerts <matthieu.baerts@tessares.net>
selftests: mptcp: fix mibit vs mbit mix up
Paolo Abeni <pabeni@redhat.com>
selftests: mptcp: more stable simult_flows tests
Michael Grzeschik <m.grzeschik@pengutronix.de>
ARM: dts: at91: sam9g20ek: enable udc vbus gpio pinctrl
Yang Yingliang <yangyingliang@huawei.com>
tee: optee: fix possible memory leak in optee_register_device()
Samuel Holland <samuel@sholland.org>
bus: sunxi-rsb: Support atomic transfers
Samuel Holland <samuel@sholland.org>
bus: sunxi-rsb: Remove the shutdown callback
Yang Yingliang <yangyingliang@huawei.com>
regulator: core: fix UAF in destroy_regulator()
Xiongfeng Wang <wangxiongfeng2@huawei.com>
spi: dw-dma: decrease reference count in dw_spi_dma_init_mfld()
Zeng Heng <zengheng4@huawei.com>
regulator: core: fix kobject release warning and memory leak in regulator_register()
Jiasheng Jiang <jiasheng@iscas.ac.cn>
ASoC: max98373: Add checks for devm_kcalloc
Michael Kelley <mikelley@microsoft.com>
scsi: storvsc: Fix handling of srb_status and capacity change events
Vitaly Kuznetsov <vkuznets@redhat.com>
x86/hyperv: Restore VP assist page after cpu offlining/onlining
Richard Fitzgerald <rf@opensource.cirrus.com>
ASoC: soc-pcm: Don't zero TDM masks in __soc_pcm_open()
Detlev Casanova <detlev.casanova@collabora.com>
ASoC: sgtl5000: Reset the CHIP_CLK_CTRL reg on remove
Junxiao Chang <junxiao.chang@intel.com>
ASoC: hdac_hda: fix hda pcm buffer overflow issue
Dominik Haller <d.haller@phytec.de>
ARM: dts: am335x-pcm-953: Define fixed regulators in root node
Herbert Xu <herbert@gondor.apana.org.au>
af_key: Fix send_acquire race with pfkey_register
Christian Langrock <christian.langrock@secunet.com>
xfrm: replay: Fix ESN wrap around for GSO
Eyal Birger <eyal.birger@gmail.com>
xfrm: fix "disable_policy" on ipv4 early demux
Jason A. Donenfeld <Jason@zx2c4.com>
MIPS: pic32: treat port as signed integer
Nathan Chancellor <nathan@kernel.org>
RISC-V: vdso: Do not add missing symbols to version section in linker script
Ai Chao <aichao@kylinos.cn>
ALSA: usb-audio: add quirk to fix Hamedal C20 disconnect issue
Asher Song <Asher.Song@amd.com>
Revert "drm/amdgpu: Revert "drm/amdgpu: getting fan speed pwm for vega10 properly""
Aleksandr Miloserdov <a.miloserdov@yadro.com>
nvmet: fix memory leak in nvmet_subsys_attr_model_store_locked
Kuniyuki Iwashima <kuniyu@amazon.com>
arm64/syscall: Include asm/ptrace.h in syscall_wrapper header.
Yu Kuai <yukuai3@huawei.com>
block, bfq: fix null pointer dereference in bfq_bio_bfqg()
Hans de Goede <hdegoede@redhat.com>
drm: panel-orientation-quirks: Add quirk for Acer Switch V 10 (SW5-017)
Bart Van Assche <bvanassche@acm.org>
scsi: scsi_debug: Make the READ CAPACITY response compliant with ZBC
Brian King <brking@linux.vnet.ibm.com>
scsi: ibmvfc: Avoid path failures during live migration
Ivan Hu <ivan.hu@canonical.com>
platform/x86/intel/hid: Add some ACPI device IDs
David E. Box <david.e.box@linux.intel.com>
platform/x86/intel/pmt: Sapphire Rapids PMT errata fix
Hans de Goede <hdegoede@redhat.com>
platform/x86: touchscreen_dmi: Add info for the RCA Cambio W101 v2 2-in-1
Manyi Li <limanyi@uniontech.com>
platform/x86: ideapad-laptop: Disable touchpad_switch
Sabrina Dubroca <sd@queasysnail.net>
Revert "net: macsec: report real_dev features when HW offloading is enabled"
Youlin Li <liulin063@gmail.com>
selftests/bpf: Add verifier test for release_reference()
Sean Nyekjaer <sean@geanix.com>
spi: stm32: fix stm32_spi_prepare_mbr() that halves spi clk for every run
Tyler J. Stachecki <stachecki.tyler@gmail.com>
wifi: ath11k: Fix QCN9074 firmware boot on x86
Nicolas Cavallari <nicolas.cavallari@green-communications.fr>
wifi: mac80211: Fix ack frame idr leak when mesh has no route
Jason A. Donenfeld <Jason@zx2c4.com>
wifi: airo: do not assign -1 to unsigned char
Gaosheng Cui <cuigaosheng1@huawei.com>
audit: fix undefined behavior in bit shift for AUDIT_BIT
Emil Renner Berthing <emil.renner.berthing@canonical.com>
riscv: dts: sifive unleashed: Add PWM controlled LEDs
Jonas Jelonek <jelonek.jonas@gmail.com>
wifi: mac80211_hwsim: fix debugfs attribute ps with rc table support
taozhang <taozhang@bestechnic.com>
wifi: mac80211: fix memory free error when registering wiphy fail
Xiubo Li <xiubli@redhat.com>
ceph: fix NULL pointer dereference for req->r_session
Kenneth Lee <klee33@uw.edu>
ceph: Use kcalloc for allocating multiple elements
Carlos Llamas <cmllamas@google.com>
binder: validate alloc->mm in ->mmap() handler
Borys Popławski <borysp@invisiblethingslab.com>
x86/sgx: Add overflow check in sgx_validate_offset_length()
Reinette Chatre <reinette.chatre@intel.com>
x86/sgx: Create utility to validate user provided offset and length
Xiubo Li <xiubli@redhat.com>
ceph: avoid putting the realm twice when decoding snaps fails
Xiubo Li <xiubli@redhat.com>
ceph: do not update snapshot context when there is no new snapshot
Mitja Spes <mitja@lxnav.com>
iio: pressure: ms5611: fixed value compensation bug
Lars-Peter Clausen <lars@metafoo.de>
iio: ms5611: Simplify IO callback parameters
Đoàn Trần Công Danh <congdanhqx@gmail.com>
speakup: replace utils' u_char with unsigned char
Samuel Thibault <samuel.thibault@ens-lyon.org>
speakup: Generate speakupmap.h automatically
Tiago Dias Ferreira <tiagodfer@gmail.com>
nvme-pci: add NVME_QUIRK_BOGUS_NID for Netac NV7000
Xander Li <xander_li@kingston.com.tw>
nvme-pci: disable write zeroes on various Kingston SSD
Christoph Hellwig <hch@lst.de>
nvme-pci: disable namespace identifiers for the MAXIO MAP1001
Bean Huo <beanhuo@micron.com>
nvme-pci: add NVME_QUIRK_BOGUS_NID for Micron Nitro
Leo Savernik <l.savernik@aon.at>
nvme: add a bogus subsystem NQN quirk for Micron MTFDKBA2T0TFH
Simon Rettberg <simon.rettberg@rz.uni-freiburg.de>
drm/display: Don't assume dual mode adaptors support i2c sub-addressing
Niklas Cassel <niklas.cassel@wdc.com>
ata: libata-core: do not issue non-internal commands once EH is pending
Wenchao Hao <haowenchao@huawei.com>
ata: libata-scsi: simplify __ata_scsi_queuecmd()
Zhang Xiaoxu <zhangxiaoxu5@huawei.com>
cifs: Fix connections leak when tlink setup failed
Paulo Alcantara <pc@cjr.nz>
cifs: support nested dfs links over reconnect
Paulo Alcantara <pc@cjr.nz>
cifs: split out dfs code from cifs_reconnect()
Paulo Alcantara <pc@cjr.nz>
cifs: introduce new helper for cifs_reconnect()
Xin Long <lucien.xin@gmail.com>
sctp: clear out_curr if all frag chunks of current msg are pruned
Xin Long <lucien.xin@gmail.com>
sctp: remove the unnecessary sinfo_stream check in sctp_prsctp_prune_unsent
Sherry Sun <sherry.sun@nxp.com>
tty: serial: fsl_lpuart: don't break the on-going transfer when global reset
Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
serial: fsl_lpuart: Fill in rs485_supported
Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
serial: Add rs485_supported to uart_port
Maarten Zanders <maarten.zanders@mind.be>
ASoC: fsl_asrc fsl_esai fsl_sai: allow CONFIG_PM=N
Marco Felsch <m.felsch@pengutronix.de>
ASoC: fsl_sai: use local device pointer
-------------
Diffstat:
Makefile | 4 +-
arch/arm/boot/dts/am335x-pcm-953.dtsi | 28 +-
arch/arm/boot/dts/at91sam9g20ek_common.dtsi | 9 +
arch/arm/boot/dts/imx6q-prti6q.dts | 4 +-
arch/arm/mach-mxs/mach-mxs.c | 4 +-
.../arm64/boot/dts/rockchip/rk3399-puma-haikou.dts | 2 +-
arch/arm64/include/asm/syscall_wrapper.h | 2 +-
arch/arm64/kvm/arm.c | 11 +
arch/mips/include/asm/fw/fw.h | 2 +-
arch/mips/pic32/pic32mzda/early_console.c | 13 +-
arch/mips/pic32/pic32mzda/init.c | 2 +-
arch/nios2/boot/Makefile | 2 +-
.../riscv/boot/dts/sifive/hifive-unleashed-a00.dts | 38 +
arch/riscv/kernel/vdso/Makefile | 3 +
arch/riscv/kernel/vdso/vdso.lds.S | 2 +
arch/s390/kernel/crash_dump.c | 2 +-
arch/x86/hyperv/hv_init.c | 54 +-
arch/x86/include/asm/cpufeatures.h | 3 +
arch/x86/kernel/cpu/sgx/ioctl.c | 31 +-
arch/x86/kernel/cpu/tsx.c | 38 +-
arch/x86/kvm/svm/nested.c | 6 +-
arch/x86/kvm/svm/svm.c | 16 +-
arch/x86/kvm/vmx/nested.c | 3 -
arch/x86/kvm/x86.c | 18 +-
arch/x86/mm/ioremap.c | 8 +-
arch/x86/power/cpu.c | 23 +-
block/bfq-cgroup.c | 4 +
drivers/accessibility/speakup/.gitignore | 4 +
drivers/accessibility/speakup/Makefile | 28 +
drivers/accessibility/speakup/genmap.c | 162 +++
drivers/accessibility/speakup/makemapdata.c | 125 ++
drivers/accessibility/speakup/speakupmap.h | 66 -
drivers/accessibility/speakup/utils.h | 102 ++
drivers/android/binder_alloc.c | 7 +
drivers/ata/libata-scsi.c | 55 +-
drivers/bus/intel-ixp4xx-eb.c | 9 +-
drivers/bus/sunxi-rsb.c | 38 +-
drivers/dma-buf/dma-heap.c | 28 +-
.../gpu/drm/amd/amdgpu/amdgpu_amdkfd_aldebaran.c | 1 +
drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c | 8 +-
drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 37 +
.../drm/amd/display/dc/dce120/dce120_resource.c | 3 +-
.../drm/amd/pm/powerplay/hwmgr/vega10_thermal.c | 25 +-
.../drm/amd/pm/swsmu/smu11/sienna_cichlid_ppt.c | 4 +
drivers/gpu/drm/drm_dp_dual_mode_helper.c | 51 +-
drivers/gpu/drm/drm_panel_orientation_quirks.c | 6 +
drivers/gpu/drm/i915/gt/intel_gt.c | 4 +
drivers/gpu/drm/tegra/drm.c | 4 +
drivers/gpu/host1x/dev.c | 4 +
drivers/hv/channel_mgmt.c | 6 +-
drivers/hv/vmbus_drv.c | 1 +
drivers/iio/industrialio-sw-trigger.c | 6 +-
drivers/iio/light/apds9960.c | 12 +-
drivers/iio/pressure/ms5611.h | 18 +-
drivers/iio/pressure/ms5611_core.c | 56 +-
drivers/iio/pressure/ms5611_i2c.c | 11 +-
drivers/iio/pressure/ms5611_spi.c | 17 +-
drivers/input/misc/soc_button_array.c | 14 +-
drivers/input/mouse/synaptics.c | 1 +
drivers/input/serio/i8042-x86ia64io.h | 8 +-
drivers/input/touchscreen/goodix.c | 11 +
drivers/irqchip/irq-gic-v3-its.c | 2 +-
drivers/md/dm-integrity.c | 20 +-
drivers/mmc/host/sdhci-brcmstb.c | 68 +-
drivers/net/arcnet/com20020_cs.c | 11 +-
drivers/net/dsa/sja1105/sja1105_mdio.c | 6 +
drivers/net/ethernet/broadcom/bnx2x/bnx2x_sriov.c | 12 +-
drivers/net/ethernet/cavium/liquidio/lio_main.c | 4 +-
drivers/net/ethernet/cavium/thunder/thunder_bgx.c | 4 +-
drivers/net/ethernet/freescale/enetc/enetc.c | 32 +-
drivers/net/ethernet/freescale/enetc/enetc.h | 10 +-
drivers/net/ethernet/freescale/enetc/enetc_pf.c | 6 +-
drivers/net/ethernet/freescale/enetc/enetc_qos.c | 83 +-
drivers/net/ethernet/intel/iavf/iavf_main.c | 33 +-
drivers/net/ethernet/marvell/mvpp2/mvpp2_main.c | 8 +-
.../ethernet/marvell/octeontx2/af/rvu_debugfs.c | 3 +
.../net/ethernet/marvell/octeontx2/af/rvu_nix.c | 2 +
.../net/ethernet/marvell/octeontx2/af/rvu_sdp.c | 7 +-
drivers/net/ethernet/mediatek/mtk_eth_soc.c | 4 +-
drivers/net/ethernet/mellanox/mlx4/qp.c | 3 +-
drivers/net/ethernet/mellanox/mlx5/core/cmd.c | 6 +-
.../ethernet/mellanox/mlx5/core/diag/fw_tracer.c | 2 +-
drivers/net/ethernet/mellanox/mlx5/core/main.c | 9 +-
.../net/ethernet/microchip/sparx5/sparx5_netdev.c | 14 +-
drivers/net/ethernet/netronome/nfp/nfp_devlink.c | 2 +-
.../net/ethernet/netronome/nfp/nfp_net_ethtool.c | 3 +
.../net/ethernet/oki-semi/pch_gbe/pch_gbe_main.c | 6 +-
drivers/net/ethernet/qlogic/qla3xxx.c | 1 +
drivers/net/ethernet/sfc/ef100_netdev.c | 1 +
drivers/net/macsec.c | 28 +-
drivers/net/usb/qmi_wwan.c | 1 +
drivers/net/wireless/ath/ath11k/qmi.h | 2 +-
drivers/net/wireless/cisco/airo.c | 18 +-
drivers/net/wireless/mac80211_hwsim.c | 5 +
drivers/net/wireless/microchip/wilc1000/cfg80211.c | 40 +-
drivers/net/wireless/microchip/wilc1000/hif.c | 21 +-
drivers/net/wwan/iosm/iosm_ipc_pcie.c | 2 +-
drivers/nfc/st-nci/se.c | 49 +-
drivers/nvme/host/pci.c | 18 +
drivers/nvme/target/configfs.c | 7 +-
drivers/platform/x86/acer-wmi.c | 9 +
drivers/platform/x86/asus-wmi.c | 2 +
drivers/platform/x86/hp-wmi.c | 3 +
drivers/platform/x86/ideapad-laptop.c | 42 +-
drivers/platform/x86/intel/hid.c | 3 +
drivers/platform/x86/intel/pmt/class.c | 31 +-
drivers/platform/x86/touchscreen_dmi.c | 25 +
drivers/regulator/core.c | 8 +-
drivers/regulator/twl6030-regulator.c | 2 +
drivers/s390/block/dasd_eckd.c | 6 +-
drivers/scsi/ibmvscsi/ibmvfc.c | 14 +-
drivers/scsi/scsi_debug.c | 7 +
drivers/scsi/scsi_transport_iscsi.c | 31 +-
drivers/scsi/storvsc_drv.c | 69 +-
drivers/spi/spi-dw-dma.c | 3 +
drivers/spi/spi-stm32.c | 2 +-
drivers/tee/optee/device.c | 2 +-
drivers/tty/serial/8250/8250_core.c | 1 +
drivers/tty/serial/8250/8250_omap.c | 7 +-
drivers/tty/serial/fsl_lpuart.c | 82 +-
drivers/usb/cdns3/cdnsp-gadget.c | 12 +-
drivers/usb/cdns3/cdnsp-ring.c | 17 +-
drivers/usb/dwc3/dwc3-exynos.c | 11 +-
drivers/usb/dwc3/gadget.c | 22 +-
drivers/xen/platform-pci.c | 7 +-
drivers/xen/xen-pciback/conf_space_capability.c | 9 +-
fs/btrfs/ioctl.c | 7 +-
fs/btrfs/sysfs.c | 7 +-
fs/btrfs/zoned.c | 9 +-
fs/ceph/caps.c | 50 +-
fs/ceph/snap.c | 31 +-
fs/cifs/cifs_dfs_ref.c | 59 +-
fs/cifs/cifs_fs_sb.h | 5 -
fs/cifs/cifsglob.h | 24 +-
fs/cifs/cifsproto.h | 5 +-
fs/cifs/connect.c | 1358 ++++++++++----------
fs/cifs/dfs_cache.c | 44 +-
fs/cifs/misc.c | 62 +-
fs/cifs/smb2ops.c | 10 +-
fs/cifs/smb2pdu.c | 6 +-
fs/ext4/extents.c | 18 +-
fs/fs-writeback.c | 30 +-
fs/fuse/file.c | 37 +-
fs/nilfs2/sufile.c | 8 +
fs/zonefs/super.c | 37 +-
include/linux/license.h | 2 +
include/linux/serial_core.h | 1 +
include/trace/events/rxrpc.h | 2 +-
include/uapi/linux/audit.h | 2 +-
init/Kconfig | 2 +-
kernel/gcov/clang.c | 2 +
kernel/irq/manage.c | 31 +-
kernel/irq/msi.c | 7 +
lib/vdso/Makefile | 2 +-
mm/vmscan.c | 10 +-
net/9p/trans_fd.c | 2 +
net/core/flow_dissector.c | 2 +-
net/dccp/ipv4.c | 2 +
net/dccp/ipv6.c | 2 +
net/ipv4/Kconfig | 10 +
net/ipv4/esp4_offload.c | 3 +
net/ipv4/fib_trie.c | 4 +-
net/ipv4/inet_hashtables.c | 10 +-
net/ipv4/ip_input.c | 5 +
net/ipv4/netfilter/ipt_CLUSTERIP.c | 4 +-
net/ipv4/tcp_ipv4.c | 2 +
net/ipv6/esp6_offload.c | 3 +
net/ipv6/tcp_ipv6.c | 2 +
net/ipv6/xfrm6_policy.c | 6 +-
net/key/af_key.c | 34 +-
net/mac80211/main.c | 8 +-
net/mac80211/mesh_pathtbl.c | 2 +-
net/netfilter/ipset/ip_set_hash_gen.h | 2 +-
net/netfilter/ipset/ip_set_hash_ip.c | 8 +-
net/netfilter/nf_conntrack_core.c | 2 +-
net/netfilter/nf_conntrack_netlink.c | 24 +-
net/netfilter/nf_conntrack_standalone.c | 2 +-
net/netfilter/nf_flow_table_offload.c | 4 +
net/netfilter/nf_tables_api.c | 6 +-
net/netfilter/nft_ct.c | 6 +-
net/netfilter/xt_connmark.c | 18 +-
net/nfc/nci/core.c | 2 +-
net/nfc/nci/data.c | 4 +-
net/openvswitch/conntrack.c | 8 +-
net/rxrpc/af_rxrpc.c | 2 +-
net/rxrpc/ar-internal.h | 24 +-
net/rxrpc/call_accept.c | 4 +-
net/rxrpc/call_object.c | 44 +-
net/rxrpc/conn_client.c | 66 +-
net/rxrpc/conn_object.c | 49 +-
net/rxrpc/conn_service.c | 8 +-
net/rxrpc/input.c | 4 +-
net/rxrpc/local_object.c | 68 +-
net/rxrpc/net_ns.c | 5 +-
net/rxrpc/peer_object.c | 40 +-
net/rxrpc/proc.c | 75 +-
net/rxrpc/skbuff.c | 1 -
net/sched/Kconfig | 2 +-
net/sched/act_connmark.c | 4 +-
net/sched/act_ct.c | 8 +-
net/sched/act_ctinfo.c | 6 +-
net/sctp/outqueue.c | 13 +-
net/tipc/discover.c | 5 +-
net/tipc/topsrv.c | 20 +-
net/xfrm/xfrm_device.c | 15 +-
net/xfrm/xfrm_replay.c | 2 +-
sound/soc/codecs/hdac_hda.h | 4 +-
sound/soc/codecs/max98373-i2c.c | 4 +
sound/soc/codecs/sgtl5000.c | 1 +
sound/soc/fsl/fsl_asrc.c | 2 +-
sound/soc/fsl/fsl_esai.c | 2 +-
sound/soc/fsl/fsl_sai.c | 55 +-
sound/soc/intel/boards/bytcht_es8316.c | 7 +
sound/soc/soc-pcm.c | 5 -
sound/soc/stm/stm32_adfsdm.c | 11 +
sound/usb/endpoint.c | 3 +-
sound/usb/quirks.c | 2 +
sound/usb/usbaudio.h | 3 +
tools/iio/iio_generic_buffer.c | 4 +-
.../testing/selftests/bpf/verifier/ref_tracking.c | 36 +
tools/testing/selftests/net/mptcp/mptcp_connect.c | 72 +-
tools/testing/selftests/net/mptcp/simult_flows.sh | 37 +-
222 files changed, 3131 insertions(+), 1881 deletions(-)
^ permalink raw reply [flat|nested] 217+ messages in thread
* [PATCH 5.15 001/206] ASoC: fsl_sai: use local device pointer
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
@ 2022-11-30 18:20 ` Greg Kroah-Hartman
2022-11-30 18:20 ` [PATCH 5.15 002/206] ASoC: fsl_asrc fsl_esai fsl_sai: allow CONFIG_PM=N Greg Kroah-Hartman
` (213 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:20 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Marco Felsch, Shengjiu Wang,
Mark Brown, Sasha Levin
From: Marco Felsch <m.felsch@pengutronix.de>
[ Upstream commit f53f50ee21d46094a8c48970e95e38a4deaa128e ]
Use a local variable to dereference the device pointer once and use the
local variable in further calls. No functional changes.
Signed-off-by: Marco Felsch <m.felsch@pengutronix.de>
Acked-by: Shengjiu Wang <shengjiu.wang@gmail.com>
Link: https://lore.kernel.org/r/20220601092342.3328644-1-m.felsch@pengutronix.de
Signed-off-by: Mark Brown <broonie@kernel.org>
Stable-dep-of: 6a564338a23c ("ASoC: fsl_asrc fsl_esai fsl_sai: allow CONFIG_PM=N")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/fsl/fsl_sai.c | 53 +++++++++++++++++++++--------------------
1 file changed, 27 insertions(+), 26 deletions(-)
diff --git a/sound/soc/fsl/fsl_sai.c b/sound/soc/fsl/fsl_sai.c
index 38f6362099d5..bcf6b66a5ac0 100644
--- a/sound/soc/fsl/fsl_sai.c
+++ b/sound/soc/fsl/fsl_sai.c
@@ -1000,6 +1000,7 @@ static int fsl_sai_runtime_resume(struct device *dev);
static int fsl_sai_probe(struct platform_device *pdev)
{
struct device_node *np = pdev->dev.of_node;
+ struct device *dev = &pdev->dev;
struct fsl_sai *sai;
struct regmap *gpr;
struct resource *res;
@@ -1008,12 +1009,12 @@ static int fsl_sai_probe(struct platform_device *pdev)
int irq, ret, i;
int index;
- sai = devm_kzalloc(&pdev->dev, sizeof(*sai), GFP_KERNEL);
+ sai = devm_kzalloc(dev, sizeof(*sai), GFP_KERNEL);
if (!sai)
return -ENOMEM;
sai->pdev = pdev;
- sai->soc_data = of_device_get_match_data(&pdev->dev);
+ sai->soc_data = of_device_get_match_data(dev);
sai->is_lsb_first = of_property_read_bool(np, "lsb-first");
@@ -1028,18 +1029,18 @@ static int fsl_sai_probe(struct platform_device *pdev)
ARRAY_SIZE(fsl_sai_reg_defaults_ofs8);
}
- sai->regmap = devm_regmap_init_mmio(&pdev->dev, base, &fsl_sai_regmap_config);
+ sai->regmap = devm_regmap_init_mmio(dev, base, &fsl_sai_regmap_config);
if (IS_ERR(sai->regmap)) {
- dev_err(&pdev->dev, "regmap init failed\n");
+ dev_err(dev, "regmap init failed\n");
return PTR_ERR(sai->regmap);
}
- sai->bus_clk = devm_clk_get(&pdev->dev, "bus");
+ sai->bus_clk = devm_clk_get(dev, "bus");
/* Compatible with old DTB cases */
if (IS_ERR(sai->bus_clk) && PTR_ERR(sai->bus_clk) != -EPROBE_DEFER)
- sai->bus_clk = devm_clk_get(&pdev->dev, "sai");
+ sai->bus_clk = devm_clk_get(dev, "sai");
if (IS_ERR(sai->bus_clk)) {
- dev_err(&pdev->dev, "failed to get bus clock: %ld\n",
+ dev_err(dev, "failed to get bus clock: %ld\n",
PTR_ERR(sai->bus_clk));
/* -EPROBE_DEFER */
return PTR_ERR(sai->bus_clk);
@@ -1047,9 +1048,9 @@ static int fsl_sai_probe(struct platform_device *pdev)
for (i = 1; i < FSL_SAI_MCLK_MAX; i++) {
sprintf(tmp, "mclk%d", i);
- sai->mclk_clk[i] = devm_clk_get(&pdev->dev, tmp);
+ sai->mclk_clk[i] = devm_clk_get(dev, tmp);
if (IS_ERR(sai->mclk_clk[i])) {
- dev_err(&pdev->dev, "failed to get mclk%d clock: %ld\n",
+ dev_err(dev, "failed to get mclk%d clock: %ld\n",
i + 1, PTR_ERR(sai->mclk_clk[i]));
sai->mclk_clk[i] = NULL;
}
@@ -1064,10 +1065,10 @@ static int fsl_sai_probe(struct platform_device *pdev)
if (irq < 0)
return irq;
- ret = devm_request_irq(&pdev->dev, irq, fsl_sai_isr, IRQF_SHARED,
+ ret = devm_request_irq(dev, irq, fsl_sai_isr, IRQF_SHARED,
np->name, sai);
if (ret) {
- dev_err(&pdev->dev, "failed to claim irq %u\n", irq);
+ dev_err(dev, "failed to claim irq %u\n", irq);
return ret;
}
@@ -1084,7 +1085,7 @@ static int fsl_sai_probe(struct platform_device *pdev)
if (of_find_property(np, "fsl,sai-synchronous-rx", NULL) &&
of_find_property(np, "fsl,sai-asynchronous", NULL)) {
/* error out if both synchronous and asynchronous are present */
- dev_err(&pdev->dev, "invalid binding for synchronous mode\n");
+ dev_err(dev, "invalid binding for synchronous mode\n");
return -EINVAL;
}
@@ -1105,7 +1106,7 @@ static int fsl_sai_probe(struct platform_device *pdev)
of_device_is_compatible(np, "fsl,imx6ul-sai")) {
gpr = syscon_regmap_lookup_by_compatible("fsl,imx6ul-iomuxc-gpr");
if (IS_ERR(gpr)) {
- dev_err(&pdev->dev, "cannot find iomuxc registers\n");
+ dev_err(dev, "cannot find iomuxc registers\n");
return PTR_ERR(gpr);
}
@@ -1123,23 +1124,23 @@ static int fsl_sai_probe(struct platform_device *pdev)
sai->dma_params_tx.maxburst = FSL_SAI_MAXBURST_TX;
platform_set_drvdata(pdev, sai);
- pm_runtime_enable(&pdev->dev);
- if (!pm_runtime_enabled(&pdev->dev)) {
- ret = fsl_sai_runtime_resume(&pdev->dev);
+ pm_runtime_enable(dev);
+ if (!pm_runtime_enabled(dev)) {
+ ret = fsl_sai_runtime_resume(dev);
if (ret)
goto err_pm_disable;
}
- ret = pm_runtime_get_sync(&pdev->dev);
+ ret = pm_runtime_get_sync(dev);
if (ret < 0) {
- pm_runtime_put_noidle(&pdev->dev);
+ pm_runtime_put_noidle(dev);
goto err_pm_get_sync;
}
/* Get sai version */
- ret = fsl_sai_check_version(&pdev->dev);
+ ret = fsl_sai_check_version(dev);
if (ret < 0)
- dev_warn(&pdev->dev, "Error reading SAI version: %d\n", ret);
+ dev_warn(dev, "Error reading SAI version: %d\n", ret);
/* Select MCLK direction */
if (of_find_property(np, "fsl,sai-mclk-direction-output", NULL) &&
@@ -1148,7 +1149,7 @@ static int fsl_sai_probe(struct platform_device *pdev)
FSL_SAI_MCTL_MCLK_EN, FSL_SAI_MCTL_MCLK_EN);
}
- ret = pm_runtime_put_sync(&pdev->dev);
+ ret = pm_runtime_put_sync(dev);
if (ret < 0)
goto err_pm_get_sync;
@@ -1161,12 +1162,12 @@ static int fsl_sai_probe(struct platform_device *pdev)
if (ret)
goto err_pm_get_sync;
} else {
- ret = devm_snd_dmaengine_pcm_register(&pdev->dev, NULL, 0);
+ ret = devm_snd_dmaengine_pcm_register(dev, NULL, 0);
if (ret)
goto err_pm_get_sync;
}
- ret = devm_snd_soc_register_component(&pdev->dev, &fsl_component,
+ ret = devm_snd_soc_register_component(dev, &fsl_component,
&sai->cpu_dai_drv, 1);
if (ret)
goto err_pm_get_sync;
@@ -1174,10 +1175,10 @@ static int fsl_sai_probe(struct platform_device *pdev)
return ret;
err_pm_get_sync:
- if (!pm_runtime_status_suspended(&pdev->dev))
- fsl_sai_runtime_suspend(&pdev->dev);
+ if (!pm_runtime_status_suspended(dev))
+ fsl_sai_runtime_suspend(dev);
err_pm_disable:
- pm_runtime_disable(&pdev->dev);
+ pm_runtime_disable(dev);
return ret;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 217+ messages in thread
* [PATCH 5.15 002/206] ASoC: fsl_asrc fsl_esai fsl_sai: allow CONFIG_PM=N
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
2022-11-30 18:20 ` [PATCH 5.15 001/206] ASoC: fsl_sai: use local device pointer Greg Kroah-Hartman
@ 2022-11-30 18:20 ` Greg Kroah-Hartman
2022-11-30 18:20 ` [PATCH 5.15 003/206] serial: Add rs485_supported to uart_port Greg Kroah-Hartman
` (212 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:20 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Maarten Zanders, Daniel Baluta,
Mark Brown, Sasha Levin
From: Maarten Zanders <maarten.zanders@mind.be>
[ Upstream commit 6a564338a23cefcfc29c4a535b98402d13efdda6 ]
When CONFIG_PM=N, pm_runtime_put_sync() returns -ENOSYS
which breaks the probe function of these drivers.
Other users of pm_runtime_put_sync() typically don't check
the return value. In order to keep the program flow as
intended, check for -ENOSYS.
This commit is similar to commit 0434d3f (omap-mailbox.c).
Fixes: cab04ab5900f ("ASoC: fsl_asrc: Don't use devm_regmap_init_mmio_clk")
Fixes: 203773e39347 ("ASoC: fsl_esai: Don't use devm_regmap_init_mmio_clk")
Fixes: 2277e7e36b4b ("ASoC: fsl_sai: Don't use devm_regmap_init_mmio_clk")
Signed-off-by: Maarten Zanders <maarten.zanders@mind.be>
Reviewed-by: Daniel Baluta <daniel.baluta@nxp.com>
Link: https://lore.kernel.org/r/20221028141129.100702-1-maarten.zanders@mind.be
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/fsl/fsl_asrc.c | 2 +-
sound/soc/fsl/fsl_esai.c | 2 +-
sound/soc/fsl/fsl_sai.c | 2 +-
3 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/sound/soc/fsl/fsl_asrc.c b/sound/soc/fsl/fsl_asrc.c
index 44dcbf49456c..08ca410ef551 100644
--- a/sound/soc/fsl/fsl_asrc.c
+++ b/sound/soc/fsl/fsl_asrc.c
@@ -1226,7 +1226,7 @@ static int fsl_asrc_probe(struct platform_device *pdev)
}
ret = pm_runtime_put_sync(&pdev->dev);
- if (ret < 0)
+ if (ret < 0 && ret != -ENOSYS)
goto err_pm_get_sync;
ret = devm_snd_soc_register_component(&pdev->dev, &fsl_asrc_component,
diff --git a/sound/soc/fsl/fsl_esai.c b/sound/soc/fsl/fsl_esai.c
index bda66b30e063..763f5f0592af 100644
--- a/sound/soc/fsl/fsl_esai.c
+++ b/sound/soc/fsl/fsl_esai.c
@@ -1070,7 +1070,7 @@ static int fsl_esai_probe(struct platform_device *pdev)
regmap_write(esai_priv->regmap, REG_ESAI_RSMB, 0);
ret = pm_runtime_put_sync(&pdev->dev);
- if (ret < 0)
+ if (ret < 0 && ret != -ENOSYS)
goto err_pm_get_sync;
/*
diff --git a/sound/soc/fsl/fsl_sai.c b/sound/soc/fsl/fsl_sai.c
index bcf6b66a5ac0..5ba06df2ace5 100644
--- a/sound/soc/fsl/fsl_sai.c
+++ b/sound/soc/fsl/fsl_sai.c
@@ -1150,7 +1150,7 @@ static int fsl_sai_probe(struct platform_device *pdev)
}
ret = pm_runtime_put_sync(dev);
- if (ret < 0)
+ if (ret < 0 && ret != -ENOSYS)
goto err_pm_get_sync;
/*
--
2.35.1
^ permalink raw reply related [flat|nested] 217+ messages in thread
* [PATCH 5.15 003/206] serial: Add rs485_supported to uart_port
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
2022-11-30 18:20 ` [PATCH 5.15 001/206] ASoC: fsl_sai: use local device pointer Greg Kroah-Hartman
2022-11-30 18:20 ` [PATCH 5.15 002/206] ASoC: fsl_asrc fsl_esai fsl_sai: allow CONFIG_PM=N Greg Kroah-Hartman
@ 2022-11-30 18:20 ` Greg Kroah-Hartman
2022-11-30 18:20 ` [PATCH 5.15 004/206] serial: fsl_lpuart: Fill in rs485_supported Greg Kroah-Hartman
` (211 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:20 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Ilpo Järvinen, Sasha Levin
From: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
[ Upstream commit 8925c31c1ac2f1e05da988581f2a70a2a8c4d638 ]
Preparing to move serial_rs485 struct sanitization into serial core,
each driver has to provide what fields/flags it supports. This
information is pointed into by rs485_supported.
Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
Link: https://lore.kernel.org/r/20220606100433.13793-4-ilpo.jarvinen@linux.intel.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Stable-dep-of: 76bad3f88750 ("tty: serial: fsl_lpuart: don't break the on-going transfer when global reset")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/tty/serial/8250/8250_core.c | 1 +
include/linux/serial_core.h | 1 +
2 files changed, 2 insertions(+)
diff --git a/drivers/tty/serial/8250/8250_core.c b/drivers/tty/serial/8250/8250_core.c
index c3348d5af922..f3bfaa1a794b 100644
--- a/drivers/tty/serial/8250/8250_core.c
+++ b/drivers/tty/serial/8250/8250_core.c
@@ -1016,6 +1016,7 @@ int serial8250_register_8250_port(const struct uart_8250_port *up)
uart->port.throttle = up->port.throttle;
uart->port.unthrottle = up->port.unthrottle;
uart->port.rs485_config = up->port.rs485_config;
+ uart->port.rs485_supported = up->port.rs485_supported;
uart->port.rs485 = up->port.rs485;
uart->rs485_start_tx = up->rs485_start_tx;
uart->rs485_stop_tx = up->rs485_stop_tx;
diff --git a/include/linux/serial_core.h b/include/linux/serial_core.h
index 86fa187f6d65..d5b6b1550d59 100644
--- a/include/linux/serial_core.h
+++ b/include/linux/serial_core.h
@@ -254,6 +254,7 @@ struct uart_port {
struct attribute_group *attr_group; /* port specific attributes */
const struct attribute_group **tty_groups; /* all attributes (serial core use only) */
struct serial_rs485 rs485;
+ const struct serial_rs485 *rs485_supported; /* Supported mask for serial_rs485 */
struct gpio_desc *rs485_term_gpio; /* enable RS485 bus termination */
struct serial_iso7816 iso7816;
void *private_data; /* generic platform data pointer */
--
2.35.1
^ permalink raw reply related [flat|nested] 217+ messages in thread
* [PATCH 5.15 004/206] serial: fsl_lpuart: Fill in rs485_supported
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (2 preceding siblings ...)
2022-11-30 18:20 ` [PATCH 5.15 003/206] serial: Add rs485_supported to uart_port Greg Kroah-Hartman
@ 2022-11-30 18:20 ` Greg Kroah-Hartman
2022-11-30 18:20 ` [PATCH 5.15 005/206] tty: serial: fsl_lpuart: dont break the on-going transfer when global reset Greg Kroah-Hartman
` (210 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:20 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Ilpo Järvinen, Sasha Levin
From: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
[ Upstream commit 07481f448b635d7cebb92d5940f5bea5c4395a26 ]
Add information on supported serial_rs485 features.
Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
Link: https://lore.kernel.org/r/20220606100433.13793-16-ilpo.jarvinen@linux.intel.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Stable-dep-of: 76bad3f88750 ("tty: serial: fsl_lpuart: don't break the on-going transfer when global reset")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/tty/serial/fsl_lpuart.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/drivers/tty/serial/fsl_lpuart.c b/drivers/tty/serial/fsl_lpuart.c
index 44ed4285e1ef..1d13d88ea363 100644
--- a/drivers/tty/serial/fsl_lpuart.c
+++ b/drivers/tty/serial/fsl_lpuart.c
@@ -2644,6 +2644,11 @@ static struct uart_driver lpuart_reg = {
.cons = LPUART_CONSOLE,
};
+static const struct serial_rs485 lpuart_rs485_supported = {
+ .flags = SER_RS485_ENABLED | SER_RS485_RTS_ON_SEND | SER_RS485_RTS_AFTER_SEND,
+ /* delay_rts_* and RX_DURING_TX are not supported */
+};
+
static int lpuart_probe(struct platform_device *pdev)
{
const struct lpuart_soc_data *sdata = of_device_get_match_data(&pdev->dev);
@@ -2683,6 +2688,7 @@ static int lpuart_probe(struct platform_device *pdev)
sport->port.rs485_config = lpuart32_config_rs485;
else
sport->port.rs485_config = lpuart_config_rs485;
+ sport->port.rs485_supported = &lpuart_rs485_supported;
sport->ipg_clk = devm_clk_get(&pdev->dev, "ipg");
if (IS_ERR(sport->ipg_clk)) {
--
2.35.1
^ permalink raw reply related [flat|nested] 217+ messages in thread
* [PATCH 5.15 005/206] tty: serial: fsl_lpuart: dont break the on-going transfer when global reset
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (3 preceding siblings ...)
2022-11-30 18:20 ` [PATCH 5.15 004/206] serial: fsl_lpuart: Fill in rs485_supported Greg Kroah-Hartman
@ 2022-11-30 18:20 ` Greg Kroah-Hartman
2022-11-30 18:20 ` [PATCH 5.15 006/206] sctp: remove the unnecessary sinfo_stream check in sctp_prsctp_prune_unsent Greg Kroah-Hartman
` (209 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:20 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Sherry Sun, Sasha Levin
From: Sherry Sun <sherry.sun@nxp.com>
[ Upstream commit 76bad3f88750f8cc465c489e6846249e0bc3d8f5 ]
lpuart_global_reset() shouldn't break the on-going transmit engine, need
to recover the on-going data transfer after reset.
This can help earlycon here, since commit 60f361722ad2 ("serial:
fsl_lpuart: Reset prior to registration") moved lpuart_global_reset()
before uart_add_one_port(), earlycon is writing during global reset,
as global reset will disable the TX and clear the baud rate register,
which caused the earlycon cannot work any more after reset, needs to
restore the baud rate and re-enable the transmitter to recover the
earlycon write.
Also move the lpuart_global_reset() down, then we can reuse the
lpuart32_tx_empty() without declaration.
Fixes: bd5305dcabbc ("tty: serial: fsl_lpuart: do software reset for imx7ulp and imx8qxp")
Signed-off-by: Sherry Sun <sherry.sun@nxp.com>
Link: https://lore.kernel.org/r/20221024085844.22786-1-sherry.sun@nxp.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/tty/serial/fsl_lpuart.c | 76 +++++++++++++++++++++------------
1 file changed, 49 insertions(+), 27 deletions(-)
diff --git a/drivers/tty/serial/fsl_lpuart.c b/drivers/tty/serial/fsl_lpuart.c
index 1d13d88ea363..595430aedc0d 100644
--- a/drivers/tty/serial/fsl_lpuart.c
+++ b/drivers/tty/serial/fsl_lpuart.c
@@ -12,6 +12,7 @@
#include <linux/dmaengine.h>
#include <linux/dmapool.h>
#include <linux/io.h>
+#include <linux/iopoll.h>
#include <linux/irq.h>
#include <linux/module.h>
#include <linux/of.h>
@@ -395,33 +396,6 @@ static unsigned int lpuart_get_baud_clk_rate(struct lpuart_port *sport)
#define lpuart_enable_clks(x) __lpuart_enable_clks(x, true)
#define lpuart_disable_clks(x) __lpuart_enable_clks(x, false)
-static int lpuart_global_reset(struct lpuart_port *sport)
-{
- struct uart_port *port = &sport->port;
- void __iomem *global_addr;
- int ret;
-
- if (uart_console(port))
- return 0;
-
- ret = clk_prepare_enable(sport->ipg_clk);
- if (ret) {
- dev_err(sport->port.dev, "failed to enable uart ipg clk: %d\n", ret);
- return ret;
- }
-
- if (is_imx7ulp_lpuart(sport) || is_imx8qxp_lpuart(sport)) {
- global_addr = port->membase + UART_GLOBAL - IMX_REG_OFF;
- writel(UART_GLOBAL_RST, global_addr);
- usleep_range(GLOBAL_RST_MIN_US, GLOBAL_RST_MAX_US);
- writel(0, global_addr);
- usleep_range(GLOBAL_RST_MIN_US, GLOBAL_RST_MAX_US);
- }
-
- clk_disable_unprepare(sport->ipg_clk);
- return 0;
-}
-
static void lpuart_stop_tx(struct uart_port *port)
{
unsigned char temp;
@@ -2649,6 +2623,54 @@ static const struct serial_rs485 lpuart_rs485_supported = {
/* delay_rts_* and RX_DURING_TX are not supported */
};
+static int lpuart_global_reset(struct lpuart_port *sport)
+{
+ struct uart_port *port = &sport->port;
+ void __iomem *global_addr;
+ unsigned long ctrl, bd;
+ unsigned int val = 0;
+ int ret;
+
+ ret = clk_prepare_enable(sport->ipg_clk);
+ if (ret) {
+ dev_err(sport->port.dev, "failed to enable uart ipg clk: %d\n", ret);
+ return ret;
+ }
+
+ if (is_imx7ulp_lpuart(sport) || is_imx8qxp_lpuart(sport)) {
+ /*
+ * If the transmitter is used by earlycon, wait for transmit engine to
+ * complete and then reset.
+ */
+ ctrl = lpuart32_read(port, UARTCTRL);
+ if (ctrl & UARTCTRL_TE) {
+ bd = lpuart32_read(&sport->port, UARTBAUD);
+ if (read_poll_timeout(lpuart32_tx_empty, val, val, 1, 100000, false,
+ port)) {
+ dev_warn(sport->port.dev,
+ "timeout waiting for transmit engine to complete\n");
+ clk_disable_unprepare(sport->ipg_clk);
+ return 0;
+ }
+ }
+
+ global_addr = port->membase + UART_GLOBAL - IMX_REG_OFF;
+ writel(UART_GLOBAL_RST, global_addr);
+ usleep_range(GLOBAL_RST_MIN_US, GLOBAL_RST_MAX_US);
+ writel(0, global_addr);
+ usleep_range(GLOBAL_RST_MIN_US, GLOBAL_RST_MAX_US);
+
+ /* Recover the transmitter for earlycon. */
+ if (ctrl & UARTCTRL_TE) {
+ lpuart32_write(port, bd, UARTBAUD);
+ lpuart32_write(port, ctrl, UARTCTRL);
+ }
+ }
+
+ clk_disable_unprepare(sport->ipg_clk);
+ return 0;
+}
+
static int lpuart_probe(struct platform_device *pdev)
{
const struct lpuart_soc_data *sdata = of_device_get_match_data(&pdev->dev);
--
2.35.1
^ permalink raw reply related [flat|nested] 217+ messages in thread
* [PATCH 5.15 006/206] sctp: remove the unnecessary sinfo_stream check in sctp_prsctp_prune_unsent
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (4 preceding siblings ...)
2022-11-30 18:20 ` [PATCH 5.15 005/206] tty: serial: fsl_lpuart: dont break the on-going transfer when global reset Greg Kroah-Hartman
@ 2022-11-30 18:20 ` Greg Kroah-Hartman
2022-11-30 18:20 ` [PATCH 5.15 007/206] sctp: clear out_curr if all frag chunks of current msg are pruned Greg Kroah-Hartman
` (208 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:20 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Xin Long, Jakub Kicinski, Sasha Levin
From: Xin Long <lucien.xin@gmail.com>
[ Upstream commit 9f0b773210c27a8f5d98ddb2fc4ba60a42a3285f ]
Since commit 5bbbbe32a431 ("sctp: introduce stream scheduler foundations"),
sctp_stream_outq_migrate() has been called in sctp_stream_init/update to
removes those chunks to streams higher than the new max. There is no longer
need to do such check in sctp_prsctp_prune_unsent().
Signed-off-by: Xin Long <lucien.xin@gmail.com>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Stable-dep-of: 2f201ae14ae0 ("sctp: clear out_curr if all frag chunks of current msg are pruned")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/sctp/outqueue.c | 8 +++-----
1 file changed, 3 insertions(+), 5 deletions(-)
diff --git a/net/sctp/outqueue.c b/net/sctp/outqueue.c
index b3950963fc8f..6fcc4ff97f94 100644
--- a/net/sctp/outqueue.c
+++ b/net/sctp/outqueue.c
@@ -384,6 +384,7 @@ static int sctp_prsctp_prune_unsent(struct sctp_association *asoc,
{
struct sctp_outq *q = &asoc->outqueue;
struct sctp_chunk *chk, *temp;
+ struct sctp_stream_out *sout;
q->sched->unsched_all(&asoc->stream);
@@ -398,12 +399,9 @@ static int sctp_prsctp_prune_unsent(struct sctp_association *asoc,
sctp_sched_dequeue_common(q, chk);
asoc->sent_cnt_removable--;
asoc->abandoned_unsent[SCTP_PR_INDEX(PRIO)]++;
- if (chk->sinfo.sinfo_stream < asoc->stream.outcnt) {
- struct sctp_stream_out *streamout =
- SCTP_SO(&asoc->stream, chk->sinfo.sinfo_stream);
- streamout->ext->abandoned_unsent[SCTP_PR_INDEX(PRIO)]++;
- }
+ sout = SCTP_SO(&asoc->stream, chk->sinfo.sinfo_stream);
+ sout->ext->abandoned_unsent[SCTP_PR_INDEX(PRIO)]++;
msg_len -= chk->skb->truesize + sizeof(struct sctp_chunk);
sctp_chunk_free(chk);
--
2.35.1
^ permalink raw reply related [flat|nested] 217+ messages in thread
* [PATCH 5.15 007/206] sctp: clear out_curr if all frag chunks of current msg are pruned
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (5 preceding siblings ...)
2022-11-30 18:20 ` [PATCH 5.15 006/206] sctp: remove the unnecessary sinfo_stream check in sctp_prsctp_prune_unsent Greg Kroah-Hartman
@ 2022-11-30 18:20 ` Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 5.15 008/206] cifs: introduce new helper for cifs_reconnect() Greg Kroah-Hartman
` (207 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:20 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Zhen Chen, Caowangbao, Xin Long,
Jakub Kicinski, Sasha Levin
From: Xin Long <lucien.xin@gmail.com>
[ Upstream commit 2f201ae14ae0f91dbf1cffea7bb1e29e81d4d108 ]
A crash was reported by Zhen Chen:
list_del corruption, ffffa035ddf01c18->next is NULL
WARNING: CPU: 1 PID: 250682 at lib/list_debug.c:49 __list_del_entry_valid+0x59/0xe0
RIP: 0010:__list_del_entry_valid+0x59/0xe0
Call Trace:
sctp_sched_dequeue_common+0x17/0x70 [sctp]
sctp_sched_fcfs_dequeue+0x37/0x50 [sctp]
sctp_outq_flush_data+0x85/0x360 [sctp]
sctp_outq_uncork+0x77/0xa0 [sctp]
sctp_cmd_interpreter.constprop.0+0x164/0x1450 [sctp]
sctp_side_effects+0x37/0xe0 [sctp]
sctp_do_sm+0xd0/0x230 [sctp]
sctp_primitive_SEND+0x2f/0x40 [sctp]
sctp_sendmsg_to_asoc+0x3fa/0x5c0 [sctp]
sctp_sendmsg+0x3d5/0x440 [sctp]
sock_sendmsg+0x5b/0x70
and in sctp_sched_fcfs_dequeue() it dequeued a chunk from stream
out_curr outq while this outq was empty.
Normally stream->out_curr must be set to NULL once all frag chunks of
current msg are dequeued, as we can see in sctp_sched_dequeue_done().
However, in sctp_prsctp_prune_unsent() as it is not a proper dequeue,
sctp_sched_dequeue_done() is not called to do this.
This patch is to fix it by simply setting out_curr to NULL when the
last frag chunk of current msg is dequeued from out_curr stream in
sctp_prsctp_prune_unsent().
Fixes: 5bbbbe32a431 ("sctp: introduce stream scheduler foundations")
Reported-by: Zhen Chen <chenzhen126@huawei.com>
Tested-by: Caowangbao <caowangbao@huawei.com>
Signed-off-by: Xin Long <lucien.xin@gmail.com>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/sctp/outqueue.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/net/sctp/outqueue.c b/net/sctp/outqueue.c
index 6fcc4ff97f94..dc29ac0f8d3f 100644
--- a/net/sctp/outqueue.c
+++ b/net/sctp/outqueue.c
@@ -403,6 +403,11 @@ static int sctp_prsctp_prune_unsent(struct sctp_association *asoc,
sout = SCTP_SO(&asoc->stream, chk->sinfo.sinfo_stream);
sout->ext->abandoned_unsent[SCTP_PR_INDEX(PRIO)]++;
+ /* clear out_curr if all frag chunks are pruned */
+ if (asoc->stream.out_curr == sout &&
+ list_is_last(&chk->frag_list, &chk->msg->chunks))
+ asoc->stream.out_curr = NULL;
+
msg_len -= chk->skb->truesize + sizeof(struct sctp_chunk);
sctp_chunk_free(chk);
if (msg_len <= 0)
--
2.35.1
^ permalink raw reply related [flat|nested] 217+ messages in thread
* [PATCH 5.15 008/206] cifs: introduce new helper for cifs_reconnect()
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (6 preceding siblings ...)
2022-11-30 18:20 ` [PATCH 5.15 007/206] sctp: clear out_curr if all frag chunks of current msg are pruned Greg Kroah-Hartman
@ 2022-11-30 18:21 ` Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 5.15 009/206] cifs: split out dfs code from cifs_reconnect() Greg Kroah-Hartman
` (206 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:21 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Paulo Alcantara (SUSE),
Shyam Prasad N, Steve French, Sasha Levin
From: Paulo Alcantara <pc@cjr.nz>
[ Upstream commit 43b459aa5e222cb6610dac8723b40c19532ea00d ]
Create cifs_mark_tcp_ses_conns_for_reconnect() helper to mark all
sessions and tcons for reconnect when reconnecting tcp server.
Signed-off-by: Paulo Alcantara (SUSE) <pc@cjr.nz>
Reviewed-by: Shyam Prasad N <sprasad@microsoft.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
Stable-dep-of: 1dcdf5f5b213 ("cifs: Fix connections leak when tlink setup failed")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/cifs/connect.c | 139 +++++++++++++++++++++++++---------------------
1 file changed, 75 insertions(+), 64 deletions(-)
diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c
index ad5c935f7f06..ed429a442808 100644
--- a/fs/cifs/connect.c
+++ b/fs/cifs/connect.c
@@ -199,80 +199,29 @@ static inline int reconn_setup_dfs_targets(struct cifs_sb_info *cifs_sb,
}
#endif
-/*
- * cifs tcp session reconnection
+/**
+ * Mark all sessions and tcons for reconnect.
*
- * mark tcp session as reconnecting so temporarily locked
- * mark all smb sessions as reconnecting for tcp session
- * reconnect tcp session
- * wake up waiters on reconnection? - (not needed currently)
+ * @server needs to be previously set to CifsNeedReconnect.
*/
-int
-cifs_reconnect(struct TCP_Server_Info *server)
+static void cifs_mark_tcp_ses_conns_for_reconnect(struct TCP_Server_Info *server)
{
- int rc = 0;
struct list_head *tmp, *tmp2;
struct cifs_ses *ses;
struct cifs_tcon *tcon;
struct mid_q_entry *mid_entry;
struct list_head retry_list;
-#ifdef CONFIG_CIFS_DFS_UPCALL
- struct super_block *sb = NULL;
- struct cifs_sb_info *cifs_sb = NULL;
- struct dfs_cache_tgt_list tgt_list = DFS_CACHE_TGT_LIST_INIT(tgt_list);
- struct dfs_cache_tgt_iterator *tgt_it = NULL;
-#endif
- spin_lock(&GlobalMid_Lock);
- server->nr_targets = 1;
-#ifdef CONFIG_CIFS_DFS_UPCALL
- spin_unlock(&GlobalMid_Lock);
- sb = cifs_get_tcp_super(server);
- if (IS_ERR(sb)) {
- rc = PTR_ERR(sb);
- cifs_dbg(FYI, "%s: will not do DFS failover: rc = %d\n",
- __func__, rc);
- sb = NULL;
- } else {
- cifs_sb = CIFS_SB(sb);
- rc = reconn_setup_dfs_targets(cifs_sb, &tgt_list);
- if (rc) {
- cifs_sb = NULL;
- if (rc != -EOPNOTSUPP) {
- cifs_server_dbg(VFS, "%s: no target servers for DFS failover\n",
- __func__);
- }
- } else {
- server->nr_targets = dfs_cache_get_nr_tgts(&tgt_list);
- }
- }
- cifs_dbg(FYI, "%s: will retry %d target(s)\n", __func__,
- server->nr_targets);
- spin_lock(&GlobalMid_Lock);
-#endif
- if (server->tcpStatus == CifsExiting) {
- /* the demux thread will exit normally
- next time through the loop */
- spin_unlock(&GlobalMid_Lock);
-#ifdef CONFIG_CIFS_DFS_UPCALL
- dfs_cache_free_tgts(&tgt_list);
- cifs_put_tcp_super(sb);
-#endif
- wake_up(&server->response_q);
- return rc;
- } else
- server->tcpStatus = CifsNeedReconnect;
- spin_unlock(&GlobalMid_Lock);
server->maxBuf = 0;
server->max_read = 0;
cifs_dbg(FYI, "Mark tcp session as need reconnect\n");
trace_smb3_reconnect(server->CurrentMid, server->conn_id, server->hostname);
-
- /* before reconnecting the tcp session, mark the smb session (uid)
- and the tid bad so they are not used until reconnected */
- cifs_dbg(FYI, "%s: marking sessions and tcons for reconnect\n",
- __func__);
+ /*
+ * before reconnecting the tcp session, mark the smb session (uid) and the tid bad so they
+ * are not used until reconnected.
+ */
+ cifs_dbg(FYI, "%s: marking sessions and tcons for reconnect\n", __func__);
spin_lock(&cifs_tcp_ses_lock);
list_for_each(tmp, &server->smb_ses_list) {
ses = list_entry(tmp, struct cifs_ses, smb_ses_list);
@@ -290,11 +239,11 @@ cifs_reconnect(struct TCP_Server_Info *server)
cifs_dbg(FYI, "%s: tearing down socket\n", __func__);
mutex_lock(&server->srv_mutex);
if (server->ssocket) {
- cifs_dbg(FYI, "State: 0x%x Flags: 0x%lx\n",
- server->ssocket->state, server->ssocket->flags);
+ cifs_dbg(FYI, "State: 0x%x Flags: 0x%lx\n", server->ssocket->state,
+ server->ssocket->flags);
kernel_sock_shutdown(server->ssocket, SHUT_WR);
- cifs_dbg(FYI, "Post shutdown state: 0x%x Flags: 0x%lx\n",
- server->ssocket->state, server->ssocket->flags);
+ cifs_dbg(FYI, "Post shutdown state: 0x%x Flags: 0x%lx\n", server->ssocket->state,
+ server->ssocket->flags);
sock_release(server->ssocket);
server->ssocket = NULL;
}
@@ -333,6 +282,68 @@ cifs_reconnect(struct TCP_Server_Info *server)
smbd_destroy(server);
mutex_unlock(&server->srv_mutex);
}
+}
+
+/*
+ * cifs tcp session reconnection
+ *
+ * mark tcp session as reconnecting so temporarily locked
+ * mark all smb sessions as reconnecting for tcp session
+ * reconnect tcp session
+ * wake up waiters on reconnection? - (not needed currently)
+ */
+int
+cifs_reconnect(struct TCP_Server_Info *server)
+{
+ int rc = 0;
+#ifdef CONFIG_CIFS_DFS_UPCALL
+ struct super_block *sb = NULL;
+ struct cifs_sb_info *cifs_sb = NULL;
+ struct dfs_cache_tgt_list tgt_list = DFS_CACHE_TGT_LIST_INIT(tgt_list);
+ struct dfs_cache_tgt_iterator *tgt_it = NULL;
+#endif
+
+ spin_lock(&GlobalMid_Lock);
+ server->nr_targets = 1;
+#ifdef CONFIG_CIFS_DFS_UPCALL
+ spin_unlock(&GlobalMid_Lock);
+ sb = cifs_get_tcp_super(server);
+ if (IS_ERR(sb)) {
+ rc = PTR_ERR(sb);
+ cifs_dbg(FYI, "%s: will not do DFS failover: rc = %d\n",
+ __func__, rc);
+ sb = NULL;
+ } else {
+ cifs_sb = CIFS_SB(sb);
+ rc = reconn_setup_dfs_targets(cifs_sb, &tgt_list);
+ if (rc) {
+ cifs_sb = NULL;
+ if (rc != -EOPNOTSUPP) {
+ cifs_server_dbg(VFS, "%s: no target servers for DFS failover\n",
+ __func__);
+ }
+ } else {
+ server->nr_targets = dfs_cache_get_nr_tgts(&tgt_list);
+ }
+ }
+ cifs_dbg(FYI, "%s: will retry %d target(s)\n", __func__,
+ server->nr_targets);
+ spin_lock(&GlobalMid_Lock);
+#endif
+ if (server->tcpStatus == CifsExiting) {
+ /* the demux thread will exit normally next time through the loop */
+ spin_unlock(&GlobalMid_Lock);
+#ifdef CONFIG_CIFS_DFS_UPCALL
+ dfs_cache_free_tgts(&tgt_list);
+ cifs_put_tcp_super(sb);
+#endif
+ wake_up(&server->response_q);
+ return rc;
+ } else
+ server->tcpStatus = CifsNeedReconnect;
+ spin_unlock(&GlobalMid_Lock);
+
+ cifs_mark_tcp_ses_conns_for_reconnect(server);
do {
try_to_freeze();
--
2.35.1
^ permalink raw reply related [flat|nested] 217+ messages in thread
* [PATCH 5.15 009/206] cifs: split out dfs code from cifs_reconnect()
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (7 preceding siblings ...)
2022-11-30 18:21 ` [PATCH 5.15 008/206] cifs: introduce new helper for cifs_reconnect() Greg Kroah-Hartman
@ 2022-11-30 18:21 ` Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 5.15 010/206] cifs: support nested dfs links over reconnect Greg Kroah-Hartman
` (205 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:21 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Paulo Alcantara (SUSE),
Shyam Prasad N, Steve French, Sasha Levin
From: Paulo Alcantara <pc@cjr.nz>
[ Upstream commit bbcce368044572d0802c3bbb8ef3fe98f581d803 ]
Make two separate functions that handle dfs and non-dfs reconnect
logics since cifs_reconnect() became way too complex to handle both.
While at it, add some documentation.
Signed-off-by: Paulo Alcantara (SUSE) <pc@cjr.nz>
Reviewed-by: Shyam Prasad N <sprasad@microsoft.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
Stable-dep-of: 1dcdf5f5b213 ("cifs: Fix connections leak when tlink setup failed")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/cifs/connect.c | 295 +++++++++++++++++++++++++---------------------
1 file changed, 162 insertions(+), 133 deletions(-)
diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c
index ed429a442808..5d87d5c01762 100644
--- a/fs/cifs/connect.c
+++ b/fs/cifs/connect.c
@@ -148,57 +148,6 @@ static void cifs_resolve_server(struct work_struct *work)
mutex_unlock(&server->srv_mutex);
}
-#ifdef CONFIG_CIFS_DFS_UPCALL
-/* These functions must be called with server->srv_mutex held */
-static void reconn_set_next_dfs_target(struct TCP_Server_Info *server,
- struct cifs_sb_info *cifs_sb,
- struct dfs_cache_tgt_list *tgt_list,
- struct dfs_cache_tgt_iterator **tgt_it)
-{
- const char *name;
- int rc;
-
- if (!cifs_sb || !cifs_sb->origin_fullpath)
- return;
-
- if (!*tgt_it) {
- *tgt_it = dfs_cache_get_tgt_iterator(tgt_list);
- } else {
- *tgt_it = dfs_cache_get_next_tgt(tgt_list, *tgt_it);
- if (!*tgt_it)
- *tgt_it = dfs_cache_get_tgt_iterator(tgt_list);
- }
-
- cifs_dbg(FYI, "%s: UNC: %s\n", __func__, cifs_sb->origin_fullpath);
-
- name = dfs_cache_get_tgt_name(*tgt_it);
-
- kfree(server->hostname);
-
- server->hostname = extract_hostname(name);
- if (IS_ERR(server->hostname)) {
- cifs_dbg(FYI,
- "%s: failed to extract hostname from target: %ld\n",
- __func__, PTR_ERR(server->hostname));
- return;
- }
-
- rc = reconn_set_ipaddr_from_hostname(server);
- if (rc) {
- cifs_dbg(FYI, "%s: failed to resolve hostname: %d\n",
- __func__, rc);
- }
-}
-
-static inline int reconn_setup_dfs_targets(struct cifs_sb_info *cifs_sb,
- struct dfs_cache_tgt_list *tl)
-{
- if (!cifs_sb->origin_fullpath)
- return -EOPNOTSUPP;
- return dfs_cache_noreq_find(cifs_sb->origin_fullpath + 1, NULL, tl);
-}
-#endif
-
/**
* Mark all sessions and tcons for reconnect.
*
@@ -284,6 +233,21 @@ static void cifs_mark_tcp_ses_conns_for_reconnect(struct TCP_Server_Info *server
}
}
+static bool cifs_tcp_ses_needs_reconnect(struct TCP_Server_Info *server, int num_targets)
+{
+ spin_lock(&GlobalMid_Lock);
+ server->nr_targets = num_targets;
+ if (server->tcpStatus == CifsExiting) {
+ /* the demux thread will exit normally next time through the loop */
+ spin_unlock(&GlobalMid_Lock);
+ wake_up(&server->response_q);
+ return false;
+ }
+ server->tcpStatus = CifsNeedReconnect;
+ spin_unlock(&GlobalMid_Lock);
+ return true;
+}
+
/*
* cifs tcp session reconnection
*
@@ -292,90 +256,23 @@ static void cifs_mark_tcp_ses_conns_for_reconnect(struct TCP_Server_Info *server
* reconnect tcp session
* wake up waiters on reconnection? - (not needed currently)
*/
-int
-cifs_reconnect(struct TCP_Server_Info *server)
+static int __cifs_reconnect(struct TCP_Server_Info *server)
{
int rc = 0;
-#ifdef CONFIG_CIFS_DFS_UPCALL
- struct super_block *sb = NULL;
- struct cifs_sb_info *cifs_sb = NULL;
- struct dfs_cache_tgt_list tgt_list = DFS_CACHE_TGT_LIST_INIT(tgt_list);
- struct dfs_cache_tgt_iterator *tgt_it = NULL;
-#endif
- spin_lock(&GlobalMid_Lock);
- server->nr_targets = 1;
-#ifdef CONFIG_CIFS_DFS_UPCALL
- spin_unlock(&GlobalMid_Lock);
- sb = cifs_get_tcp_super(server);
- if (IS_ERR(sb)) {
- rc = PTR_ERR(sb);
- cifs_dbg(FYI, "%s: will not do DFS failover: rc = %d\n",
- __func__, rc);
- sb = NULL;
- } else {
- cifs_sb = CIFS_SB(sb);
- rc = reconn_setup_dfs_targets(cifs_sb, &tgt_list);
- if (rc) {
- cifs_sb = NULL;
- if (rc != -EOPNOTSUPP) {
- cifs_server_dbg(VFS, "%s: no target servers for DFS failover\n",
- __func__);
- }
- } else {
- server->nr_targets = dfs_cache_get_nr_tgts(&tgt_list);
- }
- }
- cifs_dbg(FYI, "%s: will retry %d target(s)\n", __func__,
- server->nr_targets);
- spin_lock(&GlobalMid_Lock);
-#endif
- if (server->tcpStatus == CifsExiting) {
- /* the demux thread will exit normally next time through the loop */
- spin_unlock(&GlobalMid_Lock);
-#ifdef CONFIG_CIFS_DFS_UPCALL
- dfs_cache_free_tgts(&tgt_list);
- cifs_put_tcp_super(sb);
-#endif
- wake_up(&server->response_q);
- return rc;
- } else
- server->tcpStatus = CifsNeedReconnect;
- spin_unlock(&GlobalMid_Lock);
+ if (!cifs_tcp_ses_needs_reconnect(server, 1))
+ return 0;
cifs_mark_tcp_ses_conns_for_reconnect(server);
do {
try_to_freeze();
-
mutex_lock(&server->srv_mutex);
-
if (!cifs_swn_set_server_dstaddr(server)) {
-#ifdef CONFIG_CIFS_DFS_UPCALL
- if (cifs_sb && cifs_sb->origin_fullpath)
- /*
- * Set up next DFS target server (if any) for reconnect. If DFS
- * feature is disabled, then we will retry last server we
- * connected to before.
- */
- reconn_set_next_dfs_target(server, cifs_sb, &tgt_list, &tgt_it);
- else {
-#endif
- /*
- * Resolve the hostname again to make sure that IP address is up-to-date.
- */
+ /* resolve the hostname again to make sure that IP address is up-to-date */
rc = reconn_set_ipaddr_from_hostname(server);
- if (rc) {
- cifs_dbg(FYI, "%s: failed to resolve hostname: %d\n",
- __func__, rc);
- }
-
-#ifdef CONFIG_CIFS_DFS_UPCALL
- }
-#endif
-
-
+ cifs_dbg(FYI, "%s: reconn_set_ipaddr_from_hostname: rc=%d\n", __func__, rc);
}
if (cifs_rdma_enabled(server))
@@ -383,8 +280,8 @@ cifs_reconnect(struct TCP_Server_Info *server)
else
rc = generic_ip_connect(server);
if (rc) {
- cifs_dbg(FYI, "reconnect error %d\n", rc);
mutex_unlock(&server->srv_mutex);
+ cifs_dbg(FYI, "%s: reconnect error %d\n", __func__, rc);
msleep(3000);
} else {
atomic_inc(&tcpSesReconnectCount);
@@ -398,19 +295,109 @@ cifs_reconnect(struct TCP_Server_Info *server)
}
} while (server->tcpStatus == CifsNeedReconnect);
+ if (server->tcpStatus == CifsNeedNegotiate)
+ mod_delayed_work(cifsiod_wq, &server->echo, 0);
+
+ wake_up(&server->response_q);
+ return rc;
+}
+
#ifdef CONFIG_CIFS_DFS_UPCALL
- if (tgt_it) {
- rc = dfs_cache_noreq_update_tgthint(cifs_sb->origin_fullpath + 1,
- tgt_it);
+static int reconnect_dfs_server(struct TCP_Server_Info *server, struct cifs_sb_info *cifs_sb)
+{
+ int rc = 0;
+ const char *refpath = cifs_sb->origin_fullpath + 1;
+ struct dfs_cache_tgt_list tl = DFS_CACHE_TGT_LIST_INIT(tl);
+ struct dfs_cache_tgt_iterator *tit = NULL;
+ int num_targets = 1;
+ char *hostname;
+
+ /*
+ * Determine the number of dfs targets the referral path in @cifs_sb resolves to.
+ *
+ * smb2_reconnect() needs to know how long it should wait based upon the number of dfs
+ * targets (server->nr_targets). It's also possible that the cached referral was cleared
+ * through /proc/fs/cifs/dfscache or the target list is empty due to server settings after
+ * refreshing the referral, so, in this case, default it to 1.
+ */
+ if (!dfs_cache_noreq_find(refpath, NULL, &tl)) {
+ num_targets = dfs_cache_get_nr_tgts(&tl);
+ if (!num_targets)
+ num_targets = 1;
+ }
+
+ if (!cifs_tcp_ses_needs_reconnect(server, num_targets))
+ return 0;
+
+ cifs_mark_tcp_ses_conns_for_reconnect(server);
+
+ do {
+ /* Get next dfs target from target list (if any) */
+ if (!tit)
+ tit = dfs_cache_get_tgt_iterator(&tl);
+ else
+ tit = dfs_cache_get_next_tgt(&tl, tit);
+
+ try_to_freeze();
+ mutex_lock(&server->srv_mutex);
+
+ if (!cifs_swn_set_server_dstaddr(server)) {
+ /*
+ * If any dfs target was selected, then update @server with either a
+ * hostname or an address.
+ */
+ if (tit) {
+ hostname = extract_hostname(dfs_cache_get_tgt_name(tit));
+ if (!IS_ERR(hostname)) {
+ kfree(server->hostname);
+ server->hostname = hostname;
+ } else {
+ cifs_dbg(FYI, "%s: couldn't extract hostname or address from dfs target: %ld\n",
+ __func__, PTR_ERR(hostname));
+ cifs_dbg(FYI, "%s: default to last target server: %s\n",
+ __func__, server->hostname);
+ }
+ }
+ /* resolve the hostname again to make sure that IP address is up-to-date. */
+ rc = reconn_set_ipaddr_from_hostname(server);
+ cifs_dbg(FYI, "%s: reconn_set_ipaddr_from_hostname: rc=%d\n", __func__, rc);
+ }
+
+ /* Reconnect the socket */
+ if (cifs_rdma_enabled(server))
+ rc = smbd_reconnect(server);
+ else
+ rc = generic_ip_connect(server);
+
if (rc) {
- cifs_server_dbg(VFS, "%s: failed to update DFS target hint: rc = %d\n",
- __func__, rc);
+ /* Failed to reconnect socket. Retry next dfs target. */
+ mutex_unlock(&server->srv_mutex);
+ cifs_dbg(FYI, "%s: reconnect error %d\n", __func__, rc);
+ msleep(3000);
+ continue;
}
- dfs_cache_free_tgts(&tgt_list);
- }
- cifs_put_tcp_super(sb);
-#endif
+ /*
+ * Socket was created. Update tcp session status to CifsNeedNegotiate so that a
+ * process waiting for reconnect will know it needs to re-establish session and tcon
+ * through the reconnected target server.
+ */
+ atomic_inc(&tcpSesReconnectCount);
+ set_credits(server, 1);
+ spin_lock(&GlobalMid_Lock);
+ if (server->tcpStatus != CifsExiting)
+ server->tcpStatus = CifsNeedNegotiate;
+ spin_unlock(&GlobalMid_Lock);
+ cifs_swn_reset_server_dstaddr(server);
+ mutex_unlock(&server->srv_mutex);
+ } while (server->tcpStatus == CifsNeedReconnect);
+
+ if (tit)
+ dfs_cache_noreq_update_tgthint(refpath, tit);
+
+ dfs_cache_free_tgts(&tl);
+
+ /* Need to set up echo worker again once connection has been established */
if (server->tcpStatus == CifsNeedNegotiate)
mod_delayed_work(cifsiod_wq, &server->echo, 0);
@@ -418,6 +405,48 @@ cifs_reconnect(struct TCP_Server_Info *server)
return rc;
}
+int cifs_reconnect(struct TCP_Server_Info *server)
+{
+ int rc;
+ struct super_block *sb;
+ struct cifs_sb_info *cifs_sb;
+
+ /*
+ * If tcp session is not an dfs connection or it is a channel, then reconnect to last target
+ * server.
+ */
+ spin_lock(&cifs_tcp_ses_lock);
+ if (!server->is_dfs_conn || server->is_channel) {
+ spin_unlock(&cifs_tcp_ses_lock);
+ return __cifs_reconnect(server);
+ }
+ spin_unlock(&cifs_tcp_ses_lock);
+
+ /* If no superblock, then it might be an ipc connection */
+ sb = cifs_get_tcp_super(server);
+ if (IS_ERR(sb))
+ return __cifs_reconnect(server);
+
+ /*
+ * Check for a referral path to look up in superblock. If unset, then simply reconnect to
+ * last target server.
+ */
+ cifs_sb = CIFS_SB(sb);
+ if (!cifs_sb->origin_fullpath || !cifs_sb->origin_fullpath[0])
+ rc = __cifs_reconnect(server);
+ else
+ rc = reconnect_dfs_server(server, cifs_sb);
+
+ cifs_put_tcp_super(sb);
+ return rc;
+}
+#else
+int cifs_reconnect(struct TCP_Server_Info *server)
+{
+ return __cifs_reconnect(server);
+}
+#endif
+
static void
cifs_echo_request(struct work_struct *work)
{
--
2.35.1
^ permalink raw reply related [flat|nested] 217+ messages in thread
* [PATCH 5.15 010/206] cifs: support nested dfs links over reconnect
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (8 preceding siblings ...)
2022-11-30 18:21 ` [PATCH 5.15 009/206] cifs: split out dfs code from cifs_reconnect() Greg Kroah-Hartman
@ 2022-11-30 18:21 ` Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 5.15 011/206] cifs: Fix connections leak when tlink setup failed Greg Kroah-Hartman
` (204 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:21 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Paulo Alcantara (SUSE),
Steve French, Sasha Levin
From: Paulo Alcantara <pc@cjr.nz>
[ Upstream commit c88f7dcd6d6429197fc2fd87b54a894ffcd48e8e ]
Mounting a dfs link that has nested links was already supported at
mount(2), so make it work over reconnect as well.
Make the following case work:
* mount //root/dfs/link /mnt -o ...
- final share: /server/share
* in server settings
- change target folder of /root/dfs/link3 to /server/share2
- change target folder of /root/dfs/link2 to /root/dfs/link3
- change target folder of /root/dfs/link to /root/dfs/link2
* mount -o remount,... /mnt
- refresh all dfs referrals
- mark current connection for failover
- cifs_reconnect() reconnects to root server
- tree_connect()
* checks that /root/dfs/link2 is a link, then chase it
* checks that root/dfs/link3 is a link, then chase it
* finally tree connect to /server/share2
If the mounted share is no longer accessible and a reconnect had been
triggered, the client will retry it from both last referral
path (/root/dfs/link3) and original referral path (/root/dfs/link).
Any new referral paths found while chasing dfs links over reconnect,
it will be updated to TCP_Server_Info::leaf_fullpath, accordingly.
Signed-off-by: Paulo Alcantara (SUSE) <pc@cjr.nz>
Signed-off-by: Steve French <stfrench@microsoft.com>
Stable-dep-of: 1dcdf5f5b213 ("cifs: Fix connections leak when tlink setup failed")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/cifs/cifs_dfs_ref.c | 59 +--
fs/cifs/cifs_fs_sb.h | 5 -
fs/cifs/cifsglob.h | 24 +-
fs/cifs/cifsproto.h | 5 +-
fs/cifs/connect.c | 1138 ++++++++++++++++++++--------------------
fs/cifs/dfs_cache.c | 44 +-
fs/cifs/misc.c | 62 +--
fs/cifs/smb2ops.c | 10 +-
fs/cifs/smb2pdu.c | 6 +-
9 files changed, 660 insertions(+), 693 deletions(-)
diff --git a/fs/cifs/cifs_dfs_ref.c b/fs/cifs/cifs_dfs_ref.c
index 007427ba75e5..b0864da9ef43 100644
--- a/fs/cifs/cifs_dfs_ref.c
+++ b/fs/cifs/cifs_dfs_ref.c
@@ -307,12 +307,8 @@ static struct vfsmount *cifs_dfs_do_mount(struct dentry *mntpt,
static struct vfsmount *cifs_dfs_do_automount(struct dentry *mntpt)
{
struct cifs_sb_info *cifs_sb;
- struct cifs_ses *ses;
- struct cifs_tcon *tcon;
void *page;
- char *full_path, *root_path;
- unsigned int xid;
- int rc;
+ char *full_path;
struct vfsmount *mnt;
cifs_dbg(FYI, "in %s\n", __func__);
@@ -324,8 +320,6 @@ static struct vfsmount *cifs_dfs_do_automount(struct dentry *mntpt)
* the double backslashes usually used in the UNC. This function
* gives us the latter, so we must adjust the result.
*/
- mnt = ERR_PTR(-ENOMEM);
-
cifs_sb = CIFS_SB(mntpt->d_sb);
if (cifs_sb->mnt_cifs_flags & CIFS_MOUNT_NO_DFS) {
mnt = ERR_PTR(-EREMOTE);
@@ -341,60 +335,11 @@ static struct vfsmount *cifs_dfs_do_automount(struct dentry *mntpt)
}
convert_delimiter(full_path, '\\');
-
cifs_dbg(FYI, "%s: full_path: %s\n", __func__, full_path);
- if (!cifs_sb_master_tlink(cifs_sb)) {
- cifs_dbg(FYI, "%s: master tlink is NULL\n", __func__);
- goto free_full_path;
- }
-
- tcon = cifs_sb_master_tcon(cifs_sb);
- if (!tcon) {
- cifs_dbg(FYI, "%s: master tcon is NULL\n", __func__);
- goto free_full_path;
- }
-
- root_path = kstrdup(tcon->treeName, GFP_KERNEL);
- if (!root_path) {
- mnt = ERR_PTR(-ENOMEM);
- goto free_full_path;
- }
- cifs_dbg(FYI, "%s: root path: %s\n", __func__, root_path);
-
- ses = tcon->ses;
- xid = get_xid();
-
- /*
- * If DFS root has been expired, then unconditionally fetch it again to
- * refresh DFS referral cache.
- */
- rc = dfs_cache_find(xid, ses, cifs_sb->local_nls, cifs_remap(cifs_sb),
- root_path + 1, NULL, NULL);
- if (!rc) {
- rc = dfs_cache_find(xid, ses, cifs_sb->local_nls,
- cifs_remap(cifs_sb), full_path + 1,
- NULL, NULL);
- }
-
- free_xid(xid);
-
- if (rc) {
- mnt = ERR_PTR(rc);
- goto free_root_path;
- }
- /*
- * OK - we were able to get and cache a referral for @full_path.
- *
- * Now, pass it down to cifs_mount() and it will retry every available
- * node server in case of failures - no need to do it here.
- */
mnt = cifs_dfs_do_mount(mntpt, cifs_sb, full_path);
- cifs_dbg(FYI, "%s: cifs_dfs_do_mount:%s , mnt:%p\n", __func__,
- full_path + 1, mnt);
+ cifs_dbg(FYI, "%s: cifs_dfs_do_mount:%s , mnt:%p\n", __func__, full_path + 1, mnt);
-free_root_path:
- kfree(root_path);
free_full_path:
free_dentry_path(page);
cdda_exit:
diff --git a/fs/cifs/cifs_fs_sb.h b/fs/cifs/cifs_fs_sb.h
index f97407520ea1..013a4bd65280 100644
--- a/fs/cifs/cifs_fs_sb.h
+++ b/fs/cifs/cifs_fs_sb.h
@@ -61,11 +61,6 @@ struct cifs_sb_info {
/* only used when CIFS_MOUNT_USE_PREFIX_PATH is set */
char *prepath;
- /*
- * Canonical DFS path initially provided by the mount call. We might connect to something
- * different via DFS but we want to keep it to do failover properly.
- */
- char *origin_fullpath; /* \\HOST\SHARE\[OPTIONAL PATH] */
/* randomly generated 128-bit number for indexing dfs mount groups in referral cache */
uuid_t dfs_mount_id;
/*
diff --git a/fs/cifs/cifsglob.h b/fs/cifs/cifsglob.h
index a97ed30843cf..1ab72c3d0bff 100644
--- a/fs/cifs/cifsglob.h
+++ b/fs/cifs/cifsglob.h
@@ -693,6 +693,19 @@ struct TCP_Server_Info {
#endif
#ifdef CONFIG_CIFS_DFS_UPCALL
bool is_dfs_conn; /* if a dfs connection */
+ struct mutex refpath_lock; /* protects leaf_fullpath */
+ /*
+ * Canonical DFS full paths that were used to chase referrals in mount and reconnect.
+ *
+ * origin_fullpath: first or original referral path
+ * leaf_fullpath: last referral path (might be changed due to nested links in reconnect)
+ *
+ * current_fullpath: pointer to either origin_fullpath or leaf_fullpath
+ * NOTE: cannot be accessed outside cifs_reconnect() and smb2_reconnect()
+ *
+ * format: \\HOST\SHARE\[OPTIONAL PATH]
+ */
+ char *origin_fullpath, *leaf_fullpath, *current_fullpath;
#endif
};
@@ -1097,7 +1110,6 @@ struct cifs_tcon {
struct cached_fid crfid; /* Cached root fid */
/* BB add field for back pointer to sb struct(s)? */
#ifdef CONFIG_CIFS_DFS_UPCALL
- char *dfs_path; /* canonical DFS path */
struct list_head ulist; /* cache update list */
#endif
};
@@ -1950,4 +1962,14 @@ static inline bool is_tcon_dfs(struct cifs_tcon *tcon)
tcon->share_flags & (SHI1005_FLAGS_DFS | SHI1005_FLAGS_DFS_ROOT);
}
+static inline bool cifs_is_referral_server(struct cifs_tcon *tcon,
+ const struct dfs_info3_param *ref)
+{
+ /*
+ * Check if all targets are capable of handling DFS referrals as per
+ * MS-DFSC 2.2.4 RESP_GET_DFS_REFERRAL.
+ */
+ return is_tcon_dfs(tcon) || (ref && (ref->flags & DFSREF_REFERRAL_SERVER));
+}
+
#endif /* _CIFS_GLOB_H */
diff --git a/fs/cifs/cifsproto.h b/fs/cifs/cifsproto.h
index d0f85b666662..b2697356b5e7 100644
--- a/fs/cifs/cifsproto.h
+++ b/fs/cifs/cifsproto.h
@@ -607,7 +607,7 @@ int smb2_parse_query_directory(struct cifs_tcon *tcon, struct kvec *rsp_iov,
struct super_block *cifs_get_tcp_super(struct TCP_Server_Info *server);
void cifs_put_tcp_super(struct super_block *sb);
-int update_super_prepath(struct cifs_tcon *tcon, char *prefix);
+int cifs_update_super_prepath(struct cifs_sb_info *cifs_sb, char *prefix);
char *extract_hostname(const char *unc);
char *extract_sharename(const char *unc);
@@ -634,4 +634,7 @@ static inline int cifs_create_options(struct cifs_sb_info *cifs_sb, int options)
return options;
}
+struct super_block *cifs_get_tcon_super(struct cifs_tcon *tcon);
+void cifs_put_tcon_super(struct super_block *sb);
+
#endif /* _CIFSPROTO_H */
diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c
index 5d87d5c01762..902eb8a5afd2 100644
--- a/fs/cifs/connect.c
+++ b/fs/cifs/connect.c
@@ -61,6 +61,20 @@ extern bool disable_legacy_dialects;
/* Drop the connection to not overload the server */
#define NUM_STATUS_IO_TIMEOUT 5
+struct mount_ctx {
+ struct cifs_sb_info *cifs_sb;
+ struct smb3_fs_context *fs_ctx;
+ unsigned int xid;
+ struct TCP_Server_Info *server;
+ struct cifs_ses *ses;
+ struct cifs_tcon *tcon;
+#ifdef CONFIG_CIFS_DFS_UPCALL
+ struct cifs_ses *root_ses;
+ uuid_t mount_id;
+ char *origin_fullpath, *leaf_fullpath;
+#endif
+};
+
static int ip_connect(struct TCP_Server_Info *server);
static int generic_ip_connect(struct TCP_Server_Info *server);
static void tlink_rb_insert(struct rb_root *root, struct tcon_link *new_tlink);
@@ -303,14 +317,68 @@ static int __cifs_reconnect(struct TCP_Server_Info *server)
}
#ifdef CONFIG_CIFS_DFS_UPCALL
-static int reconnect_dfs_server(struct TCP_Server_Info *server, struct cifs_sb_info *cifs_sb)
+static int __reconnect_target_unlocked(struct TCP_Server_Info *server, const char *target)
+{
+ int rc;
+ char *hostname;
+
+ if (!cifs_swn_set_server_dstaddr(server)) {
+ if (server->hostname != target) {
+ hostname = extract_hostname(target);
+ if (!IS_ERR(hostname)) {
+ kfree(server->hostname);
+ server->hostname = hostname;
+ } else {
+ cifs_dbg(FYI, "%s: couldn't extract hostname or address from dfs target: %ld\n",
+ __func__, PTR_ERR(hostname));
+ cifs_dbg(FYI, "%s: default to last target server: %s\n", __func__,
+ server->hostname);
+ }
+ }
+ /* resolve the hostname again to make sure that IP address is up-to-date. */
+ rc = reconn_set_ipaddr_from_hostname(server);
+ cifs_dbg(FYI, "%s: reconn_set_ipaddr_from_hostname: rc=%d\n", __func__, rc);
+ }
+ /* Reconnect the socket */
+ if (cifs_rdma_enabled(server))
+ rc = smbd_reconnect(server);
+ else
+ rc = generic_ip_connect(server);
+
+ return rc;
+}
+
+static int reconnect_target_unlocked(struct TCP_Server_Info *server, struct dfs_cache_tgt_list *tl,
+ struct dfs_cache_tgt_iterator **target_hint)
+{
+ int rc;
+ struct dfs_cache_tgt_iterator *tit;
+
+ *target_hint = NULL;
+
+ /* If dfs target list is empty, then reconnect to last server */
+ tit = dfs_cache_get_tgt_iterator(tl);
+ if (!tit)
+ return __reconnect_target_unlocked(server, server->hostname);
+
+ /* Otherwise, try every dfs target in @tl */
+ for (; tit; tit = dfs_cache_get_next_tgt(tl, tit)) {
+ rc = __reconnect_target_unlocked(server, dfs_cache_get_tgt_name(tit));
+ if (!rc) {
+ *target_hint = tit;
+ break;
+ }
+ }
+ return rc;
+}
+
+static int reconnect_dfs_server(struct TCP_Server_Info *server)
{
int rc = 0;
- const char *refpath = cifs_sb->origin_fullpath + 1;
+ const char *refpath = server->current_fullpath + 1;
struct dfs_cache_tgt_list tl = DFS_CACHE_TGT_LIST_INIT(tl);
- struct dfs_cache_tgt_iterator *tit = NULL;
- int num_targets = 1;
- char *hostname;
+ struct dfs_cache_tgt_iterator *target_hint = NULL;
+ int num_targets = 0;
/*
* Determine the number of dfs targets the referral path in @cifs_sb resolves to.
@@ -320,11 +388,10 @@ static int reconnect_dfs_server(struct TCP_Server_Info *server, struct cifs_sb_i
* through /proc/fs/cifs/dfscache or the target list is empty due to server settings after
* refreshing the referral, so, in this case, default it to 1.
*/
- if (!dfs_cache_noreq_find(refpath, NULL, &tl)) {
+ if (!dfs_cache_noreq_find(refpath, NULL, &tl))
num_targets = dfs_cache_get_nr_tgts(&tl);
- if (!num_targets)
- num_targets = 1;
- }
+ if (!num_targets)
+ num_targets = 1;
if (!cifs_tcp_ses_needs_reconnect(server, num_targets))
return 0;
@@ -332,51 +399,17 @@ static int reconnect_dfs_server(struct TCP_Server_Info *server, struct cifs_sb_i
cifs_mark_tcp_ses_conns_for_reconnect(server);
do {
- /* Get next dfs target from target list (if any) */
- if (!tit)
- tit = dfs_cache_get_tgt_iterator(&tl);
- else
- tit = dfs_cache_get_next_tgt(&tl, tit);
-
try_to_freeze();
mutex_lock(&server->srv_mutex);
- if (!cifs_swn_set_server_dstaddr(server)) {
- /*
- * If any dfs target was selected, then update @server with either a
- * hostname or an address.
- */
- if (tit) {
- hostname = extract_hostname(dfs_cache_get_tgt_name(tit));
- if (!IS_ERR(hostname)) {
- kfree(server->hostname);
- server->hostname = hostname;
- } else {
- cifs_dbg(FYI, "%s: couldn't extract hostname or address from dfs target: %ld\n",
- __func__, PTR_ERR(hostname));
- cifs_dbg(FYI, "%s: default to last target server: %s\n",
- __func__, server->hostname);
- }
- }
- /* resolve the hostname again to make sure that IP address is up-to-date. */
- rc = reconn_set_ipaddr_from_hostname(server);
- cifs_dbg(FYI, "%s: reconn_set_ipaddr_from_hostname: rc=%d\n", __func__, rc);
- }
-
- /* Reconnect the socket */
- if (cifs_rdma_enabled(server))
- rc = smbd_reconnect(server);
- else
- rc = generic_ip_connect(server);
-
+ rc = reconnect_target_unlocked(server, &tl, &target_hint);
if (rc) {
- /* Failed to reconnect socket. Retry next dfs target. */
+ /* Failed to reconnect socket */
mutex_unlock(&server->srv_mutex);
cifs_dbg(FYI, "%s: reconnect error %d\n", __func__, rc);
msleep(3000);
continue;
}
-
/*
* Socket was created. Update tcp session status to CifsNeedNegotiate so that a
* process waiting for reconnect will know it needs to re-establish session and tcon
@@ -392,8 +425,8 @@ static int reconnect_dfs_server(struct TCP_Server_Info *server, struct cifs_sb_i
mutex_unlock(&server->srv_mutex);
} while (server->tcpStatus == CifsNeedReconnect);
- if (tit)
- dfs_cache_noreq_update_tgthint(refpath, tit);
+ if (target_hint)
+ dfs_cache_noreq_update_tgthint(refpath, target_hint);
dfs_cache_free_tgts(&tl);
@@ -407,38 +440,15 @@ static int reconnect_dfs_server(struct TCP_Server_Info *server, struct cifs_sb_i
int cifs_reconnect(struct TCP_Server_Info *server)
{
- int rc;
- struct super_block *sb;
- struct cifs_sb_info *cifs_sb;
-
- /*
- * If tcp session is not an dfs connection or it is a channel, then reconnect to last target
- * server.
- */
+ /* If tcp session is not an dfs connection, then reconnect to last target server */
spin_lock(&cifs_tcp_ses_lock);
- if (!server->is_dfs_conn || server->is_channel) {
+ if (!server->is_dfs_conn || !server->origin_fullpath || !server->leaf_fullpath) {
spin_unlock(&cifs_tcp_ses_lock);
return __cifs_reconnect(server);
}
spin_unlock(&cifs_tcp_ses_lock);
- /* If no superblock, then it might be an ipc connection */
- sb = cifs_get_tcp_super(server);
- if (IS_ERR(sb))
- return __cifs_reconnect(server);
-
- /*
- * Check for a referral path to look up in superblock. If unset, then simply reconnect to
- * last target server.
- */
- cifs_sb = CIFS_SB(sb);
- if (!cifs_sb->origin_fullpath || !cifs_sb->origin_fullpath[0])
- rc = __cifs_reconnect(server);
- else
- rc = reconnect_dfs_server(server, cifs_sb);
-
- cifs_put_tcp_super(sb);
- return rc;
+ return reconnect_dfs_server(server);
}
#else
int cifs_reconnect(struct TCP_Server_Info *server)
@@ -829,6 +839,10 @@ static void clean_demultiplex_info(struct TCP_Server_Info *server)
*/
}
+#ifdef CONFIG_CIFS_DFS_UPCALL
+ kfree(server->origin_fullpath);
+ kfree(server->leaf_fullpath);
+#endif
kfree(server);
length = atomic_dec_return(&tcpSesAllocCount);
@@ -1445,6 +1459,9 @@ cifs_get_tcp_session(struct smb3_fs_context *ctx)
INIT_DELAYED_WORK(&tcp_ses->resolve, cifs_resolve_server);
INIT_DELAYED_WORK(&tcp_ses->reconnect, smb2_reconnect_server);
mutex_init(&tcp_ses->reconnect_mutex);
+#ifdef CONFIG_CIFS_DFS_UPCALL
+ mutex_init(&tcp_ses->refpath_lock);
+#endif
memcpy(&tcp_ses->srcaddr, &ctx->srcaddr,
sizeof(tcp_ses->srcaddr));
memcpy(&tcp_ses->dstaddr, &ctx->dstaddr,
@@ -2909,73 +2926,64 @@ int cifs_setup_cifs_sb(struct cifs_sb_info *cifs_sb)
}
/* Release all succeed connections */
-static inline void mount_put_conns(struct cifs_sb_info *cifs_sb,
- unsigned int xid,
- struct TCP_Server_Info *server,
- struct cifs_ses *ses, struct cifs_tcon *tcon)
+static inline void mount_put_conns(struct mount_ctx *mnt_ctx)
{
int rc = 0;
- if (tcon)
- cifs_put_tcon(tcon);
- else if (ses)
- cifs_put_smb_ses(ses);
- else if (server)
- cifs_put_tcp_session(server, 0);
- cifs_sb->mnt_cifs_flags &= ~CIFS_MOUNT_POSIX_PATHS;
- free_xid(xid);
+ if (mnt_ctx->tcon)
+ cifs_put_tcon(mnt_ctx->tcon);
+ else if (mnt_ctx->ses)
+ cifs_put_smb_ses(mnt_ctx->ses);
+ else if (mnt_ctx->server)
+ cifs_put_tcp_session(mnt_ctx->server, 0);
+ mnt_ctx->cifs_sb->mnt_cifs_flags &= ~CIFS_MOUNT_POSIX_PATHS;
+ free_xid(mnt_ctx->xid);
}
/* Get connections for tcp, ses and tcon */
-static int mount_get_conns(struct smb3_fs_context *ctx, struct cifs_sb_info *cifs_sb,
- unsigned int *xid,
- struct TCP_Server_Info **nserver,
- struct cifs_ses **nses, struct cifs_tcon **ntcon)
+static int mount_get_conns(struct mount_ctx *mnt_ctx)
{
int rc = 0;
- struct TCP_Server_Info *server;
- struct cifs_ses *ses;
- struct cifs_tcon *tcon;
-
- *nserver = NULL;
- *nses = NULL;
- *ntcon = NULL;
+ struct TCP_Server_Info *server = NULL;
+ struct cifs_ses *ses = NULL;
+ struct cifs_tcon *tcon = NULL;
+ struct smb3_fs_context *ctx = mnt_ctx->fs_ctx;
+ struct cifs_sb_info *cifs_sb = mnt_ctx->cifs_sb;
+ unsigned int xid;
- *xid = get_xid();
+ xid = get_xid();
/* get a reference to a tcp session */
server = cifs_get_tcp_session(ctx);
if (IS_ERR(server)) {
rc = PTR_ERR(server);
- return rc;
+ server = NULL;
+ goto out;
}
- *nserver = server;
-
/* get a reference to a SMB session */
ses = cifs_get_smb_ses(server, ctx);
if (IS_ERR(ses)) {
rc = PTR_ERR(ses);
- return rc;
+ ses = NULL;
+ goto out;
}
- *nses = ses;
-
if ((ctx->persistent == true) && (!(ses->server->capabilities &
SMB2_GLOBAL_CAP_PERSISTENT_HANDLES))) {
cifs_server_dbg(VFS, "persistent handles not supported by server\n");
- return -EOPNOTSUPP;
+ rc = -EOPNOTSUPP;
+ goto out;
}
/* search for existing tcon to this server share */
tcon = cifs_get_tcon(ses, ctx);
if (IS_ERR(tcon)) {
rc = PTR_ERR(tcon);
- return rc;
+ tcon = NULL;
+ goto out;
}
- *ntcon = tcon;
-
/* if new SMB3.11 POSIX extensions are supported do not remap / and \ */
if (tcon->posix_extensions)
cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_POSIX_PATHS;
@@ -2986,17 +2994,19 @@ static int mount_get_conns(struct smb3_fs_context *ctx, struct cifs_sb_info *cif
* reset of caps checks mount to see if unix extensions disabled
* for just this mount.
*/
- reset_cifs_unix_caps(*xid, tcon, cifs_sb, ctx);
+ reset_cifs_unix_caps(xid, tcon, cifs_sb, ctx);
if ((tcon->ses->server->tcpStatus == CifsNeedReconnect) &&
(le64_to_cpu(tcon->fsUnixInfo.Capability) &
- CIFS_UNIX_TRANSPORT_ENCRYPTION_MANDATORY_CAP))
- return -EACCES;
+ CIFS_UNIX_TRANSPORT_ENCRYPTION_MANDATORY_CAP)) {
+ rc = -EACCES;
+ goto out;
+ }
} else
tcon->unix_ext = 0; /* server does not support them */
/* do not care if a following call succeed - informational */
if (!tcon->pipe && server->ops->qfs_tcon) {
- server->ops->qfs_tcon(*xid, tcon, cifs_sb);
+ server->ops->qfs_tcon(xid, tcon, cifs_sb);
if (cifs_sb->mnt_cifs_flags & CIFS_MOUNT_RO_CACHE) {
if (tcon->fsDevInfo.DeviceCharacteristics &
cpu_to_le32(FILE_READ_ONLY_DEVICE))
@@ -3020,7 +3030,13 @@ static int mount_get_conns(struct smb3_fs_context *ctx, struct cifs_sb_info *cif
(cifs_sb->ctx->rsize > server->ops->negotiate_rsize(tcon, ctx)))
cifs_sb->ctx->rsize = server->ops->negotiate_rsize(tcon, ctx);
- return 0;
+out:
+ mnt_ctx->server = server;
+ mnt_ctx->ses = ses;
+ mnt_ctx->tcon = tcon;
+ mnt_ctx->xid = xid;
+
+ return rc;
}
static int mount_setup_tlink(struct cifs_sb_info *cifs_sb, struct cifs_ses *ses,
@@ -3050,18 +3066,17 @@ static int mount_setup_tlink(struct cifs_sb_info *cifs_sb, struct cifs_ses *ses,
}
#ifdef CONFIG_CIFS_DFS_UPCALL
-static int mount_get_dfs_conns(struct smb3_fs_context *ctx, struct cifs_sb_info *cifs_sb,
- unsigned int *xid, struct TCP_Server_Info **nserver,
- struct cifs_ses **nses, struct cifs_tcon **ntcon)
+/* Get unique dfs connections */
+static int mount_get_dfs_conns(struct mount_ctx *mnt_ctx)
{
int rc;
- ctx->nosharesock = true;
- rc = mount_get_conns(ctx, cifs_sb, xid, nserver, nses, ntcon);
- if (*nserver) {
+ mnt_ctx->fs_ctx->nosharesock = true;
+ rc = mount_get_conns(mnt_ctx);
+ if (mnt_ctx->server) {
cifs_dbg(FYI, "%s: marking tcp session as a dfs connection\n", __func__);
spin_lock(&cifs_tcp_ses_lock);
- (*nserver)->is_dfs_conn = true;
+ mnt_ctx->server->is_dfs_conn = true;
spin_unlock(&cifs_tcp_ses_lock);
}
return rc;
@@ -3103,190 +3118,38 @@ build_unc_path_to_root(const struct smb3_fs_context *ctx,
}
/*
- * expand_dfs_referral - Perform a dfs referral query and update the cifs_sb
+ * expand_dfs_referral - Update cifs_sb from dfs referral path
*
- * If a referral is found, cifs_sb->ctx->mount_options will be (re-)allocated
- * to a string containing updated options for the submount. Otherwise it
- * will be left untouched.
- *
- * Returns the rc from get_dfs_path to the caller, which can be used to
- * determine whether there were referrals.
+ * cifs_sb->ctx->mount_options will be (re-)allocated to a string containing updated options for the
+ * submount. Otherwise it will be left untouched.
*/
-static int
-expand_dfs_referral(const unsigned int xid, struct cifs_ses *ses,
- struct smb3_fs_context *ctx, struct cifs_sb_info *cifs_sb,
- char *ref_path)
+static int expand_dfs_referral(struct mount_ctx *mnt_ctx, const char *full_path,
+ struct dfs_info3_param *referral)
{
int rc;
- struct dfs_info3_param referral = {0};
- char *full_path = NULL, *mdata = NULL;
-
- if (cifs_sb->mnt_cifs_flags & CIFS_MOUNT_NO_DFS)
- return -EREMOTE;
-
- full_path = build_unc_path_to_root(ctx, cifs_sb, true);
- if (IS_ERR(full_path))
- return PTR_ERR(full_path);
-
- rc = dfs_cache_find(xid, ses, cifs_sb->local_nls, cifs_remap(cifs_sb),
- ref_path, &referral, NULL);
- if (!rc) {
- char *fake_devname = NULL;
-
- mdata = cifs_compose_mount_options(cifs_sb->ctx->mount_options,
- full_path + 1, &referral,
- &fake_devname);
- free_dfs_info_param(&referral);
-
- if (IS_ERR(mdata)) {
- rc = PTR_ERR(mdata);
- mdata = NULL;
- } else {
- /*
- * We can not clear out the whole structure since we
- * no longer have an explicit function to parse
- * a mount-string. Instead we need to clear out the
- * individual fields that are no longer valid.
- */
- kfree(ctx->prepath);
- ctx->prepath = NULL;
- rc = cifs_setup_volume_info(ctx, mdata, fake_devname);
- }
- kfree(fake_devname);
- kfree(cifs_sb->ctx->mount_options);
- cifs_sb->ctx->mount_options = mdata;
- }
- kfree(full_path);
- return rc;
-}
-
-static int get_next_dfs_tgt(struct dfs_cache_tgt_list *tgt_list,
- struct dfs_cache_tgt_iterator **tgt_it)
-{
- if (!*tgt_it)
- *tgt_it = dfs_cache_get_tgt_iterator(tgt_list);
- else
- *tgt_it = dfs_cache_get_next_tgt(tgt_list, *tgt_it);
- return !*tgt_it ? -EHOSTDOWN : 0;
-}
-
-static int update_vol_info(const struct dfs_cache_tgt_iterator *tgt_it,
- struct smb3_fs_context *fake_ctx, struct smb3_fs_context *ctx)
-{
- const char *tgt = dfs_cache_get_tgt_name(tgt_it);
- int len = strlen(tgt) + 2;
- char *new_unc;
-
- new_unc = kmalloc(len, GFP_KERNEL);
- if (!new_unc)
- return -ENOMEM;
- scnprintf(new_unc, len, "\\%s", tgt);
-
- kfree(ctx->UNC);
- ctx->UNC = new_unc;
-
- if (fake_ctx->prepath) {
- kfree(ctx->prepath);
- ctx->prepath = fake_ctx->prepath;
- fake_ctx->prepath = NULL;
- }
- memcpy(&ctx->dstaddr, &fake_ctx->dstaddr, sizeof(ctx->dstaddr));
-
- return 0;
-}
-
-static int do_dfs_failover(const char *path, const char *full_path, struct cifs_sb_info *cifs_sb,
- struct smb3_fs_context *ctx, struct cifs_ses *root_ses,
- unsigned int *xid, struct TCP_Server_Info **server,
- struct cifs_ses **ses, struct cifs_tcon **tcon)
-{
- int rc;
- char *npath = NULL;
- struct dfs_cache_tgt_list tgt_list = DFS_CACHE_TGT_LIST_INIT(tgt_list);
- struct dfs_cache_tgt_iterator *tgt_it = NULL;
- struct smb3_fs_context tmp_ctx = {NULL};
-
- if (cifs_sb->mnt_cifs_flags & CIFS_MOUNT_NO_DFS)
- return -EOPNOTSUPP;
-
- npath = dfs_cache_canonical_path(path, cifs_sb->local_nls, cifs_remap(cifs_sb));
- if (IS_ERR(npath))
- return PTR_ERR(npath);
-
- cifs_dbg(FYI, "%s: path=%s full_path=%s\n", __func__, npath, full_path);
-
- rc = dfs_cache_noreq_find(npath, NULL, &tgt_list);
- if (rc)
- goto out;
- /*
- * We use a 'tmp_ctx' here because we need pass it down to the mount_{get,put} functions to
- * test connection against new DFS targets.
- */
- rc = smb3_fs_context_dup(&tmp_ctx, ctx);
- if (rc)
- goto out;
-
- for (;;) {
- struct dfs_info3_param ref = {0};
- char *fake_devname = NULL, *mdata = NULL;
-
- /* Get next DFS target server - if any */
- rc = get_next_dfs_tgt(&tgt_list, &tgt_it);
- if (rc)
- break;
-
- rc = dfs_cache_get_tgt_referral(npath, tgt_it, &ref);
- if (rc)
- break;
-
- cifs_dbg(FYI, "%s: old ctx: UNC=%s prepath=%s\n", __func__, tmp_ctx.UNC,
- tmp_ctx.prepath);
-
- mdata = cifs_compose_mount_options(cifs_sb->ctx->mount_options, full_path + 1, &ref,
- &fake_devname);
- free_dfs_info_param(&ref);
-
- if (IS_ERR(mdata)) {
- rc = PTR_ERR(mdata);
- mdata = NULL;
- } else
- rc = cifs_setup_volume_info(&tmp_ctx, mdata, fake_devname);
-
- kfree(mdata);
- kfree(fake_devname);
-
- if (rc)
- break;
-
- cifs_dbg(FYI, "%s: new ctx: UNC=%s prepath=%s\n", __func__, tmp_ctx.UNC,
- tmp_ctx.prepath);
-
- mount_put_conns(cifs_sb, *xid, *server, *ses, *tcon);
- rc = mount_get_dfs_conns(&tmp_ctx, cifs_sb, xid, server, ses, tcon);
- if (!rc || (*server && *ses)) {
- /*
- * We were able to connect to new target server. Update current context with
- * new target server.
- */
- rc = update_vol_info(tgt_it, &tmp_ctx, ctx);
- break;
- }
- }
- if (!rc) {
- cifs_dbg(FYI, "%s: final ctx: UNC=%s prepath=%s\n", __func__, tmp_ctx.UNC,
- tmp_ctx.prepath);
+ struct cifs_sb_info *cifs_sb = mnt_ctx->cifs_sb;
+ struct smb3_fs_context *ctx = mnt_ctx->fs_ctx;
+ char *fake_devname = NULL, *mdata = NULL;
+
+ mdata = cifs_compose_mount_options(cifs_sb->ctx->mount_options, full_path + 1, referral,
+ &fake_devname);
+ if (IS_ERR(mdata)) {
+ rc = PTR_ERR(mdata);
+ mdata = NULL;
+ } else {
/*
- * Update DFS target hint in DFS referral cache with the target server we
- * successfully reconnected to.
+ * We can not clear out the whole structure since we no longer have an explicit
+ * function to parse a mount-string. Instead we need to clear out the individual
+ * fields that are no longer valid.
*/
- rc = dfs_cache_update_tgthint(*xid, root_ses ? root_ses : *ses, cifs_sb->local_nls,
- cifs_remap(cifs_sb), path, tgt_it);
+ kfree(ctx->prepath);
+ ctx->prepath = NULL;
+ rc = cifs_setup_volume_info(ctx, mdata, fake_devname);
}
+ kfree(fake_devname);
+ kfree(cifs_sb->ctx->mount_options);
+ cifs_sb->ctx->mount_options = mdata;
-out:
- kfree(npath);
- smb3_cleanup_fs_context_contents(&tmp_ctx);
- dfs_cache_free_tgts(&tgt_list);
return rc;
}
#endif
@@ -3393,12 +3256,14 @@ cifs_are_all_path_components_accessible(struct TCP_Server_Info *server,
* Check if path is remote (e.g. a DFS share). Return -EREMOTE if it is,
* otherwise 0.
*/
-static int is_path_remote(struct cifs_sb_info *cifs_sb, struct smb3_fs_context *ctx,
- const unsigned int xid,
- struct TCP_Server_Info *server,
- struct cifs_tcon *tcon)
+static int is_path_remote(struct mount_ctx *mnt_ctx)
{
int rc;
+ struct cifs_sb_info *cifs_sb = mnt_ctx->cifs_sb;
+ struct TCP_Server_Info *server = mnt_ctx->server;
+ unsigned int xid = mnt_ctx->xid;
+ struct cifs_tcon *tcon = mnt_ctx->tcon;
+ struct smb3_fs_context *ctx = mnt_ctx->fs_ctx;
char *full_path;
if (!server->ops->is_path_accessible)
@@ -3436,280 +3301,289 @@ static int is_path_remote(struct cifs_sb_info *cifs_sb, struct smb3_fs_context *
}
#ifdef CONFIG_CIFS_DFS_UPCALL
-static void set_root_ses(struct cifs_sb_info *cifs_sb, const uuid_t *mount_id, struct cifs_ses *ses,
- struct cifs_ses **root_ses)
+static void set_root_ses(struct mount_ctx *mnt_ctx)
{
- if (ses) {
+ if (mnt_ctx->ses) {
spin_lock(&cifs_tcp_ses_lock);
- ses->ses_count++;
+ mnt_ctx->ses->ses_count++;
spin_unlock(&cifs_tcp_ses_lock);
- dfs_cache_add_refsrv_session(mount_id, ses);
+ dfs_cache_add_refsrv_session(&mnt_ctx->mount_id, mnt_ctx->ses);
}
- *root_ses = ses;
+ mnt_ctx->root_ses = mnt_ctx->ses;
}
-/* Set up next dfs prefix path in @dfs_path */
-static int next_dfs_prepath(struct cifs_sb_info *cifs_sb, struct smb3_fs_context *ctx,
- const unsigned int xid, struct TCP_Server_Info *server,
- struct cifs_tcon *tcon, char **dfs_path)
+static int is_dfs_mount(struct mount_ctx *mnt_ctx, bool *isdfs, struct dfs_cache_tgt_list *root_tl)
{
- char *path, *npath;
- int added_treename = is_tcon_dfs(tcon);
int rc;
+ struct cifs_sb_info *cifs_sb = mnt_ctx->cifs_sb;
+ struct smb3_fs_context *ctx = mnt_ctx->fs_ctx;
- path = cifs_build_path_to_root(ctx, cifs_sb, tcon, added_treename);
- if (!path)
- return -ENOMEM;
+ *isdfs = true;
- rc = is_path_remote(cifs_sb, ctx, xid, server, tcon);
- if (rc == -EREMOTE) {
- struct smb3_fs_context v = {NULL};
- /* if @path contains a tree name, skip it in the prefix path */
- if (added_treename) {
- rc = smb3_parse_devname(path, &v);
- if (rc)
- goto out;
- npath = build_unc_path_to_root(&v, cifs_sb, true);
- smb3_cleanup_fs_context_contents(&v);
- } else {
- v.UNC = ctx->UNC;
- v.prepath = path + 1;
- npath = build_unc_path_to_root(&v, cifs_sb, true);
- }
+ rc = mount_get_conns(mnt_ctx);
+ /*
+ * If called with 'nodfs' mount option, then skip DFS resolving. Otherwise unconditionally
+ * try to get an DFS referral (even cached) to determine whether it is an DFS mount.
+ *
+ * Skip prefix path to provide support for DFS referrals from w2k8 servers which don't seem
+ * to respond with PATH_NOT_COVERED to requests that include the prefix.
+ */
+ if ((cifs_sb->mnt_cifs_flags & CIFS_MOUNT_NO_DFS) ||
+ dfs_cache_find(mnt_ctx->xid, mnt_ctx->ses, cifs_sb->local_nls, cifs_remap(cifs_sb),
+ ctx->UNC + 1, NULL, root_tl)) {
+ if (rc)
+ return rc;
+ /* Check if it is fully accessible and then mount it */
+ rc = is_path_remote(mnt_ctx);
+ if (!rc)
+ *isdfs = false;
+ else if (rc != -EREMOTE)
+ return rc;
+ }
+ return 0;
+}
- if (IS_ERR(npath)) {
- rc = PTR_ERR(npath);
- goto out;
- }
+static int connect_dfs_target(struct mount_ctx *mnt_ctx, const char *full_path,
+ const char *ref_path, struct dfs_cache_tgt_iterator *tit)
+{
+ int rc;
+ struct dfs_info3_param ref = {};
+ struct cifs_sb_info *cifs_sb = mnt_ctx->cifs_sb;
+ char *oldmnt = cifs_sb->ctx->mount_options;
- kfree(*dfs_path);
- *dfs_path = npath;
- rc = -EREMOTE;
+ rc = dfs_cache_get_tgt_referral(ref_path, tit, &ref);
+ if (rc)
+ goto out;
+
+ rc = expand_dfs_referral(mnt_ctx, full_path, &ref);
+ if (rc)
+ goto out;
+
+ /* Connect to new target only if we were redirected (e.g. mount options changed) */
+ if (oldmnt != cifs_sb->ctx->mount_options) {
+ mount_put_conns(mnt_ctx);
+ rc = mount_get_dfs_conns(mnt_ctx);
+ }
+ if (!rc) {
+ if (cifs_is_referral_server(mnt_ctx->tcon, &ref))
+ set_root_ses(mnt_ctx);
+ rc = dfs_cache_update_tgthint(mnt_ctx->xid, mnt_ctx->root_ses, cifs_sb->local_nls,
+ cifs_remap(cifs_sb), ref_path, tit);
}
out:
- kfree(path);
+ free_dfs_info_param(&ref);
return rc;
}
-/* Check if resolved targets can handle any DFS referrals */
-static int is_referral_server(const char *ref_path, struct cifs_sb_info *cifs_sb,
- struct cifs_tcon *tcon, bool *ref_server)
+static int connect_dfs_root(struct mount_ctx *mnt_ctx, struct dfs_cache_tgt_list *root_tl)
{
int rc;
- struct dfs_info3_param ref = {0};
+ char *full_path;
+ struct cifs_sb_info *cifs_sb = mnt_ctx->cifs_sb;
+ struct smb3_fs_context *ctx = mnt_ctx->fs_ctx;
+ struct dfs_cache_tgt_iterator *tit;
- cifs_dbg(FYI, "%s: ref_path=%s\n", __func__, ref_path);
+ /* Put initial connections as they might be shared with other mounts. We need unique dfs
+ * connections per mount to properly failover, so mount_get_dfs_conns() must be used from
+ * now on.
+ */
+ mount_put_conns(mnt_ctx);
+ mount_get_dfs_conns(mnt_ctx);
- if (is_tcon_dfs(tcon)) {
- *ref_server = true;
- } else {
- char *npath;
+ full_path = build_unc_path_to_root(ctx, cifs_sb, true);
+ if (IS_ERR(full_path))
+ return PTR_ERR(full_path);
- npath = dfs_cache_canonical_path(ref_path, cifs_sb->local_nls, cifs_remap(cifs_sb));
- if (IS_ERR(npath))
- return PTR_ERR(npath);
+ mnt_ctx->origin_fullpath = dfs_cache_canonical_path(ctx->UNC, cifs_sb->local_nls,
+ cifs_remap(cifs_sb));
+ if (IS_ERR(mnt_ctx->origin_fullpath)) {
+ rc = PTR_ERR(mnt_ctx->origin_fullpath);
+ mnt_ctx->origin_fullpath = NULL;
+ goto out;
+ }
- rc = dfs_cache_noreq_find(npath, &ref, NULL);
- kfree(npath);
- if (rc) {
- cifs_dbg(VFS, "%s: dfs_cache_noreq_find: failed (rc=%d)\n", __func__, rc);
- return rc;
+ /* Try all dfs root targets */
+ for (rc = -ENOENT, tit = dfs_cache_get_tgt_iterator(root_tl);
+ tit; tit = dfs_cache_get_next_tgt(root_tl, tit)) {
+ rc = connect_dfs_target(mnt_ctx, full_path, mnt_ctx->origin_fullpath + 1, tit);
+ if (!rc) {
+ mnt_ctx->leaf_fullpath = kstrdup(mnt_ctx->origin_fullpath, GFP_KERNEL);
+ if (!mnt_ctx->leaf_fullpath)
+ rc = -ENOMEM;
+ break;
}
- cifs_dbg(FYI, "%s: ref.flags=0x%x\n", __func__, ref.flags);
- /*
- * Check if all targets are capable of handling DFS referrals as per
- * MS-DFSC 2.2.4 RESP_GET_DFS_REFERRAL.
- */
- *ref_server = !!(ref.flags & DFSREF_REFERRAL_SERVER);
- free_dfs_info_param(&ref);
}
- return 0;
+
+out:
+ kfree(full_path);
+ return rc;
}
-int cifs_mount(struct cifs_sb_info *cifs_sb, struct smb3_fs_context *ctx)
+static int __follow_dfs_link(struct mount_ctx *mnt_ctx)
{
- int rc = 0;
- unsigned int xid;
- struct TCP_Server_Info *server = NULL;
- struct cifs_ses *ses = NULL, *root_ses = NULL;
- struct cifs_tcon *tcon = NULL;
- int count = 0;
- uuid_t mount_id = {0};
- char *ref_path = NULL, *full_path = NULL;
- char *oldmnt = NULL;
- bool ref_server = false;
+ int rc;
+ struct cifs_sb_info *cifs_sb = mnt_ctx->cifs_sb;
+ struct smb3_fs_context *ctx = mnt_ctx->fs_ctx;
+ char *full_path;
+ struct dfs_cache_tgt_list tl = DFS_CACHE_TGT_LIST_INIT(tl);
+ struct dfs_cache_tgt_iterator *tit;
- rc = mount_get_conns(ctx, cifs_sb, &xid, &server, &ses, &tcon);
- /*
- * If called with 'nodfs' mount option, then skip DFS resolving. Otherwise unconditionally
- * try to get an DFS referral (even cached) to determine whether it is an DFS mount.
- *
- * Skip prefix path to provide support for DFS referrals from w2k8 servers which don't seem
- * to respond with PATH_NOT_COVERED to requests that include the prefix.
- */
- if ((cifs_sb->mnt_cifs_flags & CIFS_MOUNT_NO_DFS) ||
- dfs_cache_find(xid, ses, cifs_sb->local_nls, cifs_remap(cifs_sb), ctx->UNC + 1, NULL,
- NULL)) {
- if (rc)
- goto error;
- /* Check if it is fully accessible and then mount it */
- rc = is_path_remote(cifs_sb, ctx, xid, server, tcon);
- if (!rc)
- goto out;
- if (rc != -EREMOTE)
- goto error;
+ full_path = build_unc_path_to_root(ctx, cifs_sb, true);
+ if (IS_ERR(full_path))
+ return PTR_ERR(full_path);
+
+ kfree(mnt_ctx->leaf_fullpath);
+ mnt_ctx->leaf_fullpath = dfs_cache_canonical_path(full_path, cifs_sb->local_nls,
+ cifs_remap(cifs_sb));
+ if (IS_ERR(mnt_ctx->leaf_fullpath)) {
+ rc = PTR_ERR(mnt_ctx->leaf_fullpath);
+ mnt_ctx->leaf_fullpath = NULL;
+ goto out;
}
- mount_put_conns(cifs_sb, xid, server, ses, tcon);
- /*
- * Ignore error check here because we may failover to other targets from cached a
- * referral.
- */
- (void)mount_get_dfs_conns(ctx, cifs_sb, &xid, &server, &ses, &tcon);
+ /* Get referral from dfs link */
+ rc = dfs_cache_find(mnt_ctx->xid, mnt_ctx->root_ses, cifs_sb->local_nls,
+ cifs_remap(cifs_sb), mnt_ctx->leaf_fullpath + 1, NULL, &tl);
+ if (rc)
+ goto out;
- /* Get path of DFS root */
- ref_path = build_unc_path_to_root(ctx, cifs_sb, false);
- if (IS_ERR(ref_path)) {
- rc = PTR_ERR(ref_path);
- ref_path = NULL;
- goto error;
+ /* Try all dfs link targets */
+ for (rc = -ENOENT, tit = dfs_cache_get_tgt_iterator(&tl);
+ tit; tit = dfs_cache_get_next_tgt(&tl, tit)) {
+ rc = connect_dfs_target(mnt_ctx, full_path, mnt_ctx->leaf_fullpath + 1, tit);
+ if (!rc) {
+ rc = is_path_remote(mnt_ctx);
+ break;
+ }
+ }
+
+out:
+ kfree(full_path);
+ dfs_cache_free_tgts(&tl);
+ return rc;
+}
+
+static int follow_dfs_link(struct mount_ctx *mnt_ctx)
+{
+ int rc;
+ struct cifs_sb_info *cifs_sb = mnt_ctx->cifs_sb;
+ struct smb3_fs_context *ctx = mnt_ctx->fs_ctx;
+ char *full_path;
+ int num_links = 0;
+
+ full_path = build_unc_path_to_root(ctx, cifs_sb, true);
+ if (IS_ERR(full_path))
+ return PTR_ERR(full_path);
+
+ kfree(mnt_ctx->origin_fullpath);
+ mnt_ctx->origin_fullpath = dfs_cache_canonical_path(full_path, cifs_sb->local_nls,
+ cifs_remap(cifs_sb));
+ kfree(full_path);
+
+ if (IS_ERR(mnt_ctx->origin_fullpath)) {
+ rc = PTR_ERR(mnt_ctx->origin_fullpath);
+ mnt_ctx->origin_fullpath = NULL;
+ return rc;
}
- uuid_gen(&mount_id);
- set_root_ses(cifs_sb, &mount_id, ses, &root_ses);
do {
- /* Save full path of last DFS path we used to resolve final target server */
- kfree(full_path);
- full_path = build_unc_path_to_root(ctx, cifs_sb, !!count);
- if (IS_ERR(full_path)) {
- rc = PTR_ERR(full_path);
- full_path = NULL;
- break;
- }
- /* Chase referral */
- oldmnt = cifs_sb->ctx->mount_options;
- rc = expand_dfs_referral(xid, root_ses, ctx, cifs_sb, ref_path + 1);
- if (rc)
+ rc = __follow_dfs_link(mnt_ctx);
+ if (!rc || rc != -EREMOTE)
break;
- /* Connect to new DFS target only if we were redirected */
- if (oldmnt != cifs_sb->ctx->mount_options) {
- mount_put_conns(cifs_sb, xid, server, ses, tcon);
- rc = mount_get_dfs_conns(ctx, cifs_sb, &xid, &server, &ses, &tcon);
- }
- if (rc && !server && !ses) {
- /* Failed to connect. Try to connect to other targets in the referral. */
- rc = do_dfs_failover(ref_path + 1, full_path, cifs_sb, ctx, root_ses, &xid,
- &server, &ses, &tcon);
- }
- if (rc == -EACCES || rc == -EOPNOTSUPP || !server || !ses)
- break;
- if (!tcon)
- continue;
+ } while (rc = -ELOOP, ++num_links < MAX_NESTED_LINKS);
- /* Make sure that requests go through new root servers */
- rc = is_referral_server(ref_path + 1, cifs_sb, tcon, &ref_server);
- if (rc)
- break;
- if (ref_server)
- set_root_ses(cifs_sb, &mount_id, ses, &root_ses);
+ return rc;
+}
- /* Get next dfs path and then continue chasing them if -EREMOTE */
- rc = next_dfs_prepath(cifs_sb, ctx, xid, server, tcon, &ref_path);
- /* Prevent recursion on broken link referrals */
- if (rc == -EREMOTE && ++count > MAX_NESTED_LINKS)
- rc = -ELOOP;
- } while (rc == -EREMOTE);
+/* Set up DFS referral paths for failover */
+static void setup_server_referral_paths(struct mount_ctx *mnt_ctx)
+{
+ struct TCP_Server_Info *server = mnt_ctx->server;
+
+ server->origin_fullpath = mnt_ctx->origin_fullpath;
+ server->leaf_fullpath = mnt_ctx->leaf_fullpath;
+ server->current_fullpath = mnt_ctx->leaf_fullpath;
+ mnt_ctx->origin_fullpath = mnt_ctx->leaf_fullpath = NULL;
+}
- if (rc || !tcon || !ses)
+int cifs_mount(struct cifs_sb_info *cifs_sb, struct smb3_fs_context *ctx)
+{
+ int rc;
+ struct mount_ctx mnt_ctx = { .cifs_sb = cifs_sb, .fs_ctx = ctx, };
+ struct dfs_cache_tgt_list tl = DFS_CACHE_TGT_LIST_INIT(tl);
+ bool isdfs;
+
+ rc = is_dfs_mount(&mnt_ctx, &isdfs, &tl);
+ if (rc)
goto error;
+ if (!isdfs)
+ goto out;
- kfree(ref_path);
- /*
- * Store DFS full path in both superblock and tree connect structures.
- *
- * For DFS root mounts, the prefix path (cifs_sb->prepath) is preserved during reconnect so
- * only the root path is set in cifs_sb->origin_fullpath and tcon->dfs_path. And for DFS
- * links, the prefix path is included in both and may be changed during reconnect. See
- * cifs_tree_connect().
- */
- ref_path = dfs_cache_canonical_path(full_path, cifs_sb->local_nls, cifs_remap(cifs_sb));
- kfree(full_path);
- full_path = NULL;
+ uuid_gen(&mnt_ctx.mount_id);
+ rc = connect_dfs_root(&mnt_ctx, &tl);
+ dfs_cache_free_tgts(&tl);
- if (IS_ERR(ref_path)) {
- rc = PTR_ERR(ref_path);
- ref_path = NULL;
+ if (rc)
goto error;
- }
- cifs_sb->origin_fullpath = ref_path;
- ref_path = kstrdup(cifs_sb->origin_fullpath, GFP_KERNEL);
- if (!ref_path) {
- rc = -ENOMEM;
+ rc = is_path_remote(&mnt_ctx);
+ if (rc == -EREMOTE)
+ rc = follow_dfs_link(&mnt_ctx);
+ if (rc)
goto error;
- }
- spin_lock(&cifs_tcp_ses_lock);
- tcon->dfs_path = ref_path;
- ref_path = NULL;
- spin_unlock(&cifs_tcp_ses_lock);
+ setup_server_referral_paths(&mnt_ctx);
/*
- * After reconnecting to a different server, unique ids won't
- * match anymore, so we disable serverino. This prevents
- * dentry revalidation to think the dentry are stale (ESTALE).
+ * After reconnecting to a different server, unique ids won't match anymore, so we disable
+ * serverino. This prevents dentry revalidation to think the dentry are stale (ESTALE).
*/
cifs_autodisable_serverino(cifs_sb);
/*
- * Force the use of prefix path to support failover on DFS paths that
- * resolve to targets that have different prefix paths.
+ * Force the use of prefix path to support failover on DFS paths that resolve to targets
+ * that have different prefix paths.
*/
cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_USE_PREFIX_PATH;
kfree(cifs_sb->prepath);
cifs_sb->prepath = ctx->prepath;
ctx->prepath = NULL;
- uuid_copy(&cifs_sb->dfs_mount_id, &mount_id);
+ uuid_copy(&cifs_sb->dfs_mount_id, &mnt_ctx.mount_id);
out:
- free_xid(xid);
- cifs_try_adding_channels(cifs_sb, ses);
- return mount_setup_tlink(cifs_sb, ses, tcon);
+ free_xid(mnt_ctx.xid);
+ cifs_try_adding_channels(cifs_sb, mnt_ctx.ses);
+ return mount_setup_tlink(cifs_sb, mnt_ctx.ses, mnt_ctx.tcon);
error:
- kfree(ref_path);
- kfree(full_path);
- kfree(cifs_sb->origin_fullpath);
- dfs_cache_put_refsrv_sessions(&mount_id);
- mount_put_conns(cifs_sb, xid, server, ses, tcon);
+ dfs_cache_put_refsrv_sessions(&mnt_ctx.mount_id);
+ kfree(mnt_ctx.origin_fullpath);
+ kfree(mnt_ctx.leaf_fullpath);
+ mount_put_conns(&mnt_ctx);
return rc;
}
#else
int cifs_mount(struct cifs_sb_info *cifs_sb, struct smb3_fs_context *ctx)
{
int rc = 0;
- unsigned int xid;
- struct cifs_ses *ses;
- struct cifs_tcon *tcon;
- struct TCP_Server_Info *server;
+ struct mount_ctx mnt_ctx = { .cifs_sb = cifs_sb, .fs_ctx = ctx, };
- rc = mount_get_conns(ctx, cifs_sb, &xid, &server, &ses, &tcon);
+ rc = mount_get_conns(&mnt_ctx);
if (rc)
goto error;
- if (tcon) {
- rc = is_path_remote(cifs_sb, ctx, xid, server, tcon);
+ if (mnt_ctx.tcon) {
+ rc = is_path_remote(&mnt_ctx);
if (rc == -EREMOTE)
rc = -EOPNOTSUPP;
if (rc)
goto error;
}
- free_xid(xid);
-
- return mount_setup_tlink(cifs_sb, ses, tcon);
+ free_xid(mnt_ctx.xid);
+ return mount_setup_tlink(cifs_sb, mnt_ctx.ses, mnt_ctx.tcon);
error:
- mount_put_conns(cifs_sb, xid, server, ses, tcon);
+ mount_put_conns(&mnt_ctx);
return rc;
}
#endif
@@ -3877,7 +3751,6 @@ cifs_umount(struct cifs_sb_info *cifs_sb)
kfree(cifs_sb->prepath);
#ifdef CONFIG_CIFS_DFS_UPCALL
dfs_cache_put_refsrv_sessions(&cifs_sb->dfs_mount_id);
- kfree(cifs_sb->origin_fullpath);
#endif
call_rcu(&cifs_sb->rcu, delayed_free);
}
@@ -4204,104 +4077,249 @@ cifs_prune_tlinks(struct work_struct *work)
}
#ifdef CONFIG_CIFS_DFS_UPCALL
-int cifs_tree_connect(const unsigned int xid, struct cifs_tcon *tcon, const struct nls_table *nlsc)
+static void mark_tcon_tcp_ses_for_reconnect(struct cifs_tcon *tcon)
+{
+ int i;
+
+ for (i = 0; i < tcon->ses->chan_count; i++) {
+ spin_lock(&GlobalMid_Lock);
+ if (tcon->ses->chans[i].server->tcpStatus != CifsExiting)
+ tcon->ses->chans[i].server->tcpStatus = CifsNeedReconnect;
+ spin_unlock(&GlobalMid_Lock);
+ }
+}
+
+/* Update dfs referral path of superblock */
+static int update_server_fullpath(struct TCP_Server_Info *server, struct cifs_sb_info *cifs_sb,
+ const char *target)
+{
+ int rc = 0;
+ size_t len = strlen(target);
+ char *refpath, *npath;
+
+ if (unlikely(len < 2 || *target != '\\'))
+ return -EINVAL;
+
+ if (target[1] == '\\') {
+ len += 1;
+ refpath = kmalloc(len, GFP_KERNEL);
+ if (!refpath)
+ return -ENOMEM;
+
+ scnprintf(refpath, len, "%s", target);
+ } else {
+ len += sizeof("\\");
+ refpath = kmalloc(len, GFP_KERNEL);
+ if (!refpath)
+ return -ENOMEM;
+
+ scnprintf(refpath, len, "\\%s", target);
+ }
+
+ npath = dfs_cache_canonical_path(refpath, cifs_sb->local_nls, cifs_remap(cifs_sb));
+ kfree(refpath);
+
+ if (IS_ERR(npath)) {
+ rc = PTR_ERR(npath);
+ } else {
+ mutex_lock(&server->refpath_lock);
+ kfree(server->leaf_fullpath);
+ server->leaf_fullpath = npath;
+ mutex_unlock(&server->refpath_lock);
+ server->current_fullpath = server->leaf_fullpath;
+ }
+ return rc;
+}
+
+static int target_share_matches_server(struct TCP_Server_Info *server, const char *tcp_host,
+ size_t tcp_host_len, char *share, bool *target_match)
+{
+ int rc = 0;
+ const char *dfs_host;
+ size_t dfs_host_len;
+
+ *target_match = true;
+ extract_unc_hostname(share, &dfs_host, &dfs_host_len);
+
+ /* Check if hostnames or addresses match */
+ if (dfs_host_len != tcp_host_len || strncasecmp(dfs_host, tcp_host, dfs_host_len) != 0) {
+ cifs_dbg(FYI, "%s: %.*s doesn't match %.*s\n", __func__, (int)dfs_host_len,
+ dfs_host, (int)tcp_host_len, tcp_host);
+ rc = match_target_ip(server, dfs_host, dfs_host_len, target_match);
+ if (rc)
+ cifs_dbg(VFS, "%s: failed to match target ip: %d\n", __func__, rc);
+ }
+ return rc;
+}
+
+int __tree_connect_dfs_target(const unsigned int xid, struct cifs_tcon *tcon,
+ struct cifs_sb_info *cifs_sb, char *tree,
+ struct dfs_cache_tgt_list *tl, struct dfs_info3_param *ref)
{
int rc;
struct TCP_Server_Info *server = tcon->ses->server;
const struct smb_version_operations *ops = server->ops;
- struct dfs_cache_tgt_list tl;
- struct dfs_cache_tgt_iterator *it = NULL;
- char *tree;
+ struct cifs_tcon *ipc = tcon->ses->tcon_ipc;
+ bool islink;
+ char *share = NULL, *prefix = NULL;
const char *tcp_host;
size_t tcp_host_len;
- const char *dfs_host;
- size_t dfs_host_len;
- char *share = NULL, *prefix = NULL;
- struct dfs_info3_param ref = {0};
- bool isroot;
+ struct dfs_cache_tgt_iterator *tit;
+ bool target_match;
- tree = kzalloc(MAX_TREE_SIZE, GFP_KERNEL);
- if (!tree)
- return -ENOMEM;
+ extract_unc_hostname(server->hostname, &tcp_host, &tcp_host_len);
- /* If it is not dfs or there was no cached dfs referral, then reconnect to same share */
- if (!tcon->dfs_path || dfs_cache_noreq_find(tcon->dfs_path + 1, &ref, &tl)) {
- if (tcon->ipc) {
- scnprintf(tree, MAX_TREE_SIZE, "\\\\%s\\IPC$", server->hostname);
- rc = ops->tree_connect(xid, tcon->ses, tree, tcon, nlsc);
- } else {
- rc = ops->tree_connect(xid, tcon->ses, tcon->treeName, tcon, nlsc);
- }
+ islink = ref->server_type == DFS_TYPE_LINK;
+ free_dfs_info_param(ref);
+
+ tit = dfs_cache_get_tgt_iterator(tl);
+ if (!tit) {
+ rc = -ENOENT;
goto out;
}
- isroot = ref.server_type == DFS_TYPE_ROOT;
- free_dfs_info_param(&ref);
-
- extract_unc_hostname(server->hostname, &tcp_host, &tcp_host_len);
-
- for (it = dfs_cache_get_tgt_iterator(&tl); it; it = dfs_cache_get_next_tgt(&tl, it)) {
- bool target_match;
+ /* Try to tree connect to all dfs targets */
+ for (; tit; tit = dfs_cache_get_next_tgt(tl, tit)) {
+ const char *target = dfs_cache_get_tgt_name(tit);
+ struct dfs_cache_tgt_list ntl = DFS_CACHE_TGT_LIST_INIT(ntl);
kfree(share);
kfree(prefix);
- share = NULL;
- prefix = NULL;
- rc = dfs_cache_get_tgt_share(tcon->dfs_path + 1, it, &share, &prefix);
+ /* Check if share matches with tcp ses */
+ rc = dfs_cache_get_tgt_share(server->current_fullpath + 1, tit, &share, &prefix);
if (rc) {
- cifs_dbg(VFS, "%s: failed to parse target share %d\n",
- __func__, rc);
- continue;
+ cifs_dbg(VFS, "%s: failed to parse target share: %d\n", __func__, rc);
+ break;
}
- extract_unc_hostname(share, &dfs_host, &dfs_host_len);
-
- if (dfs_host_len != tcp_host_len
- || strncasecmp(dfs_host, tcp_host, dfs_host_len) != 0) {
- cifs_dbg(FYI, "%s: %.*s doesn't match %.*s\n", __func__, (int)dfs_host_len,
- dfs_host, (int)tcp_host_len, tcp_host);
+ rc = target_share_matches_server(server, tcp_host, tcp_host_len, share,
+ &target_match);
+ if (rc)
+ break;
+ if (!target_match) {
+ rc = -EHOSTUNREACH;
+ continue;
+ }
- rc = match_target_ip(server, dfs_host, dfs_host_len, &target_match);
- if (rc) {
- cifs_dbg(VFS, "%s: failed to match target ip: %d\n", __func__, rc);
+ if (ipc->need_reconnect) {
+ scnprintf(tree, MAX_TREE_SIZE, "\\\\%s\\IPC$", server->hostname);
+ rc = ops->tree_connect(xid, ipc->ses, tree, ipc, cifs_sb->local_nls);
+ if (rc)
break;
- }
+ }
- if (!target_match) {
- cifs_dbg(FYI, "%s: skipping target\n", __func__);
+ scnprintf(tree, MAX_TREE_SIZE, "\\%s", share);
+ if (!islink) {
+ rc = ops->tree_connect(xid, tcon->ses, tree, tcon, cifs_sb->local_nls);
+ break;
+ }
+ /*
+ * If no dfs referrals were returned from link target, then just do a TREE_CONNECT
+ * to it. Otherwise, cache the dfs referral and then mark current tcp ses for
+ * reconnect so either the demultiplex thread or the echo worker will reconnect to
+ * newly resolved target.
+ */
+ if (dfs_cache_find(xid, tcon->ses, cifs_sb->local_nls, cifs_remap(cifs_sb), target,
+ ref, &ntl)) {
+ rc = ops->tree_connect(xid, tcon->ses, tree, tcon, cifs_sb->local_nls);
+ if (rc)
continue;
- }
+ rc = dfs_cache_noreq_update_tgthint(server->current_fullpath + 1, tit);
+ if (!rc)
+ rc = cifs_update_super_prepath(cifs_sb, prefix);
+ break;
}
+ /* Target is another dfs share */
+ rc = update_server_fullpath(server, cifs_sb, target);
+ dfs_cache_free_tgts(tl);
- if (tcon->ipc) {
- scnprintf(tree, MAX_TREE_SIZE, "\\\\%s\\IPC$", share);
- rc = ops->tree_connect(xid, tcon->ses, tree, tcon, nlsc);
+ if (!rc) {
+ rc = -EREMOTE;
+ list_replace_init(&ntl.tl_list, &tl->tl_list);
} else {
- scnprintf(tree, MAX_TREE_SIZE, "\\%s", share);
- rc = ops->tree_connect(xid, tcon->ses, tree, tcon, nlsc);
- /* Only handle prefix paths of DFS link targets */
- if (!rc && !isroot) {
- rc = update_super_prepath(tcon, prefix);
- break;
- }
+ dfs_cache_free_tgts(&ntl);
+ free_dfs_info_param(ref);
}
- if (rc == -EREMOTE)
- break;
+ break;
}
+out:
kfree(share);
kfree(prefix);
- if (!rc) {
- if (it)
- rc = dfs_cache_noreq_update_tgthint(tcon->dfs_path + 1, it);
- else
- rc = -ENOENT;
+ return rc;
+}
+
+int tree_connect_dfs_target(const unsigned int xid, struct cifs_tcon *tcon,
+ struct cifs_sb_info *cifs_sb, char *tree,
+ struct dfs_cache_tgt_list *tl, struct dfs_info3_param *ref)
+{
+ int rc;
+ int num_links = 0;
+ struct TCP_Server_Info *server = tcon->ses->server;
+
+ do {
+ rc = __tree_connect_dfs_target(xid, tcon, cifs_sb, tree, tl, ref);
+ if (!rc || rc != -EREMOTE)
+ break;
+ } while (rc = -ELOOP, ++num_links < MAX_NESTED_LINKS);
+ /*
+ * If we couldn't tree connect to any targets from last referral path, then retry from
+ * original referral path.
+ */
+ if (rc && server->current_fullpath != server->origin_fullpath) {
+ server->current_fullpath = server->origin_fullpath;
+ mark_tcon_tcp_ses_for_reconnect(tcon);
}
- dfs_cache_free_tgts(&tl);
+
+ dfs_cache_free_tgts(tl);
+ return rc;
+}
+
+int cifs_tree_connect(const unsigned int xid, struct cifs_tcon *tcon, const struct nls_table *nlsc)
+{
+ int rc;
+ struct TCP_Server_Info *server = tcon->ses->server;
+ const struct smb_version_operations *ops = server->ops;
+ struct super_block *sb = NULL;
+ struct cifs_sb_info *cifs_sb;
+ struct dfs_cache_tgt_list tl = DFS_CACHE_TGT_LIST_INIT(tl);
+ char *tree;
+ struct dfs_info3_param ref = {0};
+
+ tree = kzalloc(MAX_TREE_SIZE, GFP_KERNEL);
+ if (!tree)
+ return -ENOMEM;
+
+ if (tcon->ipc) {
+ scnprintf(tree, MAX_TREE_SIZE, "\\\\%s\\IPC$", server->hostname);
+ rc = ops->tree_connect(xid, tcon->ses, tree, tcon, nlsc);
+ goto out;
+ }
+
+ sb = cifs_get_tcp_super(server);
+ if (IS_ERR(sb)) {
+ rc = PTR_ERR(sb);
+ cifs_dbg(VFS, "%s: could not find superblock: %d\n", __func__, rc);
+ goto out;
+ }
+
+ cifs_sb = CIFS_SB(sb);
+
+ /* If it is not dfs or there was no cached dfs referral, then reconnect to same share */
+ if (!server->current_fullpath ||
+ dfs_cache_noreq_find(server->current_fullpath + 1, &ref, &tl)) {
+ rc = ops->tree_connect(xid, tcon->ses, tcon->treeName, tcon, cifs_sb->local_nls);
+ goto out;
+ }
+
+ rc = tree_connect_dfs_target(xid, tcon, cifs_sb, tree, &tl, &ref);
+
out:
kfree(tree);
+ cifs_put_tcp_super(sb);
+
return rc;
}
#else
diff --git a/fs/cifs/dfs_cache.c b/fs/cifs/dfs_cache.c
index 283745592844..1f3efa7821a0 100644
--- a/fs/cifs/dfs_cache.c
+++ b/fs/cifs/dfs_cache.c
@@ -1364,9 +1364,9 @@ static void mark_for_reconnect_if_needed(struct cifs_tcon *tcon, struct dfs_cach
}
/* Refresh dfs referral of tcon and mark it for reconnect if needed */
-static int refresh_tcon(struct cifs_ses **sessions, struct cifs_tcon *tcon, bool force_refresh)
+static int __refresh_tcon(const char *path, struct cifs_ses **sessions, struct cifs_tcon *tcon,
+ bool force_refresh)
{
- const char *path = tcon->dfs_path + 1;
struct cifs_ses *ses;
struct cache_entry *ce;
struct dfs_info3_param *refs = NULL;
@@ -1422,6 +1422,20 @@ static int refresh_tcon(struct cifs_ses **sessions, struct cifs_tcon *tcon, bool
return rc;
}
+static int refresh_tcon(struct cifs_ses **sessions, struct cifs_tcon *tcon, bool force_refresh)
+{
+ struct TCP_Server_Info *server = tcon->ses->server;
+
+ mutex_lock(&server->refpath_lock);
+ if (strcasecmp(server->leaf_fullpath, server->origin_fullpath))
+ __refresh_tcon(server->leaf_fullpath + 1, sessions, tcon, force_refresh);
+ mutex_unlock(&server->refpath_lock);
+
+ __refresh_tcon(server->origin_fullpath + 1, sessions, tcon, force_refresh);
+
+ return 0;
+}
+
/**
* dfs_cache_remount_fs - remount a DFS share
*
@@ -1435,6 +1449,7 @@ static int refresh_tcon(struct cifs_ses **sessions, struct cifs_tcon *tcon, bool
int dfs_cache_remount_fs(struct cifs_sb_info *cifs_sb)
{
struct cifs_tcon *tcon;
+ struct TCP_Server_Info *server;
struct mount_group *mg;
struct cifs_ses *sessions[CACHE_MAX_ENTRIES + 1] = {NULL};
int rc;
@@ -1443,13 +1458,15 @@ int dfs_cache_remount_fs(struct cifs_sb_info *cifs_sb)
return -EINVAL;
tcon = cifs_sb_master_tcon(cifs_sb);
- if (!tcon->dfs_path) {
- cifs_dbg(FYI, "%s: not a dfs tcon\n", __func__);
+ server = tcon->ses->server;
+
+ if (!server->origin_fullpath) {
+ cifs_dbg(FYI, "%s: not a dfs mount\n", __func__);
return 0;
}
if (uuid_is_null(&cifs_sb->dfs_mount_id)) {
- cifs_dbg(FYI, "%s: tcon has no dfs mount group id\n", __func__);
+ cifs_dbg(FYI, "%s: no dfs mount group id\n", __func__);
return -EINVAL;
}
@@ -1457,7 +1474,7 @@ int dfs_cache_remount_fs(struct cifs_sb_info *cifs_sb)
mg = find_mount_group_locked(&cifs_sb->dfs_mount_id);
if (IS_ERR(mg)) {
mutex_unlock(&mount_group_list_lock);
- cifs_dbg(FYI, "%s: tcon has ipc session to refresh referral\n", __func__);
+ cifs_dbg(FYI, "%s: no ipc session for refreshing referral\n", __func__);
return PTR_ERR(mg);
}
kref_get(&mg->refcount);
@@ -1498,9 +1515,12 @@ static void refresh_mounts(struct cifs_ses **sessions)
spin_lock(&cifs_tcp_ses_lock);
list_for_each_entry(server, &cifs_tcp_ses_list, tcp_ses_list) {
+ if (!server->is_dfs_conn)
+ continue;
+
list_for_each_entry(ses, &server->smb_ses_list, smb_ses_list) {
list_for_each_entry(tcon, &ses->tcon_list, tcon_list) {
- if (tcon->dfs_path) {
+ if (!tcon->ipc && !tcon->need_reconnect) {
tcon->tc_count++;
list_add_tail(&tcon->ulist, &tcons);
}
@@ -1510,8 +1530,16 @@ static void refresh_mounts(struct cifs_ses **sessions)
spin_unlock(&cifs_tcp_ses_lock);
list_for_each_entry_safe(tcon, ntcon, &tcons, ulist) {
+ struct TCP_Server_Info *server = tcon->ses->server;
+
list_del_init(&tcon->ulist);
- refresh_tcon(sessions, tcon, false);
+
+ mutex_lock(&server->refpath_lock);
+ if (strcasecmp(server->leaf_fullpath, server->origin_fullpath))
+ __refresh_tcon(server->leaf_fullpath + 1, sessions, tcon, false);
+ mutex_unlock(&server->refpath_lock);
+
+ __refresh_tcon(server->origin_fullpath + 1, sessions, tcon, false);
cifs_put_tcon(tcon);
}
}
diff --git a/fs/cifs/misc.c b/fs/cifs/misc.c
index 699f676ded47..94143d7f58c7 100644
--- a/fs/cifs/misc.c
+++ b/fs/cifs/misc.c
@@ -139,9 +139,6 @@ tconInfoFree(struct cifs_tcon *buf_to_free)
kfree(buf_to_free->nativeFileSystem);
kfree_sensitive(buf_to_free->password);
kfree(buf_to_free->crfid.fid);
-#ifdef CONFIG_CIFS_DFS_UPCALL
- kfree(buf_to_free->dfs_path);
-#endif
kfree(buf_to_free);
}
@@ -1299,69 +1296,20 @@ int match_target_ip(struct TCP_Server_Info *server,
return rc;
}
-static void tcon_super_cb(struct super_block *sb, void *arg)
+int cifs_update_super_prepath(struct cifs_sb_info *cifs_sb, char *prefix)
{
- struct super_cb_data *sd = arg;
- struct cifs_tcon *tcon = sd->data;
- struct cifs_sb_info *cifs_sb;
-
- if (sd->sb)
- return;
-
- cifs_sb = CIFS_SB(sb);
- if (tcon->dfs_path && cifs_sb->origin_fullpath &&
- !strcasecmp(tcon->dfs_path, cifs_sb->origin_fullpath))
- sd->sb = sb;
-}
-
-static inline struct super_block *cifs_get_tcon_super(struct cifs_tcon *tcon)
-{
- return __cifs_get_super(tcon_super_cb, tcon);
-}
-
-static inline void cifs_put_tcon_super(struct super_block *sb)
-{
- __cifs_put_super(sb);
-}
-#else
-static inline struct super_block *cifs_get_tcon_super(struct cifs_tcon *tcon)
-{
- return ERR_PTR(-EOPNOTSUPP);
-}
-
-static inline void cifs_put_tcon_super(struct super_block *sb)
-{
-}
-#endif
-
-int update_super_prepath(struct cifs_tcon *tcon, char *prefix)
-{
- struct super_block *sb;
- struct cifs_sb_info *cifs_sb;
- int rc = 0;
-
- sb = cifs_get_tcon_super(tcon);
- if (IS_ERR(sb))
- return PTR_ERR(sb);
-
- cifs_sb = CIFS_SB(sb);
-
kfree(cifs_sb->prepath);
if (prefix && *prefix) {
cifs_sb->prepath = kstrdup(prefix, GFP_ATOMIC);
- if (!cifs_sb->prepath) {
- rc = -ENOMEM;
- goto out;
- }
+ if (!cifs_sb->prepath)
+ return -ENOMEM;
convert_delimiter(cifs_sb->prepath, CIFS_DIR_SEP(cifs_sb));
} else
cifs_sb->prepath = NULL;
cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_USE_PREFIX_PATH;
-
-out:
- cifs_put_tcon_super(sb);
- return rc;
+ return 0;
}
+#endif
diff --git a/fs/cifs/smb2ops.c b/fs/cifs/smb2ops.c
index 53e87466e3b2..5e6526c201fe 100644
--- a/fs/cifs/smb2ops.c
+++ b/fs/cifs/smb2ops.c
@@ -2869,6 +2869,7 @@ smb2_get_dfs_refer(const unsigned int xid, struct cifs_ses *ses,
struct fsctl_get_dfs_referral_req *dfs_req = NULL;
struct get_dfs_referral_rsp *dfs_rsp = NULL;
u32 dfs_req_size = 0, dfs_rsp_size = 0;
+ int retry_count = 0;
cifs_dbg(FYI, "%s: path: %s\n", __func__, search_name);
@@ -2920,11 +2921,14 @@ smb2_get_dfs_refer(const unsigned int xid, struct cifs_ses *ses,
true /* is_fsctl */,
(char *)dfs_req, dfs_req_size, CIFSMaxBufSize,
(char **)&dfs_rsp, &dfs_rsp_size);
- } while (rc == -EAGAIN);
+ if (!is_retryable_error(rc))
+ break;
+ usleep_range(512, 2048);
+ } while (++retry_count < 5);
if (rc) {
- if ((rc != -ENOENT) && (rc != -EOPNOTSUPP))
- cifs_tcon_dbg(VFS, "ioctl error in %s rc=%d\n", __func__, rc);
+ if (!is_retryable_error(rc) && rc != -ENOENT && rc != -EOPNOTSUPP)
+ cifs_tcon_dbg(VFS, "%s: ioctl error: rc=%d\n", __func__, rc);
goto out;
}
diff --git a/fs/cifs/smb2pdu.c b/fs/cifs/smb2pdu.c
index 8aa0372141f5..c0ea2813978b 100644
--- a/fs/cifs/smb2pdu.c
+++ b/fs/cifs/smb2pdu.c
@@ -156,7 +156,11 @@ smb2_reconnect(__le16 smb2_command, struct cifs_tcon *tcon,
if (tcon == NULL)
return 0;
- if (smb2_command == SMB2_TREE_CONNECT)
+ /*
+ * Need to also skip SMB2_IOCTL because it is used for checking nested dfs links in
+ * cifs_tree_connect().
+ */
+ if (smb2_command == SMB2_TREE_CONNECT || smb2_command == SMB2_IOCTL)
return 0;
if (tcon->tidStatus == CifsExiting) {
--
2.35.1
^ permalink raw reply related [flat|nested] 217+ messages in thread
* [PATCH 5.15 011/206] cifs: Fix connections leak when tlink setup failed
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (9 preceding siblings ...)
2022-11-30 18:21 ` [PATCH 5.15 010/206] cifs: support nested dfs links over reconnect Greg Kroah-Hartman
@ 2022-11-30 18:21 ` Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 5.15 012/206] ata: libata-scsi: simplify __ata_scsi_queuecmd() Greg Kroah-Hartman
` (203 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:21 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Paulo Alcantara (SUSE),
Zhang Xiaoxu, Steve French, Sasha Levin
From: Zhang Xiaoxu <zhangxiaoxu5@huawei.com>
[ Upstream commit 1dcdf5f5b2137185cbdd5385f29949ab3da4f00c ]
If the tlink setup failed, lost to put the connections, then
the module refcnt leak since the cifsd kthread not exit.
Also leak the fscache info, and for next mount with fsc, it will
print the follow errors:
CIFS: Cache volume key already in use (cifs,127.0.0.1:445,TEST)
Let's check the result of tlink setup, and do some cleanup.
Fixes: 56c762eb9bee ("cifs: Refactor out cifs_mount()")
Reviewed-by: Paulo Alcantara (SUSE) <pc@cjr.nz>
Signed-off-by: Zhang Xiaoxu <zhangxiaoxu5@huawei.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/cifs/connect.c | 14 +++++++++++---
1 file changed, 11 insertions(+), 3 deletions(-)
diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c
index 902eb8a5afd2..839059b8a9c9 100644
--- a/fs/cifs/connect.c
+++ b/fs/cifs/connect.c
@@ -3550,9 +3550,13 @@ int cifs_mount(struct cifs_sb_info *cifs_sb, struct smb3_fs_context *ctx)
uuid_copy(&cifs_sb->dfs_mount_id, &mnt_ctx.mount_id);
out:
- free_xid(mnt_ctx.xid);
cifs_try_adding_channels(cifs_sb, mnt_ctx.ses);
- return mount_setup_tlink(cifs_sb, mnt_ctx.ses, mnt_ctx.tcon);
+ rc = mount_setup_tlink(cifs_sb, mnt_ctx.ses, mnt_ctx.tcon);
+ if (rc)
+ goto error;
+
+ free_xid(mnt_ctx.xid);
+ return rc;
error:
dfs_cache_put_refsrv_sessions(&mnt_ctx.mount_id);
@@ -3579,8 +3583,12 @@ int cifs_mount(struct cifs_sb_info *cifs_sb, struct smb3_fs_context *ctx)
goto error;
}
+ rc = mount_setup_tlink(cifs_sb, mnt_ctx.ses, mnt_ctx.tcon);
+ if (rc)
+ goto error;
+
free_xid(mnt_ctx.xid);
- return mount_setup_tlink(cifs_sb, mnt_ctx.ses, mnt_ctx.tcon);
+ return rc;
error:
mount_put_conns(&mnt_ctx);
--
2.35.1
^ permalink raw reply related [flat|nested] 217+ messages in thread
* [PATCH 5.15 012/206] ata: libata-scsi: simplify __ata_scsi_queuecmd()
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (10 preceding siblings ...)
2022-11-30 18:21 ` [PATCH 5.15 011/206] cifs: Fix connections leak when tlink setup failed Greg Kroah-Hartman
@ 2022-11-30 18:21 ` Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 5.15 013/206] ata: libata-core: do not issue non-internal commands once EH is pending Greg Kroah-Hartman
` (202 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:21 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Wenchao Hao, Damien Le Moal, Sasha Levin
From: Wenchao Hao <haowenchao@huawei.com>
[ Upstream commit 84eac327af543f03172085d5ef9f98ea25a51191 ]
This patch cleans up the code of __ata_scsi_queuecmd(). Since each
branch of the "if" condition check that scmd->cmd_len is not zero, move
this check out of the "if" to simplify the conditions being checked in
the "else" branch.
While at it, avoid the if-else-if-else structure using if-else if
structure and remove the redundant rc local variable.
This patch does not change the function logic.
Signed-off-by: Wenchao Hao <haowenchao@huawei.com>
Signed-off-by: Damien Le Moal <damien.lemoal@opensource.wdc.com>
Stable-dep-of: e20e81a24a4d ("ata: libata-core: do not issue non-internal commands once EH is pending")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/ata/libata-scsi.c | 45 ++++++++++++++++++---------------------
1 file changed, 21 insertions(+), 24 deletions(-)
diff --git a/drivers/ata/libata-scsi.c b/drivers/ata/libata-scsi.c
index ef41cb385a0d..61b7e0b0bbf6 100644
--- a/drivers/ata/libata-scsi.c
+++ b/drivers/ata/libata-scsi.c
@@ -3990,42 +3990,39 @@ int __ata_scsi_queuecmd(struct scsi_cmnd *scmd, struct ata_device *dev)
{
u8 scsi_op = scmd->cmnd[0];
ata_xlat_func_t xlat_func;
- int rc = 0;
+
+ if (unlikely(!scmd->cmd_len))
+ goto bad_cdb_len;
if (dev->class == ATA_DEV_ATA || dev->class == ATA_DEV_ZAC) {
- if (unlikely(!scmd->cmd_len || scmd->cmd_len > dev->cdb_len))
+ if (unlikely(scmd->cmd_len > dev->cdb_len))
goto bad_cdb_len;
xlat_func = ata_get_xlat_func(dev, scsi_op);
- } else {
- if (unlikely(!scmd->cmd_len))
- goto bad_cdb_len;
+ } else if (likely((scsi_op != ATA_16) || !atapi_passthru16)) {
+ /* relay SCSI command to ATAPI device */
+ int len = COMMAND_SIZE(scsi_op);
- xlat_func = NULL;
- if (likely((scsi_op != ATA_16) || !atapi_passthru16)) {
- /* relay SCSI command to ATAPI device */
- int len = COMMAND_SIZE(scsi_op);
- if (unlikely(len > scmd->cmd_len ||
- len > dev->cdb_len ||
- scmd->cmd_len > ATAPI_CDB_LEN))
- goto bad_cdb_len;
+ if (unlikely(len > scmd->cmd_len ||
+ len > dev->cdb_len ||
+ scmd->cmd_len > ATAPI_CDB_LEN))
+ goto bad_cdb_len;
- xlat_func = atapi_xlat;
- } else {
- /* ATA_16 passthru, treat as an ATA command */
- if (unlikely(scmd->cmd_len > 16))
- goto bad_cdb_len;
+ xlat_func = atapi_xlat;
+ } else {
+ /* ATA_16 passthru, treat as an ATA command */
+ if (unlikely(scmd->cmd_len > 16))
+ goto bad_cdb_len;
- xlat_func = ata_get_xlat_func(dev, scsi_op);
- }
+ xlat_func = ata_get_xlat_func(dev, scsi_op);
}
if (xlat_func)
- rc = ata_scsi_translate(dev, scmd, xlat_func);
- else
- ata_scsi_simulate(dev, scmd);
+ return ata_scsi_translate(dev, scmd, xlat_func);
- return rc;
+ ata_scsi_simulate(dev, scmd);
+
+ return 0;
bad_cdb_len:
DPRINTK("bad CDB len=%u, scsi_op=0x%02x, max=%u\n",
--
2.35.1
^ permalink raw reply related [flat|nested] 217+ messages in thread
* [PATCH 5.15 013/206] ata: libata-core: do not issue non-internal commands once EH is pending
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (11 preceding siblings ...)
2022-11-30 18:21 ` [PATCH 5.15 012/206] ata: libata-scsi: simplify __ata_scsi_queuecmd() Greg Kroah-Hartman
@ 2022-11-30 18:21 ` Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 5.15 014/206] drm/display: Dont assume dual mode adaptors support i2c sub-addressing Greg Kroah-Hartman
` (201 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:21 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Niklas Cassel, John Garry,
Damien Le Moal, Sasha Levin
From: Niklas Cassel <niklas.cassel@wdc.com>
[ Upstream commit e20e81a24a4d58744a29715aac2f795cd1651955 ]
While the ATA specification states that a device should return command
aborted for all commands queued after the device has entered error state,
since ATA only keeps the sense data for the latest command (in non-NCQ
case), we really don't want to send block layer commands to the device
after it has entered error state. (Only ATA EH commands should be sent,
to read the sense data etc.)
Currently, scsi_queue_rq() will check if scsi_host_in_recovery()
(state is SHOST_RECOVERY), and if so, it will _not_ issue a command via:
scsi_dispatch_cmd() -> host->hostt->queuecommand() (ata_scsi_queuecmd())
-> __ata_scsi_queuecmd() -> ata_scsi_translate() -> ata_qc_issue()
Before commit e494f6a72839 ("[SCSI] improved eh timeout handler"),
when receiving a TFES error IRQ, the call chain looked like this:
ahci_error_intr() -> ata_port_abort() -> ata_do_link_abort() ->
ata_qc_complete() -> ata_qc_schedule_eh() -> blk_abort_request() ->
blk_rq_timed_out() -> q->rq_timed_out_fn() (scsi_times_out()) ->
scsi_eh_scmd_add() -> scsi_host_set_state(shost, SHOST_RECOVERY)
Which meant that as soon as an error IRQ was serviced, SHOST_RECOVERY
would be set.
However, after commit e494f6a72839 ("[SCSI] improved eh timeout handler"),
scsi_times_out() will instead call scsi_abort_command() which will queue
delayed work, and the worker function scmd_eh_abort_handler() will call
scsi_eh_scmd_add(), which calls scsi_host_set_state(shost, SHOST_RECOVERY).
So now, after the TFES error IRQ has been serviced, we need to wait for
the SCSI workqueue to run its work before SHOST_RECOVERY gets set.
It is worth noting that, even before commit e494f6a72839 ("[SCSI] improved
eh timeout handler"), we could receive an error IRQ from the time when
scsi_queue_rq() checks scsi_host_in_recovery(), to the time when
ata_scsi_queuecmd() is actually called.
In order to handle both the delayed setting of SHOST_RECOVERY and the
window where we can receive an error IRQ, add a check against
ATA_PFLAG_EH_PENDING (which gets set when servicing the error IRQ),
inside ata_scsi_queuecmd() itself, while holding the ap->lock.
(Since the ap->lock is held while servicing IRQs.)
Fixes: e494f6a72839 ("[SCSI] improved eh timeout handler")
Signed-off-by: Niklas Cassel <niklas.cassel@wdc.com>
Tested-by: John Garry <john.g.garry@oracle.com>
Signed-off-by: Damien Le Moal <damien.lemoal@opensource.wdc.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/ata/libata-scsi.c | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/drivers/ata/libata-scsi.c b/drivers/ata/libata-scsi.c
index 61b7e0b0bbf6..061d2f8feeb5 100644
--- a/drivers/ata/libata-scsi.c
+++ b/drivers/ata/libata-scsi.c
@@ -3988,9 +3988,19 @@ void ata_scsi_dump_cdb(struct ata_port *ap, struct scsi_cmnd *cmd)
int __ata_scsi_queuecmd(struct scsi_cmnd *scmd, struct ata_device *dev)
{
+ struct ata_port *ap = dev->link->ap;
u8 scsi_op = scmd->cmnd[0];
ata_xlat_func_t xlat_func;
+ /*
+ * scsi_queue_rq() will defer commands if scsi_host_in_recovery().
+ * However, this check is done without holding the ap->lock (a libata
+ * specific lock), so we can have received an error irq since then,
+ * therefore we must check if EH is pending, while holding ap->lock.
+ */
+ if (ap->pflags & (ATA_PFLAG_EH_PENDING | ATA_PFLAG_EH_IN_PROGRESS))
+ return SCSI_MLQUEUE_DEVICE_BUSY;
+
if (unlikely(!scmd->cmd_len))
goto bad_cdb_len;
--
2.35.1
^ permalink raw reply related [flat|nested] 217+ messages in thread
* [PATCH 5.15 014/206] drm/display: Dont assume dual mode adaptors support i2c sub-addressing
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (12 preceding siblings ...)
2022-11-30 18:21 ` [PATCH 5.15 013/206] ata: libata-core: do not issue non-internal commands once EH is pending Greg Kroah-Hartman
@ 2022-11-30 18:21 ` Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 5.15 015/206] nvme: add a bogus subsystem NQN quirk for Micron MTFDKBA2T0TFH Greg Kroah-Hartman
` (200 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:21 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Simon Rettberg, Rafael Gieschke,
Ville Syrjälä,
Jani Nikula, Sasha Levin
From: Simon Rettberg <simon.rettberg@rz.uni-freiburg.de>
[ Upstream commit 5954acbacbd1946b96ce8ee799d309cb0cd3cb9d ]
Current dual mode adaptor ("DP++") detection code assumes that all
adaptors support i2c sub-addressing for read operations from the
DP-HDMI adaptor ID buffer. It has been observed that multiple
adaptors do not in fact support this, and always return data starting
at register 0. On affected adaptors, the code fails to read the proper
registers that would identify the device as a type 2 adaptor, and
handles those as type 1, limiting the TMDS clock to 165MHz, even if
the according register would announce a higher TMDS clock.
Fix this by always reading the ID buffer starting from offset 0, and
discarding any bytes before the actual offset of interest.
We tried finding authoritative documentation on whether or not this is
allowed behaviour, but since all the official VESA docs are paywalled,
the best we could come up with was the spec sheet for Texas Instruments'
SNx5DP149 chip family.[1] It explicitly mentions that sub-addressing is
supported for register writes, but *not* for reads (See NOTE in
section 8.5.3). Unless TI openly decided to violate the VESA spec, one
could take that as a hint that sub-addressing is in fact not mandated
by VESA.
The other two adaptors affected used the PS8409(A) and the LT8611,
according to the data returned from their ID buffers.
[1] https://www.ti.com/lit/ds/symlink/sn75dp149.pdf
Cc: stable@vger.kernel.org
Signed-off-by: Simon Rettberg <simon.rettberg@rz.uni-freiburg.de>
Reviewed-by: Rafael Gieschke <rafael.gieschke@rz.uni-freiburg.de>
Signed-off-by: Ville Syrjälä <ville.syrjala@linux.intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20221006113314.41101987@computer
Acked-by: Jani Nikula <jani.nikula@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/drm_dp_dual_mode_helper.c | 51 +++++++++++++----------
1 file changed, 29 insertions(+), 22 deletions(-)
diff --git a/drivers/gpu/drm/drm_dp_dual_mode_helper.c b/drivers/gpu/drm/drm_dp_dual_mode_helper.c
index 9faf49354cab..cb52a00ae1b1 100644
--- a/drivers/gpu/drm/drm_dp_dual_mode_helper.c
+++ b/drivers/gpu/drm/drm_dp_dual_mode_helper.c
@@ -63,23 +63,45 @@
ssize_t drm_dp_dual_mode_read(struct i2c_adapter *adapter,
u8 offset, void *buffer, size_t size)
{
+ u8 zero = 0;
+ char *tmpbuf = NULL;
+ /*
+ * As sub-addressing is not supported by all adaptors,
+ * always explicitly read from the start and discard
+ * any bytes that come before the requested offset.
+ * This way, no matter whether the adaptor supports it
+ * or not, we'll end up reading the proper data.
+ */
struct i2c_msg msgs[] = {
{
.addr = DP_DUAL_MODE_SLAVE_ADDRESS,
.flags = 0,
.len = 1,
- .buf = &offset,
+ .buf = &zero,
},
{
.addr = DP_DUAL_MODE_SLAVE_ADDRESS,
.flags = I2C_M_RD,
- .len = size,
+ .len = size + offset,
.buf = buffer,
},
};
int ret;
+ if (offset) {
+ tmpbuf = kmalloc(size + offset, GFP_KERNEL);
+ if (!tmpbuf)
+ return -ENOMEM;
+
+ msgs[1].buf = tmpbuf;
+ }
+
ret = i2c_transfer(adapter, msgs, ARRAY_SIZE(msgs));
+ if (tmpbuf)
+ memcpy(buffer, tmpbuf + offset, size);
+
+ kfree(tmpbuf);
+
if (ret < 0)
return ret;
if (ret != ARRAY_SIZE(msgs))
@@ -208,18 +230,6 @@ enum drm_dp_dual_mode_type drm_dp_dual_mode_detect(const struct drm_device *dev,
if (ret)
return DRM_DP_DUAL_MODE_UNKNOWN;
- /*
- * Sigh. Some (maybe all?) type 1 adaptors are broken and ack
- * the offset but ignore it, and instead they just always return
- * data from the start of the HDMI ID buffer. So for a broken
- * type 1 HDMI adaptor a single byte read will always give us
- * 0x44, and for a type 1 DVI adaptor it should give 0x00
- * (assuming it implements any registers). Fortunately neither
- * of those values will match the type 2 signature of the
- * DP_DUAL_MODE_ADAPTOR_ID register so we can proceed with
- * the type 2 adaptor detection safely even in the presence
- * of broken type 1 adaptors.
- */
ret = drm_dp_dual_mode_read(adapter, DP_DUAL_MODE_ADAPTOR_ID,
&adaptor_id, sizeof(adaptor_id));
drm_dbg_kms(dev, "DP dual mode adaptor ID: %02x (err %zd)\n", adaptor_id, ret);
@@ -233,11 +243,10 @@ enum drm_dp_dual_mode_type drm_dp_dual_mode_detect(const struct drm_device *dev,
return DRM_DP_DUAL_MODE_TYPE2_DVI;
}
/*
- * If neither a proper type 1 ID nor a broken type 1 adaptor
- * as described above, assume type 1, but let the user know
- * that we may have misdetected the type.
+ * If not a proper type 1 ID, still assume type 1, but let
+ * the user know that we may have misdetected the type.
*/
- if (!is_type1_adaptor(adaptor_id) && adaptor_id != hdmi_id[0])
+ if (!is_type1_adaptor(adaptor_id))
drm_err(dev, "Unexpected DP dual mode adaptor ID %02x\n", adaptor_id);
}
@@ -343,10 +352,8 @@ EXPORT_SYMBOL(drm_dp_dual_mode_get_tmds_output);
* @enable: enable (as opposed to disable) the TMDS output buffers
*
* Set the state of the TMDS output buffers in the adaptor. For
- * type2 this is set via the DP_DUAL_MODE_TMDS_OEN register. As
- * some type 1 adaptors have problems with registers (see comments
- * in drm_dp_dual_mode_detect()) we avoid touching the register,
- * making this function a no-op on type 1 adaptors.
+ * type2 this is set via the DP_DUAL_MODE_TMDS_OEN register.
+ * Type1 adaptors do not support any register writes.
*
* Returns:
* 0 on success, negative error code on failure
--
2.35.1
^ permalink raw reply related [flat|nested] 217+ messages in thread
* [PATCH 5.15 015/206] nvme: add a bogus subsystem NQN quirk for Micron MTFDKBA2T0TFH
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (13 preceding siblings ...)
2022-11-30 18:21 ` [PATCH 5.15 014/206] drm/display: Dont assume dual mode adaptors support i2c sub-addressing Greg Kroah-Hartman
@ 2022-11-30 18:21 ` Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 5.15 016/206] nvme-pci: add NVME_QUIRK_BOGUS_NID for Micron Nitro Greg Kroah-Hartman
` (199 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:21 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Leo Savernik, Keith Busch,
Christoph Hellwig, Sasha Levin
From: Leo Savernik <l.savernik@aon.at>
[ Upstream commit 41f38043f884c66af4114a7109cf540d6222f450 ]
The Micron MTFDKBA2T0TFH device reports the same subsysem NQN for
all devices. Add a quick to ignore it.
Signed-off-by: Leo Savernik <l.savernik@aon.at>
Reviewed-by: Keith Busch <kbusch@kernel.org>
Signed-off-by: Christoph Hellwig <hch@lst.de>
Stable-dep-of: d5ceb4d1c507 ("nvme-pci: add NVME_QUIRK_BOGUS_NID for Micron Nitro")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/nvme/host/pci.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/nvme/host/pci.c b/drivers/nvme/host/pci.c
index e9f3701dda3f..4fa2955dbf6c 100644
--- a/drivers/nvme/host/pci.c
+++ b/drivers/nvme/host/pci.c
@@ -3351,6 +3351,8 @@ static const struct pci_device_id nvme_id_table[] = {
{ PCI_DEVICE(0x1cc1, 0x8201), /* ADATA SX8200PNP 512GB */
.driver_data = NVME_QUIRK_NO_DEEPEST_PS |
NVME_QUIRK_IGNORE_DEV_SUBNQN, },
+ { PCI_DEVICE(0x1344, 0x5407), /* Micron Technology Inc NVMe SSD */
+ .driver_data = NVME_QUIRK_IGNORE_DEV_SUBNQN },
{ PCI_DEVICE(0x1c5c, 0x1504), /* SK Hynix PC400 */
.driver_data = NVME_QUIRK_DISABLE_WRITE_ZEROES, },
{ PCI_DEVICE(0x15b7, 0x2001), /* Sandisk Skyhawk */
--
2.35.1
^ permalink raw reply related [flat|nested] 217+ messages in thread
* [PATCH 5.15 016/206] nvme-pci: add NVME_QUIRK_BOGUS_NID for Micron Nitro
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (14 preceding siblings ...)
2022-11-30 18:21 ` [PATCH 5.15 015/206] nvme: add a bogus subsystem NQN quirk for Micron MTFDKBA2T0TFH Greg Kroah-Hartman
@ 2022-11-30 18:21 ` Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 5.15 017/206] nvme-pci: disable namespace identifiers for the MAXIO MAP1001 Greg Kroah-Hartman
` (198 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:21 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Bean Huo, Christoph Hellwig, Sasha Levin
From: Bean Huo <beanhuo@micron.com>
[ Upstream commit d5ceb4d1c50786d21de3d4b06c3f43109ec56dd8 ]
Added a quirk to fix Micron Nitro NVMe reporting duplicate NGUIDs.
Cc: <stable@vger.kernel.org>
Signed-off-by: Bean Huo <beanhuo@micron.com>
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/nvme/host/pci.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/nvme/host/pci.c b/drivers/nvme/host/pci.c
index 4fa2955dbf6c..278302771841 100644
--- a/drivers/nvme/host/pci.c
+++ b/drivers/nvme/host/pci.c
@@ -3353,6 +3353,8 @@ static const struct pci_device_id nvme_id_table[] = {
NVME_QUIRK_IGNORE_DEV_SUBNQN, },
{ PCI_DEVICE(0x1344, 0x5407), /* Micron Technology Inc NVMe SSD */
.driver_data = NVME_QUIRK_IGNORE_DEV_SUBNQN },
+ { PCI_DEVICE(0x1344, 0x6001), /* Micron Nitro NVMe */
+ .driver_data = NVME_QUIRK_BOGUS_NID, },
{ PCI_DEVICE(0x1c5c, 0x1504), /* SK Hynix PC400 */
.driver_data = NVME_QUIRK_DISABLE_WRITE_ZEROES, },
{ PCI_DEVICE(0x15b7, 0x2001), /* Sandisk Skyhawk */
--
2.35.1
^ permalink raw reply related [flat|nested] 217+ messages in thread
* [PATCH 5.15 017/206] nvme-pci: disable namespace identifiers for the MAXIO MAP1001
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (15 preceding siblings ...)
2022-11-30 18:21 ` [PATCH 5.15 016/206] nvme-pci: add NVME_QUIRK_BOGUS_NID for Micron Nitro Greg Kroah-Hartman
@ 2022-11-30 18:21 ` Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 5.15 018/206] nvme-pci: disable write zeroes on various Kingston SSD Greg Kroah-Hartman
` (197 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:21 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Arman Hajishafieha,
Christoph Hellwig, Chaitanya Kulkarni, Sasha Levin
From: Christoph Hellwig <hch@lst.de>
[ Upstream commit 70ce3455345d056b5fc427c3bb4a3ff4d126b6d5 ]
The MAXIO MAP1001 controllers reports completely bogus Namespace
identifiers that even change after suspend cycles. Disable using
the Identifiers entirely.
Reported-by: Arman Hajishafieha <arman.hajishafieha@hotmail.com>
Signed-off-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Chaitanya Kulkarni <kch@nvidia.com>
Tested-by: Arman Hajishafieha <arman.hajishafieha@hotmail.com>
Stable-dep-of: 8d6e38f636ac ("nvme-pci: add NVME_QUIRK_BOGUS_NID for Netac NV7000")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/nvme/host/pci.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/nvme/host/pci.c b/drivers/nvme/host/pci.c
index 278302771841..66e252af9218 100644
--- a/drivers/nvme/host/pci.c
+++ b/drivers/nvme/host/pci.c
@@ -3365,6 +3365,8 @@ static const struct pci_device_id nvme_id_table[] = {
.driver_data = NVME_QUIRK_NO_DEEPEST_PS, },
{ PCI_DEVICE(0x2646, 0x2263), /* KINGSTON A2000 NVMe SSD */
.driver_data = NVME_QUIRK_NO_DEEPEST_PS, },
+ { PCI_DEVICE(0x1e4B, 0x1001), /* MAXIO MAP1001 */
+ .driver_data = NVME_QUIRK_BOGUS_NID, },
{ PCI_DEVICE(0x1e4B, 0x1002), /* MAXIO MAP1002 */
.driver_data = NVME_QUIRK_BOGUS_NID, },
{ PCI_DEVICE(0x1e4B, 0x1202), /* MAXIO MAP1202 */
--
2.35.1
^ permalink raw reply related [flat|nested] 217+ messages in thread
* [PATCH 5.15 018/206] nvme-pci: disable write zeroes on various Kingston SSD
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (16 preceding siblings ...)
2022-11-30 18:21 ` [PATCH 5.15 017/206] nvme-pci: disable namespace identifiers for the MAXIO MAP1001 Greg Kroah-Hartman
@ 2022-11-30 18:21 ` Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 5.15 019/206] nvme-pci: add NVME_QUIRK_BOGUS_NID for Netac NV7000 Greg Kroah-Hartman
` (196 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:21 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Xander Li, Christoph Hellwig, Sasha Levin
From: Xander Li <xander_li@kingston.com.tw>
[ Upstream commit ac9b57d4e1e3ecf0122e915bbba1bd4c90ec3031 ]
Kingston SSDs do support NVMe Write_Zeroes cmd but take long time to
process. The firmware version is locked by these SSDs, we can not expect
firmware improvement, so disable Write_Zeroes cmd.
Signed-off-by: Xander Li <xander_li@kingston.com.tw>
Signed-off-by: Christoph Hellwig <hch@lst.de>
Stable-dep-of: 8d6e38f636ac ("nvme-pci: add NVME_QUIRK_BOGUS_NID for Netac NV7000")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/nvme/host/pci.c | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/drivers/nvme/host/pci.c b/drivers/nvme/host/pci.c
index 66e252af9218..a1a803b3105a 100644
--- a/drivers/nvme/host/pci.c
+++ b/drivers/nvme/host/pci.c
@@ -3365,6 +3365,16 @@ static const struct pci_device_id nvme_id_table[] = {
.driver_data = NVME_QUIRK_NO_DEEPEST_PS, },
{ PCI_DEVICE(0x2646, 0x2263), /* KINGSTON A2000 NVMe SSD */
.driver_data = NVME_QUIRK_NO_DEEPEST_PS, },
+ { PCI_DEVICE(0x2646, 0x5018), /* KINGSTON OM8SFP4xxxxP OS21012 NVMe SSD */
+ .driver_data = NVME_QUIRK_DISABLE_WRITE_ZEROES, },
+ { PCI_DEVICE(0x2646, 0x5016), /* KINGSTON OM3PGP4xxxxP OS21011 NVMe SSD */
+ .driver_data = NVME_QUIRK_DISABLE_WRITE_ZEROES, },
+ { PCI_DEVICE(0x2646, 0x501A), /* KINGSTON OM8PGP4xxxxP OS21005 NVMe SSD */
+ .driver_data = NVME_QUIRK_DISABLE_WRITE_ZEROES, },
+ { PCI_DEVICE(0x2646, 0x501B), /* KINGSTON OM8PGP4xxxxQ OS21005 NVMe SSD */
+ .driver_data = NVME_QUIRK_DISABLE_WRITE_ZEROES, },
+ { PCI_DEVICE(0x2646, 0x501E), /* KINGSTON OM3PGP4xxxxQ OS21011 NVMe SSD */
+ .driver_data = NVME_QUIRK_DISABLE_WRITE_ZEROES, },
{ PCI_DEVICE(0x1e4B, 0x1001), /* MAXIO MAP1001 */
.driver_data = NVME_QUIRK_BOGUS_NID, },
{ PCI_DEVICE(0x1e4B, 0x1002), /* MAXIO MAP1002 */
--
2.35.1
^ permalink raw reply related [flat|nested] 217+ messages in thread
* [PATCH 5.15 019/206] nvme-pci: add NVME_QUIRK_BOGUS_NID for Netac NV7000
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (17 preceding siblings ...)
2022-11-30 18:21 ` [PATCH 5.15 018/206] nvme-pci: disable write zeroes on various Kingston SSD Greg Kroah-Hartman
@ 2022-11-30 18:21 ` Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 5.15 020/206] speakup: Generate speakupmap.h automatically Greg Kroah-Hartman
` (195 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:21 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Tiago Dias Ferreira,
Chaitanya Kulkarni, Christoph Hellwig, Sasha Levin
From: Tiago Dias Ferreira <tiagodfer@gmail.com>
[ Upstream commit 8d6e38f636ac063e8062a21e7616f7d9bf0df5d8 ]
Added a quirk to fix the Netac NV7000 SSD reporting duplicate NGUIDs.
Cc: <stable@vger.kernel.org>
Signed-off-by: Tiago Dias Ferreira <tiagodfer@gmail.com>
Reviewed-by: Chaitanya Kulkarni <kch@nvidia.com>
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/nvme/host/pci.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/nvme/host/pci.c b/drivers/nvme/host/pci.c
index a1a803b3105a..772bdc6845fb 100644
--- a/drivers/nvme/host/pci.c
+++ b/drivers/nvme/host/pci.c
@@ -3375,6 +3375,8 @@ static const struct pci_device_id nvme_id_table[] = {
.driver_data = NVME_QUIRK_DISABLE_WRITE_ZEROES, },
{ PCI_DEVICE(0x2646, 0x501E), /* KINGSTON OM3PGP4xxxxQ OS21011 NVMe SSD */
.driver_data = NVME_QUIRK_DISABLE_WRITE_ZEROES, },
+ { PCI_DEVICE(0x1f40, 0x5236), /* Netac Technologies Co. NV7000 NVMe SSD */
+ .driver_data = NVME_QUIRK_BOGUS_NID, },
{ PCI_DEVICE(0x1e4B, 0x1001), /* MAXIO MAP1001 */
.driver_data = NVME_QUIRK_BOGUS_NID, },
{ PCI_DEVICE(0x1e4B, 0x1002), /* MAXIO MAP1002 */
--
2.35.1
^ permalink raw reply related [flat|nested] 217+ messages in thread
* [PATCH 5.15 020/206] speakup: Generate speakupmap.h automatically
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (18 preceding siblings ...)
2022-11-30 18:21 ` [PATCH 5.15 019/206] nvme-pci: add NVME_QUIRK_BOGUS_NID for Netac NV7000 Greg Kroah-Hartman
@ 2022-11-30 18:21 ` Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 5.15 021/206] speakup: replace utils u_char with unsigned char Greg Kroah-Hartman
` (194 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:21 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Samuel Thibault, Sasha Levin
From: Samuel Thibault <samuel.thibault@ens-lyon.org>
[ Upstream commit 6646b95aab5f62c049f1416a3801dec5432c348b ]
speakupmap.h was not actually intended to be source code, speakupmap.map
is.
This resurrects the makemapdata.c and genmap.c tools to generate
speakupmap.h automatically from the input and speakup headers, and the
speakupmap.map keyboard mapping source file.
Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
Link: https://lore.kernel.org/r/20220515230358.ikwt2kspiwvv5cf4@begin
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Stable-dep-of: 92ca969ff881 ("speakup: replace utils' u_char with unsigned char")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/accessibility/speakup/.gitignore | 4 +
drivers/accessibility/speakup/Makefile | 28 ++++
drivers/accessibility/speakup/genmap.c | 162 ++++++++++++++++++++
drivers/accessibility/speakup/makemapdata.c | 125 +++++++++++++++
drivers/accessibility/speakup/speakupmap.h | 66 --------
drivers/accessibility/speakup/utils.h | 102 ++++++++++++
6 files changed, 421 insertions(+), 66 deletions(-)
create mode 100644 drivers/accessibility/speakup/.gitignore
create mode 100644 drivers/accessibility/speakup/genmap.c
create mode 100644 drivers/accessibility/speakup/makemapdata.c
delete mode 100644 drivers/accessibility/speakup/speakupmap.h
create mode 100644 drivers/accessibility/speakup/utils.h
diff --git a/drivers/accessibility/speakup/.gitignore b/drivers/accessibility/speakup/.gitignore
new file mode 100644
index 000000000000..ac084679fea7
--- /dev/null
+++ b/drivers/accessibility/speakup/.gitignore
@@ -0,0 +1,4 @@
+/makemapdata
+/mapdata.h
+/genmap
+/speakupmap.h
diff --git a/drivers/accessibility/speakup/Makefile b/drivers/accessibility/speakup/Makefile
index 6e4bfac8af65..ba69b0803d42 100644
--- a/drivers/accessibility/speakup/Makefile
+++ b/drivers/accessibility/speakup/Makefile
@@ -30,3 +30,31 @@ speakup-y := \
thread.o \
varhandlers.o
speakup-$(CONFIG_SPEAKUP_SERIALIO) += serialio.o
+
+
+clean-files := mapdata.h speakupmap.h
+
+
+# Generate mapdata.h from headers
+hostprogs += makemapdata
+makemapdata-objs := makemapdata.o
+
+quiet_cmd_mkmap = MKMAP $@
+ cmd_mkmap = TOPDIR=$(srctree) $(obj)/makemapdata > $@
+
+$(obj)/mapdata.h: $(obj)/makemapdata
+ $(call cmd,mkmap)
+
+
+# Generate speakupmap.h from mapdata.h
+hostprogs += genmap
+genmap-objs := genmap.o
+$(obj)/genmap.o: $(obj)/mapdata.h
+
+quiet_cmd_genmap = GENMAP $@
+ cmd_genmap = $(obj)/genmap $< > $@
+
+$(obj)/speakupmap.h: $(src)/speakupmap.map $(obj)/genmap
+ $(call cmd,genmap)
+
+$(obj)/main.o: $(obj)/speakupmap.h
diff --git a/drivers/accessibility/speakup/genmap.c b/drivers/accessibility/speakup/genmap.c
new file mode 100644
index 000000000000..0125000e00d9
--- /dev/null
+++ b/drivers/accessibility/speakup/genmap.c
@@ -0,0 +1,162 @@
+// SPDX-License-Identifier: GPL-2.0+
+/* genmap.c
+ * originally written by: Kirk Reiser.
+ *
+ ** Copyright (C) 2002 Kirk Reiser.
+ * Copyright (C) 2003 David Borowski.
+ */
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <libgen.h>
+#include <string.h>
+#include <linux/version.h>
+#include <ctype.h>
+#include "utils.h"
+
+struct st_key_init {
+ char *name;
+ int value, shift;
+};
+
+static unsigned char key_data[MAXKEYVAL][16], *kp;
+
+#include "mapdata.h"
+
+static const char delims[] = "\t\n ";
+static char *cp;
+static int map_ver = 119; /* an arbitrary number so speakup can check */
+static int shift_table[17];
+static int max_states = 1, flags;
+/* flags reserved for later, maybe for individual console maps */
+
+static int get_shift_value(int state)
+{
+ int i;
+
+ for (i = 0; shift_table[i] != state; i++) {
+ if (shift_table[i] == -1) {
+ if (i >= 16)
+ oops("too many shift states", NULL);
+ shift_table[i] = state;
+ max_states = i+1;
+ break;
+ }
+ }
+ return i;
+}
+
+int
+main(int argc, char *argv[])
+{
+ int value, shift_state, i, spk_val = 0, lock_val = 0;
+ int max_key_used = 0, num_keys_used = 0;
+ struct st_key *this;
+ struct st_key_init *p_init;
+ char buffer[256];
+
+ bzero(key_table, sizeof(key_table));
+ bzero(key_data, sizeof(key_data));
+
+ shift_table[0] = 0;
+ for (i = 1; i <= 16; i++)
+ shift_table[i] = -1;
+
+ if (argc < 2) {
+ fputs("usage: genmap filename\n", stderr);
+ exit(1);
+ }
+
+ for (p_init = init_key_data; p_init->name[0] != '.'; p_init++)
+ add_key(p_init->name, p_init->value, p_init->shift);
+
+ open_input(NULL, argv[1]);
+ while (fgets(buffer, sizeof(buffer), infile)) {
+ lc++;
+ value = shift_state = 0;
+
+ cp = strtok(buffer, delims);
+ if (*cp == '#')
+ continue;
+
+ while (cp) {
+ if (*cp == '=')
+ break;
+ this = find_key(cp);
+ if (this == NULL)
+ oops("unknown key/modifier", cp);
+ if (this->shift == is_shift) {
+ if (value)
+ oops("modifiers must come first", cp);
+ shift_state += this->value;
+ } else if (this->shift == is_input)
+ value = this->value;
+ else
+ oops("bad modifier or key", cp);
+ cp = strtok(0, delims);
+ }
+ if (!cp)
+ oops("no = found", NULL);
+
+ cp = strtok(0, delims);
+ if (!cp)
+ oops("no speakup function after =", NULL);
+
+ this = find_key(cp);
+ if (this == NULL || this->shift != is_spk)
+ oops("invalid speakup function", cp);
+
+ i = get_shift_value(shift_state);
+ if (key_data[value][i]) {
+ while (--cp > buffer)
+ if (!*cp)
+ *cp = ' ';
+ oops("two functions on same key combination", cp);
+ }
+ key_data[value][i] = (char)this->value;
+ if (value > max_key_used)
+ max_key_used = value;
+ }
+ fclose(infile);
+
+ this = find_key("spk_key");
+ if (this)
+ spk_val = this->value;
+
+ this = find_key("spk_lock");
+ if (this)
+ lock_val = this->value;
+
+ for (lc = 1; lc <= max_key_used; lc++) {
+ kp = key_data[lc];
+ if (!memcmp(key_data[0], kp, 16))
+ continue;
+ num_keys_used++;
+ for (i = 0; i < max_states; i++) {
+ if (kp[i] != spk_val && kp[i] != lock_val)
+ continue;
+ shift_state = shift_table[i];
+ if (shift_state&16)
+ continue;
+ shift_state = get_shift_value(shift_state+16);
+ kp[shift_state] = kp[i];
+ /* fill in so we can process the key up, as spk bit will be set */
+ }
+ }
+
+ printf("\t%d, %d, %d,\n\t", map_ver, num_keys_used, max_states);
+ for (i = 0; i < max_states; i++)
+ printf("%d, ", shift_table[i]);
+ printf("%d,", flags);
+ for (lc = 1; lc <= max_key_used; lc++) {
+ kp = key_data[lc];
+ if (!memcmp(key_data[0], kp, 16))
+ continue;
+ printf("\n\t%d,", lc);
+ for (i = 0; i < max_states; i++)
+ printf(" %d,", (unsigned int)kp[i]);
+ }
+ printf("\n\t0, %d\n", map_ver);
+
+ exit(0);
+}
diff --git a/drivers/accessibility/speakup/makemapdata.c b/drivers/accessibility/speakup/makemapdata.c
new file mode 100644
index 000000000000..81db9ebf1fff
--- /dev/null
+++ b/drivers/accessibility/speakup/makemapdata.c
@@ -0,0 +1,125 @@
+// SPDX-License-Identifier: GPL-2.0+
+/* makemapdata.c
+ * originally written by: Kirk Reiser.
+ *
+ ** Copyright (C) 2002 Kirk Reiser.
+ * Copyright (C) 2003 David Borowski.
+ */
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <libgen.h>
+#include <string.h>
+#include <linux/version.h>
+#include <ctype.h>
+#include "utils.h"
+
+static char buffer[256];
+
+static int get_define(void)
+{
+ char *c;
+
+ while (fgets(buffer, sizeof(buffer)-1, infile)) {
+ lc++;
+ if (strncmp(buffer, "#define", 7))
+ continue;
+ c = buffer + 7;
+ while (*c == ' ' || *c == '\t')
+ c++;
+ def_name = c;
+ while (*c && *c != ' ' && *c != '\t' && *c != '\n')
+ c++;
+ if (!*c || *c == '\n')
+ continue;
+ *c++ = '\0';
+ while (*c == ' ' || *c == '\t' || *c == '(')
+ c++;
+ def_val = c;
+ while (*c && *c != '\n' && *c != ')')
+ c++;
+ *c++ = '\0';
+ return 1;
+ }
+ fclose(infile);
+ infile = 0;
+ return 0;
+}
+
+int
+main(int argc, char *argv[])
+{
+ int value, i;
+ struct st_key *this;
+ const char *dir_name;
+ char *cp;
+
+ dir_name = getenv("TOPDIR");
+ if (!dir_name)
+ dir_name = ".";
+ bzero(key_table, sizeof(key_table));
+ add_key("shift", 1, is_shift);
+ add_key("altgr", 2, is_shift);
+ add_key("ctrl", 4, is_shift);
+ add_key("alt", 8, is_shift);
+ add_key("spk", 16, is_shift);
+ add_key("double", 32, is_shift);
+
+ open_input(dir_name, "include/linux/input.h");
+ while (get_define()) {
+ if (strncmp(def_name, "KEY_", 4))
+ continue;
+ value = atoi(def_val);
+ if (value > 0 && value < MAXKEYVAL)
+ add_key(def_name, value, is_input);
+ }
+
+ open_input(dir_name, "include/uapi/linux/input-event-codes.h");
+ while (get_define()) {
+ if (strncmp(def_name, "KEY_", 4))
+ continue;
+ value = atoi(def_val);
+ if (value > 0 && value < MAXKEYVAL)
+ add_key(def_name, value, is_input);
+ }
+
+ open_input(dir_name, "drivers/accessibility/speakup/spk_priv_keyinfo.h");
+ while (get_define()) {
+ if (strlen(def_val) > 5) {
+ //if (def_val[0] == '(')
+ // def_val++;
+ cp = strchr(def_val, '+');
+ if (!cp)
+ continue;
+ if (cp[-1] == ' ')
+ cp[-1] = '\0';
+ *cp++ = '\0';
+ this = find_key(def_val);
+ while (*cp == ' ')
+ cp++;
+ if (!this || *cp < '0' || *cp > '9')
+ continue;
+ value = this->value+atoi(cp);
+ } else if (!strncmp(def_val, "0x", 2))
+ sscanf(def_val+2, "%x", &value);
+ else if (*def_val >= '0' && *def_val <= '9')
+ value = atoi(def_val);
+ else
+ continue;
+ add_key(def_name, value, is_spk);
+ }
+
+ printf("struct st_key_init init_key_data[] = {\n");
+ for (i = 0; i < HASHSIZE; i++) {
+ this = &key_table[i];
+ if (!this->name)
+ continue;
+ do {
+ printf("\t{ \"%s\", %d, %d, },\n", this->name, this->value, this->shift);
+ this = this->next;
+ } while (this);
+ }
+ printf("\t{ \".\", 0, 0 }\n};\n");
+
+ exit(0);
+}
diff --git a/drivers/accessibility/speakup/speakupmap.h b/drivers/accessibility/speakup/speakupmap.h
deleted file mode 100644
index c60d7339b89a..000000000000
--- a/drivers/accessibility/speakup/speakupmap.h
+++ /dev/null
@@ -1,66 +0,0 @@
-/* SPDX-License-Identifier: GPL-2.0 */
- 119, 62, 6,
- 0, 16, 20, 17, 32, 48, 0,
- 2, 0, 78, 0, 0, 0, 0,
- 3, 0, 79, 0, 0, 0, 0,
- 4, 0, 76, 0, 0, 0, 0,
- 5, 0, 77, 0, 0, 0, 0,
- 6, 0, 74, 0, 0, 0, 0,
- 7, 0, 75, 0, 0, 0, 0,
- 9, 0, 5, 46, 0, 0, 0,
- 10, 0, 4, 0, 0, 0, 0,
- 11, 0, 0, 1, 0, 0, 0,
- 12, 0, 27, 0, 33, 0, 0,
- 19, 0, 47, 0, 0, 0, 0,
- 21, 0, 29, 17, 0, 0, 0,
- 22, 0, 15, 0, 0, 0, 0,
- 23, 0, 14, 0, 0, 0, 28,
- 24, 0, 16, 0, 0, 0, 0,
- 25, 0, 30, 18, 0, 0, 0,
- 28, 0, 3, 26, 0, 0, 0,
- 35, 0, 31, 0, 0, 0, 0,
- 36, 0, 12, 0, 0, 0, 0,
- 37, 0, 11, 0, 0, 0, 22,
- 38, 0, 13, 0, 0, 0, 0,
- 39, 0, 32, 7, 0, 0, 0,
- 40, 0, 23, 0, 0, 0, 0,
- 44, 0, 44, 0, 0, 0, 0,
- 49, 0, 24, 0, 0, 0, 0,
- 50, 0, 9, 19, 6, 0, 0,
- 51, 0, 8, 0, 0, 0, 36,
- 52, 0, 10, 20, 0, 0, 0,
- 53, 0, 25, 0, 0, 0, 0,
- 55, 46, 1, 0, 0, 0, 0,
- 58, 128, 128, 0, 0, 0, 0,
- 59, 0, 45, 0, 0, 0, 0,
- 60, 0, 40, 0, 0, 0, 0,
- 61, 0, 41, 0, 0, 0, 0,
- 62, 0, 42, 0, 0, 0, 0,
- 63, 0, 34, 0, 0, 0, 0,
- 64, 0, 35, 0, 0, 0, 0,
- 65, 0, 37, 0, 0, 0, 0,
- 66, 0, 38, 0, 0, 0, 0,
- 67, 0, 66, 0, 39, 0, 0,
- 68, 0, 67, 0, 0, 0, 0,
- 71, 15, 19, 0, 0, 0, 0,
- 72, 14, 29, 0, 0, 28, 0,
- 73, 16, 17, 0, 0, 0, 0,
- 74, 27, 33, 0, 0, 0, 0,
- 75, 12, 31, 0, 0, 0, 0,
- 76, 11, 21, 0, 0, 22, 0,
- 77, 13, 32, 0, 0, 0, 0,
- 78, 23, 43, 0, 0, 0, 0,
- 79, 9, 20, 0, 0, 0, 0,
- 80, 8, 30, 0, 0, 36, 0,
- 81, 10, 18, 0, 0, 0, 0,
- 82, 128, 128, 0, 0, 0, 0,
- 83, 24, 25, 0, 0, 0, 0,
- 87, 0, 68, 0, 0, 0, 0,
- 88, 0, 69, 0, 0, 0, 0,
- 96, 3, 26, 0, 0, 0, 0,
- 98, 4, 5, 0, 0, 0, 0,
- 99, 2, 0, 0, 0, 0, 0,
- 104, 0, 6, 0, 0, 0, 0,
- 109, 0, 7, 0, 0, 0, 0,
- 125, 128, 128, 0, 0, 0, 0,
- 0, 119
diff --git a/drivers/accessibility/speakup/utils.h b/drivers/accessibility/speakup/utils.h
new file mode 100644
index 000000000000..4bf2ee8ac246
--- /dev/null
+++ b/drivers/accessibility/speakup/utils.h
@@ -0,0 +1,102 @@
+/* SPDX-License-Identifier: GPL-2.0+ */
+/* utils.h
+ * originally written by: Kirk Reiser.
+ *
+ ** Copyright (C) 2002 Kirk Reiser.
+ * Copyright (C) 2003 David Borowski.
+ */
+
+#include <stdio.h>
+
+#define MAXKEYS 512
+#define MAXKEYVAL 160
+#define HASHSIZE 101
+#define is_shift -3
+#define is_spk -2
+#define is_input -1
+
+struct st_key {
+ char *name;
+ struct st_key *next;
+ int value, shift;
+};
+
+struct st_key key_table[MAXKEYS];
+struct st_key *extra_keys = key_table+HASHSIZE;
+char *def_name, *def_val;
+FILE *infile;
+int lc;
+
+char filename[256];
+
+static inline void open_input(const char *dir_name, const char *name)
+{
+ if (dir_name)
+ snprintf(filename, sizeof(filename), "%s/%s", dir_name, name);
+ else
+ snprintf(filename, sizeof(filename), "%s", name);
+ infile = fopen(filename, "r");
+ if (infile == 0) {
+ fprintf(stderr, "can't open %s\n", filename);
+ exit(1);
+ }
+ lc = 0;
+}
+
+static inline int oops(const char *msg, const char *info)
+{
+ if (info == NULL)
+ info = "";
+ fprintf(stderr, "error: file %s line %d\n", filename, lc);
+ fprintf(stderr, "%s %s\n", msg, info);
+ exit(1);
+}
+
+static inline struct st_key *hash_name(char *name)
+{
+ u_char *pn = (u_char *)name;
+ int hash = 0;
+
+ while (*pn) {
+ hash = (hash * 17) & 0xfffffff;
+ if (isupper(*pn))
+ *pn = tolower(*pn);
+ hash += (int)*pn;
+ pn++;
+ }
+ hash %= HASHSIZE;
+ return &key_table[hash];
+}
+
+static inline struct st_key *find_key(char *name)
+{
+ struct st_key *this = hash_name(name);
+
+ while (this) {
+ if (this->name && !strcmp(name, this->name))
+ return this;
+ this = this->next;
+ }
+ return this;
+}
+
+static inline struct st_key *add_key(char *name, int value, int shift)
+{
+ struct st_key *this = hash_name(name);
+
+ if (extra_keys-key_table >= MAXKEYS)
+ oops("out of key table space, enlarge MAXKEYS", NULL);
+ if (this->name != NULL) {
+ while (this->next) {
+ if (!strcmp(name, this->name))
+ oops("attempt to add duplicate key", name);
+ this = this->next;
+ }
+ this->next = extra_keys++;
+ this = this->next;
+ }
+ this->name = strdup(name);
+ this->value = value;
+ this->shift = shift;
+ return this;
+}
--
2.35.1
^ permalink raw reply related [flat|nested] 217+ messages in thread
* [PATCH 5.15 021/206] speakup: replace utils u_char with unsigned char
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (19 preceding siblings ...)
2022-11-30 18:21 ` [PATCH 5.15 020/206] speakup: Generate speakupmap.h automatically Greg Kroah-Hartman
@ 2022-11-30 18:21 ` Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 5.15 022/206] iio: ms5611: Simplify IO callback parameters Greg Kroah-Hartman
` (193 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:21 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches,
Đoàn Trần Công Danh, Samuel Thibault,
stable, Sasha Levin
From: Đoàn Trần Công Danh <congdanhqx@gmail.com>
[ Upstream commit 92ca969ff8815f3feef2645199bd39bf594e5eeb ]
drivers/accessibility/speakup/utils.h will be used to compile host tool
to generate metadata.
"u_char" is a non-standard type, which is defined to "unsigned char"
on glibc but not defined by some libc, e.g. musl.
Let's replace "u_char" with "unsigned char"
Signed-off-by: Đoàn Trần Công Danh <congdanhqx@gmail.com>
Reviewed-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
Cc: stable <stable@kernel.org>
Link: https://lore.kernel.org/r/b75743026aaee2d81efe3d7f2e8fa47f7d0b8ea7.1665736571.git.congdanhqx@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/accessibility/speakup/utils.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/accessibility/speakup/utils.h b/drivers/accessibility/speakup/utils.h
index 4bf2ee8ac246..4ce9a12f7664 100644
--- a/drivers/accessibility/speakup/utils.h
+++ b/drivers/accessibility/speakup/utils.h
@@ -54,7 +54,7 @@ static inline int oops(const char *msg, const char *info)
static inline struct st_key *hash_name(char *name)
{
- u_char *pn = (u_char *)name;
+ unsigned char *pn = (unsigned char *)name;
int hash = 0;
while (*pn) {
--
2.35.1
^ permalink raw reply related [flat|nested] 217+ messages in thread
* [PATCH 5.15 022/206] iio: ms5611: Simplify IO callback parameters
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (20 preceding siblings ...)
2022-11-30 18:21 ` [PATCH 5.15 021/206] speakup: replace utils u_char with unsigned char Greg Kroah-Hartman
@ 2022-11-30 18:21 ` Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 5.15 023/206] iio: pressure: ms5611: fixed value compensation bug Greg Kroah-Hartman
` (192 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:21 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Lars-Peter Clausen,
Jonathan Cameron, Sasha Levin
From: Lars-Peter Clausen <lars@metafoo.de>
[ Upstream commit dc19fa63ad80a636fdbc1a02153d1ab140cb901f ]
The ms5611 passes &indio_dev->dev as a parameter to all its IO callbacks
only to directly cast the struct device back to struct iio_dev. And the
struct iio_dev is then only used to get the drivers state struct.
Simplify this a bit by passing the state struct directly. This makes it a
bit easier to follow what the code is doing.
Signed-off-by: Lars-Peter Clausen <lars@metafoo.de>
Link: https://lore.kernel.org/r/20211020142110.7060-1-lars@metafoo.de
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Stable-dep-of: 17f442e7e475 ("iio: pressure: ms5611: fixed value compensation bug")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/iio/pressure/ms5611.h | 6 +++---
drivers/iio/pressure/ms5611_core.c | 7 +++----
drivers/iio/pressure/ms5611_i2c.c | 11 ++++-------
drivers/iio/pressure/ms5611_spi.c | 17 +++++++----------
4 files changed, 17 insertions(+), 24 deletions(-)
diff --git a/drivers/iio/pressure/ms5611.h b/drivers/iio/pressure/ms5611.h
index bc06271fa38b..345f3902e3e3 100644
--- a/drivers/iio/pressure/ms5611.h
+++ b/drivers/iio/pressure/ms5611.h
@@ -50,9 +50,9 @@ struct ms5611_state {
const struct ms5611_osr *pressure_osr;
const struct ms5611_osr *temp_osr;
- int (*reset)(struct device *dev);
- int (*read_prom_word)(struct device *dev, int index, u16 *word);
- int (*read_adc_temp_and_pressure)(struct device *dev,
+ int (*reset)(struct ms5611_state *st);
+ int (*read_prom_word)(struct ms5611_state *st, int index, u16 *word);
+ int (*read_adc_temp_and_pressure)(struct ms5611_state *st,
s32 *temp, s32 *pressure);
struct ms5611_chip_info *chip_info;
diff --git a/drivers/iio/pressure/ms5611_core.c b/drivers/iio/pressure/ms5611_core.c
index 214b0d25f598..885ccb7914dc 100644
--- a/drivers/iio/pressure/ms5611_core.c
+++ b/drivers/iio/pressure/ms5611_core.c
@@ -85,8 +85,7 @@ static int ms5611_read_prom(struct iio_dev *indio_dev)
struct ms5611_state *st = iio_priv(indio_dev);
for (i = 0; i < MS5611_PROM_WORDS_NB; i++) {
- ret = st->read_prom_word(&indio_dev->dev,
- i, &st->chip_info->prom[i]);
+ ret = st->read_prom_word(st, i, &st->chip_info->prom[i]);
if (ret < 0) {
dev_err(&indio_dev->dev,
"failed to read prom at %d\n", i);
@@ -108,7 +107,7 @@ static int ms5611_read_temp_and_pressure(struct iio_dev *indio_dev,
int ret;
struct ms5611_state *st = iio_priv(indio_dev);
- ret = st->read_adc_temp_and_pressure(&indio_dev->dev, temp, pressure);
+ ret = st->read_adc_temp_and_pressure(st, temp, pressure);
if (ret < 0) {
dev_err(&indio_dev->dev,
"failed to read temperature and pressure\n");
@@ -196,7 +195,7 @@ static int ms5611_reset(struct iio_dev *indio_dev)
int ret;
struct ms5611_state *st = iio_priv(indio_dev);
- ret = st->reset(&indio_dev->dev);
+ ret = st->reset(st);
if (ret < 0) {
dev_err(&indio_dev->dev, "failed to reset device\n");
return ret;
diff --git a/drivers/iio/pressure/ms5611_i2c.c b/drivers/iio/pressure/ms5611_i2c.c
index 7c04f730430c..cccc40f7df0b 100644
--- a/drivers/iio/pressure/ms5611_i2c.c
+++ b/drivers/iio/pressure/ms5611_i2c.c
@@ -20,17 +20,15 @@
#include "ms5611.h"
-static int ms5611_i2c_reset(struct device *dev)
+static int ms5611_i2c_reset(struct ms5611_state *st)
{
- struct ms5611_state *st = iio_priv(dev_to_iio_dev(dev));
-
return i2c_smbus_write_byte(st->client, MS5611_RESET);
}
-static int ms5611_i2c_read_prom_word(struct device *dev, int index, u16 *word)
+static int ms5611_i2c_read_prom_word(struct ms5611_state *st, int index,
+ u16 *word)
{
int ret;
- struct ms5611_state *st = iio_priv(dev_to_iio_dev(dev));
ret = i2c_smbus_read_word_swapped(st->client,
MS5611_READ_PROM_WORD + (index << 1));
@@ -57,11 +55,10 @@ static int ms5611_i2c_read_adc(struct ms5611_state *st, s32 *val)
return 0;
}
-static int ms5611_i2c_read_adc_temp_and_pressure(struct device *dev,
+static int ms5611_i2c_read_adc_temp_and_pressure(struct ms5611_state *st,
s32 *temp, s32 *pressure)
{
int ret;
- struct ms5611_state *st = iio_priv(dev_to_iio_dev(dev));
const struct ms5611_osr *osr = st->temp_osr;
ret = i2c_smbus_write_byte(st->client, osr->cmd);
diff --git a/drivers/iio/pressure/ms5611_spi.c b/drivers/iio/pressure/ms5611_spi.c
index f7743ee3318f..3039fe8aa2a2 100644
--- a/drivers/iio/pressure/ms5611_spi.c
+++ b/drivers/iio/pressure/ms5611_spi.c
@@ -15,18 +15,17 @@
#include "ms5611.h"
-static int ms5611_spi_reset(struct device *dev)
+static int ms5611_spi_reset(struct ms5611_state *st)
{
u8 cmd = MS5611_RESET;
- struct ms5611_state *st = iio_priv(dev_to_iio_dev(dev));
return spi_write_then_read(st->client, &cmd, 1, NULL, 0);
}
-static int ms5611_spi_read_prom_word(struct device *dev, int index, u16 *word)
+static int ms5611_spi_read_prom_word(struct ms5611_state *st, int index,
+ u16 *word)
{
int ret;
- struct ms5611_state *st = iio_priv(dev_to_iio_dev(dev));
ret = spi_w8r16be(st->client, MS5611_READ_PROM_WORD + (index << 1));
if (ret < 0)
@@ -37,11 +36,10 @@ static int ms5611_spi_read_prom_word(struct device *dev, int index, u16 *word)
return 0;
}
-static int ms5611_spi_read_adc(struct device *dev, s32 *val)
+static int ms5611_spi_read_adc(struct ms5611_state *st, s32 *val)
{
int ret;
u8 buf[3] = { MS5611_READ_ADC };
- struct ms5611_state *st = iio_priv(dev_to_iio_dev(dev));
ret = spi_write_then_read(st->client, buf, 1, buf, 3);
if (ret < 0)
@@ -52,11 +50,10 @@ static int ms5611_spi_read_adc(struct device *dev, s32 *val)
return 0;
}
-static int ms5611_spi_read_adc_temp_and_pressure(struct device *dev,
+static int ms5611_spi_read_adc_temp_and_pressure(struct ms5611_state *st,
s32 *temp, s32 *pressure)
{
int ret;
- struct ms5611_state *st = iio_priv(dev_to_iio_dev(dev));
const struct ms5611_osr *osr = st->temp_osr;
/*
@@ -68,7 +65,7 @@ static int ms5611_spi_read_adc_temp_and_pressure(struct device *dev,
return ret;
usleep_range(osr->conv_usec, osr->conv_usec + (osr->conv_usec / 10UL));
- ret = ms5611_spi_read_adc(dev, temp);
+ ret = ms5611_spi_read_adc(st, temp);
if (ret < 0)
return ret;
@@ -78,7 +75,7 @@ static int ms5611_spi_read_adc_temp_and_pressure(struct device *dev,
return ret;
usleep_range(osr->conv_usec, osr->conv_usec + (osr->conv_usec / 10UL));
- return ms5611_spi_read_adc(dev, pressure);
+ return ms5611_spi_read_adc(st, pressure);
}
static int ms5611_spi_probe(struct spi_device *spi)
--
2.35.1
^ permalink raw reply related [flat|nested] 217+ messages in thread
* [PATCH 5.15 023/206] iio: pressure: ms5611: fixed value compensation bug
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (21 preceding siblings ...)
2022-11-30 18:21 ` [PATCH 5.15 022/206] iio: ms5611: Simplify IO callback parameters Greg Kroah-Hartman
@ 2022-11-30 18:21 ` Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 5.15 024/206] ceph: do not update snapshot context when there is no new snapshot Greg Kroah-Hartman
` (191 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:21 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Mitja Spes, Stable,
Jonathan Cameron, Sasha Levin
From: Mitja Spes <mitja@lxnav.com>
[ Upstream commit 17f442e7e47579d3881fc4d47354eaef09302e6f ]
When using multiple instances of this driver the compensation PROM was
overwritten by the last initialized sensor. Now each sensor has own PROM
storage.
Signed-off-by: Mitja Spes <mitja@lxnav.com>
Fixes: 9690d81a02dc ("iio: pressure: ms5611: add support for MS5607 temperature and pressure sensor")
Link: https://lore.kernel.org/r/20221021135827.1444793-2-mitja@lxnav.com
Cc: <Stable@vger.kernel.org>
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/iio/pressure/ms5611.h | 12 +++----
drivers/iio/pressure/ms5611_core.c | 51 ++++++++++++++++--------------
2 files changed, 31 insertions(+), 32 deletions(-)
diff --git a/drivers/iio/pressure/ms5611.h b/drivers/iio/pressure/ms5611.h
index 345f3902e3e3..5e2d2d4d87b5 100644
--- a/drivers/iio/pressure/ms5611.h
+++ b/drivers/iio/pressure/ms5611.h
@@ -25,13 +25,6 @@ enum {
MS5607,
};
-struct ms5611_chip_info {
- u16 prom[MS5611_PROM_WORDS_NB];
-
- int (*temp_and_pressure_compensate)(struct ms5611_chip_info *chip_info,
- s32 *temp, s32 *pressure);
-};
-
/*
* OverSampling Rate descriptor.
* Warning: cmd MUST be kept aligned on a word boundary (see
@@ -50,12 +43,15 @@ struct ms5611_state {
const struct ms5611_osr *pressure_osr;
const struct ms5611_osr *temp_osr;
+ u16 prom[MS5611_PROM_WORDS_NB];
+
int (*reset)(struct ms5611_state *st);
int (*read_prom_word)(struct ms5611_state *st, int index, u16 *word);
int (*read_adc_temp_and_pressure)(struct ms5611_state *st,
s32 *temp, s32 *pressure);
- struct ms5611_chip_info *chip_info;
+ int (*compensate_temp_and_pressure)(struct ms5611_state *st, s32 *temp,
+ s32 *pressure);
struct regulator *vdd;
};
diff --git a/drivers/iio/pressure/ms5611_core.c b/drivers/iio/pressure/ms5611_core.c
index 885ccb7914dc..874a73b3ea9d 100644
--- a/drivers/iio/pressure/ms5611_core.c
+++ b/drivers/iio/pressure/ms5611_core.c
@@ -85,7 +85,7 @@ static int ms5611_read_prom(struct iio_dev *indio_dev)
struct ms5611_state *st = iio_priv(indio_dev);
for (i = 0; i < MS5611_PROM_WORDS_NB; i++) {
- ret = st->read_prom_word(st, i, &st->chip_info->prom[i]);
+ ret = st->read_prom_word(st, i, &st->prom[i]);
if (ret < 0) {
dev_err(&indio_dev->dev,
"failed to read prom at %d\n", i);
@@ -93,7 +93,7 @@ static int ms5611_read_prom(struct iio_dev *indio_dev)
}
}
- if (!ms5611_prom_is_valid(st->chip_info->prom, MS5611_PROM_WORDS_NB)) {
+ if (!ms5611_prom_is_valid(st->prom, MS5611_PROM_WORDS_NB)) {
dev_err(&indio_dev->dev, "PROM integrity check failed\n");
return -ENODEV;
}
@@ -114,21 +114,20 @@ static int ms5611_read_temp_and_pressure(struct iio_dev *indio_dev,
return ret;
}
- return st->chip_info->temp_and_pressure_compensate(st->chip_info,
- temp, pressure);
+ return st->compensate_temp_and_pressure(st, temp, pressure);
}
-static int ms5611_temp_and_pressure_compensate(struct ms5611_chip_info *chip_info,
+static int ms5611_temp_and_pressure_compensate(struct ms5611_state *st,
s32 *temp, s32 *pressure)
{
s32 t = *temp, p = *pressure;
s64 off, sens, dt;
- dt = t - (chip_info->prom[5] << 8);
- off = ((s64)chip_info->prom[2] << 16) + ((chip_info->prom[4] * dt) >> 7);
- sens = ((s64)chip_info->prom[1] << 15) + ((chip_info->prom[3] * dt) >> 8);
+ dt = t - (st->prom[5] << 8);
+ off = ((s64)st->prom[2] << 16) + ((st->prom[4] * dt) >> 7);
+ sens = ((s64)st->prom[1] << 15) + ((st->prom[3] * dt) >> 8);
- t = 2000 + ((chip_info->prom[6] * dt) >> 23);
+ t = 2000 + ((st->prom[6] * dt) >> 23);
if (t < 2000) {
s64 off2, sens2, t2;
@@ -154,17 +153,17 @@ static int ms5611_temp_and_pressure_compensate(struct ms5611_chip_info *chip_inf
return 0;
}
-static int ms5607_temp_and_pressure_compensate(struct ms5611_chip_info *chip_info,
+static int ms5607_temp_and_pressure_compensate(struct ms5611_state *st,
s32 *temp, s32 *pressure)
{
s32 t = *temp, p = *pressure;
s64 off, sens, dt;
- dt = t - (chip_info->prom[5] << 8);
- off = ((s64)chip_info->prom[2] << 17) + ((chip_info->prom[4] * dt) >> 6);
- sens = ((s64)chip_info->prom[1] << 16) + ((chip_info->prom[3] * dt) >> 7);
+ dt = t - (st->prom[5] << 8);
+ off = ((s64)st->prom[2] << 17) + ((st->prom[4] * dt) >> 6);
+ sens = ((s64)st->prom[1] << 16) + ((st->prom[3] * dt) >> 7);
- t = 2000 + ((chip_info->prom[6] * dt) >> 23);
+ t = 2000 + ((st->prom[6] * dt) >> 23);
if (t < 2000) {
s64 off2, sens2, t2, tmp;
@@ -342,15 +341,6 @@ static int ms5611_write_raw(struct iio_dev *indio_dev,
static const unsigned long ms5611_scan_masks[] = {0x3, 0};
-static struct ms5611_chip_info chip_info_tbl[] = {
- [MS5611] = {
- .temp_and_pressure_compensate = ms5611_temp_and_pressure_compensate,
- },
- [MS5607] = {
- .temp_and_pressure_compensate = ms5607_temp_and_pressure_compensate,
- }
-};
-
static const struct iio_chan_spec ms5611_channels[] = {
{
.type = IIO_PRESSURE,
@@ -433,7 +423,20 @@ int ms5611_probe(struct iio_dev *indio_dev, struct device *dev,
struct ms5611_state *st = iio_priv(indio_dev);
mutex_init(&st->lock);
- st->chip_info = &chip_info_tbl[type];
+
+ switch (type) {
+ case MS5611:
+ st->compensate_temp_and_pressure =
+ ms5611_temp_and_pressure_compensate;
+ break;
+ case MS5607:
+ st->compensate_temp_and_pressure =
+ ms5607_temp_and_pressure_compensate;
+ break;
+ default:
+ return -EINVAL;
+ }
+
st->temp_osr =
&ms5611_avail_temp_osr[ARRAY_SIZE(ms5611_avail_temp_osr) - 1];
st->pressure_osr =
--
2.35.1
^ permalink raw reply related [flat|nested] 217+ messages in thread
* [PATCH 5.15 024/206] ceph: do not update snapshot context when there is no new snapshot
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (22 preceding siblings ...)
2022-11-30 18:21 ` [PATCH 5.15 023/206] iio: pressure: ms5611: fixed value compensation bug Greg Kroah-Hartman
@ 2022-11-30 18:21 ` Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 5.15 025/206] ceph: avoid putting the realm twice when decoding snaps fails Greg Kroah-Hartman
` (190 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:21 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Xiubo Li, Jeff Layton, Ilya Dryomov,
Sasha Levin
From: Xiubo Li <xiubli@redhat.com>
[ Upstream commit 2e586641c950e7f3e7e008404bd783a466b9b590 ]
We will only track the uppest parent snapshot realm from which we
need to rebuild the snapshot contexts _downward_ in hierarchy. For
all the others having no new snapshot we will do nothing.
This fix will avoid calling ceph_queue_cap_snap() on some inodes
inappropriately. For example, with the code in mainline, suppose there
are 2 directory hierarchies (with 6 directories total), like this:
/dir_X1/dir_X2/dir_X3/
/dir_Y1/dir_Y2/dir_Y3/
Firstly, make a snapshot under /dir_X1/dir_X2/.snap/snap_X2, then make a
root snapshot under /.snap/root_snap. Every time we make snapshots under
/dir_Y1/..., the kclient will always try to rebuild the snap context for
snap_X2 realm and finally will always try to queue cap snaps for dir_Y2
and dir_Y3, which makes no sense.
That's because the snap_X2's seq is 2 and root_snap's seq is 3. So when
creating a new snapshot under /dir_Y1/... the new seq will be 4, and
the mds will send the kclient a snapshot backtrace in _downward_
order: seqs 4, 3.
When ceph_update_snap_trace() is called, it will always rebuild the from
the last realm, that's the root_snap. So later when rebuilding the snap
context, the current logic will always cause it to rebuild the snap_X2
realm and then try to queue cap snaps for all the inodes related in that
realm, even though it's not necessary.
This is accompanied by a lot of these sorts of dout messages:
"ceph: queue_cap_snap 00000000a42b796b nothing dirty|writing"
Fix the logic to avoid this situation.
Also, the 'invalidate' word is not precise here. In actuality, it will
cause a rebuild of the existing snapshot contexts or just build
non-existent ones. Rename it to 'rebuild_snapcs'.
URL: https://tracker.ceph.com/issues/44100
Signed-off-by: Xiubo Li <xiubli@redhat.com>
Reviewed-by: Jeff Layton <jlayton@kernel.org>
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
Stable-dep-of: 51884d153f7e ("ceph: avoid putting the realm twice when decoding snaps fails")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/ceph/snap.c | 28 +++++++++++++++++++---------
1 file changed, 19 insertions(+), 9 deletions(-)
diff --git a/fs/ceph/snap.c b/fs/ceph/snap.c
index b41e6724c591..ae9cf37374e3 100644
--- a/fs/ceph/snap.c
+++ b/fs/ceph/snap.c
@@ -707,7 +707,8 @@ int ceph_update_snap_trace(struct ceph_mds_client *mdsc,
__le64 *prior_parent_snaps; /* encoded */
struct ceph_snap_realm *realm = NULL;
struct ceph_snap_realm *first_realm = NULL;
- int invalidate = 0;
+ struct ceph_snap_realm *realm_to_rebuild = NULL;
+ int rebuild_snapcs;
int err = -ENOMEM;
LIST_HEAD(dirty_realms);
@@ -715,6 +716,7 @@ int ceph_update_snap_trace(struct ceph_mds_client *mdsc,
dout("update_snap_trace deletion=%d\n", deletion);
more:
+ rebuild_snapcs = 0;
ceph_decode_need(&p, e, sizeof(*ri), bad);
ri = p;
p += sizeof(*ri);
@@ -738,7 +740,7 @@ int ceph_update_snap_trace(struct ceph_mds_client *mdsc,
err = adjust_snap_realm_parent(mdsc, realm, le64_to_cpu(ri->parent));
if (err < 0)
goto fail;
- invalidate += err;
+ rebuild_snapcs += err;
if (le64_to_cpu(ri->seq) > realm->seq) {
dout("update_snap_trace updating %llx %p %lld -> %lld\n",
@@ -763,22 +765,30 @@ int ceph_update_snap_trace(struct ceph_mds_client *mdsc,
if (realm->seq > mdsc->last_snap_seq)
mdsc->last_snap_seq = realm->seq;
- invalidate = 1;
+ rebuild_snapcs = 1;
} else if (!realm->cached_context) {
dout("update_snap_trace %llx %p seq %lld new\n",
realm->ino, realm, realm->seq);
- invalidate = 1;
+ rebuild_snapcs = 1;
} else {
dout("update_snap_trace %llx %p seq %lld unchanged\n",
realm->ino, realm, realm->seq);
}
- dout("done with %llx %p, invalidated=%d, %p %p\n", realm->ino,
- realm, invalidate, p, e);
+ dout("done with %llx %p, rebuild_snapcs=%d, %p %p\n", realm->ino,
+ realm, rebuild_snapcs, p, e);
- /* invalidate when we reach the _end_ (root) of the trace */
- if (invalidate && p >= e)
- rebuild_snap_realms(realm, &dirty_realms);
+ /*
+ * this will always track the uppest parent realm from which
+ * we need to rebuild the snapshot contexts _downward_ in
+ * hierarchy.
+ */
+ if (rebuild_snapcs)
+ realm_to_rebuild = realm;
+
+ /* rebuild_snapcs when we reach the _end_ (root) of the trace */
+ if (realm_to_rebuild && p >= e)
+ rebuild_snap_realms(realm_to_rebuild, &dirty_realms);
if (!first_realm)
first_realm = realm;
--
2.35.1
^ permalink raw reply related [flat|nested] 217+ messages in thread
* [PATCH 5.15 025/206] ceph: avoid putting the realm twice when decoding snaps fails
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (23 preceding siblings ...)
2022-11-30 18:21 ` [PATCH 5.15 024/206] ceph: do not update snapshot context when there is no new snapshot Greg Kroah-Hartman
@ 2022-11-30 18:21 ` Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 5.15 026/206] x86/sgx: Create utility to validate user provided offset and length Greg Kroah-Hartman
` (189 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:21 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Xiubo Li, Ilya Dryomov, Sasha Levin
From: Xiubo Li <xiubli@redhat.com>
[ Upstream commit 51884d153f7ec85e18d607b2467820a90e0f4359 ]
When decoding the snaps fails it maybe leaving the 'first_realm'
and 'realm' pointing to the same snaprealm memory. And then it'll
put it twice and could cause random use-after-free, BUG_ON, etc
issues.
Cc: stable@vger.kernel.org
Link: https://tracker.ceph.com/issues/57686
Signed-off-by: Xiubo Li <xiubli@redhat.com>
Reviewed-by: Ilya Dryomov <idryomov@gmail.com>
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/ceph/snap.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/fs/ceph/snap.c b/fs/ceph/snap.c
index ae9cf37374e3..b512c82f9ccd 100644
--- a/fs/ceph/snap.c
+++ b/fs/ceph/snap.c
@@ -705,7 +705,7 @@ int ceph_update_snap_trace(struct ceph_mds_client *mdsc,
struct ceph_mds_snap_realm *ri; /* encoded */
__le64 *snaps; /* encoded */
__le64 *prior_parent_snaps; /* encoded */
- struct ceph_snap_realm *realm = NULL;
+ struct ceph_snap_realm *realm;
struct ceph_snap_realm *first_realm = NULL;
struct ceph_snap_realm *realm_to_rebuild = NULL;
int rebuild_snapcs;
@@ -716,6 +716,7 @@ int ceph_update_snap_trace(struct ceph_mds_client *mdsc,
dout("update_snap_trace deletion=%d\n", deletion);
more:
+ realm = NULL;
rebuild_snapcs = 0;
ceph_decode_need(&p, e, sizeof(*ri), bad);
ri = p;
--
2.35.1
^ permalink raw reply related [flat|nested] 217+ messages in thread
* [PATCH 5.15 026/206] x86/sgx: Create utility to validate user provided offset and length
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (24 preceding siblings ...)
2022-11-30 18:21 ` [PATCH 5.15 025/206] ceph: avoid putting the realm twice when decoding snaps fails Greg Kroah-Hartman
@ 2022-11-30 18:21 ` Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 5.15 027/206] x86/sgx: Add overflow check in sgx_validate_offset_length() Greg Kroah-Hartman
` (188 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:21 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Reinette Chatre, Dave Hansen,
Jarkko Sakkinen, Sasha Levin
From: Reinette Chatre <reinette.chatre@intel.com>
[ Upstream commit dda03e2c331b9fc7bbc8fc0de12a6d92d8c18661 ]
User provided offset and length is validated when parsing the parameters
of the SGX_IOC_ENCLAVE_ADD_PAGES ioctl(). Extract this validation
(with consistent use of IS_ALIGNED) into a utility that can be used
by the SGX2 ioctl()s that will also provide these values.
Signed-off-by: Reinette Chatre <reinette.chatre@intel.com>
Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com>
Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
Link: https://lkml.kernel.org/r/767147bc100047abed47fe27c592901adfbb93a2.1652137848.git.reinette.chatre@intel.com
Stable-dep-of: f0861f49bd94 ("x86/sgx: Add overflow check in sgx_validate_offset_length()")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/x86/kernel/cpu/sgx/ioctl.c | 28 ++++++++++++++++++++++------
1 file changed, 22 insertions(+), 6 deletions(-)
diff --git a/arch/x86/kernel/cpu/sgx/ioctl.c b/arch/x86/kernel/cpu/sgx/ioctl.c
index 83df20e3e633..a66795e0b685 100644
--- a/arch/x86/kernel/cpu/sgx/ioctl.c
+++ b/arch/x86/kernel/cpu/sgx/ioctl.c
@@ -372,6 +372,26 @@ static int sgx_encl_add_page(struct sgx_encl *encl, unsigned long src,
return ret;
}
+/*
+ * Ensure user provided offset and length values are valid for
+ * an enclave.
+ */
+static int sgx_validate_offset_length(struct sgx_encl *encl,
+ unsigned long offset,
+ unsigned long length)
+{
+ if (!IS_ALIGNED(offset, PAGE_SIZE))
+ return -EINVAL;
+
+ if (!length || !IS_ALIGNED(length, PAGE_SIZE))
+ return -EINVAL;
+
+ if (offset + length - PAGE_SIZE >= encl->size)
+ return -EINVAL;
+
+ return 0;
+}
+
/**
* sgx_ioc_enclave_add_pages() - The handler for %SGX_IOC_ENCLAVE_ADD_PAGES
* @encl: an enclave pointer
@@ -425,14 +445,10 @@ static long sgx_ioc_enclave_add_pages(struct sgx_encl *encl, void __user *arg)
if (copy_from_user(&add_arg, arg, sizeof(add_arg)))
return -EFAULT;
- if (!IS_ALIGNED(add_arg.offset, PAGE_SIZE) ||
- !IS_ALIGNED(add_arg.src, PAGE_SIZE))
- return -EINVAL;
-
- if (!add_arg.length || add_arg.length & (PAGE_SIZE - 1))
+ if (!IS_ALIGNED(add_arg.src, PAGE_SIZE))
return -EINVAL;
- if (add_arg.offset + add_arg.length - PAGE_SIZE >= encl->size)
+ if (sgx_validate_offset_length(encl, add_arg.offset, add_arg.length))
return -EINVAL;
if (copy_from_user(&secinfo, (void __user *)add_arg.secinfo,
--
2.35.1
^ permalink raw reply related [flat|nested] 217+ messages in thread
* [PATCH 5.15 027/206] x86/sgx: Add overflow check in sgx_validate_offset_length()
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (25 preceding siblings ...)
2022-11-30 18:21 ` [PATCH 5.15 026/206] x86/sgx: Create utility to validate user provided offset and length Greg Kroah-Hartman
@ 2022-11-30 18:21 ` Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 5.15 028/206] binder: validate alloc->mm in ->mmap() handler Greg Kroah-Hartman
` (187 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:21 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Borys Popławski,
Borislav Petkov, Jarkko Sakkinen, Sasha Levin
From: Borys Popławski <borysp@invisiblethingslab.com>
[ Upstream commit f0861f49bd946ff94fce4f82509c45e167f63690 ]
sgx_validate_offset_length() function verifies "offset" and "length"
arguments provided by userspace, but was missing an overflow check on
their addition. Add it.
Fixes: c6d26d370767 ("x86/sgx: Add SGX_IOC_ENCLAVE_ADD_PAGES")
Signed-off-by: Borys Popławski <borysp@invisiblethingslab.com>
Signed-off-by: Borislav Petkov <bp@suse.de>
Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
Cc: stable@vger.kernel.org # v5.11+
Link: https://lore.kernel.org/r/0d91ac79-6d84-abed-5821-4dbe59fa1a38@invisiblethingslab.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/x86/kernel/cpu/sgx/ioctl.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/arch/x86/kernel/cpu/sgx/ioctl.c b/arch/x86/kernel/cpu/sgx/ioctl.c
index a66795e0b685..217777c029ee 100644
--- a/arch/x86/kernel/cpu/sgx/ioctl.c
+++ b/arch/x86/kernel/cpu/sgx/ioctl.c
@@ -386,6 +386,9 @@ static int sgx_validate_offset_length(struct sgx_encl *encl,
if (!length || !IS_ALIGNED(length, PAGE_SIZE))
return -EINVAL;
+ if (offset + length < offset)
+ return -EINVAL;
+
if (offset + length - PAGE_SIZE >= encl->size)
return -EINVAL;
--
2.35.1
^ permalink raw reply related [flat|nested] 217+ messages in thread
* [PATCH 5.15 028/206] binder: validate alloc->mm in ->mmap() handler
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (26 preceding siblings ...)
2022-11-30 18:21 ` [PATCH 5.15 027/206] x86/sgx: Add overflow check in sgx_validate_offset_length() Greg Kroah-Hartman
@ 2022-11-30 18:21 ` Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 5.15 029/206] ceph: Use kcalloc for allocating multiple elements Greg Kroah-Hartman
` (186 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:21 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Jann Horn, Carlos Llamas, Todd Kjos,
Sasha Levin
From: Carlos Llamas <cmllamas@google.com>
[ Upstream commit 3ce00bb7e91cf57d723905371507af57182c37ef ]
Since commit 1da52815d5f1 ("binder: fix alloc->vma_vm_mm null-ptr
dereference") binder caches a pointer to the current->mm during open().
This fixes a null-ptr dereference reported by syzkaller. Unfortunately,
it also opens the door for a process to update its mm after the open(),
(e.g. via execve) making the cached alloc->mm pointer invalid.
Things get worse when the process continues to mmap() a vma. From this
point forward, binder will attempt to find this vma using an obsolete
alloc->mm reference. Such as in binder_update_page_range(), where the
wrong vma is obtained via vma_lookup(), yet binder proceeds to happily
insert new pages into it.
To avoid this issue fail the ->mmap() callback if we detect a mismatch
between the vma->vm_mm and the original alloc->mm pointer. This prevents
alloc->vm_addr from getting set, so that any subsequent vma_lookup()
calls fail as expected.
Fixes: 1da52815d5f1 ("binder: fix alloc->vma_vm_mm null-ptr dereference")
Reported-by: Jann Horn <jannh@google.com>
Cc: <stable@vger.kernel.org> # 5.15+
Signed-off-by: Carlos Llamas <cmllamas@google.com>
Acked-by: Todd Kjos <tkjos@google.com>
Link: https://lore.kernel.org/r/20221104231235.348958-1-cmllamas@google.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/android/binder_alloc.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/drivers/android/binder_alloc.c b/drivers/android/binder_alloc.c
index 8ed450125c92..6acfb896b2e5 100644
--- a/drivers/android/binder_alloc.c
+++ b/drivers/android/binder_alloc.c
@@ -753,6 +753,12 @@ int binder_alloc_mmap_handler(struct binder_alloc *alloc,
const char *failure_string;
struct binder_buffer *buffer;
+ if (unlikely(vma->vm_mm != alloc->vma_vm_mm)) {
+ ret = -EINVAL;
+ failure_string = "invalid vma->vm_mm";
+ goto err_invalid_mm;
+ }
+
mutex_lock(&binder_alloc_mmap_lock);
if (alloc->buffer_size) {
ret = -EBUSY;
@@ -799,6 +805,7 @@ int binder_alloc_mmap_handler(struct binder_alloc *alloc,
alloc->buffer_size = 0;
err_already_mapped:
mutex_unlock(&binder_alloc_mmap_lock);
+err_invalid_mm:
binder_alloc_debug(BINDER_DEBUG_USER_ERROR,
"%s: %d %lx-%lx %s failed %d\n", __func__,
alloc->pid, vma->vm_start, vma->vm_end,
--
2.35.1
^ permalink raw reply related [flat|nested] 217+ messages in thread
* [PATCH 5.15 029/206] ceph: Use kcalloc for allocating multiple elements
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (27 preceding siblings ...)
2022-11-30 18:21 ` [PATCH 5.15 028/206] binder: validate alloc->mm in ->mmap() handler Greg Kroah-Hartman
@ 2022-11-30 18:21 ` Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 5.15 030/206] ceph: fix NULL pointer dereference for req->r_session Greg Kroah-Hartman
` (185 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:21 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Kenneth Lee, Xiubo Li, Ilya Dryomov,
Sasha Levin
From: Kenneth Lee <klee33@uw.edu>
[ Upstream commit aa1d627207cace003163dee24d1c06fa4e910c6b ]
Prefer using kcalloc(a, b) over kzalloc(a * b) as this improves
semantics since kcalloc is intended for allocating an array of memory.
Signed-off-by: Kenneth Lee <klee33@uw.edu>
Reviewed-by: Xiubo Li <xiubli@redhat.com>
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
Stable-dep-of: 5bd76b8de5b7 ("ceph: fix NULL pointer dereference for req->r_session")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/ceph/caps.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/ceph/caps.c b/fs/ceph/caps.c
index 883bb91ee257..a6e2aaff17dd 100644
--- a/fs/ceph/caps.c
+++ b/fs/ceph/caps.c
@@ -2255,7 +2255,7 @@ static int unsafe_request_wait(struct inode *inode)
struct ceph_mds_request *req;
int i;
- sessions = kzalloc(max_sessions * sizeof(s), GFP_KERNEL);
+ sessions = kcalloc(max_sessions, sizeof(s), GFP_KERNEL);
if (!sessions) {
err = -ENOMEM;
goto out;
--
2.35.1
^ permalink raw reply related [flat|nested] 217+ messages in thread
* [PATCH 5.15 030/206] ceph: fix NULL pointer dereference for req->r_session
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (28 preceding siblings ...)
2022-11-30 18:21 ` [PATCH 5.15 029/206] ceph: Use kcalloc for allocating multiple elements Greg Kroah-Hartman
@ 2022-11-30 18:21 ` Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 5.15 031/206] wifi: mac80211: fix memory free error when registering wiphy fail Greg Kroah-Hartman
` (184 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:21 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Xiubo Li, Ilya Dryomov, Sasha Levin
From: Xiubo Li <xiubli@redhat.com>
[ Upstream commit 5bd76b8de5b74fa941a6eafee87728a0fe072267 ]
The request's r_session maybe changed when it was forwarded or
resent. Both the forwarding and resending cases the requests will
be protected by the mdsc->mutex.
Cc: stable@vger.kernel.org
Link: https://bugzilla.redhat.com/show_bug.cgi?id=2137955
Signed-off-by: Xiubo Li <xiubli@redhat.com>
Reviewed-by: Ilya Dryomov <idryomov@gmail.com>
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/ceph/caps.c | 48 ++++++++++++------------------------------------
1 file changed, 12 insertions(+), 36 deletions(-)
diff --git a/fs/ceph/caps.c b/fs/ceph/caps.c
index a6e2aaff17dd..be96fe615bec 100644
--- a/fs/ceph/caps.c
+++ b/fs/ceph/caps.c
@@ -2217,7 +2217,6 @@ static int unsafe_request_wait(struct inode *inode)
struct ceph_mds_client *mdsc = ceph_sb_to_client(inode->i_sb)->mdsc;
struct ceph_inode_info *ci = ceph_inode(inode);
struct ceph_mds_request *req1 = NULL, *req2 = NULL;
- unsigned int max_sessions;
int ret, err = 0;
spin_lock(&ci->i_unsafe_lock);
@@ -2235,28 +2234,24 @@ static int unsafe_request_wait(struct inode *inode)
}
spin_unlock(&ci->i_unsafe_lock);
- /*
- * The mdsc->max_sessions is unlikely to be changed
- * mostly, here we will retry it by reallocating the
- * sessions array memory to get rid of the mdsc->mutex
- * lock.
- */
-retry:
- max_sessions = mdsc->max_sessions;
-
/*
* Trigger to flush the journal logs in all the relevant MDSes
* manually, or in the worst case we must wait at most 5 seconds
* to wait the journal logs to be flushed by the MDSes periodically.
*/
- if ((req1 || req2) && likely(max_sessions)) {
- struct ceph_mds_session **sessions = NULL;
- struct ceph_mds_session *s;
+ if (req1 || req2) {
struct ceph_mds_request *req;
+ struct ceph_mds_session **sessions;
+ struct ceph_mds_session *s;
+ unsigned int max_sessions;
int i;
+ mutex_lock(&mdsc->mutex);
+ max_sessions = mdsc->max_sessions;
+
sessions = kcalloc(max_sessions, sizeof(s), GFP_KERNEL);
if (!sessions) {
+ mutex_unlock(&mdsc->mutex);
err = -ENOMEM;
goto out;
}
@@ -2268,16 +2263,6 @@ static int unsafe_request_wait(struct inode *inode)
s = req->r_session;
if (!s)
continue;
- if (unlikely(s->s_mds >= max_sessions)) {
- spin_unlock(&ci->i_unsafe_lock);
- for (i = 0; i < max_sessions; i++) {
- s = sessions[i];
- if (s)
- ceph_put_mds_session(s);
- }
- kfree(sessions);
- goto retry;
- }
if (!sessions[s->s_mds]) {
s = ceph_get_mds_session(s);
sessions[s->s_mds] = s;
@@ -2290,16 +2275,6 @@ static int unsafe_request_wait(struct inode *inode)
s = req->r_session;
if (!s)
continue;
- if (unlikely(s->s_mds >= max_sessions)) {
- spin_unlock(&ci->i_unsafe_lock);
- for (i = 0; i < max_sessions; i++) {
- s = sessions[i];
- if (s)
- ceph_put_mds_session(s);
- }
- kfree(sessions);
- goto retry;
- }
if (!sessions[s->s_mds]) {
s = ceph_get_mds_session(s);
sessions[s->s_mds] = s;
@@ -2311,11 +2286,12 @@ static int unsafe_request_wait(struct inode *inode)
/* the auth MDS */
spin_lock(&ci->i_ceph_lock);
if (ci->i_auth_cap) {
- s = ci->i_auth_cap->session;
- if (!sessions[s->s_mds])
- sessions[s->s_mds] = ceph_get_mds_session(s);
+ s = ci->i_auth_cap->session;
+ if (!sessions[s->s_mds])
+ sessions[s->s_mds] = ceph_get_mds_session(s);
}
spin_unlock(&ci->i_ceph_lock);
+ mutex_unlock(&mdsc->mutex);
/* send flush mdlog request to MDSes */
for (i = 0; i < max_sessions; i++) {
--
2.35.1
^ permalink raw reply related [flat|nested] 217+ messages in thread
* [PATCH 5.15 031/206] wifi: mac80211: fix memory free error when registering wiphy fail
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (29 preceding siblings ...)
2022-11-30 18:21 ` [PATCH 5.15 030/206] ceph: fix NULL pointer dereference for req->r_session Greg Kroah-Hartman
@ 2022-11-30 18:21 ` Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 5.15 032/206] wifi: mac80211_hwsim: fix debugfs attribute ps with rc table support Greg Kroah-Hartman
` (183 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:21 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, taozhang, Johannes Berg, Sasha Levin
From: taozhang <taozhang@bestechnic.com>
[ Upstream commit 50b2e8711462409cd368c41067405aa446dfa2af ]
ieee80211_register_hw free the allocated cipher suites when
registering wiphy fail, and ieee80211_free_hw will re-free it.
set wiphy_ciphers_allocated to false after freeing allocated
cipher suites.
Signed-off-by: taozhang <taozhang@bestechnic.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/mac80211/main.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/net/mac80211/main.c b/net/mac80211/main.c
index 5311c3cd3050..9617ff8e2714 100644
--- a/net/mac80211/main.c
+++ b/net/mac80211/main.c
@@ -1357,8 +1357,10 @@ int ieee80211_register_hw(struct ieee80211_hw *hw)
ieee80211_led_exit(local);
destroy_workqueue(local->workqueue);
fail_workqueue:
- if (local->wiphy_ciphers_allocated)
+ if (local->wiphy_ciphers_allocated) {
kfree(local->hw.wiphy->cipher_suites);
+ local->wiphy_ciphers_allocated = false;
+ }
kfree(local->int_scan_req);
return result;
}
@@ -1426,8 +1428,10 @@ void ieee80211_free_hw(struct ieee80211_hw *hw)
mutex_destroy(&local->iflist_mtx);
mutex_destroy(&local->mtx);
- if (local->wiphy_ciphers_allocated)
+ if (local->wiphy_ciphers_allocated) {
kfree(local->hw.wiphy->cipher_suites);
+ local->wiphy_ciphers_allocated = false;
+ }
idr_for_each(&local->ack_status_frames,
ieee80211_free_ack_frame, NULL);
--
2.35.1
^ permalink raw reply related [flat|nested] 217+ messages in thread
* [PATCH 5.15 032/206] wifi: mac80211_hwsim: fix debugfs attribute ps with rc table support
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (30 preceding siblings ...)
2022-11-30 18:21 ` [PATCH 5.15 031/206] wifi: mac80211: fix memory free error when registering wiphy fail Greg Kroah-Hartman
@ 2022-11-30 18:21 ` Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 5.15 033/206] riscv: dts: sifive unleashed: Add PWM controlled LEDs Greg Kroah-Hartman
` (182 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:21 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Jonas Jelonek, Johannes Berg, Sasha Levin
From: Jonas Jelonek <jelonek.jonas@gmail.com>
[ Upstream commit 69188df5f6e4cecc6b76b958979ba363cd5240e8 ]
Fixes a warning that occurs when rc table support is enabled
(IEEE80211_HW_SUPPORTS_RC_TABLE) in mac80211_hwsim and the PS mode
is changed via the exported debugfs attribute.
When the PS mode is changed, a packet is broadcasted via
hwsim_send_nullfunc by creating and transmitting a plain skb with only
header initialized. The ieee80211 rate array in the control buffer is
zero-initialized. When ratetbl support is enabled, ieee80211_get_tx_rates
is called for the skb with sta parameter set to NULL and thus no
ratetbl can be used. The final rate array then looks like
[-1,0; 0,0; 0,0; 0,0] which causes the warning in ieee80211_get_tx_rate.
The issue is fixed by setting the count of the first rate with idx '0'
to 1 and hence ieee80211_get_tx_rates won't overwrite it with idx '-1'.
Signed-off-by: Jonas Jelonek <jelonek.jonas@gmail.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/mac80211_hwsim.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/drivers/net/wireless/mac80211_hwsim.c b/drivers/net/wireless/mac80211_hwsim.c
index b228567b2a73..c3c3b5aa87b0 100644
--- a/drivers/net/wireless/mac80211_hwsim.c
+++ b/drivers/net/wireless/mac80211_hwsim.c
@@ -845,6 +845,7 @@ static void hwsim_send_nullfunc(struct mac80211_hwsim_data *data, u8 *mac,
struct hwsim_vif_priv *vp = (void *)vif->drv_priv;
struct sk_buff *skb;
struct ieee80211_hdr *hdr;
+ struct ieee80211_tx_info *cb;
if (!vp->assoc)
return;
@@ -866,6 +867,10 @@ static void hwsim_send_nullfunc(struct mac80211_hwsim_data *data, u8 *mac,
memcpy(hdr->addr2, mac, ETH_ALEN);
memcpy(hdr->addr3, vp->bssid, ETH_ALEN);
+ cb = IEEE80211_SKB_CB(skb);
+ cb->control.rates[0].count = 1;
+ cb->control.rates[1].idx = -1;
+
rcu_read_lock();
mac80211_hwsim_tx_frame(data->hw, skb,
rcu_dereference(vif->chanctx_conf)->def.chan);
--
2.35.1
^ permalink raw reply related [flat|nested] 217+ messages in thread
* [PATCH 5.15 033/206] riscv: dts: sifive unleashed: Add PWM controlled LEDs
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (31 preceding siblings ...)
2022-11-30 18:21 ` [PATCH 5.15 032/206] wifi: mac80211_hwsim: fix debugfs attribute ps with rc table support Greg Kroah-Hartman
@ 2022-11-30 18:21 ` Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 5.15 034/206] audit: fix undefined behavior in bit shift for AUDIT_BIT Greg Kroah-Hartman
` (181 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:21 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Emil Renner Berthing, Conor Dooley,
Palmer Dabbelt, Sasha Levin
From: Emil Renner Berthing <emil.renner.berthing@canonical.com>
[ Upstream commit 8bc8824d30193eb7755043d5bb65fa7f0d11a595 ]
This adds the 4 PWM controlled green LEDs to the HiFive Unleashed device
tree. The schematic doesn't specify any special function for the LEDs,
so they're added here without any default triggers and named d1, d2, d3
and d4 just like in the schematic.
Signed-off-by: Emil Renner Berthing <emil.renner.berthing@canonical.com>
Reviewed-by: Conor Dooley <conor.dooley@microchip.com>
Tested-by: Conor Dooley <conor.dooley@microchip.com>
Link: https://lore.kernel.org/r/20221012110928.352910-1-emil.renner.berthing@canonical.com
Signed-off-by: Palmer Dabbelt <palmer@rivosinc.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
.../boot/dts/sifive/hifive-unleashed-a00.dts | 38 +++++++++++++++++++
1 file changed, 38 insertions(+)
diff --git a/arch/riscv/boot/dts/sifive/hifive-unleashed-a00.dts b/arch/riscv/boot/dts/sifive/hifive-unleashed-a00.dts
index 22f971e97161..2f4d677c9c4f 100644
--- a/arch/riscv/boot/dts/sifive/hifive-unleashed-a00.dts
+++ b/arch/riscv/boot/dts/sifive/hifive-unleashed-a00.dts
@@ -3,6 +3,8 @@
#include "fu540-c000.dtsi"
#include <dt-bindings/gpio/gpio.h>
+#include <dt-bindings/leds/common.h>
+#include <dt-bindings/pwm/pwm.h>
/* Clock frequency (in Hz) of the PCB crystal for rtcclk */
#define RTCCLK_FREQ 1000000
@@ -46,6 +48,42 @@ gpio-restart {
compatible = "gpio-restart";
gpios = <&gpio 10 GPIO_ACTIVE_LOW>;
};
+
+ led-controller {
+ compatible = "pwm-leds";
+
+ led-d1 {
+ pwms = <&pwm0 0 7812500 PWM_POLARITY_INVERTED>;
+ active-low;
+ color = <LED_COLOR_ID_GREEN>;
+ max-brightness = <255>;
+ label = "d1";
+ };
+
+ led-d2 {
+ pwms = <&pwm0 1 7812500 PWM_POLARITY_INVERTED>;
+ active-low;
+ color = <LED_COLOR_ID_GREEN>;
+ max-brightness = <255>;
+ label = "d2";
+ };
+
+ led-d3 {
+ pwms = <&pwm0 2 7812500 PWM_POLARITY_INVERTED>;
+ active-low;
+ color = <LED_COLOR_ID_GREEN>;
+ max-brightness = <255>;
+ label = "d3";
+ };
+
+ led-d4 {
+ pwms = <&pwm0 3 7812500 PWM_POLARITY_INVERTED>;
+ active-low;
+ color = <LED_COLOR_ID_GREEN>;
+ max-brightness = <255>;
+ label = "d4";
+ };
+ };
};
&uart0 {
--
2.35.1
^ permalink raw reply related [flat|nested] 217+ messages in thread
* [PATCH 5.15 034/206] audit: fix undefined behavior in bit shift for AUDIT_BIT
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (32 preceding siblings ...)
2022-11-30 18:21 ` [PATCH 5.15 033/206] riscv: dts: sifive unleashed: Add PWM controlled LEDs Greg Kroah-Hartman
@ 2022-11-30 18:21 ` Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 5.15 035/206] wifi: airo: do not assign -1 to unsigned char Greg Kroah-Hartman
` (180 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:21 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Gaosheng Cui, Paul Moore, Sasha Levin
From: Gaosheng Cui <cuigaosheng1@huawei.com>
[ Upstream commit 986d93f55bdeab1cac858d1e47b41fac10b2d7f6 ]
Shifting signed 32-bit value by 31 bits is undefined, so changing
significant bit to unsigned. The UBSAN warning calltrace like below:
UBSAN: shift-out-of-bounds in kernel/auditfilter.c:179:23
left shift of 1 by 31 places cannot be represented in type 'int'
Call Trace:
<TASK>
dump_stack_lvl+0x7d/0xa5
dump_stack+0x15/0x1b
ubsan_epilogue+0xe/0x4e
__ubsan_handle_shift_out_of_bounds+0x1e7/0x20c
audit_register_class+0x9d/0x137
audit_classes_init+0x4d/0xb8
do_one_initcall+0x76/0x430
kernel_init_freeable+0x3b3/0x422
kernel_init+0x24/0x1e0
ret_from_fork+0x1f/0x30
</TASK>
Signed-off-by: Gaosheng Cui <cuigaosheng1@huawei.com>
[PM: remove bad 'Fixes' tag as issue predates git, added in v2.6.6-rc1]
Signed-off-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/uapi/linux/audit.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/include/uapi/linux/audit.h b/include/uapi/linux/audit.h
index daa481729e9b..27799acd0e5e 100644
--- a/include/uapi/linux/audit.h
+++ b/include/uapi/linux/audit.h
@@ -182,7 +182,7 @@
#define AUDIT_MAX_KEY_LEN 256
#define AUDIT_BITMASK_SIZE 64
#define AUDIT_WORD(nr) ((__u32)((nr)/32))
-#define AUDIT_BIT(nr) (1 << ((nr) - AUDIT_WORD(nr)*32))
+#define AUDIT_BIT(nr) (1U << ((nr) - AUDIT_WORD(nr)*32))
#define AUDIT_SYSCALL_CLASSES 16
#define AUDIT_CLASS_DIR_WRITE 0
--
2.35.1
^ permalink raw reply related [flat|nested] 217+ messages in thread
* [PATCH 5.15 035/206] wifi: airo: do not assign -1 to unsigned char
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (33 preceding siblings ...)
2022-11-30 18:21 ` [PATCH 5.15 034/206] audit: fix undefined behavior in bit shift for AUDIT_BIT Greg Kroah-Hartman
@ 2022-11-30 18:21 ` Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 5.15 036/206] wifi: mac80211: Fix ack frame idr leak when mesh has no route Greg Kroah-Hartman
` (179 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:21 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Kalle Valo, linux-wireless,
Jason A. Donenfeld, Sasha Levin
From: Jason A. Donenfeld <Jason@zx2c4.com>
[ Upstream commit e6cb8769452e8236b52134e5cb4a18b8f5986932 ]
With char becoming unsigned by default, and with `char` alone being
ambiguous and based on architecture, we get a warning when assigning the
unchecked output of hex_to_bin() to that unsigned char. Mark `key` as a
`u8`, which matches the struct's type, and then check each call to
hex_to_bin() before casting.
Cc: Kalle Valo <kvalo@kernel.org>
Cc: linux-wireless@vger.kernel.org
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20221024162843.535921-1-Jason@zx2c4.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/cisco/airo.c | 18 ++++++++++++++----
1 file changed, 14 insertions(+), 4 deletions(-)
diff --git a/drivers/net/wireless/cisco/airo.c b/drivers/net/wireless/cisco/airo.c
index 65dd8cff1b01..fc19ecbc4c08 100644
--- a/drivers/net/wireless/cisco/airo.c
+++ b/drivers/net/wireless/cisco/airo.c
@@ -5233,7 +5233,7 @@ static int get_wep_tx_idx(struct airo_info *ai)
return -1;
}
-static int set_wep_key(struct airo_info *ai, u16 index, const char *key,
+static int set_wep_key(struct airo_info *ai, u16 index, const u8 *key,
u16 keylen, int perm, int lock)
{
static const unsigned char macaddr[ETH_ALEN] = { 0x01, 0, 0, 0, 0, 0 };
@@ -5284,7 +5284,7 @@ static void proc_wepkey_on_close(struct inode *inode, struct file *file)
struct net_device *dev = PDE_DATA(inode);
struct airo_info *ai = dev->ml_priv;
int i, rc;
- char key[16];
+ u8 key[16];
u16 index = 0;
int j = 0;
@@ -5312,12 +5312,22 @@ static void proc_wepkey_on_close(struct inode *inode, struct file *file)
}
for (i = 0; i < 16*3 && data->wbuffer[i+j]; i++) {
+ int val;
+
+ if (i % 3 == 2)
+ continue;
+
+ val = hex_to_bin(data->wbuffer[i+j]);
+ if (val < 0) {
+ airo_print_err(ai->dev->name, "WebKey passed invalid key hex");
+ return;
+ }
switch(i%3) {
case 0:
- key[i/3] = hex_to_bin(data->wbuffer[i+j])<<4;
+ key[i/3] = (u8)val << 4;
break;
case 1:
- key[i/3] |= hex_to_bin(data->wbuffer[i+j]);
+ key[i/3] |= (u8)val;
break;
}
}
--
2.35.1
^ permalink raw reply related [flat|nested] 217+ messages in thread
* [PATCH 5.15 036/206] wifi: mac80211: Fix ack frame idr leak when mesh has no route
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (34 preceding siblings ...)
2022-11-30 18:21 ` [PATCH 5.15 035/206] wifi: airo: do not assign -1 to unsigned char Greg Kroah-Hartman
@ 2022-11-30 18:21 ` Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 5.15 037/206] wifi: ath11k: Fix QCN9074 firmware boot on x86 Greg Kroah-Hartman
` (178 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:21 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Nicolas Cavallari, Johannes Berg,
Sasha Levin
From: Nicolas Cavallari <nicolas.cavallari@green-communications.fr>
[ Upstream commit 39e7b5de9853bd92ddbfa4b14165babacd7da0ba ]
When trying to transmit an data frame with tx_status to a destination
that have no route in the mesh, then it is dropped without recrediting
the ack_status_frames idr.
Once it is exhausted, wpa_supplicant starts failing to do SAE with
NL80211_CMD_FRAME and logs "nl80211: Frame command failed".
Use ieee80211_free_txskb() instead of kfree_skb() to fix it.
Signed-off-by: Nicolas Cavallari <nicolas.cavallari@green-communications.fr>
Link: https://lore.kernel.org/r/20221027140133.1504-1-nicolas.cavallari@green-communications.fr
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/mac80211/mesh_pathtbl.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/mac80211/mesh_pathtbl.c b/net/mac80211/mesh_pathtbl.c
index acc1c299f1ae..69d5e1ec6ede 100644
--- a/net/mac80211/mesh_pathtbl.c
+++ b/net/mac80211/mesh_pathtbl.c
@@ -710,7 +710,7 @@ int mesh_path_send_to_gates(struct mesh_path *mpath)
void mesh_path_discard_frame(struct ieee80211_sub_if_data *sdata,
struct sk_buff *skb)
{
- kfree_skb(skb);
+ ieee80211_free_txskb(&sdata->local->hw, skb);
sdata->u.mesh.mshstats.dropped_frames_no_route++;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 217+ messages in thread
* [PATCH 5.15 037/206] wifi: ath11k: Fix QCN9074 firmware boot on x86
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (35 preceding siblings ...)
2022-11-30 18:21 ` [PATCH 5.15 036/206] wifi: mac80211: Fix ack frame idr leak when mesh has no route Greg Kroah-Hartman
@ 2022-11-30 18:21 ` Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 5.15 038/206] spi: stm32: fix stm32_spi_prepare_mbr() that halves spi clk for every run Greg Kroah-Hartman
` (177 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:21 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Tyler J. Stachecki, Kalle Valo, Sasha Levin
From: Tyler J. Stachecki <stachecki.tyler@gmail.com>
[ Upstream commit 3a89b6dec9920026eaa90fe8457f4348d3388a98 ]
The 2.7.0 series of QCN9074's firmware requests 5 segments
of memory instead of 3 (as in the 2.5.0 series).
The first segment (11M) is too large to be kalloc'd in one
go on x86 and requires piecemeal 1MB allocations, as was
the case with the prior public firmware (2.5.0, 15M).
Since f6f92968e1e5, ath11k will break the memory requests,
but only if there were fewer than 3 segments requested by
the firmware. It seems that 5 segments works fine and
allows QCN9074 to boot on x86 with firmware 2.7.0, so
change things accordingly.
Tested-on: QCN9074 hw1.0 PCI WLAN.HK.2.7.0.1-01744-QCAHKSWPL_SILICONZ-1
Tested-on: QCN9074 hw1.0 PCI WLAN.HK.2.5.0.1-01208-QCAHKSWPL_SILICONZ-1
Tested-on: WCN6855 hw2.0 PCI WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3.6510.16
Signed-off-by: Tyler J. Stachecki <stachecki.tyler@gmail.com>
Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com>
Link: https://lore.kernel.org/r/20221022042728.43015-1-stachecki.tyler@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/ath/ath11k/qmi.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/wireless/ath/ath11k/qmi.h b/drivers/net/wireless/ath/ath11k/qmi.h
index 3d5930330703..25940b683ea4 100644
--- a/drivers/net/wireless/ath/ath11k/qmi.h
+++ b/drivers/net/wireless/ath/ath11k/qmi.h
@@ -27,7 +27,7 @@
#define ATH11K_QMI_WLANFW_MAX_NUM_MEM_SEG_V01 52
#define ATH11K_QMI_CALDB_SIZE 0x480000
#define ATH11K_QMI_BDF_EXT_STR_LENGTH 0x20
-#define ATH11K_QMI_FW_MEM_REQ_SEGMENT_CNT 3
+#define ATH11K_QMI_FW_MEM_REQ_SEGMENT_CNT 5
#define QMI_WLFW_REQUEST_MEM_IND_V01 0x0035
#define QMI_WLFW_FW_MEM_READY_IND_V01 0x0037
--
2.35.1
^ permalink raw reply related [flat|nested] 217+ messages in thread
* [PATCH 5.15 038/206] spi: stm32: fix stm32_spi_prepare_mbr() that halves spi clk for every run
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (36 preceding siblings ...)
2022-11-30 18:21 ` [PATCH 5.15 037/206] wifi: ath11k: Fix QCN9074 firmware boot on x86 Greg Kroah-Hartman
@ 2022-11-30 18:21 ` Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 5.15 039/206] selftests/bpf: Add verifier test for release_reference() Greg Kroah-Hartman
` (176 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:21 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Sean Nyekjaer, Mark Brown, Sasha Levin
From: Sean Nyekjaer <sean@geanix.com>
[ Upstream commit 62aa1a344b0904549f6de7af958e8a1136fd5228 ]
When this driver is used with a driver that uses preallocated spi_transfer
structs. The speed_hz is halved by every run. This results in:
spi_stm32 44004000.spi: SPI transfer setup failed
ads7846 spi0.0: SPI transfer failed: -22
Example when running with DIV_ROUND_UP():
- First run; speed_hz = 1000000, spi->clk_rate 125000000
div 125 -> mbrdiv = 7, cur_speed = 976562
- Second run; speed_hz = 976562
div 128,00007 (roundup to 129) -> mbrdiv = 8, cur_speed = 488281
- Third run; speed_hz = 488281
div 256,000131072067109 (roundup to 257) and then -EINVAL is returned.
Use DIV_ROUND_CLOSEST to allow to round down and allow us to keep the
set speed.
Signed-off-by: Sean Nyekjaer <sean@geanix.com>
Link: https://lore.kernel.org/r/20221103080043.3033414-1-sean@geanix.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/spi/spi-stm32.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/spi/spi-stm32.c b/drivers/spi/spi-stm32.c
index 96a73f9e2677..3c6f201b5dd8 100644
--- a/drivers/spi/spi-stm32.c
+++ b/drivers/spi/spi-stm32.c
@@ -434,7 +434,7 @@ static int stm32_spi_prepare_mbr(struct stm32_spi *spi, u32 speed_hz,
u32 div, mbrdiv;
/* Ensure spi->clk_rate is even */
- div = DIV_ROUND_UP(spi->clk_rate & ~0x1, speed_hz);
+ div = DIV_ROUND_CLOSEST(spi->clk_rate & ~0x1, speed_hz);
/*
* SPI framework set xfer->speed_hz to master->max_speed_hz if
--
2.35.1
^ permalink raw reply related [flat|nested] 217+ messages in thread
* [PATCH 5.15 039/206] selftests/bpf: Add verifier test for release_reference()
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (37 preceding siblings ...)
2022-11-30 18:21 ` [PATCH 5.15 038/206] spi: stm32: fix stm32_spi_prepare_mbr() that halves spi clk for every run Greg Kroah-Hartman
@ 2022-11-30 18:21 ` Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 5.15 040/206] Revert "net: macsec: report real_dev features when HW offloading is enabled" Greg Kroah-Hartman
` (175 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:21 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Youlin Li, Daniel Borkmann, Sasha Levin
From: Youlin Li <liulin063@gmail.com>
[ Upstream commit 475244f5e06beeda7b557d9dde46a5f439bf3379 ]
Add a test case to ensure that released pointer registers will not be
leaked into the map.
Before fix:
./test_verifier 984
984/u reference tracking: try to leak released ptr reg FAIL
Unexpected success to load!
verification time 67 usec
stack depth 4
processed 23 insns (limit 1000000) max_states_per_insn 0 total_states 2
peak_states 2 mark_read 1
984/p reference tracking: try to leak released ptr reg OK
Summary: 1 PASSED, 0 SKIPPED, 1 FAILED
After fix:
./test_verifier 984
984/u reference tracking: try to leak released ptr reg OK
984/p reference tracking: try to leak released ptr reg OK
Summary: 2 PASSED, 0 SKIPPED, 0 FAILED
Signed-off-by: Youlin Li <liulin063@gmail.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Link: https://lore.kernel.org/bpf/20221103093440.3161-2-liulin063@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
.../selftests/bpf/verifier/ref_tracking.c | 36 +++++++++++++++++++
1 file changed, 36 insertions(+)
diff --git a/tools/testing/selftests/bpf/verifier/ref_tracking.c b/tools/testing/selftests/bpf/verifier/ref_tracking.c
index 3b6ee009c00b..4a768b130d61 100644
--- a/tools/testing/selftests/bpf/verifier/ref_tracking.c
+++ b/tools/testing/selftests/bpf/verifier/ref_tracking.c
@@ -905,3 +905,39 @@
.result_unpriv = REJECT,
.errstr_unpriv = "unknown func",
},
+{
+ "reference tracking: try to leak released ptr reg",
+ .insns = {
+ BPF_MOV64_IMM(BPF_REG_0, 0),
+ BPF_STX_MEM(BPF_W, BPF_REG_10, BPF_REG_0, -4),
+ BPF_MOV64_REG(BPF_REG_2, BPF_REG_10),
+ BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -4),
+ BPF_LD_MAP_FD(BPF_REG_1, 0),
+ BPF_EMIT_CALL(BPF_FUNC_map_lookup_elem),
+ BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 1),
+ BPF_EXIT_INSN(),
+ BPF_MOV64_REG(BPF_REG_9, BPF_REG_0),
+
+ BPF_MOV64_IMM(BPF_REG_0, 0),
+ BPF_LD_MAP_FD(BPF_REG_1, 0),
+ BPF_MOV64_IMM(BPF_REG_2, 8),
+ BPF_MOV64_IMM(BPF_REG_3, 0),
+ BPF_EMIT_CALL(BPF_FUNC_ringbuf_reserve),
+ BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 1),
+ BPF_EXIT_INSN(),
+ BPF_MOV64_REG(BPF_REG_8, BPF_REG_0),
+
+ BPF_MOV64_REG(BPF_REG_1, BPF_REG_8),
+ BPF_MOV64_IMM(BPF_REG_2, 0),
+ BPF_EMIT_CALL(BPF_FUNC_ringbuf_discard),
+ BPF_MOV64_IMM(BPF_REG_0, 0),
+
+ BPF_STX_MEM(BPF_DW, BPF_REG_9, BPF_REG_8, 0),
+ BPF_EXIT_INSN()
+ },
+ .fixup_map_array_48b = { 4 },
+ .fixup_map_ringbuf = { 11 },
+ .result = ACCEPT,
+ .result_unpriv = REJECT,
+ .errstr_unpriv = "R8 !read_ok"
+},
--
2.35.1
^ permalink raw reply related [flat|nested] 217+ messages in thread
* [PATCH 5.15 040/206] Revert "net: macsec: report real_dev features when HW offloading is enabled"
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (38 preceding siblings ...)
2022-11-30 18:21 ` [PATCH 5.15 039/206] selftests/bpf: Add verifier test for release_reference() Greg Kroah-Hartman
@ 2022-11-30 18:21 ` Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 5.15 041/206] platform/x86: ideapad-laptop: Disable touchpad_switch Greg Kroah-Hartman
` (174 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:21 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Sabrina Dubroca, Antoine Tenart,
Leon Romanovsky, David S. Miller, Sasha Levin
From: Sabrina Dubroca <sd@queasysnail.net>
[ Upstream commit 8bcd560ae8784da57c610d857118c5d6576b1a8f ]
This reverts commit c850240b6c4132574a00f2da439277ab94265b66.
That commit tried to improve the performance of macsec offload by
taking advantage of some of the NIC's features, but in doing so, broke
macsec offload when the lower device supports both macsec and ipsec
offload, as the ipsec offload feature flags (mainly NETIF_F_HW_ESP)
were copied from the real device. Since the macsec device doesn't
provide xdo_* ops, the XFRM core rejects the registration of the new
macsec device in xfrm_api_check.
Example perf trace when running
ip link add link eni1np1 type macsec port 4 offload mac
ip 737 [003] 795.477676: probe:xfrm_dev_event__REGISTER name="macsec0" features=0x1c000080014869
xfrm_dev_event+0x3a
notifier_call_chain+0x47
register_netdevice+0x846
macsec_newlink+0x25a
ip 737 [003] 795.477687: probe:xfrm_dev_event__return ret=0x8002 (NOTIFY_BAD)
notifier_call_chain+0x47
register_netdevice+0x846
macsec_newlink+0x25a
dev->features includes NETIF_F_HW_ESP (0x04000000000000), so
xfrm_api_check returns NOTIFY_BAD because we don't have
dev->xfrmdev_ops on the macsec device.
We could probably propagate GSO and a few other features from the
lower device, similar to macvlan. This will be done in a future patch.
Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
Reviewed-by: Antoine Tenart <atenart@kernel.org>
Reviewed-by: Leon Romanovsky <leonro@nvidia.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/macsec.c | 27 ++++-----------------------
1 file changed, 4 insertions(+), 23 deletions(-)
diff --git a/drivers/net/macsec.c b/drivers/net/macsec.c
index 4811bd1f3d74..f1961d7f9db2 100644
--- a/drivers/net/macsec.c
+++ b/drivers/net/macsec.c
@@ -2644,11 +2644,6 @@ static int macsec_upd_offload(struct sk_buff *skb, struct genl_info *info)
if (ret)
goto rollback;
- /* Force features update, since they are different for SW MACSec and
- * HW offloading cases.
- */
- netdev_update_features(dev);
-
rtnl_unlock();
return 0;
@@ -3416,16 +3411,9 @@ static netdev_tx_t macsec_start_xmit(struct sk_buff *skb,
return ret;
}
-#define SW_MACSEC_FEATURES \
+#define MACSEC_FEATURES \
(NETIF_F_SG | NETIF_F_HIGHDMA | NETIF_F_FRAGLIST)
-/* If h/w offloading is enabled, use real device features save for
- * VLAN_FEATURES - they require additional ops
- * HW_MACSEC - no reason to report it
- */
-#define REAL_DEV_FEATURES(dev) \
- ((dev)->features & ~(NETIF_F_VLAN_FEATURES | NETIF_F_HW_MACSEC))
-
static int macsec_dev_init(struct net_device *dev)
{
struct macsec_dev *macsec = macsec_priv(dev);
@@ -3442,12 +3430,8 @@ static int macsec_dev_init(struct net_device *dev)
return err;
}
- if (macsec_is_offloaded(macsec)) {
- dev->features = REAL_DEV_FEATURES(real_dev);
- } else {
- dev->features = real_dev->features & SW_MACSEC_FEATURES;
- dev->features |= NETIF_F_LLTX | NETIF_F_GSO_SOFTWARE;
- }
+ dev->features = real_dev->features & MACSEC_FEATURES;
+ dev->features |= NETIF_F_LLTX | NETIF_F_GSO_SOFTWARE;
dev->needed_headroom = real_dev->needed_headroom +
MACSEC_NEEDED_HEADROOM;
@@ -3476,10 +3460,7 @@ static netdev_features_t macsec_fix_features(struct net_device *dev,
struct macsec_dev *macsec = macsec_priv(dev);
struct net_device *real_dev = macsec->real_dev;
- if (macsec_is_offloaded(macsec))
- return REAL_DEV_FEATURES(real_dev);
-
- features &= (real_dev->features & SW_MACSEC_FEATURES) |
+ features &= (real_dev->features & MACSEC_FEATURES) |
NETIF_F_GSO_SOFTWARE | NETIF_F_SOFT_FEATURES;
features |= NETIF_F_LLTX;
--
2.35.1
^ permalink raw reply related [flat|nested] 217+ messages in thread
* [PATCH 5.15 041/206] platform/x86: ideapad-laptop: Disable touchpad_switch
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (39 preceding siblings ...)
2022-11-30 18:21 ` [PATCH 5.15 040/206] Revert "net: macsec: report real_dev features when HW offloading is enabled" Greg Kroah-Hartman
@ 2022-11-30 18:21 ` Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 5.15 042/206] platform/x86: touchscreen_dmi: Add info for the RCA Cambio W101 v2 2-in-1 Greg Kroah-Hartman
` (173 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:21 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Manyi Li, Hans de Goede, Sasha Levin
From: Manyi Li <limanyi@uniontech.com>
[ Upstream commit a231224a601c1924b9df620281ad04472900d75f ]
Ideapads for "Lenovo Yoga 3 Pro 1370" and "ZhaoYang K4e-IML" do not
use EC to switch touchpad.
Reading VPCCMD_R_TOUCHPAD will return zero thus touchpad may be blocked
unexpectedly.
Signed-off-by: Manyi Li <limanyi@uniontech.com>
Link: https://lore.kernel.org/r/20221018095323.14591-1-limanyi@uniontech.com
Reviewed-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/platform/x86/ideapad-laptop.c | 25 ++++++++++++++++++++++++-
1 file changed, 24 insertions(+), 1 deletion(-)
diff --git a/drivers/platform/x86/ideapad-laptop.c b/drivers/platform/x86/ideapad-laptop.c
index e7a1299e3776..ab4dfff2174b 100644
--- a/drivers/platform/x86/ideapad-laptop.c
+++ b/drivers/platform/x86/ideapad-laptop.c
@@ -1499,6 +1499,24 @@ static const struct dmi_system_id hw_rfkill_list[] = {
{}
};
+static const struct dmi_system_id no_touchpad_switch_list[] = {
+ {
+ .ident = "Lenovo Yoga 3 Pro 1370",
+ .matches = {
+ DMI_MATCH(DMI_SYS_VENDOR, "LENOVO"),
+ DMI_MATCH(DMI_PRODUCT_VERSION, "Lenovo YOGA 3"),
+ },
+ },
+ {
+ .ident = "ZhaoYang K4e-IML",
+ .matches = {
+ DMI_MATCH(DMI_SYS_VENDOR, "LENOVO"),
+ DMI_MATCH(DMI_PRODUCT_VERSION, "ZhaoYang K4e-IML"),
+ },
+ },
+ {}
+};
+
static void ideapad_check_features(struct ideapad_private *priv)
{
acpi_handle handle = priv->adev->handle;
@@ -1507,7 +1525,12 @@ static void ideapad_check_features(struct ideapad_private *priv)
priv->features.hw_rfkill_switch = dmi_check_system(hw_rfkill_list);
/* Most ideapads with ELAN0634 touchpad don't use EC touchpad switch */
- priv->features.touchpad_ctrl_via_ec = !acpi_dev_present("ELAN0634", NULL, -1);
+ if (acpi_dev_present("ELAN0634", NULL, -1))
+ priv->features.touchpad_ctrl_via_ec = 0;
+ else if (dmi_check_system(no_touchpad_switch_list))
+ priv->features.touchpad_ctrl_via_ec = 0;
+ else
+ priv->features.touchpad_ctrl_via_ec = 1;
if (!read_ec_data(handle, VPCCMD_R_FAN, &val))
priv->features.fan_mode = true;
--
2.35.1
^ permalink raw reply related [flat|nested] 217+ messages in thread
* [PATCH 5.15 042/206] platform/x86: touchscreen_dmi: Add info for the RCA Cambio W101 v2 2-in-1
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (40 preceding siblings ...)
2022-11-30 18:21 ` [PATCH 5.15 041/206] platform/x86: ideapad-laptop: Disable touchpad_switch Greg Kroah-Hartman
@ 2022-11-30 18:21 ` Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 5.15 043/206] platform/x86/intel/pmt: Sapphire Rapids PMT errata fix Greg Kroah-Hartman
` (172 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:21 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Hans de Goede, Sasha Levin
From: Hans de Goede <hdegoede@redhat.com>
[ Upstream commit 0df044b34bf33e7e35c32b3bf6747fde6279c162 ]
Add touchscreen info for the RCA Cambio W101 v2 2-in-1.
Link: https://github.com/onitake/gsl-firmware/discussions/193
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Link: https://lore.kernel.org/r/20221025141131.509211-1-hdegoede@redhat.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/platform/x86/touchscreen_dmi.c | 25 +++++++++++++++++++++++++
1 file changed, 25 insertions(+)
diff --git a/drivers/platform/x86/touchscreen_dmi.c b/drivers/platform/x86/touchscreen_dmi.c
index c608078538a7..3d0790263fa7 100644
--- a/drivers/platform/x86/touchscreen_dmi.c
+++ b/drivers/platform/x86/touchscreen_dmi.c
@@ -773,6 +773,22 @@ static const struct ts_dmi_data predia_basic_data = {
.properties = predia_basic_props,
};
+static const struct property_entry rca_cambio_w101_v2_props[] = {
+ PROPERTY_ENTRY_U32("touchscreen-min-x", 4),
+ PROPERTY_ENTRY_U32("touchscreen-min-y", 20),
+ PROPERTY_ENTRY_U32("touchscreen-size-x", 1644),
+ PROPERTY_ENTRY_U32("touchscreen-size-y", 874),
+ PROPERTY_ENTRY_BOOL("touchscreen-swapped-x-y"),
+ PROPERTY_ENTRY_STRING("firmware-name", "gsl1680-rca-cambio-w101-v2.fw"),
+ PROPERTY_ENTRY_U32("silead,max-fingers", 10),
+ { }
+};
+
+static const struct ts_dmi_data rca_cambio_w101_v2_data = {
+ .acpi_name = "MSSL1680:00",
+ .properties = rca_cambio_w101_v2_props,
+};
+
static const struct property_entry rwc_nanote_p8_props[] = {
PROPERTY_ENTRY_U32("touchscreen-min-y", 46),
PROPERTY_ENTRY_U32("touchscreen-size-x", 1728),
@@ -1394,6 +1410,15 @@ const struct dmi_system_id touchscreen_dmi_table[] = {
DMI_EXACT_MATCH(DMI_BOARD_NAME, "0E57"),
},
},
+ {
+ /* RCA Cambio W101 v2 */
+ /* https://github.com/onitake/gsl-firmware/discussions/193 */
+ .driver_data = (void *)&rca_cambio_w101_v2_data,
+ .matches = {
+ DMI_MATCH(DMI_SYS_VENDOR, "RCA"),
+ DMI_MATCH(DMI_PRODUCT_NAME, "W101SA23T1"),
+ },
+ },
{
/* RWC NANOTE P8 */
.driver_data = (void *)&rwc_nanote_p8_data,
--
2.35.1
^ permalink raw reply related [flat|nested] 217+ messages in thread
* [PATCH 5.15 043/206] platform/x86/intel/pmt: Sapphire Rapids PMT errata fix
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (41 preceding siblings ...)
2022-11-30 18:21 ` [PATCH 5.15 042/206] platform/x86: touchscreen_dmi: Add info for the RCA Cambio W101 v2 2-in-1 Greg Kroah-Hartman
@ 2022-11-30 18:21 ` Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 5.15 044/206] platform/x86/intel/hid: Add some ACPI device IDs Greg Kroah-Hartman
` (171 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:21 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, David E. Box, Hans de Goede, Sasha Levin
From: David E. Box <david.e.box@linux.intel.com>
[ Upstream commit bcdfa1f77ea7f67368d20384932a9d1e3047ddd2 ]
On Sapphire Rapids, due to a hardware issue affecting the PUNIT telemetry
region, reads that are not done in QWORD quantities and alignment may
return incorrect data. Use a custom 64-bit copy for this region.
Signed-off-by: David E. Box <david.e.box@linux.intel.com>
Link: https://lore.kernel.org/r/20221105034228.1376677-1-david.e.box@linux.intel.com
Reviewed-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/platform/x86/intel/pmt/class.c | 31 +++++++++++++++++++++++++-
1 file changed, 30 insertions(+), 1 deletion(-)
diff --git a/drivers/platform/x86/intel/pmt/class.c b/drivers/platform/x86/intel/pmt/class.c
index 659b1073033c..586a5877422b 100644
--- a/drivers/platform/x86/intel/pmt/class.c
+++ b/drivers/platform/x86/intel/pmt/class.c
@@ -9,6 +9,7 @@
*/
#include <linux/kernel.h>
+#include <linux/io-64-nonatomic-lo-hi.h>
#include <linux/module.h>
#include <linux/mm.h>
#include <linux/pci.h>
@@ -18,6 +19,7 @@
#define PMT_XA_START 0
#define PMT_XA_MAX INT_MAX
#define PMT_XA_LIMIT XA_LIMIT(PMT_XA_START, PMT_XA_MAX)
+#define GUID_SPR_PUNIT 0x9956f43f
/*
* Early implementations of PMT on client platforms have some
@@ -41,6 +43,29 @@ bool intel_pmt_is_early_client_hw(struct device *dev)
}
EXPORT_SYMBOL_GPL(intel_pmt_is_early_client_hw);
+static inline int
+pmt_memcpy64_fromio(void *to, const u64 __iomem *from, size_t count)
+{
+ int i, remain;
+ u64 *buf = to;
+
+ if (!IS_ALIGNED((unsigned long)from, 8))
+ return -EFAULT;
+
+ for (i = 0; i < count/8; i++)
+ buf[i] = readq(&from[i]);
+
+ /* Copy any remaining bytes */
+ remain = count % 8;
+ if (remain) {
+ u64 tmp = readq(&from[i]);
+
+ memcpy(&buf[i], &tmp, remain);
+ }
+
+ return count;
+}
+
/*
* sysfs
*/
@@ -62,7 +87,11 @@ intel_pmt_read(struct file *filp, struct kobject *kobj,
if (count > entry->size - off)
count = entry->size - off;
- memcpy_fromio(buf, entry->base + off, count);
+ if (entry->guid == GUID_SPR_PUNIT)
+ /* PUNIT on SPR only supports aligned 64-bit read */
+ count = pmt_memcpy64_fromio(buf, entry->base + off, count);
+ else
+ memcpy_fromio(buf, entry->base + off, count);
return count;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 217+ messages in thread
* [PATCH 5.15 044/206] platform/x86/intel/hid: Add some ACPI device IDs
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (42 preceding siblings ...)
2022-11-30 18:21 ` [PATCH 5.15 043/206] platform/x86/intel/pmt: Sapphire Rapids PMT errata fix Greg Kroah-Hartman
@ 2022-11-30 18:21 ` Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 5.15 045/206] scsi: ibmvfc: Avoid path failures during live migration Greg Kroah-Hartman
` (170 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:21 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Ivan Hu, Hans de Goede, Sasha Levin
From: Ivan Hu <ivan.hu@canonical.com>
[ Upstream commit a977ece5773b6746b814aac410da4776023db239 ]
Add INTC1076 (JasonLake), INTC1077 (MeteorLake) and INTC1078 (RaptorLake)
devices IDs.
Signed-off-by: Ivan Hu <ivan.hu@canonical.com>
Link: https://lore.kernel.org/r/20221102020548.5225-1-ivan.hu@canonical.com
Reviewed-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/platform/x86/intel/hid.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/platform/x86/intel/hid.c b/drivers/platform/x86/intel/hid.c
index d7d6782c40c2..4d1c78635114 100644
--- a/drivers/platform/x86/intel/hid.c
+++ b/drivers/platform/x86/intel/hid.c
@@ -27,6 +27,9 @@ static const struct acpi_device_id intel_hid_ids[] = {
{"INTC1051", 0},
{"INTC1054", 0},
{"INTC1070", 0},
+ {"INTC1076", 0},
+ {"INTC1077", 0},
+ {"INTC1078", 0},
{"", 0},
};
MODULE_DEVICE_TABLE(acpi, intel_hid_ids);
--
2.35.1
^ permalink raw reply related [flat|nested] 217+ messages in thread
* [PATCH 5.15 045/206] scsi: ibmvfc: Avoid path failures during live migration
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (43 preceding siblings ...)
2022-11-30 18:21 ` [PATCH 5.15 044/206] platform/x86/intel/hid: Add some ACPI device IDs Greg Kroah-Hartman
@ 2022-11-30 18:21 ` Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 5.15 046/206] scsi: scsi_debug: Make the READ CAPACITY response compliant with ZBC Greg Kroah-Hartman
` (169 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:21 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Brian King, Martin K. Petersen, Sasha Levin
From: Brian King <brking@linux.vnet.ibm.com>
[ Upstream commit 62fa3ce05d5d73c5eccc40b2db493f55fecfc446 ]
Fix an issue reported when performing a live migration when multipath is
configured with a short fast fail timeout of 5 seconds and also to have
no_path_retry set to fail. In this scenario, all paths would go into the
devloss state while the ibmvfc driver went through discovery to log back
in. On a loaded system, the discovery might take longer than 5 seconds,
which was resulting in all paths being marked failed, which then resulted
in a read only filesystem.
This patch changes the migration code in ibmvfc to avoid deleting rports at
all in this scenario, so we avoid losing all paths.
Signed-off-by: Brian King <brking@linux.vnet.ibm.com>
Link: https://lore.kernel.org/r/20221026181356.148517-1-brking@linux.vnet.ibm.com
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/scsi/ibmvscsi/ibmvfc.c | 14 +++++++++++---
1 file changed, 11 insertions(+), 3 deletions(-)
diff --git a/drivers/scsi/ibmvscsi/ibmvfc.c b/drivers/scsi/ibmvscsi/ibmvfc.c
index b3531065a438..45ef78f388dc 100644
--- a/drivers/scsi/ibmvscsi/ibmvfc.c
+++ b/drivers/scsi/ibmvscsi/ibmvfc.c
@@ -708,8 +708,13 @@ static void ibmvfc_init_host(struct ibmvfc_host *vhost)
memset(vhost->async_crq.msgs.async, 0, PAGE_SIZE);
vhost->async_crq.cur = 0;
- list_for_each_entry(tgt, &vhost->targets, queue)
- ibmvfc_del_tgt(tgt);
+ list_for_each_entry(tgt, &vhost->targets, queue) {
+ if (vhost->client_migrated)
+ tgt->need_login = 1;
+ else
+ ibmvfc_del_tgt(tgt);
+ }
+
scsi_block_requests(vhost->host);
ibmvfc_set_host_action(vhost, IBMVFC_HOST_ACTION_INIT);
vhost->job_step = ibmvfc_npiv_login;
@@ -3235,9 +3240,12 @@ static void ibmvfc_handle_crq(struct ibmvfc_crq *crq, struct ibmvfc_host *vhost,
/* We need to re-setup the interpartition connection */
dev_info(vhost->dev, "Partition migrated, Re-enabling adapter\n");
vhost->client_migrated = 1;
+
+ scsi_block_requests(vhost->host);
ibmvfc_purge_requests(vhost, DID_REQUEUE);
- ibmvfc_link_down(vhost, IBMVFC_LINK_DOWN);
+ ibmvfc_set_host_state(vhost, IBMVFC_LINK_DOWN);
ibmvfc_set_host_action(vhost, IBMVFC_HOST_ACTION_REENABLE);
+ wake_up(&vhost->work_wait_q);
} else if (crq->format == IBMVFC_PARTNER_FAILED || crq->format == IBMVFC_PARTNER_DEREGISTER) {
dev_err(vhost->dev, "Host partner adapter deregistered or failed (rc=%d)\n", crq->format);
ibmvfc_purge_requests(vhost, DID_ERROR);
--
2.35.1
^ permalink raw reply related [flat|nested] 217+ messages in thread
* [PATCH 5.15 046/206] scsi: scsi_debug: Make the READ CAPACITY response compliant with ZBC
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (44 preceding siblings ...)
2022-11-30 18:21 ` [PATCH 5.15 045/206] scsi: ibmvfc: Avoid path failures during live migration Greg Kroah-Hartman
@ 2022-11-30 18:21 ` Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 5.15 047/206] drm: panel-orientation-quirks: Add quirk for Acer Switch V 10 (SW5-017) Greg Kroah-Hartman
` (168 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:21 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Douglas Gilbert, Damien Le Moal,
Bart Van Assche, Martin K. Petersen, Sasha Levin
From: Bart Van Assche <bvanassche@acm.org>
[ Upstream commit ecb8c2580d37dbb641451049376d80c8afaa387f ]
>From ZBC-1:
- RC BASIS = 0: The RETURNED LOGICAL BLOCK ADDRESS field indicates the
highest LBA of a contiguous range of zones that are not sequential write
required zones starting with the first zone.
- RC BASIS = 1: The RETURNED LOGICAL BLOCK ADDRESS field indicates the LBA
of the last logical block on the logical unit.
The current scsi_debug READ CAPACITY response does not comply with the
above if there are one or more sequential write required zones. SCSI
initiators need a way to retrieve the largest valid LBA from SCSI
devices. Reporting the largest valid LBA if there are one or more
sequential zones requires to set the RC BASIS field in the READ CAPACITY
response to one. Hence this patch.
Cc: Douglas Gilbert <dgilbert@interlog.com>
Cc: Damien Le Moal <damien.lemoal@opensource.wdc.com>
Suggested-by: Damien Le Moal <damien.lemoal@opensource.wdc.com>
Signed-off-by: Bart Van Assche <bvanassche@acm.org>
Link: https://lore.kernel.org/r/20221102193248.3177608-1-bvanassche@acm.org
Reviewed-by: Damien Le Moal <damien.lemoal@opensource.wdc.com>
Acked-by: Douglas Gilbert <dgilbert@interlog.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/scsi/scsi_debug.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/drivers/scsi/scsi_debug.c b/drivers/scsi/scsi_debug.c
index 2b5e249f5d5b..0b16061d8da8 100644
--- a/drivers/scsi/scsi_debug.c
+++ b/drivers/scsi/scsi_debug.c
@@ -1879,6 +1879,13 @@ static int resp_readcap16(struct scsi_cmnd *scp,
arr[14] |= 0x40;
}
+ /*
+ * Since the scsi_debug READ CAPACITY implementation always reports the
+ * total disk capacity, set RC BASIS = 1 for host-managed ZBC devices.
+ */
+ if (devip->zmodel == BLK_ZONED_HM)
+ arr[12] |= 1 << 4;
+
arr[15] = sdebug_lowest_aligned & 0xff;
if (have_dif_prot) {
--
2.35.1
^ permalink raw reply related [flat|nested] 217+ messages in thread
* [PATCH 5.15 047/206] drm: panel-orientation-quirks: Add quirk for Acer Switch V 10 (SW5-017)
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (45 preceding siblings ...)
2022-11-30 18:21 ` [PATCH 5.15 046/206] scsi: scsi_debug: Make the READ CAPACITY response compliant with ZBC Greg Kroah-Hartman
@ 2022-11-30 18:21 ` Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 5.15 048/206] block, bfq: fix null pointer dereference in bfq_bio_bfqg() Greg Kroah-Hartman
` (167 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:21 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Rudolf Polzer, Hans de Goede,
Simon Ser, Sasha Levin
From: Hans de Goede <hdegoede@redhat.com>
[ Upstream commit 653f2d94fcda200b02bd79cea2e0307b26c1b747 ]
Like the Acer Switch One 10 S1003, for which there already is a quirk,
the Acer Switch V 10 (SW5-017) has a 800x1280 portrait screen mounted
in the tablet part of a landscape oriented 2-in-1. Add a quirk for this.
Cc: Rudolf Polzer <rpolzer@google.com>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Acked-by: Simon Ser <contact@emersion.fr>
Link: https://patchwork.freedesktop.org/patch/msgid/20221106215052.66995-1-hdegoede@redhat.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/drm_panel_orientation_quirks.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/drivers/gpu/drm/drm_panel_orientation_quirks.c b/drivers/gpu/drm/drm_panel_orientation_quirks.c
index 083273736c83..ca0fefeaab20 100644
--- a/drivers/gpu/drm/drm_panel_orientation_quirks.c
+++ b/drivers/gpu/drm/drm_panel_orientation_quirks.c
@@ -128,6 +128,12 @@ static const struct dmi_system_id orientation_data[] = {
DMI_EXACT_MATCH(DMI_PRODUCT_NAME, "One S1003"),
},
.driver_data = (void *)&lcd800x1280_rightside_up,
+ }, { /* Acer Switch V 10 (SW5-017) */
+ .matches = {
+ DMI_EXACT_MATCH(DMI_SYS_VENDOR, "Acer"),
+ DMI_EXACT_MATCH(DMI_PRODUCT_NAME, "SW5-017"),
+ },
+ .driver_data = (void *)&lcd800x1280_rightside_up,
}, { /* Anbernic Win600 */
.matches = {
DMI_EXACT_MATCH(DMI_BOARD_VENDOR, "Anbernic"),
--
2.35.1
^ permalink raw reply related [flat|nested] 217+ messages in thread
* [PATCH 5.15 048/206] block, bfq: fix null pointer dereference in bfq_bio_bfqg()
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (46 preceding siblings ...)
2022-11-30 18:21 ` [PATCH 5.15 047/206] drm: panel-orientation-quirks: Add quirk for Acer Switch V 10 (SW5-017) Greg Kroah-Hartman
@ 2022-11-30 18:21 ` Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 5.15 049/206] arm64/syscall: Include asm/ptrace.h in syscall_wrapper header Greg Kroah-Hartman
` (166 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:21 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Yu Kuai, Jan Kara, Jens Axboe, Sasha Levin
From: Yu Kuai <yukuai3@huawei.com>
[ Upstream commit f02be9002c480cd3ec0fcf184ad27cf531bd6ece ]
Out test found a following problem in kernel 5.10, and the same problem
should exist in mainline:
BUG: kernel NULL pointer dereference, address: 0000000000000094
PGD 0 P4D 0
Oops: 0000 [#1] SMP
CPU: 7 PID: 155 Comm: kworker/7:1 Not tainted 5.10.0-01932-g19e0ace2ca1d-dirty 4
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS ?-20190727_073836-b4
Workqueue: kthrotld blk_throtl_dispatch_work_fn
RIP: 0010:bfq_bio_bfqg+0x52/0xc0
Code: 94 00 00 00 00 75 2e 48 8b 40 30 48 83 05 35 06 c8 0b 01 48 85 c0 74 3d 4b
RSP: 0018:ffffc90001a1fba0 EFLAGS: 00010002
RAX: ffff888100d60400 RBX: ffff8881132e7000 RCX: 0000000000000000
RDX: 0000000000000017 RSI: ffff888103580a18 RDI: ffff888103580a18
RBP: ffff8881132e7000 R08: 0000000000000000 R09: ffffc90001a1fe10
R10: 0000000000000a20 R11: 0000000000034320 R12: 0000000000000000
R13: ffff888103580a18 R14: ffff888114447000 R15: 0000000000000000
FS: 0000000000000000(0000) GS:ffff88881fdc0000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000094 CR3: 0000000100cdb000 CR4: 00000000000006e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
bfq_bic_update_cgroup+0x3c/0x350
? ioc_create_icq+0x42/0x270
bfq_init_rq+0xfd/0x1060
bfq_insert_requests+0x20f/0x1cc0
? ioc_create_icq+0x122/0x270
blk_mq_sched_insert_requests+0x86/0x1d0
blk_mq_flush_plug_list+0x193/0x2a0
blk_flush_plug_list+0x127/0x170
blk_finish_plug+0x31/0x50
blk_throtl_dispatch_work_fn+0x151/0x190
process_one_work+0x27c/0x5f0
worker_thread+0x28b/0x6b0
? rescuer_thread+0x590/0x590
kthread+0x153/0x1b0
? kthread_flush_work+0x170/0x170
ret_from_fork+0x1f/0x30
Modules linked in:
CR2: 0000000000000094
---[ end trace e2e59ac014314547 ]---
RIP: 0010:bfq_bio_bfqg+0x52/0xc0
Code: 94 00 00 00 00 75 2e 48 8b 40 30 48 83 05 35 06 c8 0b 01 48 85 c0 74 3d 4b
RSP: 0018:ffffc90001a1fba0 EFLAGS: 00010002
RAX: ffff888100d60400 RBX: ffff8881132e7000 RCX: 0000000000000000
RDX: 0000000000000017 RSI: ffff888103580a18 RDI: ffff888103580a18
RBP: ffff8881132e7000 R08: 0000000000000000 R09: ffffc90001a1fe10
R10: 0000000000000a20 R11: 0000000000034320 R12: 0000000000000000
R13: ffff888103580a18 R14: ffff888114447000 R15: 0000000000000000
FS: 0000000000000000(0000) GS:ffff88881fdc0000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000094 CR3: 0000000100cdb000 CR4: 00000000000006e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Root cause is quite complex:
1) use bfq elevator for the test device.
2) create a cgroup CG
3) config blk throtl in CG
blkg_conf_prep
blkg_create
4) create a thread T1 and issue async io in CG:
bio_init
bio_associate_blkg
...
submit_bio
submit_bio_noacct
blk_throtl_bio -> io is throttled
// io submit is done
5) switch elevator:
bfq_exit_queue
blkcg_deactivate_policy
list_for_each_entry(blkg, &q->blkg_list, q_node)
blkg->pd[] = NULL
// bfq policy is removed
5) thread t1 exist, then remove the cgroup CG:
blkcg_unpin_online
blkcg_destroy_blkgs
blkg_destroy
list_del_init(&blkg->q_node)
// blkg is removed from queue list
6) switch elevator back to bfq
bfq_init_queue
bfq_create_group_hierarchy
blkcg_activate_policy
list_for_each_entry_reverse(blkg, &q->blkg_list)
// blkg is removed from list, hence bfq policy is still NULL
7) throttled io is dispatched to bfq:
bfq_insert_requests
bfq_init_rq
bfq_bic_update_cgroup
bfq_bio_bfqg
bfqg = blkg_to_bfqg(blkg)
// bfqg is NULL because bfq policy is NULL
The problem is only possible in bfq because only bfq can be deactivated and
activated while queue is online, while others can only be deactivated while
the device is removed.
Fix the problem in bfq by checking if blkg is online before calling
blkg_to_bfqg().
Signed-off-by: Yu Kuai <yukuai3@huawei.com>
Reviewed-by: Jan Kara <jack@suse.cz>
Link: https://lore.kernel.org/r/20221108103434.2853269-1-yukuai1@huaweicloud.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
block/bfq-cgroup.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/block/bfq-cgroup.c b/block/bfq-cgroup.c
index e2e765a54fe9..a8d0b4c71b05 100644
--- a/block/bfq-cgroup.c
+++ b/block/bfq-cgroup.c
@@ -613,6 +613,10 @@ struct bfq_group *bfq_bio_bfqg(struct bfq_data *bfqd, struct bio *bio)
struct bfq_group *bfqg;
while (blkg) {
+ if (!blkg->online) {
+ blkg = blkg->parent;
+ continue;
+ }
bfqg = blkg_to_bfqg(blkg);
if (bfqg->online) {
bio_associate_blkg_from_css(bio, &blkg->blkcg->css);
--
2.35.1
^ permalink raw reply related [flat|nested] 217+ messages in thread
* [PATCH 5.15 049/206] arm64/syscall: Include asm/ptrace.h in syscall_wrapper header.
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (47 preceding siblings ...)
2022-11-30 18:21 ` [PATCH 5.15 048/206] block, bfq: fix null pointer dereference in bfq_bio_bfqg() Greg Kroah-Hartman
@ 2022-11-30 18:21 ` Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 5.15 050/206] nvmet: fix memory leak in nvmet_subsys_attr_model_store_locked Greg Kroah-Hartman
` (165 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:21 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Kuniyuki Iwashima, Andrii Nakryiko,
Catalin Marinas, Sasha Levin
From: Kuniyuki Iwashima <kuniyu@amazon.com>
[ Upstream commit acfc35cfcee5df419391671ef1a631f43feee4e3 ]
Add the same change for ARM64 as done in the commit 9440c4294160
("x86/syscall: Include asm/ptrace.h in syscall_wrapper header") to
make sure all syscalls see 'struct pt_regs' definition and resulted
BTF for '__arm64_sys_*(struct pt_regs *regs)' functions point to
actual struct.
Without this patch, the BPF verifier refuses to load a tracing prog
which accesses pt_regs.
bpf(BPF_PROG_LOAD, {prog_type=0x1a, ...}, 128) = -1 EACCES
With this patch, we can see the correct error, which saves us time
in debugging the prog.
bpf(BPF_PROG_LOAD, {prog_type=0x1a, ...}, 128) = 4
bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name=NULL, prog_fd=4}}, 128) = -1 ENOTSUPP
Signed-off-by: Kuniyuki Iwashima <kuniyu@amazon.com>
Acked-by: Andrii Nakryiko <andrii@kernel.org>
Link: https://lore.kernel.org/r/20221031215728.50389-1-kuniyu@amazon.com
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/include/asm/syscall_wrapper.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/arm64/include/asm/syscall_wrapper.h b/arch/arm64/include/asm/syscall_wrapper.h
index b383b4802a7b..d30217c21eff 100644
--- a/arch/arm64/include/asm/syscall_wrapper.h
+++ b/arch/arm64/include/asm/syscall_wrapper.h
@@ -8,7 +8,7 @@
#ifndef __ASM_SYSCALL_WRAPPER_H
#define __ASM_SYSCALL_WRAPPER_H
-struct pt_regs;
+#include <asm/ptrace.h>
#define SC_ARM64_REGS_TO_ARGS(x, ...) \
__MAP(x,__SC_ARGS \
--
2.35.1
^ permalink raw reply related [flat|nested] 217+ messages in thread
* [PATCH 5.15 050/206] nvmet: fix memory leak in nvmet_subsys_attr_model_store_locked
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (48 preceding siblings ...)
2022-11-30 18:21 ` [PATCH 5.15 049/206] arm64/syscall: Include asm/ptrace.h in syscall_wrapper header Greg Kroah-Hartman
@ 2022-11-30 18:21 ` Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 5.15 051/206] Revert "drm/amdgpu: Revert "drm/amdgpu: getting fan speed pwm for vega10 properly"" Greg Kroah-Hartman
` (164 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:21 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Konstantin Shelekhin,
Dmitriy Bogdanov, Aleksandr Miloserdov, Sagi Grimberg,
Christoph Hellwig, Sasha Levin
From: Aleksandr Miloserdov <a.miloserdov@yadro.com>
[ Upstream commit becc4cac309dc867571f0080fde4426a6c2222e0 ]
Since model_number is allocated before it needs to be freed before
kmemdump_nul.
Reviewed-by: Konstantin Shelekhin <k.shelekhin@yadro.com>
Reviewed-by: Dmitriy Bogdanov <d.bogdanov@yadro.com>
Signed-off-by: Aleksandr Miloserdov <a.miloserdov@yadro.com>
Reviewed-by: Sagi Grimberg <sagi@grimberg.me>
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/nvme/target/configfs.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/drivers/nvme/target/configfs.c b/drivers/nvme/target/configfs.c
index cea30e4f5053..625038057a76 100644
--- a/drivers/nvme/target/configfs.c
+++ b/drivers/nvme/target/configfs.c
@@ -1189,6 +1189,7 @@ static ssize_t nvmet_subsys_attr_model_store_locked(struct nvmet_subsys *subsys,
const char *page, size_t count)
{
int pos = 0, len;
+ char *val;
if (subsys->subsys_discovered) {
pr_err("Can't set model number. %s is already assigned\n",
@@ -1211,9 +1212,11 @@ static ssize_t nvmet_subsys_attr_model_store_locked(struct nvmet_subsys *subsys,
return -EINVAL;
}
- subsys->model_number = kmemdup_nul(page, len, GFP_KERNEL);
- if (!subsys->model_number)
+ val = kmemdup_nul(page, len, GFP_KERNEL);
+ if (!val)
return -ENOMEM;
+ kfree(subsys->model_number);
+ subsys->model_number = val;
return count;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 217+ messages in thread
* [PATCH 5.15 051/206] Revert "drm/amdgpu: Revert "drm/amdgpu: getting fan speed pwm for vega10 properly""
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (49 preceding siblings ...)
2022-11-30 18:21 ` [PATCH 5.15 050/206] nvmet: fix memory leak in nvmet_subsys_attr_model_store_locked Greg Kroah-Hartman
@ 2022-11-30 18:21 ` Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 5.15 052/206] ALSA: usb-audio: add quirk to fix Hamedal C20 disconnect issue Greg Kroah-Hartman
` (163 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:21 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Asher Song, Guchun Chen,
Alex Deucher, Sasha Levin
From: Asher Song <Asher.Song@amd.com>
[ Upstream commit 30b8e7b8ee3be003e0df85c857c5cd0e0bd58b82 ]
This reverts commit 4545ae2ed3f2f7c3f615a53399c9c8460ee5bca7.
The origin patch "drm/amdgpu: getting fan speed pwm for vega10 properly" works fine.
Test failure is caused by test case self.
Signed-off-by: Asher Song <Asher.Song@amd.com>
Reviewed-by: Guchun Chen <guchun.chen@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
.../amd/pm/powerplay/hwmgr/vega10_thermal.c | 25 +++++++++----------
1 file changed, 12 insertions(+), 13 deletions(-)
diff --git a/drivers/gpu/drm/amd/pm/powerplay/hwmgr/vega10_thermal.c b/drivers/gpu/drm/amd/pm/powerplay/hwmgr/vega10_thermal.c
index dad3e3741a4e..190af79f3236 100644
--- a/drivers/gpu/drm/amd/pm/powerplay/hwmgr/vega10_thermal.c
+++ b/drivers/gpu/drm/amd/pm/powerplay/hwmgr/vega10_thermal.c
@@ -67,22 +67,21 @@ int vega10_fan_ctrl_get_fan_speed_info(struct pp_hwmgr *hwmgr,
int vega10_fan_ctrl_get_fan_speed_pwm(struct pp_hwmgr *hwmgr,
uint32_t *speed)
{
- uint32_t current_rpm;
- uint32_t percent = 0;
-
- if (hwmgr->thermal_controller.fanInfo.bNoFan)
- return 0;
+ struct amdgpu_device *adev = hwmgr->adev;
+ uint32_t duty100, duty;
+ uint64_t tmp64;
- if (vega10_get_current_rpm(hwmgr, ¤t_rpm))
- return -1;
+ duty100 = REG_GET_FIELD(RREG32_SOC15(THM, 0, mmCG_FDO_CTRL1),
+ CG_FDO_CTRL1, FMAX_DUTY100);
+ duty = REG_GET_FIELD(RREG32_SOC15(THM, 0, mmCG_THERMAL_STATUS),
+ CG_THERMAL_STATUS, FDO_PWM_DUTY);
- if (hwmgr->thermal_controller.
- advanceFanControlParameters.usMaxFanRPM != 0)
- percent = current_rpm * 255 /
- hwmgr->thermal_controller.
- advanceFanControlParameters.usMaxFanRPM;
+ if (!duty100)
+ return -EINVAL;
- *speed = MIN(percent, 255);
+ tmp64 = (uint64_t)duty * 255;
+ do_div(tmp64, duty100);
+ *speed = MIN((uint32_t)tmp64, 255);
return 0;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 217+ messages in thread
* [PATCH 5.15 052/206] ALSA: usb-audio: add quirk to fix Hamedal C20 disconnect issue
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (50 preceding siblings ...)
2022-11-30 18:21 ` [PATCH 5.15 051/206] Revert "drm/amdgpu: Revert "drm/amdgpu: getting fan speed pwm for vega10 properly"" Greg Kroah-Hartman
@ 2022-11-30 18:21 ` Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 5.15 053/206] RISC-V: vdso: Do not add missing symbols to version section in linker script Greg Kroah-Hartman
` (162 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:21 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Ai Chao, Takashi Iwai, Sasha Levin
From: Ai Chao <aichao@kylinos.cn>
[ Upstream commit bf990c10231937c0f51e5da5558e08cf5adc6a78 ]
For Hamedal C20, the current rate is different from the runtime rate,
snd_usb_endpoint stop and close endpoint to resetting rate.
if snd_usb_endpoint close the endpoint, sometimes usb will
disconnect the device.
Signed-off-by: Ai Chao <aichao@kylinos.cn>
Link: https://lore.kernel.org/r/20221110063452.295110-1-aichao@kylinos.cn
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/usb/endpoint.c | 3 ++-
sound/usb/quirks.c | 2 ++
sound/usb/usbaudio.h | 3 +++
3 files changed, 7 insertions(+), 1 deletion(-)
diff --git a/sound/usb/endpoint.c b/sound/usb/endpoint.c
index 3bbc227769d0..092350eb5f4e 100644
--- a/sound/usb/endpoint.c
+++ b/sound/usb/endpoint.c
@@ -887,7 +887,8 @@ void snd_usb_endpoint_close(struct snd_usb_audio *chip,
usb_audio_dbg(chip, "Closing EP 0x%x (count %d)\n",
ep->ep_num, ep->opened);
- if (!--ep->iface_ref->opened)
+ if (!--ep->iface_ref->opened &&
+ !(chip->quirk_flags & QUIRK_FLAG_IFACE_SKIP_CLOSE))
endpoint_set_interface(chip, ep, false);
if (!--ep->opened) {
diff --git a/sound/usb/quirks.c b/sound/usb/quirks.c
index 879d8b1f301c..2ae9ad993ff4 100644
--- a/sound/usb/quirks.c
+++ b/sound/usb/quirks.c
@@ -1884,6 +1884,8 @@ static const struct usb_audio_quirk_flags_table quirk_flags_table[] = {
QUIRK_FLAG_GENERIC_IMPLICIT_FB),
DEVICE_FLG(0x2b53, 0x0031, /* Fiero SC-01 (firmware v1.1.0) */
QUIRK_FLAG_GENERIC_IMPLICIT_FB),
+ DEVICE_FLG(0x0525, 0xa4ad, /* Hamedal C20 usb camero */
+ QUIRK_FLAG_IFACE_SKIP_CLOSE),
/* Vendor matches */
VENDOR_FLG(0x045e, /* MS Lifecam */
diff --git a/sound/usb/usbaudio.h b/sound/usb/usbaudio.h
index 39c3c61a7e49..ec06f441e890 100644
--- a/sound/usb/usbaudio.h
+++ b/sound/usb/usbaudio.h
@@ -169,6 +169,8 @@ extern bool snd_usb_skip_validation;
* Apply the generic implicit feedback sync mode (same as implicit_fb=1 option)
* QUIRK_FLAG_SKIP_IMPLICIT_FB
* Don't apply implicit feedback sync mode
+ * QUIRK_FLAG_IFACE_SKIP_CLOSE
+ * Don't closed interface during setting sample rate
*/
#define QUIRK_FLAG_GET_SAMPLE_RATE (1U << 0)
@@ -190,5 +192,6 @@ extern bool snd_usb_skip_validation;
#define QUIRK_FLAG_SET_IFACE_FIRST (1U << 16)
#define QUIRK_FLAG_GENERIC_IMPLICIT_FB (1U << 17)
#define QUIRK_FLAG_SKIP_IMPLICIT_FB (1U << 18)
+#define QUIRK_FLAG_IFACE_SKIP_CLOSE (1U << 19)
#endif /* __USBAUDIO_H */
--
2.35.1
^ permalink raw reply related [flat|nested] 217+ messages in thread
* [PATCH 5.15 053/206] RISC-V: vdso: Do not add missing symbols to version section in linker script
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (51 preceding siblings ...)
2022-11-30 18:21 ` [PATCH 5.15 052/206] ALSA: usb-audio: add quirk to fix Hamedal C20 disconnect issue Greg Kroah-Hartman
@ 2022-11-30 18:21 ` Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 5.15 054/206] MIPS: pic32: treat port as signed integer Greg Kroah-Hartman
` (161 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:21 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Nathan Chancellor, Conor Dooley,
Palmer Dabbelt, Sasha Levin
From: Nathan Chancellor <nathan@kernel.org>
[ Upstream commit fcae44fd36d052e956e69a64642fc03820968d78 ]
Recently, ld.lld moved from '--undefined-version' to
'--no-undefined-version' as the default, which breaks the compat vDSO
build:
ld.lld: error: version script assignment of 'LINUX_4.15' to symbol '__vdso_gettimeofday' failed: symbol not defined
ld.lld: error: version script assignment of 'LINUX_4.15' to symbol '__vdso_clock_gettime' failed: symbol not defined
ld.lld: error: version script assignment of 'LINUX_4.15' to symbol '__vdso_clock_getres' failed: symbol not defined
These symbols are not present in the compat vDSO or the regular vDSO for
32-bit but they are unconditionally included in the version section of
the linker script, which is prohibited with '--no-undefined-version'.
Fix this issue by only including the symbols that are actually exported
in the version section of the linker script.
Link: https://github.com/ClangBuiltLinux/linux/issues/1756
Signed-off-by: Nathan Chancellor <nathan@kernel.org>
Tested-by: Conor Dooley <conor.dooley@microchip.com>
Link: https://lore.kernel.org/r/20221108171324.3377226-1-nathan@kernel.org/
Signed-off-by: Palmer Dabbelt <palmer@rivosinc.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/riscv/kernel/vdso/Makefile | 3 +++
arch/riscv/kernel/vdso/vdso.lds.S | 2 ++
2 files changed, 5 insertions(+)
diff --git a/arch/riscv/kernel/vdso/Makefile b/arch/riscv/kernel/vdso/Makefile
index 84ac0fe612e7..db6548509bb3 100644
--- a/arch/riscv/kernel/vdso/Makefile
+++ b/arch/riscv/kernel/vdso/Makefile
@@ -28,6 +28,9 @@ obj-vdso := $(addprefix $(obj)/, $(obj-vdso))
obj-y += vdso.o
CPPFLAGS_vdso.lds += -P -C -U$(ARCH)
+ifneq ($(filter vgettimeofday, $(vdso-syms)),)
+CPPFLAGS_vdso.lds += -DHAS_VGETTIMEOFDAY
+endif
# Disable -pg to prevent insert call site
CFLAGS_REMOVE_vgettimeofday.o = $(CC_FLAGS_FTRACE)
diff --git a/arch/riscv/kernel/vdso/vdso.lds.S b/arch/riscv/kernel/vdso/vdso.lds.S
index e9111f700af0..3729cb28aac8 100644
--- a/arch/riscv/kernel/vdso/vdso.lds.S
+++ b/arch/riscv/kernel/vdso/vdso.lds.S
@@ -65,9 +65,11 @@ VERSION
LINUX_4.15 {
global:
__vdso_rt_sigreturn;
+#ifdef HAS_VGETTIMEOFDAY
__vdso_gettimeofday;
__vdso_clock_gettime;
__vdso_clock_getres;
+#endif
__vdso_getcpu;
__vdso_flush_icache;
local: *;
--
2.35.1
^ permalink raw reply related [flat|nested] 217+ messages in thread
* [PATCH 5.15 054/206] MIPS: pic32: treat port as signed integer
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (52 preceding siblings ...)
2022-11-30 18:21 ` [PATCH 5.15 053/206] RISC-V: vdso: Do not add missing symbols to version section in linker script Greg Kroah-Hartman
@ 2022-11-30 18:21 ` Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 5.15 055/206] xfrm: fix "disable_policy" on ipv4 early demux Greg Kroah-Hartman
` (160 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:21 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Thomas Bogendoerfer,
Jason A. Donenfeld, Sasha Levin
From: Jason A. Donenfeld <Jason@zx2c4.com>
[ Upstream commit 648060902aa302331b5d6e4f26d8ee0761d239ab ]
get_port_from_cmdline() returns an int, yet is assigned to a char, which
is wrong in its own right, but also, with char becoming unsigned, this
poses problems, because -1 is used as an error value. Further
complicating things, fw_init_early_console() is only ever called with a
-1 argument. Fix this up by removing the unused argument from
fw_init_early_console() and treating port as a proper signed integer.
Cc: Thomas Bogendoerfer <tsbogend@alpha.franken.de>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: Thomas Bogendoerfer <tsbogend@alpha.franken.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/mips/include/asm/fw/fw.h | 2 +-
arch/mips/pic32/pic32mzda/early_console.c | 13 ++++++-------
arch/mips/pic32/pic32mzda/init.c | 2 +-
3 files changed, 8 insertions(+), 9 deletions(-)
diff --git a/arch/mips/include/asm/fw/fw.h b/arch/mips/include/asm/fw/fw.h
index d0ef8b4892bb..d0494ce4b337 100644
--- a/arch/mips/include/asm/fw/fw.h
+++ b/arch/mips/include/asm/fw/fw.h
@@ -26,6 +26,6 @@ extern char *fw_getcmdline(void);
extern void fw_meminit(void);
extern char *fw_getenv(char *name);
extern unsigned long fw_getenvl(char *name);
-extern void fw_init_early_console(char port);
+extern void fw_init_early_console(void);
#endif /* __ASM_FW_H_ */
diff --git a/arch/mips/pic32/pic32mzda/early_console.c b/arch/mips/pic32/pic32mzda/early_console.c
index 25372e62783b..3cd1b408fa1c 100644
--- a/arch/mips/pic32/pic32mzda/early_console.c
+++ b/arch/mips/pic32/pic32mzda/early_console.c
@@ -27,7 +27,7 @@
#define U_BRG(x) (UART_BASE(x) + 0x40)
static void __iomem *uart_base;
-static char console_port = -1;
+static int console_port = -1;
static int __init configure_uart_pins(int port)
{
@@ -47,7 +47,7 @@ static int __init configure_uart_pins(int port)
return 0;
}
-static void __init configure_uart(char port, int baud)
+static void __init configure_uart(int port, int baud)
{
u32 pbclk;
@@ -60,7 +60,7 @@ static void __init configure_uart(char port, int baud)
uart_base + PIC32_SET(U_STA(port)));
}
-static void __init setup_early_console(char port, int baud)
+static void __init setup_early_console(int port, int baud)
{
if (configure_uart_pins(port))
return;
@@ -130,16 +130,15 @@ static int __init get_baud_from_cmdline(char *arch_cmdline)
return baud;
}
-void __init fw_init_early_console(char port)
+void __init fw_init_early_console(void)
{
char *arch_cmdline = pic32_getcmdline();
- int baud = -1;
+ int baud, port;
uart_base = ioremap(PIC32_BASE_UART, 0xc00);
baud = get_baud_from_cmdline(arch_cmdline);
- if (port == -1)
- port = get_port_from_cmdline(arch_cmdline);
+ port = get_port_from_cmdline(arch_cmdline);
if (port == -1)
port = EARLY_CONSOLE_PORT;
diff --git a/arch/mips/pic32/pic32mzda/init.c b/arch/mips/pic32/pic32mzda/init.c
index 764f2d022fae..429830afff54 100644
--- a/arch/mips/pic32/pic32mzda/init.c
+++ b/arch/mips/pic32/pic32mzda/init.c
@@ -47,7 +47,7 @@ void __init plat_mem_setup(void)
strlcpy(arcs_cmdline, boot_command_line, COMMAND_LINE_SIZE);
#ifdef CONFIG_EARLY_PRINTK
- fw_init_early_console(-1);
+ fw_init_early_console();
#endif
pic32_config_init();
}
--
2.35.1
^ permalink raw reply related [flat|nested] 217+ messages in thread
* [PATCH 5.15 055/206] xfrm: fix "disable_policy" on ipv4 early demux
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (53 preceding siblings ...)
2022-11-30 18:21 ` [PATCH 5.15 054/206] MIPS: pic32: treat port as signed integer Greg Kroah-Hartman
@ 2022-11-30 18:21 ` Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 5.15 056/206] xfrm: replay: Fix ESN wrap around for GSO Greg Kroah-Hartman
` (159 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:21 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Monil Patel, Eyal Birger,
Steffen Klassert, Sasha Levin
From: Eyal Birger <eyal.birger@gmail.com>
[ Upstream commit 3a5913183aa1b14148c723bda030e6102ad73008 ]
The commit in the "Fixes" tag tried to avoid a case where policy check
is ignored due to dst caching in next hops.
However, when the traffic is locally consumed, the dst may be cached
in a local TCP or UDP socket as part of early demux. In this case the
"disable_policy" flag is not checked as ip_route_input_noref() was only
called before caching, and thus, packets after the initial packet in a
flow will be dropped if not matching policies.
Fix by checking the "disable_policy" flag also when a valid dst is
already available.
Link: https://bugzilla.kernel.org/show_bug.cgi?id=216557
Reported-by: Monil Patel <monil191989@gmail.com>
Fixes: e6175a2ed1f1 ("xfrm: fix "disable_policy" flag use when arriving from different devices")
Signed-off-by: Eyal Birger <eyal.birger@gmail.com>
----
v2: use dev instead of skb->dev
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/ipv4/ip_input.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/net/ipv4/ip_input.c b/net/ipv4/ip_input.c
index 459d7e630cb0..124bf8fdf924 100644
--- a/net/ipv4/ip_input.c
+++ b/net/ipv4/ip_input.c
@@ -364,6 +364,11 @@ static int ip_rcv_finish_core(struct net *net, struct sock *sk,
iph->tos, dev);
if (unlikely(err))
goto drop_error;
+ } else {
+ struct in_device *in_dev = __in_dev_get_rcu(dev);
+
+ if (in_dev && IN_DEV_ORCONF(in_dev, NOPOLICY))
+ IPCB(skb)->flags |= IPSKB_NOPOLICY;
}
#ifdef CONFIG_IP_ROUTE_CLASSID
--
2.35.1
^ permalink raw reply related [flat|nested] 217+ messages in thread
* [PATCH 5.15 056/206] xfrm: replay: Fix ESN wrap around for GSO
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (54 preceding siblings ...)
2022-11-30 18:21 ` [PATCH 5.15 055/206] xfrm: fix "disable_policy" on ipv4 early demux Greg Kroah-Hartman
@ 2022-11-30 18:21 ` Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 5.15 057/206] af_key: Fix send_acquire race with pfkey_register Greg Kroah-Hartman
` (158 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:21 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Christian Langrock,
Steffen Klassert, Sasha Levin
From: Christian Langrock <christian.langrock@secunet.com>
[ Upstream commit 4b549ccce941798703f159b227aa28c716aa78fa ]
When using GSO it can happen that the wrong seq_hi is used for the last
packets before the wrap around. This can lead to double usage of a
sequence number. To avoid this, we should serialize this last GSO
packet.
Fixes: d7dbefc45cf5 ("xfrm: Add xfrm_replay_overflow functions for offloading")
Co-developed-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Christian Langrock <christian.langrock@secunet.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/ipv4/esp4_offload.c | 3 +++
net/ipv6/esp6_offload.c | 3 +++
net/xfrm/xfrm_device.c | 15 ++++++++++++++-
net/xfrm/xfrm_replay.c | 2 +-
4 files changed, 21 insertions(+), 2 deletions(-)
diff --git a/net/ipv4/esp4_offload.c b/net/ipv4/esp4_offload.c
index dad5d29a6a8d..2ddba1e2cf22 100644
--- a/net/ipv4/esp4_offload.c
+++ b/net/ipv4/esp4_offload.c
@@ -311,6 +311,9 @@ static int esp_xmit(struct xfrm_state *x, struct sk_buff *skb, netdev_features_
xo->seq.low += skb_shinfo(skb)->gso_segs;
}
+ if (xo->seq.low < seq)
+ xo->seq.hi++;
+
esp.seqno = cpu_to_be64(seq + ((u64)xo->seq.hi << 32));
ip_hdr(skb)->tot_len = htons(skb->len);
diff --git a/net/ipv6/esp6_offload.c b/net/ipv6/esp6_offload.c
index 302170882382..4cc19acfc369 100644
--- a/net/ipv6/esp6_offload.c
+++ b/net/ipv6/esp6_offload.c
@@ -343,6 +343,9 @@ static int esp6_xmit(struct xfrm_state *x, struct sk_buff *skb, netdev_features
xo->seq.low += skb_shinfo(skb)->gso_segs;
}
+ if (xo->seq.low < seq)
+ xo->seq.hi++;
+
esp.seqno = cpu_to_be64(xo->seq.low + ((u64)xo->seq.hi << 32));
len = skb->len - sizeof(struct ipv6hdr);
diff --git a/net/xfrm/xfrm_device.c b/net/xfrm/xfrm_device.c
index c255aac6b816..8b8e957a69c3 100644
--- a/net/xfrm/xfrm_device.c
+++ b/net/xfrm/xfrm_device.c
@@ -97,6 +97,18 @@ static void xfrm_outer_mode_prep(struct xfrm_state *x, struct sk_buff *skb)
}
}
+static inline bool xmit_xfrm_check_overflow(struct sk_buff *skb)
+{
+ struct xfrm_offload *xo = xfrm_offload(skb);
+ __u32 seq = xo->seq.low;
+
+ seq += skb_shinfo(skb)->gso_segs;
+ if (unlikely(seq < xo->seq.low))
+ return true;
+
+ return false;
+}
+
struct sk_buff *validate_xmit_xfrm(struct sk_buff *skb, netdev_features_t features, bool *again)
{
int err;
@@ -134,7 +146,8 @@ struct sk_buff *validate_xmit_xfrm(struct sk_buff *skb, netdev_features_t featur
return skb;
}
- if (skb_is_gso(skb) && unlikely(x->xso.dev != dev)) {
+ if (skb_is_gso(skb) && (unlikely(x->xso.dev != dev) ||
+ unlikely(xmit_xfrm_check_overflow(skb)))) {
struct sk_buff *segs;
/* Packet got rerouted, fixup features and segment it. */
diff --git a/net/xfrm/xfrm_replay.c b/net/xfrm/xfrm_replay.c
index 9277d81b344c..49dd788859d8 100644
--- a/net/xfrm/xfrm_replay.c
+++ b/net/xfrm/xfrm_replay.c
@@ -714,7 +714,7 @@ static int xfrm_replay_overflow_offload_esn(struct xfrm_state *x, struct sk_buff
oseq += skb_shinfo(skb)->gso_segs;
}
- if (unlikely(oseq < replay_esn->oseq)) {
+ if (unlikely(xo->seq.low < replay_esn->oseq)) {
XFRM_SKB_CB(skb)->seq.output.hi = ++oseq_hi;
xo->seq.hi = oseq_hi;
replay_esn->oseq_hi = oseq_hi;
--
2.35.1
^ permalink raw reply related [flat|nested] 217+ messages in thread
* [PATCH 5.15 057/206] af_key: Fix send_acquire race with pfkey_register
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (55 preceding siblings ...)
2022-11-30 18:21 ` [PATCH 5.15 056/206] xfrm: replay: Fix ESN wrap around for GSO Greg Kroah-Hartman
@ 2022-11-30 18:21 ` Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 5.15 058/206] ARM: dts: am335x-pcm-953: Define fixed regulators in root node Greg Kroah-Hartman
` (157 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:21 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, syzbot+1e9af9185d8850e2c2fa,
Herbert Xu, Sabrina Dubroca, Eric Dumazet, Steffen Klassert,
Sasha Levin
From: Herbert Xu <herbert@gondor.apana.org.au>
[ Upstream commit 7f57f8165cb6d2c206e2b9ada53b9e2d6d8af42f ]
The function pfkey_send_acquire may race with pfkey_register
(which could even be in a different name space). This may result
in a buffer overrun.
Allocating the maximum amount of memory that could be used prevents
this.
Reported-by: syzbot+1e9af9185d8850e2c2fa@syzkaller.appspotmail.com
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Reviewed-by: Sabrina Dubroca <sd@queasysnail.net>
Reviewed-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/key/af_key.c | 32 ++++++++++++++++++++++----------
1 file changed, 22 insertions(+), 10 deletions(-)
diff --git a/net/key/af_key.c b/net/key/af_key.c
index 53cca9019158..a654bd4bc437 100644
--- a/net/key/af_key.c
+++ b/net/key/af_key.c
@@ -2905,7 +2905,7 @@ static int count_ah_combs(const struct xfrm_tmpl *t)
break;
if (!aalg->pfkey_supported)
continue;
- if (aalg_tmpl_set(t, aalg) && aalg->available)
+ if (aalg_tmpl_set(t, aalg))
sz += sizeof(struct sadb_comb);
}
return sz + sizeof(struct sadb_prop);
@@ -2923,7 +2923,7 @@ static int count_esp_combs(const struct xfrm_tmpl *t)
if (!ealg->pfkey_supported)
continue;
- if (!(ealg_tmpl_set(t, ealg) && ealg->available))
+ if (!(ealg_tmpl_set(t, ealg)))
continue;
for (k = 1; ; k++) {
@@ -2934,16 +2934,17 @@ static int count_esp_combs(const struct xfrm_tmpl *t)
if (!aalg->pfkey_supported)
continue;
- if (aalg_tmpl_set(t, aalg) && aalg->available)
+ if (aalg_tmpl_set(t, aalg))
sz += sizeof(struct sadb_comb);
}
}
return sz + sizeof(struct sadb_prop);
}
-static void dump_ah_combs(struct sk_buff *skb, const struct xfrm_tmpl *t)
+static int dump_ah_combs(struct sk_buff *skb, const struct xfrm_tmpl *t)
{
struct sadb_prop *p;
+ int sz = 0;
int i;
p = skb_put(skb, sizeof(struct sadb_prop));
@@ -2971,13 +2972,17 @@ static void dump_ah_combs(struct sk_buff *skb, const struct xfrm_tmpl *t)
c->sadb_comb_soft_addtime = 20*60*60;
c->sadb_comb_hard_usetime = 8*60*60;
c->sadb_comb_soft_usetime = 7*60*60;
+ sz += sizeof(*c);
}
}
+
+ return sz + sizeof(*p);
}
-static void dump_esp_combs(struct sk_buff *skb, const struct xfrm_tmpl *t)
+static int dump_esp_combs(struct sk_buff *skb, const struct xfrm_tmpl *t)
{
struct sadb_prop *p;
+ int sz = 0;
int i, k;
p = skb_put(skb, sizeof(struct sadb_prop));
@@ -3019,8 +3024,11 @@ static void dump_esp_combs(struct sk_buff *skb, const struct xfrm_tmpl *t)
c->sadb_comb_soft_addtime = 20*60*60;
c->sadb_comb_hard_usetime = 8*60*60;
c->sadb_comb_soft_usetime = 7*60*60;
+ sz += sizeof(*c);
}
}
+
+ return sz + sizeof(*p);
}
static int key_notify_policy_expire(struct xfrm_policy *xp, const struct km_event *c)
@@ -3150,6 +3158,7 @@ static int pfkey_send_acquire(struct xfrm_state *x, struct xfrm_tmpl *t, struct
struct sadb_x_sec_ctx *sec_ctx;
struct xfrm_sec_ctx *xfrm_ctx;
int ctx_size = 0;
+ int alg_size = 0;
sockaddr_size = pfkey_sockaddr_size(x->props.family);
if (!sockaddr_size)
@@ -3161,16 +3170,16 @@ static int pfkey_send_acquire(struct xfrm_state *x, struct xfrm_tmpl *t, struct
sizeof(struct sadb_x_policy);
if (x->id.proto == IPPROTO_AH)
- size += count_ah_combs(t);
+ alg_size = count_ah_combs(t);
else if (x->id.proto == IPPROTO_ESP)
- size += count_esp_combs(t);
+ alg_size = count_esp_combs(t);
if ((xfrm_ctx = x->security)) {
ctx_size = PFKEY_ALIGN8(xfrm_ctx->ctx_len);
size += sizeof(struct sadb_x_sec_ctx) + ctx_size;
}
- skb = alloc_skb(size + 16, GFP_ATOMIC);
+ skb = alloc_skb(size + alg_size + 16, GFP_ATOMIC);
if (skb == NULL)
return -ENOMEM;
@@ -3224,10 +3233,13 @@ static int pfkey_send_acquire(struct xfrm_state *x, struct xfrm_tmpl *t, struct
pol->sadb_x_policy_priority = xp->priority;
/* Set sadb_comb's. */
+ alg_size = 0;
if (x->id.proto == IPPROTO_AH)
- dump_ah_combs(skb, t);
+ alg_size = dump_ah_combs(skb, t);
else if (x->id.proto == IPPROTO_ESP)
- dump_esp_combs(skb, t);
+ alg_size = dump_esp_combs(skb, t);
+
+ hdr->sadb_msg_len += alg_size / 8;
/* security context */
if (xfrm_ctx) {
--
2.35.1
^ permalink raw reply related [flat|nested] 217+ messages in thread
* [PATCH 5.15 058/206] ARM: dts: am335x-pcm-953: Define fixed regulators in root node
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (56 preceding siblings ...)
2022-11-30 18:21 ` [PATCH 5.15 057/206] af_key: Fix send_acquire race with pfkey_register Greg Kroah-Hartman
@ 2022-11-30 18:21 ` Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 5.15 059/206] ASoC: hdac_hda: fix hda pcm buffer overflow issue Greg Kroah-Hartman
` (156 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:21 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Dominik Haller, Tony Lindgren, Sasha Levin
From: Dominik Haller <d.haller@phytec.de>
[ Upstream commit 8950f345a67d8046d2472dd6ea81fa18ef5b4844 ]
Remove the regulators node and define fixed regulators in the root node.
Prevents the sdhci-omap driver from waiting in probe deferral forever
because of the missing vmmc-supply and keeps am335x-pcm-953 consistent with
the other Phytec AM335 boards.
Fixes: bb07a829ec38 ("ARM: dts: Add support for phyCORE-AM335x PCM-953 carrier board")
Signed-off-by: Dominik Haller <d.haller@phytec.de>
Message-Id: <20221011143115.248003-1-d.haller@phytec.de>
Signed-off-by: Tony Lindgren <tony@atomide.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/boot/dts/am335x-pcm-953.dtsi | 28 +++++++++++++--------------
1 file changed, 13 insertions(+), 15 deletions(-)
diff --git a/arch/arm/boot/dts/am335x-pcm-953.dtsi b/arch/arm/boot/dts/am335x-pcm-953.dtsi
index 124026fa0d09..f207499461b3 100644
--- a/arch/arm/boot/dts/am335x-pcm-953.dtsi
+++ b/arch/arm/boot/dts/am335x-pcm-953.dtsi
@@ -12,22 +12,20 @@ / {
compatible = "phytec,am335x-pcm-953", "phytec,am335x-phycore-som", "ti,am33xx";
/* Power */
- regulators {
- vcc3v3: fixedregulator@1 {
- compatible = "regulator-fixed";
- regulator-name = "vcc3v3";
- regulator-min-microvolt = <3300000>;
- regulator-max-microvolt = <3300000>;
- regulator-boot-on;
- };
+ vcc3v3: fixedregulator1 {
+ compatible = "regulator-fixed";
+ regulator-name = "vcc3v3";
+ regulator-min-microvolt = <3300000>;
+ regulator-max-microvolt = <3300000>;
+ regulator-boot-on;
+ };
- vcc1v8: fixedregulator@2 {
- compatible = "regulator-fixed";
- regulator-name = "vcc1v8";
- regulator-min-microvolt = <1800000>;
- regulator-max-microvolt = <1800000>;
- regulator-boot-on;
- };
+ vcc1v8: fixedregulator2 {
+ compatible = "regulator-fixed";
+ regulator-name = "vcc1v8";
+ regulator-min-microvolt = <1800000>;
+ regulator-max-microvolt = <1800000>;
+ regulator-boot-on;
};
/* User IO */
--
2.35.1
^ permalink raw reply related [flat|nested] 217+ messages in thread
* [PATCH 5.15 059/206] ASoC: hdac_hda: fix hda pcm buffer overflow issue
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (57 preceding siblings ...)
2022-11-30 18:21 ` [PATCH 5.15 058/206] ARM: dts: am335x-pcm-953: Define fixed regulators in root node Greg Kroah-Hartman
@ 2022-11-30 18:21 ` Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 5.15 060/206] ASoC: sgtl5000: Reset the CHIP_CLK_CTRL reg on remove Greg Kroah-Hartman
` (155 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:21 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Kai Vehmanen, Pierre-Louis Bossart,
Junxiao Chang, Furong Zhou, Mark Brown, Sasha Levin
From: Junxiao Chang <junxiao.chang@intel.com>
[ Upstream commit 37882100cd0629d830db430a8cee0b724fe1fea3 ]
When KASAN is enabled, below log might be dumped with Intel EHL hardware:
[ 48.583597] ==================================================================
[ 48.585921] BUG: KASAN: slab-out-of-bounds in hdac_hda_dai_hw_params+0x20a/0x22b [snd_soc_hdac_hda]
[ 48.587995] Write of size 4 at addr ffff888103489708 by task pulseaudio/759
[ 48.589237] CPU: 2 PID: 759 Comm: pulseaudio Tainted: G U E 5.15.71-intel-ese-standard-lts #9
[ 48.591272] Hardware name: Intel Corporation Elkhart Lake Embedded Platform/ElkhartLake LPDDR4x T3 CRB, BIOS EHLSFWI1.R00.4251.A01.2206130432 06/13/2022
[ 48.593010] Call Trace:
[ 48.593648] <TASK>
[ 48.593852] dump_stack_lvl+0x34/0x48
[ 48.594404] print_address_description.constprop.0+0x1f/0x140
[ 48.595174] ? hdac_hda_dai_hw_params+0x20a/0x22b [snd_soc_hdac_hda]
[ 48.595868] ? hdac_hda_dai_hw_params+0x20a/0x22b [snd_soc_hdac_hda]
[ 48.596519] kasan_report.cold+0x7f/0x11b
[ 48.597003] ? hdac_hda_dai_hw_params+0x20a/0x22b [snd_soc_hdac_hda]
[ 48.597885] hdac_hda_dai_hw_params+0x20a/0x22b [snd_soc_hdac_hda]
HDAC_LAST_DAI_ID is last index id, pcm buffer array size should
be +1 to avoid out of bound access.
Fixes: 608b8c36c371 ("ASoC: hdac_hda: add support for HDMI/DP as a HDA codec")
Reviewed-by: Kai Vehmanen <kai.vehmanen@linux.intel.com>
Reviewed-by: Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
Signed-off-by: Junxiao Chang <junxiao.chang@intel.com>
Signed-off-by: Furong Zhou <furong.zhou@intel.com>
Link: https://lore.kernel.org/r/20221109234023.3111035-1-junxiao.chang@intel.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/codecs/hdac_hda.h | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/sound/soc/codecs/hdac_hda.h b/sound/soc/codecs/hdac_hda.h
index d0efc5e254ae..da0ed74758b0 100644
--- a/sound/soc/codecs/hdac_hda.h
+++ b/sound/soc/codecs/hdac_hda.h
@@ -14,7 +14,7 @@ enum {
HDAC_HDMI_1_DAI_ID,
HDAC_HDMI_2_DAI_ID,
HDAC_HDMI_3_DAI_ID,
- HDAC_LAST_DAI_ID = HDAC_HDMI_3_DAI_ID,
+ HDAC_DAI_ID_NUM
};
struct hdac_hda_pcm {
@@ -24,7 +24,7 @@ struct hdac_hda_pcm {
struct hdac_hda_priv {
struct hda_codec codec;
- struct hdac_hda_pcm pcm[HDAC_LAST_DAI_ID];
+ struct hdac_hda_pcm pcm[HDAC_DAI_ID_NUM];
bool need_display_power;
};
--
2.35.1
^ permalink raw reply related [flat|nested] 217+ messages in thread
* [PATCH 5.15 060/206] ASoC: sgtl5000: Reset the CHIP_CLK_CTRL reg on remove
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (58 preceding siblings ...)
2022-11-30 18:21 ` [PATCH 5.15 059/206] ASoC: hdac_hda: fix hda pcm buffer overflow issue Greg Kroah-Hartman
@ 2022-11-30 18:21 ` Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 5.15 061/206] ASoC: soc-pcm: Dont zero TDM masks in __soc_pcm_open() Greg Kroah-Hartman
` (154 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:21 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Detlev Casanova, Fabio Estevam,
Mark Brown, Sasha Levin
From: Detlev Casanova <detlev.casanova@collabora.com>
[ Upstream commit 0bb8e9b36b5b7f2e77892981ff6c27ee831d8026 ]
Since commit bf2aebccddef ("ASoC: sgtl5000: Fix noise on shutdown/remove"),
the device power control registers are reset when the driver is
removed/shutdown.
This is an issue when the device is configured to use the PLL clock. The
device will stop responding if it is still configured to use the PLL
clock but the PLL clock is powered down.
When rebooting linux, the probe function will show:
sgtl5000 0-000a: Error reading chip id -11
Make sure that the CHIP_CLK_CTRL is reset to its default value before
powering down the device.
Fixes: bf2aebccddef ("ASoC: sgtl5000: Fix noise on shutdown/remove")
Signed-off-by: Detlev Casanova <detlev.casanova@collabora.com>
Reviewed-by: Fabio Estevam <festevam@gmail.com>
Link: https://lore.kernel.org/r/20221110190612.1341469-1-detlev.casanova@collabora.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/codecs/sgtl5000.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/sound/soc/codecs/sgtl5000.c b/sound/soc/codecs/sgtl5000.c
index dc56e6c6b668..3c5a4fe2fad6 100644
--- a/sound/soc/codecs/sgtl5000.c
+++ b/sound/soc/codecs/sgtl5000.c
@@ -1797,6 +1797,7 @@ static int sgtl5000_i2c_remove(struct i2c_client *client)
{
struct sgtl5000_priv *sgtl5000 = i2c_get_clientdata(client);
+ regmap_write(sgtl5000->regmap, SGTL5000_CHIP_CLK_CTRL, SGTL5000_CHIP_CLK_CTRL_DEFAULT);
regmap_write(sgtl5000->regmap, SGTL5000_CHIP_DIG_POWER, SGTL5000_DIG_POWER_DEFAULT);
regmap_write(sgtl5000->regmap, SGTL5000_CHIP_ANA_POWER, SGTL5000_ANA_POWER_DEFAULT);
--
2.35.1
^ permalink raw reply related [flat|nested] 217+ messages in thread
* [PATCH 5.15 061/206] ASoC: soc-pcm: Dont zero TDM masks in __soc_pcm_open()
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (59 preceding siblings ...)
2022-11-30 18:21 ` [PATCH 5.15 060/206] ASoC: sgtl5000: Reset the CHIP_CLK_CTRL reg on remove Greg Kroah-Hartman
@ 2022-11-30 18:21 ` Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 5.15 062/206] x86/hyperv: Restore VP assist page after cpu offlining/onlining Greg Kroah-Hartman
` (153 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:21 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Richard Fitzgerald, Mark Brown, Sasha Levin
From: Richard Fitzgerald <rf@opensource.cirrus.com>
[ Upstream commit 39bd801d6908900e9ab0cdc2655150f95ddd4f1a ]
The DAI tx_mask and rx_mask are set by snd_soc_dai_set_tdm_slot()
and used by later code that depends on the TDM settings. So
__soc_pcm_open() should not be obliterating those mask values.
The code in __soc_pcm_hw_params() uses these masks to calculate the
active channels so that only the AIF_IN/AIF_OUT widgets for the
active TDM slots are enabled. The zeroing of the masks in
__soc_pcm_open() disables this functionality so all AIF widgets
were enabled even for channels that are not assigned to a TDM slot.
Signed-off-by: Richard Fitzgerald <rf@opensource.cirrus.com>
Fixes: 2e5894d73789 ("ASoC: pcm: Add support for DAI multicodec")
Link: https://lore.kernel.org/r/20221104132213.121847-1-rf@opensource.cirrus.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/soc-pcm.c | 5 -----
1 file changed, 5 deletions(-)
diff --git a/sound/soc/soc-pcm.c b/sound/soc/soc-pcm.c
index 48f71bb81a2f..f6dc71e8ea87 100644
--- a/sound/soc/soc-pcm.c
+++ b/sound/soc/soc-pcm.c
@@ -759,11 +759,6 @@ static int soc_pcm_open(struct snd_pcm_substream *substream)
ret = snd_soc_dai_startup(dai, substream);
if (ret < 0)
goto err;
-
- if (substream->stream == SNDRV_PCM_STREAM_PLAYBACK)
- dai->tx_mask = 0;
- else
- dai->rx_mask = 0;
}
/* Dynamic PCM DAI links compat checks use dynamic capabilities */
--
2.35.1
^ permalink raw reply related [flat|nested] 217+ messages in thread
* [PATCH 5.15 062/206] x86/hyperv: Restore VP assist page after cpu offlining/onlining
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (60 preceding siblings ...)
2022-11-30 18:21 ` [PATCH 5.15 061/206] ASoC: soc-pcm: Dont zero TDM masks in __soc_pcm_open() Greg Kroah-Hartman
@ 2022-11-30 18:21 ` Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 5.15 063/206] scsi: storvsc: Fix handling of srb_status and capacity change events Greg Kroah-Hartman
` (152 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:21 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Vitaly Kuznetsov, Michael Kelley,
Wei Liu, Sasha Levin
From: Vitaly Kuznetsov <vkuznets@redhat.com>
[ Upstream commit ee6815416380bc069b7dcbdff0682d4c53617527 ]
Commit e5d9b714fe40 ("x86/hyperv: fix root partition faults when writing
to VP assist page MSR") moved 'wrmsrl(HV_X64_MSR_VP_ASSIST_PAGE)' under
'if (*hvp)' condition. This works for root partition as hv_cpu_die()
does memunmap() and sets 'hv_vp_assist_page[cpu]' to NULL but breaks
non-root partitions as hv_cpu_die() doesn't free 'hv_vp_assist_page[cpu]'
for them. This causes VP assist page to remain unset after CPU
offline/online cycle:
$ rdmsr -p 24 0x40000073
10212f001
$ echo 0 > /sys/devices/system/cpu/cpu24/online
$ echo 1 > /sys/devices/system/cpu/cpu24/online
$ rdmsr -p 24 0x40000073
0
Fix the issue by always writing to HV_X64_MSR_VP_ASSIST_PAGE in
hv_cpu_init(). Note, checking 'if (!*hvp)', for root partition is
pointless as hv_cpu_die() always sets 'hv_vp_assist_page[cpu]' to
NULL (and it's also NULL initially).
Note: the fact that 'hv_vp_assist_page[cpu]' is reset to NULL may
present a (potential) issue for KVM. While Hyper-V uses
CPUHP_AP_ONLINE_DYN stage in CPU hotplug, KVM uses CPUHP_AP_KVM_STARTING
which comes earlier in CPU teardown sequence. It is theoretically
possible that Enlightened VMCS is still in use. It is unclear if the
issue is real and if using KVM with Hyper-V root partition is even
possible.
While on it, drop the unneeded smp_processor_id() call from hv_cpu_init().
Fixes: e5d9b714fe40 ("x86/hyperv: fix root partition faults when writing to VP assist page MSR")
Signed-off-by: Vitaly Kuznetsov <vkuznets@redhat.com>
Reviewed-by: Michael Kelley <mikelley@microsoft.com>
Link: https://lore.kernel.org/r/20221103190601.399343-1-vkuznets@redhat.com
Signed-off-by: Wei Liu <wei.liu@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/x86/hyperv/hv_init.c | 54 +++++++++++++++++++--------------------
1 file changed, 26 insertions(+), 28 deletions(-)
diff --git a/arch/x86/hyperv/hv_init.c b/arch/x86/hyperv/hv_init.c
index b6d48ca5b0f1..762f10cdfb7a 100644
--- a/arch/x86/hyperv/hv_init.c
+++ b/arch/x86/hyperv/hv_init.c
@@ -45,7 +45,7 @@ EXPORT_SYMBOL_GPL(hv_vp_assist_page);
static int hv_cpu_init(unsigned int cpu)
{
union hv_vp_assist_msr_contents msr = { 0 };
- struct hv_vp_assist_page **hvp = &hv_vp_assist_page[smp_processor_id()];
+ struct hv_vp_assist_page **hvp = &hv_vp_assist_page[cpu];
int ret;
ret = hv_common_cpu_init(cpu);
@@ -55,34 +55,32 @@ static int hv_cpu_init(unsigned int cpu)
if (!hv_vp_assist_page)
return 0;
- if (!*hvp) {
- if (hv_root_partition) {
- /*
- * For root partition we get the hypervisor provided VP assist
- * page, instead of allocating a new page.
- */
- rdmsrl(HV_X64_MSR_VP_ASSIST_PAGE, msr.as_uint64);
- *hvp = memremap(msr.pfn <<
- HV_X64_MSR_VP_ASSIST_PAGE_ADDRESS_SHIFT,
- PAGE_SIZE, MEMREMAP_WB);
- } else {
- /*
- * The VP assist page is an "overlay" page (see Hyper-V TLFS's
- * Section 5.2.1 "GPA Overlay Pages"). Here it must be zeroed
- * out to make sure we always write the EOI MSR in
- * hv_apic_eoi_write() *after* the EOI optimization is disabled
- * in hv_cpu_die(), otherwise a CPU may not be stopped in the
- * case of CPU offlining and the VM will hang.
- */
+ if (hv_root_partition) {
+ /*
+ * For root partition we get the hypervisor provided VP assist
+ * page, instead of allocating a new page.
+ */
+ rdmsrl(HV_X64_MSR_VP_ASSIST_PAGE, msr.as_uint64);
+ *hvp = memremap(msr.pfn << HV_X64_MSR_VP_ASSIST_PAGE_ADDRESS_SHIFT,
+ PAGE_SIZE, MEMREMAP_WB);
+ } else {
+ /*
+ * The VP assist page is an "overlay" page (see Hyper-V TLFS's
+ * Section 5.2.1 "GPA Overlay Pages"). Here it must be zeroed
+ * out to make sure we always write the EOI MSR in
+ * hv_apic_eoi_write() *after* the EOI optimization is disabled
+ * in hv_cpu_die(), otherwise a CPU may not be stopped in the
+ * case of CPU offlining and the VM will hang.
+ */
+ if (!*hvp)
*hvp = __vmalloc(PAGE_SIZE, GFP_KERNEL | __GFP_ZERO);
- if (*hvp)
- msr.pfn = vmalloc_to_pfn(*hvp);
- }
- WARN_ON(!(*hvp));
- if (*hvp) {
- msr.enable = 1;
- wrmsrl(HV_X64_MSR_VP_ASSIST_PAGE, msr.as_uint64);
- }
+ if (*hvp)
+ msr.pfn = vmalloc_to_pfn(*hvp);
+
+ }
+ if (!WARN_ON(!(*hvp))) {
+ msr.enable = 1;
+ wrmsrl(HV_X64_MSR_VP_ASSIST_PAGE, msr.as_uint64);
}
return 0;
--
2.35.1
^ permalink raw reply related [flat|nested] 217+ messages in thread
* [PATCH 5.15 063/206] scsi: storvsc: Fix handling of srb_status and capacity change events
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (61 preceding siblings ...)
2022-11-30 18:21 ` [PATCH 5.15 062/206] x86/hyperv: Restore VP assist page after cpu offlining/onlining Greg Kroah-Hartman
@ 2022-11-30 18:21 ` Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 5.15 064/206] ASoC: max98373: Add checks for devm_kcalloc Greg Kroah-Hartman
` (151 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:21 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Juan Tian, Michael Kelley, Wei Liu,
Sasha Levin
From: Michael Kelley <mikelley@microsoft.com>
[ Upstream commit b8a5376c321b4669f7ffabc708fd30c3970f3084 ]
Current handling of the srb_status is incorrect. Commit 52e1b3b3daa9
("scsi: storvsc: Correctly handle multiple flags in srb_status")
is based on srb_status being a set of flags, when in fact only the
2 high order bits are flags and the remaining 6 bits are an integer
status. Because the integer values of interest mostly look like flags,
the code actually works when treated that way.
But in the interest of correctness going forward, fix this by treating
the low 6 bits of srb_status as an integer status code. Add handling
for SRB_STATUS_INVALID_REQUEST, which was the original intent of commit
52e1b3b3daa9. Furthermore, treat the ERROR, ABORTED, and INVALID_REQUEST
srb status codes as essentially equivalent for the cases we care about.
There's no harm in doing so, and it isn't always clear which status code
current or older versions of Hyper-V report for particular conditions.
Treating the srb status codes as equivalent has the additional benefit
of ensuring that capacity change events result in an immediate rescan
so that the new size is known to Linux. Existing code checks SCSI
sense data for capacity change events when the srb status is ABORTED.
But capacity change events are also being observed when Hyper-V reports
the srb status as ERROR. Without the immediate rescan, the new size
isn't known until something else causes a rescan (such as running
fdisk to expand a partition), and in the meantime, tools such as "lsblk"
continue to report the old size.
Fixes: 52e1b3b3daa9 ("scsi: storvsc: Correctly handle multiple flags in srb_status")
Reported-by: Juan Tian <juantian@microsoft.com>
Signed-off-by: Michael Kelley <mikelley@microsoft.com>
Link: https://lore.kernel.org/r/1668019722-1983-1-git-send-email-mikelley@microsoft.com
Signed-off-by: Wei Liu <wei.liu@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/scsi/storvsc_drv.c | 69 +++++++++++++++++++-------------------
1 file changed, 34 insertions(+), 35 deletions(-)
diff --git a/drivers/scsi/storvsc_drv.c b/drivers/scsi/storvsc_drv.c
index 3d03e1ca5820..6110dfd903f7 100644
--- a/drivers/scsi/storvsc_drv.c
+++ b/drivers/scsi/storvsc_drv.c
@@ -344,16 +344,21 @@ enum storvsc_request_type {
};
/*
- * SRB status codes and masks; a subset of the codes used here.
+ * SRB status codes and masks. In the 8-bit field, the two high order bits
+ * are flags, while the remaining 6 bits are an integer status code. The
+ * definitions here include only the subset of the integer status codes that
+ * are tested for in this driver.
*/
-
#define SRB_STATUS_AUTOSENSE_VALID 0x80
#define SRB_STATUS_QUEUE_FROZEN 0x40
-#define SRB_STATUS_INVALID_LUN 0x20
-#define SRB_STATUS_SUCCESS 0x01
-#define SRB_STATUS_ABORTED 0x02
-#define SRB_STATUS_ERROR 0x04
-#define SRB_STATUS_DATA_OVERRUN 0x12
+
+/* SRB status integer codes */
+#define SRB_STATUS_SUCCESS 0x01
+#define SRB_STATUS_ABORTED 0x02
+#define SRB_STATUS_ERROR 0x04
+#define SRB_STATUS_INVALID_REQUEST 0x06
+#define SRB_STATUS_DATA_OVERRUN 0x12
+#define SRB_STATUS_INVALID_LUN 0x20
#define SRB_STATUS(status) \
(status & ~(SRB_STATUS_AUTOSENSE_VALID | SRB_STATUS_QUEUE_FROZEN))
@@ -1032,38 +1037,25 @@ static void storvsc_handle_error(struct vmscsi_request *vm_srb,
void (*process_err_fn)(struct work_struct *work);
struct hv_host_device *host_dev = shost_priv(host);
- /*
- * In some situations, Hyper-V sets multiple bits in the
- * srb_status, such as ABORTED and ERROR. So process them
- * individually, with the most specific bits first.
- */
-
- if (vm_srb->srb_status & SRB_STATUS_INVALID_LUN) {
- set_host_byte(scmnd, DID_NO_CONNECT);
- process_err_fn = storvsc_remove_lun;
- goto do_work;
- }
+ switch (SRB_STATUS(vm_srb->srb_status)) {
+ case SRB_STATUS_ERROR:
+ case SRB_STATUS_ABORTED:
+ case SRB_STATUS_INVALID_REQUEST:
+ if (vm_srb->srb_status & SRB_STATUS_AUTOSENSE_VALID) {
+ /* Check for capacity change */
+ if ((asc == 0x2a) && (ascq == 0x9)) {
+ process_err_fn = storvsc_device_scan;
+ /* Retry the I/O that triggered this. */
+ set_host_byte(scmnd, DID_REQUEUE);
+ goto do_work;
+ }
- if (vm_srb->srb_status & SRB_STATUS_ABORTED) {
- if (vm_srb->srb_status & SRB_STATUS_AUTOSENSE_VALID &&
- /* Capacity data has changed */
- (asc == 0x2a) && (ascq == 0x9)) {
- process_err_fn = storvsc_device_scan;
/*
- * Retry the I/O that triggered this.
+ * Otherwise, let upper layer deal with the
+ * error when sense message is present
*/
- set_host_byte(scmnd, DID_REQUEUE);
- goto do_work;
- }
- }
-
- if (vm_srb->srb_status & SRB_STATUS_ERROR) {
- /*
- * Let upper layer deal with error when
- * sense message is present.
- */
- if (vm_srb->srb_status & SRB_STATUS_AUTOSENSE_VALID)
return;
+ }
/*
* If there is an error; offline the device since all
@@ -1086,6 +1078,13 @@ static void storvsc_handle_error(struct vmscsi_request *vm_srb,
default:
set_host_byte(scmnd, DID_ERROR);
}
+ return;
+
+ case SRB_STATUS_INVALID_LUN:
+ set_host_byte(scmnd, DID_NO_CONNECT);
+ process_err_fn = storvsc_remove_lun;
+ goto do_work;
+
}
return;
--
2.35.1
^ permalink raw reply related [flat|nested] 217+ messages in thread
* [PATCH 5.15 064/206] ASoC: max98373: Add checks for devm_kcalloc
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (62 preceding siblings ...)
2022-11-30 18:21 ` [PATCH 5.15 063/206] scsi: storvsc: Fix handling of srb_status and capacity change events Greg Kroah-Hartman
@ 2022-11-30 18:21 ` Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 5.15 065/206] regulator: core: fix kobject release warning and memory leak in regulator_register() Greg Kroah-Hartman
` (150 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:21 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Jiasheng Jiang, Mark Brown, Sasha Levin
From: Jiasheng Jiang <jiasheng@iscas.ac.cn>
[ Upstream commit 60591bbf6d5eb44f275eb733943b7757325c1b60 ]
As the devm_kcalloc may return NULL pointer,
it should be better to check the return value
in order to avoid NULL poineter dereference.
Fixes: 349dd23931d1 ("ASoC: max98373: don't access volatile registers in bias level off")
Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>
Link: https://lore.kernel.org/r/20221116082508.17418-1-jiasheng@iscas.ac.cn
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/codecs/max98373-i2c.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/sound/soc/codecs/max98373-i2c.c b/sound/soc/codecs/max98373-i2c.c
index ddb6436835d7..68497a4521dd 100644
--- a/sound/soc/codecs/max98373-i2c.c
+++ b/sound/soc/codecs/max98373-i2c.c
@@ -551,6 +551,10 @@ static int max98373_i2c_probe(struct i2c_client *i2c,
max98373->cache = devm_kcalloc(&i2c->dev, max98373->cache_num,
sizeof(*max98373->cache),
GFP_KERNEL);
+ if (!max98373->cache) {
+ ret = -ENOMEM;
+ return ret;
+ }
for (i = 0; i < max98373->cache_num; i++)
max98373->cache[i].reg = max98373_i2c_cache_reg[i];
--
2.35.1
^ permalink raw reply related [flat|nested] 217+ messages in thread
* [PATCH 5.15 065/206] regulator: core: fix kobject release warning and memory leak in regulator_register()
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (63 preceding siblings ...)
2022-11-30 18:21 ` [PATCH 5.15 064/206] ASoC: max98373: Add checks for devm_kcalloc Greg Kroah-Hartman
@ 2022-11-30 18:21 ` Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 5.15 066/206] spi: dw-dma: decrease reference count in dw_spi_dma_init_mfld() Greg Kroah-Hartman
` (149 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:21 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Zeng Heng, Mark Brown, Sasha Levin
From: Zeng Heng <zengheng4@huawei.com>
[ Upstream commit 5f4b204b6b8153923d5be8002c5f7082985d153f ]
Here is a warning report about lack of registered release()
from kobject lib:
Device '(null)' does not have a release() function, it is broken and must be fixed.
WARNING: CPU: 0 PID: 48430 at drivers/base/core.c:2332 device_release+0x104/0x120
Call Trace:
kobject_put+0xdc/0x180
put_device+0x1b/0x30
regulator_register+0x651/0x1170
devm_regulator_register+0x4f/0xb0
When regulator_register() returns fail and directly goto `clean` symbol,
rdev->dev has not registered release() function yet (which is registered
by regulator_class in the following), so rdev needs to be freed manually.
If rdev->dev.of_node is not NULL, which means the of_node has gotten by
regulator_of_get_init_data(), it needs to call of_node_put() to avoid
refcount leak.
Otherwise, only calling put_device() would lead memory leak of rdev
in further:
unreferenced object 0xffff88810d0b1000 (size 2048):
comm "107-i2c-rtq6752", pid 48430, jiffies 4342258431 (age 1341.780s)
backtrace:
kmalloc_trace+0x22/0x110
regulator_register+0x184/0x1170
devm_regulator_register+0x4f/0xb0
When regulator_register() returns fail and goto `wash` symbol,
rdev->dev has registered release() function, so directly call
put_device() to cleanup everything.
Fixes: d3c731564e09 ("regulator: plug of_node leak in regulator_register()'s error path")
Signed-off-by: Zeng Heng <zengheng4@huawei.com>
Link: https://lore.kernel.org/r/20221116074339.1024240-1-zengheng4@huawei.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/regulator/core.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/drivers/regulator/core.c b/drivers/regulator/core.c
index aa4d78b02483..fd61c5c54a07 100644
--- a/drivers/regulator/core.c
+++ b/drivers/regulator/core.c
@@ -5549,11 +5549,15 @@ regulator_register(const struct regulator_desc *regulator_desc,
mutex_lock(®ulator_list_mutex);
regulator_ena_gpio_free(rdev);
mutex_unlock(®ulator_list_mutex);
+ put_device(&rdev->dev);
+ rdev = NULL;
clean:
if (dangling_of_gpiod)
gpiod_put(config->ena_gpiod);
+ if (rdev && rdev->dev.of_node)
+ of_node_put(rdev->dev.of_node);
+ kfree(rdev);
kfree(config);
- put_device(&rdev->dev);
rinse:
if (dangling_cfg_gpiod)
gpiod_put(cfg->ena_gpiod);
--
2.35.1
^ permalink raw reply related [flat|nested] 217+ messages in thread
* [PATCH 5.15 066/206] spi: dw-dma: decrease reference count in dw_spi_dma_init_mfld()
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (64 preceding siblings ...)
2022-11-30 18:21 ` [PATCH 5.15 065/206] regulator: core: fix kobject release warning and memory leak in regulator_register() Greg Kroah-Hartman
@ 2022-11-30 18:21 ` Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 5.15 067/206] regulator: core: fix UAF in destroy_regulator() Greg Kroah-Hartman
` (148 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:21 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Xiongfeng Wang, Serge Semin,
Mark Brown, Sasha Levin
From: Xiongfeng Wang <wangxiongfeng2@huawei.com>
[ Upstream commit 804313b64e412a81b0b3389a10e7622452004aa6 ]
pci_get_device() will increase the reference count for the returned
pci_dev. Since 'dma_dev' is only used to filter the channel in
dw_spi_dma_chan_filer() after using it we need to call pci_dev_put() to
decrease the reference count. Also add pci_dev_put() for the error case.
Fixes: 7063c0d942a1 ("spi/dw_spi: add DMA support")
Signed-off-by: Xiongfeng Wang <wangxiongfeng2@huawei.com>
Acked-by: Serge Semin <fancer.lancer@gmail.com>
Link: https://lore.kernel.org/r/20221116093204.46700-1-wangxiongfeng2@huawei.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/spi/spi-dw-dma.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/spi/spi-dw-dma.c b/drivers/spi/spi-dw-dma.c
index a09831c62192..32ac8f9068e8 100644
--- a/drivers/spi/spi-dw-dma.c
+++ b/drivers/spi/spi-dw-dma.c
@@ -127,12 +127,15 @@ static int dw_spi_dma_init_mfld(struct device *dev, struct dw_spi *dws)
dw_spi_dma_sg_burst_init(dws);
+ pci_dev_put(dma_dev);
+
return 0;
free_rxchan:
dma_release_channel(dws->rxchan);
dws->rxchan = NULL;
err_exit:
+ pci_dev_put(dma_dev);
return -EBUSY;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 217+ messages in thread
* [PATCH 5.15 067/206] regulator: core: fix UAF in destroy_regulator()
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (65 preceding siblings ...)
2022-11-30 18:21 ` [PATCH 5.15 066/206] spi: dw-dma: decrease reference count in dw_spi_dma_init_mfld() Greg Kroah-Hartman
@ 2022-11-30 18:21 ` Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 5.15 068/206] bus: sunxi-rsb: Remove the shutdown callback Greg Kroah-Hartman
` (147 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:21 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Yang Yingliang, Mark Brown, Sasha Levin
From: Yang Yingliang <yangyingliang@huawei.com>
[ Upstream commit 1f386d6894d0f1b7de8ef640c41622ddd698e7ab ]
I got a UAF report as following:
==================================================================
BUG: KASAN: use-after-free in __lock_acquire+0x935/0x2060
Read of size 8 at addr ffff88810e838220 by task python3/268
Call Trace:
<TASK>
dump_stack_lvl+0x67/0x83
print_report+0x178/0x4b0
kasan_report+0x90/0x190
__lock_acquire+0x935/0x2060
lock_acquire+0x156/0x400
_raw_spin_lock+0x2a/0x40
lockref_get+0x11/0x30
simple_recursive_removal+0x41/0x440
debugfs_remove.part.12+0x32/0x50
debugfs_remove+0x29/0x30
_regulator_put.cold.54+0x3e/0x27f
regulator_put+0x1f/0x30
release_nodes+0x6a/0xa0
devres_release_all+0xf8/0x150
Allocated by task 37:
kasan_save_stack+0x1c/0x40
kasan_set_track+0x21/0x30
__kasan_slab_alloc+0x5d/0x70
slab_post_alloc_hook+0x62/0x510
kmem_cache_alloc_lru+0x222/0x5a0
__d_alloc+0x31/0x440
d_alloc+0x30/0xf0
d_alloc_parallel+0xc4/0xd20
__lookup_slow+0x15e/0x2f0
lookup_one_len+0x13a/0x150
start_creating+0xea/0x190
debugfs_create_dir+0x1e/0x210
create_regulator+0x254/0x4e0
_regulator_get+0x2a1/0x467
_devm_regulator_get+0x5a/0xb0
regulator_virtual_probe+0xb9/0x1a0
Freed by task 30:
kasan_save_stack+0x1c/0x40
kasan_set_track+0x21/0x30
kasan_save_free_info+0x2a/0x50
__kasan_slab_free+0x102/0x190
kmem_cache_free+0xf6/0x600
rcu_core+0x54c/0x12b0
__do_softirq+0xf2/0x5e3
Last potentially related work creation:
kasan_save_stack+0x1c/0x40
__kasan_record_aux_stack+0x98/0xb0
call_rcu+0x42/0x700
dentry_free+0x6c/0xd0
__dentry_kill+0x23b/0x2d0
dput.part.31+0x431/0x780
simple_recursive_removal+0xa9/0x440
debugfs_remove.part.12+0x32/0x50
debugfs_remove+0x29/0x30
regulator_unregister+0xe3/0x230
release_nodes+0x6a/0xa0
==================================================================
Here is how happened:
processor A processor B
regulator_register()
rdev_init_debugfs()
rdev->debugfs = debugfs_create_dir()
devm_regulator_get()
rdev = regulator_dev_lookup()
create_regulator(rdev)
// using rdev->debugfs as parent
debugfs_create_dir(rdev->debugfs)
mfd_remove_devices_fn()
release_nodes()
regulator_unregister()
// free rdev->debugfs
debugfs_remove_recursive(rdev->debugfs)
release_nodes()
destroy_regulator()
debugfs_remove_recursive() <- causes UAF
In devm_regulator_get(), after getting rdev, the refcount
is get, so fix this by moving debugfs_remove_recursive()
to regulator_dev_release(), then it can be proctected by
the refcount, the 'rdev->debugfs' can not be freed until
the refcount is 0.
Fixes: 5de705194e98 ("regulator: Add basic per consumer debugfs")
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
Link: https://lore.kernel.org/r/20221116033706.3595812-1-yangyingliang@huawei.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/regulator/core.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/regulator/core.c b/drivers/regulator/core.c
index fd61c5c54a07..221ae807b379 100644
--- a/drivers/regulator/core.c
+++ b/drivers/regulator/core.c
@@ -5071,6 +5071,7 @@ static void regulator_dev_release(struct device *dev)
{
struct regulator_dev *rdev = dev_get_drvdata(dev);
+ debugfs_remove_recursive(rdev->debugfs);
kfree(rdev->constraints);
of_node_put(rdev->dev.of_node);
kfree(rdev);
@@ -5586,7 +5587,6 @@ void regulator_unregister(struct regulator_dev *rdev)
mutex_lock(®ulator_list_mutex);
- debugfs_remove_recursive(rdev->debugfs);
WARN_ON(rdev->open_count);
regulator_remove_coupling(rdev);
unset_regulator_supplies(rdev);
--
2.35.1
^ permalink raw reply related [flat|nested] 217+ messages in thread
* [PATCH 5.15 068/206] bus: sunxi-rsb: Remove the shutdown callback
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (66 preceding siblings ...)
2022-11-30 18:21 ` [PATCH 5.15 067/206] regulator: core: fix UAF in destroy_regulator() Greg Kroah-Hartman
@ 2022-11-30 18:22 ` Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 5.15 069/206] bus: sunxi-rsb: Support atomic transfers Greg Kroah-Hartman
` (146 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:22 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Ivaylo Dimitrov, Jernej Skrabec,
Samuel Holland, Sasha Levin
From: Samuel Holland <samuel@sholland.org>
[ Upstream commit 5f4696ddca4b8a0bbbc36bd46829f97aab5a4552 ]
Shutting down the RSB controller prevents communicating with a PMIC
inside pm_power_off(), since that gets called after device_shutdown(),
so it breaks system poweroff on some boards.
Reported-by: Ivaylo Dimitrov <ivo.g.dimitrov.75@gmail.com>
Tested-by: Ivaylo Dimitrov <ivo.g.dimitrov.75@gmail.com>
Acked-by: Jernej Skrabec <jernej.skrabec@gmail.com>
Fixes: 843107498f91 ("bus: sunxi-rsb: Implement suspend/resume/shutdown callbacks")
Signed-off-by: Samuel Holland <samuel@sholland.org>
Link: https://lore.kernel.org/r/20221114015749.28490-2-samuel@sholland.org
Signed-off-by: Jernej Skrabec <jernej.skrabec@gmail.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/bus/sunxi-rsb.c | 9 ---------
1 file changed, 9 deletions(-)
diff --git a/drivers/bus/sunxi-rsb.c b/drivers/bus/sunxi-rsb.c
index 60b082fe2ed0..9c209492b267 100644
--- a/drivers/bus/sunxi-rsb.c
+++ b/drivers/bus/sunxi-rsb.c
@@ -816,14 +816,6 @@ static int sunxi_rsb_remove(struct platform_device *pdev)
return 0;
}
-static void sunxi_rsb_shutdown(struct platform_device *pdev)
-{
- struct sunxi_rsb *rsb = platform_get_drvdata(pdev);
-
- pm_runtime_disable(&pdev->dev);
- sunxi_rsb_hw_exit(rsb);
-}
-
static const struct dev_pm_ops sunxi_rsb_dev_pm_ops = {
SET_RUNTIME_PM_OPS(sunxi_rsb_runtime_suspend,
sunxi_rsb_runtime_resume, NULL)
@@ -839,7 +831,6 @@ MODULE_DEVICE_TABLE(of, sunxi_rsb_of_match_table);
static struct platform_driver sunxi_rsb_driver = {
.probe = sunxi_rsb_probe,
.remove = sunxi_rsb_remove,
- .shutdown = sunxi_rsb_shutdown,
.driver = {
.name = RSB_CTRL_NAME,
.of_match_table = sunxi_rsb_of_match_table,
--
2.35.1
^ permalink raw reply related [flat|nested] 217+ messages in thread
* [PATCH 5.15 069/206] bus: sunxi-rsb: Support atomic transfers
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (67 preceding siblings ...)
2022-11-30 18:22 ` [PATCH 5.15 068/206] bus: sunxi-rsb: Remove the shutdown callback Greg Kroah-Hartman
@ 2022-11-30 18:22 ` Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 5.15 070/206] tee: optee: fix possible memory leak in optee_register_device() Greg Kroah-Hartman
` (145 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:22 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Samuel Holland, Jernej Skrabec, Sasha Levin
From: Samuel Holland <samuel@sholland.org>
[ Upstream commit 077686da0e2162c4ea5ae0df205849c2a7a84479 ]
When communicating with a PMIC during system poweroff (pm_power_off()),
IRQs are disabled and we are in a RCU read-side critical section, so we
cannot use wait_for_completion_io_timeout(). Instead, poll the status
register for transfer completion.
Fixes: d787dcdb9c8f ("bus: sunxi-rsb: Add driver for Allwinner Reduced Serial Bus")
Signed-off-by: Samuel Holland <samuel@sholland.org>
Reviewed-by: Jernej Skrabec <jernej.skrabec@gmail.com>
Link: https://lore.kernel.org/r/20221114015749.28490-3-samuel@sholland.org
Signed-off-by: Jernej Skrabec <jernej.skrabec@gmail.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/bus/sunxi-rsb.c | 29 +++++++++++++++++++++--------
1 file changed, 21 insertions(+), 8 deletions(-)
diff --git a/drivers/bus/sunxi-rsb.c b/drivers/bus/sunxi-rsb.c
index 9c209492b267..20ed77f2b949 100644
--- a/drivers/bus/sunxi-rsb.c
+++ b/drivers/bus/sunxi-rsb.c
@@ -271,6 +271,9 @@ EXPORT_SYMBOL_GPL(sunxi_rsb_driver_register);
/* common code that starts a transfer */
static int _sunxi_rsb_run_xfer(struct sunxi_rsb *rsb)
{
+ u32 int_mask, status;
+ bool timeout;
+
if (readl(rsb->regs + RSB_CTRL) & RSB_CTRL_START_TRANS) {
dev_dbg(rsb->dev, "RSB transfer still in progress\n");
return -EBUSY;
@@ -278,13 +281,23 @@ static int _sunxi_rsb_run_xfer(struct sunxi_rsb *rsb)
reinit_completion(&rsb->complete);
- writel(RSB_INTS_LOAD_BSY | RSB_INTS_TRANS_ERR | RSB_INTS_TRANS_OVER,
- rsb->regs + RSB_INTE);
+ int_mask = RSB_INTS_LOAD_BSY | RSB_INTS_TRANS_ERR | RSB_INTS_TRANS_OVER;
+ writel(int_mask, rsb->regs + RSB_INTE);
writel(RSB_CTRL_START_TRANS | RSB_CTRL_GLOBAL_INT_ENB,
rsb->regs + RSB_CTRL);
- if (!wait_for_completion_io_timeout(&rsb->complete,
- msecs_to_jiffies(100))) {
+ if (irqs_disabled()) {
+ timeout = readl_poll_timeout_atomic(rsb->regs + RSB_INTS,
+ status, (status & int_mask),
+ 10, 100000);
+ writel(status, rsb->regs + RSB_INTS);
+ } else {
+ timeout = !wait_for_completion_io_timeout(&rsb->complete,
+ msecs_to_jiffies(100));
+ status = rsb->status;
+ }
+
+ if (timeout) {
dev_dbg(rsb->dev, "RSB timeout\n");
/* abort the transfer */
@@ -296,18 +309,18 @@ static int _sunxi_rsb_run_xfer(struct sunxi_rsb *rsb)
return -ETIMEDOUT;
}
- if (rsb->status & RSB_INTS_LOAD_BSY) {
+ if (status & RSB_INTS_LOAD_BSY) {
dev_dbg(rsb->dev, "RSB busy\n");
return -EBUSY;
}
- if (rsb->status & RSB_INTS_TRANS_ERR) {
- if (rsb->status & RSB_INTS_TRANS_ERR_ACK) {
+ if (status & RSB_INTS_TRANS_ERR) {
+ if (status & RSB_INTS_TRANS_ERR_ACK) {
dev_dbg(rsb->dev, "RSB slave nack\n");
return -EINVAL;
}
- if (rsb->status & RSB_INTS_TRANS_ERR_DATA) {
+ if (status & RSB_INTS_TRANS_ERR_DATA) {
dev_dbg(rsb->dev, "RSB transfer data error\n");
return -EIO;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 217+ messages in thread
* [PATCH 5.15 070/206] tee: optee: fix possible memory leak in optee_register_device()
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (68 preceding siblings ...)
2022-11-30 18:22 ` [PATCH 5.15 069/206] bus: sunxi-rsb: Support atomic transfers Greg Kroah-Hartman
@ 2022-11-30 18:22 ` Greg Kroah-Hartman
2022-11-30 18:22 ` Greg Kroah-Hartman
` (144 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:22 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Yang Yingliang, Sumit Garg,
Jens Wiklander, Sasha Levin
From: Yang Yingliang <yangyingliang@huawei.com>
[ Upstream commit cce616e012c215d65c15e5d1afa73182dea49389 ]
If device_register() returns error in optee_register_device(),
the name allocated by dev_set_name() need be freed. As comment
of device_register() says, it should use put_device() to give
up the reference in the error path. So fix this by calling
put_device(), then the name can be freed in kobject_cleanup(),
and optee_device is freed in optee_release_device().
Fixes: c3fa24af9244 ("tee: optee: add TEE bus device enumeration support")
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
Reviewed-by: Sumit Garg <sumit.garg@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/tee/optee/device.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/tee/optee/device.c b/drivers/tee/optee/device.c
index 128a2d2a50a1..a74d82e230e3 100644
--- a/drivers/tee/optee/device.c
+++ b/drivers/tee/optee/device.c
@@ -80,7 +80,7 @@ static int optee_register_device(const uuid_t *device_uuid)
rc = device_register(&optee_device->dev);
if (rc) {
pr_err("device registration failed, err: %d\n", rc);
- kfree(optee_device);
+ put_device(&optee_device->dev);
}
return rc;
--
2.35.1
^ permalink raw reply related [flat|nested] 217+ messages in thread
* [PATCH 5.15 071/206] ARM: dts: at91: sam9g20ek: enable udc vbus gpio pinctrl
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
@ 2022-11-30 18:22 ` Greg Kroah-Hartman
2022-11-30 18:20 ` [PATCH 5.15 002/206] ASoC: fsl_asrc fsl_esai fsl_sai: allow CONFIG_PM=N Greg Kroah-Hartman
` (213 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:22 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, nicolas.ferre, ludovic.desroches,
alexandre.belloni, linux-arm-kernel, kernel, Michael Grzeschik,
Claudiu Beznea, Sasha Levin
From: Michael Grzeschik <m.grzeschik@pengutronix.de>
[ Upstream commit 40a2226e8bfacb79dd154dea68febeead9d847e9 ]
We set the PIOC to GPIO mode. This way the pin becomes an
input signal will be usable by the controller. Without
this change the udc on the 9g20ek does not work.
Cc: nicolas.ferre@microchip.com
Cc: ludovic.desroches@microchip.com
Cc: alexandre.belloni@bootlin.com
Cc: linux-arm-kernel@lists.infradead.org
Cc: kernel@pengutronix.de
Fixes: 5cb4e73575e3 ("ARM: at91: add at91sam9g20ek boards dt support")
Signed-off-by: Michael Grzeschik <m.grzeschik@pengutronix.de>
Signed-off-by: Claudiu Beznea <claudiu.beznea@microchip.com>
Link: https://lore.kernel.org/r/20221114185923.1023249-3-m.grzeschik@pengutronix.de
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/boot/dts/at91sam9g20ek_common.dtsi | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/arch/arm/boot/dts/at91sam9g20ek_common.dtsi b/arch/arm/boot/dts/at91sam9g20ek_common.dtsi
index ca03685f0f08..4783e657b4cb 100644
--- a/arch/arm/boot/dts/at91sam9g20ek_common.dtsi
+++ b/arch/arm/boot/dts/at91sam9g20ek_common.dtsi
@@ -39,6 +39,13 @@ pinctrl_pck0_as_mck: pck0_as_mck {
};
+ usb1 {
+ pinctrl_usb1_vbus_gpio: usb1_vbus_gpio {
+ atmel,pins =
+ <AT91_PIOC 5 AT91_PERIPH_GPIO AT91_PINCTRL_DEGLITCH>; /* PC5 GPIO */
+ };
+ };
+
mmc0_slot1 {
pinctrl_board_mmc0_slot1: mmc0_slot1-board {
atmel,pins =
@@ -84,6 +91,8 @@ macb0: ethernet@fffc4000 {
};
usb1: gadget@fffa4000 {
+ pinctrl-0 = <&pinctrl_usb1_vbus_gpio>;
+ pinctrl-names = "default";
atmel,vbus-gpio = <&pioC 5 GPIO_ACTIVE_HIGH>;
status = "okay";
};
--
2.35.1
^ permalink raw reply related [flat|nested] 217+ messages in thread
* [PATCH 5.15 071/206] ARM: dts: at91: sam9g20ek: enable udc vbus gpio pinctrl
@ 2022-11-30 18:22 ` Greg Kroah-Hartman
0 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:22 UTC (permalink / raw)
To: stable
Cc: Sasha Levin, alexandre.belloni, Michael Grzeschik,
Greg Kroah-Hartman, patches, ludovic.desroches, kernel,
Claudiu Beznea, linux-arm-kernel
From: Michael Grzeschik <m.grzeschik@pengutronix.de>
[ Upstream commit 40a2226e8bfacb79dd154dea68febeead9d847e9 ]
We set the PIOC to GPIO mode. This way the pin becomes an
input signal will be usable by the controller. Without
this change the udc on the 9g20ek does not work.
Cc: nicolas.ferre@microchip.com
Cc: ludovic.desroches@microchip.com
Cc: alexandre.belloni@bootlin.com
Cc: linux-arm-kernel@lists.infradead.org
Cc: kernel@pengutronix.de
Fixes: 5cb4e73575e3 ("ARM: at91: add at91sam9g20ek boards dt support")
Signed-off-by: Michael Grzeschik <m.grzeschik@pengutronix.de>
Signed-off-by: Claudiu Beznea <claudiu.beznea@microchip.com>
Link: https://lore.kernel.org/r/20221114185923.1023249-3-m.grzeschik@pengutronix.de
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/boot/dts/at91sam9g20ek_common.dtsi | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/arch/arm/boot/dts/at91sam9g20ek_common.dtsi b/arch/arm/boot/dts/at91sam9g20ek_common.dtsi
index ca03685f0f08..4783e657b4cb 100644
--- a/arch/arm/boot/dts/at91sam9g20ek_common.dtsi
+++ b/arch/arm/boot/dts/at91sam9g20ek_common.dtsi
@@ -39,6 +39,13 @@ pinctrl_pck0_as_mck: pck0_as_mck {
};
+ usb1 {
+ pinctrl_usb1_vbus_gpio: usb1_vbus_gpio {
+ atmel,pins =
+ <AT91_PIOC 5 AT91_PERIPH_GPIO AT91_PINCTRL_DEGLITCH>; /* PC5 GPIO */
+ };
+ };
+
mmc0_slot1 {
pinctrl_board_mmc0_slot1: mmc0_slot1-board {
atmel,pins =
@@ -84,6 +91,8 @@ macb0: ethernet@fffc4000 {
};
usb1: gadget@fffa4000 {
+ pinctrl-0 = <&pinctrl_usb1_vbus_gpio>;
+ pinctrl-names = "default";
atmel,vbus-gpio = <&pioC 5 GPIO_ACTIVE_HIGH>;
status = "okay";
};
--
2.35.1
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
^ permalink raw reply related [flat|nested] 217+ messages in thread
* [PATCH 5.15 072/206] selftests: mptcp: more stable simult_flows tests
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (70 preceding siblings ...)
2022-11-30 18:22 ` Greg Kroah-Hartman
@ 2022-11-30 18:22 ` Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 5.15 073/206] selftests: mptcp: fix mibit vs mbit mix up Greg Kroah-Hartman
` (142 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:22 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Matthieu Baerts, Paolo Abeni,
Mat Martineau, David S. Miller, Sasha Levin
From: Paolo Abeni <pabeni@redhat.com>
[ Upstream commit b6ab64b074f29b42ff272793806efc913f7cc742 ]
Currently the simult_flows.sh self-tests are not very stable,
especially when running on slow VMs.
The tests measure runtime for transfers on multiple subflows
and check that the time is near the theoretical maximum.
The current test infra introduces a bit of jitter in test
runtime, due to multiple explicit delays. Additionally the
runtime is measured by the shell script wrapper. On a slow
VM, the script overhead is measurable and subject to relevant
jitter.
One solution to make the test more stable would be adding more
slack to the expected time; that could possibly hide real
regressions. Instead move the measurement inside the command
doing the transfer, and drop most unneeded sleeps.
Reviewed-by: Matthieu Baerts <matthieu.baerts@tessares.net>
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Mat Martineau <mathew.j.martineau@linux.intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Stable-dep-of: 3de88b95c4d4 ("selftests: mptcp: fix mibit vs mbit mix up")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
.../selftests/net/mptcp/mptcp_connect.c | 72 +++++++++++++++----
.../selftests/net/mptcp/simult_flows.sh | 36 ++++------
2 files changed, 72 insertions(+), 36 deletions(-)
diff --git a/tools/testing/selftests/net/mptcp/mptcp_connect.c b/tools/testing/selftests/net/mptcp/mptcp_connect.c
index 89c4753c2760..95e81d557b08 100644
--- a/tools/testing/selftests/net/mptcp/mptcp_connect.c
+++ b/tools/testing/selftests/net/mptcp/mptcp_connect.c
@@ -14,6 +14,7 @@
#include <strings.h>
#include <signal.h>
#include <unistd.h>
+#include <time.h>
#include <sys/poll.h>
#include <sys/sendfile.h>
@@ -64,6 +65,7 @@ static int cfg_sndbuf;
static int cfg_rcvbuf;
static bool cfg_join;
static bool cfg_remove;
+static unsigned int cfg_time;
static unsigned int cfg_do_w;
static int cfg_wait;
static uint32_t cfg_mark;
@@ -78,9 +80,10 @@ static struct cfg_cmsg_types cfg_cmsg_types;
static void die_usage(void)
{
fprintf(stderr, "Usage: mptcp_connect [-6] [-u] [-s MPTCP|TCP] [-p port] [-m mode]"
- "[-l] [-w sec] connect_address\n");
+ "[-l] [-w sec] [-t num] [-T num] connect_address\n");
fprintf(stderr, "\t-6 use ipv6\n");
fprintf(stderr, "\t-t num -- set poll timeout to num\n");
+ fprintf(stderr, "\t-T num -- set expected runtime to num ms\n");
fprintf(stderr, "\t-S num -- set SO_SNDBUF to num\n");
fprintf(stderr, "\t-R num -- set SO_RCVBUF to num\n");
fprintf(stderr, "\t-p num -- use port num\n");
@@ -448,7 +451,7 @@ static void set_nonblock(int fd)
fcntl(fd, F_SETFL, flags | O_NONBLOCK);
}
-static int copyfd_io_poll(int infd, int peerfd, int outfd)
+static int copyfd_io_poll(int infd, int peerfd, int outfd, bool *in_closed_after_out)
{
struct pollfd fds = {
.fd = peerfd,
@@ -487,9 +490,11 @@ static int copyfd_io_poll(int infd, int peerfd, int outfd)
*/
fds.events &= ~POLLIN;
- if ((fds.events & POLLOUT) == 0)
+ if ((fds.events & POLLOUT) == 0) {
+ *in_closed_after_out = true;
/* and nothing more to send */
break;
+ }
/* Else, still have data to transmit */
} else if (len < 0) {
@@ -547,7 +552,7 @@ static int copyfd_io_poll(int infd, int peerfd, int outfd)
}
/* leave some time for late join/announce */
- if (cfg_join || cfg_remove)
+ if (cfg_remove)
usleep(cfg_wait);
close(peerfd);
@@ -646,7 +651,7 @@ static int do_sendfile(int infd, int outfd, unsigned int count)
}
static int copyfd_io_mmap(int infd, int peerfd, int outfd,
- unsigned int size)
+ unsigned int size, bool *in_closed_after_out)
{
int err;
@@ -664,13 +669,14 @@ static int copyfd_io_mmap(int infd, int peerfd, int outfd,
shutdown(peerfd, SHUT_WR);
err = do_recvfile(peerfd, outfd);
+ *in_closed_after_out = true;
}
return err;
}
static int copyfd_io_sendfile(int infd, int peerfd, int outfd,
- unsigned int size)
+ unsigned int size, bool *in_closed_after_out)
{
int err;
@@ -685,6 +691,7 @@ static int copyfd_io_sendfile(int infd, int peerfd, int outfd,
if (err)
return err;
err = do_recvfile(peerfd, outfd);
+ *in_closed_after_out = true;
}
return err;
@@ -692,27 +699,62 @@ static int copyfd_io_sendfile(int infd, int peerfd, int outfd,
static int copyfd_io(int infd, int peerfd, int outfd)
{
+ bool in_closed_after_out = false;
+ struct timespec start, end;
int file_size;
+ int ret;
+
+ if (cfg_time && (clock_gettime(CLOCK_MONOTONIC, &start) < 0))
+ xerror("can not fetch start time %d", errno);
switch (cfg_mode) {
case CFG_MODE_POLL:
- return copyfd_io_poll(infd, peerfd, outfd);
+ ret = copyfd_io_poll(infd, peerfd, outfd, &in_closed_after_out);
+ break;
+
case CFG_MODE_MMAP:
file_size = get_infd_size(infd);
if (file_size < 0)
return file_size;
- return copyfd_io_mmap(infd, peerfd, outfd, file_size);
+ ret = copyfd_io_mmap(infd, peerfd, outfd, file_size, &in_closed_after_out);
+ break;
+
case CFG_MODE_SENDFILE:
file_size = get_infd_size(infd);
if (file_size < 0)
return file_size;
- return copyfd_io_sendfile(infd, peerfd, outfd, file_size);
+ ret = copyfd_io_sendfile(infd, peerfd, outfd, file_size, &in_closed_after_out);
+ break;
+
+ default:
+ fprintf(stderr, "Invalid mode %d\n", cfg_mode);
+
+ die_usage();
+ return 1;
}
- fprintf(stderr, "Invalid mode %d\n", cfg_mode);
+ if (ret)
+ return ret;
- die_usage();
- return 1;
+ if (cfg_time) {
+ unsigned int delta_ms;
+
+ if (clock_gettime(CLOCK_MONOTONIC, &end) < 0)
+ xerror("can not fetch end time %d", errno);
+ delta_ms = (end.tv_sec - start.tv_sec) * 1000 + (end.tv_nsec - start.tv_nsec) / 1000000;
+ if (delta_ms > cfg_time) {
+ xerror("transfer slower than expected! runtime %d ms, expected %d ms",
+ delta_ms, cfg_time);
+ }
+
+ /* show the runtime only if this end shutdown(wr) before receiving the EOF,
+ * (that is, if this end got the longer runtime)
+ */
+ if (in_closed_after_out)
+ fprintf(stderr, "%d", delta_ms);
+ }
+
+ return 0;
}
static void check_sockaddr(int pf, struct sockaddr_storage *ss,
@@ -1005,12 +1047,11 @@ static void parse_opts(int argc, char **argv)
{
int c;
- while ((c = getopt(argc, argv, "6jr:lp:s:hut:m:S:R:w:M:P:c:")) != -1) {
+ while ((c = getopt(argc, argv, "6jr:lp:s:hut:T:m:S:R:w:M:P:c:")) != -1) {
switch (c) {
case 'j':
cfg_join = true;
cfg_mode = CFG_MODE_POLL;
- cfg_wait = 400000;
break;
case 'r':
cfg_remove = true;
@@ -1043,6 +1084,9 @@ static void parse_opts(int argc, char **argv)
if (poll_timeout <= 0)
poll_timeout = -1;
break;
+ case 'T':
+ cfg_time = atoi(optarg);
+ break;
case 'm':
cfg_mode = parse_mode(optarg);
break;
diff --git a/tools/testing/selftests/net/mptcp/simult_flows.sh b/tools/testing/selftests/net/mptcp/simult_flows.sh
index 910d8126af8f..f441ff7904fc 100755
--- a/tools/testing/selftests/net/mptcp/simult_flows.sh
+++ b/tools/testing/selftests/net/mptcp/simult_flows.sh
@@ -51,7 +51,7 @@ setup()
sout=$(mktemp)
cout=$(mktemp)
capout=$(mktemp)
- size=$((2048 * 4096))
+ size=$((2 * 2048 * 4096))
dd if=/dev/zero of=$small bs=4096 count=20 >/dev/null 2>&1
dd if=/dev/zero of=$large bs=4096 count=$((size / 4096)) >/dev/null 2>&1
@@ -161,17 +161,15 @@ do_transfer()
timeout ${timeout_test} \
ip netns exec ${ns3} \
- ./mptcp_connect -jt ${timeout_poll} -l -p $port \
+ ./mptcp_connect -jt ${timeout_poll} -l -p $port -T $time \
0.0.0.0 < "$sin" > "$sout" &
local spid=$!
wait_local_port_listen "${ns3}" "${port}"
- local start
- start=$(date +%s%3N)
timeout ${timeout_test} \
ip netns exec ${ns1} \
- ./mptcp_connect -jt ${timeout_poll} -p $port \
+ ./mptcp_connect -jt ${timeout_poll} -p $port -T $time \
10.0.3.3 < "$cin" > "$cout" &
local cpid=$!
@@ -180,27 +178,20 @@ do_transfer()
wait $spid
local rets=$?
- local stop
- stop=$(date +%s%3N)
-
if $capture; then
sleep 1
kill ${cappid_listener}
kill ${cappid_connector}
fi
- local duration
- duration=$((stop-start))
-
cmp $sin $cout > /dev/null 2>&1
local cmps=$?
cmp $cin $sout > /dev/null 2>&1
local cmpc=$?
- printf "%16s" "$duration max $max_time "
+ printf "%-16s" " max $max_time "
if [ $retc -eq 0 ] && [ $rets -eq 0 ] && \
- [ $cmpc -eq 0 ] && [ $cmps -eq 0 ] && \
- [ $duration -lt $max_time ]; then
+ [ $cmpc -eq 0 ] && [ $cmps -eq 0 ]; then
echo "[ OK ]"
cat "$capout"
return 0
@@ -244,23 +235,24 @@ run_test()
tc -n $ns2 qdisc add dev ns2eth1 root netem rate ${rate1}mbit $delay1
tc -n $ns2 qdisc add dev ns2eth2 root netem rate ${rate2}mbit $delay2
- # time is measure in ms
- local time=$((size * 8 * 1000 / (( $rate1 + $rate2) * 1024 *1024) ))
+ # time is measured in ms, account for transfer size, affegated link speed
+ # and header overhead (10%)
+ local time=$((size * 8 * 1000 * 10 / (( $rate1 + $rate2) * 1024 *1024 * 9) ))
# mptcp_connect will do some sleeps to allow the mp_join handshake
- # completion
- time=$((time + 1350))
+ # completion (see mptcp_connect): 200ms on each side, add some slack
+ time=$((time + 450))
- printf "%-50s" "$msg"
- do_transfer $small $large $((time * 11 / 10))
+ printf "%-60s" "$msg"
+ do_transfer $small $large $time
lret=$?
if [ $lret -ne 0 ]; then
ret=$lret
[ $bail -eq 0 ] || exit $ret
fi
- printf "%-50s" "$msg - reverse direction"
- do_transfer $large $small $((time * 11 / 10))
+ printf "%-60s" "$msg - reverse direction"
+ do_transfer $large $small $time
lret=$?
if [ $lret -ne 0 ]; then
ret=$lret
--
2.35.1
^ permalink raw reply related [flat|nested] 217+ messages in thread
* [PATCH 5.15 073/206] selftests: mptcp: fix mibit vs mbit mix up
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (71 preceding siblings ...)
2022-11-30 18:22 ` [PATCH 5.15 072/206] selftests: mptcp: more stable simult_flows tests Greg Kroah-Hartman
@ 2022-11-30 18:22 ` Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 5.15 074/206] net: liquidio: simplify if expression Greg Kroah-Hartman
` (141 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:22 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Paolo Abeni, Mat Martineau,
Matthieu Baerts, Jakub Kicinski, Sasha Levin
From: Matthieu Baerts <matthieu.baerts@tessares.net>
[ Upstream commit 3de88b95c4d436d78afc0266a0bed76c35ddeb62 ]
The estimated time was supposing the rate was expressed in mibit
(bit * 1024^2) but it is in mbit (bit * 1000^2).
This makes the threshold higher but in a more realistic way to avoid
false positives reported by CI instances.
Before this patch, the thresholds were at 7561/4005ms and now they are
at 7906/4178ms.
While at it, also fix a typo in the linked comment, spotted by Mat.
Closes: https://github.com/multipath-tcp/mptcp_net-next/issues/310
Fixes: 1a418cb8e888 ("mptcp: simult flow self-tests")
Suggested-by: Paolo Abeni <pabeni@redhat.com>
Reviewed-by: Mat Martineau <mathew.j.martineau@linux.intel.com>
Signed-off-by: Matthieu Baerts <matthieu.baerts@tessares.net>
Signed-off-by: Mat Martineau <mathew.j.martineau@linux.intel.com>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/testing/selftests/net/mptcp/simult_flows.sh | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/tools/testing/selftests/net/mptcp/simult_flows.sh b/tools/testing/selftests/net/mptcp/simult_flows.sh
index f441ff7904fc..7df4900dfaf7 100755
--- a/tools/testing/selftests/net/mptcp/simult_flows.sh
+++ b/tools/testing/selftests/net/mptcp/simult_flows.sh
@@ -235,9 +235,10 @@ run_test()
tc -n $ns2 qdisc add dev ns2eth1 root netem rate ${rate1}mbit $delay1
tc -n $ns2 qdisc add dev ns2eth2 root netem rate ${rate2}mbit $delay2
- # time is measured in ms, account for transfer size, affegated link speed
+ # time is measured in ms, account for transfer size, aggregated link speed
# and header overhead (10%)
- local time=$((size * 8 * 1000 * 10 / (( $rate1 + $rate2) * 1024 *1024 * 9) ))
+ # ms byte -> bit 10% mbit -> kbit -> bit 10%
+ local time=$((1000 * size * 8 * 10 / ((rate1 + rate2) * 1000 * 1000 * 9) ))
# mptcp_connect will do some sleeps to allow the mp_join handshake
# completion (see mptcp_connect): 200ms on each side, add some slack
--
2.35.1
^ permalink raw reply related [flat|nested] 217+ messages in thread
* [PATCH 5.15 074/206] net: liquidio: simplify if expression
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (72 preceding siblings ...)
2022-11-30 18:22 ` [PATCH 5.15 073/206] selftests: mptcp: fix mibit vs mbit mix up Greg Kroah-Hartman
@ 2022-11-30 18:22 ` Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 5.15 075/206] rxrpc: Allow list of in-use local UDP endpoints to be viewed in /proc Greg Kroah-Hartman
` (140 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:22 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, kernel test robot, Leon Romanovsky,
Saeed Mahameed, David S. Miller, Sasha Levin
From: Leon Romanovsky <leonro@nvidia.com>
[ Upstream commit 733d4bbf9514890eb53ebe75827bf1fb4fd25ebe ]
Fix the warning reported by kbuild:
cocci warnings: (new ones prefixed by >>)
>> drivers/net/ethernet/cavium/liquidio/lio_main.c:1797:54-56: WARNING !A || A && B is equivalent to !A || B
drivers/net/ethernet/cavium/liquidio/lio_main.c:1827:54-56: WARNING !A || A && B is equivalent to !A || B
Fixes: 8979f428a4af ("net: liquidio: release resources when liquidio driver open failed")
Reported-by: kernel test robot <lkp@intel.com>
Signed-off-by: Leon Romanovsky <leonro@nvidia.com>
Reviewed-by: Saeed Mahameed <saeed@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/cavium/liquidio/lio_main.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/net/ethernet/cavium/liquidio/lio_main.c b/drivers/net/ethernet/cavium/liquidio/lio_main.c
index 7bd97d98afeb..ae68821dd56d 100644
--- a/drivers/net/ethernet/cavium/liquidio/lio_main.c
+++ b/drivers/net/ethernet/cavium/liquidio/lio_main.c
@@ -1798,7 +1798,7 @@ static int liquidio_open(struct net_device *netdev)
ifstate_set(lio, LIO_IFSTATE_RUNNING);
- if (!OCTEON_CN23XX_PF(oct) || (OCTEON_CN23XX_PF(oct) && !oct->msix_on)) {
+ if (!OCTEON_CN23XX_PF(oct) || !oct->msix_on) {
ret = setup_tx_poll_fn(netdev);
if (ret)
goto err_poll;
@@ -1828,7 +1828,7 @@ static int liquidio_open(struct net_device *netdev)
return 0;
err_rx_ctrl:
- if (!OCTEON_CN23XX_PF(oct) || (OCTEON_CN23XX_PF(oct) && !oct->msix_on))
+ if (!OCTEON_CN23XX_PF(oct) || !oct->msix_on)
cleanup_tx_poll_fn(netdev);
err_poll:
if (lio->ptp_clock) {
--
2.35.1
^ permalink raw reply related [flat|nested] 217+ messages in thread
* [PATCH 5.15 075/206] rxrpc: Allow list of in-use local UDP endpoints to be viewed in /proc
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (73 preceding siblings ...)
2022-11-30 18:22 ` [PATCH 5.15 074/206] net: liquidio: simplify if expression Greg Kroah-Hartman
@ 2022-11-30 18:22 ` Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 5.15 076/206] rxrpc: Use refcount_t rather than atomic_t Greg Kroah-Hartman
` (139 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:22 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, David Howells, Marc Dionne,
linux-afs, David S. Miller, Sasha Levin
From: David Howells <dhowells@redhat.com>
[ Upstream commit 33912c2639ad76660988c8ca97e4d18fca89b668 ]
Allow the list of in-use local UDP endpoints in the current network
namespace to be viewed in /proc.
To aid with this, the endpoint list is converted to an hlist and RCU-safe
manipulation is used so that the list can be read with only the RCU
read lock held.
Signed-off-by: David Howells <dhowells@redhat.com>
cc: Marc Dionne <marc.dionne@auristor.com>
cc: linux-afs@lists.infradead.org
Signed-off-by: David S. Miller <davem@davemloft.net>
Stable-dep-of: 3bcd6c7eaa53 ("rxrpc: Fix race between conn bundle lookup and bundle removal [ZDI-CAN-15975]")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/rxrpc/ar-internal.h | 5 +--
net/rxrpc/local_object.c | 37 +++++++++++----------
net/rxrpc/net_ns.c | 5 ++-
net/rxrpc/proc.c | 69 ++++++++++++++++++++++++++++++++++++++++
4 files changed, 94 insertions(+), 22 deletions(-)
diff --git a/net/rxrpc/ar-internal.h b/net/rxrpc/ar-internal.h
index f2e3fb77a02d..38dd63169aac 100644
--- a/net/rxrpc/ar-internal.h
+++ b/net/rxrpc/ar-internal.h
@@ -88,7 +88,7 @@ struct rxrpc_net {
struct work_struct client_conn_reaper;
struct timer_list client_conn_reap_timer;
- struct list_head local_endpoints;
+ struct hlist_head local_endpoints;
struct mutex local_mutex; /* Lock for ->local_endpoints */
DECLARE_HASHTABLE (peer_hash, 10);
@@ -281,7 +281,7 @@ struct rxrpc_local {
atomic_t active_users; /* Number of users of the local endpoint */
atomic_t usage; /* Number of references to the structure */
struct rxrpc_net *rxnet; /* The network ns in which this resides */
- struct list_head link;
+ struct hlist_node link;
struct socket *socket; /* my UDP socket */
struct work_struct processor;
struct rxrpc_sock __rcu *service; /* Service(s) listening on this endpoint */
@@ -1016,6 +1016,7 @@ void rxrpc_put_peer_locked(struct rxrpc_peer *);
extern const struct seq_operations rxrpc_call_seq_ops;
extern const struct seq_operations rxrpc_connection_seq_ops;
extern const struct seq_operations rxrpc_peer_seq_ops;
+extern const struct seq_operations rxrpc_local_seq_ops;
/*
* recvmsg.c
diff --git a/net/rxrpc/local_object.c b/net/rxrpc/local_object.c
index 1d15940f61d7..0cbbbbcf490e 100644
--- a/net/rxrpc/local_object.c
+++ b/net/rxrpc/local_object.c
@@ -82,7 +82,7 @@ static struct rxrpc_local *rxrpc_alloc_local(struct rxrpc_net *rxnet,
atomic_set(&local->usage, 1);
atomic_set(&local->active_users, 1);
local->rxnet = rxnet;
- INIT_LIST_HEAD(&local->link);
+ INIT_HLIST_NODE(&local->link);
INIT_WORK(&local->processor, rxrpc_local_processor);
init_rwsem(&local->defrag_sem);
skb_queue_head_init(&local->reject_queue);
@@ -181,7 +181,7 @@ struct rxrpc_local *rxrpc_lookup_local(struct net *net,
{
struct rxrpc_local *local;
struct rxrpc_net *rxnet = rxrpc_net(net);
- struct list_head *cursor;
+ struct hlist_node *cursor;
const char *age;
long diff;
int ret;
@@ -191,16 +191,12 @@ struct rxrpc_local *rxrpc_lookup_local(struct net *net,
mutex_lock(&rxnet->local_mutex);
- for (cursor = rxnet->local_endpoints.next;
- cursor != &rxnet->local_endpoints;
- cursor = cursor->next) {
- local = list_entry(cursor, struct rxrpc_local, link);
+ hlist_for_each(cursor, &rxnet->local_endpoints) {
+ local = hlist_entry(cursor, struct rxrpc_local, link);
diff = rxrpc_local_cmp_key(local, srx);
- if (diff < 0)
+ if (diff != 0)
continue;
- if (diff > 0)
- break;
/* Services aren't allowed to share transport sockets, so
* reject that here. It is possible that the object is dying -
@@ -212,9 +208,10 @@ struct rxrpc_local *rxrpc_lookup_local(struct net *net,
goto addr_in_use;
}
- /* Found a match. We replace a dying object. Attempting to
- * bind the transport socket may still fail if we're attempting
- * to use a local address that the dying object is still using.
+ /* Found a match. We want to replace a dying object.
+ * Attempting to bind the transport socket may still fail if
+ * we're attempting to use a local address that the dying
+ * object is still using.
*/
if (!rxrpc_use_local(local))
break;
@@ -231,10 +228,12 @@ struct rxrpc_local *rxrpc_lookup_local(struct net *net,
if (ret < 0)
goto sock_error;
- if (cursor != &rxnet->local_endpoints)
- list_replace_init(cursor, &local->link);
- else
- list_add_tail(&local->link, cursor);
+ if (cursor) {
+ hlist_replace_rcu(cursor, &local->link);
+ cursor->pprev = NULL;
+ } else {
+ hlist_add_head_rcu(&local->link, &rxnet->local_endpoints);
+ }
age = "new";
found:
@@ -375,7 +374,7 @@ static void rxrpc_local_destroyer(struct rxrpc_local *local)
local->dead = true;
mutex_lock(&rxnet->local_mutex);
- list_del_init(&local->link);
+ hlist_del_init_rcu(&local->link);
mutex_unlock(&rxnet->local_mutex);
rxrpc_clean_up_local_conns(local);
@@ -462,9 +461,9 @@ void rxrpc_destroy_all_locals(struct rxrpc_net *rxnet)
flush_workqueue(rxrpc_workqueue);
- if (!list_empty(&rxnet->local_endpoints)) {
+ if (!hlist_empty(&rxnet->local_endpoints)) {
mutex_lock(&rxnet->local_mutex);
- list_for_each_entry(local, &rxnet->local_endpoints, link) {
+ hlist_for_each_entry(local, &rxnet->local_endpoints, link) {
pr_err("AF_RXRPC: Leaked local %p {%d}\n",
local, atomic_read(&local->usage));
}
diff --git a/net/rxrpc/net_ns.c b/net/rxrpc/net_ns.c
index e4d6d432515b..bb4c25d6df64 100644
--- a/net/rxrpc/net_ns.c
+++ b/net/rxrpc/net_ns.c
@@ -72,7 +72,7 @@ static __net_init int rxrpc_init_net(struct net *net)
timer_setup(&rxnet->client_conn_reap_timer,
rxrpc_client_conn_reap_timeout, 0);
- INIT_LIST_HEAD(&rxnet->local_endpoints);
+ INIT_HLIST_HEAD(&rxnet->local_endpoints);
mutex_init(&rxnet->local_mutex);
hash_init(rxnet->peer_hash);
@@ -98,6 +98,9 @@ static __net_init int rxrpc_init_net(struct net *net)
proc_create_net("peers", 0444, rxnet->proc_net,
&rxrpc_peer_seq_ops,
sizeof(struct seq_net_private));
+ proc_create_net("locals", 0444, rxnet->proc_net,
+ &rxrpc_local_seq_ops,
+ sizeof(struct seq_net_private));
return 0;
err_proc:
diff --git a/net/rxrpc/proc.c b/net/rxrpc/proc.c
index 5a67955cc00f..7d007a66eba5 100644
--- a/net/rxrpc/proc.c
+++ b/net/rxrpc/proc.c
@@ -328,3 +328,72 @@ const struct seq_operations rxrpc_peer_seq_ops = {
.stop = rxrpc_peer_seq_stop,
.show = rxrpc_peer_seq_show,
};
+
+/*
+ * Generate a list of extant virtual local endpoints in /proc/net/rxrpc/locals
+ */
+static int rxrpc_local_seq_show(struct seq_file *seq, void *v)
+{
+ struct rxrpc_local *local;
+ char lbuff[50];
+
+ if (v == SEQ_START_TOKEN) {
+ seq_puts(seq,
+ "Proto Local "
+ " Use Act\n");
+ return 0;
+ }
+
+ local = hlist_entry(v, struct rxrpc_local, link);
+
+ sprintf(lbuff, "%pISpc", &local->srx.transport);
+
+ seq_printf(seq,
+ "UDP %-47.47s %3u %3u\n",
+ lbuff,
+ atomic_read(&local->usage),
+ atomic_read(&local->active_users));
+
+ return 0;
+}
+
+static void *rxrpc_local_seq_start(struct seq_file *seq, loff_t *_pos)
+ __acquires(rcu)
+{
+ struct rxrpc_net *rxnet = rxrpc_net(seq_file_net(seq));
+ unsigned int n;
+
+ rcu_read_lock();
+
+ if (*_pos >= UINT_MAX)
+ return NULL;
+
+ n = *_pos;
+ if (n == 0)
+ return SEQ_START_TOKEN;
+
+ return seq_hlist_start_rcu(&rxnet->local_endpoints, n - 1);
+}
+
+static void *rxrpc_local_seq_next(struct seq_file *seq, void *v, loff_t *_pos)
+{
+ struct rxrpc_net *rxnet = rxrpc_net(seq_file_net(seq));
+
+ if (*_pos >= UINT_MAX)
+ return NULL;
+
+ return seq_hlist_next_rcu(v, &rxnet->local_endpoints, _pos);
+}
+
+static void rxrpc_local_seq_stop(struct seq_file *seq, void *v)
+ __releases(rcu)
+{
+ rcu_read_unlock();
+}
+
+const struct seq_operations rxrpc_local_seq_ops = {
+ .start = rxrpc_local_seq_start,
+ .next = rxrpc_local_seq_next,
+ .stop = rxrpc_local_seq_stop,
+ .show = rxrpc_local_seq_show,
+};
--
2.35.1
^ permalink raw reply related [flat|nested] 217+ messages in thread
* [PATCH 5.15 076/206] rxrpc: Use refcount_t rather than atomic_t
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (74 preceding siblings ...)
2022-11-30 18:22 ` [PATCH 5.15 075/206] rxrpc: Allow list of in-use local UDP endpoints to be viewed in /proc Greg Kroah-Hartman
@ 2022-11-30 18:22 ` Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 5.15 077/206] rxrpc: Fix race between conn bundle lookup and bundle removal [ZDI-CAN-15975] Greg Kroah-Hartman
` (138 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:22 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, David Howells, Marc Dionne,
linux-afs, David S. Miller, Sasha Levin
From: David Howells <dhowells@redhat.com>
[ Upstream commit a05754295e01f006a651eec759c5dbe682ef6cef ]
Move to using refcount_t rather than atomic_t for refcounts in rxrpc.
Signed-off-by: David Howells <dhowells@redhat.com>
cc: Marc Dionne <marc.dionne@auristor.com>
cc: linux-afs@lists.infradead.org
Signed-off-by: David S. Miller <davem@davemloft.net>
Stable-dep-of: 3bcd6c7eaa53 ("rxrpc: Fix race between conn bundle lookup and bundle removal [ZDI-CAN-15975]")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/trace/events/rxrpc.h | 2 +-
net/rxrpc/af_rxrpc.c | 2 +-
net/rxrpc/ar-internal.h | 18 ++++---------
net/rxrpc/call_accept.c | 4 +--
net/rxrpc/call_object.c | 44 ++++++++++++++++----------------
net/rxrpc/conn_client.c | 30 +++++++++++-----------
net/rxrpc/conn_object.c | 49 ++++++++++++++++++------------------
net/rxrpc/conn_service.c | 8 +++---
net/rxrpc/input.c | 4 +--
net/rxrpc/local_object.c | 31 ++++++++++++-----------
net/rxrpc/peer_object.c | 40 +++++++++++++++--------------
net/rxrpc/proc.c | 8 +++---
net/rxrpc/skbuff.c | 1 -
13 files changed, 119 insertions(+), 122 deletions(-)
diff --git a/include/trace/events/rxrpc.h b/include/trace/events/rxrpc.h
index 1c714336b863..221856f2d295 100644
--- a/include/trace/events/rxrpc.h
+++ b/include/trace/events/rxrpc.h
@@ -583,7 +583,7 @@ TRACE_EVENT(rxrpc_client,
TP_fast_assign(
__entry->conn = conn ? conn->debug_id : 0;
__entry->channel = channel;
- __entry->usage = conn ? atomic_read(&conn->usage) : -2;
+ __entry->usage = conn ? refcount_read(&conn->ref) : -2;
__entry->op = op;
__entry->cid = conn ? conn->proto.cid : 0;
),
diff --git a/net/rxrpc/af_rxrpc.c b/net/rxrpc/af_rxrpc.c
index 2b5f89713e36..ceba28e9dce6 100644
--- a/net/rxrpc/af_rxrpc.c
+++ b/net/rxrpc/af_rxrpc.c
@@ -351,7 +351,7 @@ static void rxrpc_dummy_notify_rx(struct sock *sk, struct rxrpc_call *rxcall,
*/
void rxrpc_kernel_end_call(struct socket *sock, struct rxrpc_call *call)
{
- _enter("%d{%d}", call->debug_id, atomic_read(&call->usage));
+ _enter("%d{%d}", call->debug_id, refcount_read(&call->ref));
mutex_lock(&call->user_mutex);
rxrpc_release_call(rxrpc_sk(sock->sk), call);
diff --git a/net/rxrpc/ar-internal.h b/net/rxrpc/ar-internal.h
index 38dd63169aac..62c70709d798 100644
--- a/net/rxrpc/ar-internal.h
+++ b/net/rxrpc/ar-internal.h
@@ -15,14 +15,6 @@
#include <keys/rxrpc-type.h>
#include "protocol.h"
-#if 0
-#define CHECK_SLAB_OKAY(X) \
- BUG_ON(atomic_read((X)) >> (sizeof(atomic_t) - 2) == \
- (POISON_FREE << 8 | POISON_FREE))
-#else
-#define CHECK_SLAB_OKAY(X) do {} while (0)
-#endif
-
#define FCRYPT_BSIZE 8
struct rxrpc_crypt {
union {
@@ -279,7 +271,7 @@ struct rxrpc_security {
struct rxrpc_local {
struct rcu_head rcu;
atomic_t active_users; /* Number of users of the local endpoint */
- atomic_t usage; /* Number of references to the structure */
+ refcount_t ref; /* Number of references to the structure */
struct rxrpc_net *rxnet; /* The network ns in which this resides */
struct hlist_node link;
struct socket *socket; /* my UDP socket */
@@ -304,7 +296,7 @@ struct rxrpc_local {
*/
struct rxrpc_peer {
struct rcu_head rcu; /* This must be first */
- atomic_t usage;
+ refcount_t ref;
unsigned long hash_key;
struct hlist_node hash_link;
struct rxrpc_local *local;
@@ -406,7 +398,7 @@ enum rxrpc_conn_proto_state {
*/
struct rxrpc_bundle {
struct rxrpc_conn_parameters params;
- atomic_t usage;
+ refcount_t ref;
unsigned int debug_id;
bool try_upgrade; /* True if the bundle is attempting upgrade */
bool alloc_conn; /* True if someone's getting a conn */
@@ -427,7 +419,7 @@ struct rxrpc_connection {
struct rxrpc_conn_proto proto;
struct rxrpc_conn_parameters params;
- atomic_t usage;
+ refcount_t ref;
struct rcu_head rcu;
struct list_head cache_link;
@@ -609,7 +601,7 @@ struct rxrpc_call {
int error; /* Local error incurred */
enum rxrpc_call_state state; /* current state of call */
enum rxrpc_call_completion completion; /* Call completion condition */
- atomic_t usage;
+ refcount_t ref;
u16 service_id; /* service ID */
u8 security_ix; /* Security type */
enum rxrpc_interruptibility interruptibility; /* At what point call may be interrupted */
diff --git a/net/rxrpc/call_accept.c b/net/rxrpc/call_accept.c
index 8b24ffbc72ef..99e10eea3732 100644
--- a/net/rxrpc/call_accept.c
+++ b/net/rxrpc/call_accept.c
@@ -91,7 +91,7 @@ static int rxrpc_service_prealloc_one(struct rxrpc_sock *rx,
(head + 1) & (size - 1));
trace_rxrpc_conn(conn->debug_id, rxrpc_conn_new_service,
- atomic_read(&conn->usage), here);
+ refcount_read(&conn->ref), here);
}
/* Now it gets complicated, because calls get registered with the
@@ -104,7 +104,7 @@ static int rxrpc_service_prealloc_one(struct rxrpc_sock *rx,
call->state = RXRPC_CALL_SERVER_PREALLOC;
trace_rxrpc_call(call->debug_id, rxrpc_call_new_service,
- atomic_read(&call->usage),
+ refcount_read(&call->ref),
here, (const void *)user_call_ID);
write_lock(&rx->call_lock);
diff --git a/net/rxrpc/call_object.c b/net/rxrpc/call_object.c
index d674d90e7031..6401cdf7a624 100644
--- a/net/rxrpc/call_object.c
+++ b/net/rxrpc/call_object.c
@@ -112,7 +112,7 @@ struct rxrpc_call *rxrpc_find_call_by_user_ID(struct rxrpc_sock *rx,
found_extant_call:
rxrpc_get_call(call, rxrpc_call_got);
read_unlock(&rx->call_lock);
- _leave(" = %p [%d]", call, atomic_read(&call->usage));
+ _leave(" = %p [%d]", call, refcount_read(&call->ref));
return call;
}
@@ -160,7 +160,7 @@ struct rxrpc_call *rxrpc_alloc_call(struct rxrpc_sock *rx, gfp_t gfp,
spin_lock_init(&call->notify_lock);
spin_lock_init(&call->input_lock);
rwlock_init(&call->state_lock);
- atomic_set(&call->usage, 1);
+ refcount_set(&call->ref, 1);
call->debug_id = debug_id;
call->tx_total_len = -1;
call->next_rx_timo = 20 * HZ;
@@ -301,7 +301,7 @@ struct rxrpc_call *rxrpc_new_client_call(struct rxrpc_sock *rx,
call->interruptibility = p->interruptibility;
call->tx_total_len = p->tx_total_len;
trace_rxrpc_call(call->debug_id, rxrpc_call_new_client,
- atomic_read(&call->usage),
+ refcount_read(&call->ref),
here, (const void *)p->user_call_ID);
if (p->kernel)
__set_bit(RXRPC_CALL_KERNEL, &call->flags);
@@ -354,7 +354,7 @@ struct rxrpc_call *rxrpc_new_client_call(struct rxrpc_sock *rx,
goto error_attached_to_socket;
trace_rxrpc_call(call->debug_id, rxrpc_call_connected,
- atomic_read(&call->usage), here, NULL);
+ refcount_read(&call->ref), here, NULL);
rxrpc_start_call_timer(call);
@@ -374,7 +374,7 @@ struct rxrpc_call *rxrpc_new_client_call(struct rxrpc_sock *rx,
__rxrpc_set_call_completion(call, RXRPC_CALL_LOCAL_ERROR,
RX_CALL_DEAD, -EEXIST);
trace_rxrpc_call(call->debug_id, rxrpc_call_error,
- atomic_read(&call->usage), here, ERR_PTR(-EEXIST));
+ refcount_read(&call->ref), here, ERR_PTR(-EEXIST));
rxrpc_release_call(rx, call);
mutex_unlock(&call->user_mutex);
rxrpc_put_call(call, rxrpc_call_put);
@@ -388,7 +388,7 @@ struct rxrpc_call *rxrpc_new_client_call(struct rxrpc_sock *rx,
*/
error_attached_to_socket:
trace_rxrpc_call(call->debug_id, rxrpc_call_error,
- atomic_read(&call->usage), here, ERR_PTR(ret));
+ refcount_read(&call->ref), here, ERR_PTR(ret));
set_bit(RXRPC_CALL_DISCONNECTED, &call->flags);
__rxrpc_set_call_completion(call, RXRPC_CALL_LOCAL_ERROR,
RX_CALL_DEAD, ret);
@@ -444,8 +444,9 @@ void rxrpc_incoming_call(struct rxrpc_sock *rx,
bool rxrpc_queue_call(struct rxrpc_call *call)
{
const void *here = __builtin_return_address(0);
- int n = atomic_fetch_add_unless(&call->usage, 1, 0);
- if (n == 0)
+ int n;
+
+ if (!__refcount_inc_not_zero(&call->ref, &n))
return false;
if (rxrpc_queue_work(&call->processor))
trace_rxrpc_call(call->debug_id, rxrpc_call_queued, n + 1,
@@ -461,7 +462,7 @@ bool rxrpc_queue_call(struct rxrpc_call *call)
bool __rxrpc_queue_call(struct rxrpc_call *call)
{
const void *here = __builtin_return_address(0);
- int n = atomic_read(&call->usage);
+ int n = refcount_read(&call->ref);
ASSERTCMP(n, >=, 1);
if (rxrpc_queue_work(&call->processor))
trace_rxrpc_call(call->debug_id, rxrpc_call_queued_ref, n,
@@ -478,7 +479,7 @@ void rxrpc_see_call(struct rxrpc_call *call)
{
const void *here = __builtin_return_address(0);
if (call) {
- int n = atomic_read(&call->usage);
+ int n = refcount_read(&call->ref);
trace_rxrpc_call(call->debug_id, rxrpc_call_seen, n,
here, NULL);
@@ -488,11 +489,11 @@ void rxrpc_see_call(struct rxrpc_call *call)
bool rxrpc_try_get_call(struct rxrpc_call *call, enum rxrpc_call_trace op)
{
const void *here = __builtin_return_address(0);
- int n = atomic_fetch_add_unless(&call->usage, 1, 0);
+ int n;
- if (n == 0)
+ if (!__refcount_inc_not_zero(&call->ref, &n))
return false;
- trace_rxrpc_call(call->debug_id, op, n, here, NULL);
+ trace_rxrpc_call(call->debug_id, op, n + 1, here, NULL);
return true;
}
@@ -502,9 +503,10 @@ bool rxrpc_try_get_call(struct rxrpc_call *call, enum rxrpc_call_trace op)
void rxrpc_get_call(struct rxrpc_call *call, enum rxrpc_call_trace op)
{
const void *here = __builtin_return_address(0);
- int n = atomic_inc_return(&call->usage);
+ int n;
- trace_rxrpc_call(call->debug_id, op, n, here, NULL);
+ __refcount_inc(&call->ref, &n);
+ trace_rxrpc_call(call->debug_id, op, n + 1, here, NULL);
}
/*
@@ -529,10 +531,10 @@ void rxrpc_release_call(struct rxrpc_sock *rx, struct rxrpc_call *call)
struct rxrpc_connection *conn = call->conn;
bool put = false;
- _enter("{%d,%d}", call->debug_id, atomic_read(&call->usage));
+ _enter("{%d,%d}", call->debug_id, refcount_read(&call->ref));
trace_rxrpc_call(call->debug_id, rxrpc_call_release,
- atomic_read(&call->usage),
+ refcount_read(&call->ref),
here, (const void *)call->flags);
ASSERTCMP(call->state, ==, RXRPC_CALL_COMPLETE);
@@ -621,14 +623,14 @@ void rxrpc_put_call(struct rxrpc_call *call, enum rxrpc_call_trace op)
struct rxrpc_net *rxnet = call->rxnet;
const void *here = __builtin_return_address(0);
unsigned int debug_id = call->debug_id;
+ bool dead;
int n;
ASSERT(call != NULL);
- n = atomic_dec_return(&call->usage);
+ dead = __refcount_dec_and_test(&call->ref, &n);
trace_rxrpc_call(debug_id, op, n, here, NULL);
- ASSERTCMP(n, >=, 0);
- if (n == 0) {
+ if (dead) {
_debug("call %d dead", call->debug_id);
ASSERTCMP(call->state, ==, RXRPC_CALL_COMPLETE);
@@ -718,7 +720,7 @@ void rxrpc_destroy_all_calls(struct rxrpc_net *rxnet)
list_del_init(&call->link);
pr_err("Call %p still in use (%d,%s,%lx,%lx)!\n",
- call, atomic_read(&call->usage),
+ call, refcount_read(&call->ref),
rxrpc_call_states[call->state],
call->flags, call->events);
diff --git a/net/rxrpc/conn_client.c b/net/rxrpc/conn_client.c
index 8120138dac01..3c9eeb5b750c 100644
--- a/net/rxrpc/conn_client.c
+++ b/net/rxrpc/conn_client.c
@@ -102,7 +102,7 @@ void rxrpc_destroy_client_conn_ids(void)
if (!idr_is_empty(&rxrpc_client_conn_ids)) {
idr_for_each_entry(&rxrpc_client_conn_ids, conn, id) {
pr_err("AF_RXRPC: Leaked client conn %p {%d}\n",
- conn, atomic_read(&conn->usage));
+ conn, refcount_read(&conn->ref));
}
BUG();
}
@@ -122,7 +122,7 @@ static struct rxrpc_bundle *rxrpc_alloc_bundle(struct rxrpc_conn_parameters *cp,
if (bundle) {
bundle->params = *cp;
rxrpc_get_peer(bundle->params.peer);
- atomic_set(&bundle->usage, 1);
+ refcount_set(&bundle->ref, 1);
spin_lock_init(&bundle->channel_lock);
INIT_LIST_HEAD(&bundle->waiting_calls);
}
@@ -131,7 +131,7 @@ static struct rxrpc_bundle *rxrpc_alloc_bundle(struct rxrpc_conn_parameters *cp,
struct rxrpc_bundle *rxrpc_get_bundle(struct rxrpc_bundle *bundle)
{
- atomic_inc(&bundle->usage);
+ refcount_inc(&bundle->ref);
return bundle;
}
@@ -144,10 +144,13 @@ static void rxrpc_free_bundle(struct rxrpc_bundle *bundle)
void rxrpc_put_bundle(struct rxrpc_bundle *bundle)
{
unsigned int d = bundle->debug_id;
- unsigned int u = atomic_dec_return(&bundle->usage);
+ bool dead;
+ int r;
- _debug("PUT B=%x %u", d, u);
- if (u == 0)
+ dead = __refcount_dec_and_test(&bundle->ref, &r);
+
+ _debug("PUT B=%x %d", d, r);
+ if (dead)
rxrpc_free_bundle(bundle);
}
@@ -169,7 +172,7 @@ rxrpc_alloc_client_connection(struct rxrpc_bundle *bundle, gfp_t gfp)
return ERR_PTR(-ENOMEM);
}
- atomic_set(&conn->usage, 1);
+ refcount_set(&conn->ref, 1);
conn->bundle = bundle;
conn->params = bundle->params;
conn->out_clientflag = RXRPC_CLIENT_INITIATED;
@@ -195,7 +198,7 @@ rxrpc_alloc_client_connection(struct rxrpc_bundle *bundle, gfp_t gfp)
key_get(conn->params.key);
trace_rxrpc_conn(conn->debug_id, rxrpc_conn_new_client,
- atomic_read(&conn->usage),
+ refcount_read(&conn->ref),
__builtin_return_address(0));
atomic_inc(&rxnet->nr_client_conns);
@@ -966,14 +969,13 @@ void rxrpc_put_client_conn(struct rxrpc_connection *conn)
{
const void *here = __builtin_return_address(0);
unsigned int debug_id = conn->debug_id;
- int n;
+ bool dead;
+ int r;
- n = atomic_dec_return(&conn->usage);
- trace_rxrpc_conn(debug_id, rxrpc_conn_put_client, n, here);
- if (n <= 0) {
- ASSERTCMP(n, >=, 0);
+ dead = __refcount_dec_and_test(&conn->ref, &r);
+ trace_rxrpc_conn(debug_id, rxrpc_conn_put_client, r - 1, here);
+ if (dead)
rxrpc_kill_client_conn(conn);
- }
}
/*
diff --git a/net/rxrpc/conn_object.c b/net/rxrpc/conn_object.c
index 660cd9b1a465..22089e37e97f 100644
--- a/net/rxrpc/conn_object.c
+++ b/net/rxrpc/conn_object.c
@@ -104,7 +104,7 @@ struct rxrpc_connection *rxrpc_find_connection_rcu(struct rxrpc_local *local,
goto not_found;
*_peer = peer;
conn = rxrpc_find_service_conn_rcu(peer, skb);
- if (!conn || atomic_read(&conn->usage) == 0)
+ if (!conn || refcount_read(&conn->ref) == 0)
goto not_found;
_leave(" = %p", conn);
return conn;
@@ -114,7 +114,7 @@ struct rxrpc_connection *rxrpc_find_connection_rcu(struct rxrpc_local *local,
*/
conn = idr_find(&rxrpc_client_conn_ids,
sp->hdr.cid >> RXRPC_CIDSHIFT);
- if (!conn || atomic_read(&conn->usage) == 0) {
+ if (!conn || refcount_read(&conn->ref) == 0) {
_debug("no conn");
goto not_found;
}
@@ -263,11 +263,12 @@ void rxrpc_kill_connection(struct rxrpc_connection *conn)
bool rxrpc_queue_conn(struct rxrpc_connection *conn)
{
const void *here = __builtin_return_address(0);
- int n = atomic_fetch_add_unless(&conn->usage, 1, 0);
- if (n == 0)
+ int r;
+
+ if (!__refcount_inc_not_zero(&conn->ref, &r))
return false;
if (rxrpc_queue_work(&conn->processor))
- trace_rxrpc_conn(conn->debug_id, rxrpc_conn_queued, n + 1, here);
+ trace_rxrpc_conn(conn->debug_id, rxrpc_conn_queued, r + 1, here);
else
rxrpc_put_connection(conn);
return true;
@@ -280,7 +281,7 @@ void rxrpc_see_connection(struct rxrpc_connection *conn)
{
const void *here = __builtin_return_address(0);
if (conn) {
- int n = atomic_read(&conn->usage);
+ int n = refcount_read(&conn->ref);
trace_rxrpc_conn(conn->debug_id, rxrpc_conn_seen, n, here);
}
@@ -292,9 +293,10 @@ void rxrpc_see_connection(struct rxrpc_connection *conn)
struct rxrpc_connection *rxrpc_get_connection(struct rxrpc_connection *conn)
{
const void *here = __builtin_return_address(0);
- int n = atomic_inc_return(&conn->usage);
+ int r;
- trace_rxrpc_conn(conn->debug_id, rxrpc_conn_got, n, here);
+ __refcount_inc(&conn->ref, &r);
+ trace_rxrpc_conn(conn->debug_id, rxrpc_conn_got, r, here);
return conn;
}
@@ -305,11 +307,11 @@ struct rxrpc_connection *
rxrpc_get_connection_maybe(struct rxrpc_connection *conn)
{
const void *here = __builtin_return_address(0);
+ int r;
if (conn) {
- int n = atomic_fetch_add_unless(&conn->usage, 1, 0);
- if (n > 0)
- trace_rxrpc_conn(conn->debug_id, rxrpc_conn_got, n + 1, here);
+ if (__refcount_inc_not_zero(&conn->ref, &r))
+ trace_rxrpc_conn(conn->debug_id, rxrpc_conn_got, r + 1, here);
else
conn = NULL;
}
@@ -333,12 +335,11 @@ void rxrpc_put_service_conn(struct rxrpc_connection *conn)
{
const void *here = __builtin_return_address(0);
unsigned int debug_id = conn->debug_id;
- int n;
+ int r;
- n = atomic_dec_return(&conn->usage);
- trace_rxrpc_conn(debug_id, rxrpc_conn_put_service, n, here);
- ASSERTCMP(n, >=, 0);
- if (n == 1)
+ __refcount_dec(&conn->ref, &r);
+ trace_rxrpc_conn(debug_id, rxrpc_conn_put_service, r - 1, here);
+ if (r - 1 == 1)
rxrpc_set_service_reap_timer(conn->params.local->rxnet,
jiffies + rxrpc_connection_expiry);
}
@@ -351,9 +352,9 @@ static void rxrpc_destroy_connection(struct rcu_head *rcu)
struct rxrpc_connection *conn =
container_of(rcu, struct rxrpc_connection, rcu);
- _enter("{%d,u=%d}", conn->debug_id, atomic_read(&conn->usage));
+ _enter("{%d,u=%d}", conn->debug_id, refcount_read(&conn->ref));
- ASSERTCMP(atomic_read(&conn->usage), ==, 0);
+ ASSERTCMP(refcount_read(&conn->ref), ==, 0);
_net("DESTROY CONN %d", conn->debug_id);
@@ -392,8 +393,8 @@ void rxrpc_service_connection_reaper(struct work_struct *work)
write_lock(&rxnet->conn_lock);
list_for_each_entry_safe(conn, _p, &rxnet->service_conns, link) {
- ASSERTCMP(atomic_read(&conn->usage), >, 0);
- if (likely(atomic_read(&conn->usage) > 1))
+ ASSERTCMP(refcount_read(&conn->ref), >, 0);
+ if (likely(refcount_read(&conn->ref) > 1))
continue;
if (conn->state == RXRPC_CONN_SERVICE_PREALLOC)
continue;
@@ -405,7 +406,7 @@ void rxrpc_service_connection_reaper(struct work_struct *work)
expire_at = idle_timestamp + rxrpc_closed_conn_expiry * HZ;
_debug("reap CONN %d { u=%d,t=%ld }",
- conn->debug_id, atomic_read(&conn->usage),
+ conn->debug_id, refcount_read(&conn->ref),
(long)expire_at - (long)now);
if (time_before(now, expire_at)) {
@@ -418,7 +419,7 @@ void rxrpc_service_connection_reaper(struct work_struct *work)
/* The usage count sits at 1 whilst the object is unused on the
* list; we reduce that to 0 to make the object unavailable.
*/
- if (atomic_cmpxchg(&conn->usage, 1, 0) != 1)
+ if (!refcount_dec_if_one(&conn->ref))
continue;
trace_rxrpc_conn(conn->debug_id, rxrpc_conn_reap_service, 0, NULL);
@@ -442,7 +443,7 @@ void rxrpc_service_connection_reaper(struct work_struct *work)
link);
list_del_init(&conn->link);
- ASSERTCMP(atomic_read(&conn->usage), ==, 0);
+ ASSERTCMP(refcount_read(&conn->ref), ==, 0);
rxrpc_kill_connection(conn);
}
@@ -470,7 +471,7 @@ void rxrpc_destroy_all_connections(struct rxrpc_net *rxnet)
write_lock(&rxnet->conn_lock);
list_for_each_entry_safe(conn, _p, &rxnet->service_conns, link) {
pr_err("AF_RXRPC: Leaked conn %p {%d}\n",
- conn, atomic_read(&conn->usage));
+ conn, refcount_read(&conn->ref));
leak = true;
}
write_unlock(&rxnet->conn_lock);
diff --git a/net/rxrpc/conn_service.c b/net/rxrpc/conn_service.c
index e1966dfc9152..6e6aa02c6f9e 100644
--- a/net/rxrpc/conn_service.c
+++ b/net/rxrpc/conn_service.c
@@ -9,7 +9,7 @@
#include "ar-internal.h"
static struct rxrpc_bundle rxrpc_service_dummy_bundle = {
- .usage = ATOMIC_INIT(1),
+ .ref = REFCOUNT_INIT(1),
.debug_id = UINT_MAX,
.channel_lock = __SPIN_LOCK_UNLOCKED(&rxrpc_service_dummy_bundle.channel_lock),
};
@@ -99,7 +99,7 @@ static void rxrpc_publish_service_conn(struct rxrpc_peer *peer,
return;
found_extant_conn:
- if (atomic_read(&cursor->usage) == 0)
+ if (refcount_read(&cursor->ref) == 0)
goto replace_old_connection;
write_sequnlock_bh(&peer->service_conn_lock);
/* We should not be able to get here. rxrpc_incoming_connection() is
@@ -132,7 +132,7 @@ struct rxrpc_connection *rxrpc_prealloc_service_connection(struct rxrpc_net *rxn
* the rxrpc_connections list.
*/
conn->state = RXRPC_CONN_SERVICE_PREALLOC;
- atomic_set(&conn->usage, 2);
+ refcount_set(&conn->ref, 2);
conn->bundle = rxrpc_get_bundle(&rxrpc_service_dummy_bundle);
atomic_inc(&rxnet->nr_conns);
@@ -142,7 +142,7 @@ struct rxrpc_connection *rxrpc_prealloc_service_connection(struct rxrpc_net *rxn
write_unlock(&rxnet->conn_lock);
trace_rxrpc_conn(conn->debug_id, rxrpc_conn_new_service,
- atomic_read(&conn->usage),
+ refcount_read(&conn->ref),
__builtin_return_address(0));
}
diff --git a/net/rxrpc/input.c b/net/rxrpc/input.c
index 3521ebd0ee41..721d847ba92b 100644
--- a/net/rxrpc/input.c
+++ b/net/rxrpc/input.c
@@ -1190,8 +1190,6 @@ static void rxrpc_post_packet_to_local(struct rxrpc_local *local,
*/
static void rxrpc_reject_packet(struct rxrpc_local *local, struct sk_buff *skb)
{
- CHECK_SLAB_OKAY(&local->usage);
-
if (rxrpc_get_local_maybe(local)) {
skb_queue_tail(&local->reject_queue, skb);
rxrpc_queue_local(local);
@@ -1449,7 +1447,7 @@ int rxrpc_input_packet(struct sock *udp_sk, struct sk_buff *skb)
}
}
- if (!call || atomic_read(&call->usage) == 0) {
+ if (!call || refcount_read(&call->ref) == 0) {
if (rxrpc_to_client(sp) ||
sp->hdr.type != RXRPC_PACKET_TYPE_DATA)
goto bad_message;
diff --git a/net/rxrpc/local_object.c b/net/rxrpc/local_object.c
index 0cbbbbcf490e..38ea98ff426b 100644
--- a/net/rxrpc/local_object.c
+++ b/net/rxrpc/local_object.c
@@ -79,7 +79,7 @@ static struct rxrpc_local *rxrpc_alloc_local(struct rxrpc_net *rxnet,
local = kzalloc(sizeof(struct rxrpc_local), GFP_KERNEL);
if (local) {
- atomic_set(&local->usage, 1);
+ refcount_set(&local->ref, 1);
atomic_set(&local->active_users, 1);
local->rxnet = rxnet;
INIT_HLIST_NODE(&local->link);
@@ -266,10 +266,10 @@ struct rxrpc_local *rxrpc_lookup_local(struct net *net,
struct rxrpc_local *rxrpc_get_local(struct rxrpc_local *local)
{
const void *here = __builtin_return_address(0);
- int n;
+ int r;
- n = atomic_inc_return(&local->usage);
- trace_rxrpc_local(local->debug_id, rxrpc_local_got, n, here);
+ __refcount_inc(&local->ref, &r);
+ trace_rxrpc_local(local->debug_id, rxrpc_local_got, r + 1, here);
return local;
}
@@ -279,12 +279,12 @@ struct rxrpc_local *rxrpc_get_local(struct rxrpc_local *local)
struct rxrpc_local *rxrpc_get_local_maybe(struct rxrpc_local *local)
{
const void *here = __builtin_return_address(0);
+ int r;
if (local) {
- int n = atomic_fetch_add_unless(&local->usage, 1, 0);
- if (n > 0)
+ if (__refcount_inc_not_zero(&local->ref, &r))
trace_rxrpc_local(local->debug_id, rxrpc_local_got,
- n + 1, here);
+ r + 1, here);
else
local = NULL;
}
@@ -298,10 +298,10 @@ void rxrpc_queue_local(struct rxrpc_local *local)
{
const void *here = __builtin_return_address(0);
unsigned int debug_id = local->debug_id;
- int n = atomic_read(&local->usage);
+ int r = refcount_read(&local->ref);
if (rxrpc_queue_work(&local->processor))
- trace_rxrpc_local(debug_id, rxrpc_local_queued, n, here);
+ trace_rxrpc_local(debug_id, rxrpc_local_queued, r + 1, here);
else
rxrpc_put_local(local);
}
@@ -313,15 +313,16 @@ void rxrpc_put_local(struct rxrpc_local *local)
{
const void *here = __builtin_return_address(0);
unsigned int debug_id;
- int n;
+ bool dead;
+ int r;
if (local) {
debug_id = local->debug_id;
- n = atomic_dec_return(&local->usage);
- trace_rxrpc_local(debug_id, rxrpc_local_put, n, here);
+ dead = __refcount_dec_and_test(&local->ref, &r);
+ trace_rxrpc_local(debug_id, rxrpc_local_put, r, here);
- if (n == 0)
+ if (dead)
call_rcu(&local->rcu, rxrpc_local_rcu);
}
}
@@ -409,7 +410,7 @@ static void rxrpc_local_processor(struct work_struct *work)
return;
trace_rxrpc_local(local->debug_id, rxrpc_local_processing,
- atomic_read(&local->usage), NULL);
+ refcount_read(&local->ref), NULL);
do {
again = false;
@@ -465,7 +466,7 @@ void rxrpc_destroy_all_locals(struct rxrpc_net *rxnet)
mutex_lock(&rxnet->local_mutex);
hlist_for_each_entry(local, &rxnet->local_endpoints, link) {
pr_err("AF_RXRPC: Leaked local %p {%d}\n",
- local, atomic_read(&local->usage));
+ local, refcount_read(&local->ref));
}
mutex_unlock(&rxnet->local_mutex);
BUG();
diff --git a/net/rxrpc/peer_object.c b/net/rxrpc/peer_object.c
index 0298fe2ad6d3..26d2ae9baaf2 100644
--- a/net/rxrpc/peer_object.c
+++ b/net/rxrpc/peer_object.c
@@ -121,7 +121,7 @@ static struct rxrpc_peer *__rxrpc_lookup_peer_rcu(
hash_for_each_possible_rcu(rxnet->peer_hash, peer, hash_link, hash_key) {
if (rxrpc_peer_cmp_key(peer, local, srx, hash_key) == 0 &&
- atomic_read(&peer->usage) > 0)
+ refcount_read(&peer->ref) > 0)
return peer;
}
@@ -140,7 +140,7 @@ struct rxrpc_peer *rxrpc_lookup_peer_rcu(struct rxrpc_local *local,
peer = __rxrpc_lookup_peer_rcu(local, srx, hash_key);
if (peer) {
_net("PEER %d {%pISp}", peer->debug_id, &peer->srx.transport);
- _leave(" = %p {u=%d}", peer, atomic_read(&peer->usage));
+ _leave(" = %p {u=%d}", peer, refcount_read(&peer->ref));
}
return peer;
}
@@ -216,7 +216,7 @@ struct rxrpc_peer *rxrpc_alloc_peer(struct rxrpc_local *local, gfp_t gfp)
peer = kzalloc(sizeof(struct rxrpc_peer), gfp);
if (peer) {
- atomic_set(&peer->usage, 1);
+ refcount_set(&peer->ref, 1);
peer->local = rxrpc_get_local(local);
INIT_HLIST_HEAD(&peer->error_targets);
peer->service_conns = RB_ROOT;
@@ -378,7 +378,7 @@ struct rxrpc_peer *rxrpc_lookup_peer(struct rxrpc_sock *rx,
_net("PEER %d {%pISp}", peer->debug_id, &peer->srx.transport);
- _leave(" = %p {u=%d}", peer, atomic_read(&peer->usage));
+ _leave(" = %p {u=%d}", peer, refcount_read(&peer->ref));
return peer;
}
@@ -388,10 +388,10 @@ struct rxrpc_peer *rxrpc_lookup_peer(struct rxrpc_sock *rx,
struct rxrpc_peer *rxrpc_get_peer(struct rxrpc_peer *peer)
{
const void *here = __builtin_return_address(0);
- int n;
+ int r;
- n = atomic_inc_return(&peer->usage);
- trace_rxrpc_peer(peer->debug_id, rxrpc_peer_got, n, here);
+ __refcount_inc(&peer->ref, &r);
+ trace_rxrpc_peer(peer->debug_id, rxrpc_peer_got, r + 1, here);
return peer;
}
@@ -401,11 +401,11 @@ struct rxrpc_peer *rxrpc_get_peer(struct rxrpc_peer *peer)
struct rxrpc_peer *rxrpc_get_peer_maybe(struct rxrpc_peer *peer)
{
const void *here = __builtin_return_address(0);
+ int r;
if (peer) {
- int n = atomic_fetch_add_unless(&peer->usage, 1, 0);
- if (n > 0)
- trace_rxrpc_peer(peer->debug_id, rxrpc_peer_got, n + 1, here);
+ if (__refcount_inc_not_zero(&peer->ref, &r))
+ trace_rxrpc_peer(peer->debug_id, rxrpc_peer_got, r + 1, here);
else
peer = NULL;
}
@@ -436,13 +436,14 @@ void rxrpc_put_peer(struct rxrpc_peer *peer)
{
const void *here = __builtin_return_address(0);
unsigned int debug_id;
- int n;
+ bool dead;
+ int r;
if (peer) {
debug_id = peer->debug_id;
- n = atomic_dec_return(&peer->usage);
- trace_rxrpc_peer(debug_id, rxrpc_peer_put, n, here);
- if (n == 0)
+ dead = __refcount_dec_and_test(&peer->ref, &r);
+ trace_rxrpc_peer(debug_id, rxrpc_peer_put, r - 1, here);
+ if (dead)
__rxrpc_put_peer(peer);
}
}
@@ -455,11 +456,12 @@ void rxrpc_put_peer_locked(struct rxrpc_peer *peer)
{
const void *here = __builtin_return_address(0);
unsigned int debug_id = peer->debug_id;
- int n;
+ bool dead;
+ int r;
- n = atomic_dec_return(&peer->usage);
- trace_rxrpc_peer(debug_id, rxrpc_peer_put, n, here);
- if (n == 0) {
+ dead = __refcount_dec_and_test(&peer->ref, &r);
+ trace_rxrpc_peer(debug_id, rxrpc_peer_put, r - 1, here);
+ if (dead) {
hash_del_rcu(&peer->hash_link);
list_del_init(&peer->keepalive_link);
rxrpc_free_peer(peer);
@@ -481,7 +483,7 @@ void rxrpc_destroy_all_peers(struct rxrpc_net *rxnet)
hlist_for_each_entry(peer, &rxnet->peer_hash[i], hash_link) {
pr_err("Leaked peer %u {%u} %pISp\n",
peer->debug_id,
- atomic_read(&peer->usage),
+ refcount_read(&peer->ref),
&peer->srx.transport);
}
}
diff --git a/net/rxrpc/proc.c b/net/rxrpc/proc.c
index 7d007a66eba5..245418943e01 100644
--- a/net/rxrpc/proc.c
+++ b/net/rxrpc/proc.c
@@ -101,7 +101,7 @@ static int rxrpc_call_seq_show(struct seq_file *seq, void *v)
call->cid,
call->call_id,
rxrpc_is_service_call(call) ? "Svc" : "Clt",
- atomic_read(&call->usage),
+ refcount_read(&call->ref),
rxrpc_call_states[call->state],
call->abort_code,
call->debug_id,
@@ -183,7 +183,7 @@ static int rxrpc_connection_seq_show(struct seq_file *seq, void *v)
conn->service_id,
conn->proto.cid,
rxrpc_conn_is_service(conn) ? "Svc" : "Clt",
- atomic_read(&conn->usage),
+ refcount_read(&conn->ref),
rxrpc_conn_states[conn->state],
key_serial(conn->params.key),
atomic_read(&conn->serial),
@@ -233,7 +233,7 @@ static int rxrpc_peer_seq_show(struct seq_file *seq, void *v)
" %3u %5u %6llus %8u %8u\n",
lbuff,
rbuff,
- atomic_read(&peer->usage),
+ refcount_read(&peer->ref),
peer->cong_cwnd,
peer->mtu,
now - peer->last_tx_at,
@@ -351,7 +351,7 @@ static int rxrpc_local_seq_show(struct seq_file *seq, void *v)
seq_printf(seq,
"UDP %-47.47s %3u %3u\n",
lbuff,
- atomic_read(&local->usage),
+ refcount_read(&local->ref),
atomic_read(&local->active_users));
return 0;
diff --git a/net/rxrpc/skbuff.c b/net/rxrpc/skbuff.c
index 0348d2bf6f7d..580a5acffee7 100644
--- a/net/rxrpc/skbuff.c
+++ b/net/rxrpc/skbuff.c
@@ -71,7 +71,6 @@ void rxrpc_free_skb(struct sk_buff *skb, enum rxrpc_skb_trace op)
const void *here = __builtin_return_address(0);
if (skb) {
int n;
- CHECK_SLAB_OKAY(&skb->users);
n = atomic_dec_return(select_skb_count(skb));
trace_rxrpc_skb(skb, op, refcount_read(&skb->users), n,
rxrpc_skb(skb)->rx_flags, here);
--
2.35.1
^ permalink raw reply related [flat|nested] 217+ messages in thread
* [PATCH 5.15 077/206] rxrpc: Fix race between conn bundle lookup and bundle removal [ZDI-CAN-15975]
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (75 preceding siblings ...)
2022-11-30 18:22 ` [PATCH 5.15 076/206] rxrpc: Use refcount_t rather than atomic_t Greg Kroah-Hartman
@ 2022-11-30 18:22 ` Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 5.15 078/206] net: dsa: sja1105: disallow C45 transactions on the BASE-TX MDIO bus Greg Kroah-Hartman
` (137 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:22 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, David Howells, zdi-disclosures,
Marc Dionne, linux-afs, David S. Miller, Sasha Levin
From: David Howells <dhowells@redhat.com>
[ Upstream commit 3bcd6c7eaa53b56c3f584da46a1f7652e759d0e5 ]
After rxrpc_unbundle_conn() has removed a connection from a bundle, it
checks to see if there are any conns with available channels and, if not,
removes and attempts to destroy the bundle.
Whilst it does check after grabbing client_bundles_lock that there are no
connections attached, this races with rxrpc_look_up_bundle() retrieving the
bundle, but not attaching a connection for the connection to be attached
later.
There is therefore a window in which the bundle can get destroyed before we
manage to attach a new connection to it.
Fix this by adding an "active" counter to struct rxrpc_bundle:
(1) rxrpc_connect_call() obtains an active count by prepping/looking up a
bundle and ditches it before returning.
(2) If, during rxrpc_connect_call(), a connection is added to the bundle,
this obtains an active count, which is held until the connection is
discarded.
(3) rxrpc_deactivate_bundle() is created to drop an active count on a
bundle and destroy it when the active count reaches 0. The active
count is checked inside client_bundles_lock() to prevent a race with
rxrpc_look_up_bundle().
(4) rxrpc_unbundle_conn() then calls rxrpc_deactivate_bundle().
Fixes: 245500d853e9 ("rxrpc: Rewrite the client connection manager")
Reported-by: zdi-disclosures@trendmicro.com # ZDI-CAN-15975
Signed-off-by: David Howells <dhowells@redhat.com>
Tested-by: zdi-disclosures@trendmicro.com
cc: Marc Dionne <marc.dionne@auristor.com>
cc: linux-afs@lists.infradead.org
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/rxrpc/ar-internal.h | 1 +
net/rxrpc/conn_client.c | 38 +++++++++++++++++++++++---------------
2 files changed, 24 insertions(+), 15 deletions(-)
diff --git a/net/rxrpc/ar-internal.h b/net/rxrpc/ar-internal.h
index 62c70709d798..e0123efa2a62 100644
--- a/net/rxrpc/ar-internal.h
+++ b/net/rxrpc/ar-internal.h
@@ -399,6 +399,7 @@ enum rxrpc_conn_proto_state {
struct rxrpc_bundle {
struct rxrpc_conn_parameters params;
refcount_t ref;
+ atomic_t active; /* Number of active users */
unsigned int debug_id;
bool try_upgrade; /* True if the bundle is attempting upgrade */
bool alloc_conn; /* True if someone's getting a conn */
diff --git a/net/rxrpc/conn_client.c b/net/rxrpc/conn_client.c
index 3c9eeb5b750c..bdb335cb2d05 100644
--- a/net/rxrpc/conn_client.c
+++ b/net/rxrpc/conn_client.c
@@ -40,6 +40,8 @@ __read_mostly unsigned long rxrpc_conn_idle_client_fast_expiry = 2 * HZ;
DEFINE_IDR(rxrpc_client_conn_ids);
static DEFINE_SPINLOCK(rxrpc_conn_id_lock);
+static void rxrpc_deactivate_bundle(struct rxrpc_bundle *bundle);
+
/*
* Get a connection ID and epoch for a client connection from the global pool.
* The connection struct pointer is then recorded in the idr radix tree. The
@@ -123,6 +125,7 @@ static struct rxrpc_bundle *rxrpc_alloc_bundle(struct rxrpc_conn_parameters *cp,
bundle->params = *cp;
rxrpc_get_peer(bundle->params.peer);
refcount_set(&bundle->ref, 1);
+ atomic_set(&bundle->active, 1);
spin_lock_init(&bundle->channel_lock);
INIT_LIST_HEAD(&bundle->waiting_calls);
}
@@ -149,7 +152,7 @@ void rxrpc_put_bundle(struct rxrpc_bundle *bundle)
dead = __refcount_dec_and_test(&bundle->ref, &r);
- _debug("PUT B=%x %d", d, r);
+ _debug("PUT B=%x %d", d, r - 1);
if (dead)
rxrpc_free_bundle(bundle);
}
@@ -338,6 +341,7 @@ static struct rxrpc_bundle *rxrpc_look_up_bundle(struct rxrpc_conn_parameters *c
rxrpc_free_bundle(candidate);
found_bundle:
rxrpc_get_bundle(bundle);
+ atomic_inc(&bundle->active);
spin_unlock(&local->client_bundles_lock);
_leave(" = %u [found]", bundle->debug_id);
return bundle;
@@ -435,6 +439,7 @@ static void rxrpc_add_conn_to_bundle(struct rxrpc_bundle *bundle, gfp_t gfp)
if (old)
trace_rxrpc_client(old, -1, rxrpc_client_replace);
candidate->bundle_shift = shift;
+ atomic_inc(&bundle->active);
bundle->conns[i] = candidate;
for (j = 0; j < RXRPC_MAXCALLS; j++)
set_bit(shift + j, &bundle->avail_chans);
@@ -725,6 +730,7 @@ int rxrpc_connect_call(struct rxrpc_sock *rx,
smp_rmb();
out_put_bundle:
+ rxrpc_deactivate_bundle(bundle);
rxrpc_put_bundle(bundle);
out:
_leave(" = %d", ret);
@@ -900,9 +906,8 @@ void rxrpc_disconnect_client_call(struct rxrpc_bundle *bundle, struct rxrpc_call
static void rxrpc_unbundle_conn(struct rxrpc_connection *conn)
{
struct rxrpc_bundle *bundle = conn->bundle;
- struct rxrpc_local *local = bundle->params.local;
unsigned int bindex;
- bool need_drop = false, need_put = false;
+ bool need_drop = false;
int i;
_enter("C=%x", conn->debug_id);
@@ -921,15 +926,22 @@ static void rxrpc_unbundle_conn(struct rxrpc_connection *conn)
}
spin_unlock(&bundle->channel_lock);
- /* If there are no more connections, remove the bundle */
- if (!bundle->avail_chans) {
- _debug("maybe unbundle");
- spin_lock(&local->client_bundles_lock);
+ if (need_drop) {
+ rxrpc_deactivate_bundle(bundle);
+ rxrpc_put_connection(conn);
+ }
+}
- for (i = 0; i < ARRAY_SIZE(bundle->conns); i++)
- if (bundle->conns[i])
- break;
- if (i == ARRAY_SIZE(bundle->conns) && !bundle->params.exclusive) {
+/*
+ * Drop the active count on a bundle.
+ */
+static void rxrpc_deactivate_bundle(struct rxrpc_bundle *bundle)
+{
+ struct rxrpc_local *local = bundle->params.local;
+ bool need_put = false;
+
+ if (atomic_dec_and_lock(&bundle->active, &local->client_bundles_lock)) {
+ if (!bundle->params.exclusive) {
_debug("erase bundle");
rb_erase(&bundle->local_node, &local->client_bundles);
need_put = true;
@@ -939,10 +951,6 @@ static void rxrpc_unbundle_conn(struct rxrpc_connection *conn)
if (need_put)
rxrpc_put_bundle(bundle);
}
-
- if (need_drop)
- rxrpc_put_connection(conn);
- _leave("");
}
/*
--
2.35.1
^ permalink raw reply related [flat|nested] 217+ messages in thread
* [PATCH 5.15 078/206] net: dsa: sja1105: disallow C45 transactions on the BASE-TX MDIO bus
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (76 preceding siblings ...)
2022-11-30 18:22 ` [PATCH 5.15 077/206] rxrpc: Fix race between conn bundle lookup and bundle removal [ZDI-CAN-15975] Greg Kroah-Hartman
@ 2022-11-30 18:22 ` Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 5.15 079/206] nfc/nci: fix race with opening and closing Greg Kroah-Hartman
` (136 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:22 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Vladimir Oltean, Andrew Lunn,
David S. Miller, Sasha Levin
From: Vladimir Oltean <vladimir.oltean@nxp.com>
[ Upstream commit 24deec6b9e4a051635f75777844ffc184644fec9 ]
You'd think people know that the internal 100BASE-TX PHY on the SJA1110
responds only to clause 22 MDIO transactions, but they don't :)
When a clause 45 transaction is attempted, sja1105_base_tx_mdio_read()
and sja1105_base_tx_mdio_write() don't expect "reg" to contain bit 30
set (MII_ADDR_C45) and pack this value into the SPI transaction buffer.
But the field in the SPI buffer has a width smaller than 30 bits, so we
see this confusing message from the packing() API rather than a proper
rejection of C45 transactions:
Call trace:
dump_stack+0x1c/0x38
sja1105_pack+0xbc/0xc0 [sja1105]
sja1105_xfer+0x114/0x2b0 [sja1105]
sja1105_xfer_u32+0x44/0xf4 [sja1105]
sja1105_base_tx_mdio_read+0x44/0x7c [sja1105]
mdiobus_read+0x44/0x80
get_phy_c45_ids+0x70/0x234
get_phy_device+0x68/0x15c
fwnode_mdiobus_register_phy+0x74/0x240
of_mdiobus_register+0x13c/0x380
sja1105_mdiobus_register+0x368/0x490 [sja1105]
sja1105_setup+0x94/0x119c [sja1105]
Cannot store 401d2405 inside bits 24-4 (would truncate)
Fixes: 5a8f09748ee7 ("net: dsa: sja1105: register the MDIO buses for 100base-T1 and 100base-TX")
Signed-off-by: Vladimir Oltean <vladimir.oltean@nxp.com>
Reviewed-by: Andrew Lunn <andrew@lunn.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/dsa/sja1105/sja1105_mdio.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/drivers/net/dsa/sja1105/sja1105_mdio.c b/drivers/net/dsa/sja1105/sja1105_mdio.c
index 215dd17ca790..4059fcc8c832 100644
--- a/drivers/net/dsa/sja1105/sja1105_mdio.c
+++ b/drivers/net/dsa/sja1105/sja1105_mdio.c
@@ -256,6 +256,9 @@ static int sja1105_base_tx_mdio_read(struct mii_bus *bus, int phy, int reg)
u32 tmp;
int rc;
+ if (reg & MII_ADDR_C45)
+ return -EOPNOTSUPP;
+
rc = sja1105_xfer_u32(priv, SPI_READ, regs->mdio_100base_tx + reg,
&tmp, NULL);
if (rc < 0)
@@ -272,6 +275,9 @@ static int sja1105_base_tx_mdio_write(struct mii_bus *bus, int phy, int reg,
const struct sja1105_regs *regs = priv->info->regs;
u32 tmp = val;
+ if (reg & MII_ADDR_C45)
+ return -EOPNOTSUPP;
+
return sja1105_xfer_u32(priv, SPI_WRITE, regs->mdio_100base_tx + reg,
&tmp, NULL);
}
--
2.35.1
^ permalink raw reply related [flat|nested] 217+ messages in thread
* [PATCH 5.15 079/206] nfc/nci: fix race with opening and closing
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (77 preceding siblings ...)
2022-11-30 18:22 ` [PATCH 5.15 078/206] net: dsa: sja1105: disallow C45 transactions on the BASE-TX MDIO bus Greg Kroah-Hartman
@ 2022-11-30 18:22 ` Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 5.15 080/206] net: pch_gbe: fix potential memleak in pch_gbe_tx_queue() Greg Kroah-Hartman
` (135 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:22 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, syzbot+43475bf3cfbd6e41f5b7, Lin Ma,
David S. Miller, Sasha Levin
From: Lin Ma <linma@zju.edu.cn>
[ Upstream commit 0ad6bded175e829c2ca261529c9dce39a32a042d ]
Previously we leverage NCI_UNREG and the lock inside nci_close_device to
prevent the race condition between opening a device and closing a
device. However, it still has problem because a failed opening command
will erase the NCI_UNREG flag and allow another opening command to
bypass the status checking.
This fix corrects that by making sure the NCI_UNREG is held.
Reported-by: syzbot+43475bf3cfbd6e41f5b7@syzkaller.appspotmail.com
Fixes: 48b71a9e66c2 ("NFC: add NCI_UNREG flag to eliminate the race")
Signed-off-by: Lin Ma <linma@zju.edu.cn>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/nfc/nci/core.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/nfc/nci/core.c b/net/nfc/nci/core.c
index 189c9f428a3c..7b6cf9a44aea 100644
--- a/net/nfc/nci/core.c
+++ b/net/nfc/nci/core.c
@@ -542,7 +542,7 @@ static int nci_open_device(struct nci_dev *ndev)
skb_queue_purge(&ndev->tx_q);
ndev->ops->close(ndev);
- ndev->flags = 0;
+ ndev->flags &= BIT(NCI_UNREG);
}
done:
--
2.35.1
^ permalink raw reply related [flat|nested] 217+ messages in thread
* [PATCH 5.15 080/206] net: pch_gbe: fix potential memleak in pch_gbe_tx_queue()
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (78 preceding siblings ...)
2022-11-30 18:22 ` [PATCH 5.15 079/206] nfc/nci: fix race with opening and closing Greg Kroah-Hartman
@ 2022-11-30 18:22 ` Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 5.15 081/206] 9p/fd: fix issue of list_del corruption in p9_fd_cancel() Greg Kroah-Hartman
` (134 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:22 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Wang Hai, David S. Miller, Sasha Levin
From: Wang Hai <wanghai38@huawei.com>
[ Upstream commit 2360f9b8c4e81d242d4cbf99d630a2fffa681fab ]
In pch_gbe_xmit_frame(), NETDEV_TX_OK will be returned whether
pch_gbe_tx_queue() sends data successfully or not, so pch_gbe_tx_queue()
needs to free skb before returning. But pch_gbe_tx_queue() returns without
freeing skb in case of dma_map_single() fails. Add dev_kfree_skb_any()
to fix it.
Fixes: 77555ee72282 ("net: Add Gigabit Ethernet driver of Topcliff PCH")
Signed-off-by: Wang Hai <wanghai38@huawei.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/oki-semi/pch_gbe/pch_gbe_main.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/net/ethernet/oki-semi/pch_gbe/pch_gbe_main.c b/drivers/net/ethernet/oki-semi/pch_gbe/pch_gbe_main.c
index ec3e558f890e..5a42ef6ca762 100644
--- a/drivers/net/ethernet/oki-semi/pch_gbe/pch_gbe_main.c
+++ b/drivers/net/ethernet/oki-semi/pch_gbe/pch_gbe_main.c
@@ -1148,6 +1148,7 @@ static void pch_gbe_tx_queue(struct pch_gbe_adapter *adapter,
buffer_info->dma = 0;
buffer_info->time_stamp = 0;
tx_ring->next_to_use = ring_num;
+ dev_kfree_skb_any(skb);
return;
}
buffer_info->mapped = true;
--
2.35.1
^ permalink raw reply related [flat|nested] 217+ messages in thread
* [PATCH 5.15 081/206] 9p/fd: fix issue of list_del corruption in p9_fd_cancel()
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (79 preceding siblings ...)
2022-11-30 18:22 ` [PATCH 5.15 080/206] net: pch_gbe: fix potential memleak in pch_gbe_tx_queue() Greg Kroah-Hartman
@ 2022-11-30 18:22 ` Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 5.15 082/206] netfilter: conntrack: Fix data-races around ct mark Greg Kroah-Hartman
` (133 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:22 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, syzbot+9b69b8d10ab4a7d88056,
Zhengchao Shao, Dominique Martinet, Sasha Levin
From: Zhengchao Shao <shaozhengchao@huawei.com>
[ Upstream commit 11c10956515b8ec44cf4f2a7b9d8bf8b9dc05ec4 ]
Syz reported the following issue:
kernel BUG at lib/list_debug.c:53!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
RIP: 0010:__list_del_entry_valid.cold+0x5c/0x72
Call Trace:
<TASK>
p9_fd_cancel+0xb1/0x270
p9_client_rpc+0x8ea/0xba0
p9_client_create+0x9c0/0xed0
v9fs_session_init+0x1e0/0x1620
v9fs_mount+0xba/0xb80
legacy_get_tree+0x103/0x200
vfs_get_tree+0x89/0x2d0
path_mount+0x4c0/0x1ac0
__x64_sys_mount+0x33b/0x430
do_syscall_64+0x35/0x80
entry_SYSCALL_64_after_hwframe+0x46/0xb0
</TASK>
The process is as follows:
Thread A: Thread B:
p9_poll_workfn() p9_client_create()
... ...
p9_conn_cancel() p9_fd_cancel()
list_del() ...
... list_del() //list_del
corruption
There is no lock protection when deleting list in p9_conn_cancel(). After
deleting list in Thread A, thread B will delete the same list again. It
will cause issue of list_del corruption.
Setting req->status to REQ_STATUS_ERROR under lock prevents other
cleanup paths from trying to manipulate req_list.
The other thread can safely check req->status because it still holds a
reference to req at this point.
Link: https://lkml.kernel.org/r/20221110122606.383352-1-shaozhengchao@huawei.com
Fixes: 52f1c45dde91 ("9p: trans_fd/p9_conn_cancel: drop client lock earlier")
Reported-by: syzbot+9b69b8d10ab4a7d88056@syzkaller.appspotmail.com
Signed-off-by: Zhengchao Shao <shaozhengchao@huawei.com>
[Dominique: add description of the fix in commit message]
Signed-off-by: Dominique Martinet <asmadeus@codewreck.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/9p/trans_fd.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/net/9p/trans_fd.c b/net/9p/trans_fd.c
index a8c1f742148c..31f2026514f3 100644
--- a/net/9p/trans_fd.c
+++ b/net/9p/trans_fd.c
@@ -204,9 +204,11 @@ static void p9_conn_cancel(struct p9_conn *m, int err)
list_for_each_entry_safe(req, rtmp, &m->req_list, req_list) {
list_move(&req->req_list, &cancel_list);
+ req->status = REQ_STATUS_ERROR;
}
list_for_each_entry_safe(req, rtmp, &m->unsent_req_list, req_list) {
list_move(&req->req_list, &cancel_list);
+ req->status = REQ_STATUS_ERROR;
}
spin_unlock(&m->req_lock);
--
2.35.1
^ permalink raw reply related [flat|nested] 217+ messages in thread
* [PATCH 5.15 082/206] netfilter: conntrack: Fix data-races around ct mark
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (80 preceding siblings ...)
2022-11-30 18:22 ` [PATCH 5.15 081/206] 9p/fd: fix issue of list_del corruption in p9_fd_cancel() Greg Kroah-Hartman
@ 2022-11-30 18:22 ` Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 5.15 083/206] netfilter: nf_tables: do not set up extensions for end interval Greg Kroah-Hartman
` (132 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:22 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Daniel Xu, Pablo Neira Ayuso, Sasha Levin
From: Daniel Xu <dxu@dxuuu.xyz>
[ Upstream commit 52d1aa8b8249ff477aaa38b6f74a8ced780d079c ]
nf_conn:mark can be read from and written to in parallel. Use
READ_ONCE()/WRITE_ONCE() for reads and writes to prevent unwanted
compiler optimizations.
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Signed-off-by: Daniel Xu <dxu@dxuuu.xyz>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/core/flow_dissector.c | 2 +-
net/ipv4/netfilter/ipt_CLUSTERIP.c | 4 ++--
net/netfilter/nf_conntrack_core.c | 2 +-
net/netfilter/nf_conntrack_netlink.c | 24 ++++++++++++++----------
net/netfilter/nf_conntrack_standalone.c | 2 +-
net/netfilter/nft_ct.c | 6 +++---
net/netfilter/xt_connmark.c | 18 ++++++++++--------
net/openvswitch/conntrack.c | 8 ++++----
net/sched/act_connmark.c | 4 ++--
net/sched/act_ct.c | 8 ++++----
net/sched/act_ctinfo.c | 6 +++---
11 files changed, 45 insertions(+), 39 deletions(-)
diff --git a/net/core/flow_dissector.c b/net/core/flow_dissector.c
index 1c34e2266578..1d230f041386 100644
--- a/net/core/flow_dissector.c
+++ b/net/core/flow_dissector.c
@@ -270,7 +270,7 @@ skb_flow_dissect_ct(const struct sk_buff *skb,
key->ct_zone = ct->zone.id;
#endif
#if IS_ENABLED(CONFIG_NF_CONNTRACK_MARK)
- key->ct_mark = ct->mark;
+ key->ct_mark = READ_ONCE(ct->mark);
#endif
cl = nf_ct_labels_find(ct);
diff --git a/net/ipv4/netfilter/ipt_CLUSTERIP.c b/net/ipv4/netfilter/ipt_CLUSTERIP.c
index b518f20c9a24..34737b1d6526 100644
--- a/net/ipv4/netfilter/ipt_CLUSTERIP.c
+++ b/net/ipv4/netfilter/ipt_CLUSTERIP.c
@@ -435,7 +435,7 @@ clusterip_tg(struct sk_buff *skb, const struct xt_action_param *par)
switch (ctinfo) {
case IP_CT_NEW:
- ct->mark = hash;
+ WRITE_ONCE(ct->mark, hash);
break;
case IP_CT_RELATED:
case IP_CT_RELATED_REPLY:
@@ -452,7 +452,7 @@ clusterip_tg(struct sk_buff *skb, const struct xt_action_param *par)
#ifdef DEBUG
nf_ct_dump_tuple_ip(&ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple);
#endif
- pr_debug("hash=%u ct_hash=%u ", hash, ct->mark);
+ pr_debug("hash=%u ct_hash=%u ", hash, READ_ONCE(ct->mark));
if (!clusterip_responsible(cipinfo->config, hash)) {
pr_debug("not responsible\n");
return NF_DROP;
diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c
index 9da5ee6c50cd..43ea8cfd374b 100644
--- a/net/netfilter/nf_conntrack_core.c
+++ b/net/netfilter/nf_conntrack_core.c
@@ -1735,7 +1735,7 @@ init_conntrack(struct net *net, struct nf_conn *tmpl,
}
#ifdef CONFIG_NF_CONNTRACK_MARK
- ct->mark = exp->master->mark;
+ ct->mark = READ_ONCE(exp->master->mark);
#endif
#ifdef CONFIG_NF_CONNTRACK_SECMARK
ct->secmark = exp->master->secmark;
diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c
index ef0a78aa9ba9..1727a4c4764f 100644
--- a/net/netfilter/nf_conntrack_netlink.c
+++ b/net/netfilter/nf_conntrack_netlink.c
@@ -322,9 +322,9 @@ ctnetlink_dump_timestamp(struct sk_buff *skb, const struct nf_conn *ct)
}
#ifdef CONFIG_NF_CONNTRACK_MARK
-static int ctnetlink_dump_mark(struct sk_buff *skb, const struct nf_conn *ct)
+static int ctnetlink_dump_mark(struct sk_buff *skb, u32 mark)
{
- if (nla_put_be32(skb, CTA_MARK, htonl(ct->mark)))
+ if (nla_put_be32(skb, CTA_MARK, htonl(mark)))
goto nla_put_failure;
return 0;
@@ -537,7 +537,7 @@ static int ctnetlink_dump_extinfo(struct sk_buff *skb,
static int ctnetlink_dump_info(struct sk_buff *skb, struct nf_conn *ct)
{
if (ctnetlink_dump_status(skb, ct) < 0 ||
- ctnetlink_dump_mark(skb, ct) < 0 ||
+ ctnetlink_dump_mark(skb, READ_ONCE(ct->mark)) < 0 ||
ctnetlink_dump_secctx(skb, ct) < 0 ||
ctnetlink_dump_id(skb, ct) < 0 ||
ctnetlink_dump_use(skb, ct) < 0 ||
@@ -716,6 +716,7 @@ ctnetlink_conntrack_event(unsigned int events, const struct nf_ct_event *item)
struct sk_buff *skb;
unsigned int type;
unsigned int flags = 0, group;
+ u32 mark;
int err;
if (events & (1 << IPCT_DESTROY)) {
@@ -820,8 +821,9 @@ ctnetlink_conntrack_event(unsigned int events, const struct nf_ct_event *item)
}
#ifdef CONFIG_NF_CONNTRACK_MARK
- if ((events & (1 << IPCT_MARK) || ct->mark)
- && ctnetlink_dump_mark(skb, ct) < 0)
+ mark = READ_ONCE(ct->mark);
+ if ((events & (1 << IPCT_MARK) || mark) &&
+ ctnetlink_dump_mark(skb, mark) < 0)
goto nla_put_failure;
#endif
nlmsg_end(skb, nlh);
@@ -1148,7 +1150,7 @@ static int ctnetlink_filter_match(struct nf_conn *ct, void *data)
}
#ifdef CONFIG_NF_CONNTRACK_MARK
- if ((ct->mark & filter->mark.mask) != filter->mark.val)
+ if ((READ_ONCE(ct->mark) & filter->mark.mask) != filter->mark.val)
goto ignore_entry;
#endif
status = (u32)READ_ONCE(ct->status);
@@ -2016,9 +2018,9 @@ static void ctnetlink_change_mark(struct nf_conn *ct,
mask = ~ntohl(nla_get_be32(cda[CTA_MARK_MASK]));
mark = ntohl(nla_get_be32(cda[CTA_MARK]));
- newmark = (ct->mark & mask) ^ mark;
- if (newmark != ct->mark)
- ct->mark = newmark;
+ newmark = (READ_ONCE(ct->mark) & mask) ^ mark;
+ if (newmark != READ_ONCE(ct->mark))
+ WRITE_ONCE(ct->mark, newmark);
}
#endif
@@ -2690,6 +2692,7 @@ static int __ctnetlink_glue_build(struct sk_buff *skb, struct nf_conn *ct)
{
const struct nf_conntrack_zone *zone;
struct nlattr *nest_parms;
+ u32 mark;
zone = nf_ct_zone(ct);
@@ -2751,7 +2754,8 @@ static int __ctnetlink_glue_build(struct sk_buff *skb, struct nf_conn *ct)
goto nla_put_failure;
#ifdef CONFIG_NF_CONNTRACK_MARK
- if (ct->mark && ctnetlink_dump_mark(skb, ct) < 0)
+ mark = READ_ONCE(ct->mark);
+ if (mark && ctnetlink_dump_mark(skb, mark) < 0)
goto nla_put_failure;
#endif
if (ctnetlink_dump_labels(skb, ct) < 0)
diff --git a/net/netfilter/nf_conntrack_standalone.c b/net/netfilter/nf_conntrack_standalone.c
index 55aa55b252b2..4d85368203e0 100644
--- a/net/netfilter/nf_conntrack_standalone.c
+++ b/net/netfilter/nf_conntrack_standalone.c
@@ -363,7 +363,7 @@ static int ct_seq_show(struct seq_file *s, void *v)
goto release;
#if defined(CONFIG_NF_CONNTRACK_MARK)
- seq_printf(s, "mark=%u ", ct->mark);
+ seq_printf(s, "mark=%u ", READ_ONCE(ct->mark));
#endif
ct_show_secctx(s, ct);
diff --git a/net/netfilter/nft_ct.c b/net/netfilter/nft_ct.c
index 9c7472af9e4a..bd468e955a21 100644
--- a/net/netfilter/nft_ct.c
+++ b/net/netfilter/nft_ct.c
@@ -97,7 +97,7 @@ static void nft_ct_get_eval(const struct nft_expr *expr,
return;
#ifdef CONFIG_NF_CONNTRACK_MARK
case NFT_CT_MARK:
- *dest = ct->mark;
+ *dest = READ_ONCE(ct->mark);
return;
#endif
#ifdef CONFIG_NF_CONNTRACK_SECMARK
@@ -296,8 +296,8 @@ static void nft_ct_set_eval(const struct nft_expr *expr,
switch (priv->key) {
#ifdef CONFIG_NF_CONNTRACK_MARK
case NFT_CT_MARK:
- if (ct->mark != value) {
- ct->mark = value;
+ if (READ_ONCE(ct->mark) != value) {
+ WRITE_ONCE(ct->mark, value);
nf_conntrack_event_cache(IPCT_MARK, ct);
}
break;
diff --git a/net/netfilter/xt_connmark.c b/net/netfilter/xt_connmark.c
index e5ebc0810675..ad3c033db64e 100644
--- a/net/netfilter/xt_connmark.c
+++ b/net/netfilter/xt_connmark.c
@@ -30,6 +30,7 @@ connmark_tg_shift(struct sk_buff *skb, const struct xt_connmark_tginfo2 *info)
u_int32_t new_targetmark;
struct nf_conn *ct;
u_int32_t newmark;
+ u_int32_t oldmark;
ct = nf_ct_get(skb, &ctinfo);
if (ct == NULL)
@@ -37,14 +38,15 @@ connmark_tg_shift(struct sk_buff *skb, const struct xt_connmark_tginfo2 *info)
switch (info->mode) {
case XT_CONNMARK_SET:
- newmark = (ct->mark & ~info->ctmask) ^ info->ctmark;
+ oldmark = READ_ONCE(ct->mark);
+ newmark = (oldmark & ~info->ctmask) ^ info->ctmark;
if (info->shift_dir == D_SHIFT_RIGHT)
newmark >>= info->shift_bits;
else
newmark <<= info->shift_bits;
- if (ct->mark != newmark) {
- ct->mark = newmark;
+ if (READ_ONCE(ct->mark) != newmark) {
+ WRITE_ONCE(ct->mark, newmark);
nf_conntrack_event_cache(IPCT_MARK, ct);
}
break;
@@ -55,15 +57,15 @@ connmark_tg_shift(struct sk_buff *skb, const struct xt_connmark_tginfo2 *info)
else
new_targetmark <<= info->shift_bits;
- newmark = (ct->mark & ~info->ctmask) ^
+ newmark = (READ_ONCE(ct->mark) & ~info->ctmask) ^
new_targetmark;
- if (ct->mark != newmark) {
- ct->mark = newmark;
+ if (READ_ONCE(ct->mark) != newmark) {
+ WRITE_ONCE(ct->mark, newmark);
nf_conntrack_event_cache(IPCT_MARK, ct);
}
break;
case XT_CONNMARK_RESTORE:
- new_targetmark = (ct->mark & info->ctmask);
+ new_targetmark = (READ_ONCE(ct->mark) & info->ctmask);
if (info->shift_dir == D_SHIFT_RIGHT)
new_targetmark >>= info->shift_bits;
else
@@ -126,7 +128,7 @@ connmark_mt(const struct sk_buff *skb, struct xt_action_param *par)
if (ct == NULL)
return false;
- return ((ct->mark & info->mask) == info->mark) ^ info->invert;
+ return ((READ_ONCE(ct->mark) & info->mask) == info->mark) ^ info->invert;
}
static int connmark_mt_check(const struct xt_mtchk_param *par)
diff --git a/net/openvswitch/conntrack.c b/net/openvswitch/conntrack.c
index dc86f03309c1..7106ce231a2d 100644
--- a/net/openvswitch/conntrack.c
+++ b/net/openvswitch/conntrack.c
@@ -150,7 +150,7 @@ static u8 ovs_ct_get_state(enum ip_conntrack_info ctinfo)
static u32 ovs_ct_get_mark(const struct nf_conn *ct)
{
#if IS_ENABLED(CONFIG_NF_CONNTRACK_MARK)
- return ct ? ct->mark : 0;
+ return ct ? READ_ONCE(ct->mark) : 0;
#else
return 0;
#endif
@@ -338,9 +338,9 @@ static int ovs_ct_set_mark(struct nf_conn *ct, struct sw_flow_key *key,
#if IS_ENABLED(CONFIG_NF_CONNTRACK_MARK)
u32 new_mark;
- new_mark = ct_mark | (ct->mark & ~(mask));
- if (ct->mark != new_mark) {
- ct->mark = new_mark;
+ new_mark = ct_mark | (READ_ONCE(ct->mark) & ~(mask));
+ if (READ_ONCE(ct->mark) != new_mark) {
+ WRITE_ONCE(ct->mark, new_mark);
if (nf_ct_is_confirmed(ct))
nf_conntrack_event_cache(IPCT_MARK, ct);
key->ct.mark = new_mark;
diff --git a/net/sched/act_connmark.c b/net/sched/act_connmark.c
index 94e78ac7a748..032ef927d0eb 100644
--- a/net/sched/act_connmark.c
+++ b/net/sched/act_connmark.c
@@ -62,7 +62,7 @@ static int tcf_connmark_act(struct sk_buff *skb, const struct tc_action *a,
c = nf_ct_get(skb, &ctinfo);
if (c) {
- skb->mark = c->mark;
+ skb->mark = READ_ONCE(c->mark);
/* using overlimits stats to count how many packets marked */
ca->tcf_qstats.overlimits++;
goto out;
@@ -82,7 +82,7 @@ static int tcf_connmark_act(struct sk_buff *skb, const struct tc_action *a,
c = nf_ct_tuplehash_to_ctrack(thash);
/* using overlimits stats to count how many packets marked */
ca->tcf_qstats.overlimits++;
- skb->mark = c->mark;
+ skb->mark = READ_ONCE(c->mark);
nf_ct_put(c);
out:
diff --git a/net/sched/act_ct.c b/net/sched/act_ct.c
index d85fdefe5730..81a2d6cbfb44 100644
--- a/net/sched/act_ct.c
+++ b/net/sched/act_ct.c
@@ -177,7 +177,7 @@ static void tcf_ct_flow_table_add_action_meta(struct nf_conn *ct,
entry = tcf_ct_flow_table_flow_action_get_next(action);
entry->id = FLOW_ACTION_CT_METADATA;
#if IS_ENABLED(CONFIG_NF_CONNTRACK_MARK)
- entry->ct_metadata.mark = ct->mark;
+ entry->ct_metadata.mark = READ_ONCE(ct->mark);
#endif
ctinfo = dir == IP_CT_DIR_ORIGINAL ? IP_CT_ESTABLISHED :
IP_CT_ESTABLISHED_REPLY;
@@ -856,9 +856,9 @@ static void tcf_ct_act_set_mark(struct nf_conn *ct, u32 mark, u32 mask)
if (!mask)
return;
- new_mark = mark | (ct->mark & ~(mask));
- if (ct->mark != new_mark) {
- ct->mark = new_mark;
+ new_mark = mark | (READ_ONCE(ct->mark) & ~(mask));
+ if (READ_ONCE(ct->mark) != new_mark) {
+ WRITE_ONCE(ct->mark, new_mark);
if (nf_ct_is_confirmed(ct))
nf_conntrack_event_cache(IPCT_MARK, ct);
}
diff --git a/net/sched/act_ctinfo.c b/net/sched/act_ctinfo.c
index 549374a2d008..2d75fe1223ac 100644
--- a/net/sched/act_ctinfo.c
+++ b/net/sched/act_ctinfo.c
@@ -33,7 +33,7 @@ static void tcf_ctinfo_dscp_set(struct nf_conn *ct, struct tcf_ctinfo *ca,
{
u8 dscp, newdscp;
- newdscp = (((ct->mark & cp->dscpmask) >> cp->dscpmaskshift) << 2) &
+ newdscp = (((READ_ONCE(ct->mark) & cp->dscpmask) >> cp->dscpmaskshift) << 2) &
~INET_ECN_MASK;
switch (proto) {
@@ -73,7 +73,7 @@ static void tcf_ctinfo_cpmark_set(struct nf_conn *ct, struct tcf_ctinfo *ca,
struct sk_buff *skb)
{
ca->stats_cpmark_set++;
- skb->mark = ct->mark & cp->cpmarkmask;
+ skb->mark = READ_ONCE(ct->mark) & cp->cpmarkmask;
}
static int tcf_ctinfo_act(struct sk_buff *skb, const struct tc_action *a,
@@ -131,7 +131,7 @@ static int tcf_ctinfo_act(struct sk_buff *skb, const struct tc_action *a,
}
if (cp->mode & CTINFO_MODE_DSCP)
- if (!cp->dscpstatemask || (ct->mark & cp->dscpstatemask))
+ if (!cp->dscpstatemask || (READ_ONCE(ct->mark) & cp->dscpstatemask))
tcf_ctinfo_dscp_set(ct, ca, cp, skb, wlen, proto);
if (cp->mode & CTINFO_MODE_CPMARK)
--
2.35.1
^ permalink raw reply related [flat|nested] 217+ messages in thread
* [PATCH 5.15 083/206] netfilter: nf_tables: do not set up extensions for end interval
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (81 preceding siblings ...)
2022-11-30 18:22 ` [PATCH 5.15 082/206] netfilter: conntrack: Fix data-races around ct mark Greg Kroah-Hartman
@ 2022-11-30 18:22 ` Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 5.15 084/206] iavf: Fix a crash during reset task Greg Kroah-Hartman
` (131 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:22 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Pablo Neira Ayuso, Sasha Levin
From: Pablo Neira Ayuso <pablo@netfilter.org>
[ Upstream commit 33c7aba0b4ffd6d7cdab862a034eb582a5120a38 ]
Elements with an end interval flag set on do not store extensions. The
global set definition is currently setting on the timeout and stateful
expression for end interval elements.
This leads to skipping end interval elements from the set->ops->walk()
path as the expired check bogusly reports true.
Moreover, do not set up stateful expressions for elements with end
interval flag set on since this is never used.
Fixes: 65038428b2c6 ("netfilter: nf_tables: allow to specify stateful expression in set definition")
Fixes: 8d8540c4f5e0 ("netfilter: nft_set_rbtree: add timeout support")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/netfilter/nf_tables_api.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
index 227f03db7ee1..3fac57d66dda 100644
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -5813,7 +5813,8 @@ static int nft_add_set_elem(struct nft_ctx *ctx, struct nft_set *set,
&timeout);
if (err)
return err;
- } else if (set->flags & NFT_SET_TIMEOUT) {
+ } else if (set->flags & NFT_SET_TIMEOUT &&
+ !(flags & NFT_SET_ELEM_INTERVAL_END)) {
timeout = set->timeout;
}
@@ -5879,7 +5880,8 @@ static int nft_add_set_elem(struct nft_ctx *ctx, struct nft_set *set,
err = -EOPNOTSUPP;
goto err_set_elem_expr;
}
- } else if (set->num_exprs > 0) {
+ } else if (set->num_exprs > 0 &&
+ !(flags & NFT_SET_ELEM_INTERVAL_END)) {
err = nft_set_elem_expr_clone(ctx, set, expr_array);
if (err < 0)
goto err_set_elem_expr_clone;
--
2.35.1
^ permalink raw reply related [flat|nested] 217+ messages in thread
* [PATCH 5.15 084/206] iavf: Fix a crash during reset task
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (82 preceding siblings ...)
2022-11-30 18:22 ` [PATCH 5.15 083/206] netfilter: nf_tables: do not set up extensions for end interval Greg Kroah-Hartman
@ 2022-11-30 18:22 ` Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 5.15 085/206] iavf: Do not restart Tx queues after reset task failure Greg Kroah-Hartman
` (130 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:22 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Jacob Keller, Patryk Piotrowski,
SlawomirX Laba, Ivan Vecera, Konrad Jankowski, Tony Nguyen,
Sasha Levin
From: Ivan Vecera <ivecera@redhat.com>
[ Upstream commit c678669d6b13b77de3b99b97526aaf23c3088d0a ]
Recent commit aa626da947e9 ("iavf: Detach device during reset task")
removed netif_tx_stop_all_queues() with an assumption that Tx queues
are already stopped by netif_device_detach() in the beginning of
reset task. This assumption is incorrect because during reset
task a potential link event can start Tx queues again.
Revert this change to fix this issue.
Reproducer:
1. Run some Tx traffic (e.g. iperf3) over iavf interface
2. Switch MTU of this interface in a loop
[root@host ~]# cat repro.sh
IF=enp2s0f0v0
iperf3 -c 192.168.0.1 -t 600 --logfile /dev/null &
sleep 2
while :; do
for i in 1280 1500 2000 900 ; do
ip link set $IF mtu $i
sleep 2
done
done
[root@host ~]# ./repro.sh
Result:
[ 306.199917] iavf 0000:02:02.0 enp2s0f0v0: NIC Link is Up Speed is 40 Gbps Full Duplex
[ 308.205944] iavf 0000:02:02.0 enp2s0f0v0: NIC Link is Up Speed is 40 Gbps Full Duplex
[ 310.103223] BUG: kernel NULL pointer dereference, address: 0000000000000008
[ 310.110179] #PF: supervisor write access in kernel mode
[ 310.115396] #PF: error_code(0x0002) - not-present page
[ 310.120526] PGD 0 P4D 0
[ 310.123057] Oops: 0002 [#1] PREEMPT SMP NOPTI
[ 310.127408] CPU: 24 PID: 183 Comm: kworker/u64:9 Kdump: loaded Not tainted 6.1.0-rc3+ #2
[ 310.135485] Hardware name: Abacus electric, s.r.o. - servis@abacus.cz Super Server/H12SSW-iN, BIOS 2.4 04/13/2022
[ 310.145728] Workqueue: iavf iavf_reset_task [iavf]
[ 310.150520] RIP: 0010:iavf_xmit_frame_ring+0xd1/0xf70 [iavf]
[ 310.156180] Code: d0 0f 86 da 00 00 00 83 e8 01 0f b7 fa 29 f8 01 c8 39 c6 0f 8f a0 08 00 00 48 8b 45 20 48 8d 14 92 bf 01 00 00 00 4c 8d 3c d0 <49> 89 5f 08 8b 43 70 66 41 89 7f 14 41 89 47 10 f6 83 82 00 00 00
[ 310.174918] RSP: 0018:ffffbb5f0082caa0 EFLAGS: 00010293
[ 310.180137] RAX: 0000000000000000 RBX: ffff92345471a6e8 RCX: 0000000000000200
[ 310.187259] RDX: 0000000000000000 RSI: 000000000000000d RDI: 0000000000000001
[ 310.194385] RBP: ffff92341d249000 R08: ffff92434987fcac R09: 0000000000000001
[ 310.201509] R10: 0000000011f683b9 R11: 0000000011f50641 R12: 0000000000000008
[ 310.208631] R13: ffff923447500000 R14: 0000000000000000 R15: 0000000000000000
[ 310.215756] FS: 0000000000000000(0000) GS:ffff92434ee00000(0000) knlGS:0000000000000000
[ 310.223835] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 310.229572] CR2: 0000000000000008 CR3: 0000000fbc210004 CR4: 0000000000770ee0
[ 310.236696] PKRU: 55555554
[ 310.239399] Call Trace:
[ 310.241844] <IRQ>
[ 310.243855] ? dst_alloc+0x5b/0xb0
[ 310.247260] dev_hard_start_xmit+0x9e/0x1f0
[ 310.251439] sch_direct_xmit+0xa0/0x370
[ 310.255276] __qdisc_run+0x13e/0x580
[ 310.258848] __dev_queue_xmit+0x431/0xd00
[ 310.262851] ? selinux_ip_postroute+0x147/0x3f0
[ 310.267377] ip_finish_output2+0x26c/0x540
Fixes: aa626da947e9 ("iavf: Detach device during reset task")
Cc: Jacob Keller <jacob.e.keller@intel.com>
Cc: Patryk Piotrowski <patryk.piotrowski@intel.com>
Cc: SlawomirX Laba <slawomirx.laba@intel.com>
Signed-off-by: Ivan Vecera <ivecera@redhat.com>
Tested-by: Konrad Jankowski <konrad0.jankowski@intel.com>
Signed-off-by: Tony Nguyen <anthony.l.nguyen@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/intel/iavf/iavf_main.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/net/ethernet/intel/iavf/iavf_main.c b/drivers/net/ethernet/intel/iavf/iavf_main.c
index 629ebdfa48b8..493d3c407d4f 100644
--- a/drivers/net/ethernet/intel/iavf/iavf_main.c
+++ b/drivers/net/ethernet/intel/iavf/iavf_main.c
@@ -2381,6 +2381,7 @@ static void iavf_reset_task(struct work_struct *work)
if (running) {
netif_carrier_off(netdev);
+ netif_tx_stop_all_queues(netdev);
adapter->link_up = false;
iavf_napi_disable_all(adapter);
}
--
2.35.1
^ permalink raw reply related [flat|nested] 217+ messages in thread
* [PATCH 5.15 085/206] iavf: Do not restart Tx queues after reset task failure
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (83 preceding siblings ...)
2022-11-30 18:22 ` [PATCH 5.15 084/206] iavf: Fix a crash during reset task Greg Kroah-Hartman
@ 2022-11-30 18:22 ` Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 5.15 086/206] iavf: Fix race condition between iavf_shutdown and iavf_remove Greg Kroah-Hartman
` (129 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:22 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Jacob Keller, Patryk Piotrowski,
SlawomirX Laba, Ivan Vecera, Leon Romanovsky, Konrad Jankowski,
Tony Nguyen, Sasha Levin
From: Ivan Vecera <ivecera@redhat.com>
[ Upstream commit 08f1c147b7265245d67321585c68a27e990e0c4b ]
After commit aa626da947e9 ("iavf: Detach device during reset task")
the device is detached during reset task and re-attached at its end.
The problem occurs when reset task fails because Tx queues are
restarted during device re-attach and this leads later to a crash.
To resolve this issue properly close the net device in cause of
failure in reset task to avoid restarting of tx queues at the end.
Also replace the hacky manipulation with IFF_UP flag by device close
that clears properly both IFF_UP and __LINK_STATE_START flags.
In these case iavf_close() does not do anything because the adapter
state is already __IAVF_DOWN.
Reproducer:
1) Run some Tx traffic (e.g. iperf3) over iavf interface
2) Set VF trusted / untrusted in loop
[root@host ~]# cat repro.sh
PF=enp65s0f0
IF=${PF}v0
ip link set up $IF
ip addr add 192.168.0.2/24 dev $IF
sleep 1
iperf3 -c 192.168.0.1 -t 600 --logfile /dev/null &
sleep 2
while :; do
ip link set $PF vf 0 trust on
ip link set $PF vf 0 trust off
done
[root@host ~]# ./repro.sh
Result:
[ 2006.650969] iavf 0000:41:01.0: Failed to init adminq: -53
[ 2006.675662] ice 0000:41:00.0: VF 0 is now trusted
[ 2006.689997] iavf 0000:41:01.0: Reset task did not complete, VF disabled
[ 2006.696611] iavf 0000:41:01.0: failed to allocate resources during reinit
[ 2006.703209] ice 0000:41:00.0: VF 0 is now untrusted
[ 2006.737011] ice 0000:41:00.0: VF 0 is now trusted
[ 2006.764536] ice 0000:41:00.0: VF 0 is now untrusted
[ 2006.768919] BUG: kernel NULL pointer dereference, address: 0000000000000b4a
[ 2006.776358] #PF: supervisor read access in kernel mode
[ 2006.781488] #PF: error_code(0x0000) - not-present page
[ 2006.786620] PGD 0 P4D 0
[ 2006.789152] Oops: 0000 [#1] PREEMPT SMP NOPTI
[ 2006.792903] ice 0000:41:00.0: VF 0 is now trusted
[ 2006.793501] CPU: 4 PID: 0 Comm: swapper/4 Kdump: loaded Not tainted 6.1.0-rc3+ #2
[ 2006.805668] Hardware name: Abacus electric, s.r.o. - servis@abacus.cz Super Server/H12SSW-iN, BIOS 2.4 04/13/2022
[ 2006.815915] RIP: 0010:iavf_xmit_frame_ring+0x96/0xf70 [iavf]
[ 2006.821028] ice 0000:41:00.0: VF 0 is now untrusted
[ 2006.821572] Code: 48 83 c1 04 48 c1 e1 04 48 01 f9 48 83 c0 10 6b 50 f8 55 c1 ea 14 45 8d 64 14 01 48 39 c8 75 eb 41 83 fc 07 0f 8f e9 08 00 00 <0f> b7 45 4a 0f b7 55 48 41 8d 74 24 05 31 c9 66 39 d0 0f 86 da 00
[ 2006.845181] RSP: 0018:ffffb253004bc9e8 EFLAGS: 00010293
[ 2006.850397] RAX: ffff9d154de45b00 RBX: ffff9d15497d52e8 RCX: ffff9d154de45b00
[ 2006.856327] ice 0000:41:00.0: VF 0 is now trusted
[ 2006.857523] RDX: 0000000000000000 RSI: 00000000000005a8 RDI: ffff9d154de45ac0
[ 2006.857525] RBP: 0000000000000b00 R08: ffff9d159cb010ac R09: 0000000000000001
[ 2006.857526] R10: ffff9d154de45940 R11: 0000000000000000 R12: 0000000000000002
[ 2006.883600] R13: ffff9d1770838dc0 R14: 0000000000000000 R15: ffffffffc07b8380
[ 2006.885840] ice 0000:41:00.0: VF 0 is now untrusted
[ 2006.890725] FS: 0000000000000000(0000) GS:ffff9d248e900000(0000) knlGS:0000000000000000
[ 2006.890727] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 2006.909419] CR2: 0000000000000b4a CR3: 0000000c39c10002 CR4: 0000000000770ee0
[ 2006.916543] PKRU: 55555554
[ 2006.918254] ice 0000:41:00.0: VF 0 is now trusted
[ 2006.919248] Call Trace:
[ 2006.919250] <IRQ>
[ 2006.919252] dev_hard_start_xmit+0x9e/0x1f0
[ 2006.932587] sch_direct_xmit+0xa0/0x370
[ 2006.936424] __dev_queue_xmit+0x7af/0xd00
[ 2006.940429] ip_finish_output2+0x26c/0x540
[ 2006.944519] ip_output+0x71/0x110
[ 2006.947831] ? __ip_finish_output+0x2b0/0x2b0
[ 2006.952180] __ip_queue_xmit+0x16d/0x400
[ 2006.952721] ice 0000:41:00.0: VF 0 is now untrusted
[ 2006.956098] __tcp_transmit_skb+0xa96/0xbf0
[ 2006.965148] __tcp_retransmit_skb+0x174/0x860
[ 2006.969499] ? cubictcp_cwnd_event+0x40/0x40
[ 2006.973769] tcp_retransmit_skb+0x14/0xb0
...
Fixes: aa626da947e9 ("iavf: Detach device during reset task")
Cc: Jacob Keller <jacob.e.keller@intel.com>
Cc: Patryk Piotrowski <patryk.piotrowski@intel.com>
Cc: SlawomirX Laba <slawomirx.laba@intel.com>
Signed-off-by: Ivan Vecera <ivecera@redhat.com>
Reviewed-by: Jacob Keller <jacob.e.keller@intel.com>
Reviewed-by: Leon Romanovsky <leonro@nvidia.com>
Tested-by: Konrad Jankowski <konrad0.jankowski@intel.com>
Signed-off-by: Tony Nguyen <anthony.l.nguyen@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/intel/iavf/iavf_main.c | 16 +++++++++++++++-
1 file changed, 15 insertions(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/intel/iavf/iavf_main.c b/drivers/net/ethernet/intel/iavf/iavf_main.c
index 493d3c407d4f..d6aa1805c55b 100644
--- a/drivers/net/ethernet/intel/iavf/iavf_main.c
+++ b/drivers/net/ethernet/intel/iavf/iavf_main.c
@@ -2270,7 +2270,6 @@ static void iavf_disable_vf(struct iavf_adapter *adapter)
iavf_free_queues(adapter);
memset(adapter->vf_res, 0, IAVF_VIRTCHNL_VF_RESOURCE_SIZE);
iavf_shutdown_adminq(&adapter->hw);
- adapter->netdev->flags &= ~IFF_UP;
adapter->flags &= ~IAVF_FLAG_RESET_PENDING;
iavf_change_state(adapter, __IAVF_DOWN);
wake_up(&adapter->down_waitqueue);
@@ -2369,6 +2368,11 @@ static void iavf_reset_task(struct work_struct *work)
iavf_disable_vf(adapter);
mutex_unlock(&adapter->client_lock);
mutex_unlock(&adapter->crit_lock);
+ if (netif_running(netdev)) {
+ rtnl_lock();
+ dev_close(netdev);
+ rtnl_unlock();
+ }
return; /* Do not attempt to reinit. It's dead, Jim. */
}
@@ -2504,6 +2508,16 @@ static void iavf_reset_task(struct work_struct *work)
mutex_unlock(&adapter->client_lock);
mutex_unlock(&adapter->crit_lock);
+
+ if (netif_running(netdev)) {
+ /* Close device to ensure that Tx queues will not be started
+ * during netif_device_attach() at the end of the reset task.
+ */
+ rtnl_lock();
+ dev_close(netdev);
+ rtnl_unlock();
+ }
+
dev_err(&adapter->pdev->dev, "failed to allocate resources during reinit\n");
reset_finish:
rtnl_lock();
--
2.35.1
^ permalink raw reply related [flat|nested] 217+ messages in thread
* [PATCH 5.15 086/206] iavf: Fix race condition between iavf_shutdown and iavf_remove
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (84 preceding siblings ...)
2022-11-30 18:22 ` [PATCH 5.15 085/206] iavf: Do not restart Tx queues after reset task failure Greg Kroah-Hartman
@ 2022-11-30 18:22 ` Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 5.15 087/206] ARM: mxs: fix memory leak in mxs_machine_init() Greg Kroah-Hartman
` (128 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:22 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Slawomir Laba, Mateusz Palczewski,
Marek Szlosek, Tony Nguyen, Sasha Levin
From: Slawomir Laba <slawomirx.laba@intel.com>
[ Upstream commit a8417330f8a57275ed934293e832982b6d882713 ]
Fix a deadlock introduced by commit
974578017fc1 ("iavf: Add waiting so the port is initialized in remove")
due to race condition between iavf_shutdown and iavf_remove, where
iavf_remove stucks forever in while loop since iavf_shutdown already
set __IAVF_REMOVE adapter state.
Fix this by checking if the __IAVF_IN_REMOVE_TASK has already been
set and return if so.
Fixes: 974578017fc1 ("iavf: Add waiting so the port is initialized in remove")
Signed-off-by: Slawomir Laba <slawomirx.laba@intel.com>
Signed-off-by: Mateusz Palczewski <mateusz.palczewski@intel.com>
Tested-by: Marek Szlosek <marek.szlosek@intel.com>
Signed-off-by: Tony Nguyen <anthony.l.nguyen@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/intel/iavf/iavf_main.c | 16 +++++++---------
1 file changed, 7 insertions(+), 9 deletions(-)
diff --git a/drivers/net/ethernet/intel/iavf/iavf_main.c b/drivers/net/ethernet/intel/iavf/iavf_main.c
index d6aa1805c55b..4b2e99be7ef5 100644
--- a/drivers/net/ethernet/intel/iavf/iavf_main.c
+++ b/drivers/net/ethernet/intel/iavf/iavf_main.c
@@ -4189,23 +4189,21 @@ static int __maybe_unused iavf_resume(struct device *dev_d)
static void iavf_remove(struct pci_dev *pdev)
{
struct iavf_adapter *adapter = iavf_pdev_to_adapter(pdev);
- struct net_device *netdev = adapter->netdev;
struct iavf_fdir_fltr *fdir, *fdirtmp;
struct iavf_vlan_filter *vlf, *vlftmp;
+ struct iavf_cloud_filter *cf, *cftmp;
struct iavf_adv_rss *rss, *rsstmp;
struct iavf_mac_filter *f, *ftmp;
- struct iavf_cloud_filter *cf, *cftmp;
- struct iavf_hw *hw = &adapter->hw;
+ struct net_device *netdev;
+ struct iavf_hw *hw;
int err;
- /* When reboot/shutdown is in progress no need to do anything
- * as the adapter is already REMOVE state that was set during
- * iavf_shutdown() callback.
- */
- if (adapter->state == __IAVF_REMOVE)
+ netdev = adapter->netdev;
+ hw = &adapter->hw;
+
+ if (test_and_set_bit(__IAVF_IN_REMOVE_TASK, &adapter->crit_section))
return;
- set_bit(__IAVF_IN_REMOVE_TASK, &adapter->crit_section);
/* Wait until port initialization is complete.
* There are flows where register/unregister netdev may race.
*/
--
2.35.1
^ permalink raw reply related [flat|nested] 217+ messages in thread
* [PATCH 5.15 087/206] ARM: mxs: fix memory leak in mxs_machine_init()
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (85 preceding siblings ...)
2022-11-30 18:22 ` [PATCH 5.15 086/206] iavf: Fix race condition between iavf_shutdown and iavf_remove Greg Kroah-Hartman
@ 2022-11-30 18:22 ` Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 5.15 088/206] ARM: dts: imx6q-prti6q: Fix ref/tcxo-clock-frequency properties Greg Kroah-Hartman
` (127 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:22 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Zheng Yongjun, Marco Felsch,
Shawn Guo, Sasha Levin
From: Zheng Yongjun <zhengyongjun3@huawei.com>
[ Upstream commit f31e3c204d1844b8680a442a48868af5ac3d5481 ]
If of_property_read_string() failed, 'soc_dev_attr' should be
freed before return. Otherwise there is a memory leak.
Fixes: 2046338dcbc6 ("ARM: mxs: Use soc bus infrastructure")
Signed-off-by: Zheng Yongjun <zhengyongjun3@huawei.com>
Reviewed-by: Marco Felsch <m.felsch@pengutronix.de>
Signed-off-by: Shawn Guo <shawnguo@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/mach-mxs/mach-mxs.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/arch/arm/mach-mxs/mach-mxs.c b/arch/arm/mach-mxs/mach-mxs.c
index 25c9d184fa4c..1c57ac401649 100644
--- a/arch/arm/mach-mxs/mach-mxs.c
+++ b/arch/arm/mach-mxs/mach-mxs.c
@@ -393,8 +393,10 @@ static void __init mxs_machine_init(void)
root = of_find_node_by_path("/");
ret = of_property_read_string(root, "model", &soc_dev_attr->machine);
- if (ret)
+ if (ret) {
+ kfree(soc_dev_attr);
return;
+ }
soc_dev_attr->family = "Freescale MXS Family";
soc_dev_attr->soc_id = mxs_get_soc_id();
--
2.35.1
^ permalink raw reply related [flat|nested] 217+ messages in thread
* [PATCH 5.15 088/206] ARM: dts: imx6q-prti6q: Fix ref/tcxo-clock-frequency properties
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (86 preceding siblings ...)
2022-11-30 18:22 ` [PATCH 5.15 087/206] ARM: mxs: fix memory leak in mxs_machine_init() Greg Kroah-Hartman
@ 2022-11-30 18:22 ` Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 5.15 089/206] net: ethernet: mtk_eth_soc: fix error handling in mtk_open() Greg Kroah-Hartman
` (126 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:22 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Fabio Estevam, Shawn Guo, Sasha Levin
From: Fabio Estevam <festevam@denx.de>
[ Upstream commit e68be7b39f21d8a9291a5a3019787cd3ca999dd7 ]
make dtbs_check gives the following errors:
ref-clock-frequency: size (9) error for type uint32
tcxo-clock-frequency: size (9) error for type uint32
Fix it by passing the frequencies inside < > as documented in
Documentation/devicetree/bindings/net/wireless/ti,wlcore.yaml.
Signed-off-by: Fabio Estevam <festevam@denx.de>
Fixes: 0d446a505592 ("ARM: dts: add Protonic PRTI6Q board")
Signed-off-by: Shawn Guo <shawnguo@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/boot/dts/imx6q-prti6q.dts | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/arch/arm/boot/dts/imx6q-prti6q.dts b/arch/arm/boot/dts/imx6q-prti6q.dts
index b4605edfd2ab..d8fa83effd63 100644
--- a/arch/arm/boot/dts/imx6q-prti6q.dts
+++ b/arch/arm/boot/dts/imx6q-prti6q.dts
@@ -364,8 +364,8 @@ wifi {
pinctrl-names = "default";
pinctrl-0 = <&pinctrl_wifi>;
interrupts-extended = <&gpio1 30 IRQ_TYPE_LEVEL_HIGH>;
- ref-clock-frequency = "38400000";
- tcxo-clock-frequency = "19200000";
+ ref-clock-frequency = <38400000>;
+ tcxo-clock-frequency = <19200000>;
};
};
--
2.35.1
^ permalink raw reply related [flat|nested] 217+ messages in thread
* [PATCH 5.15 089/206] net: ethernet: mtk_eth_soc: fix error handling in mtk_open()
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (87 preceding siblings ...)
2022-11-30 18:22 ` [PATCH 5.15 088/206] ARM: dts: imx6q-prti6q: Fix ref/tcxo-clock-frequency properties Greg Kroah-Hartman
@ 2022-11-30 18:22 ` Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 5.15 090/206] net/mlx4: Check retval of mlx4_bitmap_init Greg Kroah-Hartman
` (125 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:22 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Liu Jian, Russell King (Oracle),
Jakub Kicinski, Sasha Levin
From: Liu Jian <liujian56@huawei.com>
[ Upstream commit f70074140524c59a0935947b06dd6cb6e1ea642d ]
If mtk_start_dma() fails, invoke phylink_disconnect_phy() to perform
cleanup. phylink_disconnect_phy() contains the put_device action. If
phylink_disconnect_phy is not performed, the Kref of netdev will leak.
Fixes: b8fc9f30821e ("net: ethernet: mediatek: Add basic PHYLINK support")
Signed-off-by: Liu Jian <liujian56@huawei.com>
Reviewed-by: Russell King (Oracle) <rmk+kernel@armlinux.org.uk>
Link: https://lore.kernel.org/r/20221117111356.161547-1-liujian56@huawei.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/mediatek/mtk_eth_soc.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/mediatek/mtk_eth_soc.c b/drivers/net/ethernet/mediatek/mtk_eth_soc.c
index 8601ef26c260..cc6a5b2f24e3 100644
--- a/drivers/net/ethernet/mediatek/mtk_eth_soc.c
+++ b/drivers/net/ethernet/mediatek/mtk_eth_soc.c
@@ -2327,8 +2327,10 @@ static int mtk_open(struct net_device *dev)
int err;
err = mtk_start_dma(eth);
- if (err)
+ if (err) {
+ phylink_disconnect_phy(mac->phylink);
return err;
+ }
if (eth->soc->offload_version && mtk_ppe_start(ð->ppe) == 0)
gdm_config = MTK_GDMA_TO_PPE;
--
2.35.1
^ permalink raw reply related [flat|nested] 217+ messages in thread
* [PATCH 5.15 090/206] net/mlx4: Check retval of mlx4_bitmap_init
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (88 preceding siblings ...)
2022-11-30 18:22 ` [PATCH 5.15 089/206] net: ethernet: mtk_eth_soc: fix error handling in mtk_open() Greg Kroah-Hartman
@ 2022-11-30 18:22 ` Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 5.15 091/206] net: mvpp2: fix possible invalid pointer dereference Greg Kroah-Hartman
` (124 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:22 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Tariq Toukan, Peter Kosyh,
Jakub Kicinski, Sasha Levin
From: Peter Kosyh <pkosyh@yandex.ru>
[ Upstream commit 594c61ffc77de0a197934aa0f1df9285c68801c6 ]
If mlx4_bitmap_init fails, mlx4_bitmap_alloc_range will dereference
the NULL pointer (bitmap->table).
Make sure, that mlx4_bitmap_alloc_range called in no error case.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
Fixes: d57febe1a478 ("net/mlx4: Add A0 hybrid steering")
Reviewed-by: Tariq Toukan <tariqt@nvidia.com>
Signed-off-by: Peter Kosyh <pkosyh@yandex.ru>
Link: https://lore.kernel.org/r/20221117152806.278072-1-pkosyh@yandex.ru
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/mellanox/mlx4/qp.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/mellanox/mlx4/qp.c b/drivers/net/ethernet/mellanox/mlx4/qp.c
index b149e601f673..48cfaa7eaf50 100644
--- a/drivers/net/ethernet/mellanox/mlx4/qp.c
+++ b/drivers/net/ethernet/mellanox/mlx4/qp.c
@@ -697,7 +697,8 @@ static int mlx4_create_zones(struct mlx4_dev *dev,
err = mlx4_bitmap_init(*bitmap + k, 1,
MLX4_QP_TABLE_RAW_ETH_SIZE - 1, 0,
0);
- mlx4_bitmap_alloc_range(*bitmap + k, 1, 1, 0);
+ if (!err)
+ mlx4_bitmap_alloc_range(*bitmap + k, 1, 1, 0);
}
if (err)
--
2.35.1
^ permalink raw reply related [flat|nested] 217+ messages in thread
* [PATCH 5.15 091/206] net: mvpp2: fix possible invalid pointer dereference
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (89 preceding siblings ...)
2022-11-30 18:22 ` [PATCH 5.15 090/206] net/mlx4: Check retval of mlx4_bitmap_init Greg Kroah-Hartman
@ 2022-11-30 18:22 ` Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 5.15 092/206] net/qla3xxx: fix potential memleak in ql3xxx_send() Greg Kroah-Hartman
` (123 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:22 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Hui Tang, Jakub Kicinski, Sasha Levin
From: Hui Tang <tanghui20@huawei.com>
[ Upstream commit cbe867685386af1f0a2648f5279f6e4c74bfd17f ]
It will cause invalid pointer dereference to priv->cm3_base behind,
if PTR_ERR(priv->cm3_base) in mvpp2_get_sram().
Fixes: e54ad1e01c00 ("net: mvpp2: add CM3 SRAM memory map")
Signed-off-by: Hui Tang <tanghui20@huawei.com>
Link: https://lore.kernel.org/r/20221117084032.101144-1-tanghui20@huawei.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/marvell/mvpp2/mvpp2_main.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/drivers/net/ethernet/marvell/mvpp2/mvpp2_main.c b/drivers/net/ethernet/marvell/mvpp2/mvpp2_main.c
index ae586f8895fc..524913c28f3b 100644
--- a/drivers/net/ethernet/marvell/mvpp2/mvpp2_main.c
+++ b/drivers/net/ethernet/marvell/mvpp2/mvpp2_main.c
@@ -7356,6 +7356,7 @@ static int mvpp2_get_sram(struct platform_device *pdev,
struct mvpp2 *priv)
{
struct resource *res;
+ void __iomem *base;
res = platform_get_resource(pdev, IORESOURCE_MEM, 2);
if (!res) {
@@ -7366,9 +7367,12 @@ static int mvpp2_get_sram(struct platform_device *pdev,
return 0;
}
- priv->cm3_base = devm_ioremap_resource(&pdev->dev, res);
+ base = devm_ioremap_resource(&pdev->dev, res);
+ if (IS_ERR(base))
+ return PTR_ERR(base);
- return PTR_ERR_OR_ZERO(priv->cm3_base);
+ priv->cm3_base = base;
+ return 0;
}
static int mvpp2_probe(struct platform_device *pdev)
--
2.35.1
^ permalink raw reply related [flat|nested] 217+ messages in thread
* [PATCH 5.15 092/206] net/qla3xxx: fix potential memleak in ql3xxx_send()
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (90 preceding siblings ...)
2022-11-30 18:22 ` [PATCH 5.15 091/206] net: mvpp2: fix possible invalid pointer dereference Greg Kroah-Hartman
@ 2022-11-30 18:22 ` Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 5.15 093/206] octeontx2-af: debugsfs: fix pci device refcount leak Greg Kroah-Hartman
` (122 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:22 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Zhang Changzhong, Jakub Kicinski,
Sasha Levin
From: Zhang Changzhong <zhangchangzhong@huawei.com>
[ Upstream commit 62a7311fb96c61d281da9852dbee4712fc8c3277 ]
The ql3xxx_send() returns NETDEV_TX_OK without freeing skb in error
handling case, add dev_kfree_skb_any() to fix it.
Fixes: bd36b0ac5d06 ("qla3xxx: Add support for Qlogic 4032 chip.")
Signed-off-by: Zhang Changzhong <zhangchangzhong@huawei.com>
Link: https://lore.kernel.org/r/1668675039-21138-1-git-send-email-zhangchangzhong@huawei.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/qlogic/qla3xxx.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/net/ethernet/qlogic/qla3xxx.c b/drivers/net/ethernet/qlogic/qla3xxx.c
index 40d14d80f6f1..29837e533cee 100644
--- a/drivers/net/ethernet/qlogic/qla3xxx.c
+++ b/drivers/net/ethernet/qlogic/qla3xxx.c
@@ -2469,6 +2469,7 @@ static netdev_tx_t ql3xxx_send(struct sk_buff *skb,
skb_shinfo(skb)->nr_frags);
if (tx_cb->seg_count == -1) {
netdev_err(ndev, "%s: invalid segment count!\n", __func__);
+ dev_kfree_skb_any(skb);
return NETDEV_TX_OK;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 217+ messages in thread
* [PATCH 5.15 093/206] octeontx2-af: debugsfs: fix pci device refcount leak
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (91 preceding siblings ...)
2022-11-30 18:22 ` [PATCH 5.15 092/206] net/qla3xxx: fix potential memleak in ql3xxx_send() Greg Kroah-Hartman
@ 2022-11-30 18:22 ` Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 5.15 094/206] net: pch_gbe: fix pci device refcount leak while module exiting Greg Kroah-Hartman
` (121 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:22 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Yang Yingliang, Jakub Kicinski, Sasha Levin
From: Yang Yingliang <yangyingliang@huawei.com>
[ Upstream commit d66608803aa2ffb9e475623343f69996305771ae ]
As comment of pci_get_domain_bus_and_slot() says, it returns
a pci device with refcount increment, when finish using it,
the caller must decrement the reference count by calling
pci_dev_put().
So before returning from rvu_dbg_rvu_pf_cgx_map_display() or
cgx_print_dmac_flt(), pci_dev_put() is called to avoid refcount
leak.
Fixes: dbc52debf95f ("octeontx2-af: Debugfs support for DMAC filters")
Fixes: e2fb37303865 ("octeontx2-af: Display CGX, NIX and PF map in debugfs.")
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
Link: https://lore.kernel.org/r/20221117124658.162409-1-yangyingliang@huawei.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/marvell/octeontx2/af/rvu_debugfs.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/net/ethernet/marvell/octeontx2/af/rvu_debugfs.c b/drivers/net/ethernet/marvell/octeontx2/af/rvu_debugfs.c
index f001579569a2..66d34699f160 100644
--- a/drivers/net/ethernet/marvell/octeontx2/af/rvu_debugfs.c
+++ b/drivers/net/ethernet/marvell/octeontx2/af/rvu_debugfs.c
@@ -441,6 +441,8 @@ static int rvu_dbg_rvu_pf_cgx_map_display(struct seq_file *filp, void *unused)
sprintf(lmac, "LMAC%d", lmac_id);
seq_printf(filp, "%s\t0x%x\t\tNIX%d\t\t%s\t%s\n",
dev_name(&pdev->dev), pcifunc, blkid, cgx, lmac);
+
+ pci_dev_put(pdev);
}
return 0;
}
@@ -2127,6 +2129,7 @@ static int cgx_print_dmac_flt(struct seq_file *s, int lmac_id)
}
}
+ pci_dev_put(pdev);
return 0;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 217+ messages in thread
* [PATCH 5.15 094/206] net: pch_gbe: fix pci device refcount leak while module exiting
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (92 preceding siblings ...)
2022-11-30 18:22 ` [PATCH 5.15 093/206] octeontx2-af: debugsfs: fix pci device refcount leak Greg Kroah-Hartman
@ 2022-11-30 18:22 ` Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 5.15 095/206] nfp: fill splittable of devlink_port_attrs correctly Greg Kroah-Hartman
` (120 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:22 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Yang Yingliang, Jakub Kicinski, Sasha Levin
From: Yang Yingliang <yangyingliang@huawei.com>
[ Upstream commit 5619537284f1017e9f6c7500b02b859b3830a06d ]
As comment of pci_get_domain_bus_and_slot() says, it returns
a pci device with refcount increment, when finish using it,
the caller must decrement the reference count by calling
pci_dev_put().
In pch_gbe_probe(), pci_get_domain_bus_and_slot() is called,
so in error path in probe() and remove() function, pci_dev_put()
should be called to avoid refcount leak. Compile tested only.
Fixes: 1a0bdadb4e36 ("net/pch_gbe: supports eg20t ptp clock")
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
Link: https://lore.kernel.org/r/20221117135148.301014-1-yangyingliang@huawei.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/oki-semi/pch_gbe/pch_gbe_main.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/oki-semi/pch_gbe/pch_gbe_main.c b/drivers/net/ethernet/oki-semi/pch_gbe/pch_gbe_main.c
index 5a42ef6ca762..d555b4cc6049 100644
--- a/drivers/net/ethernet/oki-semi/pch_gbe/pch_gbe_main.c
+++ b/drivers/net/ethernet/oki-semi/pch_gbe/pch_gbe_main.c
@@ -2465,6 +2465,7 @@ static void pch_gbe_remove(struct pci_dev *pdev)
unregister_netdev(netdev);
pch_gbe_phy_hw_reset(&adapter->hw);
+ pci_dev_put(adapter->ptp_pdev);
free_netdev(netdev);
}
@@ -2540,7 +2541,7 @@ static int pch_gbe_probe(struct pci_dev *pdev,
/* setup the private structure */
ret = pch_gbe_sw_init(adapter);
if (ret)
- goto err_free_netdev;
+ goto err_put_dev;
/* Initialize PHY */
ret = pch_gbe_init_phy(adapter);
@@ -2598,6 +2599,8 @@ static int pch_gbe_probe(struct pci_dev *pdev,
err_free_adapter:
pch_gbe_phy_hw_reset(&adapter->hw);
+err_put_dev:
+ pci_dev_put(adapter->ptp_pdev);
err_free_netdev:
free_netdev(netdev);
return ret;
--
2.35.1
^ permalink raw reply related [flat|nested] 217+ messages in thread
* [PATCH 5.15 095/206] nfp: fill splittable of devlink_port_attrs correctly
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (93 preceding siblings ...)
2022-11-30 18:22 ` [PATCH 5.15 094/206] net: pch_gbe: fix pci device refcount leak while module exiting Greg Kroah-Hartman
@ 2022-11-30 18:22 ` Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 5.15 096/206] nfp: add port from netdev validation for EEPROM access Greg Kroah-Hartman
` (119 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:22 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Diana Wang, Louis Peens,
Niklas Söderlund, Simon Horman, Jakub Kicinski, Sasha Levin
From: Diana Wang <na.wang@corigine.com>
[ Upstream commit 4abd9600b9d15d3d92a9ac25cf200422a4c415ee ]
The error is reflected in that it shows wrong splittable status of
port when executing "devlink port show".
The reason which leads the error is that the assigned operation of
splittable is just a simple negation operation of split and it does
not consider port lanes quantity. A splittable port should have
several lanes that can be split(lanes quantity > 1).
If without the judgement, it will show wrong message for some
firmware, such as 2x25G, 2x10G.
Fixes: a0f49b548652 ("devlink: Add a new devlink port split ability attribute and pass to netlink")
Signed-off-by: Diana Wang <na.wang@corigine.com>
Reviewed-by: Louis Peens <louis.peens@corigine.com>
Reviewed-by: Niklas Söderlund <niklas.soderlund@corigine.com>
Signed-off-by: Simon Horman <simon.horman@corigine.com>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/netronome/nfp/nfp_devlink.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/netronome/nfp/nfp_devlink.c b/drivers/net/ethernet/netronome/nfp/nfp_devlink.c
index bea978df7713..1647b6b180cc 100644
--- a/drivers/net/ethernet/netronome/nfp/nfp_devlink.c
+++ b/drivers/net/ethernet/netronome/nfp/nfp_devlink.c
@@ -363,7 +363,7 @@ int nfp_devlink_port_register(struct nfp_app *app, struct nfp_port *port)
return ret;
attrs.split = eth_port.is_split;
- attrs.splittable = !attrs.split;
+ attrs.splittable = eth_port.port_lanes > 1 && !attrs.split;
attrs.lanes = eth_port.port_lanes;
attrs.flavour = DEVLINK_PORT_FLAVOUR_PHYSICAL;
attrs.phys.port_number = eth_port.label_port;
--
2.35.1
^ permalink raw reply related [flat|nested] 217+ messages in thread
* [PATCH 5.15 096/206] nfp: add port from netdev validation for EEPROM access
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (94 preceding siblings ...)
2022-11-30 18:22 ` [PATCH 5.15 095/206] nfp: fill splittable of devlink_port_attrs correctly Greg Kroah-Hartman
@ 2022-11-30 18:22 ` Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 5.15 097/206] macsec: Fix invalid error code set Greg Kroah-Hartman
` (118 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:22 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Jaco Coetzee, Louis Peens,
Simon Horman, Jakub Kicinski, Sasha Levin
From: Jaco Coetzee <jaco.coetzee@corigine.com>
[ Upstream commit 0873016d46f6dfafd1bdf4d9b935b3331b226f7c ]
Setting of the port flag `NFP_PORT_CHANGED`, introduced
to ensure the correct reading of EEPROM data, causes a
fatal kernel NULL pointer dereference in cases where
the target netdev type cannot be determined.
Add validation of port struct pointer before attempting
to set the `NFP_PORT_CHANGED` flag. Return that operation
is not supported if the netdev type cannot be determined.
Fixes: 4ae97cae07e1 ("nfp: ethtool: fix the display error of `ethtool -m DEVNAME`")
Signed-off-by: Jaco Coetzee <jaco.coetzee@corigine.com>
Reviewed-by: Louis Peens <louis.peens@corigine.com>
Signed-off-by: Simon Horman <simon.horman@corigine.com>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/netronome/nfp/nfp_net_ethtool.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/net/ethernet/netronome/nfp/nfp_net_ethtool.c b/drivers/net/ethernet/netronome/nfp/nfp_net_ethtool.c
index 865865adfefc..d295942968f3 100644
--- a/drivers/net/ethernet/netronome/nfp/nfp_net_ethtool.c
+++ b/drivers/net/ethernet/netronome/nfp/nfp_net_ethtool.c
@@ -1219,6 +1219,9 @@ nfp_port_get_module_info(struct net_device *netdev,
u8 data;
port = nfp_port_from_netdev(netdev);
+ if (!port)
+ return -EOPNOTSUPP;
+
/* update port state to get latest interface */
set_bit(NFP_PORT_CHANGED, &port->flags);
eth_port = nfp_port_get_eth_port(port);
--
2.35.1
^ permalink raw reply related [flat|nested] 217+ messages in thread
* [PATCH 5.15 097/206] macsec: Fix invalid error code set
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (95 preceding siblings ...)
2022-11-30 18:22 ` [PATCH 5.15 096/206] nfp: add port from netdev validation for EEPROM access Greg Kroah-Hartman
@ 2022-11-30 18:22 ` Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 5.15 098/206] Drivers: hv: vmbus: fix double free in the error path of vmbus_add_channel_work() Greg Kroah-Hartman
` (117 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:22 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, YueHaibing, Saeed Mahameed,
Antoine Tenart, Jakub Kicinski, Sasha Levin
From: YueHaibing <yuehaibing@huawei.com>
[ Upstream commit 7cef6b73fba96abef731a53501924fc3c4a0f947 ]
'ret' is defined twice in macsec_changelink(), when it is set in macsec_is_offloaded
case, it will be invalid before return.
Fixes: 3cf3227a21d1 ("net: macsec: hardware offloading infrastructure")
Signed-off-by: YueHaibing <yuehaibing@huawei.com>
Reviewed-by: Saeed Mahameed <saeed@kernel.org>
Reviewed-by: Antoine Tenart <atenart@kernel.org>
Link: https://lore.kernel.org/r/20221118011249.48112-1-yuehaibing@huawei.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/macsec.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/drivers/net/macsec.c b/drivers/net/macsec.c
index f1961d7f9db2..aa9d0dfeda5a 100644
--- a/drivers/net/macsec.c
+++ b/drivers/net/macsec.c
@@ -3808,7 +3808,6 @@ static int macsec_changelink(struct net_device *dev, struct nlattr *tb[],
if (macsec_is_offloaded(macsec)) {
const struct macsec_ops *ops;
struct macsec_context ctx;
- int ret;
ops = macsec_get_ops(netdev_priv(dev), &ctx);
if (!ops) {
--
2.35.1
^ permalink raw reply related [flat|nested] 217+ messages in thread
* [PATCH 5.15 098/206] Drivers: hv: vmbus: fix double free in the error path of vmbus_add_channel_work()
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (96 preceding siblings ...)
2022-11-30 18:22 ` [PATCH 5.15 097/206] macsec: Fix invalid error code set Greg Kroah-Hartman
@ 2022-11-30 18:22 ` Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 5.15 099/206] Drivers: hv: vmbus: fix possible memory leak in vmbus_device_register() Greg Kroah-Hartman
` (116 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:22 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Michael Kelley, Yang Yingliang,
Wei Liu, Sasha Levin
From: Yang Yingliang <yangyingliang@huawei.com>
[ Upstream commit f92a4b50f0bd7fd52391dc4bb9a309085d278f91 ]
In the error path of vmbus_device_register(), device_unregister()
is called, which calls vmbus_device_release(). The latter frees
the struct hv_device that was passed in to vmbus_device_register().
So remove the kfree() in vmbus_add_channel_work() to avoid a double
free.
Fixes: c2e5df616e1a ("vmbus: add per-channel sysfs info")
Suggested-by: Michael Kelley <mikelley@microsoft.com>
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
Reviewed-by: Michael Kelley <mikelley@microsoft.com>
Link: https://lore.kernel.org/r/20221119081135.1564691-2-yangyingliang@huawei.com
Signed-off-by: Wei Liu <wei.liu@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/hv/channel_mgmt.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/drivers/hv/channel_mgmt.c b/drivers/hv/channel_mgmt.c
index 07003019263a..d8dc5cc5e3a8 100644
--- a/drivers/hv/channel_mgmt.c
+++ b/drivers/hv/channel_mgmt.c
@@ -531,13 +531,17 @@ static void vmbus_add_channel_work(struct work_struct *work)
* Add the new device to the bus. This will kick off device-driver
* binding which eventually invokes the device driver's AddDevice()
* method.
+ *
+ * If vmbus_device_register() fails, the 'device_obj' is freed in
+ * vmbus_device_release() as called by device_unregister() in the
+ * error path of vmbus_device_register(). In the outside error
+ * path, there's no need to free it.
*/
ret = vmbus_device_register(newchannel->device_obj);
if (ret != 0) {
pr_err("unable to add child device object (relid %d)\n",
newchannel->offermsg.child_relid);
- kfree(newchannel->device_obj);
goto err_deq_chan;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 217+ messages in thread
* [PATCH 5.15 099/206] Drivers: hv: vmbus: fix possible memory leak in vmbus_device_register()
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (97 preceding siblings ...)
2022-11-30 18:22 ` [PATCH 5.15 098/206] Drivers: hv: vmbus: fix double free in the error path of vmbus_add_channel_work() Greg Kroah-Hartman
@ 2022-11-30 18:22 ` Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 5.15 100/206] netfilter: ipset: regression in ip_set_hash_ip.c Greg Kroah-Hartman
` (115 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:22 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Yang Yingliang, Michael Kelley,
Wei Liu, Sasha Levin
From: Yang Yingliang <yangyingliang@huawei.com>
[ Upstream commit 25c94b051592c010abe92c85b0485f1faedc83f3 ]
If device_register() returns error in vmbus_device_register(),
the name allocated by dev_set_name() must be freed. As comment
of device_register() says, it should use put_device() to give
up the reference in the error path. So fix this by calling
put_device(), then the name can be freed in kobject_cleanup().
Fixes: 09d50ff8a233 ("Staging: hv: make the Hyper-V virtual bus code build")
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
Reviewed-by: Michael Kelley <mikelley@microsoft.com>
Link: https://lore.kernel.org/r/20221119081135.1564691-3-yangyingliang@huawei.com
Signed-off-by: Wei Liu <wei.liu@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/hv/vmbus_drv.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/hv/vmbus_drv.c b/drivers/hv/vmbus_drv.c
index ecfc299834e1..b906a3a7941c 100644
--- a/drivers/hv/vmbus_drv.c
+++ b/drivers/hv/vmbus_drv.c
@@ -2109,6 +2109,7 @@ int vmbus_device_register(struct hv_device *child_device_obj)
ret = device_register(&child_device_obj->device);
if (ret) {
pr_err("Unable to register child device\n");
+ put_device(&child_device_obj->device);
return ret;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 217+ messages in thread
* [PATCH 5.15 100/206] netfilter: ipset: regression in ip_set_hash_ip.c
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (98 preceding siblings ...)
2022-11-30 18:22 ` [PATCH 5.15 099/206] Drivers: hv: vmbus: fix possible memory leak in vmbus_device_register() Greg Kroah-Hartman
@ 2022-11-30 18:22 ` Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 5.15 101/206] net/mlx5: Do not query pci info while pci disabled Greg Kroah-Hartman
` (114 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:22 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Joshua Hunt, Vishwanath Pai,
Pablo Neira Ayuso, Sasha Levin
From: Vishwanath Pai <vpai@akamai.com>
[ Upstream commit c7aa1a76d4a0a3c401025b60c401412bbb60f8c6 ]
This patch introduced a regression: commit 48596a8ddc46 ("netfilter:
ipset: Fix adding an IPv4 range containing more than 2^31 addresses")
The variable e.ip is passed to adtfn() function which finally adds the
ip address to the set. The patch above refactored the for loop and moved
e.ip = htonl(ip) to the end of the for loop.
What this means is that if the value of "ip" changes between the first
assignement of e.ip and the forloop, then e.ip is pointing to a
different ip address than "ip".
Test case:
$ ipset create jdtest_tmp hash:ip family inet hashsize 2048 maxelem 100000
$ ipset add jdtest_tmp 10.0.1.1/31
ipset v6.21.1: Element cannot be added to the set: it's already added
The value of ip gets updated inside the "else if (tb[IPSET_ATTR_CIDR])"
block but e.ip is still pointing to the old value.
Fixes: 48596a8ddc46 ("netfilter: ipset: Fix adding an IPv4 range containing more than 2^31 addresses")
Reviewed-by: Joshua Hunt <johunt@akamai.com>
Signed-off-by: Vishwanath Pai <vpai@akamai.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/netfilter/ipset/ip_set_hash_ip.c | 8 +++-----
1 file changed, 3 insertions(+), 5 deletions(-)
diff --git a/net/netfilter/ipset/ip_set_hash_ip.c b/net/netfilter/ipset/ip_set_hash_ip.c
index dd30c03d5a23..75d556d71652 100644
--- a/net/netfilter/ipset/ip_set_hash_ip.c
+++ b/net/netfilter/ipset/ip_set_hash_ip.c
@@ -151,18 +151,16 @@ hash_ip4_uadt(struct ip_set *set, struct nlattr *tb[],
if (((u64)ip_to - ip + 1) >> (32 - h->netmask) > IPSET_MAX_RANGE)
return -ERANGE;
- if (retried) {
+ if (retried)
ip = ntohl(h->next.ip);
- e.ip = htonl(ip);
- }
for (; ip <= ip_to;) {
+ e.ip = htonl(ip);
ret = adtfn(set, &e, &ext, &ext, flags);
if (ret && !ip_set_eexist(ret, flags))
return ret;
ip += hosts;
- e.ip = htonl(ip);
- if (e.ip == 0)
+ if (ip == 0)
return 0;
ret = 0;
--
2.35.1
^ permalink raw reply related [flat|nested] 217+ messages in thread
* [PATCH 5.15 101/206] net/mlx5: Do not query pci info while pci disabled
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (99 preceding siblings ...)
2022-11-30 18:22 ` [PATCH 5.15 100/206] netfilter: ipset: regression in ip_set_hash_ip.c Greg Kroah-Hartman
@ 2022-11-30 18:22 ` Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 5.15 102/206] net/mlx5: Fix FW tracer timestamp calculation Greg Kroah-Hartman
` (113 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:22 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Roy Novich, Moshe Shemesh,
Aya Levin, Saeed Mahameed, Sasha Levin
From: Roy Novich <royno@nvidia.com>
[ Upstream commit 394164f9d5a3020a7fd719d228386d48d544ec67 ]
The driver should not interact with PCI while PCI is disabled. Trying to
do so may result in being unable to get vital signs during PCI reset,
driver gets timed out and fails to recover.
Fixes: fad1783a6d66 ("net/mlx5: Print more info on pci error handlers")
Signed-off-by: Roy Novich <royno@nvidia.com>
Reviewed-by: Moshe Shemesh <moshe@nvidia.com>
Reviewed-by: Aya Levin <ayal@nvidia.com>
Signed-off-by: Saeed Mahameed <saeedm@nvidia.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/mellanox/mlx5/core/main.c | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/drivers/net/ethernet/mellanox/mlx5/core/main.c b/drivers/net/ethernet/mellanox/mlx5/core/main.c
index d092261e96c3..19c11d33f4b6 100644
--- a/drivers/net/ethernet/mellanox/mlx5/core/main.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/main.c
@@ -1608,7 +1608,8 @@ static pci_ers_result_t mlx5_pci_err_detected(struct pci_dev *pdev,
res = state == pci_channel_io_perm_failure ?
PCI_ERS_RESULT_DISCONNECT : PCI_ERS_RESULT_NEED_RESET;
- mlx5_pci_trace(dev, "Exit, result = %d, %s\n", res, result2str(res));
+ mlx5_core_info(dev, "%s Device state = %d pci_status: %d. Exit, result = %d, %s\n",
+ __func__, dev->state, dev->pci_status, res, result2str(res));
return res;
}
@@ -1647,7 +1648,8 @@ static pci_ers_result_t mlx5_pci_slot_reset(struct pci_dev *pdev)
struct mlx5_core_dev *dev = pci_get_drvdata(pdev);
int err;
- mlx5_pci_trace(dev, "Enter\n");
+ mlx5_core_info(dev, "%s Device state = %d pci_status: %d. Enter\n",
+ __func__, dev->state, dev->pci_status);
err = mlx5_pci_enable_device(dev);
if (err) {
@@ -1669,7 +1671,8 @@ static pci_ers_result_t mlx5_pci_slot_reset(struct pci_dev *pdev)
res = PCI_ERS_RESULT_RECOVERED;
out:
- mlx5_pci_trace(dev, "Exit, err = %d, result = %d, %s\n", err, res, result2str(res));
+ mlx5_core_info(dev, "%s Device state = %d pci_status: %d. Exit, err = %d, result = %d, %s\n",
+ __func__, dev->state, dev->pci_status, err, res, result2str(res));
return res;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 217+ messages in thread
* [PATCH 5.15 102/206] net/mlx5: Fix FW tracer timestamp calculation
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (100 preceding siblings ...)
2022-11-30 18:22 ` [PATCH 5.15 101/206] net/mlx5: Do not query pci info while pci disabled Greg Kroah-Hartman
@ 2022-11-30 18:22 ` Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 5.15 103/206] net/mlx5: Fix handling of entry refcount when command is not issued to FW Greg Kroah-Hartman
` (112 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:22 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Moshe Shemesh, Feras Daoud,
Saeed Mahameed, Sasha Levin
From: Moshe Shemesh <moshe@nvidia.com>
[ Upstream commit 61db3d7b99a367416e489ccf764cc5f9b00d62a1 ]
Fix a bug in calculation of FW tracer timestamp. Decreasing one in the
calculation should effect only bits 52_7 and not effect bits 6_0 of the
timestamp, otherwise bits 6_0 are always set in this calculation.
Fixes: 70dd6fdb8987 ("net/mlx5: FW tracer, parse traces and kernel tracing support")
Signed-off-by: Moshe Shemesh <moshe@nvidia.com>
Reviewed-by: Feras Daoud <ferasda@nvidia.com>
Signed-off-by: Saeed Mahameed <saeedm@nvidia.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/mellanox/mlx5/core/diag/fw_tracer.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/mellanox/mlx5/core/diag/fw_tracer.c b/drivers/net/ethernet/mellanox/mlx5/core/diag/fw_tracer.c
index ea46152816f9..326e0b170e36 100644
--- a/drivers/net/ethernet/mellanox/mlx5/core/diag/fw_tracer.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/diag/fw_tracer.c
@@ -638,7 +638,7 @@ static void mlx5_tracer_handle_timestamp_trace(struct mlx5_fw_tracer *tracer,
trace_timestamp = (timestamp_event.timestamp & MASK_52_7) |
(str_frmt->timestamp & MASK_6_0);
else
- trace_timestamp = ((timestamp_event.timestamp & MASK_52_7) - 1) |
+ trace_timestamp = ((timestamp_event.timestamp - 1) & MASK_52_7) |
(str_frmt->timestamp & MASK_6_0);
mlx5_tracer_print_trace(str_frmt, dev, trace_timestamp);
--
2.35.1
^ permalink raw reply related [flat|nested] 217+ messages in thread
* [PATCH 5.15 103/206] net/mlx5: Fix handling of entry refcount when command is not issued to FW
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (101 preceding siblings ...)
2022-11-30 18:22 ` [PATCH 5.15 102/206] net/mlx5: Fix FW tracer timestamp calculation Greg Kroah-Hartman
@ 2022-11-30 18:22 ` Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 5.15 104/206] tipc: set con sock in tipc_conn_alloc Greg Kroah-Hartman
` (111 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:22 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Eran Ben Elisha, Moshe Shemesh,
Jack Wang, Saeed Mahameed, Sasha Levin
From: Moshe Shemesh <moshe@nvidia.com>
[ Upstream commit aaf2e65cac7f2e1ae729c2fbc849091df9699f96 ]
In case command interface is down, or the command is not allowed, driver
did not increment the entry refcount, but might have decrement as part
of forced completion handling.
Fix that by always increment and decrement the refcount to make it
symmetric for all flows.
Fixes: 50b2412b7e78 ("net/mlx5: Avoid possible free of command entry while timeout comp handler")
Signed-off-by: Eran Ben Elisha <eranbe@nvidia.com>
Signed-off-by: Moshe Shemesh <moshe@nvidia.com>
Reported-by: Jack Wang <jinpu.wang@ionos.com>
Tested-by: Jack Wang <jinpu.wang@ionos.com>
Signed-off-by: Saeed Mahameed <saeedm@nvidia.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/mellanox/mlx5/core/cmd.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/drivers/net/ethernet/mellanox/mlx5/core/cmd.c b/drivers/net/ethernet/mellanox/mlx5/core/cmd.c
index 98ca5d1ed45d..85190f2f4d50 100644
--- a/drivers/net/ethernet/mellanox/mlx5/core/cmd.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/cmd.c
@@ -971,6 +971,7 @@ static void cmd_work_handler(struct work_struct *work)
cmd_ent_get(ent);
set_bit(MLX5_CMD_ENT_STATE_PENDING_COMP, &ent->state);
+ cmd_ent_get(ent); /* for the _real_ FW event on completion */
/* Skip sending command to fw if internal error */
if (mlx5_cmd_is_down(dev) || !opcode_allowed(&dev->cmd, ent->op)) {
u8 status = 0;
@@ -984,7 +985,6 @@ static void cmd_work_handler(struct work_struct *work)
return;
}
- cmd_ent_get(ent); /* for the _real_ FW event on completion */
/* ring doorbell after the descriptor is valid */
mlx5_core_dbg(dev, "writing 0x%x to command doorbell\n", 1 << ent->idx);
wmb();
@@ -1598,8 +1598,8 @@ static void mlx5_cmd_comp_handler(struct mlx5_core_dev *dev, u64 vec, bool force
cmd_ent_put(ent); /* timeout work was canceled */
if (!forced || /* Real FW completion */
- pci_channel_offline(dev->pdev) || /* FW is inaccessible */
- dev->state == MLX5_DEVICE_STATE_INTERNAL_ERROR)
+ mlx5_cmd_is_down(dev) || /* No real FW completion is expected */
+ !opcode_allowed(cmd, ent->op))
cmd_ent_put(ent);
ent->ts2 = ktime_get_ns();
--
2.35.1
^ permalink raw reply related [flat|nested] 217+ messages in thread
* [PATCH 5.15 104/206] tipc: set con sock in tipc_conn_alloc
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (102 preceding siblings ...)
2022-11-30 18:22 ` [PATCH 5.15 103/206] net/mlx5: Fix handling of entry refcount when command is not issued to FW Greg Kroah-Hartman
@ 2022-11-30 18:22 ` Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 5.15 105/206] tipc: add an extra conn_get " Greg Kroah-Hartman
` (110 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:22 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Wei Chen, Xin Long, Jon Maloy,
Jakub Kicinski, Sasha Levin
From: Xin Long <lucien.xin@gmail.com>
[ Upstream commit 0e5d56c64afcd6fd2d132ea972605b66f8a7d3c4 ]
A crash was reported by Wei Chen:
BUG: kernel NULL pointer dereference, address: 0000000000000018
RIP: 0010:tipc_conn_close+0x12/0x100
Call Trace:
tipc_topsrv_exit_net+0x139/0x320
ops_exit_list.isra.9+0x49/0x80
cleanup_net+0x31a/0x540
process_one_work+0x3fa/0x9f0
worker_thread+0x42/0x5c0
It was caused by !con->sock in tipc_conn_close(). In tipc_topsrv_accept(),
con is allocated in conn_idr then its sock is set:
con = tipc_conn_alloc();
... <----[1]
con->sock = newsock;
If tipc_conn_close() is called in anytime of [1], the null-pointer-def
is triggered by con->sock->sk due to con->sock is not yet set.
This patch fixes it by moving the con->sock setting to tipc_conn_alloc()
under s->idr_lock. So that con->sock can never be NULL when getting the
con from s->conn_idr. It will be also safer to move con->server and flag
CF_CONNECTED setting under s->idr_lock, as they should all be set before
tipc_conn_alloc() is called.
Fixes: c5fa7b3cf3cb ("tipc: introduce new TIPC server infrastructure")
Reported-by: Wei Chen <harperchen1110@gmail.com>
Signed-off-by: Xin Long <lucien.xin@gmail.com>
Acked-by: Jon Maloy <jmaloy@redhat.com>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/tipc/topsrv.c | 11 +++++------
1 file changed, 5 insertions(+), 6 deletions(-)
diff --git a/net/tipc/topsrv.c b/net/tipc/topsrv.c
index d92ec92f0b71..b0f9aa521670 100644
--- a/net/tipc/topsrv.c
+++ b/net/tipc/topsrv.c
@@ -176,7 +176,7 @@ static void tipc_conn_close(struct tipc_conn *con)
conn_put(con);
}
-static struct tipc_conn *tipc_conn_alloc(struct tipc_topsrv *s)
+static struct tipc_conn *tipc_conn_alloc(struct tipc_topsrv *s, struct socket *sock)
{
struct tipc_conn *con;
int ret;
@@ -202,10 +202,11 @@ static struct tipc_conn *tipc_conn_alloc(struct tipc_topsrv *s)
}
con->conid = ret;
s->idr_in_use++;
- spin_unlock_bh(&s->idr_lock);
set_bit(CF_CONNECTED, &con->flags);
con->server = s;
+ con->sock = sock;
+ spin_unlock_bh(&s->idr_lock);
return con;
}
@@ -467,7 +468,7 @@ static void tipc_topsrv_accept(struct work_struct *work)
ret = kernel_accept(lsock, &newsock, O_NONBLOCK);
if (ret < 0)
return;
- con = tipc_conn_alloc(srv);
+ con = tipc_conn_alloc(srv, newsock);
if (IS_ERR(con)) {
ret = PTR_ERR(con);
sock_release(newsock);
@@ -479,7 +480,6 @@ static void tipc_topsrv_accept(struct work_struct *work)
newsk->sk_data_ready = tipc_conn_data_ready;
newsk->sk_write_space = tipc_conn_write_space;
newsk->sk_user_data = con;
- con->sock = newsock;
write_unlock_bh(&newsk->sk_callback_lock);
/* Wake up receive process in case of 'SYN+' message */
@@ -577,12 +577,11 @@ bool tipc_topsrv_kern_subscr(struct net *net, u32 port, u32 type, u32 lower,
sub.filter = filter;
*(u64 *)&sub.usr_handle = (u64)port;
- con = tipc_conn_alloc(tipc_topsrv(net));
+ con = tipc_conn_alloc(tipc_topsrv(net), NULL);
if (IS_ERR(con))
return false;
*conid = con->conid;
- con->sock = NULL;
rc = tipc_conn_rcv_sub(tipc_topsrv(net), con, &sub);
if (rc >= 0)
return true;
--
2.35.1
^ permalink raw reply related [flat|nested] 217+ messages in thread
* [PATCH 5.15 105/206] tipc: add an extra conn_get in tipc_conn_alloc
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (103 preceding siblings ...)
2022-11-30 18:22 ` [PATCH 5.15 104/206] tipc: set con sock in tipc_conn_alloc Greg Kroah-Hartman
@ 2022-11-30 18:22 ` Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 5.15 106/206] tipc: check skb_linearize() return value in tipc_disc_rcv() Greg Kroah-Hartman
` (109 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:22 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Xin Long, Jon Maloy, Jakub Kicinski,
Sasha Levin
From: Xin Long <lucien.xin@gmail.com>
[ Upstream commit a7b42969d63f47320853a802efd879fbdc4e010e ]
One extra conn_get() is needed in tipc_conn_alloc(), as after
tipc_conn_alloc() is called, tipc_conn_close() may free this
con before deferencing it in tipc_topsrv_accept():
tipc_conn_alloc();
newsk = newsock->sk;
<---- tipc_conn_close();
write_lock_bh(&sk->sk_callback_lock);
newsk->sk_data_ready = tipc_conn_data_ready;
Then an uaf issue can be triggered:
BUG: KASAN: use-after-free in tipc_topsrv_accept+0x1e7/0x370 [tipc]
Call Trace:
<TASK>
dump_stack_lvl+0x33/0x46
print_report+0x178/0x4b0
kasan_report+0x8c/0x100
kasan_check_range+0x179/0x1e0
tipc_topsrv_accept+0x1e7/0x370 [tipc]
process_one_work+0x6a3/0x1030
worker_thread+0x8a/0xdf0
This patch fixes it by holding it in tipc_conn_alloc(), then after
all accessing in tipc_topsrv_accept() releasing it. Note when does
this in tipc_topsrv_kern_subscr(), as tipc_conn_rcv_sub() returns
0 or -1 only, we don't need to check for "> 0".
Fixes: c5fa7b3cf3cb ("tipc: introduce new TIPC server infrastructure")
Signed-off-by: Xin Long <lucien.xin@gmail.com>
Acked-by: Jon Maloy <jmaloy@redhat.com>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/tipc/topsrv.c | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/net/tipc/topsrv.c b/net/tipc/topsrv.c
index b0f9aa521670..e3b427a70398 100644
--- a/net/tipc/topsrv.c
+++ b/net/tipc/topsrv.c
@@ -206,6 +206,7 @@ static struct tipc_conn *tipc_conn_alloc(struct tipc_topsrv *s, struct socket *s
set_bit(CF_CONNECTED, &con->flags);
con->server = s;
con->sock = sock;
+ conn_get(con);
spin_unlock_bh(&s->idr_lock);
return con;
@@ -484,6 +485,7 @@ static void tipc_topsrv_accept(struct work_struct *work)
/* Wake up receive process in case of 'SYN+' message */
newsk->sk_data_ready(newsk);
+ conn_put(con);
}
}
@@ -583,10 +585,11 @@ bool tipc_topsrv_kern_subscr(struct net *net, u32 port, u32 type, u32 lower,
*conid = con->conid;
rc = tipc_conn_rcv_sub(tipc_topsrv(net), con, &sub);
- if (rc >= 0)
- return true;
+ if (rc)
+ conn_put(con);
+
conn_put(con);
- return false;
+ return !rc;
}
void tipc_topsrv_kern_unsubscr(struct net *net, int conid)
--
2.35.1
^ permalink raw reply related [flat|nested] 217+ messages in thread
* [PATCH 5.15 106/206] tipc: check skb_linearize() return value in tipc_disc_rcv()
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (104 preceding siblings ...)
2022-11-30 18:22 ` [PATCH 5.15 105/206] tipc: add an extra conn_get " Greg Kroah-Hartman
@ 2022-11-30 18:22 ` Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 5.15 107/206] xfrm: Fix oops in __xfrm_state_delete() Greg Kroah-Hartman
` (108 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:22 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, YueHaibing, Jon Maloy,
Jakub Kicinski, Sasha Levin
From: YueHaibing <yuehaibing@huawei.com>
[ Upstream commit cd0f6421162201e4b22ce757a1966729323185eb ]
If skb_linearize() fails in tipc_disc_rcv(), we need to free the skb instead of
handle it.
Fixes: 25b0b9c4e835 ("tipc: handle collisions of 32-bit node address hash values")
Signed-off-by: YueHaibing <yuehaibing@huawei.com>
Acked-by: Jon Maloy <jmaloy@redhat.com>
Link: https://lore.kernel.org/r/20221119072832.7896-1-yuehaibing@huawei.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/tipc/discover.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/net/tipc/discover.c b/net/tipc/discover.c
index e8630707901e..e8dcdf267c0c 100644
--- a/net/tipc/discover.c
+++ b/net/tipc/discover.c
@@ -211,7 +211,10 @@ void tipc_disc_rcv(struct net *net, struct sk_buff *skb,
u32 self;
int err;
- skb_linearize(skb);
+ if (skb_linearize(skb)) {
+ kfree_skb(skb);
+ return;
+ }
hdr = buf_msg(skb);
if (caps & TIPC_NODE_ID128)
--
2.35.1
^ permalink raw reply related [flat|nested] 217+ messages in thread
* [PATCH 5.15 107/206] xfrm: Fix oops in __xfrm_state_delete()
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (105 preceding siblings ...)
2022-11-30 18:22 ` [PATCH 5.15 106/206] tipc: check skb_linearize() return value in tipc_disc_rcv() Greg Kroah-Hartman
@ 2022-11-30 18:22 ` Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 5.15 108/206] xfrm: Fix ignored return value in xfrm6_init() Greg Kroah-Hartman
` (107 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:22 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Roth Mark, Zhihao Chen,
Thomas Jarosch, Antony Antony, Herbert Xu, Steffen Klassert,
Sasha Levin
From: Thomas Jarosch <thomas.jarosch@intra2net.com>
[ Upstream commit b97df039a68b2f3e848e238df5d5d06343ea497b ]
Kernel 5.14 added a new "byseq" index to speed
up xfrm_state lookups by sequence number in commit
fe9f1d8779cb ("xfrm: add state hashtable keyed by seq")
While the patch was thorough, the function pfkey_send_new_mapping()
in net/af_key.c also modifies x->km.seq and never added
the current xfrm_state to the "byseq" index.
This leads to the following kernel Ooops:
BUG: kernel NULL pointer dereference, address: 0000000000000000
..
RIP: 0010:__xfrm_state_delete+0xc9/0x1c0
..
Call Trace:
<TASK>
xfrm_state_delete+0x1e/0x40
xfrm_del_sa+0xb0/0x110 [xfrm_user]
xfrm_user_rcv_msg+0x12d/0x270 [xfrm_user]
? remove_entity_load_avg+0x8a/0xa0
? copy_to_user_state_extra+0x580/0x580 [xfrm_user]
netlink_rcv_skb+0x51/0x100
xfrm_netlink_rcv+0x30/0x50 [xfrm_user]
netlink_unicast+0x1a6/0x270
netlink_sendmsg+0x22a/0x480
__sys_sendto+0x1a6/0x1c0
? __audit_syscall_entry+0xd8/0x130
? __audit_syscall_exit+0x249/0x2b0
__x64_sys_sendto+0x23/0x30
do_syscall_64+0x3a/0x90
entry_SYSCALL_64_after_hwframe+0x61/0xcb
Exact location of the crash in __xfrm_state_delete():
if (x->km.seq)
hlist_del_rcu(&x->byseq);
The hlist_node "byseq" was never populated.
The bug only triggers if a new NAT traversal mapping (changed IP or port)
is detected in esp_input_done2() / esp6_input_done2(), which in turn
indirectly calls pfkey_send_new_mapping() *if* the kernel is compiled
with CONFIG_NET_KEY and "af_key" is active.
The PF_KEYv2 message SADB_X_NAT_T_NEW_MAPPING is not part of RFC 2367.
Various implementations have been examined how they handle
the "sadb_msg_seq" header field:
- racoon (Android): does not process SADB_X_NAT_T_NEW_MAPPING
- strongswan: does not care about sadb_msg_seq
- openswan: does not care about sadb_msg_seq
There is no standard how PF_KEYv2 sadb_msg_seq should be populated
for SADB_X_NAT_T_NEW_MAPPING and it's not used in popular
implementations either. Herbert Xu suggested we should just
use the current km.seq value as is. This fixes the root cause
of the oops since we no longer modify km.seq itself.
The update of "km.seq" looks like a copy'n'paste error
from pfkey_send_acquire(). SADB_ACQUIRE must indeed assign a unique km.seq
number according to RFC 2367. It has been verified that code paths
involving pfkey_send_acquire() don't cause the same Oops.
PF_KEYv2 SADB_X_NAT_T_NEW_MAPPING support was originally added here:
https://git.kernel.org/pub/scm/linux/kernel/git/tglx/history.git
commit cbc3488685b20e7b2a98ad387a1a816aada569d8
Author: Derek Atkins <derek@ihtfp.com>
AuthorDate: Wed Apr 2 13:21:02 2003 -0800
[IPSEC]: Implement UDP Encapsulation framework.
In particular, implement ESPinUDP encapsulation for IPsec
Nat Traversal.
A note on triggering the bug: I was not able to trigger it using VMs.
There is one VPN using a high latency link on our production VPN server
that triggered it like once a day though.
Link: https://github.com/strongswan/strongswan/issues/992
Link: https://lore.kernel.org/netdev/00959f33ee52c4b3b0084d42c430418e502db554.1652340703.git.antony.antony@secunet.com/T/
Link: https://lore.kernel.org/netdev/20221027142455.3975224-1-chenzhihao@meizu.com/T/
Fixes: fe9f1d8779cb ("xfrm: add state hashtable keyed by seq")
Reported-by: Roth Mark <rothm@mail.com>
Reported-by: Zhihao Chen <chenzhihao@meizu.com>
Tested-by: Roth Mark <rothm@mail.com>
Signed-off-by: Thomas Jarosch <thomas.jarosch@intra2net.com>
Acked-by: Antony Antony <antony.antony@secunet.com>
Acked-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/key/af_key.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/key/af_key.c b/net/key/af_key.c
index a654bd4bc437..1d6ae1df3886 100644
--- a/net/key/af_key.c
+++ b/net/key/af_key.c
@@ -3394,7 +3394,7 @@ static int pfkey_send_new_mapping(struct xfrm_state *x, xfrm_address_t *ipaddr,
hdr->sadb_msg_len = size / sizeof(uint64_t);
hdr->sadb_msg_errno = 0;
hdr->sadb_msg_reserved = 0;
- hdr->sadb_msg_seq = x->km.seq = get_acqseq();
+ hdr->sadb_msg_seq = x->km.seq;
hdr->sadb_msg_pid = 0;
/* SA */
--
2.35.1
^ permalink raw reply related [flat|nested] 217+ messages in thread
* [PATCH 5.15 108/206] xfrm: Fix ignored return value in xfrm6_init()
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (106 preceding siblings ...)
2022-11-30 18:22 ` [PATCH 5.15 107/206] xfrm: Fix oops in __xfrm_state_delete() Greg Kroah-Hartman
@ 2022-11-30 18:22 ` Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 5.15 109/206] net: wwan: iosm: use ACPI_FREE() but not kfree() in ipc_pcie_read_bios_cfg() Greg Kroah-Hartman
` (106 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:22 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Chen Zhongjin, Leon Romanovsky,
Steffen Klassert, Sasha Levin
From: Chen Zhongjin <chenzhongjin@huawei.com>
[ Upstream commit 40781bfb836eda57d19c0baa37c7e72590e05fdc ]
When IPv6 module initializing in xfrm6_init(), register_pernet_subsys()
is possible to fail but its return value is ignored.
If IPv6 initialization fails later and xfrm6_fini() is called,
removing uninitialized list in xfrm6_net_ops will cause null-ptr-deref:
KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f]
CPU: 1 PID: 330 Comm: insmod
RIP: 0010:unregister_pernet_operations+0xc9/0x450
Call Trace:
<TASK>
unregister_pernet_subsys+0x31/0x3e
xfrm6_fini+0x16/0x30 [ipv6]
ip6_route_init+0xcd/0x128 [ipv6]
inet6_init+0x29c/0x602 [ipv6]
...
Fix it by catching the error return value of register_pernet_subsys().
Fixes: 8d068875caca ("xfrm: make gc_thresh configurable in all namespaces")
Signed-off-by: Chen Zhongjin <chenzhongjin@huawei.com>
Reviewed-by: Leon Romanovsky <leonro@nvidia.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/ipv6/xfrm6_policy.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/net/ipv6/xfrm6_policy.c b/net/ipv6/xfrm6_policy.c
index af7a4b8b1e9c..247296e3294b 100644
--- a/net/ipv6/xfrm6_policy.c
+++ b/net/ipv6/xfrm6_policy.c
@@ -289,9 +289,13 @@ int __init xfrm6_init(void)
if (ret)
goto out_state;
- register_pernet_subsys(&xfrm6_net_ops);
+ ret = register_pernet_subsys(&xfrm6_net_ops);
+ if (ret)
+ goto out_protocol;
out:
return ret;
+out_protocol:
+ xfrm6_protocol_fini();
out_state:
xfrm6_state_fini();
out_policy:
--
2.35.1
^ permalink raw reply related [flat|nested] 217+ messages in thread
* [PATCH 5.15 109/206] net: wwan: iosm: use ACPI_FREE() but not kfree() in ipc_pcie_read_bios_cfg()
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (107 preceding siblings ...)
2022-11-30 18:22 ` [PATCH 5.15 108/206] xfrm: Fix ignored return value in xfrm6_init() Greg Kroah-Hartman
@ 2022-11-30 18:22 ` Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 5.15 110/206] sfc: fix potential memleak in __ef100_hard_start_xmit() Greg Kroah-Hartman
` (105 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:22 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Wang ShaoBo, Paolo Abeni, Sasha Levin
From: Wang ShaoBo <bobo.shaobowang@huawei.com>
[ Upstream commit e541dd7763fc34aec2f93f652a396cc2e7b92d8d ]
acpi_evaluate_dsm() should be coupled with ACPI_FREE() to free the ACPI
memory, because we need to track the allocation of acpi_object when
ACPI_DBG_TRACK_ALLOCATIONS enabled, so use ACPI_FREE() instead of kfree().
Fixes: d38a648d2d6c ("net: wwan: iosm: fix memory leak in ipc_pcie_read_bios_cfg")
Signed-off-by: Wang ShaoBo <bobo.shaobowang@huawei.com>
Link: https://lore.kernel.org/r/20221118062447.2324881-1-bobo.shaobowang@huawei.com
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wwan/iosm/iosm_ipc_pcie.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/wwan/iosm/iosm_ipc_pcie.c b/drivers/net/wwan/iosm/iosm_ipc_pcie.c
index 01df23835be0..8b4222b137d1 100644
--- a/drivers/net/wwan/iosm/iosm_ipc_pcie.c
+++ b/drivers/net/wwan/iosm/iosm_ipc_pcie.c
@@ -249,7 +249,7 @@ static enum ipc_pcie_sleep_state ipc_pcie_read_bios_cfg(struct device *dev)
if (object->integer.value == 3)
sleep_state = IPC_PCIE_D3L2;
- kfree(object);
+ ACPI_FREE(object);
default_ret:
return sleep_state;
--
2.35.1
^ permalink raw reply related [flat|nested] 217+ messages in thread
* [PATCH 5.15 110/206] sfc: fix potential memleak in __ef100_hard_start_xmit()
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (108 preceding siblings ...)
2022-11-30 18:22 ` [PATCH 5.15 109/206] net: wwan: iosm: use ACPI_FREE() but not kfree() in ipc_pcie_read_bios_cfg() Greg Kroah-Hartman
@ 2022-11-30 18:22 ` Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 5.15 111/206] net: sparx5: fix error handling in sparx5_port_open() Greg Kroah-Hartman
` (104 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:22 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Zhang Changzhong, Martin Habets,
Leon Romanovsky, Paolo Abeni, Sasha Levin
From: Zhang Changzhong <zhangchangzhong@huawei.com>
[ Upstream commit aad98abd5cb8133507f22654f56bcb443aaa2d89 ]
The __ef100_hard_start_xmit() returns NETDEV_TX_OK without freeing skb
in error handling case, add dev_kfree_skb_any() to fix it.
Fixes: 51b35a454efd ("sfc: skeleton EF100 PF driver")
Signed-off-by: Zhang Changzhong <zhangchangzhong@huawei.com>
Acked-by: Martin Habets <habetsm.xilinx@gmail.com>
Reviewed-by: Leon Romanovsky <leonro@nvidia.com>
Link: https://lore.kernel.org/r/1668671409-10909-1-git-send-email-zhangchangzhong@huawei.com
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/sfc/ef100_netdev.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/net/ethernet/sfc/ef100_netdev.c b/drivers/net/ethernet/sfc/ef100_netdev.c
index 67fe44db6b61..63a44ee763be 100644
--- a/drivers/net/ethernet/sfc/ef100_netdev.c
+++ b/drivers/net/ethernet/sfc/ef100_netdev.c
@@ -200,6 +200,7 @@ static netdev_tx_t ef100_hard_start_xmit(struct sk_buff *skb,
skb->len, skb->data_len, channel->channel);
if (!efx->n_channels || !efx->n_tx_channels || !channel) {
netif_stop_queue(net_dev);
+ dev_kfree_skb_any(skb);
goto err;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 217+ messages in thread
* [PATCH 5.15 111/206] net: sparx5: fix error handling in sparx5_port_open()
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (109 preceding siblings ...)
2022-11-30 18:22 ` [PATCH 5.15 110/206] sfc: fix potential memleak in __ef100_hard_start_xmit() Greg Kroah-Hartman
@ 2022-11-30 18:22 ` Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 5.15 112/206] net: sched: allow act_ct to be built without NF_NAT Greg Kroah-Hartman
` (103 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:22 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Liu Jian, Bjarni Jonasson,
Steen Hegelund, Paolo Abeni, Sasha Levin
From: Liu Jian <liujian56@huawei.com>
[ Upstream commit 4305fe232b8aa59af3761adc9fe6b6aa40913960 ]
If phylink_of_phy_connect() fails, the port should be disabled.
If sparx5_serdes_set()/phy_power_on() fails, the port should be
disabled and the phylink should be stopped and disconnected.
Fixes: 946e7fd5053a ("net: sparx5: add port module support")
Fixes: f3cad2611a77 ("net: sparx5: add hostmode with phylink support")
Signed-off-by: Liu Jian <liujian56@huawei.com>
Tested-by: Bjarni Jonasson <bjarni.jonasson@microchip.com>
Reviewed-by: Steen Hegelund <steen.hegelund@microchip.com>
Link: https://lore.kernel.org/r/20221117125918.203997-1-liujian56@huawei.com
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
.../net/ethernet/microchip/sparx5/sparx5_netdev.c | 14 ++++++++++++--
1 file changed, 12 insertions(+), 2 deletions(-)
diff --git a/drivers/net/ethernet/microchip/sparx5/sparx5_netdev.c b/drivers/net/ethernet/microchip/sparx5/sparx5_netdev.c
index cb68eaaac881..5c7b21ce64ed 100644
--- a/drivers/net/ethernet/microchip/sparx5/sparx5_netdev.c
+++ b/drivers/net/ethernet/microchip/sparx5/sparx5_netdev.c
@@ -83,7 +83,7 @@ static int sparx5_port_open(struct net_device *ndev)
err = phylink_of_phy_connect(port->phylink, port->of_node, 0);
if (err) {
netdev_err(ndev, "Could not attach to PHY\n");
- return err;
+ goto err_connect;
}
phylink_start(port->phylink);
@@ -95,10 +95,20 @@ static int sparx5_port_open(struct net_device *ndev)
err = sparx5_serdes_set(port->sparx5, port, &port->conf);
else
err = phy_power_on(port->serdes);
- if (err)
+ if (err) {
netdev_err(ndev, "%s failed\n", __func__);
+ goto out_power;
+ }
}
+ return 0;
+
+out_power:
+ phylink_stop(port->phylink);
+ phylink_disconnect_phy(port->phylink);
+err_connect:
+ sparx5_port_enable(port, false);
+
return err;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 217+ messages in thread
* [PATCH 5.15 112/206] net: sched: allow act_ct to be built without NF_NAT
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (110 preceding siblings ...)
2022-11-30 18:22 ` [PATCH 5.15 111/206] net: sparx5: fix error handling in sparx5_port_open() Greg Kroah-Hartman
@ 2022-11-30 18:22 ` Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 5.15 113/206] NFC: nci: fix memory leak in nci_rx_data_packet() Greg Kroah-Hartman
` (102 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:22 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Xin Long, Paolo Abeni, Sasha Levin
From: Xin Long <lucien.xin@gmail.com>
[ Upstream commit 8427fd100c7b7793650e212a81e42f1cf124613d ]
In commit f11fe1dae1c4 ("net/sched: Make NET_ACT_CT depends on NF_NAT"),
it fixed the build failure when NF_NAT is m and NET_ACT_CT is y by
adding depends on NF_NAT for NET_ACT_CT. However, it would also cause
NET_ACT_CT cannot be built without NF_NAT, which is not expected. This
patch fixes it by changing to use "(!NF_NAT || NF_NAT)" as the depend.
Fixes: f11fe1dae1c4 ("net/sched: Make NET_ACT_CT depends on NF_NAT")
Signed-off-by: Xin Long <lucien.xin@gmail.com>
Link: https://lore.kernel.org/r/b6386f28d1ba34721795fb776a91cbdabb203447.1668807183.git.lucien.xin@gmail.com
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/sched/Kconfig | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/sched/Kconfig b/net/sched/Kconfig
index 1e8ab4749c6c..4662a6ce8a7e 100644
--- a/net/sched/Kconfig
+++ b/net/sched/Kconfig
@@ -976,7 +976,7 @@ config NET_ACT_TUNNEL_KEY
config NET_ACT_CT
tristate "connection tracking tc action"
- depends on NET_CLS_ACT && NF_CONNTRACK && NF_NAT && NF_FLOW_TABLE
+ depends on NET_CLS_ACT && NF_CONNTRACK && (!NF_NAT || NF_NAT) && NF_FLOW_TABLE
help
Say Y here to allow sending the packets to conntrack module.
--
2.35.1
^ permalink raw reply related [flat|nested] 217+ messages in thread
* [PATCH 5.15 113/206] NFC: nci: fix memory leak in nci_rx_data_packet()
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (111 preceding siblings ...)
2022-11-30 18:22 ` [PATCH 5.15 112/206] net: sched: allow act_ct to be built without NF_NAT Greg Kroah-Hartman
@ 2022-11-30 18:22 ` Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 5.15 114/206] regulator: twl6030: re-add TWL6032_SUBCLASS Greg Kroah-Hartman
` (101 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:22 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, syzbot+cdb9a427d1bc08815104,
Liu Shixin, Paolo Abeni, Sasha Levin
From: Liu Shixin <liushixin2@huawei.com>
[ Upstream commit 53270fb0fd77fe786d8c07a0793981d797836b93 ]
Syzbot reported a memory leak about skb:
unreferenced object 0xffff88810e144e00 (size 240):
comm "syz-executor284", pid 3701, jiffies 4294952403 (age 12.620s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace:
[<ffffffff83ab79a9>] __alloc_skb+0x1f9/0x270 net/core/skbuff.c:497
[<ffffffff82a5cf64>] alloc_skb include/linux/skbuff.h:1267 [inline]
[<ffffffff82a5cf64>] virtual_ncidev_write+0x24/0xe0 drivers/nfc/virtual_ncidev.c:116
[<ffffffff815f6503>] do_loop_readv_writev fs/read_write.c:759 [inline]
[<ffffffff815f6503>] do_loop_readv_writev fs/read_write.c:743 [inline]
[<ffffffff815f6503>] do_iter_write+0x253/0x300 fs/read_write.c:863
[<ffffffff815f66ed>] vfs_writev+0xdd/0x240 fs/read_write.c:934
[<ffffffff815f68f6>] do_writev+0xa6/0x1c0 fs/read_write.c:977
[<ffffffff848802d5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff848802d5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
In nci_rx_data_packet(), if we don't get a valid conn_info, we will return
directly but forget to release the skb.
Reported-by: syzbot+cdb9a427d1bc08815104@syzkaller.appspotmail.com
Fixes: 4aeee6871e8c ("NFC: nci: Add dynamic logical connections support")
Signed-off-by: Liu Shixin <liushixin2@huawei.com>
Link: https://lore.kernel.org/r/20221118082419.239475-1-liushixin2@huawei.com
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/nfc/nci/data.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/net/nfc/nci/data.c b/net/nfc/nci/data.c
index aa5e712adf07..3d36ea5701f0 100644
--- a/net/nfc/nci/data.c
+++ b/net/nfc/nci/data.c
@@ -279,8 +279,10 @@ void nci_rx_data_packet(struct nci_dev *ndev, struct sk_buff *skb)
nci_plen(skb->data));
conn_info = nci_get_conn_info_by_conn_id(ndev, nci_conn_id(skb->data));
- if (!conn_info)
+ if (!conn_info) {
+ kfree_skb(skb);
return;
+ }
/* strip the nci data header */
skb_pull(skb, NCI_DATA_HDR_SIZE);
--
2.35.1
^ permalink raw reply related [flat|nested] 217+ messages in thread
* [PATCH 5.15 114/206] regulator: twl6030: re-add TWL6032_SUBCLASS
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (112 preceding siblings ...)
2022-11-30 18:22 ` [PATCH 5.15 113/206] NFC: nci: fix memory leak in nci_rx_data_packet() Greg Kroah-Hartman
@ 2022-11-30 18:22 ` Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 5.15 115/206] bnx2x: fix pci device refcount leak in bnx2x_vf_is_pcie_pending() Greg Kroah-Hartman
` (100 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:22 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Andreas Kemnade, Mark Brown, Sasha Levin
From: Andreas Kemnade <andreas@kemnade.info>
[ Upstream commit 3d6c982b26db94cc21bc9f7784f63e8286b7be62 ]
In former times, info->feature was populated via the parent driver
by pdata/regulator_init_data->driver_data for all regulators when
USB_PRODUCT_ID_LSB indicates a TWL6032.
Today, the information is not set, so re-add it at the regulator
definitions.
Fixes: 25d82337705e2 ("regulator: twl: make driver DT only")
Signed-off-by: Andreas Kemnade <andreas@kemnade.info>
Link: https://lore.kernel.org/r/20221120221208.3093727-2-andreas@kemnade.info
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/regulator/twl6030-regulator.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/regulator/twl6030-regulator.c b/drivers/regulator/twl6030-regulator.c
index 430265c404d6..7c7e3648ea4b 100644
--- a/drivers/regulator/twl6030-regulator.c
+++ b/drivers/regulator/twl6030-regulator.c
@@ -530,6 +530,7 @@ static const struct twlreg_info TWL6030_INFO_##label = { \
#define TWL6032_ADJUSTABLE_LDO(label, offset) \
static const struct twlreg_info TWL6032_INFO_##label = { \
.base = offset, \
+ .features = TWL6032_SUBCLASS, \
.desc = { \
.name = #label, \
.id = TWL6032_REG_##label, \
@@ -562,6 +563,7 @@ static const struct twlreg_info TWLFIXED_INFO_##label = { \
#define TWL6032_ADJUSTABLE_SMPS(label, offset) \
static const struct twlreg_info TWLSMPS_INFO_##label = { \
.base = offset, \
+ .features = TWL6032_SUBCLASS, \
.desc = { \
.name = #label, \
.id = TWL6032_REG_##label, \
--
2.35.1
^ permalink raw reply related [flat|nested] 217+ messages in thread
* [PATCH 5.15 115/206] bnx2x: fix pci device refcount leak in bnx2x_vf_is_pcie_pending()
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (113 preceding siblings ...)
2022-11-30 18:22 ` [PATCH 5.15 114/206] regulator: twl6030: re-add TWL6032_SUBCLASS Greg Kroah-Hartman
@ 2022-11-30 18:22 ` Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 5.15 116/206] dma-buf: fix racing conflict of dma_heap_add() Greg Kroah-Hartman
` (99 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:22 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Jakub Kicinski, Yang Yingliang,
Leon Romanovsky, Paolo Abeni, Sasha Levin
From: Yang Yingliang <yangyingliang@huawei.com>
[ Upstream commit 3637a29ccbb6461b7268c5c5db525935d510afc6 ]
As comment of pci_get_domain_bus_and_slot() says, it returns
a pci device with refcount increment, when finish using it,
the caller must decrement the reference count by calling
pci_dev_put(). Call pci_dev_put() before returning from
bnx2x_vf_is_pcie_pending() to avoid refcount leak.
Fixes: b56e9670ffa4 ("bnx2x: Prepare device and initialize VF database")
Suggested-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
Reviewed-by: Leon Romanovsky <leonro@nvidia.com>
Link: https://lore.kernel.org/r/20221119070202.1407648-1-yangyingliang@huawei.com
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/broadcom/bnx2x/bnx2x_sriov.c | 12 ++++++++----
1 file changed, 8 insertions(+), 4 deletions(-)
diff --git a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_sriov.c b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_sriov.c
index 561395731450..a9f202bbada1 100644
--- a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_sriov.c
+++ b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_sriov.c
@@ -795,16 +795,20 @@ static void bnx2x_vf_enable_traffic(struct bnx2x *bp, struct bnx2x_virtf *vf)
static u8 bnx2x_vf_is_pcie_pending(struct bnx2x *bp, u8 abs_vfid)
{
- struct pci_dev *dev;
struct bnx2x_virtf *vf = bnx2x_vf_by_abs_fid(bp, abs_vfid);
+ struct pci_dev *dev;
+ bool pending;
if (!vf)
return false;
dev = pci_get_domain_bus_and_slot(vf->domain, vf->bus, vf->devfn);
- if (dev)
- return bnx2x_is_pcie_pending(dev);
- return false;
+ if (!dev)
+ return false;
+ pending = bnx2x_is_pcie_pending(dev);
+ pci_dev_put(dev);
+
+ return pending;
}
int bnx2x_vf_flr_clnup_epilog(struct bnx2x *bp, u8 abs_vfid)
--
2.35.1
^ permalink raw reply related [flat|nested] 217+ messages in thread
* [PATCH 5.15 116/206] dma-buf: fix racing conflict of dma_heap_add()
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (114 preceding siblings ...)
2022-11-30 18:22 ` [PATCH 5.15 115/206] bnx2x: fix pci device refcount leak in bnx2x_vf_is_pcie_pending() Greg Kroah-Hartman
@ 2022-11-30 18:22 ` Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 5.15 117/206] netfilter: ipset: restore allowing 64 clashing elements in hash:net,iface Greg Kroah-Hartman
` (98 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:22 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Dawei Li, Andrew Davis,
Christian König, Sumit Semwal, Sasha Levin
From: Dawei Li <set_pte_at@outlook.com>
[ Upstream commit 432e25902b9651622578c6248e549297d03caf66 ]
Racing conflict could be:
task A task B
list_for_each_entry
strcmp(h->name))
list_for_each_entry
strcmp(h->name)
kzalloc kzalloc
...... .....
device_create device_create
list_add
list_add
The root cause is that task B has no idea about the fact someone
else(A) has inserted heap with same name when it calls list_add,
so a potential collision occurs.
Fixes: c02a81fba74f ("dma-buf: Add dma-buf heaps framework")
Signed-off-by: Dawei Li <set_pte_at@outlook.com>
Acked-by: Andrew Davis <afd@ti.com>
Acked-by: Christian König <christian.koenig@amd.com>
Signed-off-by: Sumit Semwal <sumit.semwal@linaro.org>
Link: https://patchwork.freedesktop.org/patch/msgid/TYCP286MB2323873BBDF88020781FB986CA3B9@TYCP286MB2323.JPNP286.PROD.OUTLOOK.COM
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/dma-buf/dma-heap.c | 28 +++++++++++++++-------------
1 file changed, 15 insertions(+), 13 deletions(-)
diff --git a/drivers/dma-buf/dma-heap.c b/drivers/dma-buf/dma-heap.c
index 8f5848aa144f..59d158873f4c 100644
--- a/drivers/dma-buf/dma-heap.c
+++ b/drivers/dma-buf/dma-heap.c
@@ -233,18 +233,6 @@ struct dma_heap *dma_heap_add(const struct dma_heap_export_info *exp_info)
return ERR_PTR(-EINVAL);
}
- /* check the name is unique */
- mutex_lock(&heap_list_lock);
- list_for_each_entry(h, &heap_list, list) {
- if (!strcmp(h->name, exp_info->name)) {
- mutex_unlock(&heap_list_lock);
- pr_err("dma_heap: Already registered heap named %s\n",
- exp_info->name);
- return ERR_PTR(-EINVAL);
- }
- }
- mutex_unlock(&heap_list_lock);
-
heap = kzalloc(sizeof(*heap), GFP_KERNEL);
if (!heap)
return ERR_PTR(-ENOMEM);
@@ -283,13 +271,27 @@ struct dma_heap *dma_heap_add(const struct dma_heap_export_info *exp_info)
err_ret = ERR_CAST(dev_ret);
goto err2;
}
- /* Add heap to the list */
+
mutex_lock(&heap_list_lock);
+ /* check the name is unique */
+ list_for_each_entry(h, &heap_list, list) {
+ if (!strcmp(h->name, exp_info->name)) {
+ mutex_unlock(&heap_list_lock);
+ pr_err("dma_heap: Already registered heap named %s\n",
+ exp_info->name);
+ err_ret = ERR_PTR(-EINVAL);
+ goto err3;
+ }
+ }
+
+ /* Add heap to the list */
list_add(&heap->list, &heap_list);
mutex_unlock(&heap_list_lock);
return heap;
+err3:
+ device_destroy(dma_heap_class, heap->heap_devt);
err2:
cdev_del(&heap->heap_cdev);
err1:
--
2.35.1
^ permalink raw reply related [flat|nested] 217+ messages in thread
* [PATCH 5.15 117/206] netfilter: ipset: restore allowing 64 clashing elements in hash:net,iface
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (115 preceding siblings ...)
2022-11-30 18:22 ` [PATCH 5.15 116/206] dma-buf: fix racing conflict of dma_heap_add() Greg Kroah-Hartman
@ 2022-11-30 18:22 ` Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 5.15 118/206] netfilter: flowtable_offload: add missing locking Greg Kroah-Hartman
` (97 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:22 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Jozsef Kadlecsik, Pablo Neira Ayuso,
Sasha Levin
From: Jozsef Kadlecsik <kadlec@netfilter.org>
[ Upstream commit 6a66ce44a51bdfc47721f0c591137df2d4b21247 ]
The commit 510841da1fcc ("netfilter: ipset: enforce documented limit to
prevent allocating huge memory") was too strict and prevented to add up to
64 clashing elements to a hash:net,iface type of set. This patch fixes the
issue and now the type behaves as documented.
Fixes: 510841da1fcc ("netfilter: ipset: enforce documented limit to prevent allocating huge memory")
Signed-off-by: Jozsef Kadlecsik <kadlec@netfilter.org>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/netfilter/ipset/ip_set_hash_gen.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/netfilter/ipset/ip_set_hash_gen.h b/net/netfilter/ipset/ip_set_hash_gen.h
index 3adc291d9ce1..7499192af586 100644
--- a/net/netfilter/ipset/ip_set_hash_gen.h
+++ b/net/netfilter/ipset/ip_set_hash_gen.h
@@ -916,7 +916,7 @@ mtype_add(struct ip_set *set, void *value, const struct ip_set_ext *ext,
#ifdef IP_SET_HASH_WITH_MULTI
if (h->bucketsize >= AHASH_MAX_TUNED)
goto set_full;
- else if (h->bucketsize < multi)
+ else if (h->bucketsize <= multi)
h->bucketsize += AHASH_INIT_SIZE;
#endif
if (n->size >= AHASH_MAX(h)) {
--
2.35.1
^ permalink raw reply related [flat|nested] 217+ messages in thread
* [PATCH 5.15 118/206] netfilter: flowtable_offload: add missing locking
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (116 preceding siblings ...)
2022-11-30 18:22 ` [PATCH 5.15 117/206] netfilter: ipset: restore allowing 64 clashing elements in hash:net,iface Greg Kroah-Hartman
@ 2022-11-30 18:22 ` Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 5.15 119/206] fs: do not update freeing inode i_io_list Greg Kroah-Hartman
` (96 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:22 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Chad Monroe, Felix Fietkau,
Pablo Neira Ayuso, Sasha Levin
From: Felix Fietkau <nbd@nbd.name>
[ Upstream commit bcd9e3c1656d0f7dd9743598c65c3ae24efb38d0 ]
nf_flow_table_block_setup and the driver TC_SETUP_FT call can modify the flow
block cb list while they are being traversed elsewhere, causing a crash.
Add a write lock around the calls to protect readers
Fixes: c29f74e0df7a ("netfilter: nf_flow_table: hardware offload support")
Reported-by: Chad Monroe <chad.monroe@smartrg.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/netfilter/nf_flow_table_offload.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/net/netfilter/nf_flow_table_offload.c b/net/netfilter/nf_flow_table_offload.c
index c4559fae8acd..66c9a6c2b9cf 100644
--- a/net/netfilter/nf_flow_table_offload.c
+++ b/net/netfilter/nf_flow_table_offload.c
@@ -1074,6 +1074,7 @@ static int nf_flow_table_block_setup(struct nf_flowtable *flowtable,
struct flow_block_cb *block_cb, *next;
int err = 0;
+ down_write(&flowtable->flow_block_lock);
switch (cmd) {
case FLOW_BLOCK_BIND:
list_splice(&bo->cb_list, &flowtable->flow_block.cb_list);
@@ -1088,6 +1089,7 @@ static int nf_flow_table_block_setup(struct nf_flowtable *flowtable,
WARN_ON_ONCE(1);
err = -EOPNOTSUPP;
}
+ up_write(&flowtable->flow_block_lock);
return err;
}
@@ -1144,7 +1146,9 @@ static int nf_flow_table_offload_cmd(struct flow_block_offload *bo,
nf_flow_table_block_offload_init(bo, dev_net(dev), cmd, flowtable,
extack);
+ down_write(&flowtable->flow_block_lock);
err = dev->netdev_ops->ndo_setup_tc(dev, TC_SETUP_FT, bo);
+ up_write(&flowtable->flow_block_lock);
if (err < 0)
return err;
--
2.35.1
^ permalink raw reply related [flat|nested] 217+ messages in thread
* [PATCH 5.15 119/206] fs: do not update freeing inode i_io_list
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (117 preceding siblings ...)
2022-11-30 18:22 ` [PATCH 5.15 118/206] netfilter: flowtable_offload: add missing locking Greg Kroah-Hartman
@ 2022-11-30 18:22 ` Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 5.15 120/206] dccp/tcp: Reset saddr on failure after inet6?_hash_connect() Greg Kroah-Hartman
` (95 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:22 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, syzbot+6ba92bd00d5093f7e371,
Jan Kara, Svyatoslav Feldsherov, Theodore Tso, Sasha Levin
From: Svyatoslav Feldsherov <feldsherov@google.com>
[ Upstream commit 4e3c51f4e805291b057d12f5dda5aeb50a538dc4 ]
After commit cbfecb927f42 ("fs: record I_DIRTY_TIME even if inode
already has I_DIRTY_INODE") writeback_single_inode can push inode with
I_DIRTY_TIME set to b_dirty_time list. In case of freeing inode with
I_DIRTY_TIME set this can happen after deletion of inode from i_io_list
at evict. Stack trace is following.
evict
fat_evict_inode
fat_truncate_blocks
fat_flush_inodes
writeback_inode
sync_inode_metadata(inode, sync=0)
writeback_single_inode(inode, wbc) <- wbc->sync_mode == WB_SYNC_NONE
This will lead to use after free in flusher thread.
Similar issue can be triggered if writeback_single_inode in the
stack trace update inode->i_io_list. Add explicit check to avoid it.
Fixes: cbfecb927f42 ("fs: record I_DIRTY_TIME even if inode already has I_DIRTY_INODE")
Reported-by: syzbot+6ba92bd00d5093f7e371@syzkaller.appspotmail.com
Reviewed-by: Jan Kara <jack@suse.cz>
Signed-off-by: Svyatoslav Feldsherov <feldsherov@google.com>
Link: https://lore.kernel.org/r/20221115202001.324188-1-feldsherov@google.com
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/fs-writeback.c | 30 +++++++++++++++++++-----------
1 file changed, 19 insertions(+), 11 deletions(-)
diff --git a/fs/fs-writeback.c b/fs/fs-writeback.c
index 2a27f0256fa3..f4a5a0c2858a 100644
--- a/fs/fs-writeback.c
+++ b/fs/fs-writeback.c
@@ -1739,18 +1739,26 @@ static int writeback_single_inode(struct inode *inode,
wb = inode_to_wb_and_lock_list(inode);
spin_lock(&inode->i_lock);
/*
- * If the inode is now fully clean, then it can be safely removed from
- * its writeback list (if any). Otherwise the flusher threads are
- * responsible for the writeback lists.
+ * If the inode is freeing, its i_io_list shoudn't be updated
+ * as it can be finally deleted at this moment.
*/
- if (!(inode->i_state & I_DIRTY_ALL))
- inode_cgwb_move_to_attached(inode, wb);
- else if (!(inode->i_state & I_SYNC_QUEUED)) {
- if ((inode->i_state & I_DIRTY))
- redirty_tail_locked(inode, wb);
- else if (inode->i_state & I_DIRTY_TIME) {
- inode->dirtied_when = jiffies;
- inode_io_list_move_locked(inode, wb, &wb->b_dirty_time);
+ if (!(inode->i_state & I_FREEING)) {
+ /*
+ * If the inode is now fully clean, then it can be safely
+ * removed from its writeback list (if any). Otherwise the
+ * flusher threads are responsible for the writeback lists.
+ */
+ if (!(inode->i_state & I_DIRTY_ALL))
+ inode_cgwb_move_to_attached(inode, wb);
+ else if (!(inode->i_state & I_SYNC_QUEUED)) {
+ if ((inode->i_state & I_DIRTY))
+ redirty_tail_locked(inode, wb);
+ else if (inode->i_state & I_DIRTY_TIME) {
+ inode->dirtied_when = jiffies;
+ inode_io_list_move_locked(inode,
+ wb,
+ &wb->b_dirty_time);
+ }
}
}
--
2.35.1
^ permalink raw reply related [flat|nested] 217+ messages in thread
* [PATCH 5.15 120/206] dccp/tcp: Reset saddr on failure after inet6?_hash_connect().
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (118 preceding siblings ...)
2022-11-30 18:22 ` [PATCH 5.15 119/206] fs: do not update freeing inode i_io_list Greg Kroah-Hartman
@ 2022-11-30 18:22 ` Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 5.15 121/206] ipv4: Fix error return code in fib_table_insert() Greg Kroah-Hartman
` (94 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:22 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Kuniyuki Iwashima, Joanne Koong,
Eric Dumazet, Jakub Kicinski, Sasha Levin
From: Kuniyuki Iwashima <kuniyu@amazon.com>
[ Upstream commit 77934dc6db0d2b111a8f2759e9ad2fb67f5cffa5 ]
When connect() is called on a socket bound to the wildcard address,
we change the socket's saddr to a local address. If the socket
fails to connect() to the destination, we have to reset the saddr.
However, when an error occurs after inet_hash6?_connect() in
(dccp|tcp)_v[46]_conect(), we forget to reset saddr and leave
the socket bound to the address.
>From the user's point of view, whether saddr is reset or not varies
with errno. Let's fix this inconsistent behaviour.
Note that after this patch, the repro [0] will trigger the WARN_ON()
in inet_csk_get_port() again, but this patch is not buggy and rather
fixes a bug papering over the bhash2's bug for which we need another
fix.
For the record, the repro causes -EADDRNOTAVAIL in inet_hash6_connect()
by this sequence:
s1 = socket()
s1.setsockopt(SOL_SOCKET, SO_REUSEADDR, 1)
s1.bind(('127.0.0.1', 10000))
s1.sendto(b'hello', MSG_FASTOPEN, (('127.0.0.1', 10000)))
# or s1.connect(('127.0.0.1', 10000))
s2 = socket()
s2.setsockopt(SOL_SOCKET, SO_REUSEADDR, 1)
s2.bind(('0.0.0.0', 10000))
s2.connect(('127.0.0.1', 10000)) # -EADDRNOTAVAIL
s2.listen(32) # WARN_ON(inet_csk(sk)->icsk_bind2_hash != tb2);
[0]: https://syzkaller.appspot.com/bug?extid=015d756bbd1f8b5c8f09
Fixes: 3df80d9320bc ("[DCCP]: Introduce DCCPv6")
Fixes: 7c657876b63c ("[DCCP]: Initial implementation")
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Signed-off-by: Kuniyuki Iwashima <kuniyu@amazon.com>
Acked-by: Joanne Koong <joannelkoong@gmail.com>
Reviewed-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/dccp/ipv4.c | 2 ++
net/dccp/ipv6.c | 2 ++
net/ipv4/tcp_ipv4.c | 2 ++
net/ipv6/tcp_ipv6.c | 2 ++
4 files changed, 8 insertions(+)
diff --git a/net/dccp/ipv4.c b/net/dccp/ipv4.c
index 0ea29270d7e5..5bcfa1e9a941 100644
--- a/net/dccp/ipv4.c
+++ b/net/dccp/ipv4.c
@@ -137,6 +137,8 @@ int dccp_v4_connect(struct sock *sk, struct sockaddr *uaddr, int addr_len)
* This unhashes the socket and releases the local port, if necessary.
*/
dccp_set_state(sk, DCCP_CLOSED);
+ if (!(sk->sk_userlocks & SOCK_BINDADDR_LOCK))
+ inet_reset_saddr(sk);
ip_rt_put(rt);
sk->sk_route_caps = 0;
inet->inet_dport = 0;
diff --git a/net/dccp/ipv6.c b/net/dccp/ipv6.c
index fa663518fa0e..071620622e1e 100644
--- a/net/dccp/ipv6.c
+++ b/net/dccp/ipv6.c
@@ -967,6 +967,8 @@ static int dccp_v6_connect(struct sock *sk, struct sockaddr *uaddr,
late_failure:
dccp_set_state(sk, DCCP_CLOSED);
+ if (!(sk->sk_userlocks & SOCK_BINDADDR_LOCK))
+ inet_reset_saddr(sk);
__sk_dst_reset(sk);
failure:
inet->inet_dport = 0;
diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c
index 42d4af632495..0e1fbad17dbe 100644
--- a/net/ipv4/tcp_ipv4.c
+++ b/net/ipv4/tcp_ipv4.c
@@ -324,6 +324,8 @@ int tcp_v4_connect(struct sock *sk, struct sockaddr *uaddr, int addr_len)
* if necessary.
*/
tcp_set_state(sk, TCP_CLOSE);
+ if (!(sk->sk_userlocks & SOCK_BINDADDR_LOCK))
+ inet_reset_saddr(sk);
ip_rt_put(rt);
sk->sk_route_caps = 0;
inet->inet_dport = 0;
diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c
index 51f4d330e820..93b3e7c247ce 100644
--- a/net/ipv6/tcp_ipv6.c
+++ b/net/ipv6/tcp_ipv6.c
@@ -339,6 +339,8 @@ static int tcp_v6_connect(struct sock *sk, struct sockaddr *uaddr,
late_failure:
tcp_set_state(sk, TCP_CLOSE);
+ if (!(sk->sk_userlocks & SOCK_BINDADDR_LOCK))
+ inet_reset_saddr(sk);
failure:
inet->inet_dport = 0;
sk->sk_route_caps = 0;
--
2.35.1
^ permalink raw reply related [flat|nested] 217+ messages in thread
* [PATCH 5.15 121/206] ipv4: Fix error return code in fib_table_insert()
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (119 preceding siblings ...)
2022-11-30 18:22 ` [PATCH 5.15 120/206] dccp/tcp: Reset saddr on failure after inet6?_hash_connect() Greg Kroah-Hartman
@ 2022-11-30 18:22 ` Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 5.15 122/206] arcnet: fix potential memory leak in com20020_probe() Greg Kroah-Hartman
` (93 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:22 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Ziyang Xuan, Jakub Kicinski, Sasha Levin
From: Ziyang Xuan <william.xuanziyang@huawei.com>
[ Upstream commit 568fe84940ac0e4e0b2cd7751b8b4911f7b9c215 ]
In fib_table_insert(), if the alias was already inserted, but node not
exist, the error code should be set before return from error handling path.
Fixes: a6c76c17df02 ("ipv4: Notify route after insertion to the routing table")
Signed-off-by: Ziyang Xuan <william.xuanziyang@huawei.com>
Link: https://lore.kernel.org/r/20221120072838.2167047-1-william.xuanziyang@huawei.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/ipv4/fib_trie.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/net/ipv4/fib_trie.c b/net/ipv4/fib_trie.c
index 19c6e7b93d3d..52f9f69f57b3 100644
--- a/net/ipv4/fib_trie.c
+++ b/net/ipv4/fib_trie.c
@@ -1375,8 +1375,10 @@ int fib_table_insert(struct net *net, struct fib_table *tb,
/* The alias was already inserted, so the node must exist. */
l = l ? l : fib_find_node(t, &tp, key);
- if (WARN_ON_ONCE(!l))
+ if (WARN_ON_ONCE(!l)) {
+ err = -ENOENT;
goto out_free_new_fa;
+ }
if (fib_find_alias(&l->leaf, new_fa->fa_slen, 0, 0, tb->tb_id, true) ==
new_fa) {
--
2.35.1
^ permalink raw reply related [flat|nested] 217+ messages in thread
* [PATCH 5.15 122/206] arcnet: fix potential memory leak in com20020_probe()
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (120 preceding siblings ...)
2022-11-30 18:22 ` [PATCH 5.15 121/206] ipv4: Fix error return code in fib_table_insert() Greg Kroah-Hartman
@ 2022-11-30 18:22 ` Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 5.15 123/206] s390/dasd: fix no record found for raw_track_access Greg Kroah-Hartman
` (92 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:22 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Wang Hai, David S. Miller, Sasha Levin
From: Wang Hai <wanghai38@huawei.com>
[ Upstream commit 1c40cde6b5171d9c8dfc69be00464fd1c75e210b ]
In com20020_probe(), if com20020_config() fails, dev and info
will not be freed, which will lead to a memory leak.
This patch adds freeing dev and info after com20020_config()
fails to fix this bug.
Compile tested only.
Fixes: 15b99ac17295 ("[PATCH] pcmcia: add return value to _config() functions")
Signed-off-by: Wang Hai <wanghai38@huawei.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/arcnet/com20020_cs.c | 11 +++++++++--
1 file changed, 9 insertions(+), 2 deletions(-)
diff --git a/drivers/net/arcnet/com20020_cs.c b/drivers/net/arcnet/com20020_cs.c
index b88a109b3b15..26ee263d8f3a 100644
--- a/drivers/net/arcnet/com20020_cs.c
+++ b/drivers/net/arcnet/com20020_cs.c
@@ -113,6 +113,7 @@ static int com20020_probe(struct pcmcia_device *p_dev)
struct com20020_dev *info;
struct net_device *dev;
struct arcnet_local *lp;
+ int ret = -ENOMEM;
dev_dbg(&p_dev->dev, "com20020_attach()\n");
@@ -142,12 +143,18 @@ static int com20020_probe(struct pcmcia_device *p_dev)
info->dev = dev;
p_dev->priv = info;
- return com20020_config(p_dev);
+ ret = com20020_config(p_dev);
+ if (ret)
+ goto fail_config;
+
+ return 0;
+fail_config:
+ free_arcdev(dev);
fail_alloc_dev:
kfree(info);
fail_alloc_info:
- return -ENOMEM;
+ return ret;
} /* com20020_attach */
static void com20020_detach(struct pcmcia_device *link)
--
2.35.1
^ permalink raw reply related [flat|nested] 217+ messages in thread
* [PATCH 5.15 123/206] s390/dasd: fix no record found for raw_track_access
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (121 preceding siblings ...)
2022-11-30 18:22 ` [PATCH 5.15 122/206] arcnet: fix potential memory leak in com20020_probe() Greg Kroah-Hartman
@ 2022-11-30 18:22 ` Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 5.15 124/206] nfc: st-nci: fix incorrect validating logic in EVT_TRANSACTION Greg Kroah-Hartman
` (91 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:22 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Stefan Haberland, Jan Hoeppner,
Jens Axboe, Sasha Levin
From: Stefan Haberland <sth@linux.ibm.com>
[ Upstream commit 590ce6d96d6a224b470a3862c33a483d5022bfdb ]
For DASD devices in raw_track_access mode only full track images are
read and written.
For this purpose it is not necessary to do search operation in the
locate record extended function. The documentation even states that
this might fail if the searched record is not found on a track.
Currently the driver sets a value of 1 in the search field for the first
record after record zero. This is the default for disks not in
raw_track_access mode but record 1 might be missing on a completely
empty track.
There has not been any problem with this on IBM storage servers but it
might lead to errors with DASD devices on other vendors storage servers.
Fix this by setting the search field to 0. Record zero is always available
even on a completely empty track.
Fixes: e4dbb0f2b5dd ("[S390] dasd: Add support for raw ECKD access.")
Signed-off-by: Stefan Haberland <sth@linux.ibm.com>
Reviewed-by: Jan Hoeppner <hoeppner@linux.ibm.com>
Link: https://lore.kernel.org/r/20221123160719.3002694-4-sth@linux.ibm.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/s390/block/dasd_eckd.c | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/drivers/s390/block/dasd_eckd.c b/drivers/s390/block/dasd_eckd.c
index ff7b7d470e96..57dfc92aa756 100644
--- a/drivers/s390/block/dasd_eckd.c
+++ b/drivers/s390/block/dasd_eckd.c
@@ -4696,7 +4696,6 @@ static struct dasd_ccw_req *dasd_eckd_build_cp_raw(struct dasd_device *startdev,
struct dasd_device *basedev;
struct req_iterator iter;
struct dasd_ccw_req *cqr;
- unsigned int first_offs;
unsigned int trkcount;
unsigned long *idaws;
unsigned int size;
@@ -4730,7 +4729,6 @@ static struct dasd_ccw_req *dasd_eckd_build_cp_raw(struct dasd_device *startdev,
last_trk = (blk_rq_pos(req) + blk_rq_sectors(req) - 1) /
DASD_RAW_SECTORS_PER_TRACK;
trkcount = last_trk - first_trk + 1;
- first_offs = 0;
if (rq_data_dir(req) == READ)
cmd = DASD_ECKD_CCW_READ_TRACK;
@@ -4774,13 +4772,13 @@ static struct dasd_ccw_req *dasd_eckd_build_cp_raw(struct dasd_device *startdev,
if (use_prefix) {
prefix_LRE(ccw++, data, first_trk, last_trk, cmd, basedev,
- startdev, 1, first_offs + 1, trkcount, 0, 0);
+ startdev, 1, 0, trkcount, 0, 0);
} else {
define_extent(ccw++, data, first_trk, last_trk, cmd, basedev, 0);
ccw[-1].flags |= CCW_FLAG_CC;
data += sizeof(struct DE_eckd_data);
- locate_record_ext(ccw++, data, first_trk, first_offs + 1,
+ locate_record_ext(ccw++, data, first_trk, 0,
trkcount, cmd, basedev, 0, 0);
}
--
2.35.1
^ permalink raw reply related [flat|nested] 217+ messages in thread
* [PATCH 5.15 124/206] nfc: st-nci: fix incorrect validating logic in EVT_TRANSACTION
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (122 preceding siblings ...)
2022-11-30 18:22 ` [PATCH 5.15 123/206] s390/dasd: fix no record found for raw_track_access Greg Kroah-Hartman
@ 2022-11-30 18:22 ` Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 5.15 125/206] nfc: st-nci: fix memory leaks " Greg Kroah-Hartman
` (90 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:22 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Denis Efremov, Guenter Roeck,
Martin Faltesek, Krzysztof Kozlowski, Jakub Kicinski,
Sasha Levin
From: Martin Faltesek <mfaltesek@google.com>
[ Upstream commit c60c152230828825c06e62a8f1ce956d4b659266 ]
The first validation check for EVT_TRANSACTION has two different checks
tied together with logical AND. One is a check for minimum packet length,
and the other is for a valid aid_tag. If either condition is true (fails),
then an error should be triggered. The fix is to change && to ||.
Reported-by: Denis Efremov <denis.e.efremov@oracle.com>
Reviewed-by: Guenter Roeck <groeck@google.com>
Fixes: 5d1ceb7f5e56 ("NFC: st21nfcb: Add HCI transaction event support")
Signed-off-by: Martin Faltesek <mfaltesek@google.com>
Reviewed-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/nfc/st-nci/se.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/nfc/st-nci/se.c b/drivers/nfc/st-nci/se.c
index 5fd89f72969d..522b7a128f4c 100644
--- a/drivers/nfc/st-nci/se.c
+++ b/drivers/nfc/st-nci/se.c
@@ -326,7 +326,7 @@ static int st_nci_hci_connectivity_event_received(struct nci_dev *ndev,
* AID 81 5 to 16
* PARAMETERS 82 0 to 255
*/
- if (skb->len < NFC_MIN_AID_LENGTH + 2 &&
+ if (skb->len < NFC_MIN_AID_LENGTH + 2 ||
skb->data[0] != NFC_EVT_TRANSACTION_AID_TAG)
return -EPROTO;
--
2.35.1
^ permalink raw reply related [flat|nested] 217+ messages in thread
* [PATCH 5.15 125/206] nfc: st-nci: fix memory leaks in EVT_TRANSACTION
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (123 preceding siblings ...)
2022-11-30 18:22 ` [PATCH 5.15 124/206] nfc: st-nci: fix incorrect validating logic in EVT_TRANSACTION Greg Kroah-Hartman
@ 2022-11-30 18:22 ` Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 5.15 126/206] nfc: st-nci: fix incorrect sizing calculations " Greg Kroah-Hartman
` (89 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:22 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Denis Efremov, Guenter Roeck,
Martin Faltesek, Krzysztof Kozlowski, Jakub Kicinski,
Sasha Levin
From: Martin Faltesek <mfaltesek@google.com>
[ Upstream commit 440f2ae9c9f06e26f5dcea697a53717fc61a318c ]
Error path does not free previously allocated memory. Add devm_kfree() to
the failure path.
Reported-by: Denis Efremov <denis.e.efremov@oracle.com>
Reviewed-by: Guenter Roeck <groeck@google.com>
Fixes: 5d1ceb7f5e56 ("NFC: st21nfcb: Add HCI transaction event support")
Signed-off-by: Martin Faltesek <mfaltesek@google.com>
Reviewed-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/nfc/st-nci/se.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/nfc/st-nci/se.c b/drivers/nfc/st-nci/se.c
index 522b7a128f4c..a915cad909b4 100644
--- a/drivers/nfc/st-nci/se.c
+++ b/drivers/nfc/st-nci/se.c
@@ -339,8 +339,10 @@ static int st_nci_hci_connectivity_event_received(struct nci_dev *ndev,
/* Check next byte is PARAMETERS tag (82) */
if (skb->data[transaction->aid_len + 2] !=
- NFC_EVT_TRANSACTION_PARAMS_TAG)
+ NFC_EVT_TRANSACTION_PARAMS_TAG) {
+ devm_kfree(dev, transaction);
return -EPROTO;
+ }
transaction->params_len = skb->data[transaction->aid_len + 3];
memcpy(transaction->params, skb->data +
--
2.35.1
^ permalink raw reply related [flat|nested] 217+ messages in thread
* [PATCH 5.15 126/206] nfc: st-nci: fix incorrect sizing calculations in EVT_TRANSACTION
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (124 preceding siblings ...)
2022-11-30 18:22 ` [PATCH 5.15 125/206] nfc: st-nci: fix memory leaks " Greg Kroah-Hartman
@ 2022-11-30 18:22 ` Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 5.15 127/206] net: enetc: manage ENETC_F_QBV in priv->active_offloads only when enabled Greg Kroah-Hartman
` (88 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:22 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Denis Efremov, Guenter Roeck,
Martin Faltesek, Krzysztof Kozlowski, Jakub Kicinski,
Sasha Levin
From: Martin Faltesek <mfaltesek@google.com>
[ Upstream commit 0254f31a7df3bb3b90c2d9dd2d4052f7b95eb287 ]
The transaction buffer is allocated by using the size of the packet buf,
and subtracting two which seems intended to remove the two tags which are
not present in the target structure. This calculation leads to under
counting memory because of differences between the packet contents and the
target structure. The aid_len field is a u8 in the packet, but a u32 in
the structure, resulting in at least 3 bytes always being under counted.
Further, the aid data is a variable length field in the packet, but fixed
in the structure, so if this field is less than the max, the difference is
added to the under counting.
To fix, perform validation checks progressively to safely reach the
next field, to determine the size of both buffers and verify both tags.
Once all validation checks pass, allocate the buffer and copy the data.
This eliminates freeing memory on the error path, as validation checks are
moved ahead of memory allocation.
Reported-by: Denis Efremov <denis.e.efremov@oracle.com>
Reviewed-by: Guenter Roeck <groeck@google.com>
Fixes: 5d1ceb7f5e56 ("NFC: st21nfcb: Add HCI transaction event support")
Signed-off-by: Martin Faltesek <mfaltesek@google.com>
Reviewed-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/nfc/st-nci/se.c | 51 +++++++++++++++++++++++++++++------------
1 file changed, 36 insertions(+), 15 deletions(-)
diff --git a/drivers/nfc/st-nci/se.c b/drivers/nfc/st-nci/se.c
index a915cad909b4..04a2cea6d6b6 100644
--- a/drivers/nfc/st-nci/se.c
+++ b/drivers/nfc/st-nci/se.c
@@ -312,6 +312,8 @@ static int st_nci_hci_connectivity_event_received(struct nci_dev *ndev,
int r = 0;
struct device *dev = &ndev->nfc_dev->dev;
struct nfc_evt_transaction *transaction;
+ u32 aid_len;
+ u8 params_len;
pr_debug("connectivity gate event: %x\n", event);
@@ -325,28 +327,47 @@ static int st_nci_hci_connectivity_event_received(struct nci_dev *ndev,
* Description Tag Length
* AID 81 5 to 16
* PARAMETERS 82 0 to 255
+ *
+ * The key differences are aid storage length is variably sized
+ * in the packet, but fixed in nfc_evt_transaction, and that
+ * the aid_len is u8 in the packet, but u32 in the structure,
+ * and the tags in the packet are not included in
+ * nfc_evt_transaction.
+ *
+ * size(b): 1 1 5-16 1 1 0-255
+ * offset: 0 1 2 aid_len + 2 aid_len + 3 aid_len + 4
+ * mem name: aid_tag(M) aid_len aid params_tag(M) params_len params
+ * example: 0x81 5-16 X 0x82 0-255 X
*/
- if (skb->len < NFC_MIN_AID_LENGTH + 2 ||
- skb->data[0] != NFC_EVT_TRANSACTION_AID_TAG)
+ if (skb->len < 2 || skb->data[0] != NFC_EVT_TRANSACTION_AID_TAG)
return -EPROTO;
- transaction = devm_kzalloc(dev, skb->len - 2, GFP_KERNEL);
- if (!transaction)
- return -ENOMEM;
+ aid_len = skb->data[1];
- transaction->aid_len = skb->data[1];
- memcpy(transaction->aid, &skb->data[2], transaction->aid_len);
+ if (skb->len < aid_len + 4 ||
+ aid_len > sizeof(transaction->aid))
+ return -EPROTO;
- /* Check next byte is PARAMETERS tag (82) */
- if (skb->data[transaction->aid_len + 2] !=
- NFC_EVT_TRANSACTION_PARAMS_TAG) {
- devm_kfree(dev, transaction);
+ params_len = skb->data[aid_len + 3];
+
+ /* Verify PARAMETERS tag is (82), and final check that there is
+ * enough space in the packet to read everything.
+ */
+ if (skb->data[aid_len + 2] != NFC_EVT_TRANSACTION_PARAMS_TAG ||
+ skb->len < aid_len + 4 + params_len)
return -EPROTO;
- }
- transaction->params_len = skb->data[transaction->aid_len + 3];
- memcpy(transaction->params, skb->data +
- transaction->aid_len + 4, transaction->params_len);
+ transaction = devm_kzalloc(dev, sizeof(*transaction) +
+ params_len, GFP_KERNEL);
+ if (!transaction)
+ return -ENOMEM;
+
+ transaction->aid_len = aid_len;
+ transaction->params_len = params_len;
+
+ memcpy(transaction->aid, &skb->data[2], aid_len);
+ memcpy(transaction->params, &skb->data[aid_len + 4],
+ params_len);
r = nfc_se_transaction(ndev->nfc_dev, host, transaction);
break;
--
2.35.1
^ permalink raw reply related [flat|nested] 217+ messages in thread
* [PATCH 5.15 127/206] net: enetc: manage ENETC_F_QBV in priv->active_offloads only when enabled
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (125 preceding siblings ...)
2022-11-30 18:22 ` [PATCH 5.15 126/206] nfc: st-nci: fix incorrect sizing calculations " Greg Kroah-Hartman
@ 2022-11-30 18:22 ` Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 5.15 128/206] net: enetc: cache accesses to &priv->si->hw Greg Kroah-Hartman
` (87 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:22 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Vladimir Oltean, Claudiu Manoil,
Jakub Kicinski, Sasha Levin
From: Vladimir Oltean <vladimir.oltean@nxp.com>
[ Upstream commit 32bf8e1f6fb9f6dc334b2b98dffc2e5dcd51e513 ]
Future work in this driver would like to look at priv->active_offloads &
ENETC_F_QBV to determine whether a tc-taprio qdisc offload was
installed, but this does not produce the intended effect.
All the other flags in priv->active_offloads are managed dynamically,
except ENETC_F_QBV which is set statically based on the probed SI capability.
This change makes priv->active_offloads & ENETC_F_QBV really track the
presence of a tc-taprio schedule on the port.
Some existing users, like the enetc_sched_speed_set() call from
phylink_mac_link_up(), are best kept using the old logic: the tc-taprio
offload does not re-trigger another link mode resolve, so the scheduler
needs to be functional from the get go, as long as Qbv is supported at
all on the port. So to preserve functionality there, look at the static
station interface capability from pf->si->hw_features instead.
Signed-off-by: Vladimir Oltean <vladimir.oltean@nxp.com>
Reviewed-by: Claudiu Manoil <claudiu.manoil@nxp.com>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Stable-dep-of: 290b5fe096e7 ("net: enetc: preserve TX ring priority across reconfiguration")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/freescale/enetc/enetc_pf.c | 6 ++----
drivers/net/ethernet/freescale/enetc/enetc_qos.c | 6 ++++++
2 files changed, 8 insertions(+), 4 deletions(-)
diff --git a/drivers/net/ethernet/freescale/enetc/enetc_pf.c b/drivers/net/ethernet/freescale/enetc/enetc_pf.c
index 3615357cc60f..5efb079ef25f 100644
--- a/drivers/net/ethernet/freescale/enetc/enetc_pf.c
+++ b/drivers/net/ethernet/freescale/enetc/enetc_pf.c
@@ -800,9 +800,6 @@ static void enetc_pf_netdev_setup(struct enetc_si *si, struct net_device *ndev,
ndev->priv_flags |= IFF_UNICAST_FLT;
- if (si->hw_features & ENETC_SI_F_QBV)
- priv->active_offloads |= ENETC_F_QBV;
-
if (si->hw_features & ENETC_SI_F_PSFP && !enetc_psfp_enable(priv)) {
priv->active_offloads |= ENETC_F_QCI;
ndev->features |= NETIF_F_HW_TC;
@@ -1053,7 +1050,8 @@ static void enetc_pl_mac_link_up(struct phylink_config *config,
int idx;
priv = netdev_priv(pf->si->ndev);
- if (priv->active_offloads & ENETC_F_QBV)
+
+ if (pf->si->hw_features & ENETC_SI_F_QBV)
enetc_sched_speed_set(priv, speed);
if (!phylink_autoneg_inband(mode) &&
diff --git a/drivers/net/ethernet/freescale/enetc/enetc_qos.c b/drivers/net/ethernet/freescale/enetc/enetc_qos.c
index 6b236e0fd806..9fd9abad34f8 100644
--- a/drivers/net/ethernet/freescale/enetc/enetc_qos.c
+++ b/drivers/net/ethernet/freescale/enetc/enetc_qos.c
@@ -71,6 +71,9 @@ static int enetc_setup_taprio(struct net_device *ndev,
enetc_wr(&priv->si->hw,
ENETC_QBV_PTGCR_OFFSET,
tge & (~ENETC_QBV_TGE));
+
+ priv->active_offloads &= ~ENETC_F_QBV;
+
return 0;
}
@@ -136,6 +139,9 @@ static int enetc_setup_taprio(struct net_device *ndev,
dma_free_coherent(&priv->si->pdev->dev, data_size + ENETC_QOS_ALIGN,
tmp, dma);
+ if (!err)
+ priv->active_offloads |= ENETC_F_QBV;
+
return err;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 217+ messages in thread
* [PATCH 5.15 128/206] net: enetc: cache accesses to &priv->si->hw
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (126 preceding siblings ...)
2022-11-30 18:22 ` [PATCH 5.15 127/206] net: enetc: manage ENETC_F_QBV in priv->active_offloads only when enabled Greg Kroah-Hartman
@ 2022-11-30 18:23 ` Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 5.15 129/206] net: enetc: preserve TX ring priority across reconfiguration Greg Kroah-Hartman
` (86 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:23 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Vladimir Oltean, Jakub Kicinski,
Sasha Levin
From: Vladimir Oltean <vladimir.oltean@nxp.com>
[ Upstream commit 715bf2610f1d1adf3d4f9b7b3dd729984ec4270a ]
The &priv->si->hw construct dereferences 2 pointers and makes lines
longer than they need to be, in turn making the code harder to read.
Replace &priv->si->hw accesses with a "hw" variable when there are 2 or
more accesses within a function that dereference this. This includes
loops, since &priv->si->hw is a loop invariant.
Signed-off-by: Vladimir Oltean <vladimir.oltean@nxp.com>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Stable-dep-of: 290b5fe096e7 ("net: enetc: preserve TX ring priority across reconfiguration")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/freescale/enetc/enetc.c | 28 +++++----
drivers/net/ethernet/freescale/enetc/enetc.h | 9 +--
.../net/ethernet/freescale/enetc/enetc_qos.c | 60 +++++++++----------
3 files changed, 49 insertions(+), 48 deletions(-)
diff --git a/drivers/net/ethernet/freescale/enetc/enetc.c b/drivers/net/ethernet/freescale/enetc/enetc.c
index 77d765809c1e..0ced688bf9ba 100644
--- a/drivers/net/ethernet/freescale/enetc/enetc.c
+++ b/drivers/net/ethernet/freescale/enetc/enetc.c
@@ -1831,13 +1831,14 @@ static void enetc_setup_rxbdr(struct enetc_hw *hw, struct enetc_bdr *rx_ring)
static void enetc_setup_bdrs(struct enetc_ndev_priv *priv)
{
+ struct enetc_hw *hw = &priv->si->hw;
int i;
for (i = 0; i < priv->num_tx_rings; i++)
- enetc_setup_txbdr(&priv->si->hw, priv->tx_ring[i]);
+ enetc_setup_txbdr(hw, priv->tx_ring[i]);
for (i = 0; i < priv->num_rx_rings; i++)
- enetc_setup_rxbdr(&priv->si->hw, priv->rx_ring[i]);
+ enetc_setup_rxbdr(hw, priv->rx_ring[i]);
}
static void enetc_clear_rxbdr(struct enetc_hw *hw, struct enetc_bdr *rx_ring)
@@ -1870,13 +1871,14 @@ static void enetc_clear_txbdr(struct enetc_hw *hw, struct enetc_bdr *tx_ring)
static void enetc_clear_bdrs(struct enetc_ndev_priv *priv)
{
+ struct enetc_hw *hw = &priv->si->hw;
int i;
for (i = 0; i < priv->num_tx_rings; i++)
- enetc_clear_txbdr(&priv->si->hw, priv->tx_ring[i]);
+ enetc_clear_txbdr(hw, priv->tx_ring[i]);
for (i = 0; i < priv->num_rx_rings; i++)
- enetc_clear_rxbdr(&priv->si->hw, priv->rx_ring[i]);
+ enetc_clear_rxbdr(hw, priv->rx_ring[i]);
udelay(1);
}
@@ -1884,13 +1886,13 @@ static void enetc_clear_bdrs(struct enetc_ndev_priv *priv)
static int enetc_setup_irqs(struct enetc_ndev_priv *priv)
{
struct pci_dev *pdev = priv->si->pdev;
+ struct enetc_hw *hw = &priv->si->hw;
int i, j, err;
for (i = 0; i < priv->bdr_int_num; i++) {
int irq = pci_irq_vector(pdev, ENETC_BDR_INT_BASE_IDX + i);
struct enetc_int_vector *v = priv->int_vector[i];
int entry = ENETC_BDR_INT_BASE_IDX + i;
- struct enetc_hw *hw = &priv->si->hw;
snprintf(v->name, sizeof(v->name), "%s-rxtx%d",
priv->ndev->name, i);
@@ -1978,13 +1980,14 @@ static void enetc_setup_interrupts(struct enetc_ndev_priv *priv)
static void enetc_clear_interrupts(struct enetc_ndev_priv *priv)
{
+ struct enetc_hw *hw = &priv->si->hw;
int i;
for (i = 0; i < priv->num_tx_rings; i++)
- enetc_txbdr_wr(&priv->si->hw, i, ENETC_TBIER, 0);
+ enetc_txbdr_wr(hw, i, ENETC_TBIER, 0);
for (i = 0; i < priv->num_rx_rings; i++)
- enetc_rxbdr_wr(&priv->si->hw, i, ENETC_RBIER, 0);
+ enetc_rxbdr_wr(hw, i, ENETC_RBIER, 0);
}
static int enetc_phylink_connect(struct net_device *ndev)
@@ -2151,6 +2154,7 @@ int enetc_setup_tc_mqprio(struct net_device *ndev, void *type_data)
{
struct enetc_ndev_priv *priv = netdev_priv(ndev);
struct tc_mqprio_qopt *mqprio = type_data;
+ struct enetc_hw *hw = &priv->si->hw;
struct enetc_bdr *tx_ring;
int num_stack_tx_queues;
u8 num_tc;
@@ -2167,7 +2171,7 @@ int enetc_setup_tc_mqprio(struct net_device *ndev, void *type_data)
/* Reset all ring priorities to 0 */
for (i = 0; i < priv->num_tx_rings; i++) {
tx_ring = priv->tx_ring[i];
- enetc_set_bdr_prio(&priv->si->hw, tx_ring->index, 0);
+ enetc_set_bdr_prio(hw, tx_ring->index, 0);
}
return 0;
@@ -2186,7 +2190,7 @@ int enetc_setup_tc_mqprio(struct net_device *ndev, void *type_data)
*/
for (i = 0; i < num_tc; i++) {
tx_ring = priv->tx_ring[i];
- enetc_set_bdr_prio(&priv->si->hw, tx_ring->index, i);
+ enetc_set_bdr_prio(hw, tx_ring->index, i);
}
/* Reset the number of netdev queues based on the TC count */
@@ -2296,19 +2300,21 @@ static int enetc_set_rss(struct net_device *ndev, int en)
static void enetc_enable_rxvlan(struct net_device *ndev, bool en)
{
struct enetc_ndev_priv *priv = netdev_priv(ndev);
+ struct enetc_hw *hw = &priv->si->hw;
int i;
for (i = 0; i < priv->num_rx_rings; i++)
- enetc_bdr_enable_rxvlan(&priv->si->hw, i, en);
+ enetc_bdr_enable_rxvlan(hw, i, en);
}
static void enetc_enable_txvlan(struct net_device *ndev, bool en)
{
struct enetc_ndev_priv *priv = netdev_priv(ndev);
+ struct enetc_hw *hw = &priv->si->hw;
int i;
for (i = 0; i < priv->num_tx_rings; i++)
- enetc_bdr_enable_txvlan(&priv->si->hw, i, en);
+ enetc_bdr_enable_txvlan(hw, i, en);
}
void enetc_set_features(struct net_device *ndev, netdev_features_t features)
diff --git a/drivers/net/ethernet/freescale/enetc/enetc.h b/drivers/net/ethernet/freescale/enetc/enetc.h
index f304cdb854ec..7ec807bd9828 100644
--- a/drivers/net/ethernet/freescale/enetc/enetc.h
+++ b/drivers/net/ethernet/freescale/enetc/enetc.h
@@ -423,19 +423,20 @@ int enetc_set_psfp(struct net_device *ndev, bool en);
static inline void enetc_get_max_cap(struct enetc_ndev_priv *priv)
{
+ struct enetc_hw *hw = &priv->si->hw;
u32 reg;
- reg = enetc_port_rd(&priv->si->hw, ENETC_PSIDCAPR);
+ reg = enetc_port_rd(hw, ENETC_PSIDCAPR);
priv->psfp_cap.max_streamid = reg & ENETC_PSIDCAPR_MSK;
/* Port stream filter capability */
- reg = enetc_port_rd(&priv->si->hw, ENETC_PSFCAPR);
+ reg = enetc_port_rd(hw, ENETC_PSFCAPR);
priv->psfp_cap.max_psfp_filter = reg & ENETC_PSFCAPR_MSK;
/* Port stream gate capability */
- reg = enetc_port_rd(&priv->si->hw, ENETC_PSGCAPR);
+ reg = enetc_port_rd(hw, ENETC_PSGCAPR);
priv->psfp_cap.max_psfp_gate = (reg & ENETC_PSGCAPR_SGIT_MSK);
priv->psfp_cap.max_psfp_gatelist = (reg & ENETC_PSGCAPR_GCL_MSK) >> 16;
/* Port flow meter capability */
- reg = enetc_port_rd(&priv->si->hw, ENETC_PFMCAPR);
+ reg = enetc_port_rd(hw, ENETC_PFMCAPR);
priv->psfp_cap.max_psfp_meter = reg & ENETC_PFMCAPR_MSK;
}
diff --git a/drivers/net/ethernet/freescale/enetc/enetc_qos.c b/drivers/net/ethernet/freescale/enetc/enetc_qos.c
index 9fd9abad34f8..6baf2619a51e 100644
--- a/drivers/net/ethernet/freescale/enetc/enetc_qos.c
+++ b/drivers/net/ethernet/freescale/enetc/enetc_qos.c
@@ -17,8 +17,9 @@ static u16 enetc_get_max_gcl_len(struct enetc_hw *hw)
void enetc_sched_speed_set(struct enetc_ndev_priv *priv, int speed)
{
+ struct enetc_hw *hw = &priv->si->hw;
u32 old_speed = priv->speed;
- u32 pspeed;
+ u32 pspeed, tmp;
if (speed == old_speed)
return;
@@ -39,10 +40,8 @@ void enetc_sched_speed_set(struct enetc_ndev_priv *priv, int speed)
}
priv->speed = speed;
- enetc_port_wr(&priv->si->hw, ENETC_PMR,
- (enetc_port_rd(&priv->si->hw, ENETC_PMR)
- & (~ENETC_PMR_PSPEED_MASK))
- | pspeed);
+ tmp = enetc_port_rd(hw, ENETC_PMR);
+ enetc_port_wr(hw, ENETC_PMR, (tmp & ~ENETC_PMR_PSPEED_MASK) | pspeed);
}
#define ENETC_QOS_ALIGN 64
@@ -50,6 +49,7 @@ static int enetc_setup_taprio(struct net_device *ndev,
struct tc_taprio_qopt_offload *admin_conf)
{
struct enetc_ndev_priv *priv = netdev_priv(ndev);
+ struct enetc_hw *hw = &priv->si->hw;
struct enetc_cbd cbd = {.cmd = 0};
struct tgs_gcl_conf *gcl_config;
struct tgs_gcl_data *gcl_data;
@@ -62,15 +62,13 @@ static int enetc_setup_taprio(struct net_device *ndev,
int err;
int i;
- if (admin_conf->num_entries > enetc_get_max_gcl_len(&priv->si->hw))
+ if (admin_conf->num_entries > enetc_get_max_gcl_len(hw))
return -EINVAL;
gcl_len = admin_conf->num_entries;
- tge = enetc_rd(&priv->si->hw, ENETC_QBV_PTGCR_OFFSET);
+ tge = enetc_rd(hw, ENETC_QBV_PTGCR_OFFSET);
if (!admin_conf->enable) {
- enetc_wr(&priv->si->hw,
- ENETC_QBV_PTGCR_OFFSET,
- tge & (~ENETC_QBV_TGE));
+ enetc_wr(hw, ENETC_QBV_PTGCR_OFFSET, tge & ~ENETC_QBV_TGE);
priv->active_offloads &= ~ENETC_F_QBV;
@@ -127,14 +125,11 @@ static int enetc_setup_taprio(struct net_device *ndev,
cbd.cls = BDCR_CMD_PORT_GCL;
cbd.status_flags = 0;
- enetc_wr(&priv->si->hw, ENETC_QBV_PTGCR_OFFSET,
- tge | ENETC_QBV_TGE);
+ enetc_wr(hw, ENETC_QBV_PTGCR_OFFSET, tge | ENETC_QBV_TGE);
err = enetc_send_cmd(priv->si, &cbd);
if (err)
- enetc_wr(&priv->si->hw,
- ENETC_QBV_PTGCR_OFFSET,
- tge & (~ENETC_QBV_TGE));
+ enetc_wr(hw, ENETC_QBV_PTGCR_OFFSET, tge & ~ENETC_QBV_TGE);
dma_free_coherent(&priv->si->pdev->dev, data_size + ENETC_QOS_ALIGN,
tmp, dma);
@@ -149,6 +144,7 @@ int enetc_setup_tc_taprio(struct net_device *ndev, void *type_data)
{
struct tc_taprio_qopt_offload *taprio = type_data;
struct enetc_ndev_priv *priv = netdev_priv(ndev);
+ struct enetc_hw *hw = &priv->si->hw;
int err;
int i;
@@ -158,16 +154,14 @@ int enetc_setup_tc_taprio(struct net_device *ndev, void *type_data)
return -EBUSY;
for (i = 0; i < priv->num_tx_rings; i++)
- enetc_set_bdr_prio(&priv->si->hw,
- priv->tx_ring[i]->index,
+ enetc_set_bdr_prio(hw, priv->tx_ring[i]->index,
taprio->enable ? i : 0);
err = enetc_setup_taprio(ndev, taprio);
if (err)
for (i = 0; i < priv->num_tx_rings; i++)
- enetc_set_bdr_prio(&priv->si->hw,
- priv->tx_ring[i]->index,
+ enetc_set_bdr_prio(hw, priv->tx_ring[i]->index,
taprio->enable ? 0 : i);
return err;
@@ -189,7 +183,7 @@ int enetc_setup_tc_cbs(struct net_device *ndev, void *type_data)
struct tc_cbs_qopt_offload *cbs = type_data;
u32 port_transmit_rate = priv->speed;
u8 tc_nums = netdev_get_num_tc(ndev);
- struct enetc_si *si = priv->si;
+ struct enetc_hw *hw = &priv->si->hw;
u32 hi_credit_bit, hi_credit_reg;
u32 max_interference_size;
u32 port_frame_max_size;
@@ -210,15 +204,15 @@ int enetc_setup_tc_cbs(struct net_device *ndev, void *type_data)
* lower than this TC have been disabled.
*/
if (tc == prio_top &&
- enetc_get_cbs_enable(&si->hw, prio_next)) {
+ enetc_get_cbs_enable(hw, prio_next)) {
dev_err(&ndev->dev,
"Disable TC%d before disable TC%d\n",
prio_next, tc);
return -EINVAL;
}
- enetc_port_wr(&si->hw, ENETC_PTCCBSR1(tc), 0);
- enetc_port_wr(&si->hw, ENETC_PTCCBSR0(tc), 0);
+ enetc_port_wr(hw, ENETC_PTCCBSR1(tc), 0);
+ enetc_port_wr(hw, ENETC_PTCCBSR0(tc), 0);
return 0;
}
@@ -235,13 +229,13 @@ int enetc_setup_tc_cbs(struct net_device *ndev, void *type_data)
* higher than this TC have been enabled.
*/
if (tc == prio_next) {
- if (!enetc_get_cbs_enable(&si->hw, prio_top)) {
+ if (!enetc_get_cbs_enable(hw, prio_top)) {
dev_err(&ndev->dev,
"Enable TC%d first before enable TC%d\n",
prio_top, prio_next);
return -EINVAL;
}
- bw_sum += enetc_get_cbs_bw(&si->hw, prio_top);
+ bw_sum += enetc_get_cbs_bw(hw, prio_top);
}
if (bw_sum + bw >= 100) {
@@ -250,7 +244,7 @@ int enetc_setup_tc_cbs(struct net_device *ndev, void *type_data)
return -EINVAL;
}
- enetc_port_rd(&si->hw, ENETC_PTCMSDUR(tc));
+ enetc_port_rd(hw, ENETC_PTCMSDUR(tc));
/* For top prio TC, the max_interfrence_size is maxSizedFrame.
*
@@ -270,8 +264,8 @@ int enetc_setup_tc_cbs(struct net_device *ndev, void *type_data)
u32 m0, ma, r0, ra;
m0 = port_frame_max_size * 8;
- ma = enetc_port_rd(&si->hw, ENETC_PTCMSDUR(prio_top)) * 8;
- ra = enetc_get_cbs_bw(&si->hw, prio_top) *
+ ma = enetc_port_rd(hw, ENETC_PTCMSDUR(prio_top)) * 8;
+ ra = enetc_get_cbs_bw(hw, prio_top) *
port_transmit_rate * 10000ULL;
r0 = port_transmit_rate * 1000000ULL;
max_interference_size = m0 + ma +
@@ -291,10 +285,10 @@ int enetc_setup_tc_cbs(struct net_device *ndev, void *type_data)
hi_credit_reg = (u32)div_u64((ENETC_CLK * 100ULL) * hi_credit_bit,
port_transmit_rate * 1000000ULL);
- enetc_port_wr(&si->hw, ENETC_PTCCBSR1(tc), hi_credit_reg);
+ enetc_port_wr(hw, ENETC_PTCCBSR1(tc), hi_credit_reg);
/* Set bw register and enable this traffic class */
- enetc_port_wr(&si->hw, ENETC_PTCCBSR0(tc), bw | ENETC_CBSE);
+ enetc_port_wr(hw, ENETC_PTCCBSR0(tc), bw | ENETC_CBSE);
return 0;
}
@@ -304,6 +298,7 @@ int enetc_setup_tc_txtime(struct net_device *ndev, void *type_data)
struct enetc_ndev_priv *priv = netdev_priv(ndev);
struct tc_etf_qopt_offload *qopt = type_data;
u8 tc_nums = netdev_get_num_tc(ndev);
+ struct enetc_hw *hw = &priv->si->hw;
int tc;
if (!tc_nums)
@@ -319,12 +314,11 @@ int enetc_setup_tc_txtime(struct net_device *ndev, void *type_data)
return -EBUSY;
/* TSD and Qbv are mutually exclusive in hardware */
- if (enetc_rd(&priv->si->hw, ENETC_QBV_PTGCR_OFFSET) & ENETC_QBV_TGE)
+ if (enetc_rd(hw, ENETC_QBV_PTGCR_OFFSET) & ENETC_QBV_TGE)
return -EBUSY;
priv->tx_ring[tc]->tsd_enable = qopt->enable;
- enetc_port_wr(&priv->si->hw, ENETC_PTCTSDR(tc),
- qopt->enable ? ENETC_TSDE : 0);
+ enetc_port_wr(hw, ENETC_PTCTSDR(tc), qopt->enable ? ENETC_TSDE : 0);
return 0;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 217+ messages in thread
* [PATCH 5.15 129/206] net: enetc: preserve TX ring priority across reconfiguration
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (127 preceding siblings ...)
2022-11-30 18:23 ` [PATCH 5.15 128/206] net: enetc: cache accesses to &priv->si->hw Greg Kroah-Hartman
@ 2022-11-30 18:23 ` Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 5.15 130/206] octeontx2-pf: Add check for devm_kcalloc Greg Kroah-Hartman
` (85 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:23 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Vladimir Oltean, Alexander Lobakin,
Jakub Kicinski, Sasha Levin
From: Vladimir Oltean <vladimir.oltean@nxp.com>
[ Upstream commit 290b5fe096e7dd0aad730d1af4f7f2d9fea43e11 ]
In the blamed commit, a rudimentary reallocation procedure for RX buffer
descriptors was implemented, for the situation when their format changes
between normal (no PTP) and extended (PTP).
enetc_hwtstamp_set() calls enetc_close() and enetc_open() in a sequence,
and this sequence loses information which was previously configured in
the TX BDR Mode Register, specifically via the enetc_set_bdr_prio() call.
The TX ring priority is configured by tc-mqprio and tc-taprio, and
affects important things for TSN such as the TX time of packets. The
issue manifests itself most visibly by the fact that isochron --txtime
reports premature packet transmissions when PTP is first enabled on an
enetc interface.
Save the TX ring priority in a new field in struct enetc_bdr (occupies a
2 byte hole on arm64) in order to make this survive a ring reconfiguration.
Fixes: 434cebabd3a2 ("enetc: Add dynamic allocation of extended Rx BD rings")
Signed-off-by: Vladimir Oltean <vladimir.oltean@nxp.com>
Reviewed-by: Alexander Lobakin <alexandr.lobakin@intel.com>
Link: https://lore.kernel.org/r/20221122130936.1704151-1-vladimir.oltean@nxp.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/freescale/enetc/enetc.c | 8 ++++---
drivers/net/ethernet/freescale/enetc/enetc.h | 1 +
.../net/ethernet/freescale/enetc/enetc_qos.c | 21 ++++++++++++-------
3 files changed, 19 insertions(+), 11 deletions(-)
diff --git a/drivers/net/ethernet/freescale/enetc/enetc.c b/drivers/net/ethernet/freescale/enetc/enetc.c
index 0ced688bf9ba..222a250fba84 100644
--- a/drivers/net/ethernet/freescale/enetc/enetc.c
+++ b/drivers/net/ethernet/freescale/enetc/enetc.c
@@ -1768,7 +1768,7 @@ static void enetc_setup_txbdr(struct enetc_hw *hw, struct enetc_bdr *tx_ring)
/* enable Tx ints by setting pkt thr to 1 */
enetc_txbdr_wr(hw, idx, ENETC_TBICR0, ENETC_TBICR0_ICEN | 0x1);
- tbmr = ENETC_TBMR_EN;
+ tbmr = ENETC_TBMR_EN | ENETC_TBMR_SET_PRIO(tx_ring->prio);
if (tx_ring->ndev->features & NETIF_F_HW_VLAN_CTAG_TX)
tbmr |= ENETC_TBMR_VIH;
@@ -2171,7 +2171,8 @@ int enetc_setup_tc_mqprio(struct net_device *ndev, void *type_data)
/* Reset all ring priorities to 0 */
for (i = 0; i < priv->num_tx_rings; i++) {
tx_ring = priv->tx_ring[i];
- enetc_set_bdr_prio(hw, tx_ring->index, 0);
+ tx_ring->prio = 0;
+ enetc_set_bdr_prio(hw, tx_ring->index, tx_ring->prio);
}
return 0;
@@ -2190,7 +2191,8 @@ int enetc_setup_tc_mqprio(struct net_device *ndev, void *type_data)
*/
for (i = 0; i < num_tc; i++) {
tx_ring = priv->tx_ring[i];
- enetc_set_bdr_prio(hw, tx_ring->index, i);
+ tx_ring->prio = i;
+ enetc_set_bdr_prio(hw, tx_ring->index, tx_ring->prio);
}
/* Reset the number of netdev queues based on the TC count */
diff --git a/drivers/net/ethernet/freescale/enetc/enetc.h b/drivers/net/ethernet/freescale/enetc/enetc.h
index 7ec807bd9828..a3b936375c56 100644
--- a/drivers/net/ethernet/freescale/enetc/enetc.h
+++ b/drivers/net/ethernet/freescale/enetc/enetc.h
@@ -91,6 +91,7 @@ struct enetc_bdr {
void __iomem *rcir;
};
u16 index;
+ u16 prio;
int bd_count; /* # of BDs */
int next_to_use;
int next_to_clean;
diff --git a/drivers/net/ethernet/freescale/enetc/enetc_qos.c b/drivers/net/ethernet/freescale/enetc/enetc_qos.c
index 6baf2619a51e..ba51fb381f0c 100644
--- a/drivers/net/ethernet/freescale/enetc/enetc_qos.c
+++ b/drivers/net/ethernet/freescale/enetc/enetc_qos.c
@@ -145,6 +145,7 @@ int enetc_setup_tc_taprio(struct net_device *ndev, void *type_data)
struct tc_taprio_qopt_offload *taprio = type_data;
struct enetc_ndev_priv *priv = netdev_priv(ndev);
struct enetc_hw *hw = &priv->si->hw;
+ struct enetc_bdr *tx_ring;
int err;
int i;
@@ -153,16 +154,20 @@ int enetc_setup_tc_taprio(struct net_device *ndev, void *type_data)
if (priv->tx_ring[i]->tsd_enable)
return -EBUSY;
- for (i = 0; i < priv->num_tx_rings; i++)
- enetc_set_bdr_prio(hw, priv->tx_ring[i]->index,
- taprio->enable ? i : 0);
+ for (i = 0; i < priv->num_tx_rings; i++) {
+ tx_ring = priv->tx_ring[i];
+ tx_ring->prio = taprio->enable ? i : 0;
+ enetc_set_bdr_prio(hw, tx_ring->index, tx_ring->prio);
+ }
err = enetc_setup_taprio(ndev, taprio);
-
- if (err)
- for (i = 0; i < priv->num_tx_rings; i++)
- enetc_set_bdr_prio(hw, priv->tx_ring[i]->index,
- taprio->enable ? 0 : i);
+ if (err) {
+ for (i = 0; i < priv->num_tx_rings; i++) {
+ tx_ring = priv->tx_ring[i];
+ tx_ring->prio = taprio->enable ? 0 : i;
+ enetc_set_bdr_prio(hw, tx_ring->index, tx_ring->prio);
+ }
+ }
return err;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 217+ messages in thread
* [PATCH 5.15 130/206] octeontx2-pf: Add check for devm_kcalloc
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (128 preceding siblings ...)
2022-11-30 18:23 ` [PATCH 5.15 129/206] net: enetc: preserve TX ring priority across reconfiguration Greg Kroah-Hartman
@ 2022-11-30 18:23 ` Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 5.15 131/206] octeontx2-af: Fix reference count issue in rvu_sdp_init() Greg Kroah-Hartman
` (84 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:23 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Jiasheng Jiang, Maciej Fijalkowski,
Paolo Abeni, Sasha Levin
From: Jiasheng Jiang <jiasheng@iscas.ac.cn>
[ Upstream commit cd07eadd5147ffdae11b6fd28b77a3872f2a2484 ]
As the devm_kcalloc may return NULL pointer,
it should be better to add check for the return
value, as same as the others.
Fixes: e8e095b3b370 ("octeontx2-af: cn10k: Bandwidth profiles config support")
Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>
Reviewed-by: Maciej Fijalkowski <maciej.fijalkowski@intel.com>
Link: https://lore.kernel.org/r/20221122055449.31247-1-jiasheng@iscas.ac.cn
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/marvell/octeontx2/af/rvu_nix.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/net/ethernet/marvell/octeontx2/af/rvu_nix.c b/drivers/net/ethernet/marvell/octeontx2/af/rvu_nix.c
index 603361c94786..09892703cfd4 100644
--- a/drivers/net/ethernet/marvell/octeontx2/af/rvu_nix.c
+++ b/drivers/net/ethernet/marvell/octeontx2/af/rvu_nix.c
@@ -4832,6 +4832,8 @@ static int nix_setup_ipolicers(struct rvu *rvu,
ipolicer->ref_count = devm_kcalloc(rvu->dev,
ipolicer->band_prof.max,
sizeof(u16), GFP_KERNEL);
+ if (!ipolicer->ref_count)
+ return -ENOMEM;
}
/* Set policer timeunit to 2us ie (19 + 1) * 100 nsec = 2us */
--
2.35.1
^ permalink raw reply related [flat|nested] 217+ messages in thread
* [PATCH 5.15 131/206] octeontx2-af: Fix reference count issue in rvu_sdp_init()
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (129 preceding siblings ...)
2022-11-30 18:23 ` [PATCH 5.15 130/206] octeontx2-pf: Add check for devm_kcalloc Greg Kroah-Hartman
@ 2022-11-30 18:23 ` Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 5.15 132/206] net: thunderx: Fix the ACPI memory leak Greg Kroah-Hartman
` (83 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:23 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Xiongfeng Wang, Saeed Mahameed,
Paolo Abeni, Sasha Levin
From: Xiongfeng Wang <wangxiongfeng2@huawei.com>
[ Upstream commit ad17c2a3f11b0f6b122e7842d8f7d9a5fcc7ac63 ]
pci_get_device() will decrease the reference count for the *from*
parameter. So we don't need to call put_device() to decrease the
reference. Let's remove the put_device() in the loop and only decrease
the reference count of the returned 'pdev' for the last loop because it
will not be passed to pci_get_device() as input parameter. We don't need
to check if 'pdev' is NULL because it is already checked inside
pci_dev_put(). Also add pci_dev_put() for the error path.
Fixes: fe1939bb2340 ("octeontx2-af: Add SDP interface support")
Signed-off-by: Xiongfeng Wang <wangxiongfeng2@huawei.com>
Reviewed-by: Saeed Mahameed <saeed@kernel.org>
Link: https://lore.kernel.org/r/20221123065919.31499-1-wangxiongfeng2@huawei.com
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/marvell/octeontx2/af/rvu_sdp.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/drivers/net/ethernet/marvell/octeontx2/af/rvu_sdp.c b/drivers/net/ethernet/marvell/octeontx2/af/rvu_sdp.c
index b04fb226f708..ae50d56258ec 100644
--- a/drivers/net/ethernet/marvell/octeontx2/af/rvu_sdp.c
+++ b/drivers/net/ethernet/marvell/octeontx2/af/rvu_sdp.c
@@ -62,15 +62,18 @@ int rvu_sdp_init(struct rvu *rvu)
pfvf->sdp_info = devm_kzalloc(rvu->dev,
sizeof(struct sdp_node_info),
GFP_KERNEL);
- if (!pfvf->sdp_info)
+ if (!pfvf->sdp_info) {
+ pci_dev_put(pdev);
return -ENOMEM;
+ }
dev_info(rvu->dev, "SDP PF number:%d\n", sdp_pf_num[i]);
- put_device(&pdev->dev);
i++;
}
+ pci_dev_put(pdev);
+
return 0;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 217+ messages in thread
* [PATCH 5.15 132/206] net: thunderx: Fix the ACPI memory leak
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (130 preceding siblings ...)
2022-11-30 18:23 ` [PATCH 5.15 131/206] octeontx2-af: Fix reference count issue in rvu_sdp_init() Greg Kroah-Hartman
@ 2022-11-30 18:23 ` Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 5.15 133/206] s390/crashdump: fix TOD programmable field size Greg Kroah-Hartman
` (82 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:23 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Yu Liao, Paolo Abeni, Sasha Levin
From: Yu Liao <liaoyu15@huawei.com>
[ Upstream commit 661e5ebbafd26d9d2e3c749f5cf591e55c7364f5 ]
The ACPI buffer memory (string.pointer) should be freed as the buffer is
not used after returning from bgx_acpi_match_id(), free it to prevent
memory leak.
Fixes: 46b903a01c05 ("net, thunder, bgx: Add support to get MAC address from ACPI.")
Signed-off-by: Yu Liao <liaoyu15@huawei.com>
Link: https://lore.kernel.org/r/20221123082237.1220521-1-liaoyu15@huawei.com
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/cavium/thunder/thunder_bgx.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/cavium/thunder/thunder_bgx.c b/drivers/net/ethernet/cavium/thunder/thunder_bgx.c
index c36fed9c3d73..daaffae1a89f 100644
--- a/drivers/net/ethernet/cavium/thunder/thunder_bgx.c
+++ b/drivers/net/ethernet/cavium/thunder/thunder_bgx.c
@@ -1435,8 +1435,10 @@ static acpi_status bgx_acpi_match_id(acpi_handle handle, u32 lvl,
return AE_OK;
}
- if (strncmp(string.pointer, bgx_sel, 4))
+ if (strncmp(string.pointer, bgx_sel, 4)) {
+ kfree(string.pointer);
return AE_OK;
+ }
acpi_walk_namespace(ACPI_TYPE_DEVICE, handle, 1,
bgx_acpi_register_phy, NULL, bgx, NULL);
--
2.35.1
^ permalink raw reply related [flat|nested] 217+ messages in thread
* [PATCH 5.15 133/206] s390/crashdump: fix TOD programmable field size
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (131 preceding siblings ...)
2022-11-30 18:23 ` [PATCH 5.15 132/206] net: thunderx: Fix the ACPI memory leak Greg Kroah-Hartman
@ 2022-11-30 18:23 ` Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 5.15 134/206] lib/vdso: use "grep -E" instead of "egrep" Greg Kroah-Hartman
` (81 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:23 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Christian Borntraeger,
Heiko Carstens, Alexander Gordeev, Sasha Levin
From: Heiko Carstens <hca@linux.ibm.com>
[ Upstream commit f44e07a8afdd713ddc1a8832c39372fe5dd86895 ]
The size of the TOD programmable field was incorrectly increased from
four to eight bytes with commit 1a2c5840acf9 ("s390/dump: cleanup CPU
save area handling").
This leads to an elf notes section NT_S390_TODPREG which has a size of
eight instead of four bytes in case of kdump, however even worse is
that the contents is incorrect: it is supposed to contain only the
contents of the TOD programmable field, but in fact contains a mix of
the TOD programmable field (32 bit upper bits) and parts of the CPU
timer register (lower 32 bits).
Fix this by simply changing the size of the todpreg field within the
save area structure. This will implicitly also fix the size of the
corresponding elf notes sections.
This also gets rid of this compile time warning:
in function ‘fortify_memcpy_chk’,
inlined from ‘save_area_add_regs’ at arch/s390/kernel/crash_dump.c:99:2:
./include/linux/fortify-string.h:413:25: error: call to ‘__read_overflow2_field’
declared with attribute warning: detected read beyond size of field
(2nd parameter); maybe use struct_group()? [-Werror=attribute-warning]
413 | __read_overflow2_field(q_size_field, size);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Fixes: 1a2c5840acf9 ("s390/dump: cleanup CPU save area handling")
Reviewed-by: Christian Borntraeger <borntraeger@linux.ibm.com>
Signed-off-by: Heiko Carstens <hca@linux.ibm.com>
Signed-off-by: Alexander Gordeev <agordeev@linux.ibm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/s390/kernel/crash_dump.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/s390/kernel/crash_dump.c b/arch/s390/kernel/crash_dump.c
index f17ad2daab07..8722bd07c607 100644
--- a/arch/s390/kernel/crash_dump.c
+++ b/arch/s390/kernel/crash_dump.c
@@ -44,7 +44,7 @@ struct save_area {
u64 fprs[16];
u32 fpc;
u32 prefix;
- u64 todpreg;
+ u32 todpreg;
u64 timer;
u64 todcmp;
u64 vxrs_low[16];
--
2.35.1
^ permalink raw reply related [flat|nested] 217+ messages in thread
* [PATCH 5.15 134/206] lib/vdso: use "grep -E" instead of "egrep"
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (132 preceding siblings ...)
2022-11-30 18:23 ` [PATCH 5.15 133/206] s390/crashdump: fix TOD programmable field size Greg Kroah-Hartman
@ 2022-11-30 18:23 ` Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 5.15 135/206] init/Kconfig: fix CC_HAS_ASM_GOTO_TIED_OUTPUT test with dash Greg Kroah-Hartman
` (80 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:23 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Andy Lutomirski, Thomas Gleixner,
Vincenzo Frascino
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 8ac3b5cd3e0521d92f9755e90d140382fc292510 upstream.
The latest version of grep claims the egrep is now obsolete so the build
now contains warnings that look like:
egrep: warning: egrep is obsolescent; using grep -E
fix this up by moving the vdso Makefile to use "grep -E" instead.
Cc: Andy Lutomirski <luto@kernel.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Reviewed-by: Vincenzo Frascino <vincenzo.frascino@arm.com>
Link: https://lore.kernel.org/r/20220920170633.3133829-1-gregkh@linuxfoundation.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
lib/vdso/Makefile | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/lib/vdso/Makefile
+++ b/lib/vdso/Makefile
@@ -17,6 +17,6 @@ $(error ARCH_REL_TYPE_ABS is not set)
endif
quiet_cmd_vdso_check = VDSOCHK $@
- cmd_vdso_check = if $(OBJDUMP) -R $@ | egrep -h "$(ARCH_REL_TYPE_ABS)"; \
+ cmd_vdso_check = if $(OBJDUMP) -R $@ | grep -E -h "$(ARCH_REL_TYPE_ABS)"; \
then (echo >&2 "$@: dynamic relocations are not supported"; \
rm -f $@; /bin/false); fi
^ permalink raw reply [flat|nested] 217+ messages in thread
* [PATCH 5.15 135/206] init/Kconfig: fix CC_HAS_ASM_GOTO_TIED_OUTPUT test with dash
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (133 preceding siblings ...)
2022-11-30 18:23 ` [PATCH 5.15 134/206] lib/vdso: use "grep -E" instead of "egrep" Greg Kroah-Hartman
@ 2022-11-30 18:23 ` Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 5.15 136/206] nios2: add FORCE for vmlinuz.gz Greg Kroah-Hartman
` (79 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:23 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Alexandre Belloni,
Sean Christopherson, Masahiro Yamada, Sasha Levin
From: Alexandre Belloni <alexandre.belloni@bootlin.com>
[ Upstream commit 534bd70374d646f17e2cebe0e6e4cdd478ce4f0c ]
When using dash as /bin/sh, the CC_HAS_ASM_GOTO_TIED_OUTPUT test fails
with a syntax error which is not the one we are looking for:
<stdin>: In function ‘foo’:
<stdin>:1:29: warning: missing terminating " character
<stdin>:1:29: error: missing terminating " character
<stdin>:2:5: error: expected ‘:’ before ‘+’ token
<stdin>:2:7: warning: missing terminating " character
<stdin>:2:7: error: missing terminating " character
<stdin>:2:5: error: expected declaration or statement at end of input
Removing '\n' solves this.
Fixes: 1aa0e8b144b6 ("Kconfig: Add option for asm goto w/ tied outputs to workaround clang-13 bug")
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Reviewed-by: Sean Christopherson <seanjc@google.com>
Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
init/Kconfig | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/init/Kconfig b/init/Kconfig
index d19ed66aba3b..a4144393717b 100644
--- a/init/Kconfig
+++ b/init/Kconfig
@@ -80,7 +80,7 @@ config CC_HAS_ASM_GOTO_OUTPUT
config CC_HAS_ASM_GOTO_TIED_OUTPUT
depends on CC_HAS_ASM_GOTO_OUTPUT
# Detect buggy gcc and clang, fixed in gcc-11 clang-14.
- def_bool $(success,echo 'int foo(int *x) { asm goto (".long (%l[bar]) - .\n": "+m"(*x) ::: bar); return *x; bar: return 0; }' | $CC -x c - -c -o /dev/null)
+ def_bool $(success,echo 'int foo(int *x) { asm goto (".long (%l[bar]) - .": "+m"(*x) ::: bar); return *x; bar: return 0; }' | $CC -x c - -c -o /dev/null)
config TOOLS_SUPPORT_RELR
def_bool $(success,env "CC=$(CC)" "LD=$(LD)" "NM=$(NM)" "OBJCOPY=$(OBJCOPY)" $(srctree)/scripts/tools-support-relr.sh)
--
2.35.1
^ permalink raw reply related [flat|nested] 217+ messages in thread
* [PATCH 5.15 136/206] nios2: add FORCE for vmlinuz.gz
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (134 preceding siblings ...)
2022-11-30 18:23 ` [PATCH 5.15 135/206] init/Kconfig: fix CC_HAS_ASM_GOTO_TIED_OUTPUT test with dash Greg Kroah-Hartman
@ 2022-11-30 18:23 ` Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 5.15 137/206] mmc: sdhci-brcmstb: Re-organize flags Greg Kroah-Hartman
` (78 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:23 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Randy Dunlap, Masahiro Yamada, Sasha Levin
From: Randy Dunlap <rdunlap@infradead.org>
[ Upstream commit 869e4ae4cd2a23d625aaa14ae62dbebf768cb77d ]
Add FORCE to placate a warning from make:
arch/nios2/boot/Makefile:24: FORCE prerequisite is missing
Fixes: 2fc8483fdcde ("nios2: Build infrastructure")
Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
Reviewed-by: Masahiro Yamada <masahiroy@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/nios2/boot/Makefile | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/nios2/boot/Makefile b/arch/nios2/boot/Makefile
index 37dfc7e584bc..0b704c1f379f 100644
--- a/arch/nios2/boot/Makefile
+++ b/arch/nios2/boot/Makefile
@@ -20,7 +20,7 @@ $(obj)/vmlinux.bin: vmlinux FORCE
$(obj)/vmlinux.gz: $(obj)/vmlinux.bin FORCE
$(call if_changed,gzip)
-$(obj)/vmImage: $(obj)/vmlinux.gz
+$(obj)/vmImage: $(obj)/vmlinux.gz FORCE
$(call if_changed,uimage)
@$(kecho) 'Kernel: $@ is ready'
--
2.35.1
^ permalink raw reply related [flat|nested] 217+ messages in thread
* [PATCH 5.15 137/206] mmc: sdhci-brcmstb: Re-organize flags
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (135 preceding siblings ...)
2022-11-30 18:23 ` [PATCH 5.15 136/206] nios2: add FORCE for vmlinuz.gz Greg Kroah-Hartman
@ 2022-11-30 18:23 ` Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 5.15 138/206] mmc: sdhci-brcmstb: Enable Clock Gating to save power Greg Kroah-Hartman
` (77 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:23 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Al Cooper, Kamal Dasu,
Florian Fainelli, Adrian Hunter, Ulf Hansson, Sasha Levin
From: Al Cooper <alcooperx@gmail.com>
[ Upstream commit f3a70f991dd07330225ea11e158e1d07ad5733fb ]
Re-organize the flags by basing the bit names on the flag that they
apply to. Also change the "flags" member in the "brcmstb_match_priv"
struct to const.
Signed-off-by: Al Cooper <alcooperx@gmail.com>
Signed-off-by: Kamal Dasu <kdasu.kdev@gmail.com>
Acked-by: Florian Fainelli <f.fainelli@gmail.com>
Acked-by: Adrian Hunter <adrian.hunter@intel.com>
Link: https://lore.kernel.org/r/20220427180853.35970-2-kdasu.kdev@gmail.com
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Stable-dep-of: 56baa208f910 ("mmc: sdhci-brcmstb: Fix SDHCI_RESET_ALL for CQHCI")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/mmc/host/sdhci-brcmstb.c | 32 ++++++++++++++++----------------
1 file changed, 16 insertions(+), 16 deletions(-)
diff --git a/drivers/mmc/host/sdhci-brcmstb.c b/drivers/mmc/host/sdhci-brcmstb.c
index f24623aac2db..244780481193 100644
--- a/drivers/mmc/host/sdhci-brcmstb.c
+++ b/drivers/mmc/host/sdhci-brcmstb.c
@@ -18,20 +18,22 @@
#define SDHCI_VENDOR 0x78
#define SDHCI_VENDOR_ENHANCED_STRB 0x1
-#define BRCMSTB_PRIV_FLAGS_NO_64BIT BIT(0)
-#define BRCMSTB_PRIV_FLAGS_BROKEN_TIMEOUT BIT(1)
+#define BRCMSTB_MATCH_FLAGS_NO_64BIT BIT(0)
+#define BRCMSTB_MATCH_FLAGS_BROKEN_TIMEOUT BIT(1)
+
+#define BRCMSTB_PRIV_FLAGS_HAS_CQE BIT(0)
#define SDHCI_ARASAN_CQE_BASE_ADDR 0x200
struct sdhci_brcmstb_priv {
void __iomem *cfg_regs;
- bool has_cqe;
+ unsigned int flags;
};
struct brcmstb_match_priv {
void (*hs400es)(struct mmc_host *mmc, struct mmc_ios *ios);
struct sdhci_ops *ops;
- unsigned int flags;
+ const unsigned int flags;
};
static void sdhci_brcmstb_hs400es(struct mmc_host *mmc, struct mmc_ios *ios)
@@ -134,13 +136,13 @@ static struct sdhci_ops sdhci_brcmstb_ops_7216 = {
};
static struct brcmstb_match_priv match_priv_7425 = {
- .flags = BRCMSTB_PRIV_FLAGS_NO_64BIT |
- BRCMSTB_PRIV_FLAGS_BROKEN_TIMEOUT,
+ .flags = BRCMSTB_MATCH_FLAGS_NO_64BIT |
+ BRCMSTB_MATCH_FLAGS_BROKEN_TIMEOUT,
.ops = &sdhci_brcmstb_ops,
};
static struct brcmstb_match_priv match_priv_7445 = {
- .flags = BRCMSTB_PRIV_FLAGS_BROKEN_TIMEOUT,
+ .flags = BRCMSTB_MATCH_FLAGS_BROKEN_TIMEOUT,
.ops = &sdhci_brcmstb_ops,
};
@@ -176,7 +178,7 @@ static int sdhci_brcmstb_add_host(struct sdhci_host *host,
bool dma64;
int ret;
- if (!priv->has_cqe)
+ if ((priv->flags & BRCMSTB_PRIV_FLAGS_HAS_CQE) == 0)
return sdhci_add_host(host);
dev_dbg(mmc_dev(host->mmc), "CQE is enabled\n");
@@ -225,7 +227,6 @@ static int sdhci_brcmstb_probe(struct platform_device *pdev)
struct sdhci_brcmstb_priv *priv;
struct sdhci_host *host;
struct resource *iomem;
- bool has_cqe = false;
struct clk *clk;
int res;
@@ -244,10 +245,6 @@ static int sdhci_brcmstb_probe(struct platform_device *pdev)
return res;
memset(&brcmstb_pdata, 0, sizeof(brcmstb_pdata));
- if (device_property_read_bool(&pdev->dev, "supports-cqe")) {
- has_cqe = true;
- match_priv->ops->irq = sdhci_brcmstb_cqhci_irq;
- }
brcmstb_pdata.ops = match_priv->ops;
host = sdhci_pltfm_init(pdev, &brcmstb_pdata,
sizeof(struct sdhci_brcmstb_priv));
@@ -258,7 +255,10 @@ static int sdhci_brcmstb_probe(struct platform_device *pdev)
pltfm_host = sdhci_priv(host);
priv = sdhci_pltfm_priv(pltfm_host);
- priv->has_cqe = has_cqe;
+ if (device_property_read_bool(&pdev->dev, "supports-cqe")) {
+ priv->flags |= BRCMSTB_PRIV_FLAGS_HAS_CQE;
+ match_priv->ops->irq = sdhci_brcmstb_cqhci_irq;
+ }
/* Map in the non-standard CFG registers */
iomem = platform_get_resource(pdev, IORESOURCE_MEM, 1);
@@ -287,14 +287,14 @@ static int sdhci_brcmstb_probe(struct platform_device *pdev)
* properties through mmc_of_parse().
*/
host->caps = sdhci_readl(host, SDHCI_CAPABILITIES);
- if (match_priv->flags & BRCMSTB_PRIV_FLAGS_NO_64BIT)
+ if (match_priv->flags & BRCMSTB_MATCH_FLAGS_NO_64BIT)
host->caps &= ~SDHCI_CAN_64BIT;
host->caps1 = sdhci_readl(host, SDHCI_CAPABILITIES_1);
host->caps1 &= ~(SDHCI_SUPPORT_SDR50 | SDHCI_SUPPORT_SDR104 |
SDHCI_SUPPORT_DDR50);
host->quirks |= SDHCI_QUIRK_MISSING_CAPS;
- if (match_priv->flags & BRCMSTB_PRIV_FLAGS_BROKEN_TIMEOUT)
+ if (match_priv->flags & BRCMSTB_MATCH_FLAGS_BROKEN_TIMEOUT)
host->quirks |= SDHCI_QUIRK_BROKEN_TIMEOUT_VAL;
res = sdhci_brcmstb_add_host(host, priv);
--
2.35.1
^ permalink raw reply related [flat|nested] 217+ messages in thread
* [PATCH 5.15 138/206] mmc: sdhci-brcmstb: Enable Clock Gating to save power
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (136 preceding siblings ...)
2022-11-30 18:23 ` [PATCH 5.15 137/206] mmc: sdhci-brcmstb: Re-organize flags Greg Kroah-Hartman
@ 2022-11-30 18:23 ` Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 5.15 139/206] mmc: sdhci-brcmstb: Fix SDHCI_RESET_ALL for CQHCI Greg Kroah-Hartman
` (76 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:23 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Al Cooper, Kamal Dasu,
Florian Fainelli, Adrian Hunter, Ulf Hansson, Sasha Levin
From: Al Cooper <alcooperx@gmail.com>
[ Upstream commit 6bcc55fe648b860ef0c2b8dc23adc05bcddb93c2 ]
Enabling this feature will allow the controller to stop the bus
clock when the bus is idle. The feature is not part of the standard
and is unique to newer Arasan cores and is enabled with a bit in a
vendor specific register. This feature will only be enabled for
non-removable devices because they don't switch the voltage and
clock gating breaks SD Card volatge switching.
Signed-off-by: Al Cooper <alcooperx@gmail.com>
Signed-off-by: Kamal Dasu <kdasu.kdev@gmail.com>
Acked-by: Florian Fainelli <f.fainelli@gmail.com>
Acked-by: Adrian Hunter <adrian.hunter@intel.com>
Link: https://lore.kernel.org/r/20220427180853.35970-3-kdasu.kdev@gmail.com
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Stable-dep-of: 56baa208f910 ("mmc: sdhci-brcmstb: Fix SDHCI_RESET_ALL for CQHCI")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/mmc/host/sdhci-brcmstb.c | 35 +++++++++++++++++++++++++++++++-
1 file changed, 34 insertions(+), 1 deletion(-)
diff --git a/drivers/mmc/host/sdhci-brcmstb.c b/drivers/mmc/host/sdhci-brcmstb.c
index 244780481193..683d0c685748 100644
--- a/drivers/mmc/host/sdhci-brcmstb.c
+++ b/drivers/mmc/host/sdhci-brcmstb.c
@@ -17,11 +17,14 @@
#define SDHCI_VENDOR 0x78
#define SDHCI_VENDOR_ENHANCED_STRB 0x1
+#define SDHCI_VENDOR_GATE_SDCLK_EN 0x2
#define BRCMSTB_MATCH_FLAGS_NO_64BIT BIT(0)
#define BRCMSTB_MATCH_FLAGS_BROKEN_TIMEOUT BIT(1)
+#define BRCMSTB_MATCH_FLAGS_HAS_CLOCK_GATE BIT(2)
#define BRCMSTB_PRIV_FLAGS_HAS_CQE BIT(0)
+#define BRCMSTB_PRIV_FLAGS_GATE_CLOCK BIT(1)
#define SDHCI_ARASAN_CQE_BASE_ADDR 0x200
@@ -36,6 +39,27 @@ struct brcmstb_match_priv {
const unsigned int flags;
};
+static inline void enable_clock_gating(struct sdhci_host *host)
+{
+ u32 reg;
+
+ reg = sdhci_readl(host, SDHCI_VENDOR);
+ reg |= SDHCI_VENDOR_GATE_SDCLK_EN;
+ sdhci_writel(host, reg, SDHCI_VENDOR);
+}
+
+void brcmstb_reset(struct sdhci_host *host, u8 mask)
+{
+ struct sdhci_pltfm_host *pltfm_host = sdhci_priv(host);
+ struct sdhci_brcmstb_priv *priv = sdhci_pltfm_priv(pltfm_host);
+
+ sdhci_reset(host, mask);
+
+ /* Reset will clear this, so re-enable it */
+ if (priv->flags & BRCMSTB_PRIV_FLAGS_GATE_CLOCK)
+ enable_clock_gating(host);
+}
+
static void sdhci_brcmstb_hs400es(struct mmc_host *mmc, struct mmc_ios *ios)
{
struct sdhci_host *host = mmc_priv(mmc);
@@ -131,7 +155,7 @@ static struct sdhci_ops sdhci_brcmstb_ops = {
static struct sdhci_ops sdhci_brcmstb_ops_7216 = {
.set_clock = sdhci_brcmstb_set_clock,
.set_bus_width = sdhci_set_bus_width,
- .reset = sdhci_reset,
+ .reset = brcmstb_reset,
.set_uhs_signaling = sdhci_brcmstb_set_uhs_signaling,
};
@@ -147,6 +171,7 @@ static struct brcmstb_match_priv match_priv_7445 = {
};
static const struct brcmstb_match_priv match_priv_7216 = {
+ .flags = BRCMSTB_MATCH_FLAGS_HAS_CLOCK_GATE,
.hs400es = sdhci_brcmstb_hs400es,
.ops = &sdhci_brcmstb_ops_7216,
};
@@ -273,6 +298,14 @@ static int sdhci_brcmstb_probe(struct platform_device *pdev)
if (res)
goto err;
+ /*
+ * Automatic clock gating does not work for SD cards that may
+ * voltage switch so only enable it for non-removable devices.
+ */
+ if ((match_priv->flags & BRCMSTB_MATCH_FLAGS_HAS_CLOCK_GATE) &&
+ (host->mmc->caps & MMC_CAP_NONREMOVABLE))
+ priv->flags |= BRCMSTB_PRIV_FLAGS_GATE_CLOCK;
+
/*
* If the chip has enhanced strobe and it's enabled, add
* callback
--
2.35.1
^ permalink raw reply related [flat|nested] 217+ messages in thread
* [PATCH 5.15 139/206] mmc: sdhci-brcmstb: Fix SDHCI_RESET_ALL for CQHCI
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (137 preceding siblings ...)
2022-11-30 18:23 ` [PATCH 5.15 138/206] mmc: sdhci-brcmstb: Enable Clock Gating to save power Greg Kroah-Hartman
@ 2022-11-30 18:23 ` Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 5.15 140/206] KVM: arm64: pkvm: Fixup boot mode to reflect that the kernel resumes from EL1 Greg Kroah-Hartman
` (75 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:23 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Brian Norris, Florian Fainelli,
Adrian Hunter, Ulf Hansson, Sasha Levin
From: Brian Norris <briannorris@chromium.org>
[ Upstream commit 56baa208f91061ff27ec2d93fbc483f624d373b4 ]
[[ NOTE: this is completely untested by the author, but included solely
because, as noted in commit df57d73276b8 ("mmc: sdhci-pci: Fix
SDHCI_RESET_ALL for CQHCI for Intel GLK-based controllers"), "other
drivers using CQHCI might benefit from a similar change, if they
also have CQHCI reset by SDHCI_RESET_ALL." We've now seen the same
bug on at least MSM, Arasan, and Intel hardware. ]]
SDHCI_RESET_ALL resets will reset the hardware CQE state, but we aren't
tracking that properly in software. When out of sync, we may trigger
various timeouts.
It's not typical to perform resets while CQE is enabled, but this may
occur in some suspend or error recovery scenarios.
Include this fix by way of the new sdhci_and_cqhci_reset() helper.
I only patch the bcm7216 variant even though others potentially *could*
provide the 'supports-cqe' property (and thus enable CQHCI), because
d46ba2d17f90 ("mmc: sdhci-brcmstb: Add support for Command Queuing
(CQE)") and some Broadcom folks confirm that only the 7216 variant
actually supports it.
This patch depends on (and should not compile without) the patch
entitled "mmc: cqhci: Provide helper for resetting both SDHCI and
CQHCI".
Fixes: d46ba2d17f90 ("mmc: sdhci-brcmstb: Add support for Command Queuing (CQE)")
Signed-off-by: Brian Norris <briannorris@chromium.org>
Reviewed-by: Florian Fainelli <f.fainelli@gmail.com>
Acked-by: Adrian Hunter <adrian.hunter@intel.com>
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/20221026124150.v4.3.I6a715feab6d01f760455865e968ecf0d85036018@changeid
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/mmc/host/sdhci-brcmstb.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/mmc/host/sdhci-brcmstb.c b/drivers/mmc/host/sdhci-brcmstb.c
index 683d0c685748..4d42b1810ace 100644
--- a/drivers/mmc/host/sdhci-brcmstb.c
+++ b/drivers/mmc/host/sdhci-brcmstb.c
@@ -12,6 +12,7 @@
#include <linux/bitops.h>
#include <linux/delay.h>
+#include "sdhci-cqhci.h"
#include "sdhci-pltfm.h"
#include "cqhci.h"
@@ -53,7 +54,7 @@ void brcmstb_reset(struct sdhci_host *host, u8 mask)
struct sdhci_pltfm_host *pltfm_host = sdhci_priv(host);
struct sdhci_brcmstb_priv *priv = sdhci_pltfm_priv(pltfm_host);
- sdhci_reset(host, mask);
+ sdhci_and_cqhci_reset(host, mask);
/* Reset will clear this, so re-enable it */
if (priv->flags & BRCMSTB_PRIV_FLAGS_GATE_CLOCK)
--
2.35.1
^ permalink raw reply related [flat|nested] 217+ messages in thread
* [PATCH 5.15 140/206] KVM: arm64: pkvm: Fixup boot mode to reflect that the kernel resumes from EL1
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (138 preceding siblings ...)
2022-11-30 18:23 ` [PATCH 5.15 139/206] mmc: sdhci-brcmstb: Fix SDHCI_RESET_ALL for CQHCI Greg Kroah-Hartman
@ 2022-11-30 18:23 ` Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 5.15 141/206] usb: dwc3: exynos: Fix remove() function Greg Kroah-Hartman
` (74 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:23 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Vincent Donnefort, Marc Zyngier
From: Marc Zyngier <maz@kernel.org>
The kernel has an awfully complicated boot sequence in order to cope
with the various EL2 configurations, including those that "enhanced"
the architecture. We go from EL2 to EL1, then back to EL2, staying
at EL2 if VHE capable and otherwise go back to EL1.
Here's a paracetamol tablet for you.
The cpu_resume path follows the same logic, because coming up with
two versions of a square wheel is hard.
However, things aren't this straightforward with pKVM, as the host
resume path is always proxied by the hypervisor, which means that
the kernel is always entered at EL1. Which contradicts what the
__boot_cpu_mode[] array contains (it obviously says EL2).
This thus triggers a HVC call from EL1 to EL2 in a vain attempt
to upgrade from EL1 to EL2 VHE, which we are, funnily enough,
reluctant to grant to the host kernel. This is also completely
unexpected, and puzzles your average EL2 hacker.
Address it by fixing up the boot mode at the point the host gets
deprivileged. is_hyp_mode_available() and co already have a static
branch to deal with this, making it pretty safe.
This stable fix doesn't have an upstream version. The entire bootflow
has been reworked from 6.0 and that fixed the boot mode at the same
time, from commit 005e12676af0 ("arm64: head: record CPU boot mode after
enabling the MMU") to be precise. However, the latter is part of a 20
patches long series and can't be simply cherry-pick'ed.
Link: https://lore.kernel.org/r/20220624150651.1358849-1-ardb@kernel.org/
Link: https://lore.kernel.org/r/20221011165400.1241729-1-maz@kernel.org/
Cc: <stable@vger.kernel.org> # 5.15+
Reported-by: Vincent Donnefort <vdonnefort@google.com>
Signed-off-by: Marc Zyngier <maz@kernel.org>
Tested-by: Vincent Donnefort <vdonnefort@google.com>
[Vincent: Add a paragraph about why this patch is for stable only]
Signed-off-by: Vincent Donnefort <vdonnefort@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arm64/kvm/arm.c | 11 +++++++++++
1 file changed, 11 insertions(+)
--- a/arch/arm64/kvm/arm.c
+++ b/arch/arm64/kvm/arm.c
@@ -2000,6 +2000,17 @@ static int pkvm_drop_host_privileges(voi
* once the host stage 2 is installed.
*/
static_branch_enable(&kvm_protected_mode_initialized);
+
+ /*
+ * Fixup the boot mode so that we don't take spurious round
+ * trips via EL2 on cpu_resume. Flush to the PoC for a good
+ * measure, so that it can be observed by a CPU coming out of
+ * suspend with the MMU off.
+ */
+ __boot_cpu_mode[0] = __boot_cpu_mode[1] = BOOT_CPU_MODE_EL1;
+ dcache_clean_poc((unsigned long)__boot_cpu_mode,
+ (unsigned long)(__boot_cpu_mode + 2));
+
on_each_cpu(_kvm_host_prot_finalize, &ret, 1);
return ret;
}
^ permalink raw reply [flat|nested] 217+ messages in thread
* [PATCH 5.15 141/206] usb: dwc3: exynos: Fix remove() function
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (139 preceding siblings ...)
2022-11-30 18:23 ` [PATCH 5.15 140/206] KVM: arm64: pkvm: Fixup boot mode to reflect that the kernel resumes from EL1 Greg Kroah-Hartman
@ 2022-11-30 18:23 ` Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 5.15 142/206] usb: cdnsp: Fix issue with Clear Feature Halt Endpoint Greg Kroah-Hartman
` (73 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:23 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Marek Szyprowski, Thinh Nguyen,
Sam Protsenko
From: Marek Szyprowski <m.szyprowski@samsung.com>
commit e0481e5b3cc12ea7ccf4552d41518c89d3509004 upstream.
The core DWC3 device node was not properly removed by the custom
dwc3_exynos_remove_child() function. Replace it with generic
of_platform_depopulate() which does that job right.
Fixes: adcf20dcd262 ("usb: dwc3: exynos: Use of_platform API to create dwc3 core pdev")
Signed-off-by: Marek Szyprowski <m.szyprowski@samsung.com>
Acked-by: Thinh Nguyen <Thinh.Nguyen@synopsys.com>
Cc: stable@vger.kernel.org
Reviewed-by: Sam Protsenko <semen.protsenko@linaro.org>
Link: https://lore.kernel.org/r/20221110154131.2577-1-m.szyprowski@samsung.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/dwc3/dwc3-exynos.c | 11 +----------
1 file changed, 1 insertion(+), 10 deletions(-)
--- a/drivers/usb/dwc3/dwc3-exynos.c
+++ b/drivers/usb/dwc3/dwc3-exynos.c
@@ -37,15 +37,6 @@ struct dwc3_exynos {
struct regulator *vdd10;
};
-static int dwc3_exynos_remove_child(struct device *dev, void *unused)
-{
- struct platform_device *pdev = to_platform_device(dev);
-
- platform_device_unregister(pdev);
-
- return 0;
-}
-
static int dwc3_exynos_probe(struct platform_device *pdev)
{
struct dwc3_exynos *exynos;
@@ -142,7 +133,7 @@ static int dwc3_exynos_remove(struct pla
struct dwc3_exynos *exynos = platform_get_drvdata(pdev);
int i;
- device_for_each_child(&pdev->dev, NULL, dwc3_exynos_remove_child);
+ of_platform_depopulate(&pdev->dev);
for (i = exynos->num_clks - 1; i >= 0; i--)
clk_disable_unprepare(exynos->clks[i]);
^ permalink raw reply [flat|nested] 217+ messages in thread
* [PATCH 5.15 142/206] usb: cdnsp: Fix issue with Clear Feature Halt Endpoint
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (140 preceding siblings ...)
2022-11-30 18:23 ` [PATCH 5.15 141/206] usb: dwc3: exynos: Fix remove() function Greg Kroah-Hartman
@ 2022-11-30 18:23 ` Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 5.15 143/206] usb: cdnsp: fix issue with ZLP - added TD_SIZE = 1 Greg Kroah-Hartman
` (72 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:23 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Peter Chen, Pawel Laszczak
From: Pawel Laszczak <pawell@cadence.com>
commit b25264f22b498dff3fa5c70c9bea840e83fff0d1 upstream.
During handling Clear Halt Endpoint Feature request, driver invokes
Reset Endpoint command. Because this command has some issue with
transition endpoint from Running to Idle state the driver must
stop the endpoint by using Stop Endpoint command.
cc: <stable@vger.kernel.org>
Fixes: 3d82904559f4 ("usb: cdnsp: cdns3 Add main part of Cadence USBSSP DRD Driver")
Reviewed-by: Peter Chen <peter.chen@kernel.org>
Signed-off-by: Pawel Laszczak <pawell@cadence.com>
Link: https://lore.kernel.org/r/20221110063005.370656-1-pawell@cadence.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/cdns3/cdnsp-gadget.c | 12 ++++--------
drivers/usb/cdns3/cdnsp-ring.c | 3 ++-
2 files changed, 6 insertions(+), 9 deletions(-)
--- a/drivers/usb/cdns3/cdnsp-gadget.c
+++ b/drivers/usb/cdns3/cdnsp-gadget.c
@@ -600,11 +600,11 @@ int cdnsp_halt_endpoint(struct cdnsp_dev
trace_cdnsp_ep_halt(value ? "Set" : "Clear");
- if (value) {
- ret = cdnsp_cmd_stop_ep(pdev, pep);
- if (ret)
- return ret;
+ ret = cdnsp_cmd_stop_ep(pdev, pep);
+ if (ret)
+ return ret;
+ if (value) {
if (GET_EP_CTX_STATE(pep->out_ctx) == EP_STATE_STOPPED) {
cdnsp_queue_halt_endpoint(pdev, pep->idx);
cdnsp_ring_cmd_db(pdev);
@@ -613,10 +613,6 @@ int cdnsp_halt_endpoint(struct cdnsp_dev
pep->ep_state |= EP_HALTED;
} else {
- /*
- * In device mode driver can call reset endpoint command
- * from any endpoint state.
- */
cdnsp_queue_reset_ep(pdev, pep->idx);
cdnsp_ring_cmd_db(pdev);
ret = cdnsp_wait_for_cmd_compl(pdev);
--- a/drivers/usb/cdns3/cdnsp-ring.c
+++ b/drivers/usb/cdns3/cdnsp-ring.c
@@ -2076,7 +2076,8 @@ int cdnsp_cmd_stop_ep(struct cdnsp_devic
u32 ep_state = GET_EP_CTX_STATE(pep->out_ctx);
int ret = 0;
- if (ep_state == EP_STATE_STOPPED || ep_state == EP_STATE_DISABLED) {
+ if (ep_state == EP_STATE_STOPPED || ep_state == EP_STATE_DISABLED ||
+ ep_state == EP_STATE_HALTED) {
trace_cdnsp_ep_stopped_or_disabled(pep->out_ctx);
goto ep_stopped;
}
^ permalink raw reply [flat|nested] 217+ messages in thread
* [PATCH 5.15 143/206] usb: cdnsp: fix issue with ZLP - added TD_SIZE = 1
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (141 preceding siblings ...)
2022-11-30 18:23 ` [PATCH 5.15 142/206] usb: cdnsp: Fix issue with Clear Feature Halt Endpoint Greg Kroah-Hartman
@ 2022-11-30 18:23 ` Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 5.15 144/206] ext4: fix use-after-free in ext4_ext_shift_extents Greg Kroah-Hartman
` (71 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:23 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Pawel Laszczak, Peter Chen
From: Pawel Laszczak <pawell@cadence.com>
commit 7a21b27aafa3edead79ed97e6f22236be6b9f447 upstream.
Patch modifies the TD_SIZE in TRB before ZLP TRB.
The TD_SIZE in TRB before ZLP TRB must be set to 1 to force
processing ZLP TRB by controller.
cc: <stable@vger.kernel.org>
Fixes: 3d82904559f4 ("usb: cdnsp: cdns3 Add main part of Cadence USBSSP DRD Driver")
Signed-off-by: Pawel Laszczak <pawell@cadence.com>
Reviewed-by: Peter Chen <peter.chen@kernel.org>
Link: https://lore.kernel.org/r/20221115092218.421267-1-pawell@cadence.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/cdns3/cdnsp-ring.c | 14 ++++++++++----
1 file changed, 10 insertions(+), 4 deletions(-)
--- a/drivers/usb/cdns3/cdnsp-ring.c
+++ b/drivers/usb/cdns3/cdnsp-ring.c
@@ -1763,10 +1763,15 @@ static u32 cdnsp_td_remainder(struct cdn
int trb_buff_len,
unsigned int td_total_len,
struct cdnsp_request *preq,
- bool more_trbs_coming)
+ bool more_trbs_coming,
+ bool zlp)
{
u32 maxp, total_packet_count;
+ /* Before ZLP driver needs set TD_SIZE = 1. */
+ if (zlp)
+ return 1;
+
/* One TRB with a zero-length data packet. */
if (!more_trbs_coming || (transferred == 0 && trb_buff_len == 0) ||
trb_buff_len == td_total_len)
@@ -1960,7 +1965,8 @@ int cdnsp_queue_bulk_tx(struct cdnsp_dev
/* Set the TRB length, TD size, and interrupter fields. */
remainder = cdnsp_td_remainder(pdev, enqd_len, trb_buff_len,
full_len, preq,
- more_trbs_coming);
+ more_trbs_coming,
+ zero_len_trb);
length_field = TRB_LEN(trb_buff_len) | TRB_TD_SIZE(remainder) |
TRB_INTR_TARGET(0);
@@ -2025,7 +2031,7 @@ int cdnsp_queue_ctrl_tx(struct cdnsp_dev
if (preq->request.length > 0) {
remainder = cdnsp_td_remainder(pdev, 0, preq->request.length,
- preq->request.length, preq, 1);
+ preq->request.length, preq, 1, 0);
length_field = TRB_LEN(preq->request.length) |
TRB_TD_SIZE(remainder) | TRB_INTR_TARGET(0);
@@ -2226,7 +2232,7 @@ static int cdnsp_queue_isoc_tx(struct cd
/* Set the TRB length, TD size, & interrupter fields. */
remainder = cdnsp_td_remainder(pdev, running_total,
trb_buff_len, td_len, preq,
- more_trbs_coming);
+ more_trbs_coming, 0);
length_field = TRB_LEN(trb_buff_len) | TRB_INTR_TARGET(0);
^ permalink raw reply [flat|nested] 217+ messages in thread
* [PATCH 5.15 144/206] ext4: fix use-after-free in ext4_ext_shift_extents
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (142 preceding siblings ...)
2022-11-30 18:23 ` [PATCH 5.15 143/206] usb: cdnsp: fix issue with ZLP - added TD_SIZE = 1 Greg Kroah-Hartman
@ 2022-11-30 18:23 ` Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 5.15 145/206] arm64: dts: rockchip: lower rk3399-puma-haikou SD controller clock frequency Greg Kroah-Hartman
` (70 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:23 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Zhihao Cheng, Baokun Li, Theodore Tso
From: Baokun Li <libaokun1@huawei.com>
commit f6b1a1cf1c3ee430d3f5e47847047ce789a690aa upstream.
If the starting position of our insert range happens to be in the hole
between the two ext4_extent_idx, because the lblk of the ext4_extent in
the previous ext4_extent_idx is always less than the start, which leads
to the "extent" variable access across the boundary, the following UAF is
triggered:
==================================================================
BUG: KASAN: use-after-free in ext4_ext_shift_extents+0x257/0x790
Read of size 4 at addr ffff88819807a008 by task fallocate/8010
CPU: 3 PID: 8010 Comm: fallocate Tainted: G E 5.10.0+ #492
Call Trace:
dump_stack+0x7d/0xa3
print_address_description.constprop.0+0x1e/0x220
kasan_report.cold+0x67/0x7f
ext4_ext_shift_extents+0x257/0x790
ext4_insert_range+0x5b6/0x700
ext4_fallocate+0x39e/0x3d0
vfs_fallocate+0x26f/0x470
ksys_fallocate+0x3a/0x70
__x64_sys_fallocate+0x4f/0x60
do_syscall_64+0x33/0x40
entry_SYSCALL_64_after_hwframe+0x44/0xa9
==================================================================
For right shifts, we can divide them into the following situations:
1. When the first ee_block of ext4_extent_idx is greater than or equal to
start, make right shifts directly from the first ee_block.
1) If it is greater than start, we need to continue searching in the
previous ext4_extent_idx.
2) If it is equal to start, we can exit the loop (iterator=NULL).
2. When the first ee_block of ext4_extent_idx is less than start, then
traverse from the last extent to find the first extent whose ee_block
is less than start.
1) If extent is still the last extent after traversal, it means that
the last ee_block of ext4_extent_idx is less than start, that is,
start is located in the hole between idx and (idx+1), so we can
exit the loop directly (break) without right shifts.
2) Otherwise, make right shifts at the corresponding position of the
found extent, and then exit the loop (iterator=NULL).
Fixes: 331573febb6a ("ext4: Add support FALLOC_FL_INSERT_RANGE for fallocate")
Cc: stable@vger.kernel.org # v4.2+
Signed-off-by: Zhihao Cheng <chengzhihao1@huawei.com>
Signed-off-by: Baokun Li <libaokun1@huawei.com>
Link: https://lore.kernel.org/r/20220922120434.1294789-1-libaokun1@huawei.com
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/ext4/extents.c | 18 +++++++++++++-----
1 file changed, 13 insertions(+), 5 deletions(-)
--- a/fs/ext4/extents.c
+++ b/fs/ext4/extents.c
@@ -5190,6 +5190,7 @@ ext4_ext_shift_extents(struct inode *ino
* and it is decreased till we reach start.
*/
again:
+ ret = 0;
if (SHIFT == SHIFT_LEFT)
iterator = &start;
else
@@ -5233,14 +5234,21 @@ again:
ext4_ext_get_actual_len(extent);
} else {
extent = EXT_FIRST_EXTENT(path[depth].p_hdr);
- if (le32_to_cpu(extent->ee_block) > 0)
+ if (le32_to_cpu(extent->ee_block) > start)
*iterator = le32_to_cpu(extent->ee_block) - 1;
- else
- /* Beginning is reached, end of the loop */
+ else if (le32_to_cpu(extent->ee_block) == start)
iterator = NULL;
- /* Update path extent in case we need to stop */
- while (le32_to_cpu(extent->ee_block) < start)
+ else {
+ extent = EXT_LAST_EXTENT(path[depth].p_hdr);
+ while (le32_to_cpu(extent->ee_block) >= start)
+ extent--;
+
+ if (extent == EXT_LAST_EXTENT(path[depth].p_hdr))
+ break;
+
extent++;
+ iterator = NULL;
+ }
path[depth].p_ext = extent;
}
ret = ext4_ext_shift_path_extents(path, shift, inode,
^ permalink raw reply [flat|nested] 217+ messages in thread
* [PATCH 5.15 145/206] arm64: dts: rockchip: lower rk3399-puma-haikou SD controller clock frequency
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (143 preceding siblings ...)
2022-11-30 18:23 ` [PATCH 5.15 144/206] ext4: fix use-after-free in ext4_ext_shift_extents Greg Kroah-Hartman
@ 2022-11-30 18:23 ` Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 5.15 146/206] kbuild: fix -Wimplicit-function-declaration in license_is_gpl_compatible Greg Kroah-Hartman
` (69 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:23 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Jakob Unterwurzacher,
Quentin Schulz, Heiko Stuebner
From: Jakob Unterwurzacher <jakob.unterwurzacher@theobroma-systems.com>
commit 91e8b74fe6381e083f8aa55217bb0562785ab398 upstream.
CRC errors (code -84 EILSEQ) have been observed for some SanDisk
Ultra A1 cards when running at 50MHz.
Waveform analysis suggest that the level shifters that are used on the
RK3399-Q7 module for voltage translation between 3.0 and 3.3V don't
handle clock rates at or above 48MHz properly. Back off to 40MHz for
some safety margin.
Cc: stable@vger.kernel.org
Fixes: 60fd9f72ce8a ("arm64: dts: rockchip: add Haikou baseboard with RK3399-Q7 SoM")
Signed-off-by: Jakob Unterwurzacher <jakob.unterwurzacher@theobroma-systems.com>
Signed-off-by: Quentin Schulz <quentin.schulz@theobroma-systems.com>
Link: https://lore.kernel.org/r/20221019-upstream-puma-sd-40mhz-v1-0-754a76421518@theobroma-systems.com
Signed-off-by: Heiko Stuebner <heiko@sntech.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arm64/boot/dts/rockchip/rk3399-puma-haikou.dts | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/arch/arm64/boot/dts/rockchip/rk3399-puma-haikou.dts
+++ b/arch/arm64/boot/dts/rockchip/rk3399-puma-haikou.dts
@@ -207,7 +207,7 @@
cap-sd-highspeed;
cd-gpios = <&gpio0 RK_PA7 GPIO_ACTIVE_LOW>;
disable-wp;
- max-frequency = <150000000>;
+ max-frequency = <40000000>;
pinctrl-names = "default";
pinctrl-0 = <&sdmmc_clk &sdmmc_cmd &sdmmc_cd &sdmmc_bus4>;
vmmc-supply = <&vcc3v3_baseboard>;
^ permalink raw reply [flat|nested] 217+ messages in thread
* [PATCH 5.15 146/206] kbuild: fix -Wimplicit-function-declaration in license_is_gpl_compatible
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (144 preceding siblings ...)
2022-11-30 18:23 ` [PATCH 5.15 145/206] arm64: dts: rockchip: lower rk3399-puma-haikou SD controller clock frequency Greg Kroah-Hartman
@ 2022-11-30 18:23 ` Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 5.15 147/206] iio: light: apds9960: fix wrong register for gesture gain Greg Kroah-Hartman
` (68 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:23 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Sam James, Andrew Morton
From: Sam James <sam@gentoo.org>
commit 50c697215a8cc22f0e58c88f06f2716c05a26e85 upstream.
Add missing <linux/string.h> include for strcmp.
Clang 16 makes -Wimplicit-function-declaration an error by default.
Unfortunately, out of tree modules may use this in configure scripts,
which means failure might cause silent miscompilation or misconfiguration.
For more information, see LWN.net [0] or LLVM's Discourse [1], gentoo-dev@ [2],
or the (new) c-std-porting mailing list [3].
[0] https://lwn.net/Articles/913505/
[1] https://discourse.llvm.org/t/configure-script-breakage-with-the-new-werror-implicit-function-declaration/65213
[2] https://archives.gentoo.org/gentoo-dev/message/dd9f2d3082b8b6f8dfbccb0639e6e240
[3] hosted at lists.linux.dev.
[akpm@linux-foundation.org: remember "linux/"]
Link: https://lkml.kernel.org/r/20221116182634.2823136-1-sam@gentoo.org
Signed-off-by: Sam James <sam@gentoo.org>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
include/linux/license.h | 2 ++
1 file changed, 2 insertions(+)
--- a/include/linux/license.h
+++ b/include/linux/license.h
@@ -2,6 +2,8 @@
#ifndef __LICENSE_H
#define __LICENSE_H
+#include <linux/string.h>
+
static inline int license_is_gpl_compatible(const char *license)
{
return (strcmp(license, "GPL") == 0
^ permalink raw reply [flat|nested] 217+ messages in thread
* [PATCH 5.15 147/206] iio: light: apds9960: fix wrong register for gesture gain
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (145 preceding siblings ...)
2022-11-30 18:23 ` [PATCH 5.15 146/206] kbuild: fix -Wimplicit-function-declaration in license_is_gpl_compatible Greg Kroah-Hartman
@ 2022-11-30 18:23 ` Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 5.15 148/206] iio: core: Fix entry not deleted when iio_register_sw_trigger_type() fails Greg Kroah-Hartman
` (67 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:23 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Alejandro Concepcion-Rodriguez,
Matt Ranostay, Stable, Jonathan Cameron
From: Alejandro Concepción Rodríguez <asconcepcion@acoro.eu>
commit 0aa60ff5d996d4ecdd4a62699c01f6d00f798d59 upstream.
Gesture Gain Control is in REG_GCONF_2 (0xa3), not in REG_CONFIG_2 (0x90).
Fixes: aff268cd532e ("iio: light: add APDS9960 ALS + promixity driver")
Signed-off-by: Alejandro Concepcion-Rodriguez <asconcepcion@acoro.eu>
Acked-by: Matt Ranostay <matt.ranostay@konsulko.com>
Cc: <Stable@vger.kernel.org>
Link: https://lore.kernel.org/r/EaT-NKC-H4DNX5z4Lg9B6IWPD5TrTrYBr5DYB784wfDKQkTmzPXkoYqyUOrOgJH-xvTsEkFLcVkeAPZRUODEFI5dGziaWXwjpfBNLeNGfNc=@acoro.eu
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/iio/light/apds9960.c | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
--- a/drivers/iio/light/apds9960.c
+++ b/drivers/iio/light/apds9960.c
@@ -54,9 +54,6 @@
#define APDS9960_REG_CONTROL_PGAIN_MASK_SHIFT 2
#define APDS9960_REG_CONFIG_2 0x90
-#define APDS9960_REG_CONFIG_2_GGAIN_MASK 0x60
-#define APDS9960_REG_CONFIG_2_GGAIN_MASK_SHIFT 5
-
#define APDS9960_REG_ID 0x92
#define APDS9960_REG_STATUS 0x93
@@ -77,6 +74,9 @@
#define APDS9960_REG_GCONF_1_GFIFO_THRES_MASK_SHIFT 6
#define APDS9960_REG_GCONF_2 0xa3
+#define APDS9960_REG_GCONF_2_GGAIN_MASK 0x60
+#define APDS9960_REG_GCONF_2_GGAIN_MASK_SHIFT 5
+
#define APDS9960_REG_GOFFSET_U 0xa4
#define APDS9960_REG_GOFFSET_D 0xa5
#define APDS9960_REG_GPULSE 0xa6
@@ -396,9 +396,9 @@ static int apds9960_set_pxs_gain(struct
}
ret = regmap_update_bits(data->regmap,
- APDS9960_REG_CONFIG_2,
- APDS9960_REG_CONFIG_2_GGAIN_MASK,
- idx << APDS9960_REG_CONFIG_2_GGAIN_MASK_SHIFT);
+ APDS9960_REG_GCONF_2,
+ APDS9960_REG_GCONF_2_GGAIN_MASK,
+ idx << APDS9960_REG_GCONF_2_GGAIN_MASK_SHIFT);
if (!ret)
data->pxs_gain = idx;
mutex_unlock(&data->lock);
^ permalink raw reply [flat|nested] 217+ messages in thread
* [PATCH 5.15 148/206] iio: core: Fix entry not deleted when iio_register_sw_trigger_type() fails
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (146 preceding siblings ...)
2022-11-30 18:23 ` [PATCH 5.15 147/206] iio: light: apds9960: fix wrong register for gesture gain Greg Kroah-Hartman
@ 2022-11-30 18:23 ` Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 5.15 149/206] bus: ixp4xx: Dont touch bit 7 on IXP42x Greg Kroah-Hartman
` (66 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:23 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Chen Zhongjin, Stable, Jonathan Cameron
From: Chen Zhongjin <chenzhongjin@huawei.com>
commit 4ad09d956f8eacff61e67e5b13ba8ebec3232f76 upstream.
In iio_register_sw_trigger_type(), configfs_register_default_group() is
possible to fail, but the entry add to iio_trigger_types_list is not
deleted.
This leaves wild in iio_trigger_types_list, which can cause page fault
when module is loading again. So fix this by list_del(&t->list) in error
path.
BUG: unable to handle page fault for address: fffffbfff81d7400
Call Trace:
<TASK>
iio_register_sw_trigger_type
do_one_initcall
do_init_module
load_module
...
Fixes: b662f809d410 ("iio: core: Introduce IIO software triggers")
Signed-off-by: Chen Zhongjin <chenzhongjin@huawei.com>
Link: https://lore.kernel.org/r/20221108032802.168623-1-chenzhongjin@huawei.com
Cc: <Stable@vger.kernel.org>
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/iio/industrialio-sw-trigger.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
--- a/drivers/iio/industrialio-sw-trigger.c
+++ b/drivers/iio/industrialio-sw-trigger.c
@@ -58,8 +58,12 @@ int iio_register_sw_trigger_type(struct
t->group = configfs_register_default_group(iio_triggers_group, t->name,
&iio_trigger_type_group_type);
- if (IS_ERR(t->group))
+ if (IS_ERR(t->group)) {
+ mutex_lock(&iio_trigger_types_lock);
+ list_del(&t->list);
+ mutex_unlock(&iio_trigger_types_lock);
ret = PTR_ERR(t->group);
+ }
return ret;
}
^ permalink raw reply [flat|nested] 217+ messages in thread
* [PATCH 5.15 149/206] bus: ixp4xx: Dont touch bit 7 on IXP42x
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (147 preceding siblings ...)
2022-11-30 18:23 ` [PATCH 5.15 148/206] iio: core: Fix entry not deleted when iio_register_sw_trigger_type() fails Greg Kroah-Hartman
@ 2022-11-30 18:23 ` Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 5.15 150/206] usb: dwc3: gadget: conditionally remove requests Greg Kroah-Hartman
` (65 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:23 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Linus Walleij, Arnd Bergmann
From: Linus Walleij <linus.walleij@linaro.org>
commit ff5a19909b49fe5c0b01ae197f84b741e0f698dc upstream.
We face some regressions on a few IXP42x systems when
accessing flash, the following unrelated error prints
appear from the PCI driver:
ixp4xx-pci c0000000.pci: PCI: abort_handler addr = 0xff9ffb5f,
isr = 0x0, status = 0x22a0
ixp4xx-pci c0000000.pci: imprecise abort
(...)
It turns out that while bit 7 is masked "reserved" it is
not unused, so masking it off as zero is dangerous, and
breaks flash access on some systems such as the NSLU2.
Be more careful and avoid masking off any of the reserved
bits 7, 8, 9 or 30. Only keep masking EXP_WORD (bit 2)
on IXP43x which is necessary in some setups.
Fixes: 1c953bda90ca ("bus: ixp4xx: Add a driver for IXP4xx expansion bus")
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/20221122134411.2030372-1-linus.walleij@linaro.org
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/bus/intel-ixp4xx-eb.c | 9 +++------
1 file changed, 3 insertions(+), 6 deletions(-)
diff --git a/drivers/bus/intel-ixp4xx-eb.c b/drivers/bus/intel-ixp4xx-eb.c
index a4388440aca7..91db001eb69a 100644
--- a/drivers/bus/intel-ixp4xx-eb.c
+++ b/drivers/bus/intel-ixp4xx-eb.c
@@ -49,7 +49,7 @@
#define IXP4XX_EXP_SIZE_SHIFT 10
#define IXP4XX_EXP_CNFG_0 BIT(9) /* Always zero */
#define IXP43X_EXP_SYNC_INTEL BIT(8) /* Only on IXP43x */
-#define IXP43X_EXP_EXP_CHIP BIT(7) /* Only on IXP43x */
+#define IXP43X_EXP_EXP_CHIP BIT(7) /* Only on IXP43x, dangerous to touch on IXP42x */
#define IXP4XX_EXP_BYTE_RD16 BIT(6)
#define IXP4XX_EXP_HRDY_POL BIT(5) /* Only on IXP42x */
#define IXP4XX_EXP_MUX_EN BIT(4)
@@ -57,8 +57,6 @@
#define IXP4XX_EXP_WORD BIT(2) /* Always zero */
#define IXP4XX_EXP_WR_EN BIT(1)
#define IXP4XX_EXP_BYTE_EN BIT(0)
-#define IXP42X_RESERVED (BIT(30)|IXP4XX_EXP_CNFG_0|BIT(8)|BIT(7)|IXP4XX_EXP_WORD)
-#define IXP43X_RESERVED (BIT(30)|IXP4XX_EXP_CNFG_0|BIT(5)|IXP4XX_EXP_WORD)
#define IXP4XX_EXP_CNFG0 0x20
#define IXP4XX_EXP_CNFG0_MEM_MAP BIT(31)
@@ -252,10 +250,9 @@ static void ixp4xx_exp_setup_chipselect(struct ixp4xx_eb *eb,
cs_cfg |= val << IXP4XX_EXP_CYC_TYPE_SHIFT;
}
- if (eb->is_42x)
- cs_cfg &= ~IXP42X_RESERVED;
if (eb->is_43x) {
- cs_cfg &= ~IXP43X_RESERVED;
+ /* Should always be zero */
+ cs_cfg &= ~IXP4XX_EXP_WORD;
/*
* This bit for Intel strata flash is currently unused, but let's
* report it if we find one.
--
2.38.1
^ permalink raw reply related [flat|nested] 217+ messages in thread
* [PATCH 5.15 150/206] usb: dwc3: gadget: conditionally remove requests
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (148 preceding siblings ...)
2022-11-30 18:23 ` [PATCH 5.15 149/206] bus: ixp4xx: Dont touch bit 7 on IXP42x Greg Kroah-Hartman
@ 2022-11-30 18:23 ` Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 5.15 151/206] usb: dwc3: gadget: Return -ESHUTDOWN on ep disable Greg Kroah-Hartman
` (64 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:23 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Michael Grzeschik, Sasha Levin
From: Michael Grzeschik <m.grzeschik@pengutronix.de>
[ Upstream commit b44c0e7fef51ee7e8ca8c6efbf706f5613787100 ]
The functions stop_active_transfers and ep_disable are both calling
remove_requests. This functions in both cases will giveback the requests
with status ESHUTDOWN, which also represents an physical disconnection.
For ep_disable this is not true. This patch adds the status parameter to
remove_requests and sets the status to ECONNRESET on ep_disable.
Signed-off-by: Michael Grzeschik <m.grzeschik@pengutronix.de>
Link: https://lore.kernel.org/r/20220720213523.1055897-1-m.grzeschik@pengutronix.de
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Stable-dep-of: f90f5afd5083 ("usb: dwc3: gadget: Clear ep descriptor last")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/usb/dwc3/gadget.c | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/drivers/usb/dwc3/gadget.c b/drivers/usb/dwc3/gadget.c
index c38418b4df90..d735a713e0e1 100644
--- a/drivers/usb/dwc3/gadget.c
+++ b/drivers/usb/dwc3/gadget.c
@@ -951,7 +951,7 @@ static int __dwc3_gadget_ep_enable(struct dwc3_ep *dep, unsigned int action)
return 0;
}
-static void dwc3_remove_requests(struct dwc3 *dwc, struct dwc3_ep *dep)
+static void dwc3_remove_requests(struct dwc3 *dwc, struct dwc3_ep *dep, int status)
{
struct dwc3_request *req;
@@ -961,19 +961,19 @@ static void dwc3_remove_requests(struct dwc3 *dwc, struct dwc3_ep *dep)
while (!list_empty(&dep->started_list)) {
req = next_request(&dep->started_list);
- dwc3_gadget_giveback(dep, req, -ESHUTDOWN);
+ dwc3_gadget_giveback(dep, req, status);
}
while (!list_empty(&dep->pending_list)) {
req = next_request(&dep->pending_list);
- dwc3_gadget_giveback(dep, req, -ESHUTDOWN);
+ dwc3_gadget_giveback(dep, req, status);
}
while (!list_empty(&dep->cancelled_list)) {
req = next_request(&dep->cancelled_list);
- dwc3_gadget_giveback(dep, req, -ESHUTDOWN);
+ dwc3_gadget_giveback(dep, req, status);
}
}
@@ -1008,7 +1008,7 @@ static int __dwc3_gadget_ep_disable(struct dwc3_ep *dep)
dep->endpoint.desc = NULL;
}
- dwc3_remove_requests(dwc, dep);
+ dwc3_remove_requests(dwc, dep, -ECONNRESET);
dep->stream_capable = false;
dep->type = 0;
@@ -2288,7 +2288,7 @@ static void dwc3_stop_active_transfers(struct dwc3 *dwc)
if (!dep)
continue;
- dwc3_remove_requests(dwc, dep);
+ dwc3_remove_requests(dwc, dep, -ESHUTDOWN);
}
}
--
2.35.1
^ permalink raw reply related [flat|nested] 217+ messages in thread
* [PATCH 5.15 151/206] usb: dwc3: gadget: Return -ESHUTDOWN on ep disable
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (149 preceding siblings ...)
2022-11-30 18:23 ` [PATCH 5.15 150/206] usb: dwc3: gadget: conditionally remove requests Greg Kroah-Hartman
@ 2022-11-30 18:23 ` Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 5.15 152/206] usb: dwc3: gadget: Clear ep descriptor last Greg Kroah-Hartman
` (63 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:23 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Thinh Nguyen, Sasha Levin
From: Thinh Nguyen <Thinh.Nguyen@synopsys.com>
[ Upstream commit ffb9da4a04c69567bad717707b6fdfbc4c216ef4 ]
The usb_request API clearly noted that removed requests due to disabled
endpoint should have -ESHUTDOWN status returned. Don't change this
behavior.
Fixes: b44c0e7fef51 ("usb: dwc3: gadget: conditionally remove requests")
Signed-off-by: Thinh Nguyen <Thinh.Nguyen@synopsys.com>
Link: https://lore.kernel.org/r/3421859485cb32d77e2068549679a6c07a7797bc.1667875427.git.Thinh.Nguyen@synopsys.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Stable-dep-of: f90f5afd5083 ("usb: dwc3: gadget: Clear ep descriptor last")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/usb/dwc3/gadget.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/usb/dwc3/gadget.c b/drivers/usb/dwc3/gadget.c
index d735a713e0e1..515ace4c85cf 100644
--- a/drivers/usb/dwc3/gadget.c
+++ b/drivers/usb/dwc3/gadget.c
@@ -1008,7 +1008,7 @@ static int __dwc3_gadget_ep_disable(struct dwc3_ep *dep)
dep->endpoint.desc = NULL;
}
- dwc3_remove_requests(dwc, dep, -ECONNRESET);
+ dwc3_remove_requests(dwc, dep, -ESHUTDOWN);
dep->stream_capable = false;
dep->type = 0;
--
2.35.1
^ permalink raw reply related [flat|nested] 217+ messages in thread
* [PATCH 5.15 152/206] usb: dwc3: gadget: Clear ep descriptor last
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (150 preceding siblings ...)
2022-11-30 18:23 ` [PATCH 5.15 151/206] usb: dwc3: gadget: Return -ESHUTDOWN on ep disable Greg Kroah-Hartman
@ 2022-11-30 18:23 ` Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 5.15 153/206] nilfs2: fix nilfs_sufile_mark_dirty() not set segment usage as dirty Greg Kroah-Hartman
` (62 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:23 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Thinh Nguyen, Sasha Levin
From: Thinh Nguyen <Thinh.Nguyen@synopsys.com>
[ Upstream commit f90f5afd5083a7cb4aee13bd4cc0ae600bd381ca ]
Until the endpoint is disabled, its descriptors should remain valid.
When its requests are removed from ep disable, the request completion
routine may attempt to access the endpoint's descriptor. Don't clear the
descriptors before that.
Fixes: f09ddcfcb8c5 ("usb: dwc3: gadget: Prevent EP queuing while stopping transfers")
Cc: stable@vger.kernel.org
Signed-off-by: Thinh Nguyen <Thinh.Nguyen@synopsys.com>
Link: https://lore.kernel.org/r/45db7c83b209259115bf652af210f8b2b3b1a383.1668561364.git.Thinh.Nguyen@synopsys.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/usb/dwc3/gadget.c | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/drivers/usb/dwc3/gadget.c b/drivers/usb/dwc3/gadget.c
index 515ace4c85cf..dfa1d9eedde1 100644
--- a/drivers/usb/dwc3/gadget.c
+++ b/drivers/usb/dwc3/gadget.c
@@ -1002,18 +1002,18 @@ static int __dwc3_gadget_ep_disable(struct dwc3_ep *dep)
reg &= ~DWC3_DALEPENA_EP(dep->number);
dwc3_writel(dwc->regs, DWC3_DALEPENA, reg);
- /* Clear out the ep descriptors for non-ep0 */
- if (dep->number > 1) {
- dep->endpoint.comp_desc = NULL;
- dep->endpoint.desc = NULL;
- }
-
dwc3_remove_requests(dwc, dep, -ESHUTDOWN);
dep->stream_capable = false;
dep->type = 0;
dep->flags &= DWC3_EP_TXFIFO_RESIZED;
+ /* Clear out the ep descriptors for non-ep0 */
+ if (dep->number > 1) {
+ dep->endpoint.comp_desc = NULL;
+ dep->endpoint.desc = NULL;
+ }
+
return 0;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 217+ messages in thread
* [PATCH 5.15 153/206] nilfs2: fix nilfs_sufile_mark_dirty() not set segment usage as dirty
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (151 preceding siblings ...)
2022-11-30 18:23 ` [PATCH 5.15 152/206] usb: dwc3: gadget: Clear ep descriptor last Greg Kroah-Hartman
@ 2022-11-30 18:23 ` Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 5.15 154/206] gcov: clang: fix the buffer overflow issue Greg Kroah-Hartman
` (61 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:23 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Chen Zhongjin, syzbot+77e4f0...,
Liu Shixin, Ryusuke Konishi, Andrew Morton
From: Chen Zhongjin <chenzhongjin@huawei.com>
commit 512c5ca01a3610ab14ff6309db363de51f1c13a6 upstream.
When extending segments, nilfs_sufile_alloc() is called to get an
unassigned segment, then mark it as dirty to avoid accidentally allocating
the same segment in the future.
But for some special cases such as a corrupted image it can be unreliable.
If such corruption of the dirty state of the segment occurs, nilfs2 may
reallocate a segment that is in use and pick the same segment for writing
twice at the same time.
This will cause the problem reported by syzkaller:
https://syzkaller.appspot.com/bug?id=c7c4748e11ffcc367cef04f76e02e931833cbd24
This case started with segbuf1.segnum = 3, nextnum = 4 when constructed.
It supposed segment 4 has already been allocated and marked as dirty.
However the dirty state was corrupted and segment 4 usage was not dirty.
For the first time nilfs_segctor_extend_segments() segment 4 was allocated
again, which made segbuf2 and next segbuf3 had same segment 4.
sb_getblk() will get same bh for segbuf2 and segbuf3, and this bh is added
to both buffer lists of two segbuf. It makes the lists broken which
causes NULL pointer dereference.
Fix the problem by setting usage as dirty every time in
nilfs_sufile_mark_dirty(), which is called during constructing current
segment to be written out and before allocating next segment.
[chenzhongjin@huawei.com: add lock protection per Ryusuke]
Link: https://lkml.kernel.org/r/20221121091141.214703-1-chenzhongjin@huawei.com
Link: https://lkml.kernel.org/r/20221118063304.140187-1-chenzhongjin@huawei.com
Fixes: 9ff05123e3bf ("nilfs2: segment constructor")
Signed-off-by: Chen Zhongjin <chenzhongjin@huawei.com>
Reported-by: <syzbot+77e4f0...@syzkaller.appspotmail.com>
Reported-by: Liu Shixin <liushixin2@huawei.com>
Acked-by: Ryusuke Konishi <konishi.ryusuke@gmail.com>
Tested-by: Ryusuke Konishi <konishi.ryusuke@gmail.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/nilfs2/sufile.c | 8 ++++++++
1 file changed, 8 insertions(+)
--- a/fs/nilfs2/sufile.c
+++ b/fs/nilfs2/sufile.c
@@ -495,14 +495,22 @@ void nilfs_sufile_do_free(struct inode *
int nilfs_sufile_mark_dirty(struct inode *sufile, __u64 segnum)
{
struct buffer_head *bh;
+ void *kaddr;
+ struct nilfs_segment_usage *su;
int ret;
+ down_write(&NILFS_MDT(sufile)->mi_sem);
ret = nilfs_sufile_get_segment_usage_block(sufile, segnum, 0, &bh);
if (!ret) {
mark_buffer_dirty(bh);
nilfs_mdt_mark_dirty(sufile);
+ kaddr = kmap_atomic(bh->b_page);
+ su = nilfs_sufile_block_get_segment_usage(sufile, segnum, bh, kaddr);
+ nilfs_segment_usage_set_dirty(su);
+ kunmap_atomic(kaddr);
brelse(bh);
}
+ up_write(&NILFS_MDT(sufile)->mi_sem);
return ret;
}
^ permalink raw reply [flat|nested] 217+ messages in thread
* [PATCH 5.15 154/206] gcov: clang: fix the buffer overflow issue
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (152 preceding siblings ...)
2022-11-30 18:23 ` [PATCH 5.15 153/206] nilfs2: fix nilfs_sufile_mark_dirty() not set segment usage as dirty Greg Kroah-Hartman
@ 2022-11-30 18:23 ` Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 5.15 155/206] mm: vmscan: fix extreme overreclaim and swap floods Greg Kroah-Hartman
` (60 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:23 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Mukesh Ojha, Peter Oberparleiter,
Nathan Chancellor, Nick Desaulniers, Tom Rix, Andrew Morton
From: Mukesh Ojha <quic_mojha@quicinc.com>
commit a6f810efabfd789d3bbafeacb4502958ec56c5ce upstream.
Currently, in clang version of gcov code when module is getting removed
gcov_info_add() incorrectly adds the sfn_ptr->counter to all the
dst->functions and it result in the kernel panic in below crash report.
Fix this by properly handling it.
[ 8.899094][ T599] Unable to handle kernel write to read-only memory at virtual address ffffff80461cc000
[ 8.899100][ T599] Mem abort info:
[ 8.899102][ T599] ESR = 0x9600004f
[ 8.899103][ T599] EC = 0x25: DABT (current EL), IL = 32 bits
[ 8.899105][ T599] SET = 0, FnV = 0
[ 8.899107][ T599] EA = 0, S1PTW = 0
[ 8.899108][ T599] FSC = 0x0f: level 3 permission fault
[ 8.899110][ T599] Data abort info:
[ 8.899111][ T599] ISV = 0, ISS = 0x0000004f
[ 8.899113][ T599] CM = 0, WnR = 1
[ 8.899114][ T599] swapper pgtable: 4k pages, 39-bit VAs, pgdp=00000000ab8de000
[ 8.899116][ T599] [ffffff80461cc000] pgd=18000009ffcde003, p4d=18000009ffcde003, pud=18000009ffcde003, pmd=18000009ffcad003, pte=00600000c61cc787
[ 8.899124][ T599] Internal error: Oops: 9600004f [#1] PREEMPT SMP
[ 8.899265][ T599] Skip md ftrace buffer dump for: 0x1609e0
....
..,
[ 8.899544][ T599] CPU: 7 PID: 599 Comm: modprobe Tainted: G S OE 5.15.41-android13-8-g38e9b1af6bce #1
[ 8.899547][ T599] Hardware name: XXX (DT)
[ 8.899549][ T599] pstate: 82400005 (Nzcv daif +PAN -UAO +TCO -DIT -SSBS BTYPE=--)
[ 8.899551][ T599] pc : gcov_info_add+0x9c/0xb8
[ 8.899557][ T599] lr : gcov_event+0x28c/0x6b8
[ 8.899559][ T599] sp : ffffffc00e733b00
[ 8.899560][ T599] x29: ffffffc00e733b00 x28: ffffffc00e733d30 x27: ffffffe8dc297470
[ 8.899563][ T599] x26: ffffffe8dc297000 x25: ffffffe8dc297000 x24: ffffffe8dc297000
[ 8.899566][ T599] x23: ffffffe8dc0a6200 x22: ffffff880f68bf20 x21: 0000000000000000
[ 8.899569][ T599] x20: ffffff880f68bf00 x19: ffffff8801babc00 x18: ffffffc00d7f9058
[ 8.899572][ T599] x17: 0000000000088793 x16: ffffff80461cbe00 x15: 9100052952800785
[ 8.899575][ T599] x14: 0000000000000200 x13: 0000000000000041 x12: 9100052952800785
[ 8.899577][ T599] x11: ffffffe8dc297000 x10: ffffffe8dc297000 x9 : ffffff80461cbc80
[ 8.899580][ T599] x8 : ffffff8801babe80 x7 : ffffffe8dc2ec000 x6 : ffffffe8dc2ed000
[ 8.899583][ T599] x5 : 000000008020001f x4 : fffffffe2006eae0 x3 : 000000008020001f
[ 8.899586][ T599] x2 : ffffff8027c49200 x1 : ffffff8801babc20 x0 : ffffff80461cb3a0
[ 8.899589][ T599] Call trace:
[ 8.899590][ T599] gcov_info_add+0x9c/0xb8
[ 8.899592][ T599] gcov_module_notifier+0xbc/0x120
[ 8.899595][ T599] blocking_notifier_call_chain+0xa0/0x11c
[ 8.899598][ T599] do_init_module+0x2a8/0x33c
[ 8.899600][ T599] load_module+0x23cc/0x261c
[ 8.899602][ T599] __arm64_sys_finit_module+0x158/0x194
[ 8.899604][ T599] invoke_syscall+0x94/0x2bc
[ 8.899607][ T599] el0_svc_common+0x1d8/0x34c
[ 8.899609][ T599] do_el0_svc+0x40/0x54
[ 8.899611][ T599] el0_svc+0x94/0x2f0
[ 8.899613][ T599] el0t_64_sync_handler+0x88/0xec
[ 8.899615][ T599] el0t_64_sync+0x1b4/0x1b8
[ 8.899618][ T599] Code: f905f56c f86e69ec f86e6a0f 8b0c01ec (f82e6a0c)
[ 8.899620][ T599] ---[ end trace ed5218e9e5b6e2e6 ]---
Link: https://lkml.kernel.org/r/1668020497-13142-1-git-send-email-quic_mojha@quicinc.com
Fixes: e178a5beb369 ("gcov: clang support")
Signed-off-by: Mukesh Ojha <quic_mojha@quicinc.com>
Reviewed-by: Peter Oberparleiter <oberpar@linux.ibm.com>
Tested-by: Peter Oberparleiter <oberpar@linux.ibm.com>
Cc: Nathan Chancellor <nathan@kernel.org>
Cc: Nick Desaulniers <ndesaulniers@google.com>
Cc: Tom Rix <trix@redhat.com>
Cc: <stable@vger.kernel.org> [5.2+]
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
kernel/gcov/clang.c | 2 ++
1 file changed, 2 insertions(+)
--- a/kernel/gcov/clang.c
+++ b/kernel/gcov/clang.c
@@ -280,6 +280,8 @@ void gcov_info_add(struct gcov_info *dst
for (i = 0; i < sfn_ptr->num_counters; i++)
dfn_ptr->counters[i] += sfn_ptr->counters[i];
+
+ sfn_ptr = list_next_entry(sfn_ptr, head);
}
}
^ permalink raw reply [flat|nested] 217+ messages in thread
* [PATCH 5.15 155/206] mm: vmscan: fix extreme overreclaim and swap floods
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (153 preceding siblings ...)
2022-11-30 18:23 ` [PATCH 5.15 154/206] gcov: clang: fix the buffer overflow issue Greg Kroah-Hartman
@ 2022-11-30 18:23 ` Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 5.15 156/206] KVM: x86: nSVM: leave nested mode on vCPU free Greg Kroah-Hartman
` (59 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:23 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Johannes Weiner, Rik van Riel,
Mel Gorman, Hugh Dickins, Joonsoo Kim, Andrew Morton
From: Johannes Weiner <hannes@cmpxchg.org>
commit f53af4285d775cd9a9a146fc438bd0a1bee1838a upstream.
During proactive reclaim, we sometimes observe severe overreclaim, with
several thousand times more pages reclaimed than requested.
This trace was obtained from shrink_lruvec() during such an instance:
prio:0 anon_cost:1141521 file_cost:7767
nr_reclaimed:4387406 nr_to_reclaim:1047 (or_factor:4190)
nr=[7161123 345 578 1111]
While he reclaimer requested 4M, vmscan reclaimed close to 16G, most of it
by swapping. These requests take over a minute, during which the write()
to memory.reclaim is unkillably stuck inside the kernel.
Digging into the source, this is caused by the proportional reclaim
bailout logic. This code tries to resolve a fundamental conflict: to
reclaim roughly what was requested, while also aging all LRUs fairly and
in accordance to their size, swappiness, refault rates etc. The way it
attempts fairness is that once the reclaim goal has been reached, it stops
scanning the LRUs with the smaller remaining scan targets, and adjusts the
remainder of the bigger LRUs according to how much of the smaller LRUs was
scanned. It then finishes scanning that remainder regardless of the
reclaim goal.
This works fine if priority levels are low and the LRU lists are
comparable in size. However, in this instance, the cgroup that is
targeted by proactive reclaim has almost no files left - they've already
been squeezed out by proactive reclaim earlier - and the remaining anon
pages are hot. Anon rotations cause the priority level to drop to 0,
which results in reclaim targeting all of anon (a lot) and all of file
(almost nothing). By the time reclaim decides to bail, it has scanned
most or all of the file target, and therefor must also scan most or all of
the enormous anon target. This target is thousands of times larger than
the reclaim goal, thus causing the overreclaim.
The bailout code hasn't changed in years, why is this failing now? The
most likely explanations are two other recent changes in anon reclaim:
1. Before the series starting with commit 5df741963d52 ("mm: fix LRU
balancing effect of new transparent huge pages"), the VM was
overall relatively reluctant to swap at all, even if swap was
configured. This means the LRU balancing code didn't come into play
as often as it does now, and mostly in high pressure situations
where pronounced swap activity wouldn't be as surprising.
2. For historic reasons, shrink_lruvec() loops on the scan targets of
all LRU lists except the active anon one, meaning it would bail if
the only remaining pages to scan were active anon - even if there
were a lot of them.
Before the series starting with commit ccc5dc67340c ("mm/vmscan:
make active/inactive ratio as 1:1 for anon lru"), most anon pages
would live on the active LRU; the inactive one would contain only a
handful of preselected reclaim candidates. After the series, anon
gets aged similarly to file, and the inactive list is the default
for new anon pages as well, making it often the much bigger list.
As a result, the VM is now more likely to actually finish large
anon targets than before.
Change the code such that only one SWAP_CLUSTER_MAX-sized nudge toward the
larger LRU lists is made before bailing out on a met reclaim goal.
This fixes the extreme overreclaim problem.
Fairness is more subtle and harder to evaluate. No obvious misbehavior
was observed on the test workload, in any case. Conceptually, fairness
should primarily be a cumulative effect from regular, lower priority
scans. Once the VM is in trouble and needs to escalate scan targets to
make forward progress, fairness needs to take a backseat. This is also
acknowledged by the myriad exceptions in get_scan_count(). This patch
makes fairness decrease gradually, as it keeps fairness work static over
increasing priority levels with growing scan targets. This should make
more sense - although we may have to re-visit the exact values.
Link: https://lkml.kernel.org/r/20220802162811.39216-1-hannes@cmpxchg.org
Signed-off-by: Johannes Weiner <hannes@cmpxchg.org>
Reviewed-by: Rik van Riel <riel@surriel.com>
Acked-by: Mel Gorman <mgorman@techsingularity.net>
Cc: Hugh Dickins <hughd@google.com>
Cc: Joonsoo Kim <iamjoonsoo.kim@lge.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
mm/vmscan.c | 10 ++++------
1 file changed, 4 insertions(+), 6 deletions(-)
--- a/mm/vmscan.c
+++ b/mm/vmscan.c
@@ -2791,8 +2791,8 @@ static void shrink_lruvec(struct lruvec
enum lru_list lru;
unsigned long nr_reclaimed = 0;
unsigned long nr_to_reclaim = sc->nr_to_reclaim;
+ bool proportional_reclaim;
struct blk_plug plug;
- bool scan_adjusted;
get_scan_count(lruvec, sc, nr);
@@ -2810,8 +2810,8 @@ static void shrink_lruvec(struct lruvec
* abort proportional reclaim if either the file or anon lru has already
* dropped to zero at the first pass.
*/
- scan_adjusted = (!cgroup_reclaim(sc) && !current_is_kswapd() &&
- sc->priority == DEF_PRIORITY);
+ proportional_reclaim = (!cgroup_reclaim(sc) && !current_is_kswapd() &&
+ sc->priority == DEF_PRIORITY);
blk_start_plug(&plug);
while (nr[LRU_INACTIVE_ANON] || nr[LRU_ACTIVE_FILE] ||
@@ -2831,7 +2831,7 @@ static void shrink_lruvec(struct lruvec
cond_resched();
- if (nr_reclaimed < nr_to_reclaim || scan_adjusted)
+ if (nr_reclaimed < nr_to_reclaim || proportional_reclaim)
continue;
/*
@@ -2882,8 +2882,6 @@ static void shrink_lruvec(struct lruvec
nr_scanned = targets[lru] - nr[lru];
nr[lru] = targets[lru] * (100 - percentage) / 100;
nr[lru] -= min(nr[lru], nr_scanned);
-
- scan_adjusted = true;
}
blk_finish_plug(&plug);
sc->nr_reclaimed += nr_reclaimed;
^ permalink raw reply [flat|nested] 217+ messages in thread
* [PATCH 5.15 156/206] KVM: x86: nSVM: leave nested mode on vCPU free
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (154 preceding siblings ...)
2022-11-30 18:23 ` [PATCH 5.15 155/206] mm: vmscan: fix extreme overreclaim and swap floods Greg Kroah-Hartman
@ 2022-11-30 18:23 ` Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 5.15 157/206] KVM: x86: forcibly leave nested mode on vCPU reset Greg Kroah-Hartman
` (58 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:23 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Maxim Levitsky, Paolo Bonzini
From: Maxim Levitsky <mlevitsk@redhat.com>
commit 917401f26a6af5756d89b550a8e1bd50cf42b07e upstream.
If the VM was terminated while nested, we free the nested state
while the vCPU still is in nested mode.
Soon a warning will be added for this condition.
Cc: stable@vger.kernel.org
Signed-off-by: Maxim Levitsky <mlevitsk@redhat.com>
Message-Id: <20221103141351.50662-2-mlevitsk@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/kvm/svm/svm.c | 1 +
1 file changed, 1 insertion(+)
--- a/arch/x86/kvm/svm/svm.c
+++ b/arch/x86/kvm/svm/svm.c
@@ -1427,6 +1427,7 @@ static void svm_free_vcpu(struct kvm_vcp
*/
svm_clear_current_vmcb(svm->vmcb);
+ svm_leave_nested(vcpu);
svm_free_nested(svm);
sev_free_vcpu(vcpu);
^ permalink raw reply [flat|nested] 217+ messages in thread
* [PATCH 5.15 157/206] KVM: x86: forcibly leave nested mode on vCPU reset
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (155 preceding siblings ...)
2022-11-30 18:23 ` [PATCH 5.15 156/206] KVM: x86: nSVM: leave nested mode on vCPU free Greg Kroah-Hartman
@ 2022-11-30 18:23 ` Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 5.15 158/206] KVM: x86: nSVM: harden svm_free_nested against freeing vmcb02 while still in use Greg Kroah-Hartman
` (57 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:23 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Maxim Levitsky, Paolo Bonzini
From: Maxim Levitsky <mlevitsk@redhat.com>
commit ed129ec9057f89d615ba0c81a4984a90345a1684 upstream.
While not obivous, kvm_vcpu_reset() leaves the nested mode by clearing
'vcpu->arch.hflags' but it does so without all the required housekeeping.
On SVM, it is possible to have a vCPU reset while in guest mode because
unlike VMX, on SVM, INIT's are not latched in SVM non root mode and in
addition to that L1 doesn't have to intercept triple fault, which should
also trigger L1's reset if happens in L2 while L1 didn't intercept it.
If one of the above conditions happen, KVM will continue to use vmcb02
while not having in the guest mode.
Later the IA32_EFER will be cleared which will lead to freeing of the
nested guest state which will (correctly) free the vmcb02, but since
KVM still uses it (incorrectly) this will lead to a use after free
and kernel crash.
This issue is assigned CVE-2022-3344
Cc: stable@vger.kernel.org
Signed-off-by: Maxim Levitsky <mlevitsk@redhat.com>
Message-Id: <20221103141351.50662-5-mlevitsk@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/kvm/x86.c | 10 ++++++++++
1 file changed, 10 insertions(+)
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -11111,8 +11111,18 @@ void kvm_vcpu_reset(struct kvm_vcpu *vcp
unsigned long new_cr0;
u32 eax, dummy;
+ /*
+ * SVM doesn't unconditionally VM-Exit on INIT and SHUTDOWN, thus it's
+ * possible to INIT the vCPU while L2 is active. Force the vCPU back
+ * into L1 as EFER.SVME is cleared on INIT (along with all other EFER
+ * bits), i.e. virtualization is disabled.
+ */
+ if (is_guest_mode(vcpu))
+ kvm_leave_nested(vcpu);
+
kvm_lapic_reset(vcpu, init_event);
+ WARN_ON_ONCE(is_guest_mode(vcpu) || is_smm(vcpu));
vcpu->arch.hflags = 0;
vcpu->arch.smi_pending = 0;
^ permalink raw reply [flat|nested] 217+ messages in thread
* [PATCH 5.15 158/206] KVM: x86: nSVM: harden svm_free_nested against freeing vmcb02 while still in use
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (156 preceding siblings ...)
2022-11-30 18:23 ` [PATCH 5.15 157/206] KVM: x86: forcibly leave nested mode on vCPU reset Greg Kroah-Hartman
@ 2022-11-30 18:23 ` Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 5.15 159/206] KVM: x86: add kvm_leave_nested Greg Kroah-Hartman
` (56 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:23 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Maxim Levitsky, Paolo Bonzini
From: Maxim Levitsky <mlevitsk@redhat.com>
commit 16ae56d7e0528559bf8dc9070e3bfd8ba3de80df upstream.
Make sure that KVM uses vmcb01 before freeing nested state, and warn if
that is not the case.
This is a minimal fix for CVE-2022-3344 making the kernel print a warning
instead of a kernel panic.
Cc: stable@vger.kernel.org
Signed-off-by: Maxim Levitsky <mlevitsk@redhat.com>
Message-Id: <20221103141351.50662-3-mlevitsk@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/kvm/svm/nested.c | 3 +++
1 file changed, 3 insertions(+)
--- a/arch/x86/kvm/svm/nested.c
+++ b/arch/x86/kvm/svm/nested.c
@@ -919,6 +919,9 @@ void svm_free_nested(struct vcpu_svm *sv
if (!svm->nested.initialized)
return;
+ if (WARN_ON_ONCE(svm->vmcb != svm->vmcb01.ptr))
+ svm_switch_vmcb(svm, &svm->vmcb01);
+
svm_vcpu_free_msrpm(svm->nested.msrpm);
svm->nested.msrpm = NULL;
^ permalink raw reply [flat|nested] 217+ messages in thread
* [PATCH 5.15 159/206] KVM: x86: add kvm_leave_nested
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (157 preceding siblings ...)
2022-11-30 18:23 ` [PATCH 5.15 158/206] KVM: x86: nSVM: harden svm_free_nested against freeing vmcb02 while still in use Greg Kroah-Hartman
@ 2022-11-30 18:23 ` Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 5.15 160/206] KVM: x86: remove exit_int_info warning in svm_handle_exit Greg Kroah-Hartman
` (55 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:23 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Maxim Levitsky, Paolo Bonzini
From: Maxim Levitsky <mlevitsk@redhat.com>
commit f9697df251438b0798780900e8b43bdb12a56d64 upstream.
add kvm_leave_nested which wraps a call to nested_ops->leave_nested
into a function.
Cc: stable@vger.kernel.org
Signed-off-by: Maxim Levitsky <mlevitsk@redhat.com>
Message-Id: <20221103141351.50662-4-mlevitsk@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/kvm/svm/nested.c | 3 ---
arch/x86/kvm/vmx/nested.c | 3 ---
arch/x86/kvm/x86.c | 8 +++++++-
3 files changed, 7 insertions(+), 7 deletions(-)
--- a/arch/x86/kvm/svm/nested.c
+++ b/arch/x86/kvm/svm/nested.c
@@ -940,9 +940,6 @@ void svm_free_nested(struct vcpu_svm *sv
svm->nested.initialized = false;
}
-/*
- * Forcibly leave nested mode in order to be able to reset the VCPU later on.
- */
void svm_leave_nested(struct kvm_vcpu *vcpu)
{
struct vcpu_svm *svm = to_svm(vcpu);
--- a/arch/x86/kvm/vmx/nested.c
+++ b/arch/x86/kvm/vmx/nested.c
@@ -6276,9 +6276,6 @@ out:
return kvm_state.size;
}
-/*
- * Forcibly leave nested mode in order to be able to reset the VCPU later on.
- */
void vmx_leave_nested(struct kvm_vcpu *vcpu)
{
if (is_guest_mode(vcpu)) {
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -608,6 +608,12 @@ void kvm_deliver_exception_payload(struc
}
EXPORT_SYMBOL_GPL(kvm_deliver_exception_payload);
+/* Forcibly leave the nested mode in cases like a vCPU reset */
+static void kvm_leave_nested(struct kvm_vcpu *vcpu)
+{
+ kvm_x86_ops.nested_ops->leave_nested(vcpu);
+}
+
static void kvm_multiple_exception(struct kvm_vcpu *vcpu,
unsigned nr, bool has_error, u32 error_code,
bool has_payload, unsigned long payload, bool reinject)
@@ -4775,7 +4781,7 @@ static int kvm_vcpu_ioctl_x86_set_vcpu_e
if (events->flags & KVM_VCPUEVENT_VALID_SMM) {
if (!!(vcpu->arch.hflags & HF_SMM_MASK) != events->smi.smm) {
- kvm_x86_ops.nested_ops->leave_nested(vcpu);
+ kvm_leave_nested(vcpu);
kvm_smm_changed(vcpu, events->smi.smm);
}
^ permalink raw reply [flat|nested] 217+ messages in thread
* [PATCH 5.15 160/206] KVM: x86: remove exit_int_info warning in svm_handle_exit
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (158 preceding siblings ...)
2022-11-30 18:23 ` [PATCH 5.15 159/206] KVM: x86: add kvm_leave_nested Greg Kroah-Hartman
@ 2022-11-30 18:23 ` Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 5.15 161/206] x86/tsx: Add a feature bit for TSX control MSR support Greg Kroah-Hartman
` (54 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:23 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Maxim Levitsky, Paolo Bonzini
From: Maxim Levitsky <mlevitsk@redhat.com>
commit 05311ce954aebe75935d9ae7d38ac82b5b796e33 upstream.
It is valid to receive external interrupt and have broken IDT entry,
which will lead to #GP with exit_int_into that will contain the index of
the IDT entry (e.g any value).
Other exceptions can happen as well, like #NP or #SS
(if stack switch fails).
Thus this warning can be user triggred and has very little value.
Cc: stable@vger.kernel.org
Signed-off-by: Maxim Levitsky <mlevitsk@redhat.com>
Message-Id: <20221103141351.50662-10-mlevitsk@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/kvm/svm/svm.c | 15 ---------------
1 file changed, 15 deletions(-)
--- a/arch/x86/kvm/svm/svm.c
+++ b/arch/x86/kvm/svm/svm.c
@@ -317,12 +317,6 @@ int svm_set_efer(struct kvm_vcpu *vcpu,
return 0;
}
-static int is_external_interrupt(u32 info)
-{
- info &= SVM_EVTINJ_TYPE_MASK | SVM_EVTINJ_VALID;
- return info == (SVM_EVTINJ_VALID | SVM_EVTINJ_TYPE_INTR);
-}
-
static u32 svm_get_interrupt_shadow(struct kvm_vcpu *vcpu)
{
struct vcpu_svm *svm = to_svm(vcpu);
@@ -3360,15 +3354,6 @@ static int handle_exit(struct kvm_vcpu *
return 0;
}
- if (is_external_interrupt(svm->vmcb->control.exit_int_info) &&
- exit_code != SVM_EXIT_EXCP_BASE + PF_VECTOR &&
- exit_code != SVM_EXIT_NPF && exit_code != SVM_EXIT_TASK_SWITCH &&
- exit_code != SVM_EXIT_INTR && exit_code != SVM_EXIT_NMI)
- printk(KERN_ERR "%s: unexpected exit_int_info 0x%x "
- "exit_code 0x%x\n",
- __func__, svm->vmcb->control.exit_int_info,
- exit_code);
-
if (exit_fastpath != EXIT_FASTPATH_NONE)
return 1;
^ permalink raw reply [flat|nested] 217+ messages in thread
* [PATCH 5.15 161/206] x86/tsx: Add a feature bit for TSX control MSR support
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (159 preceding siblings ...)
2022-11-30 18:23 ` [PATCH 5.15 160/206] KVM: x86: remove exit_int_info warning in svm_handle_exit Greg Kroah-Hartman
@ 2022-11-30 18:23 ` Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 5.15 162/206] x86/pm: Add enumeration check before spec MSRs save/restore setup Greg Kroah-Hartman
` (53 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:23 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Andrew Cooper, Pawan Gupta,
Borislav Petkov, Dave Hansen, stable
From: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
commit aaa65d17eec372c6a9756833f3964ba05b05ea14 upstream.
Support for the TSX control MSR is enumerated in MSR_IA32_ARCH_CAPABILITIES.
This is different from how other CPU features are enumerated i.e. via
CPUID. Currently, a call to tsx_ctrl_is_supported() is required for
enumerating the feature. In the absence of a feature bit for TSX control,
any code that relies on checking feature bits directly will not work.
In preparation for adding a feature bit check in MSR save/restore
during suspend/resume, set a new feature bit X86_FEATURE_TSX_CTRL when
MSR_IA32_TSX_CTRL is present. Also make tsx_ctrl_is_supported() use the
new feature bit to avoid any overhead of reading the MSR.
[ bp: Remove tsx_ctrl_is_supported(), add room for two more feature
bits in word 11 which are coming up in the next merge window. ]
Suggested-by: Andrew Cooper <andrew.cooper3@citrix.com>
Signed-off-by: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
Signed-off-by: Borislav Petkov <bp@suse.de>
Reviewed-by: Dave Hansen <dave.hansen@linux.intel.com>
Cc: <stable@kernel.org>
Link: https://lore.kernel.org/r/de619764e1d98afbb7a5fa58424f1278ede37b45.1668539735.git.pawan.kumar.gupta@linux.intel.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/include/asm/cpufeatures.h | 3 ++
arch/x86/kernel/cpu/tsx.c | 38 ++++++++++++++++---------------------
2 files changed, 20 insertions(+), 21 deletions(-)
--- a/arch/x86/include/asm/cpufeatures.h
+++ b/arch/x86/include/asm/cpufeatures.h
@@ -303,6 +303,9 @@
#define X86_FEATURE_USE_IBPB_FW (11*32+16) /* "" Use IBPB during runtime firmware calls */
#define X86_FEATURE_RSB_VMEXIT_LITE (11*32+17) /* "" Fill RSB on VM exit when EIBRS is enabled */
+
+#define X86_FEATURE_MSR_TSX_CTRL (11*32+20) /* "" MSR IA32_TSX_CTRL (Intel) implemented */
+
/* Intel-defined CPU features, CPUID level 0x00000007:1 (EAX), word 12 */
#define X86_FEATURE_AVX_VNNI (12*32+ 4) /* AVX VNNI instructions */
#define X86_FEATURE_AVX512_BF16 (12*32+ 5) /* AVX512 BFLOAT16 instructions */
--- a/arch/x86/kernel/cpu/tsx.c
+++ b/arch/x86/kernel/cpu/tsx.c
@@ -58,24 +58,6 @@ static void tsx_enable(void)
wrmsrl(MSR_IA32_TSX_CTRL, tsx);
}
-static bool tsx_ctrl_is_supported(void)
-{
- u64 ia32_cap = x86_read_arch_cap_msr();
-
- /*
- * TSX is controlled via MSR_IA32_TSX_CTRL. However, support for this
- * MSR is enumerated by ARCH_CAP_TSX_MSR bit in MSR_IA32_ARCH_CAPABILITIES.
- *
- * TSX control (aka MSR_IA32_TSX_CTRL) is only available after a
- * microcode update on CPUs that have their MSR_IA32_ARCH_CAPABILITIES
- * bit MDS_NO=1. CPUs with MDS_NO=0 are not planned to get
- * MSR_IA32_TSX_CTRL support even after a microcode update. Thus,
- * tsx= cmdline requests will do nothing on CPUs without
- * MSR_IA32_TSX_CTRL support.
- */
- return !!(ia32_cap & ARCH_CAP_TSX_CTRL_MSR);
-}
-
static enum tsx_ctrl_states x86_get_tsx_auto_mode(void)
{
if (boot_cpu_has_bug(X86_BUG_TAA))
@@ -135,7 +117,7 @@ static void tsx_clear_cpuid(void)
rdmsrl(MSR_TSX_FORCE_ABORT, msr);
msr |= MSR_TFA_TSX_CPUID_CLEAR;
wrmsrl(MSR_TSX_FORCE_ABORT, msr);
- } else if (tsx_ctrl_is_supported()) {
+ } else if (cpu_feature_enabled(X86_FEATURE_MSR_TSX_CTRL)) {
rdmsrl(MSR_IA32_TSX_CTRL, msr);
msr |= TSX_CTRL_CPUID_CLEAR;
wrmsrl(MSR_IA32_TSX_CTRL, msr);
@@ -158,7 +140,8 @@ static void tsx_dev_mode_disable(void)
u64 mcu_opt_ctrl;
/* Check if RTM_ALLOW exists */
- if (!boot_cpu_has_bug(X86_BUG_TAA) || !tsx_ctrl_is_supported() ||
+ if (!boot_cpu_has_bug(X86_BUG_TAA) ||
+ !cpu_feature_enabled(X86_FEATURE_MSR_TSX_CTRL) ||
!cpu_feature_enabled(X86_FEATURE_SRBDS_CTRL))
return;
@@ -191,7 +174,20 @@ void __init tsx_init(void)
return;
}
- if (!tsx_ctrl_is_supported()) {
+ /*
+ * TSX is controlled via MSR_IA32_TSX_CTRL. However, support for this
+ * MSR is enumerated by ARCH_CAP_TSX_MSR bit in MSR_IA32_ARCH_CAPABILITIES.
+ *
+ * TSX control (aka MSR_IA32_TSX_CTRL) is only available after a
+ * microcode update on CPUs that have their MSR_IA32_ARCH_CAPABILITIES
+ * bit MDS_NO=1. CPUs with MDS_NO=0 are not planned to get
+ * MSR_IA32_TSX_CTRL support even after a microcode update. Thus,
+ * tsx= cmdline requests will do nothing on CPUs without
+ * MSR_IA32_TSX_CTRL support.
+ */
+ if (x86_read_arch_cap_msr() & ARCH_CAP_TSX_CTRL_MSR) {
+ setup_force_cpu_cap(X86_FEATURE_MSR_TSX_CTRL);
+ } else {
tsx_ctrl_state = TSX_CTRL_NOT_SUPPORTED;
return;
}
^ permalink raw reply [flat|nested] 217+ messages in thread
* [PATCH 5.15 162/206] x86/pm: Add enumeration check before spec MSRs save/restore setup
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (160 preceding siblings ...)
2022-11-30 18:23 ` [PATCH 5.15 161/206] x86/tsx: Add a feature bit for TSX control MSR support Greg Kroah-Hartman
@ 2022-11-30 18:23 ` Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 5.15 163/206] x86/ioremap: Fix page aligned size calculation in __ioremap_caller() Greg Kroah-Hartman
` (52 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:23 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Hans de Goede, Pawan Gupta,
Borislav Petkov, Dave Hansen, Rafael J. Wysocki, stable
From: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
commit 50bcceb7724e471d9b591803889df45dcbb584bc upstream.
pm_save_spec_msr() keeps a list of all the MSRs which _might_ need
to be saved and restored at hibernate and resume. However, it has
zero awareness of CPU support for these MSRs. It mostly works by
unconditionally attempting to manipulate these MSRs and relying on
rdmsrl_safe() being able to handle a #GP on CPUs where the support is
unavailable.
However, it's possible for reads (RDMSR) to be supported for a given MSR
while writes (WRMSR) are not. In this case, msr_build_context() sees
a successful read (RDMSR) and marks the MSR as valid. Then, later, a
write (WRMSR) fails, producing a nasty (but harmless) error message.
This causes restore_processor_state() to try and restore it, but writing
this MSR is not allowed on the Intel Atom N2600 leading to:
unchecked MSR access error: WRMSR to 0x122 (tried to write 0x0000000000000002) \
at rIP: 0xffffffff8b07a574 (native_write_msr+0x4/0x20)
Call Trace:
<TASK>
restore_processor_state
x86_acpi_suspend_lowlevel
acpi_suspend_enter
suspend_devices_and_enter
pm_suspend.cold
state_store
kernfs_fop_write_iter
vfs_write
ksys_write
do_syscall_64
? do_syscall_64
? up_read
? lock_is_held_type
? asm_exc_page_fault
? lockdep_hardirqs_on
entry_SYSCALL_64_after_hwframe
To fix this, add the corresponding X86_FEATURE bit for each MSR. Avoid
trying to manipulate the MSR when the feature bit is clear. This
required adding a X86_FEATURE bit for MSRs that do not have one already,
but it's a small price to pay.
[ bp: Move struct msr_enumeration inside the only function that uses it. ]
Fixes: 73924ec4d560 ("x86/pm: Save the MSR validity status at context setup")
Reported-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
Signed-off-by: Borislav Petkov <bp@suse.de>
Reviewed-by: Dave Hansen <dave.hansen@linux.intel.com>
Acked-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Cc: <stable@kernel.org>
Link: https://lore.kernel.org/r/c24db75d69df6e66c0465e13676ad3f2837a2ed8.1668539735.git.pawan.kumar.gupta@linux.intel.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/power/cpu.c | 23 +++++++++++++++--------
1 file changed, 15 insertions(+), 8 deletions(-)
--- a/arch/x86/power/cpu.c
+++ b/arch/x86/power/cpu.c
@@ -513,16 +513,23 @@ static int pm_cpu_check(const struct x86
static void pm_save_spec_msr(void)
{
- u32 spec_msr_id[] = {
- MSR_IA32_SPEC_CTRL,
- MSR_IA32_TSX_CTRL,
- MSR_TSX_FORCE_ABORT,
- MSR_IA32_MCU_OPT_CTRL,
- MSR_AMD64_LS_CFG,
- MSR_AMD64_DE_CFG,
+ struct msr_enumeration {
+ u32 msr_no;
+ u32 feature;
+ } msr_enum[] = {
+ { MSR_IA32_SPEC_CTRL, X86_FEATURE_MSR_SPEC_CTRL },
+ { MSR_IA32_TSX_CTRL, X86_FEATURE_MSR_TSX_CTRL },
+ { MSR_TSX_FORCE_ABORT, X86_FEATURE_TSX_FORCE_ABORT },
+ { MSR_IA32_MCU_OPT_CTRL, X86_FEATURE_SRBDS_CTRL },
+ { MSR_AMD64_LS_CFG, X86_FEATURE_LS_CFG_SSBD },
+ { MSR_AMD64_DE_CFG, X86_FEATURE_LFENCE_RDTSC },
};
+ int i;
- msr_build_context(spec_msr_id, ARRAY_SIZE(spec_msr_id));
+ for (i = 0; i < ARRAY_SIZE(msr_enum); i++) {
+ if (boot_cpu_has(msr_enum[i].feature))
+ msr_build_context(&msr_enum[i].msr_no, 1);
+ }
}
static int pm_check_save_msr(void)
^ permalink raw reply [flat|nested] 217+ messages in thread
* [PATCH 5.15 163/206] x86/ioremap: Fix page aligned size calculation in __ioremap_caller()
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (161 preceding siblings ...)
2022-11-30 18:23 ` [PATCH 5.15 162/206] x86/pm: Add enumeration check before spec MSRs save/restore setup Greg Kroah-Hartman
@ 2022-11-30 18:23 ` Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 5.15 164/206] Input: synaptics - switch touchpad on HP Laptop 15-da3001TU to RMI mode Greg Kroah-Hartman
` (51 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:23 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Michael Kelley, Borislav Petkov,
Dave Hansen, stable
From: Michael Kelley <mikelley@microsoft.com>
commit 4dbd6a3e90e03130973688fd79e19425f720d999 upstream.
Current code re-calculates the size after aligning the starting and
ending physical addresses on a page boundary. But the re-calculation
also embeds the masking of high order bits that exceed the size of
the physical address space (via PHYSICAL_PAGE_MASK). If the masking
removes any high order bits, the size calculation results in a huge
value that is likely to immediately fail.
Fix this by re-calculating the page-aligned size first. Then mask any
high order bits using PHYSICAL_PAGE_MASK.
Fixes: ffa71f33a820 ("x86, ioremap: Fix incorrect physical address handling in PAE mode")
Signed-off-by: Michael Kelley <mikelley@microsoft.com>
Signed-off-by: Borislav Petkov <bp@suse.de>
Acked-by: Dave Hansen <dave.hansen@linux.intel.com>
Cc: <stable@kernel.org>
Link: https://lore.kernel.org/r/1668624097-14884-2-git-send-email-mikelley@microsoft.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/mm/ioremap.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
--- a/arch/x86/mm/ioremap.c
+++ b/arch/x86/mm/ioremap.c
@@ -216,9 +216,15 @@ __ioremap_caller(resource_size_t phys_ad
* Mappings have to be page-aligned
*/
offset = phys_addr & ~PAGE_MASK;
- phys_addr &= PHYSICAL_PAGE_MASK;
+ phys_addr &= PAGE_MASK;
size = PAGE_ALIGN(last_addr+1) - phys_addr;
+ /*
+ * Mask out any bits not part of the actual physical
+ * address, like memory encryption bits.
+ */
+ phys_addr &= PHYSICAL_PAGE_MASK;
+
retval = memtype_reserve(phys_addr, (u64)phys_addr + size,
pcm, &new_pcm);
if (retval) {
^ permalink raw reply [flat|nested] 217+ messages in thread
* [PATCH 5.15 164/206] Input: synaptics - switch touchpad on HP Laptop 15-da3001TU to RMI mode
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (162 preceding siblings ...)
2022-11-30 18:23 ` [PATCH 5.15 163/206] x86/ioremap: Fix page aligned size calculation in __ioremap_caller() Greg Kroah-Hartman
@ 2022-11-30 18:23 ` Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 5.15 165/206] ASoC: Intel: bytcht_es8316: Add quirk for the Nanote UMPC-01 Greg Kroah-Hartman
` (50 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:23 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Aman Dhoot, Dmitry Torokhov, Sasha Levin
From: Aman Dhoot <amandhoot12@gmail.com>
[ Upstream commit ac5408991ea6b06e29129b4d4861097c4c3e0d59 ]
The device works fine in native RMI mode, there is no reason to use legacy
PS/2 mode with it.
Signed-off-by: Aman Dhoot <amandhoot12@gmail.com>
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/input/mouse/synaptics.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/input/mouse/synaptics.c b/drivers/input/mouse/synaptics.c
index ffad142801b3..973a4c1d5d09 100644
--- a/drivers/input/mouse/synaptics.c
+++ b/drivers/input/mouse/synaptics.c
@@ -191,6 +191,7 @@ static const char * const smbus_pnp_ids[] = {
"SYN3221", /* HP 15-ay000 */
"SYN323d", /* HP Spectre X360 13-w013dx */
"SYN3257", /* HP Envy 13-ad105ng */
+ "SYN3286", /* HP Laptop 15-da3001TU */
NULL
};
--
2.35.1
^ permalink raw reply related [flat|nested] 217+ messages in thread
* [PATCH 5.15 165/206] ASoC: Intel: bytcht_es8316: Add quirk for the Nanote UMPC-01
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (163 preceding siblings ...)
2022-11-30 18:23 ` [PATCH 5.15 164/206] Input: synaptics - switch touchpad on HP Laptop 15-da3001TU to RMI mode Greg Kroah-Hartman
@ 2022-11-30 18:23 ` Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 5.15 166/206] tools: iio: iio_generic_buffer: Fix read size Greg Kroah-Hartman
` (49 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:23 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Hans de Goede, Pierre-Louis Bossart,
Mark Brown, Sasha Levin
From: Hans de Goede <hdegoede@redhat.com>
[ Upstream commit 8bb0ac0e6f64ebdf15d963c26b028de391c9bcf9 ]
The Nanote UMPC-01 mini laptop has stereo speakers, while the default
bytcht_es8316 settings assume a mono speaker setup. Add a quirk for this.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Acked-by: Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
Link: https://lore.kernel.org/r/20221025140942.509066-1-hdegoede@redhat.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/intel/boards/bytcht_es8316.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/sound/soc/intel/boards/bytcht_es8316.c b/sound/soc/intel/boards/bytcht_es8316.c
index 4d313d0d0f23..950457bcc28f 100644
--- a/sound/soc/intel/boards/bytcht_es8316.c
+++ b/sound/soc/intel/boards/bytcht_es8316.c
@@ -443,6 +443,13 @@ static const struct dmi_system_id byt_cht_es8316_quirk_table[] = {
| BYT_CHT_ES8316_INTMIC_IN2_MAP
| BYT_CHT_ES8316_JD_INVERTED),
},
+ { /* Nanote UMPC-01 */
+ .matches = {
+ DMI_MATCH(DMI_SYS_VENDOR, "RWC CO.,LTD"),
+ DMI_MATCH(DMI_PRODUCT_NAME, "UMPC-01"),
+ },
+ .driver_data = (void *)BYT_CHT_ES8316_INTMIC_IN1_MAP,
+ },
{ /* Teclast X98 Plus II */
.matches = {
DMI_MATCH(DMI_SYS_VENDOR, "TECLAST"),
--
2.35.1
^ permalink raw reply related [flat|nested] 217+ messages in thread
* [PATCH 5.15 166/206] tools: iio: iio_generic_buffer: Fix read size
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (164 preceding siblings ...)
2022-11-30 18:23 ` [PATCH 5.15 165/206] ASoC: Intel: bytcht_es8316: Add quirk for the Nanote UMPC-01 Greg Kroah-Hartman
@ 2022-11-30 18:23 ` Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 5.15 167/206] serial: 8250: 8250_omap: Avoid RS485 RTS glitch on ->set_termios() Greg Kroah-Hartman
` (48 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:23 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Matti Vaittinen, Jonathan Cameron,
Sasha Levin
From: Matti Vaittinen <mazziesaccount@gmail.com>
[ Upstream commit 7c919b619bcc68158921b1bd968f0e704549bbb6 ]
When noevents is true and small buffer is used the allocated memory for
holding the data may be smaller than the hard-coded 64 bytes. This can
cause the iio_generic_buffer to crash.
Following was recorded on beagle bone black with v6.0 kernel and the
digit fix patch:
https://lore.kernel.org/all/Y0f+tKCz+ZAIoroQ@dc75zzyyyyyyyyyyyyycy-3.rev.dnainternet.fi/
using valgrind;
==339== Using Valgrind-3.18.1 and LibVEX; rerun with -h for copyright info
==339== Command: /iio_generic_buffer -n kx022-accel -T0 -e -l 10 -a -w 2000000
==339== Parent PID: 307
==339==
==339== Syscall param read(buf) points to unaddressable byte(s)
==339== at 0x496BFA4: read (read.c:26)
==339== by 0x11699: main (iio_generic_buffer.c:724)
==339== Address 0x4ab3518 is 0 bytes after a block of size 160 alloc'd
==339== at 0x4864B70: malloc (vg_replace_malloc.c:381)
==339== by 0x115BB: main (iio_generic_buffer.c:677)
Fix this by always using the same size for reading as was used for
data storage allocation.
Signed-off-by: Matti Vaittinen <mazziesaccount@gmail.com>
Link: https://lore.kernel.org/r/Y0kMh0t5qUXJw3nQ@dc75zzyyyyyyyyyyyyycy-3.rev.dnainternet.fi
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/iio/iio_generic_buffer.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/tools/iio/iio_generic_buffer.c b/tools/iio/iio_generic_buffer.c
index 2491c54a5e4f..f8deae4e26a1 100644
--- a/tools/iio/iio_generic_buffer.c
+++ b/tools/iio/iio_generic_buffer.c
@@ -715,12 +715,12 @@ int main(int argc, char **argv)
continue;
}
- toread = buf_len;
} else {
usleep(timedelay);
- toread = 64;
}
+ toread = buf_len;
+
read_size = read(buf_fd, data, toread * scan_size);
if (read_size < 0) {
if (errno == EAGAIN) {
--
2.35.1
^ permalink raw reply related [flat|nested] 217+ messages in thread
* [PATCH 5.15 167/206] serial: 8250: 8250_omap: Avoid RS485 RTS glitch on ->set_termios()
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (165 preceding siblings ...)
2022-11-30 18:23 ` [PATCH 5.15 166/206] tools: iio: iio_generic_buffer: Fix read size Greg Kroah-Hartman
@ 2022-11-30 18:23 ` Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 5.15 168/206] Input: goodix - try resetting the controller when no config is set Greg Kroah-Hartman
` (47 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:23 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Jan Kiszka, Su Bao Cheng,
Matthias Schiffer, Lukas Wunner, Sasha Levin
From: Lukas Wunner <lukas@wunner.de>
[ Upstream commit 038ee49fef18710bedd38b531d173ccd746b2d8d ]
RS485-enabled UART ports on TI Sitara SoCs with active-low polarity
exhibit a Transmit Enable glitch on ->set_termios():
omap8250_restore_regs(), which is called from omap_8250_set_termios(),
sets the TCRTLR bit in the MCR register and clears all other bits,
including RTS. If RTS uses active-low polarity, it is now asserted
for no reason.
The TCRTLR bit is subsequently cleared by writing up->mcr to the MCR
register. That variable is always zero, so the RTS bit is still cleared
(incorrectly so if RTS is active-high).
(up->mcr is not, as one might think, a cache of the MCR register's
current value. Rather, it only caches a single bit of that register,
the AFE bit. And it only does so if the UART supports the AFE bit,
which OMAP does not. For details see serial8250_do_set_termios() and
serial8250_do_set_mctrl().)
Finally at the end of omap8250_restore_regs(), the MCR register is
restored (and RTS deasserted) by a call to up->port.ops->set_mctrl()
(which equals serial8250_set_mctrl()) and serial8250_em485_stop_tx().
So there's an RTS glitch between setting TCRTLR and calling
serial8250_em485_stop_tx(). Avoid by using a read-modify-write
when setting TCRTLR.
While at it, drop a redundant initialization of up->mcr. As explained
above, the variable isn't used by the driver and it is already
initialized to zero because it is part of the static struct
serial8250_ports[] declared in 8250_core.c. (Static structs are
initialized to zero per section 6.7.8 nr. 10 of the C99 standard.)
Cc: Jan Kiszka <jan.kiszka@siemens.com>
Cc: Su Bao Cheng <baocheng.su@siemens.com>
Tested-by: Matthias Schiffer <matthias.schiffer@ew.tq-group.com>
Signed-off-by: Lukas Wunner <lukas@wunner.de>
Link: https://lore.kernel.org/r/6554b0241a2c7fd50f32576fdbafed96709e11e8.1664278942.git.lukas@wunner.de
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/tty/serial/8250/8250_omap.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/drivers/tty/serial/8250/8250_omap.c b/drivers/tty/serial/8250/8250_omap.c
index 469fdb91830e..078a7028ee5a 100644
--- a/drivers/tty/serial/8250/8250_omap.c
+++ b/drivers/tty/serial/8250/8250_omap.c
@@ -293,6 +293,7 @@ static void omap8250_restore_regs(struct uart_8250_port *up)
{
struct omap8250_priv *priv = up->port.private_data;
struct uart_8250_dma *dma = up->dma;
+ u8 mcr = serial8250_in_MCR(up);
if (dma && dma->tx_running) {
/*
@@ -309,7 +310,7 @@ static void omap8250_restore_regs(struct uart_8250_port *up)
serial_out(up, UART_EFR, UART_EFR_ECB);
serial_out(up, UART_LCR, UART_LCR_CONF_MODE_A);
- serial8250_out_MCR(up, UART_MCR_TCRTLR);
+ serial8250_out_MCR(up, mcr | UART_MCR_TCRTLR);
serial_out(up, UART_FCR, up->fcr);
omap8250_update_scr(up, priv);
@@ -325,7 +326,8 @@ static void omap8250_restore_regs(struct uart_8250_port *up)
serial_out(up, UART_LCR, 0);
/* drop TCR + TLR access, we setup XON/XOFF later */
- serial8250_out_MCR(up, up->mcr);
+ serial8250_out_MCR(up, mcr);
+
serial_out(up, UART_IER, up->ier);
serial_out(up, UART_LCR, UART_LCR_CONF_MODE_B);
@@ -684,7 +686,6 @@ static int omap_8250_startup(struct uart_port *port)
pm_runtime_get_sync(port->dev);
- up->mcr = 0;
serial_out(up, UART_FCR, UART_FCR_CLEAR_RCVR | UART_FCR_CLEAR_XMIT);
serial_out(up, UART_LCR, UART_LCR_WLEN8);
--
2.35.1
^ permalink raw reply related [flat|nested] 217+ messages in thread
* [PATCH 5.15 168/206] Input: goodix - try resetting the controller when no config is set
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (166 preceding siblings ...)
2022-11-30 18:23 ` [PATCH 5.15 167/206] serial: 8250: 8250_omap: Avoid RS485 RTS glitch on ->set_termios() Greg Kroah-Hartman
@ 2022-11-30 18:23 ` Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 5.15 169/206] Input: soc_button_array - add use_low_level_irq module parameter Greg Kroah-Hartman
` (46 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:23 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Hans de Goede, Bastien Nocera,
Dmitry Torokhov, Sasha Levin
From: Hans de Goede <hdegoede@redhat.com>
[ Upstream commit c7e37cc6240767f794678d11704935d49cc81d59 ]
On ACPI systems (irq_pin_access_method == IRQ_PIN_ACCESS_ACPI_*) the driver
does not reset the controller at probe time, because sometimes the system
firmware loads a config and resetting might loose this config.
On the Nanote UMPC-01 device OTOH the config is in flash of the controller,
the controller needs a reset to load this; and the system firmware does not
reset the controller on a cold boot.
To fix the Nanote UMPC-01 touchscreen not working on a cold boot, try
resetting the controller and then re-reading the config when encountering
a config with 0 width/height/max_touch_num value and the controller has
not already been reset by goodix_ts_probe().
This should be safe to do in general because normally we should never
encounter a config with 0 width/height/max_touch_num. Doing this in
general not only avoids the need for a DMI quirk, but also might help
other systems.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Reviewed-by: Bastien Nocera <hadess@hadess.net>
Link: https://lore.kernel.org/r/20221025122930.421377-2-hdegoede@redhat.com
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/input/touchscreen/goodix.c | 11 +++++++++++
1 file changed, 11 insertions(+)
diff --git a/drivers/input/touchscreen/goodix.c b/drivers/input/touchscreen/goodix.c
index 9a9deea51163..0b513fcd51d1 100644
--- a/drivers/input/touchscreen/goodix.c
+++ b/drivers/input/touchscreen/goodix.c
@@ -1039,6 +1039,7 @@ static int goodix_configure_dev(struct goodix_ts_data *ts)
input_set_abs_params(ts->input_dev, ABS_MT_WIDTH_MAJOR, 0, 255, 0, 0);
input_set_abs_params(ts->input_dev, ABS_MT_TOUCH_MAJOR, 0, 255, 0, 0);
+retry_read_config:
/* Read configuration and apply touchscreen parameters */
goodix_read_config(ts);
@@ -1046,6 +1047,16 @@ static int goodix_configure_dev(struct goodix_ts_data *ts)
touchscreen_parse_properties(ts->input_dev, true, &ts->prop);
if (!ts->prop.max_x || !ts->prop.max_y || !ts->max_touch_num) {
+ if (!ts->reset_controller_at_probe &&
+ ts->irq_pin_access_method != IRQ_PIN_ACCESS_NONE) {
+ dev_info(&ts->client->dev, "Config not set, resetting controller\n");
+ /* Retry after a controller reset */
+ ts->reset_controller_at_probe = true;
+ error = goodix_reset(ts);
+ if (error)
+ return error;
+ goto retry_read_config;
+ }
dev_err(&ts->client->dev,
"Invalid config (%d, %d, %d), using defaults\n",
ts->prop.max_x, ts->prop.max_y, ts->max_touch_num);
--
2.35.1
^ permalink raw reply related [flat|nested] 217+ messages in thread
* [PATCH 5.15 169/206] Input: soc_button_array - add use_low_level_irq module parameter
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (167 preceding siblings ...)
2022-11-30 18:23 ` [PATCH 5.15 168/206] Input: goodix - try resetting the controller when no config is set Greg Kroah-Hartman
@ 2022-11-30 18:23 ` Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 5.15 170/206] Input: soc_button_array - add Acer Switch V 10 to dmi_use_low_level_irq[] Greg Kroah-Hartman
` (45 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:23 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Hans de Goede, Dmitry Torokhov, Sasha Levin
From: Hans de Goede <hdegoede@redhat.com>
[ Upstream commit 8e9ada1d0e72b4737df400fe1bba48dc42a68df7 ]
It seems that the Windows drivers for the ACPI0011 soc_button_array
device use low level triggered IRQs rather then using edge triggering.
Some ACPI tables depend on this, directly poking the GPIO controller's
registers to clear the trigger type when closing a laptop's/2-in-1's lid
and re-instating the trigger when opening the lid again.
Linux sets the edge/level on which to trigger to both low+high since
it is using edge type IRQs, the ACPI tables then ends up also setting
the bit for level IRQs and since both low and high level have been
selected by Linux we get an IRQ storm leading to soft lockups.
As a workaround for this the soc_button_array already contains
a DMI quirk table with device models known to have this issue.
Add a module parameter for this so that users can easily test if their
device is affected too and so that they can use the module parameter
as a workaround.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Link: https://lore.kernel.org/r/20221106215320.67109-1-hdegoede@redhat.com
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/input/misc/soc_button_array.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/drivers/input/misc/soc_button_array.c b/drivers/input/misc/soc_button_array.c
index efffcf0ebd3b..46ba8218de99 100644
--- a/drivers/input/misc/soc_button_array.c
+++ b/drivers/input/misc/soc_button_array.c
@@ -18,6 +18,10 @@
#include <linux/gpio.h>
#include <linux/platform_device.h>
+static bool use_low_level_irq;
+module_param(use_low_level_irq, bool, 0444);
+MODULE_PARM_DESC(use_low_level_irq, "Use low-level triggered IRQ instead of edge triggered");
+
struct soc_button_info {
const char *name;
int acpi_index;
@@ -164,7 +168,8 @@ soc_button_device_create(struct platform_device *pdev,
}
/* See dmi_use_low_level_irq[] comment */
- if (!autorepeat && dmi_check_system(dmi_use_low_level_irq)) {
+ if (!autorepeat && (use_low_level_irq ||
+ dmi_check_system(dmi_use_low_level_irq))) {
irq_set_irq_type(irq, IRQ_TYPE_LEVEL_LOW);
gpio_keys[n_buttons].irq = irq;
gpio_keys[n_buttons].gpio = -ENOENT;
--
2.35.1
^ permalink raw reply related [flat|nested] 217+ messages in thread
* [PATCH 5.15 170/206] Input: soc_button_array - add Acer Switch V 10 to dmi_use_low_level_irq[]
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (168 preceding siblings ...)
2022-11-30 18:23 ` [PATCH 5.15 169/206] Input: soc_button_array - add use_low_level_irq module parameter Greg Kroah-Hartman
@ 2022-11-30 18:23 ` Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 5.15 171/206] Input: i8042 - apply probe defer to more ASUS ZenBook models Greg Kroah-Hartman
` (44 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:23 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Hans de Goede, Dmitry Torokhov, Sasha Levin
From: Hans de Goede <hdegoede@redhat.com>
[ Upstream commit e13757f52496444b994a7ac67b6e517a15d89bbc ]
Like on the Acer Switch 10 SW5-012, the Acer Switch V 10 SW5-017's _LID
method messes with home- and power-button GPIO IRQ settings, causing an
IRQ storm.
Add a quirk entry for the Acer Switch V 10 to the dmi_use_low_level_irq[]
DMI quirk list, to use low-level IRQs on this model, fixing the IRQ storm.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Link: https://lore.kernel.org/r/20221106215320.67109-2-hdegoede@redhat.com
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/input/misc/soc_button_array.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/drivers/input/misc/soc_button_array.c b/drivers/input/misc/soc_button_array.c
index 46ba8218de99..31c02c2019c1 100644
--- a/drivers/input/misc/soc_button_array.c
+++ b/drivers/input/misc/soc_button_array.c
@@ -77,6 +77,13 @@ static const struct dmi_system_id dmi_use_low_level_irq[] = {
DMI_MATCH(DMI_PRODUCT_NAME, "Aspire SW5-012"),
},
},
+ {
+ /* Acer Switch V 10 SW5-017, same issue as Acer Switch 10 SW5-012. */
+ .matches = {
+ DMI_MATCH(DMI_SYS_VENDOR, "Acer"),
+ DMI_MATCH(DMI_PRODUCT_NAME, "SW5-017"),
+ },
+ },
{
/*
* Acer One S1003. _LID method messes with power-button GPIO
--
2.35.1
^ permalink raw reply related [flat|nested] 217+ messages in thread
* [PATCH 5.15 171/206] Input: i8042 - apply probe defer to more ASUS ZenBook models
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (169 preceding siblings ...)
2022-11-30 18:23 ` [PATCH 5.15 170/206] Input: soc_button_array - add Acer Switch V 10 to dmi_use_low_level_irq[] Greg Kroah-Hartman
@ 2022-11-30 18:23 ` Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 5.15 172/206] ASoC: stm32: dfsdm: manage cb buffers cleanup Greg Kroah-Hartman
` (43 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:23 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Takashi Iwai, Dmitry Torokhov, Sasha Levin
From: Takashi Iwai <tiwai@suse.de>
[ Upstream commit 26c263bf1847d4dadba016a0457c4c5f446407bf ]
There are yet a few more ASUS ZenBook models that require the deferred
probe. At least, there are different ZenBook UX325x and UX425x
models. Let's extend the DMI matching table entries for adapting
those missing models.
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Link: https://lore.kernel.org/r/20221108142027.28480-1-tiwai@suse.de
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/input/serio/i8042-x86ia64io.h | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/drivers/input/serio/i8042-x86ia64io.h b/drivers/input/serio/i8042-x86ia64io.h
index 4b0201cf71f5..3a41ac9af2e7 100644
--- a/drivers/input/serio/i8042-x86ia64io.h
+++ b/drivers/input/serio/i8042-x86ia64io.h
@@ -114,18 +114,18 @@ static const struct dmi_system_id i8042_dmi_quirk_table[] __initconst = {
.driver_data = (void *)(SERIO_QUIRK_NOMUX | SERIO_QUIRK_RESET_NEVER)
},
{
- /* ASUS ZenBook UX425UA */
+ /* ASUS ZenBook UX425UA/QA */
.matches = {
DMI_MATCH(DMI_SYS_VENDOR, "ASUSTeK COMPUTER INC."),
- DMI_MATCH(DMI_PRODUCT_NAME, "ZenBook UX425UA"),
+ DMI_MATCH(DMI_PRODUCT_NAME, "ZenBook UX425"),
},
.driver_data = (void *)(SERIO_QUIRK_PROBE_DEFER | SERIO_QUIRK_RESET_NEVER)
},
{
- /* ASUS ZenBook UM325UA */
+ /* ASUS ZenBook UM325UA/QA */
.matches = {
DMI_MATCH(DMI_SYS_VENDOR, "ASUSTeK COMPUTER INC."),
- DMI_MATCH(DMI_PRODUCT_NAME, "ZenBook UX325UA_UM325UA"),
+ DMI_MATCH(DMI_PRODUCT_NAME, "ZenBook UX325"),
},
.driver_data = (void *)(SERIO_QUIRK_PROBE_DEFER | SERIO_QUIRK_RESET_NEVER)
},
--
2.35.1
^ permalink raw reply related [flat|nested] 217+ messages in thread
* [PATCH 5.15 172/206] ASoC: stm32: dfsdm: manage cb buffers cleanup
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (170 preceding siblings ...)
2022-11-30 18:23 ` [PATCH 5.15 171/206] Input: i8042 - apply probe defer to more ASUS ZenBook models Greg Kroah-Hartman
@ 2022-11-30 18:23 ` Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 5.15 173/206] xen-pciback: Allow setting PCI_MSIX_FLAGS_MASKALL too Greg Kroah-Hartman
` (42 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:23 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Olivier Moysan, Mark Brown, Sasha Levin
From: Olivier Moysan <olivier.moysan@foss.st.com>
[ Upstream commit 7d945b046be3d2605dbb1806e73095aadd7ae129 ]
Ensure that resources allocated by iio_channel_get_all_cb()
are released on driver unbind.
Signed-off-by: Olivier Moysan <olivier.moysan@foss.st.com>
Link: https://lore.kernel.org/r/20221109170849.273719-1-olivier.moysan@foss.st.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/stm/stm32_adfsdm.c | 11 +++++++++++
1 file changed, 11 insertions(+)
diff --git a/sound/soc/stm/stm32_adfsdm.c b/sound/soc/stm/stm32_adfsdm.c
index e6078f50e508..1e9b4b1df69e 100644
--- a/sound/soc/stm/stm32_adfsdm.c
+++ b/sound/soc/stm/stm32_adfsdm.c
@@ -303,6 +303,11 @@ static int stm32_adfsdm_dummy_cb(const void *data, void *private)
return 0;
}
+static void stm32_adfsdm_cleanup(void *data)
+{
+ iio_channel_release_all_cb(data);
+}
+
static struct snd_soc_component_driver stm32_adfsdm_soc_platform = {
.open = stm32_adfsdm_pcm_open,
.close = stm32_adfsdm_pcm_close,
@@ -349,6 +354,12 @@ static int stm32_adfsdm_probe(struct platform_device *pdev)
if (IS_ERR(priv->iio_cb))
return PTR_ERR(priv->iio_cb);
+ ret = devm_add_action_or_reset(&pdev->dev, stm32_adfsdm_cleanup, priv->iio_cb);
+ if (ret < 0) {
+ dev_err(&pdev->dev, "Unable to add action\n");
+ return ret;
+ }
+
component = devm_kzalloc(&pdev->dev, sizeof(*component), GFP_KERNEL);
if (!component)
return -ENOMEM;
--
2.35.1
^ permalink raw reply related [flat|nested] 217+ messages in thread
* [PATCH 5.15 173/206] xen-pciback: Allow setting PCI_MSIX_FLAGS_MASKALL too
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (171 preceding siblings ...)
2022-11-30 18:23 ` [PATCH 5.15 172/206] ASoC: stm32: dfsdm: manage cb buffers cleanup Greg Kroah-Hartman
@ 2022-11-30 18:23 ` Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 5.15 174/206] xen/platform-pci: add missing free_irq() in error path Greg Kroah-Hartman
` (41 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:23 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Marek Marczykowski-Górecki,
Jan Beulich, Juergen Gross, Sasha Levin
From: Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>
[ Upstream commit 5e29500eba2aa19e1323df46f64dafcd4a327092 ]
When Xen domain configures MSI-X, the usual approach is to enable MSI-X
together with masking all of them via the config space, then fill the
table and only then clear PCI_MSIX_FLAGS_MASKALL. Allow doing this via
QEMU running in a stub domain.
Previously, when changing PCI_MSIX_FLAGS_MASKALL was not allowed, the
whole write was aborted, preventing change to the PCI_MSIX_FLAGS_ENABLE
bit too.
Note the Xen hypervisor intercepts this write anyway, and may keep the
PCI_MSIX_FLAGS_MASKALL bit set if it wishes to. It will store the
guest-requested state and will apply it eventually.
Signed-off-by: Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>
Reviewed-by: Jan Beulich <jbeulich@suse.com>
Link: https://lore.kernel.org/r/20221114103110.1519413-1-marmarek@invisiblethingslab.com
Signed-off-by: Juergen Gross <jgross@suse.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/xen/xen-pciback/conf_space_capability.c | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/drivers/xen/xen-pciback/conf_space_capability.c b/drivers/xen/xen-pciback/conf_space_capability.c
index 5e53b4817f16..097316a74126 100644
--- a/drivers/xen/xen-pciback/conf_space_capability.c
+++ b/drivers/xen/xen-pciback/conf_space_capability.c
@@ -190,13 +190,16 @@ static const struct config_field caplist_pm[] = {
};
static struct msi_msix_field_config {
- u16 enable_bit; /* bit for enabling MSI/MSI-X */
- unsigned int int_type; /* interrupt type for exclusiveness check */
+ u16 enable_bit; /* bit for enabling MSI/MSI-X */
+ u16 allowed_bits; /* bits allowed to be changed */
+ unsigned int int_type; /* interrupt type for exclusiveness check */
} msi_field_config = {
.enable_bit = PCI_MSI_FLAGS_ENABLE,
+ .allowed_bits = PCI_MSI_FLAGS_ENABLE,
.int_type = INTERRUPT_TYPE_MSI,
}, msix_field_config = {
.enable_bit = PCI_MSIX_FLAGS_ENABLE,
+ .allowed_bits = PCI_MSIX_FLAGS_ENABLE | PCI_MSIX_FLAGS_MASKALL,
.int_type = INTERRUPT_TYPE_MSIX,
};
@@ -229,7 +232,7 @@ static int msi_msix_flags_write(struct pci_dev *dev, int offset, u16 new_value,
return 0;
if (!dev_data->allow_interrupt_control ||
- (new_value ^ old_value) & ~field_config->enable_bit)
+ (new_value ^ old_value) & ~field_config->allowed_bits)
return PCIBIOS_SET_FAILED;
if (new_value & field_config->enable_bit) {
--
2.35.1
^ permalink raw reply related [flat|nested] 217+ messages in thread
* [PATCH 5.15 174/206] xen/platform-pci: add missing free_irq() in error path
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (172 preceding siblings ...)
2022-11-30 18:23 ` [PATCH 5.15 173/206] xen-pciback: Allow setting PCI_MSIX_FLAGS_MASKALL too Greg Kroah-Hartman
@ 2022-11-30 18:23 ` Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 5.15 175/206] platform/x86: asus-wmi: add missing pci_dev_put() in asus_wmi_set_xusb2pr() Greg Kroah-Hartman
` (40 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:23 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, ruanjinjie, Oleksandr Tyshchenko,
Juergen Gross, Sasha Levin
From: ruanjinjie <ruanjinjie@huawei.com>
[ Upstream commit c53717e1e3f0d0f9129b2e0dbc6dcc5e0a8132e9 ]
free_irq() is missing in case of error in platform_pci_probe(), fix that.
Signed-off-by: ruanjinjie <ruanjinjie@huawei.com>
Reviewed-by: Oleksandr Tyshchenko <oleksandr_tyshchenko@epam.com>
Link: https://lore.kernel.org/r/20221114112124.1965611-1-ruanjinjie@huawei.com
Signed-off-by: Juergen Gross <jgross@suse.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/xen/platform-pci.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/drivers/xen/platform-pci.c b/drivers/xen/platform-pci.c
index 18f0ed8b1f93..6ebd819338ec 100644
--- a/drivers/xen/platform-pci.c
+++ b/drivers/xen/platform-pci.c
@@ -144,7 +144,7 @@ static int platform_pci_probe(struct pci_dev *pdev,
if (ret) {
dev_warn(&pdev->dev, "Unable to set the evtchn callback "
"err=%d\n", ret);
- goto out;
+ goto irq_out;
}
}
@@ -152,13 +152,16 @@ static int platform_pci_probe(struct pci_dev *pdev,
grant_frames = alloc_xen_mmio(PAGE_SIZE * max_nr_gframes);
ret = gnttab_setup_auto_xlat_frames(grant_frames);
if (ret)
- goto out;
+ goto irq_out;
ret = gnttab_init();
if (ret)
goto grant_out;
return 0;
grant_out:
gnttab_free_auto_xlat_frames();
+irq_out:
+ if (!xen_have_vector_callback)
+ free_irq(pdev->irq, pdev);
out:
pci_release_region(pdev, 0);
mem_out:
--
2.35.1
^ permalink raw reply related [flat|nested] 217+ messages in thread
* [PATCH 5.15 175/206] platform/x86: asus-wmi: add missing pci_dev_put() in asus_wmi_set_xusb2pr()
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (173 preceding siblings ...)
2022-11-30 18:23 ` [PATCH 5.15 174/206] xen/platform-pci: add missing free_irq() in error path Greg Kroah-Hartman
@ 2022-11-30 18:23 ` Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 5.15 176/206] platform/x86: acer-wmi: Enable SW_TABLET_MODE on Switch V 10 (SW5-017) Greg Kroah-Hartman
` (39 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:23 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Xiongfeng Wang, Hans de Goede, Sasha Levin
From: Xiongfeng Wang <wangxiongfeng2@huawei.com>
[ Upstream commit d0cdd85046b15089df71a50548617ac1025300d0 ]
pci_get_device() will increase the reference count for the returned
pci_dev. We need to use pci_dev_put() to decrease the reference count
before asus_wmi_set_xusb2pr() returns.
Signed-off-by: Xiongfeng Wang <wangxiongfeng2@huawei.com>
Link: https://lore.kernel.org/r/20221111100752.134311-1-wangxiongfeng2@huawei.com
Reviewed-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/platform/x86/asus-wmi.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/platform/x86/asus-wmi.c b/drivers/platform/x86/asus-wmi.c
index e14fb5fa7324..f030ea97f126 100644
--- a/drivers/platform/x86/asus-wmi.c
+++ b/drivers/platform/x86/asus-wmi.c
@@ -1511,6 +1511,8 @@ static void asus_wmi_set_xusb2pr(struct asus_wmi *asus)
pci_write_config_dword(xhci_pdev, USB_INTEL_XUSB2PR,
cpu_to_le32(ports_available));
+ pci_dev_put(xhci_pdev);
+
pr_info("set USB_INTEL_XUSB2PR old: 0x%04x, new: 0x%04x\n",
orig_ports_available, ports_available);
}
--
2.35.1
^ permalink raw reply related [flat|nested] 217+ messages in thread
* [PATCH 5.15 176/206] platform/x86: acer-wmi: Enable SW_TABLET_MODE on Switch V 10 (SW5-017)
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (174 preceding siblings ...)
2022-11-30 18:23 ` [PATCH 5.15 175/206] platform/x86: asus-wmi: add missing pci_dev_put() in asus_wmi_set_xusb2pr() Greg Kroah-Hartman
@ 2022-11-30 18:23 ` Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 5.15 177/206] drm/amdgpu: disable BACO support on more cards Greg Kroah-Hartman
` (38 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:23 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Rudolf Polzer, Hans de Goede, Sasha Levin
From: Hans de Goede <hdegoede@redhat.com>
[ Upstream commit 1e817b889c7d8c14e7005258e15fec62edafe03c ]
Like the Acer Switch 10 (SW5-012) and Acer Switch 10 (S1003) models
the Acer Switch V 10 (SW5-017) supports reporting SW_TABLET_MODE
through acer-wmi.
Add a DMI quirk for the SW5-017 setting force_caps to ACER_CAP_KBD_DOCK
(these devices have no other acer-wmi based functionality).
Cc: Rudolf Polzer <rpolzer@google.com>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Link: https://lore.kernel.org/r/20221111111639.35730-1-hdegoede@redhat.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/platform/x86/acer-wmi.c | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/drivers/platform/x86/acer-wmi.c b/drivers/platform/x86/acer-wmi.c
index 8c2a73d5428d..82516796a53b 100644
--- a/drivers/platform/x86/acer-wmi.c
+++ b/drivers/platform/x86/acer-wmi.c
@@ -564,6 +564,15 @@ static const struct dmi_system_id acer_quirks[] __initconst = {
},
.driver_data = (void *)ACER_CAP_KBD_DOCK,
},
+ {
+ .callback = set_force_caps,
+ .ident = "Acer Aspire Switch V 10 SW5-017",
+ .matches = {
+ DMI_EXACT_MATCH(DMI_SYS_VENDOR, "Acer"),
+ DMI_EXACT_MATCH(DMI_PRODUCT_NAME, "SW5-017"),
+ },
+ .driver_data = (void *)ACER_CAP_KBD_DOCK,
+ },
{
.callback = set_force_caps,
.ident = "Acer One 10 (S1003)",
--
2.35.1
^ permalink raw reply related [flat|nested] 217+ messages in thread
* [PATCH 5.15 177/206] drm/amdgpu: disable BACO support on more cards
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (175 preceding siblings ...)
2022-11-30 18:23 ` [PATCH 5.15 176/206] platform/x86: acer-wmi: Enable SW_TABLET_MODE on Switch V 10 (SW5-017) Greg Kroah-Hartman
@ 2022-11-30 18:23 ` Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 5.15 178/206] zonefs: fix zone report size in __zonefs_io_error() Greg Kroah-Hartman
` (37 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:23 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Guchun Chen, Alex Deucher, Sasha Levin
From: Guchun Chen <guchun.chen@amd.com>
[ Upstream commit 192039f12233c9063d040266e7c98188c7c89dec ]
Otherwise, some unexpected PCIE AER errors will be observed
in runtime suspend/resume cycle.
Signed-off-by: Guchun Chen <guchun.chen@amd.com>
Acked-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/amd/pm/swsmu/smu11/sienna_cichlid_ppt.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/drivers/gpu/drm/amd/pm/swsmu/smu11/sienna_cichlid_ppt.c b/drivers/gpu/drm/amd/pm/swsmu/smu11/sienna_cichlid_ppt.c
index ca6fa133993c..82a8c184526d 100644
--- a/drivers/gpu/drm/amd/pm/swsmu/smu11/sienna_cichlid_ppt.c
+++ b/drivers/gpu/drm/amd/pm/swsmu/smu11/sienna_cichlid_ppt.c
@@ -368,6 +368,10 @@ static void sienna_cichlid_check_bxco_support(struct smu_context *smu)
((adev->pdev->device == 0x73BF) &&
(adev->pdev->revision == 0xCF)) ||
((adev->pdev->device == 0x7422) &&
+ (adev->pdev->revision == 0x00)) ||
+ ((adev->pdev->device == 0x73A3) &&
+ (adev->pdev->revision == 0x00)) ||
+ ((adev->pdev->device == 0x73E3) &&
(adev->pdev->revision == 0x00)))
smu_baco->platform_support = false;
--
2.35.1
^ permalink raw reply related [flat|nested] 217+ messages in thread
* [PATCH 5.15 178/206] zonefs: fix zone report size in __zonefs_io_error()
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (176 preceding siblings ...)
2022-11-30 18:23 ` [PATCH 5.15 177/206] drm/amdgpu: disable BACO support on more cards Greg Kroah-Hartman
@ 2022-11-30 18:23 ` Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 5.15 179/206] platform/x86: hp-wmi: Ignore Smart Experience App event Greg Kroah-Hartman
` (36 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:23 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Johannes Thumshirn, Damien Le Moal,
Sasha Levin
From: Damien Le Moal <damien.lemoal@opensource.wdc.com>
[ Upstream commit 7dd12d65ac646046a3fe0bbf9a4e86f4514207b3 ]
When an IO error occurs, the function __zonefs_io_error() is used to
issue a zone report to obtain the latest zone information from the
device. This function gets a zone report for all zones used as storage
for a file, which is always 1 zone except for files representing
aggregated conventional zones.
The number of zones of a zone report for a file is calculated in
__zonefs_io_error() by doing a bit-shift of the inode i_zone_size field,
which is equal to or larger than the device zone size. However, this
calculation does not take into account that the last zone of a zoned
device may be smaller than the zone size reported by bdev_zone_sectors()
(which is used to set the bit shift size). As a result, if an error
occurs for an IO targetting such last smaller zone, the zone report will
ask for 0 zones, leading to an invalid zone report.
Fix this by using the fact that all files require a 1 zone report,
except if the inode i_zone_size field indicates a zone size larger than
the device zone size. This exception case corresponds to a mount with
aggregated conventional zones.
A check for this exception is added to the file inode initialization
during mount. If an invalid setup is detected, emit an error and fail
the mount (check contributed by Johannes Thumshirn).
Signed-off-by: Johannes Thumshirn <johannes.thumshirn@wdc.com>
Signed-off-by: Damien Le Moal <damien.lemoal@opensource.wdc.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/zonefs/super.c | 37 +++++++++++++++++++++++++++----------
1 file changed, 27 insertions(+), 10 deletions(-)
diff --git a/fs/zonefs/super.c b/fs/zonefs/super.c
index f8feaed0b54d..85a98590b6ef 100644
--- a/fs/zonefs/super.c
+++ b/fs/zonefs/super.c
@@ -448,14 +448,22 @@ static void __zonefs_io_error(struct inode *inode, bool write)
struct super_block *sb = inode->i_sb;
struct zonefs_sb_info *sbi = ZONEFS_SB(sb);
unsigned int noio_flag;
- unsigned int nr_zones =
- zi->i_zone_size >> (sbi->s_zone_sectors_shift + SECTOR_SHIFT);
+ unsigned int nr_zones = 1;
struct zonefs_ioerr_data err = {
.inode = inode,
.write = write,
};
int ret;
+ /*
+ * The only files that have more than one zone are conventional zone
+ * files with aggregated conventional zones, for which the inode zone
+ * size is always larger than the device zone size.
+ */
+ if (zi->i_zone_size > bdev_zone_sectors(sb->s_bdev))
+ nr_zones = zi->i_zone_size >>
+ (sbi->s_zone_sectors_shift + SECTOR_SHIFT);
+
/*
* Memory allocations in blkdev_report_zones() can trigger a memory
* reclaim which may in turn cause a recursion into zonefs as well as
@@ -1354,6 +1362,14 @@ static int zonefs_init_file_inode(struct inode *inode, struct blk_zone *zone,
zi->i_ztype = type;
zi->i_zsector = zone->start;
zi->i_zone_size = zone->len << SECTOR_SHIFT;
+ if (zi->i_zone_size > bdev_zone_sectors(sb->s_bdev) << SECTOR_SHIFT &&
+ !(sbi->s_features & ZONEFS_F_AGGRCNV)) {
+ zonefs_err(sb,
+ "zone size %llu doesn't match device's zone sectors %llu\n",
+ zi->i_zone_size,
+ bdev_zone_sectors(sb->s_bdev) << SECTOR_SHIFT);
+ return -EINVAL;
+ }
zi->i_max_size = min_t(loff_t, MAX_LFS_FILESIZE,
zone->capacity << SECTOR_SHIFT);
@@ -1396,11 +1412,11 @@ static struct dentry *zonefs_create_inode(struct dentry *parent,
struct inode *dir = d_inode(parent);
struct dentry *dentry;
struct inode *inode;
- int ret;
+ int ret = -ENOMEM;
dentry = d_alloc_name(parent, name);
if (!dentry)
- return NULL;
+ return ERR_PTR(ret);
inode = new_inode(parent->d_sb);
if (!inode)
@@ -1425,7 +1441,7 @@ static struct dentry *zonefs_create_inode(struct dentry *parent,
dput:
dput(dentry);
- return NULL;
+ return ERR_PTR(ret);
}
struct zonefs_zone_data {
@@ -1445,7 +1461,7 @@ static int zonefs_create_zgroup(struct zonefs_zone_data *zd,
struct blk_zone *zone, *next, *end;
const char *zgroup_name;
char *file_name;
- struct dentry *dir;
+ struct dentry *dir, *dent;
unsigned int n = 0;
int ret;
@@ -1463,8 +1479,8 @@ static int zonefs_create_zgroup(struct zonefs_zone_data *zd,
zgroup_name = "seq";
dir = zonefs_create_inode(sb->s_root, zgroup_name, NULL, type);
- if (!dir) {
- ret = -ENOMEM;
+ if (IS_ERR(dir)) {
+ ret = PTR_ERR(dir);
goto free;
}
@@ -1510,8 +1526,9 @@ static int zonefs_create_zgroup(struct zonefs_zone_data *zd,
* Use the file number within its group as file name.
*/
snprintf(file_name, ZONEFS_NAME_MAX - 1, "%u", n);
- if (!zonefs_create_inode(dir, file_name, zone, type)) {
- ret = -ENOMEM;
+ dent = zonefs_create_inode(dir, file_name, zone, type);
+ if (IS_ERR(dent)) {
+ ret = PTR_ERR(dent);
goto free;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 217+ messages in thread
* [PATCH 5.15 179/206] platform/x86: hp-wmi: Ignore Smart Experience App event
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (177 preceding siblings ...)
2022-11-30 18:23 ` [PATCH 5.15 178/206] zonefs: fix zone report size in __zonefs_io_error() Greg Kroah-Hartman
@ 2022-11-30 18:23 ` Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 5.15 180/206] platform/x86: ideapad-laptop: Fix interrupt storm on fn-lock toggle on some Yoga laptops Greg Kroah-Hartman
` (35 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:23 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Kai-Heng Feng, Hans de Goede, Sasha Levin
From: Kai-Heng Feng <kai.heng.feng@canonical.com>
[ Upstream commit 8b9b6a044b408283b086702b1d9e3cf4ba45b426 ]
Sometimes hp-wmi driver complains on system resume:
[ 483.116451] hp_wmi: Unknown event_id - 33 - 0x0
According to HP it's a feature called "HP Smart Experience App" and it's
safe to be ignored.
Signed-off-by: Kai-Heng Feng <kai.heng.feng@canonical.com>
Link: https://lore.kernel.org/r/20221114073842.205392-1-kai.heng.feng@canonical.com
Reviewed-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/platform/x86/hp-wmi.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/platform/x86/hp-wmi.c b/drivers/platform/x86/hp-wmi.c
index 5a3a3cd89214..1e390dcee561 100644
--- a/drivers/platform/x86/hp-wmi.c
+++ b/drivers/platform/x86/hp-wmi.c
@@ -64,6 +64,7 @@ enum hp_wmi_event_ids {
HPWMI_PEAKSHIFT_PERIOD = 0x0F,
HPWMI_BATTERY_CHARGE_PERIOD = 0x10,
HPWMI_SANITIZATION_MODE = 0x17,
+ HPWMI_SMART_EXPERIENCE_APP = 0x21,
};
struct bios_args {
@@ -641,6 +642,8 @@ static void hp_wmi_notify(u32 value, void *context)
break;
case HPWMI_SANITIZATION_MODE:
break;
+ case HPWMI_SMART_EXPERIENCE_APP:
+ break;
default:
pr_info("Unknown event_id - %d - 0x%x\n", event_id, event_data);
break;
--
2.35.1
^ permalink raw reply related [flat|nested] 217+ messages in thread
* [PATCH 5.15 180/206] platform/x86: ideapad-laptop: Fix interrupt storm on fn-lock toggle on some Yoga laptops
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (178 preceding siblings ...)
2022-11-30 18:23 ` [PATCH 5.15 179/206] platform/x86: hp-wmi: Ignore Smart Experience App event Greg Kroah-Hartman
@ 2022-11-30 18:23 ` Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 5.15 181/206] tcp: configurable source port perturb table size Greg Kroah-Hartman
` (34 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:23 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Meng Dong, Arnav Rawat,
Hans de Goede, Sasha Levin
From: Arnav Rawat <arnavr3@illinois.edu>
[ Upstream commit 81a5603a0f50fd7cf17ff21d106052215eaf2028 ]
Commit 3ae86d2d4704 ("platform/x86: ideapad-laptop: Fix Legion 5 Fn lock
LED") uses the WMI event-id for the fn-lock event on some Legion 5 laptops
to manually toggle the fn-lock LED because the EC does not do it itself.
However, the same WMI ID is also sent on some Yoga laptops. Here, setting
the fn-lock state is not valid behavior, and causes the EC to spam
interrupts until the laptop is rebooted.
Add a set_fn_lock_led_list[] DMI-id list and only enable the workaround to
manually set the LED on models on this list.
Link: https://bugzilla.kernel.org/show_bug.cgi?id=212671
Cc: Meng Dong <whenov@gmail.com>
Signed-off-by: Arnav Rawat <arnavr3@illinois.edu>
Link: https://lore.kernel.org/r/12093851.O9o76ZdvQC@fedora
[hdegoede@redhat.com: Check DMI-id list only once and store the result]
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/platform/x86/ideapad-laptop.c | 17 +++++++++++++++++
1 file changed, 17 insertions(+)
diff --git a/drivers/platform/x86/ideapad-laptop.c b/drivers/platform/x86/ideapad-laptop.c
index ab4dfff2174b..7c553581e870 100644
--- a/drivers/platform/x86/ideapad-laptop.c
+++ b/drivers/platform/x86/ideapad-laptop.c
@@ -136,6 +136,7 @@ struct ideapad_private {
bool dytc : 1;
bool fan_mode : 1;
bool fn_lock : 1;
+ bool set_fn_lock_led : 1;
bool hw_rfkill_switch : 1;
bool kbd_bl : 1;
bool touchpad_ctrl_via_ec : 1;
@@ -1467,6 +1468,9 @@ static void ideapad_wmi_notify(u32 value, void *context)
ideapad_input_report(priv, value);
break;
case 208:
+ if (!priv->features.set_fn_lock_led)
+ break;
+
if (!eval_hals(priv->adev->handle, &result)) {
bool state = test_bit(HALS_FNLOCK_STATE_BIT, &result);
@@ -1480,6 +1484,18 @@ static void ideapad_wmi_notify(u32 value, void *context)
}
#endif
+/* On some models we need to call exec_sals(SALS_FNLOCK_ON/OFF) to set the LED */
+static const struct dmi_system_id set_fn_lock_led_list[] = {
+ {
+ /* https://bugzilla.kernel.org/show_bug.cgi?id=212671 */
+ .matches = {
+ DMI_MATCH(DMI_SYS_VENDOR, "LENOVO"),
+ DMI_MATCH(DMI_PRODUCT_VERSION, "Lenovo Legion R7000P2020H"),
+ }
+ },
+ {}
+};
+
/*
* Some ideapads have a hardware rfkill switch, but most do not have one.
* Reading VPCCMD_R_RF always results in 0 on models without a hardware rfkill,
@@ -1522,6 +1538,7 @@ static void ideapad_check_features(struct ideapad_private *priv)
acpi_handle handle = priv->adev->handle;
unsigned long val;
+ priv->features.set_fn_lock_led = dmi_check_system(set_fn_lock_led_list);
priv->features.hw_rfkill_switch = dmi_check_system(hw_rfkill_list);
/* Most ideapads with ELAN0634 touchpad don't use EC touchpad switch */
--
2.35.1
^ permalink raw reply related [flat|nested] 217+ messages in thread
* [PATCH 5.15 181/206] tcp: configurable source port perturb table size
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (179 preceding siblings ...)
2022-11-30 18:23 ` [PATCH 5.15 180/206] platform/x86: ideapad-laptop: Fix interrupt storm on fn-lock toggle on some Yoga laptops Greg Kroah-Hartman
@ 2022-11-30 18:23 ` Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 5.15 182/206] net: usb: qmi_wwan: add Telit 0x103a composition Greg Kroah-Hartman
` (33 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:23 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Gleb Mazovetskiy, Kuniyuki Iwashima,
David S. Miller, Sasha Levin
From: Gleb Mazovetskiy <glex.spb@gmail.com>
[ Upstream commit aeac4ec8f46d610a10adbaeff5e2edf6a88ffc62 ]
On embedded systems with little memory and no relevant
security concerns, it is beneficial to reduce the size
of the table.
Reducing the size from 2^16 to 2^8 saves 255 KiB
of kernel RAM.
Makes the table size configurable as an expert option.
The size was previously increased from 2^8 to 2^16
in commit 4c2c8f03a5ab ("tcp: increase source port perturb table to
2^16").
Signed-off-by: Gleb Mazovetskiy <glex.spb@gmail.com>
Reviewed-by: Kuniyuki Iwashima <kuniyu@amazon.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/ipv4/Kconfig | 10 ++++++++++
net/ipv4/inet_hashtables.c | 10 +++++-----
2 files changed, 15 insertions(+), 5 deletions(-)
diff --git a/net/ipv4/Kconfig b/net/ipv4/Kconfig
index 87983e70f03f..23b06063e1a5 100644
--- a/net/ipv4/Kconfig
+++ b/net/ipv4/Kconfig
@@ -403,6 +403,16 @@ config INET_IPCOMP
If unsure, say Y.
+config INET_TABLE_PERTURB_ORDER
+ int "INET: Source port perturbation table size (as power of 2)" if EXPERT
+ default 16
+ help
+ Source port perturbation table size (as power of 2) for
+ RFC 6056 3.3.4. Algorithm 4: Double-Hash Port Selection Algorithm.
+
+ The default is almost always what you want.
+ Only change this if you know what you are doing.
+
config INET_XFRM_TUNNEL
tristate
select INET_TUNNEL
diff --git a/net/ipv4/inet_hashtables.c b/net/ipv4/inet_hashtables.c
index ce6a3873f89e..0d378da4b1b1 100644
--- a/net/ipv4/inet_hashtables.c
+++ b/net/ipv4/inet_hashtables.c
@@ -721,13 +721,13 @@ EXPORT_SYMBOL_GPL(inet_unhash);
* Note that we use 32bit integers (vs RFC 'short integers')
* because 2^16 is not a multiple of num_ephemeral and this
* property might be used by clever attacker.
+ *
* RFC claims using TABLE_LENGTH=10 buckets gives an improvement, though
- * attacks were since demonstrated, thus we use 65536 instead to really
- * give more isolation and privacy, at the expense of 256kB of kernel
- * memory.
+ * attacks were since demonstrated, thus we use 65536 by default instead
+ * to really give more isolation and privacy, at the expense of 256kB
+ * of kernel memory.
*/
-#define INET_TABLE_PERTURB_SHIFT 16
-#define INET_TABLE_PERTURB_SIZE (1 << INET_TABLE_PERTURB_SHIFT)
+#define INET_TABLE_PERTURB_SIZE (1 << CONFIG_INET_TABLE_PERTURB_ORDER)
static u32 *table_perturb;
int __inet_hash_connect(struct inet_timewait_death_row *death_row,
--
2.35.1
^ permalink raw reply related [flat|nested] 217+ messages in thread
* [PATCH 5.15 182/206] net: usb: qmi_wwan: add Telit 0x103a composition
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (180 preceding siblings ...)
2022-11-30 18:23 ` [PATCH 5.15 181/206] tcp: configurable source port perturb table size Greg Kroah-Hartman
@ 2022-11-30 18:23 ` Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 5.15 183/206] scsi: iscsi: Fix possible memory leak when device_register() failed Greg Kroah-Hartman
` (32 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:23 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Enrico Sau, Bjørn Mork,
Paolo Abeni, Sasha Levin
From: Enrico Sau <enrico.sau@gmail.com>
[ Upstream commit e103ba33998d0f25653cc8ebe745b68d1ee10cda ]
Add the following Telit LE910C4-WWX composition:
0x103a: rmnet
Signed-off-by: Enrico Sau <enrico.sau@gmail.com>
Acked-by: Bjørn Mork <bjorn@mork.no>
Link: https://lore.kernel.org/r/20221115105859.14324-1-enrico.sau@gmail.com
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/usb/qmi_wwan.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/net/usb/qmi_wwan.c b/drivers/net/usb/qmi_wwan.c
index 6bf5c75f519d..d886f903e428 100644
--- a/drivers/net/usb/qmi_wwan.c
+++ b/drivers/net/usb/qmi_wwan.c
@@ -1353,6 +1353,7 @@ static const struct usb_device_id products[] = {
{QMI_FIXED_INTF(0x2357, 0x0201, 4)}, /* TP-LINK HSUPA Modem MA180 */
{QMI_FIXED_INTF(0x2357, 0x9000, 4)}, /* TP-LINK MA260 */
{QMI_QUIRK_SET_DTR(0x1bc7, 0x1031, 3)}, /* Telit LE910C1-EUX */
+ {QMI_QUIRK_SET_DTR(0x1bc7, 0x103a, 0)}, /* Telit LE910C4-WWX */
{QMI_QUIRK_SET_DTR(0x1bc7, 0x1040, 2)}, /* Telit LE922A */
{QMI_QUIRK_SET_DTR(0x1bc7, 0x1050, 2)}, /* Telit FN980 */
{QMI_QUIRK_SET_DTR(0x1bc7, 0x1060, 2)}, /* Telit LN920 */
--
2.35.1
^ permalink raw reply related [flat|nested] 217+ messages in thread
* [PATCH 5.15 183/206] scsi: iscsi: Fix possible memory leak when device_register() failed
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (181 preceding siblings ...)
2022-11-30 18:23 ` [PATCH 5.15 182/206] net: usb: qmi_wwan: add Telit 0x103a composition Greg Kroah-Hartman
@ 2022-11-30 18:23 ` Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 5.15 184/206] gpu: host1x: Avoid trying to use GART on Tegra20 Greg Kroah-Hartman
` (31 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:23 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Zhou Guanghui, Mike Christie,
Martin K. Petersen, Sasha Levin
From: Zhou Guanghui <zhouguanghui1@huawei.com>
[ Upstream commit f014165faa7b953b81dcbf18835936e5f8d01f2a ]
If device_register() returns error, the name allocated by the
dev_set_name() need be freed. As described in the comment of
device_register(), we should use put_device() to give up the reference in
the error path.
Fix this by calling put_device(), the name will be freed in the
kobject_cleanup(), and this patch modified resources will be released by
calling the corresponding callback function in the device_release().
Signed-off-by: Zhou Guanghui <zhouguanghui1@huawei.com>
Link: https://lore.kernel.org/r/20221110033729.1555-1-zhouguanghui1@huawei.com
Reviewed-by: Mike Christie <michael.christie@oracle.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/scsi/scsi_transport_iscsi.c | 31 +++++++++++++++--------------
1 file changed, 16 insertions(+), 15 deletions(-)
diff --git a/drivers/scsi/scsi_transport_iscsi.c b/drivers/scsi/scsi_transport_iscsi.c
index f46ae5391758..cc39cbef9d7f 100644
--- a/drivers/scsi/scsi_transport_iscsi.c
+++ b/drivers/scsi/scsi_transport_iscsi.c
@@ -232,7 +232,7 @@ iscsi_create_endpoint(int dd_size)
dev_set_name(&ep->dev, "ep-%d", id);
err = device_register(&ep->dev);
if (err)
- goto free_id;
+ goto put_dev;
err = sysfs_create_group(&ep->dev.kobj, &iscsi_endpoint_group);
if (err)
@@ -246,10 +246,12 @@ iscsi_create_endpoint(int dd_size)
device_unregister(&ep->dev);
return NULL;
-free_id:
+put_dev:
mutex_lock(&iscsi_ep_idr_mutex);
idr_remove(&iscsi_ep_idr, id);
mutex_unlock(&iscsi_ep_idr_mutex);
+ put_device(&ep->dev);
+ return NULL;
free_ep:
kfree(ep);
return NULL;
@@ -767,7 +769,7 @@ iscsi_create_iface(struct Scsi_Host *shost, struct iscsi_transport *transport,
err = device_register(&iface->dev);
if (err)
- goto free_iface;
+ goto put_dev;
err = sysfs_create_group(&iface->dev.kobj, &iscsi_iface_group);
if (err)
@@ -781,9 +783,8 @@ iscsi_create_iface(struct Scsi_Host *shost, struct iscsi_transport *transport,
device_unregister(&iface->dev);
return NULL;
-free_iface:
- put_device(iface->dev.parent);
- kfree(iface);
+put_dev:
+ put_device(&iface->dev);
return NULL;
}
EXPORT_SYMBOL_GPL(iscsi_create_iface);
@@ -1252,15 +1253,15 @@ iscsi_create_flashnode_sess(struct Scsi_Host *shost, int index,
err = device_register(&fnode_sess->dev);
if (err)
- goto free_fnode_sess;
+ goto put_dev;
if (dd_size)
fnode_sess->dd_data = &fnode_sess[1];
return fnode_sess;
-free_fnode_sess:
- kfree(fnode_sess);
+put_dev:
+ put_device(&fnode_sess->dev);
return NULL;
}
EXPORT_SYMBOL_GPL(iscsi_create_flashnode_sess);
@@ -1300,15 +1301,15 @@ iscsi_create_flashnode_conn(struct Scsi_Host *shost,
err = device_register(&fnode_conn->dev);
if (err)
- goto free_fnode_conn;
+ goto put_dev;
if (dd_size)
fnode_conn->dd_data = &fnode_conn[1];
return fnode_conn;
-free_fnode_conn:
- kfree(fnode_conn);
+put_dev:
+ put_device(&fnode_conn->dev);
return NULL;
}
EXPORT_SYMBOL_GPL(iscsi_create_flashnode_conn);
@@ -4838,7 +4839,7 @@ iscsi_register_transport(struct iscsi_transport *tt)
dev_set_name(&priv->dev, "%s", tt->name);
err = device_register(&priv->dev);
if (err)
- goto free_priv;
+ goto put_dev;
err = sysfs_create_group(&priv->dev.kobj, &iscsi_transport_group);
if (err)
@@ -4873,8 +4874,8 @@ iscsi_register_transport(struct iscsi_transport *tt)
unregister_dev:
device_unregister(&priv->dev);
return NULL;
-free_priv:
- kfree(priv);
+put_dev:
+ put_device(&priv->dev);
return NULL;
}
EXPORT_SYMBOL_GPL(iscsi_register_transport);
--
2.35.1
^ permalink raw reply related [flat|nested] 217+ messages in thread
* [PATCH 5.15 184/206] gpu: host1x: Avoid trying to use GART on Tegra20
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (182 preceding siblings ...)
2022-11-30 18:23 ` [PATCH 5.15 183/206] scsi: iscsi: Fix possible memory leak when device_register() failed Greg Kroah-Hartman
@ 2022-11-30 18:23 ` Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 5.15 185/206] dm integrity: flush the journal on suspend Greg Kroah-Hartman
` (30 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:23 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Jon Hunter, Dmitry Osipenko,
Robin Murphy, Thierry Reding, Sasha Levin
From: Robin Murphy <robin.murphy@arm.com>
[ Upstream commit c2418f911a31a266af4fbaca998dc73d3676475a ]
Since commit c7e3ca515e78 ("iommu/tegra: gart: Do not register with
bus") quite some time ago, the GART driver has effectively disabled
itself to avoid issues with the GPU driver expecting it to work in ways
that it doesn't. As of commit 57365a04c921 ("iommu: Move bus setup to
IOMMU device registration") that bodge no longer works, but really the
GPU driver should be responsible for its own behaviour anyway. Make the
workaround explicit.
Reported-by: Jon Hunter <jonathanh@nvidia.com>
Suggested-by: Dmitry Osipenko <digetx@gmail.com>
Signed-off-by: Robin Murphy <robin.murphy@arm.com>
Tested-by: Jon Hunter <jonathanh@nvidia.com>
Signed-off-by: Thierry Reding <treding@nvidia.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/tegra/drm.c | 4 ++++
drivers/gpu/host1x/dev.c | 4 ++++
2 files changed, 8 insertions(+)
diff --git a/drivers/gpu/drm/tegra/drm.c b/drivers/gpu/drm/tegra/drm.c
index 611cd8dad46e..4f5affdc6080 100644
--- a/drivers/gpu/drm/tegra/drm.c
+++ b/drivers/gpu/drm/tegra/drm.c
@@ -1083,6 +1083,10 @@ static bool host1x_drm_wants_iommu(struct host1x_device *dev)
struct host1x *host1x = dev_get_drvdata(dev->dev.parent);
struct iommu_domain *domain;
+ /* Our IOMMU usage policy doesn't currently play well with GART */
+ if (of_machine_is_compatible("nvidia,tegra20"))
+ return false;
+
/*
* If the Tegra DRM clients are backed by an IOMMU, push buffers are
* likely to be allocated beyond the 32-bit boundary if sufficient
diff --git a/drivers/gpu/host1x/dev.c b/drivers/gpu/host1x/dev.c
index fc9f54282f7d..c2a4bf2aae61 100644
--- a/drivers/gpu/host1x/dev.c
+++ b/drivers/gpu/host1x/dev.c
@@ -204,6 +204,10 @@ static void host1x_setup_sid_table(struct host1x *host)
static bool host1x_wants_iommu(struct host1x *host1x)
{
+ /* Our IOMMU usage policy doesn't currently play well with GART */
+ if (of_machine_is_compatible("nvidia,tegra20"))
+ return false;
+
/*
* If we support addressing a maximum of 32 bits of physical memory
* and if the host1x firewall is enabled, there's no need to enable
--
2.35.1
^ permalink raw reply related [flat|nested] 217+ messages in thread
* [PATCH 5.15 185/206] dm integrity: flush the journal on suspend
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (183 preceding siblings ...)
2022-11-30 18:23 ` [PATCH 5.15 184/206] gpu: host1x: Avoid trying to use GART on Tegra20 Greg Kroah-Hartman
@ 2022-11-30 18:23 ` Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 5.15 186/206] dm integrity: clear " Greg Kroah-Hartman
` (29 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:23 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Mikulas Patocka, Mike Snitzer, Sasha Levin
From: Mikulas Patocka <mpatocka@redhat.com>
[ Upstream commit 5e5dab5ec763d600fe0a67837dd9155bdc42f961 ]
This commit flushes the journal on suspend. It is prerequisite for the
next commit that enables activating dm integrity devices in read-only mode.
Note that we deliberately didn't flush the journal on suspend, so that the
journal replay code would be tested. However, the dm-integrity code is 5
years old now, so that journal replay is well-tested, and we can make this
change now.
Signed-off-by: Mikulas Patocka <mpatocka@redhat.com>
Signed-off-by: Mike Snitzer <snitzer@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/md/dm-integrity.c | 7 +------
1 file changed, 1 insertion(+), 6 deletions(-)
diff --git a/drivers/md/dm-integrity.c b/drivers/md/dm-integrity.c
index d5b827086962..bfdcb40f330a 100644
--- a/drivers/md/dm-integrity.c
+++ b/drivers/md/dm-integrity.c
@@ -2575,10 +2575,6 @@ static void integrity_writer(struct work_struct *w)
unsigned prev_free_sectors;
- /* the following test is not needed, but it tests the replay code */
- if (unlikely(dm_post_suspending(ic->ti)) && !ic->meta_dev)
- return;
-
spin_lock_irq(&ic->endio_wait.lock);
write_start = ic->committed_section;
write_sections = ic->n_committed_sections;
@@ -3085,8 +3081,7 @@ static void dm_integrity_postsuspend(struct dm_target *ti)
drain_workqueue(ic->commit_wq);
if (ic->mode == 'J') {
- if (ic->meta_dev)
- queue_work(ic->writer_wq, &ic->writer_work);
+ queue_work(ic->writer_wq, &ic->writer_work);
drain_workqueue(ic->writer_wq);
dm_integrity_flush_buffers(ic, true);
}
--
2.35.1
^ permalink raw reply related [flat|nested] 217+ messages in thread
* [PATCH 5.15 186/206] dm integrity: clear the journal on suspend
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (184 preceding siblings ...)
2022-11-30 18:23 ` [PATCH 5.15 185/206] dm integrity: flush the journal on suspend Greg Kroah-Hartman
@ 2022-11-30 18:23 ` Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 5.15 187/206] fuse: lock inode unconditionally in fuse_fallocate() Greg Kroah-Hartman
` (28 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:23 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Mikulas Patocka, Mike Snitzer, Sasha Levin
From: Mikulas Patocka <mpatocka@redhat.com>
[ Upstream commit 984bf2cc531e778e49298fdf6730e0396166aa21 ]
There was a problem that a user burned a dm-integrity image on CDROM
and could not activate it because it had a non-empty journal.
Fix this problem by flushing the journal (done by the previous commit)
and clearing the journal (done by this commit). Once the journal is
cleared, dm-integrity won't attempt to replay it on the next
activation.
Signed-off-by: Mikulas Patocka <mpatocka@redhat.com>
Signed-off-by: Mike Snitzer <snitzer@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/md/dm-integrity.c | 13 +++++++++++++
1 file changed, 13 insertions(+)
diff --git a/drivers/md/dm-integrity.c b/drivers/md/dm-integrity.c
index bfdcb40f330a..9705f3c358dd 100644
--- a/drivers/md/dm-integrity.c
+++ b/drivers/md/dm-integrity.c
@@ -259,6 +259,7 @@ struct dm_integrity_c {
struct completion crypto_backoff;
+ bool wrote_to_journal;
bool journal_uptodate;
bool just_formatted;
bool recalculate_flag;
@@ -2361,6 +2362,8 @@ static void integrity_commit(struct work_struct *w)
if (!commit_sections)
goto release_flush_bios;
+ ic->wrote_to_journal = true;
+
i = commit_start;
for (n = 0; n < commit_sections; n++) {
for (j = 0; j < ic->journal_section_entries; j++) {
@@ -3084,6 +3087,14 @@ static void dm_integrity_postsuspend(struct dm_target *ti)
queue_work(ic->writer_wq, &ic->writer_work);
drain_workqueue(ic->writer_wq);
dm_integrity_flush_buffers(ic, true);
+ if (ic->wrote_to_journal) {
+ init_journal(ic, ic->free_section,
+ ic->journal_sections - ic->free_section, ic->commit_seq);
+ if (ic->free_section) {
+ init_journal(ic, 0, ic->free_section,
+ next_commit_seq(ic->commit_seq));
+ }
+ }
}
if (ic->mode == 'B') {
@@ -3111,6 +3122,8 @@ static void dm_integrity_resume(struct dm_target *ti)
DEBUG_print("resume\n");
+ ic->wrote_to_journal = false;
+
if (ic->provided_data_sectors != old_provided_data_sectors) {
if (ic->provided_data_sectors > old_provided_data_sectors &&
ic->mode == 'B' &&
--
2.35.1
^ permalink raw reply related [flat|nested] 217+ messages in thread
* [PATCH 5.15 187/206] fuse: lock inode unconditionally in fuse_fallocate()
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (185 preceding siblings ...)
2022-11-30 18:23 ` [PATCH 5.15 186/206] dm integrity: clear " Greg Kroah-Hartman
@ 2022-11-30 18:23 ` Greg Kroah-Hartman
2022-11-30 18:24 ` [PATCH 5.15 188/206] wifi: wilc1000: validate pairwise and authentication suite offsets Greg Kroah-Hartman
` (27 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:23 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Pengfei Xu, Miklos Szeredi,
syzbot+462da39f0667b357c4b6
From: Miklos Szeredi <mszeredi@redhat.com>
commit 44361e8cf9ddb23f17bdcc40ca944abf32e83e79 upstream.
file_modified() must be called with inode lock held. fuse_fallocate()
didn't lock the inode in case of just FALLOC_KEEP_SIZE flags value, which
resulted in a kernel Warning in notify_change().
Lock the inode unconditionally, like all other fallocate implementations
do.
Reported-by: Pengfei Xu <pengfei.xu@intel.com>
Reported-and-tested-by: syzbot+462da39f0667b357c4b6@syzkaller.appspotmail.com
Fixes: 4a6f278d4827 ("fuse: add file_modified() to fallocate")
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/fuse/file.c | 41 ++++++++++++++++++-----------------------
1 file changed, 18 insertions(+), 23 deletions(-)
--- a/fs/fuse/file.c
+++ b/fs/fuse/file.c
@@ -2937,11 +2937,9 @@ static long fuse_file_fallocate(struct f
.mode = mode
};
int err;
- bool lock_inode = !(mode & FALLOC_FL_KEEP_SIZE) ||
- (mode & (FALLOC_FL_PUNCH_HOLE |
- FALLOC_FL_ZERO_RANGE));
-
- bool block_faults = FUSE_IS_DAX(inode) && lock_inode;
+ bool block_faults = FUSE_IS_DAX(inode) &&
+ (!(mode & FALLOC_FL_KEEP_SIZE) ||
+ (mode & (FALLOC_FL_PUNCH_HOLE | FALLOC_FL_ZERO_RANGE)));
if (mode & ~(FALLOC_FL_KEEP_SIZE | FALLOC_FL_PUNCH_HOLE |
FALLOC_FL_ZERO_RANGE))
@@ -2950,22 +2948,20 @@ static long fuse_file_fallocate(struct f
if (fm->fc->no_fallocate)
return -EOPNOTSUPP;
- if (lock_inode) {
- inode_lock(inode);
- if (block_faults) {
- filemap_invalidate_lock(inode->i_mapping);
- err = fuse_dax_break_layouts(inode, 0, 0);
- if (err)
- goto out;
- }
-
- if (mode & (FALLOC_FL_PUNCH_HOLE | FALLOC_FL_ZERO_RANGE)) {
- loff_t endbyte = offset + length - 1;
-
- err = fuse_writeback_range(inode, offset, endbyte);
- if (err)
- goto out;
- }
+ inode_lock(inode);
+ if (block_faults) {
+ filemap_invalidate_lock(inode->i_mapping);
+ err = fuse_dax_break_layouts(inode, 0, 0);
+ if (err)
+ goto out;
+ }
+
+ if (mode & (FALLOC_FL_PUNCH_HOLE | FALLOC_FL_ZERO_RANGE)) {
+ loff_t endbyte = offset + length - 1;
+
+ err = fuse_writeback_range(inode, offset, endbyte);
+ if (err)
+ goto out;
}
if (!(mode & FALLOC_FL_KEEP_SIZE) &&
@@ -3015,8 +3011,7 @@ out:
if (block_faults)
filemap_invalidate_unlock(inode->i_mapping);
- if (lock_inode)
- inode_unlock(inode);
+ inode_unlock(inode);
fuse_flush_time_update(inode);
^ permalink raw reply [flat|nested] 217+ messages in thread
* [PATCH 5.15 188/206] wifi: wilc1000: validate pairwise and authentication suite offsets
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (186 preceding siblings ...)
2022-11-30 18:23 ` [PATCH 5.15 187/206] fuse: lock inode unconditionally in fuse_fallocate() Greg Kroah-Hartman
@ 2022-11-30 18:24 ` Greg Kroah-Hartman
2022-11-30 18:24 ` [PATCH 5.15 189/206] wifi: wilc1000: validate length of IEEE80211_P2P_ATTR_OPER_CHANNEL attribute Greg Kroah-Hartman
` (26 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:24 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Phil Turnbull, Ajay Kathat, Kalle Valo
From: Phil Turnbull <philipturnbull@github.com>
commit cd21d99e595ec1d8721e1058dcdd4f1f7de1d793 upstream.
There is no validation of 'offset' which can trigger an out-of-bounds
read when extracting RSN capabilities.
Signed-off-by: Phil Turnbull <philipturnbull@github.com>
Tested-by: Ajay Kathat <ajay.kathat@microchip.com>
Acked-by: Ajay Kathat <ajay.kathat@microchip.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20221123153543.8568-2-philipturnbull@github.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/wireless/microchip/wilc1000/hif.c | 21 ++++++++++++++++-----
1 file changed, 16 insertions(+), 5 deletions(-)
--- a/drivers/net/wireless/microchip/wilc1000/hif.c
+++ b/drivers/net/wireless/microchip/wilc1000/hif.c
@@ -467,14 +467,25 @@ void *wilc_parse_join_bss_param(struct c
rsn_ie = cfg80211_find_ie(WLAN_EID_RSN, ies->data, ies->len);
if (rsn_ie) {
+ int rsn_ie_len = sizeof(struct element) + rsn_ie[1];
int offset = 8;
- param->mode_802_11i = 2;
- param->rsn_found = true;
/* extract RSN capabilities */
- offset += (rsn_ie[offset] * 4) + 2;
- offset += (rsn_ie[offset] * 4) + 2;
- memcpy(param->rsn_cap, &rsn_ie[offset], 2);
+ if (offset < rsn_ie_len) {
+ /* skip over pairwise suites */
+ offset += (rsn_ie[offset] * 4) + 2;
+
+ if (offset < rsn_ie_len) {
+ /* skip over authentication suites */
+ offset += (rsn_ie[offset] * 4) + 2;
+
+ if (offset + 1 < rsn_ie_len) {
+ param->mode_802_11i = 2;
+ param->rsn_found = true;
+ memcpy(param->rsn_cap, &rsn_ie[offset], 2);
+ }
+ }
+ }
}
if (param->rsn_found) {
^ permalink raw reply [flat|nested] 217+ messages in thread
* [PATCH 5.15 189/206] wifi: wilc1000: validate length of IEEE80211_P2P_ATTR_OPER_CHANNEL attribute
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (187 preceding siblings ...)
2022-11-30 18:24 ` [PATCH 5.15 188/206] wifi: wilc1000: validate pairwise and authentication suite offsets Greg Kroah-Hartman
@ 2022-11-30 18:24 ` Greg Kroah-Hartman
2022-11-30 18:24 ` [PATCH 5.15 190/206] wifi: wilc1000: validate length of IEEE80211_P2P_ATTR_CHANNEL_LIST attribute Greg Kroah-Hartman
` (25 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:24 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Phil Turnbull, Ajay Kathat, Kalle Valo
From: Phil Turnbull <philipturnbull@github.com>
commit 051ae669e4505abbe05165bebf6be7922de11f41 upstream.
Validate that the IEEE80211_P2P_ATTR_OPER_CHANNEL attribute contains
enough space for a 'struct struct wilc_attr_oper_ch'. If the attribute is
too small then it triggers an out-of-bounds write later in the function.
Signed-off-by: Phil Turnbull <philipturnbull@github.com>
Tested-by: Ajay Kathat <ajay.kathat@microchip.com>
Acked-by: Ajay Kathat <ajay.kathat@microchip.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20221123153543.8568-3-philipturnbull@github.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/wireless/microchip/wilc1000/cfg80211.c | 14 ++++++++++++--
1 file changed, 12 insertions(+), 2 deletions(-)
--- a/drivers/net/wireless/microchip/wilc1000/cfg80211.c
+++ b/drivers/net/wireless/microchip/wilc1000/cfg80211.c
@@ -939,14 +939,24 @@ static inline void wilc_wfi_cfg_parse_ch
return;
while (index + sizeof(*e) <= len) {
+ u16 attr_size;
+
e = (struct wilc_attr_entry *)&buf[index];
+ attr_size = le16_to_cpu(e->attr_len);
+
+ if (index + sizeof(*e) + attr_size > len)
+ return;
+
if (e->attr_type == IEEE80211_P2P_ATTR_CHANNEL_LIST)
ch_list_idx = index;
- else if (e->attr_type == IEEE80211_P2P_ATTR_OPER_CHANNEL)
+ else if (e->attr_type == IEEE80211_P2P_ATTR_OPER_CHANNEL &&
+ attr_size == (sizeof(struct wilc_attr_oper_ch) - sizeof(*e)))
op_ch_idx = index;
+
if (ch_list_idx && op_ch_idx)
break;
- index += le16_to_cpu(e->attr_len) + sizeof(*e);
+
+ index += sizeof(*e) + attr_size;
}
if (ch_list_idx) {
^ permalink raw reply [flat|nested] 217+ messages in thread
* [PATCH 5.15 190/206] wifi: wilc1000: validate length of IEEE80211_P2P_ATTR_CHANNEL_LIST attribute
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (188 preceding siblings ...)
2022-11-30 18:24 ` [PATCH 5.15 189/206] wifi: wilc1000: validate length of IEEE80211_P2P_ATTR_OPER_CHANNEL attribute Greg Kroah-Hartman
@ 2022-11-30 18:24 ` Greg Kroah-Hartman
2022-11-30 18:24 ` [PATCH 5.15 191/206] wifi: wilc1000: validate number of channels Greg Kroah-Hartman
` (24 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:24 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Phil Turnbull, Ajay Kathat, Kalle Valo
From: Phil Turnbull <philipturnbull@github.com>
commit f9b62f9843c7b0afdaecabbcebf1dbba18599408 upstream.
Validate that the IEEE80211_P2P_ATTR_CHANNEL_LIST attribute contains
enough space for a 'struct wilc_attr_oper_ch'. If the attribute is too
small then it can trigger an out-of-bounds write later in the function.
'struct wilc_attr_oper_ch' is variable sized so also check 'attr_len'
does not extend beyond the end of 'buf'.
Signed-off-by: Phil Turnbull <philipturnbull@github.com>
Tested-by: Ajay Kathat <ajay.kathat@microchip.com>
Acked-by: Ajay Kathat <ajay.kathat@microchip.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20221123153543.8568-4-philipturnbull@github.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/wireless/microchip/wilc1000/cfg80211.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/drivers/net/wireless/microchip/wilc1000/cfg80211.c
+++ b/drivers/net/wireless/microchip/wilc1000/cfg80211.c
@@ -947,7 +947,8 @@ static inline void wilc_wfi_cfg_parse_ch
if (index + sizeof(*e) + attr_size > len)
return;
- if (e->attr_type == IEEE80211_P2P_ATTR_CHANNEL_LIST)
+ if (e->attr_type == IEEE80211_P2P_ATTR_CHANNEL_LIST &&
+ attr_size >= (sizeof(struct wilc_attr_ch_list) - sizeof(*e)))
ch_list_idx = index;
else if (e->attr_type == IEEE80211_P2P_ATTR_OPER_CHANNEL &&
attr_size == (sizeof(struct wilc_attr_oper_ch) - sizeof(*e)))
^ permalink raw reply [flat|nested] 217+ messages in thread
* [PATCH 5.15 191/206] wifi: wilc1000: validate number of channels
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (189 preceding siblings ...)
2022-11-30 18:24 ` [PATCH 5.15 190/206] wifi: wilc1000: validate length of IEEE80211_P2P_ATTR_CHANNEL_LIST attribute Greg Kroah-Hartman
@ 2022-11-30 18:24 ` Greg Kroah-Hartman
2022-11-30 18:24 ` [PATCH 5.15 192/206] genirq/msi: Shutdown managed interrupts with unsatifiable affinities Greg Kroah-Hartman
` (23 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:24 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Phil Turnbull, Ajay Kathat, Kalle Valo
From: Phil Turnbull <philipturnbull@github.com>
commit 0cdfa9e6f0915e3d243e2393bfa8a22e12d553b0 upstream.
There is no validation of 'e->no_of_channels' which can trigger an
out-of-bounds write in the following 'memset' call. Validate that the
number of channels does not extends beyond the size of the channel list
element.
Signed-off-by: Phil Turnbull <philipturnbull@github.com>
Tested-by: Ajay Kathat <ajay.kathat@microchip.com>
Acked-by: Ajay Kathat <ajay.kathat@microchip.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20221123153543.8568-5-philipturnbull@github.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/wireless/microchip/wilc1000/cfg80211.c | 23 +++++++++++++++------
1 file changed, 17 insertions(+), 6 deletions(-)
--- a/drivers/net/wireless/microchip/wilc1000/cfg80211.c
+++ b/drivers/net/wireless/microchip/wilc1000/cfg80211.c
@@ -961,19 +961,30 @@ static inline void wilc_wfi_cfg_parse_ch
}
if (ch_list_idx) {
- u16 attr_size;
- struct wilc_ch_list_elem *e;
- int i;
+ unsigned int i;
+ u16 elem_size;
ch_list = (struct wilc_attr_ch_list *)&buf[ch_list_idx];
- attr_size = le16_to_cpu(ch_list->attr_len);
- for (i = 0; i < attr_size;) {
+ /* the number of bytes following the final 'elem' member */
+ elem_size = le16_to_cpu(ch_list->attr_len) -
+ (sizeof(*ch_list) - sizeof(struct wilc_attr_entry));
+ for (i = 0; i < elem_size;) {
+ struct wilc_ch_list_elem *e;
+
e = (struct wilc_ch_list_elem *)(ch_list->elem + i);
+
+ i += sizeof(*e);
+ if (i > elem_size)
+ break;
+
+ i += e->no_of_channels;
+ if (i > elem_size)
+ break;
+
if (e->op_class == WILC_WLAN_OPERATING_CLASS_2_4GHZ) {
memset(e->ch_list, sta_ch, e->no_of_channels);
break;
}
- i += e->no_of_channels;
}
}
^ permalink raw reply [flat|nested] 217+ messages in thread
* [PATCH 5.15 192/206] genirq/msi: Shutdown managed interrupts with unsatifiable affinities
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (190 preceding siblings ...)
2022-11-30 18:24 ` [PATCH 5.15 191/206] wifi: wilc1000: validate number of channels Greg Kroah-Hartman
@ 2022-11-30 18:24 ` Greg Kroah-Hartman
2022-11-30 18:24 ` [PATCH 5.15 193/206] genirq: Always limit the affinity to online CPUs Greg Kroah-Hartman
` (22 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:24 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, John Garry, David Decotigny,
Marc Zyngier, Thomas Gleixner, Luiz Capitulino
From: Luiz Capitulino <luizcap@amazon.com>
From: Marc Zyngier <maz@kernel.org>
commit d802057c7c553ad426520a053da9f9fe08e2c35a upstream.
[ This commit is almost a rewrite because it conflicts with Thomas
Gleixner's refactoring of this code in v5.17-rc1. I wasn't sure if
I should drop all the s-o-bs (including Mark's), but decided
to keep as the original commit ]
When booting with maxcpus=<small number>, interrupt controllers
such as the GICv3 ITS may not be able to satisfy the affinity of
some managed interrupts, as some of the HW resources are simply
not available.
The same thing happens when loading a driver using managed interrupts
while CPUs are offline.
In order to deal with this, do not try to activate such interrupt
if there is no online CPU capable of handling it. Instead, place
it in shutdown state. Once a capable CPU shows up, it will be
activated.
Reported-by: John Garry <john.garry@huawei.com>
Reported-by: David Decotigny <ddecotig@google.com>
Signed-off-by: Marc Zyngier <maz@kernel.org>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Tested-by: John Garry <john.garry@huawei.com>
Link: https://lore.kernel.org/r/20220405185040.206297-2-maz@kernel.org
Signed-off-by: Luiz Capitulino <luizcap@amazon.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
kernel/irq/msi.c | 7 +++++++
1 file changed, 7 insertions(+)
--- a/kernel/irq/msi.c
+++ b/kernel/irq/msi.c
@@ -596,6 +596,13 @@ int __msi_domain_alloc_irqs(struct irq_d
irqd_clr_can_reserve(irq_data);
if (domain->flags & IRQ_DOMAIN_MSI_NOMASK_QUIRK)
irqd_set_msi_nomask_quirk(irq_data);
+ if ((info->flags & MSI_FLAG_ACTIVATE_EARLY) &&
+ irqd_affinity_is_managed(irq_data) &&
+ !cpumask_intersects(irq_data_get_affinity_mask(irq_data),
+ cpu_online_mask)) {
+ irqd_set_managed_shutdown(irq_data);
+ continue;
+ }
}
ret = irq_domain_activate_irq(irq_data, can_reserve);
if (ret)
^ permalink raw reply [flat|nested] 217+ messages in thread
* [PATCH 5.15 193/206] genirq: Always limit the affinity to online CPUs
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (191 preceding siblings ...)
2022-11-30 18:24 ` [PATCH 5.15 192/206] genirq/msi: Shutdown managed interrupts with unsatifiable affinities Greg Kroah-Hartman
@ 2022-11-30 18:24 ` Greg Kroah-Hartman
2022-11-30 18:24 ` [PATCH 5.15 194/206] irqchip/gic-v3: Always trust the managed affinity provided by the core code Greg Kroah-Hartman
` (21 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:24 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Marc Zyngier, Thomas Gleixner,
Luiz Capitulino
From: Luiz Capitulino <luizcap@amazon.com>
From: Marc Zyngier <maz@kernel.org>
commit 33de0aa4bae982ed6f7c777f86b5af3e627ac937 upstream.
[ Fixed small conflicts due to the HK_FLAG_MANAGED_IRQ flag been
renamed on upstream ]
When booting with maxcpus=<small number> (or even loading a driver
while most CPUs are offline), it is pretty easy to observe managed
affinities containing a mix of online and offline CPUs being passed
to the irqchip driver.
This means that the irqchip cannot trust the affinity passed down
from the core code, which is a bit annoying and requires (at least
in theory) all drivers to implement some sort of affinity narrowing.
In order to address this, always limit the cpumask to the set of
online CPUs.
Signed-off-by: Marc Zyngier <maz@kernel.org>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Link: https://lore.kernel.org/r/20220405185040.206297-3-maz@kernel.org
Signed-off-by: Luiz Capitulino <luizcap@amazon.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
kernel/irq/manage.c | 25 +++++++++++++++++--------
1 file changed, 17 insertions(+), 8 deletions(-)
--- a/kernel/irq/manage.c
+++ b/kernel/irq/manage.c
@@ -222,11 +222,16 @@ int irq_do_set_affinity(struct irq_data
{
struct irq_desc *desc = irq_data_to_desc(data);
struct irq_chip *chip = irq_data_get_irq_chip(data);
+ const struct cpumask *prog_mask;
int ret;
+ static DEFINE_RAW_SPINLOCK(tmp_mask_lock);
+ static struct cpumask tmp_mask;
+
if (!chip || !chip->irq_set_affinity)
return -EINVAL;
+ raw_spin_lock(&tmp_mask_lock);
/*
* If this is a managed interrupt and housekeeping is enabled on
* it check whether the requested affinity mask intersects with
@@ -248,24 +253,28 @@ int irq_do_set_affinity(struct irq_data
*/
if (irqd_affinity_is_managed(data) &&
housekeeping_enabled(HK_FLAG_MANAGED_IRQ)) {
- const struct cpumask *hk_mask, *prog_mask;
-
- static DEFINE_RAW_SPINLOCK(tmp_mask_lock);
- static struct cpumask tmp_mask;
+ const struct cpumask *hk_mask;
hk_mask = housekeeping_cpumask(HK_FLAG_MANAGED_IRQ);
- raw_spin_lock(&tmp_mask_lock);
cpumask_and(&tmp_mask, mask, hk_mask);
if (!cpumask_intersects(&tmp_mask, cpu_online_mask))
prog_mask = mask;
else
prog_mask = &tmp_mask;
- ret = chip->irq_set_affinity(data, prog_mask, force);
- raw_spin_unlock(&tmp_mask_lock);
} else {
- ret = chip->irq_set_affinity(data, mask, force);
+ prog_mask = mask;
}
+
+ /* Make sure we only provide online CPUs to the irqchip */
+ cpumask_and(&tmp_mask, prog_mask, cpu_online_mask);
+ if (!cpumask_empty(&tmp_mask))
+ ret = chip->irq_set_affinity(data, &tmp_mask, force);
+ else
+ ret = -EINVAL;
+
+ raw_spin_unlock(&tmp_mask_lock);
+
switch (ret) {
case IRQ_SET_MASK_OK:
case IRQ_SET_MASK_OK_DONE:
^ permalink raw reply [flat|nested] 217+ messages in thread
* [PATCH 5.15 194/206] irqchip/gic-v3: Always trust the managed affinity provided by the core code
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (192 preceding siblings ...)
2022-11-30 18:24 ` [PATCH 5.15 193/206] genirq: Always limit the affinity to online CPUs Greg Kroah-Hartman
@ 2022-11-30 18:24 ` Greg Kroah-Hartman
2022-11-30 18:24 ` [PATCH 5.15 195/206] genirq: Take the proposed affinity at face value if force==true Greg Kroah-Hartman
` (20 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:24 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Marc Zyngier, Thomas Gleixner,
Luiz Capitulino
From: Luiz Capitulino <luizcap@amazon.com>
From: Marc Zyngier <maz@kernel.org>
commit 3f893a5962d31c0164efdbf6174ed0784f1d7603 upstream.
Now that the core code has been fixed to always give us an affinity
that only includes online CPUs, directly use this affinity when
computing a target CPU.
Signed-off-by: Marc Zyngier <maz@kernel.org>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Link: https://lore.kernel.org/r/20220405185040.206297-4-maz@kernel.org
Signed-off-by: Luiz Capitulino <luizcap@amazon.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/irqchip/irq-gic-v3-its.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/irqchip/irq-gic-v3-its.c
+++ b/drivers/irqchip/irq-gic-v3-its.c
@@ -1620,7 +1620,7 @@ static int its_select_cpu(struct irq_dat
cpu = cpumask_pick_least_loaded(d, tmpmask);
} else {
- cpumask_and(tmpmask, irq_data_get_affinity_mask(d), cpu_online_mask);
+ cpumask_copy(tmpmask, aff_mask);
/* If we cannot cross sockets, limit the search to that node */
if ((its_dev->its->flags & ITS_FLAGS_WORKAROUND_CAVIUM_23144) &&
^ permalink raw reply [flat|nested] 217+ messages in thread
* [PATCH 5.15 195/206] genirq: Take the proposed affinity at face value if force==true
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (193 preceding siblings ...)
2022-11-30 18:24 ` [PATCH 5.15 194/206] irqchip/gic-v3: Always trust the managed affinity provided by the core code Greg Kroah-Hartman
@ 2022-11-30 18:24 ` Greg Kroah-Hartman
2022-11-30 18:24 ` [PATCH 5.15 196/206] btrfs: free btrfs_path before copying root refs to userspace Greg Kroah-Hartman
` (19 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:24 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Marek Szyprowski, Marc Zyngier,
Thomas Gleixner, Luiz Capitulino
From: Luiz Capitulino <luizcap@amazon.com>
From: Marc Zyngier <maz@kernel.org>
commit c48c8b829d2b966a6649827426bcdba082ccf922 upstream.
Although setting the affinity of an interrupt to a set of CPUs that doesn't
have any online CPU is generally frowned apon, there are a few limited
cases where such affinity is set from a CPUHP notifier, setting the
affinity to a CPU that isn't online yet.
The saving grace is that this is always done using the 'force' attribute,
which gives a hint that the affinity setting can be outside of the online
CPU mask and the callsite set this flag with the knowledge that the
underlying interrupt controller knows to handle it.
This restores the expected behaviour on Marek's system.
Fixes: 33de0aa4bae9 ("genirq: Always limit the affinity to online CPUs")
Reported-by: Marek Szyprowski <m.szyprowski@samsung.com>
Signed-off-by: Marc Zyngier <maz@kernel.org>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Tested-by: Marek Szyprowski <m.szyprowski@samsung.com>
Link: https://lore.kernel.org/r/4b7fc13c-887b-a664-26e8-45aed13f048a@samsung.com
Link: https://lore.kernel.org/r/20220414140011.541725-1-maz@kernel.org
Signed-off-by: Luiz Capitulino <luizcap@amazon.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
kernel/irq/manage.c | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
--- a/kernel/irq/manage.c
+++ b/kernel/irq/manage.c
@@ -266,10 +266,16 @@ int irq_do_set_affinity(struct irq_data
prog_mask = mask;
}
- /* Make sure we only provide online CPUs to the irqchip */
+ /*
+ * Make sure we only provide online CPUs to the irqchip,
+ * unless we are being asked to force the affinity (in which
+ * case we do as we are told).
+ */
cpumask_and(&tmp_mask, prog_mask, cpu_online_mask);
- if (!cpumask_empty(&tmp_mask))
+ if (!force && !cpumask_empty(&tmp_mask))
ret = chip->irq_set_affinity(data, &tmp_mask, force);
+ else if (force)
+ ret = chip->irq_set_affinity(data, mask, force);
else
ret = -EINVAL;
^ permalink raw reply [flat|nested] 217+ messages in thread
* [PATCH 5.15 196/206] btrfs: free btrfs_path before copying root refs to userspace
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (194 preceding siblings ...)
2022-11-30 18:24 ` [PATCH 5.15 195/206] genirq: Take the proposed affinity at face value if force==true Greg Kroah-Hartman
@ 2022-11-30 18:24 ` Greg Kroah-Hartman
2022-11-30 18:24 ` [PATCH 5.15 197/206] btrfs: free btrfs_path before copying fspath " Greg Kroah-Hartman
` (18 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:24 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, syzbot+4ef9e52e464c6ff47d9d,
Anand Jain, Josef Bacik, David Sterba
From: Josef Bacik <josef@toxicpanda.com>
commit b740d806166979488e798e41743aaec051f2443f upstream.
Syzbot reported the following lockdep splat
======================================================
WARNING: possible circular locking dependency detected
6.0.0-rc7-syzkaller-18095-gbbed346d5a96 #0 Not tainted
------------------------------------------------------
syz-executor307/3029 is trying to acquire lock:
ffff0000c02525d8 (&mm->mmap_lock){++++}-{3:3}, at: __might_fault+0x54/0xb4 mm/memory.c:5576
but task is already holding lock:
ffff0000c958a608 (btrfs-root-00){++++}-{3:3}, at: __btrfs_tree_read_lock fs/btrfs/locking.c:134 [inline]
ffff0000c958a608 (btrfs-root-00){++++}-{3:3}, at: btrfs_tree_read_lock fs/btrfs/locking.c:140 [inline]
ffff0000c958a608 (btrfs-root-00){++++}-{3:3}, at: btrfs_read_lock_root_node+0x13c/0x1c0 fs/btrfs/locking.c:279
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #3 (btrfs-root-00){++++}-{3:3}:
down_read_nested+0x64/0x84 kernel/locking/rwsem.c:1624
__btrfs_tree_read_lock fs/btrfs/locking.c:134 [inline]
btrfs_tree_read_lock fs/btrfs/locking.c:140 [inline]
btrfs_read_lock_root_node+0x13c/0x1c0 fs/btrfs/locking.c:279
btrfs_search_slot_get_root+0x74/0x338 fs/btrfs/ctree.c:1637
btrfs_search_slot+0x1b0/0xfd8 fs/btrfs/ctree.c:1944
btrfs_update_root+0x6c/0x5a0 fs/btrfs/root-tree.c:132
commit_fs_roots+0x1f0/0x33c fs/btrfs/transaction.c:1459
btrfs_commit_transaction+0x89c/0x12d8 fs/btrfs/transaction.c:2343
flush_space+0x66c/0x738 fs/btrfs/space-info.c:786
btrfs_async_reclaim_metadata_space+0x43c/0x4e0 fs/btrfs/space-info.c:1059
process_one_work+0x2d8/0x504 kernel/workqueue.c:2289
worker_thread+0x340/0x610 kernel/workqueue.c:2436
kthread+0x12c/0x158 kernel/kthread.c:376
ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:860
-> #2 (&fs_info->reloc_mutex){+.+.}-{3:3}:
__mutex_lock_common+0xd4/0xca8 kernel/locking/mutex.c:603
__mutex_lock kernel/locking/mutex.c:747 [inline]
mutex_lock_nested+0x38/0x44 kernel/locking/mutex.c:799
btrfs_record_root_in_trans fs/btrfs/transaction.c:516 [inline]
start_transaction+0x248/0x944 fs/btrfs/transaction.c:752
btrfs_start_transaction+0x34/0x44 fs/btrfs/transaction.c:781
btrfs_create_common+0xf0/0x1b4 fs/btrfs/inode.c:6651
btrfs_create+0x8c/0xb0 fs/btrfs/inode.c:6697
lookup_open fs/namei.c:3413 [inline]
open_last_lookups fs/namei.c:3481 [inline]
path_openat+0x804/0x11c4 fs/namei.c:3688
do_filp_open+0xdc/0x1b8 fs/namei.c:3718
do_sys_openat2+0xb8/0x22c fs/open.c:1313
do_sys_open fs/open.c:1329 [inline]
__do_sys_openat fs/open.c:1345 [inline]
__se_sys_openat fs/open.c:1340 [inline]
__arm64_sys_openat+0xb0/0xe0 fs/open.c:1340
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall arch/arm64/kernel/syscall.c:52 [inline]
el0_svc_common+0x138/0x220 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x48/0x164 arch/arm64/kernel/syscall.c:206
el0_svc+0x58/0x150 arch/arm64/kernel/entry-common.c:636
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:654
el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:581
-> #1 (sb_internal#2){.+.+}-{0:0}:
percpu_down_read include/linux/percpu-rwsem.h:51 [inline]
__sb_start_write include/linux/fs.h:1826 [inline]
sb_start_intwrite include/linux/fs.h:1948 [inline]
start_transaction+0x360/0x944 fs/btrfs/transaction.c:683
btrfs_join_transaction+0x30/0x40 fs/btrfs/transaction.c:795
btrfs_dirty_inode+0x50/0x140 fs/btrfs/inode.c:6103
btrfs_update_time+0x1c0/0x1e8 fs/btrfs/inode.c:6145
inode_update_time fs/inode.c:1872 [inline]
touch_atime+0x1f0/0x4a8 fs/inode.c:1945
file_accessed include/linux/fs.h:2516 [inline]
btrfs_file_mmap+0x50/0x88 fs/btrfs/file.c:2407
call_mmap include/linux/fs.h:2192 [inline]
mmap_region+0x7fc/0xc14 mm/mmap.c:1752
do_mmap+0x644/0x97c mm/mmap.c:1540
vm_mmap_pgoff+0xe8/0x1d0 mm/util.c:552
ksys_mmap_pgoff+0x1cc/0x278 mm/mmap.c:1586
__do_sys_mmap arch/arm64/kernel/sys.c:28 [inline]
__se_sys_mmap arch/arm64/kernel/sys.c:21 [inline]
__arm64_sys_mmap+0x58/0x6c arch/arm64/kernel/sys.c:21
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall arch/arm64/kernel/syscall.c:52 [inline]
el0_svc_common+0x138/0x220 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x48/0x164 arch/arm64/kernel/syscall.c:206
el0_svc+0x58/0x150 arch/arm64/kernel/entry-common.c:636
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:654
el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:581
-> #0 (&mm->mmap_lock){++++}-{3:3}:
check_prev_add kernel/locking/lockdep.c:3095 [inline]
check_prevs_add kernel/locking/lockdep.c:3214 [inline]
validate_chain kernel/locking/lockdep.c:3829 [inline]
__lock_acquire+0x1530/0x30a4 kernel/locking/lockdep.c:5053
lock_acquire+0x100/0x1f8 kernel/locking/lockdep.c:5666
__might_fault+0x7c/0xb4 mm/memory.c:5577
_copy_to_user include/linux/uaccess.h:134 [inline]
copy_to_user include/linux/uaccess.h:160 [inline]
btrfs_ioctl_get_subvol_rootref+0x3a8/0x4bc fs/btrfs/ioctl.c:3203
btrfs_ioctl+0xa08/0xa64 fs/btrfs/ioctl.c:5556
vfs_ioctl fs/ioctl.c:51 [inline]
__do_sys_ioctl fs/ioctl.c:870 [inline]
__se_sys_ioctl fs/ioctl.c:856 [inline]
__arm64_sys_ioctl+0xd0/0x140 fs/ioctl.c:856
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall arch/arm64/kernel/syscall.c:52 [inline]
el0_svc_common+0x138/0x220 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x48/0x164 arch/arm64/kernel/syscall.c:206
el0_svc+0x58/0x150 arch/arm64/kernel/entry-common.c:636
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:654
el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:581
other info that might help us debug this:
Chain exists of:
&mm->mmap_lock --> &fs_info->reloc_mutex --> btrfs-root-00
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(btrfs-root-00);
lock(&fs_info->reloc_mutex);
lock(btrfs-root-00);
lock(&mm->mmap_lock);
*** DEADLOCK ***
1 lock held by syz-executor307/3029:
#0: ffff0000c958a608 (btrfs-root-00){++++}-{3:3}, at: __btrfs_tree_read_lock fs/btrfs/locking.c:134 [inline]
#0: ffff0000c958a608 (btrfs-root-00){++++}-{3:3}, at: btrfs_tree_read_lock fs/btrfs/locking.c:140 [inline]
#0: ffff0000c958a608 (btrfs-root-00){++++}-{3:3}, at: btrfs_read_lock_root_node+0x13c/0x1c0 fs/btrfs/locking.c:279
stack backtrace:
CPU: 0 PID: 3029 Comm: syz-executor307 Not tainted 6.0.0-rc7-syzkaller-18095-gbbed346d5a96 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/30/2022
Call trace:
dump_backtrace+0x1c4/0x1f0 arch/arm64/kernel/stacktrace.c:156
show_stack+0x2c/0x54 arch/arm64/kernel/stacktrace.c:163
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x104/0x16c lib/dump_stack.c:106
dump_stack+0x1c/0x58 lib/dump_stack.c:113
print_circular_bug+0x2c4/0x2c8 kernel/locking/lockdep.c:2053
check_noncircular+0x14c/0x154 kernel/locking/lockdep.c:2175
check_prev_add kernel/locking/lockdep.c:3095 [inline]
check_prevs_add kernel/locking/lockdep.c:3214 [inline]
validate_chain kernel/locking/lockdep.c:3829 [inline]
__lock_acquire+0x1530/0x30a4 kernel/locking/lockdep.c:5053
lock_acquire+0x100/0x1f8 kernel/locking/lockdep.c:5666
__might_fault+0x7c/0xb4 mm/memory.c:5577
_copy_to_user include/linux/uaccess.h:134 [inline]
copy_to_user include/linux/uaccess.h:160 [inline]
btrfs_ioctl_get_subvol_rootref+0x3a8/0x4bc fs/btrfs/ioctl.c:3203
btrfs_ioctl+0xa08/0xa64 fs/btrfs/ioctl.c:5556
vfs_ioctl fs/ioctl.c:51 [inline]
__do_sys_ioctl fs/ioctl.c:870 [inline]
__se_sys_ioctl fs/ioctl.c:856 [inline]
__arm64_sys_ioctl+0xd0/0x140 fs/ioctl.c:856
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall arch/arm64/kernel/syscall.c:52 [inline]
el0_svc_common+0x138/0x220 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x48/0x164 arch/arm64/kernel/syscall.c:206
el0_svc+0x58/0x150 arch/arm64/kernel/entry-common.c:636
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:654
el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:581
We do generally the right thing here, copying the references into a
temporary buffer, however we are still holding the path when we do
copy_to_user from the temporary buffer. Fix this by freeing the path
before we copy to user space.
Reported-by: syzbot+4ef9e52e464c6ff47d9d@syzkaller.appspotmail.com
CC: stable@vger.kernel.org # 4.19+
Reviewed-by: Anand Jain <anand.jain@oracle.com>
Signed-off-by: Josef Bacik <josef@toxicpanda.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/btrfs/ioctl.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/fs/btrfs/ioctl.c
+++ b/fs/btrfs/ioctl.c
@@ -2880,6 +2880,8 @@ static int btrfs_ioctl_get_subvol_rootre
}
out:
+ btrfs_free_path(path);
+
if (!ret || ret == -EOVERFLOW) {
rootrefs->num_items = found;
/* update min_treeid for next search */
@@ -2891,7 +2893,6 @@ out:
}
kfree(rootrefs);
- btrfs_free_path(path);
return ret;
}
^ permalink raw reply [flat|nested] 217+ messages in thread
* [PATCH 5.15 197/206] btrfs: free btrfs_path before copying fspath to userspace
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (195 preceding siblings ...)
2022-11-30 18:24 ` [PATCH 5.15 196/206] btrfs: free btrfs_path before copying root refs to userspace Greg Kroah-Hartman
@ 2022-11-30 18:24 ` Greg Kroah-Hartman
2022-11-30 18:24 ` [PATCH 5.15 198/206] btrfs: free btrfs_path before copying subvol info " Greg Kroah-Hartman
` (17 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:24 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Anand Jain, David Sterba
From: Anand Jain <anand.jain@oracle.com>
commit 8cf96b409d9b3946ece58ced13f92d0f775b0442 upstream.
btrfs_ioctl_ino_to_path() frees the search path after the userspace copy
from the temp buffer @ipath->fspath. Which potentially can lead to a lock
splat warning.
Fix this by freeing the path before we copy it to userspace.
CC: stable@vger.kernel.org # 4.19+
Signed-off-by: Anand Jain <anand.jain@oracle.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/btrfs/ioctl.c | 2 ++
1 file changed, 2 insertions(+)
--- a/fs/btrfs/ioctl.c
+++ b/fs/btrfs/ioctl.c
@@ -3892,6 +3892,8 @@ static long btrfs_ioctl_ino_to_path(stru
ipath->fspath->val[i] = rel_ptr;
}
+ btrfs_free_path(path);
+ path = NULL;
ret = copy_to_user((void __user *)(unsigned long)ipa->fspath,
ipath->fspath, size);
if (ret) {
^ permalink raw reply [flat|nested] 217+ messages in thread
* [PATCH 5.15 198/206] btrfs: free btrfs_path before copying subvol info to userspace
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (196 preceding siblings ...)
2022-11-30 18:24 ` [PATCH 5.15 197/206] btrfs: free btrfs_path before copying fspath " Greg Kroah-Hartman
@ 2022-11-30 18:24 ` Greg Kroah-Hartman
2022-11-30 18:24 ` [PATCH 5.15 199/206] btrfs: zoned: fix missing endianness conversion in sb_write_pointer Greg Kroah-Hartman
` (16 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:24 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Anand Jain, David Sterba
From: Anand Jain <anand.jain@oracle.com>
commit 013c1c5585ebcfb19c88efe79063d0463b1b6159 upstream.
btrfs_ioctl_get_subvol_info() frees the search path after the userspace
copy from the temp buffer @subvol_info. This can lead to a lock splat
warning.
Fix this by freeing the path before we copy it to userspace.
CC: stable@vger.kernel.org # 4.19+
Signed-off-by: Anand Jain <anand.jain@oracle.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/btrfs/ioctl.c | 2 ++
1 file changed, 2 insertions(+)
--- a/fs/btrfs/ioctl.c
+++ b/fs/btrfs/ioctl.c
@@ -2788,6 +2788,8 @@ static int btrfs_ioctl_get_subvol_info(s
}
}
+ btrfs_free_path(path);
+ path = NULL;
if (copy_to_user(argp, subvol_info, sizeof(*subvol_info)))
ret = -EFAULT;
^ permalink raw reply [flat|nested] 217+ messages in thread
* [PATCH 5.15 199/206] btrfs: zoned: fix missing endianness conversion in sb_write_pointer
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (197 preceding siblings ...)
2022-11-30 18:24 ` [PATCH 5.15 198/206] btrfs: free btrfs_path before copying subvol info " Greg Kroah-Hartman
@ 2022-11-30 18:24 ` Greg Kroah-Hartman
2022-11-30 18:24 ` [PATCH 5.15 200/206] btrfs: use kvcalloc in btrfs_get_dev_zone_info Greg Kroah-Hartman
` (15 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:24 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Johannes Thumshirn, Qu Wenruo,
Christoph Hellwig, David Sterba
From: Christoph Hellwig <hch@lst.de>
commit c51f0e6a1254b3ac2d308e1c6fd8fb936992b455 upstream.
generation is an on-disk __le64 value, so use btrfs_super_generation to
convert it to host endian before comparing it.
Fixes: 12659251ca5d ("btrfs: implement log-structured superblock for ZONED mode")
CC: stable@vger.kernel.org # 5.15+
Reviewed-by: Johannes Thumshirn <johannes.thumshirn@wdc.com>
Reviewed-by: Qu Wenruo <wqu@suse.com>
Signed-off-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/btrfs/zoned.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/fs/btrfs/zoned.c
+++ b/fs/btrfs/zoned.c
@@ -114,7 +114,8 @@ static int sb_write_pointer(struct block
super[i] = page_address(page[i]);
}
- if (super[0]->generation > super[1]->generation)
+ if (btrfs_super_generation(super[0]) >
+ btrfs_super_generation(super[1]))
sector = zones[1].start;
else
sector = zones[0].start;
^ permalink raw reply [flat|nested] 217+ messages in thread
* [PATCH 5.15 200/206] btrfs: use kvcalloc in btrfs_get_dev_zone_info
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (198 preceding siblings ...)
2022-11-30 18:24 ` [PATCH 5.15 199/206] btrfs: zoned: fix missing endianness conversion in sb_write_pointer Greg Kroah-Hartman
@ 2022-11-30 18:24 ` Greg Kroah-Hartman
2022-11-30 18:24 ` [PATCH 5.15 201/206] btrfs: sysfs: normalize the error handling branch in btrfs_init_sysfs() Greg Kroah-Hartman
` (14 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:24 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Damien Le Moal, Johannes Thumshirn,
Christoph Hellwig, David Sterba
From: Christoph Hellwig <hch@lst.de>
commit 8fe97d47b52ae1ad130470b1780f0ded4ba609a4 upstream.
Otherwise the kernel memory allocator seems to be unhappy about failing
order 6 allocations for the zones array, that cause 100% reproducible
mount failures in my qemu setup:
[26.078981] mount: page allocation failure: order:6, mode:0x40dc0(GFP_KERNEL|__GFP_COMP|__GFP_ZERO), nodemask=(null)
[26.079741] CPU: 0 PID: 2965 Comm: mount Not tainted 6.1.0-rc5+ #185
[26.080181] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014
[26.080950] Call Trace:
[26.081132] <TASK>
[26.081291] dump_stack_lvl+0x56/0x6f
[26.081554] warn_alloc+0x117/0x140
[26.081808] ? __alloc_pages_direct_compact+0x1b5/0x300
[26.082174] __alloc_pages_slowpath.constprop.0+0xd0e/0xde0
[26.082569] __alloc_pages+0x32a/0x340
[26.082836] __kmalloc_large_node+0x4d/0xa0
[26.083133] ? trace_kmalloc+0x29/0xd0
[26.083399] kmalloc_large+0x14/0x60
[26.083654] btrfs_get_dev_zone_info+0x1b9/0xc00
[26.083980] ? _raw_spin_unlock_irqrestore+0x28/0x50
[26.084328] btrfs_get_dev_zone_info_all_devices+0x54/0x80
[26.084708] open_ctree+0xed4/0x1654
[26.084974] btrfs_mount_root.cold+0x12/0xde
[26.085288] ? lock_is_held_type+0xe2/0x140
[26.085603] legacy_get_tree+0x28/0x50
[26.085876] vfs_get_tree+0x1d/0xb0
[26.086139] vfs_kern_mount.part.0+0x6c/0xb0
[26.086456] btrfs_mount+0x118/0x3a0
[26.086728] ? lock_is_held_type+0xe2/0x140
[26.087043] legacy_get_tree+0x28/0x50
[26.087323] vfs_get_tree+0x1d/0xb0
[26.087587] path_mount+0x2ba/0xbe0
[26.087850] ? _raw_spin_unlock_irqrestore+0x38/0x50
[26.088217] __x64_sys_mount+0xfe/0x140
[26.088506] do_syscall_64+0x35/0x80
[26.088776] entry_SYSCALL_64_after_hwframe+0x63/0xcd
Fixes: 5b316468983d ("btrfs: get zone information of zoned block devices")
CC: stable@vger.kernel.org # 5.15+
Reviewed-by: Damien Le Moal <damien.lemoal@opensource.wdc.com>
Reviewed-by: Johannes Thumshirn <johannes.thumshirn@wdc.com>
Signed-off-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/btrfs/zoned.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
--- a/fs/btrfs/zoned.c
+++ b/fs/btrfs/zoned.c
@@ -421,7 +421,7 @@ int btrfs_get_dev_zone_info(struct btrfs
goto out;
}
- zones = kcalloc(BTRFS_REPORT_NR_ZONES, sizeof(struct blk_zone), GFP_KERNEL);
+ zones = kvcalloc(BTRFS_REPORT_NR_ZONES, sizeof(struct blk_zone), GFP_KERNEL);
if (!zones) {
ret = -ENOMEM;
goto out;
@@ -517,7 +517,7 @@ int btrfs_get_dev_zone_info(struct btrfs
}
- kfree(zones);
+ kvfree(zones);
switch (bdev_zoned_model(bdev)) {
case BLK_ZONED_HM:
@@ -549,7 +549,7 @@ int btrfs_get_dev_zone_info(struct btrfs
return 0;
out:
- kfree(zones);
+ kvfree(zones);
out_free_zone_info:
btrfs_destroy_dev_zone_info(device);
^ permalink raw reply [flat|nested] 217+ messages in thread
* [PATCH 5.15 201/206] btrfs: sysfs: normalize the error handling branch in btrfs_init_sysfs()
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (199 preceding siblings ...)
2022-11-30 18:24 ` [PATCH 5.15 200/206] btrfs: use kvcalloc in btrfs_get_dev_zone_info Greg Kroah-Hartman
@ 2022-11-30 18:24 ` Greg Kroah-Hartman
2022-11-30 18:24 ` [PATCH 5.15 202/206] drm/amd/dc/dce120: Fix audio register mapping, stop triggering KASAN Greg Kroah-Hartman
` (13 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:24 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Qu Wenruo, Zhen Lei, David Sterba
From: Zhen Lei <thunder.leizhen@huawei.com>
commit ffdbb44f2f23f963b8f5672e35c3a26088177a62 upstream.
Although kset_unregister() can eventually remove all attribute files,
explicitly rolling back with the matching function makes the code logic
look clearer.
CC: stable@vger.kernel.org # 5.4+
Reviewed-by: Qu Wenruo <wqu@suse.com>
Signed-off-by: Zhen Lei <thunder.leizhen@huawei.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/btrfs/sysfs.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
--- a/fs/btrfs/sysfs.c
+++ b/fs/btrfs/sysfs.c
@@ -2035,8 +2035,11 @@ int __init btrfs_init_sysfs(void)
#ifdef CONFIG_BTRFS_DEBUG
ret = sysfs_create_group(&btrfs_kset->kobj, &btrfs_debug_feature_attr_group);
- if (ret)
- goto out2;
+ if (ret) {
+ sysfs_unmerge_group(&btrfs_kset->kobj,
+ &btrfs_static_feature_attr_group);
+ goto out_remove_group;
+ }
#endif
return 0;
^ permalink raw reply [flat|nested] 217+ messages in thread
* [PATCH 5.15 202/206] drm/amd/dc/dce120: Fix audio register mapping, stop triggering KASAN
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (200 preceding siblings ...)
2022-11-30 18:24 ` [PATCH 5.15 201/206] btrfs: sysfs: normalize the error handling branch in btrfs_init_sysfs() Greg Kroah-Hartman
@ 2022-11-30 18:24 ` Greg Kroah-Hartman
2022-11-30 18:24 ` [PATCH 5.15 203/206] drm/amd/display: No display after resume from WB/CB Greg Kroah-Hartman
` (12 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:24 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Lyude Paul, Alex Deucher
From: Lyude Paul <lyude@redhat.com>
commit 44035ec2fde1114254ee465f9ba3bb246b0b6283 upstream.
There's been a very long running bug that seems to have been neglected for
a while, where amdgpu consistently triggers a KASAN error at start:
BUG: KASAN: global-out-of-bounds in read_indirect_azalia_reg+0x1d4/0x2a0 [amdgpu]
Read of size 4 at addr ffffffffc2274b28 by task modprobe/1889
After digging through amd's rather creative method for accessing registers,
I eventually discovered the problem likely has to do with the fact that on
my dce120 GPU there are supposedly 7 sets of audio registers. But we only
define a register mapping for 6 sets.
So, fix this and fix the KASAN warning finally.
Signed-off-by: Lyude Paul <lyude@redhat.com>
Cc: stable@vger.kernel.org
Reviewed-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/amd/display/dc/dce120/dce120_resource.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/drivers/gpu/drm/amd/display/dc/dce120/dce120_resource.c
+++ b/drivers/gpu/drm/amd/display/dc/dce120/dce120_resource.c
@@ -361,7 +361,8 @@ static const struct dce_audio_registers
audio_regs(2),
audio_regs(3),
audio_regs(4),
- audio_regs(5)
+ audio_regs(5),
+ audio_regs(6),
};
#define DCE120_AUD_COMMON_MASK_SH_LIST(mask_sh)\
^ permalink raw reply [flat|nested] 217+ messages in thread
* [PATCH 5.15 203/206] drm/amd/display: No display after resume from WB/CB
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (201 preceding siblings ...)
2022-11-30 18:24 ` [PATCH 5.15 202/206] drm/amd/dc/dce120: Fix audio register mapping, stop triggering KASAN Greg Kroah-Hartman
@ 2022-11-30 18:24 ` Greg Kroah-Hartman
2022-11-30 18:24 ` [PATCH 5.15 204/206] drm/amdgpu: Enable Aldebaran devices to report CU Occupancy Greg Kroah-Hartman
` (11 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:24 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Jerry Zuo, Brian Chang,
Tsung-hua Lin, Daniel Wheeler, Alex Deucher
From: Tsung-hua Lin <Tsung-hua.Lin@amd.com>
commit a6e1775da04ab042bc9e2e42399fa25714c253da upstream.
[why]
First MST sideband message returns AUX_RET_ERROR_HPD_DISCON
on certain intel platform. Aux transaction considered failure
if HPD unexpected pulled low. The actual aux transaction success
in such case, hence do not return error.
[how]
Not returning error when AUX_RET_ERROR_HPD_DISCON detected
on the first sideband message.
v2: squash in fix (Alex)
Reviewed-by: Jerry Zuo <Jerry.Zuo@amd.com>
Acked-by: Brian Chang <Brian.Chang@amd.com>
Signed-off-by: Tsung-hua Lin <Tsung-hua.Lin@amd.com>
Tested-by: Daniel Wheeler <daniel.wheeler@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Cc: stable@vger.kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 37 ++++++++++++++++++++++
1 file changed, 37 insertions(+)
--- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c
+++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c
@@ -1374,7 +1374,44 @@ static const struct dmi_system_id hpd_di
DMI_MATCH(DMI_PRODUCT_NAME, "Precision 3460"),
},
},
+ {
+ .matches = {
+ DMI_MATCH(DMI_SYS_VENDOR, "Dell Inc."),
+ DMI_MATCH(DMI_PRODUCT_NAME, "OptiPlex Tower Plus 7010"),
+ },
+ },
+ {
+ .matches = {
+ DMI_MATCH(DMI_SYS_VENDOR, "Dell Inc."),
+ DMI_MATCH(DMI_PRODUCT_NAME, "OptiPlex Tower 7010"),
+ },
+ },
+ {
+ .matches = {
+ DMI_MATCH(DMI_SYS_VENDOR, "Dell Inc."),
+ DMI_MATCH(DMI_PRODUCT_NAME, "OptiPlex SFF Plus 7010"),
+ },
+ },
+ {
+ .matches = {
+ DMI_MATCH(DMI_SYS_VENDOR, "Dell Inc."),
+ DMI_MATCH(DMI_PRODUCT_NAME, "OptiPlex SFF 7010"),
+ },
+ },
+ {
+ .matches = {
+ DMI_MATCH(DMI_SYS_VENDOR, "Dell Inc."),
+ DMI_MATCH(DMI_PRODUCT_NAME, "OptiPlex Micro Plus 7010"),
+ },
+ },
+ {
+ .matches = {
+ DMI_MATCH(DMI_SYS_VENDOR, "Dell Inc."),
+ DMI_MATCH(DMI_PRODUCT_NAME, "OptiPlex Micro 7010"),
+ },
+ },
{}
+ /* TODO: refactor this from a fixed table to a dynamic option */
};
static void retrieve_dmi_info(struct amdgpu_display_manager *dm)
^ permalink raw reply [flat|nested] 217+ messages in thread
* [PATCH 5.15 204/206] drm/amdgpu: Enable Aldebaran devices to report CU Occupancy
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (202 preceding siblings ...)
2022-11-30 18:24 ` [PATCH 5.15 203/206] drm/amd/display: No display after resume from WB/CB Greg Kroah-Hartman
@ 2022-11-30 18:24 ` Greg Kroah-Hartman
2022-11-30 18:24 ` [PATCH 5.15 205/206] drm/amdgpu: always register an MMU notifier for userptr Greg Kroah-Hartman
` (10 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:24 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Ramesh Errabolu, Felix Kuehling,
Alex Deucher
From: Ramesh Errabolu <Ramesh.Errabolu@amd.com>
commit b9ab82da8804ec22c7e91ffd9d56c7a3abff0c8e upstream.
Allow user to know number of compute units (CU) that are in use at any
given moment. Enable access to the method kgd_gfx_v9_get_cu_occupancy
that computes CU occupancy.
Signed-off-by: Ramesh Errabolu <Ramesh.Errabolu@amd.com>
Reviewed-by: Felix Kuehling <Felix.Kuehling@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Cc: stable@vger.kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_aldebaran.c | 1 +
1 file changed, 1 insertion(+)
--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_aldebaran.c
+++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_aldebaran.c
@@ -44,5 +44,6 @@ const struct kfd2kgd_calls aldebaran_kfd
.get_atc_vmid_pasid_mapping_info =
kgd_gfx_v9_get_atc_vmid_pasid_mapping_info,
.set_vm_context_page_table_base = kgd_gfx_v9_set_vm_context_page_table_base,
+ .get_cu_occupancy = kgd_gfx_v9_get_cu_occupancy,
.program_trap_handler_settings = kgd_gfx_v9_program_trap_handler_settings
};
^ permalink raw reply [flat|nested] 217+ messages in thread
* [PATCH 5.15 205/206] drm/amdgpu: always register an MMU notifier for userptr
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (203 preceding siblings ...)
2022-11-30 18:24 ` [PATCH 5.15 204/206] drm/amdgpu: Enable Aldebaran devices to report CU Occupancy Greg Kroah-Hartman
@ 2022-11-30 18:24 ` Greg Kroah-Hartman
2022-11-30 18:24 ` [PATCH 5.15 206/206] drm/i915: fix TLB invalidation for Gen12 video and compute engines Greg Kroah-Hartman
` (9 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:24 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Christian König, Alex Deucher,
Felix Kuehling
From: Christian König <christian.koenig@amd.com>
commit b39df63b16b64a3af42695acb9bc567aad144776 upstream.
Since switching to HMM we always need that because we no longer grab
references to the pages.
Signed-off-by: Christian König <christian.koenig@amd.com>
Reviewed-by: Alex Deucher <alexander.deucher@amd.com>
Acked-by: Felix Kuehling <Felix.Kuehling@amd.com>
CC: stable@vger.kernel.org
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c | 8 +++-----
1 file changed, 3 insertions(+), 5 deletions(-)
--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c
+++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c
@@ -419,11 +419,9 @@ int amdgpu_gem_userptr_ioctl(struct drm_
if (r)
goto release_object;
- if (args->flags & AMDGPU_GEM_USERPTR_REGISTER) {
- r = amdgpu_mn_register(bo, args->addr);
- if (r)
- goto release_object;
- }
+ r = amdgpu_mn_register(bo, args->addr);
+ if (r)
+ goto release_object;
if (args->flags & AMDGPU_GEM_USERPTR_VALIDATE) {
r = amdgpu_ttm_tt_get_user_pages(bo, bo->tbo.ttm->pages);
^ permalink raw reply [flat|nested] 217+ messages in thread
* [PATCH 5.15 206/206] drm/i915: fix TLB invalidation for Gen12 video and compute engines
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (204 preceding siblings ...)
2022-11-30 18:24 ` [PATCH 5.15 205/206] drm/amdgpu: always register an MMU notifier for userptr Greg Kroah-Hartman
@ 2022-11-30 18:24 ` Greg Kroah-Hartman
2022-11-30 20:23 ` [PATCH 5.15 000/206] 5.15.81-rc1 review Florian Fainelli
` (8 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-30 18:24 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Chris Wilson, Andrzej Hajda,
Daniel Vetter, Linus Torvalds
From: Andrzej Hajda <andrzej.hajda@intel.com>
commit 04aa64375f48a5d430b5550d9271f8428883e550 upstream.
In case of Gen12 video and compute engines, TLB_INV registers are masked -
to modify one bit, corresponding bit in upper half of the register must
be enabled, otherwise nothing happens.
CVE: CVE-2022-4139
Suggested-by: Chris Wilson <chris.p.wilson@intel.com>
Signed-off-by: Andrzej Hajda <andrzej.hajda@intel.com>
Acked-by: Daniel Vetter <daniel.vetter@ffwll.ch>
Fixes: 7938d61591d3 ("drm/i915: Flush TLBs before releasing backing store")
Cc: stable@vger.kernel.org
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/i915/gt/intel_gt.c | 4 ++++
1 file changed, 4 insertions(+)
--- a/drivers/gpu/drm/i915/gt/intel_gt.c
+++ b/drivers/gpu/drm/i915/gt/intel_gt.c
@@ -982,6 +982,10 @@ void intel_gt_invalidate_tlbs(struct int
if (!i915_mmio_reg_offset(rb.reg))
continue;
+ if (GRAPHICS_VER(i915) == 12 && (engine->class == VIDEO_DECODE_CLASS ||
+ engine->class == VIDEO_ENHANCEMENT_CLASS))
+ rb.bit = _MASKED_BIT_ENABLE(rb.bit);
+
intel_uncore_write_fw(uncore, rb.reg, rb.bit);
}
^ permalink raw reply [flat|nested] 217+ messages in thread
* Re: [PATCH 5.15 000/206] 5.15.81-rc1 review
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (205 preceding siblings ...)
2022-11-30 18:24 ` [PATCH 5.15 206/206] drm/i915: fix TLB invalidation for Gen12 video and compute engines Greg Kroah-Hartman
@ 2022-11-30 20:23 ` Florian Fainelli
2022-12-01 1:00 ` Shuah Khan
` (7 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Florian Fainelli @ 2022-11-30 20:23 UTC (permalink / raw)
To: Greg Kroah-Hartman, stable
Cc: patches, linux-kernel, torvalds, akpm, linux, shuah, patches,
lkft-triage, pavel, jonathanh, sudipm.mukherjee, srw, rwarsow
On 11/30/22 10:20, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 5.15.81 release.
> There are 206 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Fri, 02 Dec 2022 18:05:05 +0000.
> Anything received after that time might be too late.
>
> The whole patch series can be found in one patch at:
> https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.15.81-rc1.gz
> or in the git tree and branch at:
> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.15.y
> and the diffstat can be found below.
>
> thanks,
>
> greg k-h
On ARCH_BRCMSTB using 32-bit and 64-bit ARM kernels, build tested on
BMIPS_GENERIC:
Tested-by: Florian Fainelli <f.fainelli@gmail.com>
--
Florian
^ permalink raw reply [flat|nested] 217+ messages in thread
* Re: [PATCH 5.15 000/206] 5.15.81-rc1 review
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (206 preceding siblings ...)
2022-11-30 20:23 ` [PATCH 5.15 000/206] 5.15.81-rc1 review Florian Fainelli
@ 2022-12-01 1:00 ` Shuah Khan
2022-12-01 7:56 ` Bagas Sanjaya
` (6 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Shuah Khan @ 2022-12-01 1:00 UTC (permalink / raw)
To: Greg Kroah-Hartman, stable
Cc: patches, linux-kernel, torvalds, akpm, linux, shuah, patches,
lkft-triage, pavel, jonathanh, f.fainelli, sudipm.mukherjee, srw,
rwarsow, Shuah Khan
On 11/30/22 11:20, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 5.15.81 release.
> There are 206 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Fri, 02 Dec 2022 18:05:05 +0000.
> Anything received after that time might be too late.
>
> The whole patch series can be found in one patch at:
> https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.15.81-rc1.gz
> or in the git tree and branch at:
> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.15.y
> and the diffstat can be found below.
>
> thanks,
>
> greg k-h
>
Compiled and booted on my test system. No dmesg regressions.
Tested-by: Shuah Khan <skhan@linuxfoundation.org>
thanks,
-- Shuah
^ permalink raw reply [flat|nested] 217+ messages in thread
* Re: [PATCH 5.15 000/206] 5.15.81-rc1 review
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (207 preceding siblings ...)
2022-12-01 1:00 ` Shuah Khan
@ 2022-12-01 7:56 ` Bagas Sanjaya
2022-12-01 11:12 ` Naresh Kamboju
` (5 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Bagas Sanjaya @ 2022-12-01 7:56 UTC (permalink / raw)
To: Greg Kroah-Hartman
Cc: stable, patches, linux-kernel, torvalds, akpm, linux, shuah,
patches, lkft-triage, pavel, jonathanh, f.fainelli,
sudipm.mukherjee, srw, rwarsow
[-- Attachment #1: Type: text/plain, Size: 539 bytes --]
On Wed, Nov 30, 2022 at 07:20:52PM +0100, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 5.15.81 release.
> There are 206 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
Successfully cross-compiled for arm64 (bcm2711_defconfig, GCC 10.2.0) and
powerpc (ps3_defconfig, GCC 12.2.0).
Tested-by: Bagas Sanjaya <bagasdotme@gmail.com>
--
An old man doll... just what I always wanted! - Clara
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 228 bytes --]
^ permalink raw reply [flat|nested] 217+ messages in thread
* Re: [PATCH 5.15 000/206] 5.15.81-rc1 review
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (208 preceding siblings ...)
2022-12-01 7:56 ` Bagas Sanjaya
@ 2022-12-01 11:12 ` Naresh Kamboju
2022-12-01 11:16 ` Sudip Mukherjee
` (4 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Naresh Kamboju @ 2022-12-01 11:12 UTC (permalink / raw)
To: Greg Kroah-Hartman
Cc: stable, patches, linux-kernel, torvalds, akpm, linux, shuah,
patches, lkft-triage, pavel, jonathanh, f.fainelli,
sudipm.mukherjee, srw, rwarsow
On Thu, 1 Dec 2022 at 00:03, Greg Kroah-Hartman
<gregkh@linuxfoundation.org> wrote:
>
> This is the start of the stable review cycle for the 5.15.81 release.
> There are 206 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Fri, 02 Dec 2022 18:05:05 +0000.
> Anything received after that time might be too late.
>
> The whole patch series can be found in one patch at:
> https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.15.81-rc1.gz
> or in the git tree and branch at:
> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.15.y
> and the diffstat can be found below.
>
> thanks,
>
> greg k-h
Results from Linaro's test farm.
No regressions on arm64, arm, x86_64, and i386.
Tested-by: Linux Kernel Functional Testing <lkft@linaro.org>
## Build
* kernel: 5.15.81-rc1
* git: https://gitlab.com/Linaro/lkft/mirrors/stable/linux-stable-rc
* git branch: linux-5.15.y
* git commit: 0b35f5d8dfc1c4892f8c447f208954d5ea9333e3
* git describe: v5.15.79-388-g0b35f5d8dfc1
* test details:
https://qa-reports.linaro.org/lkft/linux-stable-rc-linux-5.15.y/build/v5.15.79-388-g0b35f5d8dfc1
## Test Regressions (compared to v5.15.79)
## Metric Regressions (compared to v5.15.79)
## Test Fixes (compared to v5.15.79)
## Metric Fixes (compared to v5.15.79)
## Test result summary
total: 147866, pass: 128170, fail: 3221, skip: 16059, xfail: 416
## Build Summary
* arc: 5 total, 5 passed, 0 failed
* arm: 155 total, 151 passed, 4 failed
* arm64: 53 total, 49 passed, 4 failed
* i386: 43 total, 38 passed, 5 failed
* mips: 35 total, 31 passed, 4 failed
* parisc: 10 total, 7 passed, 3 failed
* powerpc: 38 total, 34 passed, 4 failed
* riscv: 18 total, 17 passed, 1 failed
* s390: 20 total, 14 passed, 6 failed
* sh: 16 total, 12 passed, 4 failed
* sparc: 10 total, 8 passed, 2 failed
* x86_64: 46 total, 42 passed, 4 failed
## Test suites summary
* boot
* fwts
* igt-gpu-tools
* kselftest-android
* kselftest-arm64
* kselftest-arm64/arm64.btitest.bti_c_func
* kselftest-arm64/arm64.btitest.bti_j_func
* kselftest-arm64/arm64.btitest.bti_jc_func
* kselftest-arm64/arm64.btitest.bti_none_func
* kselftest-arm64/arm64.btitest.nohint_func
* kselftest-arm64/arm64.btitest.paciasp_func
* kselftest-arm64/arm64.nobtitest.bti_c_func
* kselftest-arm64/arm64.nobtitest.bti_j_func
* kselftest-arm64/arm64.nobtitest.bti_jc_func
* kselftest-arm64/arm64.nobtitest.bti_none_func
* kselftest-arm64/arm64.nobtitest.nohint_func
* kselftest-arm64/arm64.nobtitest.paciasp_func
* kselftest-breakpoints
* kselftest-drivers-dma-buf
* kselftest-efivarfs
* kselftest-gpio
* kselftest-intel_pstate
* kselftest-kvm
* kselftest-lib
* kselftest-net
* kselftest-net-forwarding
* kselftest-net-mptcp
* kselftest-netfilter
* kselftest-openat2
* kselftest-seccomp
* kselftest-timens
* kunit
* kvm-unit-tests
* libgpiod
* libhugetlbfs
* log-parser-boot
* log-parser-test
* ltp-cap_bounds
* ltp-commands
* ltp-containers
* ltp-controllers
* ltp-cpuhotplug
* ltp-crypto
* ltp-cve
* ltp-dio
* ltp-fcntl-locktests
* ltp-filecaps
* ltp-fs
* ltp-fs_bind
* ltp-fs_perms_simple
* ltp-fsx
* ltp-hugetlb
* ltp-io
* ltp-ipc
* ltp-math
* ltp-mm
* ltp-nptl
* ltp-open-posix-tests
* ltp-pty
* ltp-sched
* ltp-securebits
* ltp-smoke
* ltp-syscalls
* ltp-tracing
* network-basic-tests
* packetdrill
* perf
* perf/Zstd-perf.data-compression
* rcutorture
* v4l2-compliance
* vdso
--
Linaro LKFT
https://lkft.linaro.org
^ permalink raw reply [flat|nested] 217+ messages in thread
* Re: [PATCH 5.15 000/206] 5.15.81-rc1 review
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (209 preceding siblings ...)
2022-12-01 11:12 ` Naresh Kamboju
@ 2022-12-01 11:16 ` Sudip Mukherjee
2022-12-01 22:39 ` Kelsey Steele
` (3 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Sudip Mukherjee @ 2022-12-01 11:16 UTC (permalink / raw)
To: Greg Kroah-Hartman
Cc: stable, patches, linux-kernel, torvalds, akpm, linux, shuah,
patches, lkft-triage, pavel, jonathanh, f.fainelli, srw, rwarsow
Hi Greg,
On Wed, Nov 30, 2022 at 07:20:52PM +0100, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 5.15.81 release.
> There are 206 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Fri, 02 Dec 2022 18:05:05 +0000.
> Anything received after that time might be too late.
Build test (gcc version 12.2.1 20221127):
mips: 62 configs -> no failure
arm: 99 configs -> no failure
arm64: 3 configs -> no failure
x86_64: 4 configs -> no failure
alpha allmodconfig -> no failure
csky allmodconfig -> no failure
powerpc allmodconfig -> no failure
riscv allmodconfig -> no failure
s390 allmodconfig -> no failure
xtensa allmodconfig -> no failure
Boot test:
x86_64: Booted on my test laptop. No regression.
x86_64: Booted on qemu. No regression. [1]
mips: Booted on ci20 board. No regression. [2]
[1]. https://openqa.qa.codethink.co.uk/tests/2252
[2]. https://openqa.qa.codethink.co.uk/tests/2257
Tested-by: Sudip Mukherjee <sudip.mukherjee@codethink.co.uk>
--
Regards
Sudip
^ permalink raw reply [flat|nested] 217+ messages in thread
* Re: [PATCH 5.15 000/206] 5.15.81-rc1 review
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (210 preceding siblings ...)
2022-12-01 11:16 ` Sudip Mukherjee
@ 2022-12-01 22:39 ` Kelsey Steele
2022-12-01 22:45 ` Ron Economos
` (2 subsequent siblings)
214 siblings, 0 replies; 217+ messages in thread
From: Kelsey Steele @ 2022-12-01 22:39 UTC (permalink / raw)
To: Greg Kroah-Hartman
Cc: stable, patches, linux-kernel, torvalds, akpm, linux, shuah,
patches, lkft-triage, pavel, jonathanh, f.fainelli,
sudipm.mukherjee, srw, rwarsow
On Wed, Nov 30, 2022 at 07:20:52PM +0100, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 5.15.81 release.
> There are 206 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Fri, 02 Dec 2022 18:05:05 +0000.
> Anything received after that time might be too late.
No regressions found on WSL x86_64 or WSL arm64
Built, booted, and compared dmesg against 5.15.80.
Thank you.
Tested-by: Kelsey Steele <kelseysteele@linux.microsoft.com>
^ permalink raw reply [flat|nested] 217+ messages in thread
* Re: [PATCH 5.15 000/206] 5.15.81-rc1 review
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (211 preceding siblings ...)
2022-12-01 22:39 ` Kelsey Steele
@ 2022-12-01 22:45 ` Ron Economos
2022-12-02 1:44 ` Guenter Roeck
2022-12-02 12:48 ` Jon Hunter
214 siblings, 0 replies; 217+ messages in thread
From: Ron Economos @ 2022-12-01 22:45 UTC (permalink / raw)
To: Greg Kroah-Hartman, stable
Cc: patches, linux-kernel, torvalds, akpm, linux, shuah, patches,
lkft-triage, pavel, jonathanh, f.fainelli, sudipm.mukherjee, srw,
rwarsow
On 11/30/22 10:20 AM, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 5.15.81 release.
> There are 206 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Fri, 02 Dec 2022 18:05:05 +0000.
> Anything received after that time might be too late.
>
> The whole patch series can be found in one patch at:
> https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.15.81-rc1.gz
> or in the git tree and branch at:
> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.15.y
> and the diffstat can be found below.
>
> thanks,
>
> greg k-h
Built and booted successfully on RISC-V RV64 (HiFive Unmatched).
Tested-by: Ron Economos <re@w6rz.net>
^ permalink raw reply [flat|nested] 217+ messages in thread
* Re: [PATCH 5.15 000/206] 5.15.81-rc1 review
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (212 preceding siblings ...)
2022-12-01 22:45 ` Ron Economos
@ 2022-12-02 1:44 ` Guenter Roeck
2022-12-02 12:48 ` Jon Hunter
214 siblings, 0 replies; 217+ messages in thread
From: Guenter Roeck @ 2022-12-02 1:44 UTC (permalink / raw)
To: Greg Kroah-Hartman
Cc: stable, patches, linux-kernel, torvalds, akpm, shuah, patches,
lkft-triage, pavel, jonathanh, f.fainelli, sudipm.mukherjee, srw,
rwarsow
On Wed, Nov 30, 2022 at 07:20:52PM +0100, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 5.15.81 release.
> There are 206 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Fri, 02 Dec 2022 18:05:05 +0000.
> Anything received after that time might be too late.
>
Build results:
total: 160 pass: 160 fail: 0
Qemu test results:
total: 489 pass: 489 fail: 0
Tested-by: Guenter Roeck <linux@roeck-us.net>
Guenter
^ permalink raw reply [flat|nested] 217+ messages in thread
* Re: [PATCH 5.15 000/206] 5.15.81-rc1 review
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
` (213 preceding siblings ...)
2022-12-02 1:44 ` Guenter Roeck
@ 2022-12-02 12:48 ` Jon Hunter
214 siblings, 0 replies; 217+ messages in thread
From: Jon Hunter @ 2022-12-02 12:48 UTC (permalink / raw)
To: Greg Kroah-Hartman
Cc: Greg Kroah-Hartman, patches, linux-kernel, torvalds, akpm, linux,
shuah, patches, lkft-triage, pavel, jonathanh, f.fainelli,
sudipm.mukherjee, srw, rwarsow, linux-tegra
On Wed, 30 Nov 2022 19:20:52 +0100, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 5.15.81 release.
> There are 206 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Fri, 02 Dec 2022 18:05:05 +0000.
> Anything received after that time might be too late.
>
> The whole patch series can be found in one patch at:
> https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.15.81-rc1.gz
> or in the git tree and branch at:
> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.15.y
> and the diffstat can be found below.
>
> thanks,
>
> greg k-h
All tests passing for Tegra ...
Test results for stable-v5.15:
11 builds: 11 pass, 0 fail
28 boots: 28 pass, 0 fail
114 tests: 114 pass, 0 fail
Linux version: 5.15.81-rc1-g516c2740a2a1
Boards tested: tegra124-jetson-tk1, tegra186-p2771-0000,
tegra194-p2972-0000, tegra194-p3509-0000+p3668-0000,
tegra20-ventana, tegra210-p2371-2180,
tegra210-p3450-0000, tegra30-cardhu-a04
Tested-by: Jon Hunter <jonathanh@nvidia.com>
Jon
^ permalink raw reply [flat|nested] 217+ messages in thread
end of thread, other threads:[~2022-12-02 12:49 UTC | newest]
Thread overview: 217+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-11-30 18:20 [PATCH 5.15 000/206] 5.15.81-rc1 review Greg Kroah-Hartman
2022-11-30 18:20 ` [PATCH 5.15 001/206] ASoC: fsl_sai: use local device pointer Greg Kroah-Hartman
2022-11-30 18:20 ` [PATCH 5.15 002/206] ASoC: fsl_asrc fsl_esai fsl_sai: allow CONFIG_PM=N Greg Kroah-Hartman
2022-11-30 18:20 ` [PATCH 5.15 003/206] serial: Add rs485_supported to uart_port Greg Kroah-Hartman
2022-11-30 18:20 ` [PATCH 5.15 004/206] serial: fsl_lpuart: Fill in rs485_supported Greg Kroah-Hartman
2022-11-30 18:20 ` [PATCH 5.15 005/206] tty: serial: fsl_lpuart: dont break the on-going transfer when global reset Greg Kroah-Hartman
2022-11-30 18:20 ` [PATCH 5.15 006/206] sctp: remove the unnecessary sinfo_stream check in sctp_prsctp_prune_unsent Greg Kroah-Hartman
2022-11-30 18:20 ` [PATCH 5.15 007/206] sctp: clear out_curr if all frag chunks of current msg are pruned Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 5.15 008/206] cifs: introduce new helper for cifs_reconnect() Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 5.15 009/206] cifs: split out dfs code from cifs_reconnect() Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 5.15 010/206] cifs: support nested dfs links over reconnect Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 5.15 011/206] cifs: Fix connections leak when tlink setup failed Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 5.15 012/206] ata: libata-scsi: simplify __ata_scsi_queuecmd() Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 5.15 013/206] ata: libata-core: do not issue non-internal commands once EH is pending Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 5.15 014/206] drm/display: Dont assume dual mode adaptors support i2c sub-addressing Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 5.15 015/206] nvme: add a bogus subsystem NQN quirk for Micron MTFDKBA2T0TFH Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 5.15 016/206] nvme-pci: add NVME_QUIRK_BOGUS_NID for Micron Nitro Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 5.15 017/206] nvme-pci: disable namespace identifiers for the MAXIO MAP1001 Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 5.15 018/206] nvme-pci: disable write zeroes on various Kingston SSD Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 5.15 019/206] nvme-pci: add NVME_QUIRK_BOGUS_NID for Netac NV7000 Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 5.15 020/206] speakup: Generate speakupmap.h automatically Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 5.15 021/206] speakup: replace utils u_char with unsigned char Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 5.15 022/206] iio: ms5611: Simplify IO callback parameters Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 5.15 023/206] iio: pressure: ms5611: fixed value compensation bug Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 5.15 024/206] ceph: do not update snapshot context when there is no new snapshot Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 5.15 025/206] ceph: avoid putting the realm twice when decoding snaps fails Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 5.15 026/206] x86/sgx: Create utility to validate user provided offset and length Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 5.15 027/206] x86/sgx: Add overflow check in sgx_validate_offset_length() Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 5.15 028/206] binder: validate alloc->mm in ->mmap() handler Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 5.15 029/206] ceph: Use kcalloc for allocating multiple elements Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 5.15 030/206] ceph: fix NULL pointer dereference for req->r_session Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 5.15 031/206] wifi: mac80211: fix memory free error when registering wiphy fail Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 5.15 032/206] wifi: mac80211_hwsim: fix debugfs attribute ps with rc table support Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 5.15 033/206] riscv: dts: sifive unleashed: Add PWM controlled LEDs Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 5.15 034/206] audit: fix undefined behavior in bit shift for AUDIT_BIT Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 5.15 035/206] wifi: airo: do not assign -1 to unsigned char Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 5.15 036/206] wifi: mac80211: Fix ack frame idr leak when mesh has no route Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 5.15 037/206] wifi: ath11k: Fix QCN9074 firmware boot on x86 Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 5.15 038/206] spi: stm32: fix stm32_spi_prepare_mbr() that halves spi clk for every run Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 5.15 039/206] selftests/bpf: Add verifier test for release_reference() Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 5.15 040/206] Revert "net: macsec: report real_dev features when HW offloading is enabled" Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 5.15 041/206] platform/x86: ideapad-laptop: Disable touchpad_switch Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 5.15 042/206] platform/x86: touchscreen_dmi: Add info for the RCA Cambio W101 v2 2-in-1 Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 5.15 043/206] platform/x86/intel/pmt: Sapphire Rapids PMT errata fix Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 5.15 044/206] platform/x86/intel/hid: Add some ACPI device IDs Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 5.15 045/206] scsi: ibmvfc: Avoid path failures during live migration Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 5.15 046/206] scsi: scsi_debug: Make the READ CAPACITY response compliant with ZBC Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 5.15 047/206] drm: panel-orientation-quirks: Add quirk for Acer Switch V 10 (SW5-017) Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 5.15 048/206] block, bfq: fix null pointer dereference in bfq_bio_bfqg() Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 5.15 049/206] arm64/syscall: Include asm/ptrace.h in syscall_wrapper header Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 5.15 050/206] nvmet: fix memory leak in nvmet_subsys_attr_model_store_locked Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 5.15 051/206] Revert "drm/amdgpu: Revert "drm/amdgpu: getting fan speed pwm for vega10 properly"" Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 5.15 052/206] ALSA: usb-audio: add quirk to fix Hamedal C20 disconnect issue Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 5.15 053/206] RISC-V: vdso: Do not add missing symbols to version section in linker script Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 5.15 054/206] MIPS: pic32: treat port as signed integer Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 5.15 055/206] xfrm: fix "disable_policy" on ipv4 early demux Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 5.15 056/206] xfrm: replay: Fix ESN wrap around for GSO Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 5.15 057/206] af_key: Fix send_acquire race with pfkey_register Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 5.15 058/206] ARM: dts: am335x-pcm-953: Define fixed regulators in root node Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 5.15 059/206] ASoC: hdac_hda: fix hda pcm buffer overflow issue Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 5.15 060/206] ASoC: sgtl5000: Reset the CHIP_CLK_CTRL reg on remove Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 5.15 061/206] ASoC: soc-pcm: Dont zero TDM masks in __soc_pcm_open() Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 5.15 062/206] x86/hyperv: Restore VP assist page after cpu offlining/onlining Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 5.15 063/206] scsi: storvsc: Fix handling of srb_status and capacity change events Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 5.15 064/206] ASoC: max98373: Add checks for devm_kcalloc Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 5.15 065/206] regulator: core: fix kobject release warning and memory leak in regulator_register() Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 5.15 066/206] spi: dw-dma: decrease reference count in dw_spi_dma_init_mfld() Greg Kroah-Hartman
2022-11-30 18:21 ` [PATCH 5.15 067/206] regulator: core: fix UAF in destroy_regulator() Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 5.15 068/206] bus: sunxi-rsb: Remove the shutdown callback Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 5.15 069/206] bus: sunxi-rsb: Support atomic transfers Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 5.15 070/206] tee: optee: fix possible memory leak in optee_register_device() Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 5.15 071/206] ARM: dts: at91: sam9g20ek: enable udc vbus gpio pinctrl Greg Kroah-Hartman
2022-11-30 18:22 ` Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 5.15 072/206] selftests: mptcp: more stable simult_flows tests Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 5.15 073/206] selftests: mptcp: fix mibit vs mbit mix up Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 5.15 074/206] net: liquidio: simplify if expression Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 5.15 075/206] rxrpc: Allow list of in-use local UDP endpoints to be viewed in /proc Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 5.15 076/206] rxrpc: Use refcount_t rather than atomic_t Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 5.15 077/206] rxrpc: Fix race between conn bundle lookup and bundle removal [ZDI-CAN-15975] Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 5.15 078/206] net: dsa: sja1105: disallow C45 transactions on the BASE-TX MDIO bus Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 5.15 079/206] nfc/nci: fix race with opening and closing Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 5.15 080/206] net: pch_gbe: fix potential memleak in pch_gbe_tx_queue() Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 5.15 081/206] 9p/fd: fix issue of list_del corruption in p9_fd_cancel() Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 5.15 082/206] netfilter: conntrack: Fix data-races around ct mark Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 5.15 083/206] netfilter: nf_tables: do not set up extensions for end interval Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 5.15 084/206] iavf: Fix a crash during reset task Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 5.15 085/206] iavf: Do not restart Tx queues after reset task failure Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 5.15 086/206] iavf: Fix race condition between iavf_shutdown and iavf_remove Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 5.15 087/206] ARM: mxs: fix memory leak in mxs_machine_init() Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 5.15 088/206] ARM: dts: imx6q-prti6q: Fix ref/tcxo-clock-frequency properties Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 5.15 089/206] net: ethernet: mtk_eth_soc: fix error handling in mtk_open() Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 5.15 090/206] net/mlx4: Check retval of mlx4_bitmap_init Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 5.15 091/206] net: mvpp2: fix possible invalid pointer dereference Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 5.15 092/206] net/qla3xxx: fix potential memleak in ql3xxx_send() Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 5.15 093/206] octeontx2-af: debugsfs: fix pci device refcount leak Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 5.15 094/206] net: pch_gbe: fix pci device refcount leak while module exiting Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 5.15 095/206] nfp: fill splittable of devlink_port_attrs correctly Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 5.15 096/206] nfp: add port from netdev validation for EEPROM access Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 5.15 097/206] macsec: Fix invalid error code set Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 5.15 098/206] Drivers: hv: vmbus: fix double free in the error path of vmbus_add_channel_work() Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 5.15 099/206] Drivers: hv: vmbus: fix possible memory leak in vmbus_device_register() Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 5.15 100/206] netfilter: ipset: regression in ip_set_hash_ip.c Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 5.15 101/206] net/mlx5: Do not query pci info while pci disabled Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 5.15 102/206] net/mlx5: Fix FW tracer timestamp calculation Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 5.15 103/206] net/mlx5: Fix handling of entry refcount when command is not issued to FW Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 5.15 104/206] tipc: set con sock in tipc_conn_alloc Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 5.15 105/206] tipc: add an extra conn_get " Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 5.15 106/206] tipc: check skb_linearize() return value in tipc_disc_rcv() Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 5.15 107/206] xfrm: Fix oops in __xfrm_state_delete() Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 5.15 108/206] xfrm: Fix ignored return value in xfrm6_init() Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 5.15 109/206] net: wwan: iosm: use ACPI_FREE() but not kfree() in ipc_pcie_read_bios_cfg() Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 5.15 110/206] sfc: fix potential memleak in __ef100_hard_start_xmit() Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 5.15 111/206] net: sparx5: fix error handling in sparx5_port_open() Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 5.15 112/206] net: sched: allow act_ct to be built without NF_NAT Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 5.15 113/206] NFC: nci: fix memory leak in nci_rx_data_packet() Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 5.15 114/206] regulator: twl6030: re-add TWL6032_SUBCLASS Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 5.15 115/206] bnx2x: fix pci device refcount leak in bnx2x_vf_is_pcie_pending() Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 5.15 116/206] dma-buf: fix racing conflict of dma_heap_add() Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 5.15 117/206] netfilter: ipset: restore allowing 64 clashing elements in hash:net,iface Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 5.15 118/206] netfilter: flowtable_offload: add missing locking Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 5.15 119/206] fs: do not update freeing inode i_io_list Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 5.15 120/206] dccp/tcp: Reset saddr on failure after inet6?_hash_connect() Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 5.15 121/206] ipv4: Fix error return code in fib_table_insert() Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 5.15 122/206] arcnet: fix potential memory leak in com20020_probe() Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 5.15 123/206] s390/dasd: fix no record found for raw_track_access Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 5.15 124/206] nfc: st-nci: fix incorrect validating logic in EVT_TRANSACTION Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 5.15 125/206] nfc: st-nci: fix memory leaks " Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 5.15 126/206] nfc: st-nci: fix incorrect sizing calculations " Greg Kroah-Hartman
2022-11-30 18:22 ` [PATCH 5.15 127/206] net: enetc: manage ENETC_F_QBV in priv->active_offloads only when enabled Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 5.15 128/206] net: enetc: cache accesses to &priv->si->hw Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 5.15 129/206] net: enetc: preserve TX ring priority across reconfiguration Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 5.15 130/206] octeontx2-pf: Add check for devm_kcalloc Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 5.15 131/206] octeontx2-af: Fix reference count issue in rvu_sdp_init() Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 5.15 132/206] net: thunderx: Fix the ACPI memory leak Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 5.15 133/206] s390/crashdump: fix TOD programmable field size Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 5.15 134/206] lib/vdso: use "grep -E" instead of "egrep" Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 5.15 135/206] init/Kconfig: fix CC_HAS_ASM_GOTO_TIED_OUTPUT test with dash Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 5.15 136/206] nios2: add FORCE for vmlinuz.gz Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 5.15 137/206] mmc: sdhci-brcmstb: Re-organize flags Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 5.15 138/206] mmc: sdhci-brcmstb: Enable Clock Gating to save power Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 5.15 139/206] mmc: sdhci-brcmstb: Fix SDHCI_RESET_ALL for CQHCI Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 5.15 140/206] KVM: arm64: pkvm: Fixup boot mode to reflect that the kernel resumes from EL1 Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 5.15 141/206] usb: dwc3: exynos: Fix remove() function Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 5.15 142/206] usb: cdnsp: Fix issue with Clear Feature Halt Endpoint Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 5.15 143/206] usb: cdnsp: fix issue with ZLP - added TD_SIZE = 1 Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 5.15 144/206] ext4: fix use-after-free in ext4_ext_shift_extents Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 5.15 145/206] arm64: dts: rockchip: lower rk3399-puma-haikou SD controller clock frequency Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 5.15 146/206] kbuild: fix -Wimplicit-function-declaration in license_is_gpl_compatible Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 5.15 147/206] iio: light: apds9960: fix wrong register for gesture gain Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 5.15 148/206] iio: core: Fix entry not deleted when iio_register_sw_trigger_type() fails Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 5.15 149/206] bus: ixp4xx: Dont touch bit 7 on IXP42x Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 5.15 150/206] usb: dwc3: gadget: conditionally remove requests Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 5.15 151/206] usb: dwc3: gadget: Return -ESHUTDOWN on ep disable Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 5.15 152/206] usb: dwc3: gadget: Clear ep descriptor last Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 5.15 153/206] nilfs2: fix nilfs_sufile_mark_dirty() not set segment usage as dirty Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 5.15 154/206] gcov: clang: fix the buffer overflow issue Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 5.15 155/206] mm: vmscan: fix extreme overreclaim and swap floods Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 5.15 156/206] KVM: x86: nSVM: leave nested mode on vCPU free Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 5.15 157/206] KVM: x86: forcibly leave nested mode on vCPU reset Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 5.15 158/206] KVM: x86: nSVM: harden svm_free_nested against freeing vmcb02 while still in use Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 5.15 159/206] KVM: x86: add kvm_leave_nested Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 5.15 160/206] KVM: x86: remove exit_int_info warning in svm_handle_exit Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 5.15 161/206] x86/tsx: Add a feature bit for TSX control MSR support Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 5.15 162/206] x86/pm: Add enumeration check before spec MSRs save/restore setup Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 5.15 163/206] x86/ioremap: Fix page aligned size calculation in __ioremap_caller() Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 5.15 164/206] Input: synaptics - switch touchpad on HP Laptop 15-da3001TU to RMI mode Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 5.15 165/206] ASoC: Intel: bytcht_es8316: Add quirk for the Nanote UMPC-01 Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 5.15 166/206] tools: iio: iio_generic_buffer: Fix read size Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 5.15 167/206] serial: 8250: 8250_omap: Avoid RS485 RTS glitch on ->set_termios() Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 5.15 168/206] Input: goodix - try resetting the controller when no config is set Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 5.15 169/206] Input: soc_button_array - add use_low_level_irq module parameter Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 5.15 170/206] Input: soc_button_array - add Acer Switch V 10 to dmi_use_low_level_irq[] Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 5.15 171/206] Input: i8042 - apply probe defer to more ASUS ZenBook models Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 5.15 172/206] ASoC: stm32: dfsdm: manage cb buffers cleanup Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 5.15 173/206] xen-pciback: Allow setting PCI_MSIX_FLAGS_MASKALL too Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 5.15 174/206] xen/platform-pci: add missing free_irq() in error path Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 5.15 175/206] platform/x86: asus-wmi: add missing pci_dev_put() in asus_wmi_set_xusb2pr() Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 5.15 176/206] platform/x86: acer-wmi: Enable SW_TABLET_MODE on Switch V 10 (SW5-017) Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 5.15 177/206] drm/amdgpu: disable BACO support on more cards Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 5.15 178/206] zonefs: fix zone report size in __zonefs_io_error() Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 5.15 179/206] platform/x86: hp-wmi: Ignore Smart Experience App event Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 5.15 180/206] platform/x86: ideapad-laptop: Fix interrupt storm on fn-lock toggle on some Yoga laptops Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 5.15 181/206] tcp: configurable source port perturb table size Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 5.15 182/206] net: usb: qmi_wwan: add Telit 0x103a composition Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 5.15 183/206] scsi: iscsi: Fix possible memory leak when device_register() failed Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 5.15 184/206] gpu: host1x: Avoid trying to use GART on Tegra20 Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 5.15 185/206] dm integrity: flush the journal on suspend Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 5.15 186/206] dm integrity: clear " Greg Kroah-Hartman
2022-11-30 18:23 ` [PATCH 5.15 187/206] fuse: lock inode unconditionally in fuse_fallocate() Greg Kroah-Hartman
2022-11-30 18:24 ` [PATCH 5.15 188/206] wifi: wilc1000: validate pairwise and authentication suite offsets Greg Kroah-Hartman
2022-11-30 18:24 ` [PATCH 5.15 189/206] wifi: wilc1000: validate length of IEEE80211_P2P_ATTR_OPER_CHANNEL attribute Greg Kroah-Hartman
2022-11-30 18:24 ` [PATCH 5.15 190/206] wifi: wilc1000: validate length of IEEE80211_P2P_ATTR_CHANNEL_LIST attribute Greg Kroah-Hartman
2022-11-30 18:24 ` [PATCH 5.15 191/206] wifi: wilc1000: validate number of channels Greg Kroah-Hartman
2022-11-30 18:24 ` [PATCH 5.15 192/206] genirq/msi: Shutdown managed interrupts with unsatifiable affinities Greg Kroah-Hartman
2022-11-30 18:24 ` [PATCH 5.15 193/206] genirq: Always limit the affinity to online CPUs Greg Kroah-Hartman
2022-11-30 18:24 ` [PATCH 5.15 194/206] irqchip/gic-v3: Always trust the managed affinity provided by the core code Greg Kroah-Hartman
2022-11-30 18:24 ` [PATCH 5.15 195/206] genirq: Take the proposed affinity at face value if force==true Greg Kroah-Hartman
2022-11-30 18:24 ` [PATCH 5.15 196/206] btrfs: free btrfs_path before copying root refs to userspace Greg Kroah-Hartman
2022-11-30 18:24 ` [PATCH 5.15 197/206] btrfs: free btrfs_path before copying fspath " Greg Kroah-Hartman
2022-11-30 18:24 ` [PATCH 5.15 198/206] btrfs: free btrfs_path before copying subvol info " Greg Kroah-Hartman
2022-11-30 18:24 ` [PATCH 5.15 199/206] btrfs: zoned: fix missing endianness conversion in sb_write_pointer Greg Kroah-Hartman
2022-11-30 18:24 ` [PATCH 5.15 200/206] btrfs: use kvcalloc in btrfs_get_dev_zone_info Greg Kroah-Hartman
2022-11-30 18:24 ` [PATCH 5.15 201/206] btrfs: sysfs: normalize the error handling branch in btrfs_init_sysfs() Greg Kroah-Hartman
2022-11-30 18:24 ` [PATCH 5.15 202/206] drm/amd/dc/dce120: Fix audio register mapping, stop triggering KASAN Greg Kroah-Hartman
2022-11-30 18:24 ` [PATCH 5.15 203/206] drm/amd/display: No display after resume from WB/CB Greg Kroah-Hartman
2022-11-30 18:24 ` [PATCH 5.15 204/206] drm/amdgpu: Enable Aldebaran devices to report CU Occupancy Greg Kroah-Hartman
2022-11-30 18:24 ` [PATCH 5.15 205/206] drm/amdgpu: always register an MMU notifier for userptr Greg Kroah-Hartman
2022-11-30 18:24 ` [PATCH 5.15 206/206] drm/i915: fix TLB invalidation for Gen12 video and compute engines Greg Kroah-Hartman
2022-11-30 20:23 ` [PATCH 5.15 000/206] 5.15.81-rc1 review Florian Fainelli
2022-12-01 1:00 ` Shuah Khan
2022-12-01 7:56 ` Bagas Sanjaya
2022-12-01 11:12 ` Naresh Kamboju
2022-12-01 11:16 ` Sudip Mukherjee
2022-12-01 22:39 ` Kelsey Steele
2022-12-01 22:45 ` Ron Economos
2022-12-02 1:44 ` Guenter Roeck
2022-12-02 12:48 ` Jon Hunter
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.